1 /* $NetBSD: if_iwn.c,v 1.86 2017/10/23 09:31:18 msaitoh Exp $ */ 2 /* $OpenBSD: if_iwn.c,v 1.135 2014/09/10 07:22:09 dcoppa Exp $ */ 3 4 /*- 5 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel WiFi Link 4965 and 1000/5000/6000 Series 802.11 network 22 * adapters. 23 */ 24 #include <sys/cdefs.h> 25 __KERNEL_RCSID(0, "$NetBSD: if_iwn.c,v 1.86 2017/10/23 09:31:18 msaitoh Exp $"); 26 27 #define IWN_USE_RBUF /* Use local storage for RX */ 28 #undef IWN_HWCRYPTO /* XXX does not even compile yet */ 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/proc.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #ifdef notyetMODULE 39 #include <sys/module.h> 40 #endif 41 #include <sys/mutex.h> 42 #include <sys/conf.h> 43 #include <sys/kauth.h> 44 #include <sys/callout.h> 45 46 #include <dev/sysmon/sysmonvar.h> 47 48 #include <sys/bus.h> 49 #include <machine/endian.h> 50 #include <sys/intr.h> 51 52 #include <dev/pci/pcireg.h> 53 #include <dev/pci/pcivar.h> 54 #include <dev/pci/pcidevs.h> 55 56 #include <net/bpf.h> 57 #include <net/if.h> 58 #include <net/if_arp.h> 59 #include <net/if_dl.h> 60 #include <net/if_media.h> 61 #include <net/if_types.h> 62 63 #include <netinet/in.h> 64 #include <netinet/in_systm.h> 65 #include <netinet/in_var.h> 66 #include <net/if_ether.h> 67 #include <netinet/ip.h> 68 69 #include <net80211/ieee80211_var.h> 70 #include <net80211/ieee80211_amrr.h> 71 #include <net80211/ieee80211_radiotap.h> 72 73 #include <dev/firmload.h> 74 75 #include <dev/pci/if_iwnreg.h> 76 #include <dev/pci/if_iwnvar.h> 77 78 static const pci_product_id_t iwn_devices[] = { 79 PCI_PRODUCT_INTEL_WIFI_LINK_1030_1, 80 PCI_PRODUCT_INTEL_WIFI_LINK_1030_2, 81 PCI_PRODUCT_INTEL_WIFI_LINK_4965_1, 82 PCI_PRODUCT_INTEL_WIFI_LINK_4965_2, 83 PCI_PRODUCT_INTEL_WIFI_LINK_4965_3, 84 PCI_PRODUCT_INTEL_WIFI_LINK_4965_4, 85 PCI_PRODUCT_INTEL_WIFI_LINK_5100_1, 86 PCI_PRODUCT_INTEL_WIFI_LINK_5100_2, 87 PCI_PRODUCT_INTEL_WIFI_LINK_5150_1, 88 PCI_PRODUCT_INTEL_WIFI_LINK_5150_2, 89 PCI_PRODUCT_INTEL_WIFI_LINK_5300_1, 90 PCI_PRODUCT_INTEL_WIFI_LINK_5300_2, 91 PCI_PRODUCT_INTEL_WIFI_LINK_5350_1, 92 PCI_PRODUCT_INTEL_WIFI_LINK_5350_2, 93 PCI_PRODUCT_INTEL_WIFI_LINK_1000_1, 94 PCI_PRODUCT_INTEL_WIFI_LINK_1000_2, 95 PCI_PRODUCT_INTEL_WIFI_LINK_6000_3X3_1, 96 PCI_PRODUCT_INTEL_WIFI_LINK_6000_3X3_2, 97 PCI_PRODUCT_INTEL_WIFI_LINK_6000_IPA_1, 98 PCI_PRODUCT_INTEL_WIFI_LINK_6000_IPA_2, 99 PCI_PRODUCT_INTEL_WIFI_LINK_6050_2X2_1, 100 PCI_PRODUCT_INTEL_WIFI_LINK_6050_2X2_2, 101 PCI_PRODUCT_INTEL_WIFI_LINK_6005_2X2_1, 102 PCI_PRODUCT_INTEL_WIFI_LINK_6005_2X2_2, 103 PCI_PRODUCT_INTEL_WIFI_LINK_6230_1, 104 PCI_PRODUCT_INTEL_WIFI_LINK_6230_2, 105 PCI_PRODUCT_INTEL_WIFI_LINK_6235, 106 PCI_PRODUCT_INTEL_WIFI_LINK_6235_2, 107 PCI_PRODUCT_INTEL_WIFI_LINK_100_1, 108 PCI_PRODUCT_INTEL_WIFI_LINK_100_2, 109 PCI_PRODUCT_INTEL_WIFI_LINK_130_1, 110 PCI_PRODUCT_INTEL_WIFI_LINK_130_2, 111 PCI_PRODUCT_INTEL_WIFI_LINK_2230_1, 112 PCI_PRODUCT_INTEL_WIFI_LINK_2230_2, 113 PCI_PRODUCT_INTEL_WIFI_LINK_2200_1, 114 PCI_PRODUCT_INTEL_WIFI_LINK_2200_2, 115 PCI_PRODUCT_INTEL_WIFI_LINK_135_1, 116 PCI_PRODUCT_INTEL_WIFI_LINK_135_2, 117 PCI_PRODUCT_INTEL_WIFI_LINK_105_1, 118 PCI_PRODUCT_INTEL_WIFI_LINK_105_2, 119 }; 120 121 /* 122 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 123 */ 124 static const struct ieee80211_rateset iwn_rateset_11a = 125 { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } }; 126 127 static const struct ieee80211_rateset iwn_rateset_11b = 128 { 4, { 2, 4, 11, 22 } }; 129 130 static const struct ieee80211_rateset iwn_rateset_11g = 131 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 132 133 static int iwn_match(device_t , struct cfdata *, void *); 134 static void iwn_attach(device_t , device_t , void *); 135 static int iwn4965_attach(struct iwn_softc *, pci_product_id_t); 136 static int iwn5000_attach(struct iwn_softc *, pci_product_id_t); 137 static void iwn_radiotap_attach(struct iwn_softc *); 138 static int iwn_detach(device_t , int); 139 #if 0 140 static void iwn_power(int, void *); 141 #endif 142 static bool iwn_resume(device_t, const pmf_qual_t *); 143 static int iwn_nic_lock(struct iwn_softc *); 144 static int iwn_eeprom_lock(struct iwn_softc *); 145 static int iwn_init_otprom(struct iwn_softc *); 146 static int iwn_read_prom_data(struct iwn_softc *, uint32_t, void *, int); 147 static int iwn_dma_contig_alloc(bus_dma_tag_t, struct iwn_dma_info *, 148 void **, bus_size_t, bus_size_t); 149 static void iwn_dma_contig_free(struct iwn_dma_info *); 150 static int iwn_alloc_sched(struct iwn_softc *); 151 static void iwn_free_sched(struct iwn_softc *); 152 static int iwn_alloc_kw(struct iwn_softc *); 153 static void iwn_free_kw(struct iwn_softc *); 154 static int iwn_alloc_ict(struct iwn_softc *); 155 static void iwn_free_ict(struct iwn_softc *); 156 static int iwn_alloc_fwmem(struct iwn_softc *); 157 static void iwn_free_fwmem(struct iwn_softc *); 158 static int iwn_alloc_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 159 static void iwn_reset_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 160 static void iwn_free_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 161 static int iwn_alloc_tx_ring(struct iwn_softc *, struct iwn_tx_ring *, 162 int); 163 static void iwn_reset_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 164 static void iwn_free_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 165 static void iwn5000_ict_reset(struct iwn_softc *); 166 static int iwn_read_eeprom(struct iwn_softc *); 167 static void iwn4965_read_eeprom(struct iwn_softc *); 168 169 #ifdef IWN_DEBUG 170 static void iwn4965_print_power_group(struct iwn_softc *, int); 171 #endif 172 static void iwn5000_read_eeprom(struct iwn_softc *); 173 static void iwn_read_eeprom_channels(struct iwn_softc *, int, uint32_t); 174 static void iwn_read_eeprom_enhinfo(struct iwn_softc *); 175 static struct ieee80211_node *iwn_node_alloc(struct ieee80211_node_table *); 176 static void iwn_newassoc(struct ieee80211_node *, int); 177 static int iwn_media_change(struct ifnet *); 178 static int iwn_newstate(struct ieee80211com *, enum ieee80211_state, int); 179 static void iwn_iter_func(void *, struct ieee80211_node *); 180 static void iwn_calib_timeout(void *); 181 static void iwn_rx_phy(struct iwn_softc *, struct iwn_rx_desc *, 182 struct iwn_rx_data *); 183 static void iwn_rx_done(struct iwn_softc *, struct iwn_rx_desc *, 184 struct iwn_rx_data *); 185 #ifndef IEEE80211_NO_HT 186 static void iwn_rx_compressed_ba(struct iwn_softc *, struct iwn_rx_desc *, 187 struct iwn_rx_data *); 188 #endif 189 static void iwn5000_rx_calib_results(struct iwn_softc *, 190 struct iwn_rx_desc *, struct iwn_rx_data *); 191 static void iwn_rx_statistics(struct iwn_softc *, struct iwn_rx_desc *, 192 struct iwn_rx_data *); 193 static void iwn4965_tx_done(struct iwn_softc *, struct iwn_rx_desc *, 194 struct iwn_rx_data *); 195 static void iwn5000_tx_done(struct iwn_softc *, struct iwn_rx_desc *, 196 struct iwn_rx_data *); 197 static void iwn_tx_done(struct iwn_softc *, struct iwn_rx_desc *, int, 198 uint8_t); 199 static void iwn_cmd_done(struct iwn_softc *, struct iwn_rx_desc *); 200 static void iwn_notif_intr(struct iwn_softc *); 201 static void iwn_wakeup_intr(struct iwn_softc *); 202 static void iwn_fatal_intr(struct iwn_softc *); 203 static int iwn_intr(void *); 204 static void iwn_softintr(void *); 205 static void iwn4965_update_sched(struct iwn_softc *, int, int, uint8_t, 206 uint16_t); 207 static void iwn5000_update_sched(struct iwn_softc *, int, int, uint8_t, 208 uint16_t); 209 #ifdef notyet 210 static void iwn5000_reset_sched(struct iwn_softc *, int, int); 211 #endif 212 static int iwn_tx(struct iwn_softc *, struct mbuf *, 213 struct ieee80211_node *, int); 214 static void iwn_start(struct ifnet *); 215 static void iwn_watchdog(struct ifnet *); 216 static int iwn_ioctl(struct ifnet *, u_long, void *); 217 static int iwn_cmd(struct iwn_softc *, int, const void *, int, int); 218 static int iwn4965_add_node(struct iwn_softc *, struct iwn_node_info *, 219 int); 220 static int iwn5000_add_node(struct iwn_softc *, struct iwn_node_info *, 221 int); 222 static int iwn_set_link_quality(struct iwn_softc *, 223 struct ieee80211_node *); 224 static int iwn_add_broadcast_node(struct iwn_softc *, int); 225 static void iwn_set_led(struct iwn_softc *, uint8_t, uint8_t, uint8_t); 226 static int iwn_set_critical_temp(struct iwn_softc *); 227 static int iwn_set_timing(struct iwn_softc *, struct ieee80211_node *); 228 static void iwn4965_power_calibration(struct iwn_softc *, int); 229 static int iwn4965_set_txpower(struct iwn_softc *, int); 230 static int iwn5000_set_txpower(struct iwn_softc *, int); 231 static int iwn4965_get_rssi(const struct iwn_rx_stat *); 232 static int iwn5000_get_rssi(const struct iwn_rx_stat *); 233 static int iwn_get_noise(const struct iwn_rx_general_stats *); 234 static int iwn4965_get_temperature(struct iwn_softc *); 235 static int iwn5000_get_temperature(struct iwn_softc *); 236 static int iwn_init_sensitivity(struct iwn_softc *); 237 static void iwn_collect_noise(struct iwn_softc *, 238 const struct iwn_rx_general_stats *); 239 static int iwn4965_init_gains(struct iwn_softc *); 240 static int iwn5000_init_gains(struct iwn_softc *); 241 static int iwn4965_set_gains(struct iwn_softc *); 242 static int iwn5000_set_gains(struct iwn_softc *); 243 static void iwn_tune_sensitivity(struct iwn_softc *, 244 const struct iwn_rx_stats *); 245 static int iwn_send_sensitivity(struct iwn_softc *); 246 static int iwn_set_pslevel(struct iwn_softc *, int, int, int); 247 static int iwn5000_runtime_calib(struct iwn_softc *); 248 249 static int iwn_config_bt_coex_bluetooth(struct iwn_softc *); 250 static int iwn_config_bt_coex_prio_table(struct iwn_softc *); 251 static int iwn_config_bt_coex_adv1(struct iwn_softc *); 252 static int iwn_config_bt_coex_adv2(struct iwn_softc *); 253 254 static int iwn_config(struct iwn_softc *); 255 static uint16_t iwn_get_active_dwell_time(struct iwn_softc *, uint16_t, 256 uint8_t); 257 static uint16_t iwn_limit_dwell(struct iwn_softc *, uint16_t); 258 static uint16_t iwn_get_passive_dwell_time(struct iwn_softc *, uint16_t); 259 static int iwn_scan(struct iwn_softc *, uint16_t); 260 static int iwn_auth(struct iwn_softc *); 261 static int iwn_run(struct iwn_softc *); 262 #ifdef IWN_HWCRYPTO 263 static int iwn_set_key(struct ieee80211com *, struct ieee80211_node *, 264 struct ieee80211_key *); 265 static void iwn_delete_key(struct ieee80211com *, struct ieee80211_node *, 266 struct ieee80211_key *); 267 #endif 268 static int iwn_wme_update(struct ieee80211com *); 269 #ifndef IEEE80211_NO_HT 270 static int iwn_ampdu_rx_start(struct ieee80211com *, 271 struct ieee80211_node *, uint8_t); 272 static void iwn_ampdu_rx_stop(struct ieee80211com *, 273 struct ieee80211_node *, uint8_t); 274 static int iwn_ampdu_tx_start(struct ieee80211com *, 275 struct ieee80211_node *, uint8_t); 276 static void iwn_ampdu_tx_stop(struct ieee80211com *, 277 struct ieee80211_node *, uint8_t); 278 static void iwn4965_ampdu_tx_start(struct iwn_softc *, 279 struct ieee80211_node *, uint8_t, uint16_t); 280 static void iwn4965_ampdu_tx_stop(struct iwn_softc *, 281 uint8_t, uint16_t); 282 static void iwn5000_ampdu_tx_start(struct iwn_softc *, 283 struct ieee80211_node *, uint8_t, uint16_t); 284 static void iwn5000_ampdu_tx_stop(struct iwn_softc *, 285 uint8_t, uint16_t); 286 #endif 287 static int iwn5000_query_calibration(struct iwn_softc *); 288 static int iwn5000_send_calibration(struct iwn_softc *); 289 static int iwn5000_send_wimax_coex(struct iwn_softc *); 290 static int iwn6000_temp_offset_calib(struct iwn_softc *); 291 static int iwn2000_temp_offset_calib(struct iwn_softc *); 292 static int iwn4965_post_alive(struct iwn_softc *); 293 static int iwn5000_post_alive(struct iwn_softc *); 294 static int iwn4965_load_bootcode(struct iwn_softc *, const uint8_t *, 295 int); 296 static int iwn4965_load_firmware(struct iwn_softc *); 297 static int iwn5000_load_firmware_section(struct iwn_softc *, uint32_t, 298 const uint8_t *, int); 299 static int iwn5000_load_firmware(struct iwn_softc *); 300 static int iwn_read_firmware_leg(struct iwn_softc *, 301 struct iwn_fw_info *); 302 static int iwn_read_firmware_tlv(struct iwn_softc *, 303 struct iwn_fw_info *, uint16_t); 304 static int iwn_read_firmware(struct iwn_softc *); 305 static int iwn_clock_wait(struct iwn_softc *); 306 static int iwn_apm_init(struct iwn_softc *); 307 static void iwn_apm_stop_master(struct iwn_softc *); 308 static void iwn_apm_stop(struct iwn_softc *); 309 static int iwn4965_nic_config(struct iwn_softc *); 310 static int iwn5000_nic_config(struct iwn_softc *); 311 static int iwn_hw_prepare(struct iwn_softc *); 312 static int iwn_hw_init(struct iwn_softc *); 313 static void iwn_hw_stop(struct iwn_softc *); 314 static int iwn_init(struct ifnet *); 315 static void iwn_stop(struct ifnet *, int); 316 317 /* XXX MCLGETI alternative */ 318 static struct mbuf *MCLGETIalt(struct iwn_softc *, int, 319 struct ifnet *, u_int); 320 #ifdef IWN_USE_RBUF 321 static struct iwn_rbuf *iwn_alloc_rbuf(struct iwn_softc *); 322 static void iwn_free_rbuf(struct mbuf *, void *, size_t, void *); 323 static int iwn_alloc_rpool(struct iwn_softc *); 324 static void iwn_free_rpool(struct iwn_softc *); 325 #endif 326 327 static void iwn_fix_channel(struct ieee80211com *, struct mbuf *, 328 struct iwn_rx_stat *); 329 330 #ifdef IWN_DEBUG 331 #define DPRINTF(x) do { if (iwn_debug > 0) printf x; } while (0) 332 #define DPRINTFN(n, x) do { if (iwn_debug >= (n)) printf x; } while (0) 333 int iwn_debug = 0; 334 #else 335 #define DPRINTF(x) 336 #define DPRINTFN(n, x) 337 #endif 338 339 CFATTACH_DECL_NEW(iwn, sizeof(struct iwn_softc), iwn_match, iwn_attach, 340 iwn_detach, NULL); 341 342 static int 343 iwn_match(device_t parent, cfdata_t match __unused, void *aux) 344 { 345 struct pci_attach_args *pa = aux; 346 size_t i; 347 348 if (PCI_VENDOR(pa->pa_id) != PCI_VENDOR_INTEL) 349 return 0; 350 351 for (i = 0; i < __arraycount(iwn_devices); i++) 352 if (PCI_PRODUCT(pa->pa_id) == iwn_devices[i]) 353 return 1; 354 355 return 0; 356 } 357 358 static void 359 iwn_attach(device_t parent __unused, device_t self, void *aux) 360 { 361 struct iwn_softc *sc = device_private(self); 362 struct ieee80211com *ic = &sc->sc_ic; 363 struct ifnet *ifp = &sc->sc_ec.ec_if; 364 struct pci_attach_args *pa = aux; 365 const char *intrstr; 366 pcireg_t memtype, reg; 367 int i, error; 368 char intrbuf[PCI_INTRSTR_LEN]; 369 370 sc->sc_dev = self; 371 sc->sc_pct = pa->pa_pc; 372 sc->sc_pcitag = pa->pa_tag; 373 sc->sc_dmat = pa->pa_dmat; 374 mutex_init(&sc->sc_mtx, MUTEX_DEFAULT, IPL_NONE); 375 376 callout_init(&sc->calib_to, 0); 377 callout_setfunc(&sc->calib_to, iwn_calib_timeout, sc); 378 379 pci_aprint_devinfo(pa, NULL); 380 381 /* 382 * Get the offset of the PCI Express Capability Structure in PCI 383 * Configuration Space. 384 */ 385 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 386 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 387 if (error == 0) { 388 aprint_error_dev(self, 389 "PCIe capability structure not found!\n"); 390 return; 391 } 392 393 /* Clear device-specific "PCI retry timeout" register (41h). */ 394 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 395 if (reg & 0xff00) 396 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg & ~0xff00); 397 398 /* Enable bus-mastering. */ 399 /* XXX verify the bus-mastering is really needed (not in OpenBSD) */ 400 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 401 reg |= PCI_COMMAND_MASTER_ENABLE; 402 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, reg); 403 404 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, IWN_PCI_BAR0); 405 error = pci_mapreg_map(pa, IWN_PCI_BAR0, memtype, 0, &sc->sc_st, 406 &sc->sc_sh, NULL, &sc->sc_sz); 407 if (error != 0) { 408 aprint_error_dev(self, "can't map mem space\n"); 409 return; 410 } 411 412 sc->sc_soft_ih = softint_establish(SOFTINT_NET, iwn_softintr, sc); 413 if (sc->sc_soft_ih == NULL) { 414 aprint_error_dev(self, "can't establish soft interrupt\n"); 415 goto unmap; 416 } 417 418 /* Install interrupt handler. */ 419 error = pci_intr_alloc(pa, &sc->sc_pihp, NULL, 0); 420 if (error) { 421 aprint_error_dev(self, "can't allocate interrupt\n"); 422 goto failsi; 423 } 424 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 425 if (pci_intr_type(sc->sc_pct, sc->sc_pihp[0]) == PCI_INTR_TYPE_INTX) 426 CLR(reg, PCI_COMMAND_INTERRUPT_DISABLE); 427 else 428 SET(reg, PCI_COMMAND_INTERRUPT_DISABLE); 429 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, reg); 430 intrstr = pci_intr_string(sc->sc_pct, sc->sc_pihp[0], intrbuf, 431 sizeof(intrbuf)); 432 sc->sc_ih = pci_intr_establish_xname(sc->sc_pct, sc->sc_pihp[0], 433 IPL_NET, iwn_intr, sc, device_xname(self)); 434 if (sc->sc_ih == NULL) { 435 aprint_error_dev(self, "can't establish interrupt"); 436 if (intrstr != NULL) 437 aprint_error(" at %s", intrstr); 438 aprint_error("\n"); 439 goto failia; 440 } 441 aprint_normal_dev(self, "interrupting at %s\n", intrstr); 442 443 /* Read hardware revision and attach. */ 444 sc->hw_type = 445 (IWN_READ(sc, IWN_HW_REV) & IWN_HW_REV_TYPE_MASK) 446 >> IWN_HW_REV_TYPE_SHIFT; 447 if (sc->hw_type == IWN_HW_REV_TYPE_4965) 448 error = iwn4965_attach(sc, PCI_PRODUCT(pa->pa_id)); 449 else 450 error = iwn5000_attach(sc, PCI_PRODUCT(pa->pa_id)); 451 if (error != 0) { 452 aprint_error_dev(self, "could not attach device\n"); 453 goto failih; 454 } 455 456 if ((error = iwn_hw_prepare(sc)) != 0) { 457 aprint_error_dev(self, "hardware not ready\n"); 458 goto failih; 459 } 460 461 /* Read MAC address, channels, etc from EEPROM. */ 462 if ((error = iwn_read_eeprom(sc)) != 0) { 463 aprint_error_dev(self, "could not read EEPROM\n"); 464 goto failih; 465 } 466 467 /* Allocate DMA memory for firmware transfers. */ 468 if ((error = iwn_alloc_fwmem(sc)) != 0) { 469 aprint_error_dev(self, 470 "could not allocate memory for firmware\n"); 471 goto failih; 472 } 473 474 /* Allocate "Keep Warm" page. */ 475 if ((error = iwn_alloc_kw(sc)) != 0) { 476 aprint_error_dev(self, "could not allocate keep warm page\n"); 477 goto fail1; 478 } 479 480 /* Allocate ICT table for 5000 Series. */ 481 if (sc->hw_type != IWN_HW_REV_TYPE_4965 && 482 (error = iwn_alloc_ict(sc)) != 0) { 483 aprint_error_dev(self, "could not allocate ICT table\n"); 484 goto fail2; 485 } 486 487 /* Allocate TX scheduler "rings". */ 488 if ((error = iwn_alloc_sched(sc)) != 0) { 489 aprint_error_dev(self, 490 "could not allocate TX scheduler rings\n"); 491 goto fail3; 492 } 493 494 #ifdef IWN_USE_RBUF 495 /* Allocate RX buffers. */ 496 if ((error = iwn_alloc_rpool(sc)) != 0) { 497 aprint_error_dev(self, "could not allocate RX buffers\n"); 498 goto fail3; 499 } 500 #endif 501 502 /* Allocate TX rings (16 on 4965AGN, 20 on >=5000). */ 503 for (i = 0; i < sc->ntxqs; i++) { 504 if ((error = iwn_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 505 aprint_error_dev(self, 506 "could not allocate TX ring %d\n", i); 507 goto fail4; 508 } 509 } 510 511 /* Allocate RX ring. */ 512 if ((error = iwn_alloc_rx_ring(sc, &sc->rxq)) != 0) { 513 aprint_error_dev(self, "could not allocate RX ring\n"); 514 goto fail4; 515 } 516 517 /* Clear pending interrupts. */ 518 IWN_WRITE(sc, IWN_INT, 0xffffffff); 519 520 /* Count the number of available chains. */ 521 sc->ntxchains = 522 ((sc->txchainmask >> 2) & 1) + 523 ((sc->txchainmask >> 1) & 1) + 524 ((sc->txchainmask >> 0) & 1); 525 sc->nrxchains = 526 ((sc->rxchainmask >> 2) & 1) + 527 ((sc->rxchainmask >> 1) & 1) + 528 ((sc->rxchainmask >> 0) & 1); 529 aprint_normal_dev(self, "MIMO %dT%dR, %.4s, address %s\n", 530 sc->ntxchains, sc->nrxchains, sc->eeprom_domain, 531 ether_sprintf(ic->ic_myaddr)); 532 533 ic->ic_ifp = ifp; 534 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 535 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 536 ic->ic_state = IEEE80211_S_INIT; 537 538 /* Set device capabilities. */ 539 /* XXX OpenBSD has IEEE80211_C_WEP, IEEE80211_C_RSN, 540 * and IEEE80211_C_PMGT too. */ 541 ic->ic_caps = 542 IEEE80211_C_IBSS | /* IBSS mode support */ 543 IEEE80211_C_WPA | /* 802.11i */ 544 IEEE80211_C_MONITOR | /* monitor mode supported */ 545 IEEE80211_C_TXPMGT | /* tx power management */ 546 IEEE80211_C_SHSLOT | /* short slot time supported */ 547 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 548 IEEE80211_C_WME; /* 802.11e */ 549 550 #ifndef IEEE80211_NO_HT 551 if (sc->sc_flags & IWN_FLAG_HAS_11N) { 552 /* Set HT capabilities. */ 553 ic->ic_htcaps = 554 #if IWN_RBUF_SIZE == 8192 555 IEEE80211_HTCAP_AMSDU7935 | 556 #endif 557 IEEE80211_HTCAP_CBW20_40 | 558 IEEE80211_HTCAP_SGI20 | 559 IEEE80211_HTCAP_SGI40; 560 if (sc->hw_type != IWN_HW_REV_TYPE_4965) 561 ic->ic_htcaps |= IEEE80211_HTCAP_GF; 562 if (sc->hw_type == IWN_HW_REV_TYPE_6050) 563 ic->ic_htcaps |= IEEE80211_HTCAP_SMPS_DYN; 564 else 565 ic->ic_htcaps |= IEEE80211_HTCAP_SMPS_DIS; 566 } 567 #endif /* !IEEE80211_NO_HT */ 568 569 /* Set supported legacy rates. */ 570 ic->ic_sup_rates[IEEE80211_MODE_11B] = iwn_rateset_11b; 571 ic->ic_sup_rates[IEEE80211_MODE_11G] = iwn_rateset_11g; 572 if (sc->sc_flags & IWN_FLAG_HAS_5GHZ) { 573 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwn_rateset_11a; 574 } 575 #ifndef IEEE80211_NO_HT 576 if (sc->sc_flags & IWN_FLAG_HAS_11N) { 577 /* Set supported HT rates. */ 578 ic->ic_sup_mcs[0] = 0xff; /* MCS 0-7 */ 579 if (sc->nrxchains > 1) 580 ic->ic_sup_mcs[1] = 0xff; /* MCS 7-15 */ 581 if (sc->nrxchains > 2) 582 ic->ic_sup_mcs[2] = 0xff; /* MCS 16-23 */ 583 } 584 #endif 585 586 /* IBSS channel undefined for now. */ 587 ic->ic_ibss_chan = &ic->ic_channels[0]; 588 589 ifp->if_softc = sc; 590 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 591 ifp->if_init = iwn_init; 592 ifp->if_ioctl = iwn_ioctl; 593 ifp->if_start = iwn_start; 594 ifp->if_stop = iwn_stop; 595 ifp->if_watchdog = iwn_watchdog; 596 IFQ_SET_READY(&ifp->if_snd); 597 memcpy(ifp->if_xname, device_xname(self), IFNAMSIZ); 598 599 error = if_initialize(ifp); 600 if (error != 0) { 601 aprint_error_dev(sc->sc_dev, "if_initialize failed(%d)\n", 602 error); 603 goto fail5; 604 } 605 ieee80211_ifattach(ic); 606 /* Use common softint-based if_input */ 607 ifp->if_percpuq = if_percpuq_create(ifp); 608 if_register(ifp); 609 610 ic->ic_node_alloc = iwn_node_alloc; 611 ic->ic_newassoc = iwn_newassoc; 612 #ifdef IWN_HWCRYPTO 613 ic->ic_crypto.cs_key_set = iwn_set_key; 614 ic->ic_crypto.cs_key_delete = iwn_delete_key; 615 #endif 616 ic->ic_wme.wme_update = iwn_wme_update; 617 #ifndef IEEE80211_NO_HT 618 ic->ic_ampdu_rx_start = iwn_ampdu_rx_start; 619 ic->ic_ampdu_rx_stop = iwn_ampdu_rx_stop; 620 ic->ic_ampdu_tx_start = iwn_ampdu_tx_start; 621 ic->ic_ampdu_tx_stop = iwn_ampdu_tx_stop; 622 #endif 623 624 /* Override 802.11 state transition machine. */ 625 sc->sc_newstate = ic->ic_newstate; 626 ic->ic_newstate = iwn_newstate; 627 ieee80211_media_init(ic, iwn_media_change, ieee80211_media_status); 628 629 sc->amrr.amrr_min_success_threshold = 1; 630 sc->amrr.amrr_max_success_threshold = 15; 631 632 iwn_radiotap_attach(sc); 633 634 /* 635 * XXX for NetBSD, OpenBSD timeout_set replaced by 636 * callout_init and callout_setfunc, above. 637 */ 638 639 if (pmf_device_register(self, NULL, iwn_resume)) 640 pmf_class_network_register(self, ifp); 641 else 642 aprint_error_dev(self, "couldn't establish power handler\n"); 643 644 /* XXX NetBSD add call to ieee80211_announce for dmesg. */ 645 ieee80211_announce(ic); 646 647 sc->sc_flags |= IWN_FLAG_ATTACHED; 648 return; 649 650 /* Free allocated memory if something failed during attachment. */ 651 fail5: iwn_free_rx_ring(sc, &sc->rxq); 652 fail4: while (--i >= 0) 653 iwn_free_tx_ring(sc, &sc->txq[i]); 654 #ifdef IWN_USE_RBUF 655 iwn_free_rpool(sc); 656 #endif 657 iwn_free_sched(sc); 658 fail3: if (sc->ict != NULL) 659 iwn_free_ict(sc); 660 fail2: iwn_free_kw(sc); 661 fail1: iwn_free_fwmem(sc); 662 failih: pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 663 sc->sc_ih = NULL; 664 failia: pci_intr_release(sc->sc_pct, sc->sc_pihp, 1); 665 sc->sc_pihp = NULL; 666 failsi: softint_disestablish(sc->sc_soft_ih); 667 sc->sc_soft_ih = NULL; 668 unmap: bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 669 } 670 671 int 672 iwn4965_attach(struct iwn_softc *sc, pci_product_id_t pid) 673 { 674 struct iwn_ops *ops = &sc->ops; 675 676 ops->load_firmware = iwn4965_load_firmware; 677 ops->read_eeprom = iwn4965_read_eeprom; 678 ops->post_alive = iwn4965_post_alive; 679 ops->nic_config = iwn4965_nic_config; 680 ops->config_bt_coex = iwn_config_bt_coex_bluetooth; 681 ops->update_sched = iwn4965_update_sched; 682 ops->get_temperature = iwn4965_get_temperature; 683 ops->get_rssi = iwn4965_get_rssi; 684 ops->set_txpower = iwn4965_set_txpower; 685 ops->init_gains = iwn4965_init_gains; 686 ops->set_gains = iwn4965_set_gains; 687 ops->add_node = iwn4965_add_node; 688 ops->tx_done = iwn4965_tx_done; 689 #ifndef IEEE80211_NO_HT 690 ops->ampdu_tx_start = iwn4965_ampdu_tx_start; 691 ops->ampdu_tx_stop = iwn4965_ampdu_tx_stop; 692 #endif 693 sc->ntxqs = IWN4965_NTXQUEUES; 694 sc->ndmachnls = IWN4965_NDMACHNLS; 695 sc->broadcast_id = IWN4965_ID_BROADCAST; 696 sc->rxonsz = IWN4965_RXONSZ; 697 sc->schedsz = IWN4965_SCHEDSZ; 698 sc->fw_text_maxsz = IWN4965_FW_TEXT_MAXSZ; 699 sc->fw_data_maxsz = IWN4965_FW_DATA_MAXSZ; 700 sc->fwsz = IWN4965_FWSZ; 701 sc->sched_txfact_addr = IWN4965_SCHED_TXFACT; 702 sc->limits = &iwn4965_sensitivity_limits; 703 sc->fwname = "iwlwifi-4965-2.ucode"; 704 /* Override chains masks, ROM is known to be broken. */ 705 sc->txchainmask = IWN_ANT_AB; 706 sc->rxchainmask = IWN_ANT_ABC; 707 708 return 0; 709 } 710 711 int 712 iwn5000_attach(struct iwn_softc *sc, pci_product_id_t pid) 713 { 714 struct iwn_ops *ops = &sc->ops; 715 716 ops->load_firmware = iwn5000_load_firmware; 717 ops->read_eeprom = iwn5000_read_eeprom; 718 ops->post_alive = iwn5000_post_alive; 719 ops->nic_config = iwn5000_nic_config; 720 ops->config_bt_coex = iwn_config_bt_coex_bluetooth; 721 ops->update_sched = iwn5000_update_sched; 722 ops->get_temperature = iwn5000_get_temperature; 723 ops->get_rssi = iwn5000_get_rssi; 724 ops->set_txpower = iwn5000_set_txpower; 725 ops->init_gains = iwn5000_init_gains; 726 ops->set_gains = iwn5000_set_gains; 727 ops->add_node = iwn5000_add_node; 728 ops->tx_done = iwn5000_tx_done; 729 #ifndef IEEE80211_NO_HT 730 ops->ampdu_tx_start = iwn5000_ampdu_tx_start; 731 ops->ampdu_tx_stop = iwn5000_ampdu_tx_stop; 732 #endif 733 sc->ntxqs = IWN5000_NTXQUEUES; 734 sc->ndmachnls = IWN5000_NDMACHNLS; 735 sc->broadcast_id = IWN5000_ID_BROADCAST; 736 sc->rxonsz = IWN5000_RXONSZ; 737 sc->schedsz = IWN5000_SCHEDSZ; 738 sc->fw_text_maxsz = IWN5000_FW_TEXT_MAXSZ; 739 sc->fw_data_maxsz = IWN5000_FW_DATA_MAXSZ; 740 sc->fwsz = IWN5000_FWSZ; 741 sc->sched_txfact_addr = IWN5000_SCHED_TXFACT; 742 743 switch (sc->hw_type) { 744 case IWN_HW_REV_TYPE_5100: 745 sc->limits = &iwn5000_sensitivity_limits; 746 sc->fwname = "iwlwifi-5000-2.ucode"; 747 /* Override chains masks, ROM is known to be broken. */ 748 sc->txchainmask = IWN_ANT_B; 749 sc->rxchainmask = IWN_ANT_AB; 750 break; 751 case IWN_HW_REV_TYPE_5150: 752 sc->limits = &iwn5150_sensitivity_limits; 753 sc->fwname = "iwlwifi-5150-2.ucode"; 754 break; 755 case IWN_HW_REV_TYPE_5300: 756 case IWN_HW_REV_TYPE_5350: 757 sc->limits = &iwn5000_sensitivity_limits; 758 sc->fwname = "iwlwifi-5000-2.ucode"; 759 break; 760 case IWN_HW_REV_TYPE_1000: 761 sc->limits = &iwn1000_sensitivity_limits; 762 if (pid == PCI_PRODUCT_INTEL_WIFI_LINK_100_1 || 763 pid == PCI_PRODUCT_INTEL_WIFI_LINK_100_2) 764 sc->fwname = "iwlwifi-100-5.ucode"; 765 else 766 sc->fwname = "iwlwifi-1000-3.ucode"; 767 break; 768 case IWN_HW_REV_TYPE_6000: 769 sc->limits = &iwn6000_sensitivity_limits; 770 sc->fwname = "iwlwifi-6000-4.ucode"; 771 if (pid == PCI_PRODUCT_INTEL_WIFI_LINK_6000_IPA_1 || 772 pid == PCI_PRODUCT_INTEL_WIFI_LINK_6000_IPA_2) { 773 sc->sc_flags |= IWN_FLAG_INTERNAL_PA; 774 /* Override chains masks, ROM is known to be broken. */ 775 sc->txchainmask = IWN_ANT_BC; 776 sc->rxchainmask = IWN_ANT_BC; 777 } 778 break; 779 case IWN_HW_REV_TYPE_6050: 780 sc->limits = &iwn6000_sensitivity_limits; 781 sc->fwname = "iwlwifi-6050-5.ucode"; 782 break; 783 case IWN_HW_REV_TYPE_6005: 784 sc->limits = &iwn6000_sensitivity_limits; 785 /* Type 6030 cards return IWN_HW_REV_TYPE_6005 */ 786 if (pid == PCI_PRODUCT_INTEL_WIFI_LINK_1030_1 || 787 pid == PCI_PRODUCT_INTEL_WIFI_LINK_1030_2 || 788 pid == PCI_PRODUCT_INTEL_WIFI_LINK_6230_1 || 789 pid == PCI_PRODUCT_INTEL_WIFI_LINK_6230_2 || 790 pid == PCI_PRODUCT_INTEL_WIFI_LINK_6235 || 791 pid == PCI_PRODUCT_INTEL_WIFI_LINK_6235_2) { 792 sc->fwname = "iwlwifi-6000g2b-6.ucode"; 793 ops->config_bt_coex = iwn_config_bt_coex_adv1; 794 } 795 else 796 sc->fwname = "iwlwifi-6000g2a-5.ucode"; 797 break; 798 case IWN_HW_REV_TYPE_2030: 799 sc->limits = &iwn2030_sensitivity_limits; 800 sc->fwname = "iwlwifi-2030-6.ucode"; 801 ops->config_bt_coex = iwn_config_bt_coex_adv2; 802 break; 803 case IWN_HW_REV_TYPE_2000: 804 sc->limits = &iwn2000_sensitivity_limits; 805 sc->fwname = "iwlwifi-2000-6.ucode"; 806 break; 807 case IWN_HW_REV_TYPE_135: 808 sc->limits = &iwn2000_sensitivity_limits; 809 sc->fwname = "iwlwifi-135-6.ucode"; 810 ops->config_bt_coex = iwn_config_bt_coex_adv2; 811 break; 812 case IWN_HW_REV_TYPE_105: 813 sc->limits = &iwn2000_sensitivity_limits; 814 sc->fwname = "iwlwifi-105-6.ucode"; 815 break; 816 default: 817 aprint_normal(": adapter type %d not supported\n", sc->hw_type); 818 return ENOTSUP; 819 } 820 return 0; 821 } 822 823 /* 824 * Attach the interface to 802.11 radiotap. 825 */ 826 static void 827 iwn_radiotap_attach(struct iwn_softc *sc) 828 { 829 struct ifnet *ifp = sc->sc_ic.ic_ifp; 830 831 bpf_attach2(ifp, DLT_IEEE802_11_RADIO, 832 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 833 &sc->sc_drvbpf); 834 835 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 836 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 837 sc->sc_rxtap.wr_ihdr.it_present = htole32(IWN_RX_RADIOTAP_PRESENT); 838 839 sc->sc_txtap_len = sizeof sc->sc_txtapu; 840 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 841 sc->sc_txtap.wt_ihdr.it_present = htole32(IWN_TX_RADIOTAP_PRESENT); 842 } 843 844 static int 845 iwn_detach(device_t self, int flags __unused) 846 { 847 struct iwn_softc *sc = device_private(self); 848 struct ifnet *ifp = sc->sc_ic.ic_ifp; 849 int qid; 850 851 if (!(sc->sc_flags & IWN_FLAG_ATTACHED)) 852 return 0; 853 854 callout_stop(&sc->calib_to); 855 856 /* Uninstall interrupt handler. */ 857 if (sc->sc_ih != NULL) 858 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 859 if (sc->sc_pihp != NULL) 860 pci_intr_release(sc->sc_pct, sc->sc_pihp, 1); 861 if (sc->sc_soft_ih != NULL) 862 softint_disestablish(sc->sc_soft_ih); 863 864 /* Free DMA resources. */ 865 iwn_free_rx_ring(sc, &sc->rxq); 866 for (qid = 0; qid < sc->ntxqs; qid++) 867 iwn_free_tx_ring(sc, &sc->txq[qid]); 868 #ifdef IWN_USE_RBUF 869 iwn_free_rpool(sc); 870 #endif 871 iwn_free_sched(sc); 872 iwn_free_kw(sc); 873 if (sc->ict != NULL) 874 iwn_free_ict(sc); 875 iwn_free_fwmem(sc); 876 877 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 878 879 ieee80211_ifdetach(&sc->sc_ic); 880 if_detach(ifp); 881 882 return 0; 883 } 884 885 #if 0 886 /* 887 * XXX Investigate if clearing the PCI retry timeout could eliminate 888 * the repeated scan calls. Also the calls to if_init and if_start 889 * are similar to the effect of adding the call to ifioctl_common . 890 */ 891 static void 892 iwn_power(int why, void *arg) 893 { 894 struct iwn_softc *sc = arg; 895 struct ifnet *ifp; 896 pcireg_t reg; 897 int s; 898 899 if (why != PWR_RESUME) 900 return; 901 902 /* Clear device-specific "PCI retry timeout" register (41h). */ 903 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 904 if (reg & 0xff00) 905 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg & ~0xff00); 906 907 s = splnet(); 908 ifp = &sc->sc_ic.ic_if; 909 if (ifp->if_flags & IFF_UP) { 910 ifp->if_init(ifp); 911 if (ifp->if_flags & IFF_RUNNING) 912 ifp->if_start(ifp); 913 } 914 splx(s); 915 } 916 #endif 917 918 static bool 919 iwn_resume(device_t dv, const pmf_qual_t *qual) 920 { 921 return true; 922 } 923 924 static int 925 iwn_nic_lock(struct iwn_softc *sc) 926 { 927 int ntries; 928 929 /* Request exclusive access to NIC. */ 930 IWN_SETBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_MAC_ACCESS_REQ); 931 932 /* Spin until we actually get the lock. */ 933 for (ntries = 0; ntries < 1000; ntries++) { 934 if ((IWN_READ(sc, IWN_GP_CNTRL) & 935 (IWN_GP_CNTRL_MAC_ACCESS_ENA | IWN_GP_CNTRL_SLEEP)) == 936 IWN_GP_CNTRL_MAC_ACCESS_ENA) 937 return 0; 938 DELAY(10); 939 } 940 return ETIMEDOUT; 941 } 942 943 static __inline void 944 iwn_nic_unlock(struct iwn_softc *sc) 945 { 946 IWN_CLRBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_MAC_ACCESS_REQ); 947 } 948 949 static __inline uint32_t 950 iwn_prph_read(struct iwn_softc *sc, uint32_t addr) 951 { 952 IWN_WRITE(sc, IWN_PRPH_RADDR, IWN_PRPH_DWORD | addr); 953 IWN_BARRIER_READ_WRITE(sc); 954 return IWN_READ(sc, IWN_PRPH_RDATA); 955 } 956 957 static __inline void 958 iwn_prph_write(struct iwn_softc *sc, uint32_t addr, uint32_t data) 959 { 960 IWN_WRITE(sc, IWN_PRPH_WADDR, IWN_PRPH_DWORD | addr); 961 IWN_BARRIER_WRITE(sc); 962 IWN_WRITE(sc, IWN_PRPH_WDATA, data); 963 } 964 965 static __inline void 966 iwn_prph_setbits(struct iwn_softc *sc, uint32_t addr, uint32_t mask) 967 { 968 iwn_prph_write(sc, addr, iwn_prph_read(sc, addr) | mask); 969 } 970 971 static __inline void 972 iwn_prph_clrbits(struct iwn_softc *sc, uint32_t addr, uint32_t mask) 973 { 974 iwn_prph_write(sc, addr, iwn_prph_read(sc, addr) & ~mask); 975 } 976 977 static __inline void 978 iwn_prph_write_region_4(struct iwn_softc *sc, uint32_t addr, 979 const uint32_t *data, int count) 980 { 981 for (; count > 0; count--, data++, addr += 4) 982 iwn_prph_write(sc, addr, *data); 983 } 984 985 static __inline uint32_t 986 iwn_mem_read(struct iwn_softc *sc, uint32_t addr) 987 { 988 IWN_WRITE(sc, IWN_MEM_RADDR, addr); 989 IWN_BARRIER_READ_WRITE(sc); 990 return IWN_READ(sc, IWN_MEM_RDATA); 991 } 992 993 static __inline void 994 iwn_mem_write(struct iwn_softc *sc, uint32_t addr, uint32_t data) 995 { 996 IWN_WRITE(sc, IWN_MEM_WADDR, addr); 997 IWN_BARRIER_WRITE(sc); 998 IWN_WRITE(sc, IWN_MEM_WDATA, data); 999 } 1000 1001 #ifndef IEEE80211_NO_HT 1002 static __inline void 1003 iwn_mem_write_2(struct iwn_softc *sc, uint32_t addr, uint16_t data) 1004 { 1005 uint32_t tmp; 1006 1007 tmp = iwn_mem_read(sc, addr & ~3); 1008 if (addr & 3) 1009 tmp = (tmp & 0x0000ffff) | data << 16; 1010 else 1011 tmp = (tmp & 0xffff0000) | data; 1012 iwn_mem_write(sc, addr & ~3, tmp); 1013 } 1014 #endif 1015 1016 static __inline void 1017 iwn_mem_read_region_4(struct iwn_softc *sc, uint32_t addr, uint32_t *data, 1018 int count) 1019 { 1020 for (; count > 0; count--, addr += 4) 1021 *data++ = iwn_mem_read(sc, addr); 1022 } 1023 1024 static __inline void 1025 iwn_mem_set_region_4(struct iwn_softc *sc, uint32_t addr, uint32_t val, 1026 int count) 1027 { 1028 for (; count > 0; count--, addr += 4) 1029 iwn_mem_write(sc, addr, val); 1030 } 1031 1032 static int 1033 iwn_eeprom_lock(struct iwn_softc *sc) 1034 { 1035 int i, ntries; 1036 1037 for (i = 0; i < 100; i++) { 1038 /* Request exclusive access to EEPROM. */ 1039 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 1040 IWN_HW_IF_CONFIG_EEPROM_LOCKED); 1041 1042 /* Spin until we actually get the lock. */ 1043 for (ntries = 0; ntries < 100; ntries++) { 1044 if (IWN_READ(sc, IWN_HW_IF_CONFIG) & 1045 IWN_HW_IF_CONFIG_EEPROM_LOCKED) 1046 return 0; 1047 DELAY(10); 1048 } 1049 } 1050 return ETIMEDOUT; 1051 } 1052 1053 static __inline void 1054 iwn_eeprom_unlock(struct iwn_softc *sc) 1055 { 1056 IWN_CLRBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_EEPROM_LOCKED); 1057 } 1058 1059 /* 1060 * Initialize access by host to One Time Programmable ROM. 1061 * NB: This kind of ROM can be found on 1000 or 6000 Series only. 1062 */ 1063 static int 1064 iwn_init_otprom(struct iwn_softc *sc) 1065 { 1066 uint16_t prev = 0, base, next; 1067 int count, error; 1068 1069 /* Wait for clock stabilization before accessing prph. */ 1070 if ((error = iwn_clock_wait(sc)) != 0) 1071 return error; 1072 1073 if ((error = iwn_nic_lock(sc)) != 0) 1074 return error; 1075 iwn_prph_setbits(sc, IWN_APMG_PS, IWN_APMG_PS_RESET_REQ); 1076 DELAY(5); 1077 iwn_prph_clrbits(sc, IWN_APMG_PS, IWN_APMG_PS_RESET_REQ); 1078 iwn_nic_unlock(sc); 1079 1080 /* Set auto clock gate disable bit for HW with OTP shadow RAM. */ 1081 if (sc->hw_type != IWN_HW_REV_TYPE_1000) { 1082 IWN_SETBITS(sc, IWN_DBG_LINK_PWR_MGMT, 1083 IWN_RESET_LINK_PWR_MGMT_DIS); 1084 } 1085 IWN_CLRBITS(sc, IWN_EEPROM_GP, IWN_EEPROM_GP_IF_OWNER); 1086 /* Clear ECC status. */ 1087 IWN_SETBITS(sc, IWN_OTP_GP, 1088 IWN_OTP_GP_ECC_CORR_STTS | IWN_OTP_GP_ECC_UNCORR_STTS); 1089 1090 /* 1091 * Find the block before last block (contains the EEPROM image) 1092 * for HW without OTP shadow RAM. 1093 */ 1094 if (sc->hw_type == IWN_HW_REV_TYPE_1000) { 1095 /* Switch to absolute addressing mode. */ 1096 IWN_CLRBITS(sc, IWN_OTP_GP, IWN_OTP_GP_RELATIVE_ACCESS); 1097 base = 0; 1098 for (count = 0; count < IWN1000_OTP_NBLOCKS; count++) { 1099 error = iwn_read_prom_data(sc, base, &next, 2); 1100 if (error != 0) 1101 return error; 1102 if (next == 0) /* End of linked-list. */ 1103 break; 1104 prev = base; 1105 base = le16toh(next); 1106 } 1107 if (count == 0 || count == IWN1000_OTP_NBLOCKS) 1108 return EIO; 1109 /* Skip "next" word. */ 1110 sc->prom_base = prev + 1; 1111 } 1112 return 0; 1113 } 1114 1115 static int 1116 iwn_read_prom_data(struct iwn_softc *sc, uint32_t addr, void *data, int count) 1117 { 1118 uint8_t *out = data; 1119 uint32_t val, tmp; 1120 int ntries; 1121 1122 addr += sc->prom_base; 1123 for (; count > 0; count -= 2, addr++) { 1124 IWN_WRITE(sc, IWN_EEPROM, addr << 2); 1125 for (ntries = 0; ntries < 10; ntries++) { 1126 val = IWN_READ(sc, IWN_EEPROM); 1127 if (val & IWN_EEPROM_READ_VALID) 1128 break; 1129 DELAY(5); 1130 } 1131 if (ntries == 10) { 1132 aprint_error_dev(sc->sc_dev, 1133 "timeout reading ROM at 0x%x\n", addr); 1134 return ETIMEDOUT; 1135 } 1136 if (sc->sc_flags & IWN_FLAG_HAS_OTPROM) { 1137 /* OTPROM, check for ECC errors. */ 1138 tmp = IWN_READ(sc, IWN_OTP_GP); 1139 if (tmp & IWN_OTP_GP_ECC_UNCORR_STTS) { 1140 aprint_error_dev(sc->sc_dev, 1141 "OTPROM ECC error at 0x%x\n", addr); 1142 return EIO; 1143 } 1144 if (tmp & IWN_OTP_GP_ECC_CORR_STTS) { 1145 /* Correctable ECC error, clear bit. */ 1146 IWN_SETBITS(sc, IWN_OTP_GP, 1147 IWN_OTP_GP_ECC_CORR_STTS); 1148 } 1149 } 1150 *out++ = val >> 16; 1151 if (count > 1) 1152 *out++ = val >> 24; 1153 } 1154 return 0; 1155 } 1156 1157 static int 1158 iwn_dma_contig_alloc(bus_dma_tag_t tag, struct iwn_dma_info *dma, void **kvap, 1159 bus_size_t size, bus_size_t alignment) 1160 { 1161 int nsegs, error; 1162 1163 dma->tag = tag; 1164 dma->size = size; 1165 1166 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 1167 &dma->map); 1168 if (error != 0) 1169 goto fail; 1170 1171 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 1172 BUS_DMA_NOWAIT); /* XXX OpenBSD adds BUS_DMA_ZERO */ 1173 if (error != 0) 1174 goto fail; 1175 1176 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 1177 BUS_DMA_NOWAIT); /* XXX OpenBSD adds BUS_DMA_COHERENT */ 1178 if (error != 0) 1179 goto fail; 1180 1181 error = bus_dmamap_load(tag, dma->map, dma->vaddr, size, NULL, 1182 BUS_DMA_NOWAIT); 1183 if (error != 0) 1184 goto fail; 1185 1186 /* XXX Presumably needed because of missing BUS_DMA_ZERO, above. */ 1187 memset(dma->vaddr, 0, size); 1188 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 1189 1190 dma->paddr = dma->map->dm_segs[0].ds_addr; 1191 if (kvap != NULL) 1192 *kvap = dma->vaddr; 1193 1194 return 0; 1195 1196 fail: iwn_dma_contig_free(dma); 1197 return error; 1198 } 1199 1200 static void 1201 iwn_dma_contig_free(struct iwn_dma_info *dma) 1202 { 1203 if (dma->map != NULL) { 1204 if (dma->vaddr != NULL) { 1205 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 1206 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 1207 bus_dmamap_unload(dma->tag, dma->map); 1208 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 1209 bus_dmamem_free(dma->tag, &dma->seg, 1); 1210 dma->vaddr = NULL; 1211 } 1212 bus_dmamap_destroy(dma->tag, dma->map); 1213 dma->map = NULL; 1214 } 1215 } 1216 1217 static int 1218 iwn_alloc_sched(struct iwn_softc *sc) 1219 { 1220 /* TX scheduler rings must be aligned on a 1KB boundary. */ 1221 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 1222 (void **)&sc->sched, sc->schedsz, 1024); 1223 } 1224 1225 static void 1226 iwn_free_sched(struct iwn_softc *sc) 1227 { 1228 iwn_dma_contig_free(&sc->sched_dma); 1229 } 1230 1231 static int 1232 iwn_alloc_kw(struct iwn_softc *sc) 1233 { 1234 /* "Keep Warm" page must be aligned on a 4KB boundary. */ 1235 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, NULL, 4096, 1236 4096); 1237 } 1238 1239 static void 1240 iwn_free_kw(struct iwn_softc *sc) 1241 { 1242 iwn_dma_contig_free(&sc->kw_dma); 1243 } 1244 1245 static int 1246 iwn_alloc_ict(struct iwn_softc *sc) 1247 { 1248 /* ICT table must be aligned on a 4KB boundary. */ 1249 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 1250 (void **)&sc->ict, IWN_ICT_SIZE, 4096); 1251 } 1252 1253 static void 1254 iwn_free_ict(struct iwn_softc *sc) 1255 { 1256 iwn_dma_contig_free(&sc->ict_dma); 1257 } 1258 1259 static int 1260 iwn_alloc_fwmem(struct iwn_softc *sc) 1261 { 1262 /* Must be aligned on a 16-byte boundary. */ 1263 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 1264 sc->fwsz, 16); 1265 } 1266 1267 static void 1268 iwn_free_fwmem(struct iwn_softc *sc) 1269 { 1270 iwn_dma_contig_free(&sc->fw_dma); 1271 } 1272 1273 static int 1274 iwn_alloc_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 1275 { 1276 bus_size_t size; 1277 int i, error; 1278 1279 ring->cur = 0; 1280 1281 /* Allocate RX descriptors (256-byte aligned). */ 1282 size = IWN_RX_RING_COUNT * sizeof (uint32_t); 1283 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 1284 (void **)&ring->desc, size, 256); 1285 if (error != 0) { 1286 aprint_error_dev(sc->sc_dev, 1287 "could not allocate RX ring DMA memory\n"); 1288 goto fail; 1289 } 1290 1291 /* Allocate RX status area (16-byte aligned). */ 1292 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 1293 (void **)&ring->stat, sizeof (struct iwn_rx_status), 16); 1294 if (error != 0) { 1295 aprint_error_dev(sc->sc_dev, 1296 "could not allocate RX status DMA memory\n"); 1297 goto fail; 1298 } 1299 1300 /* 1301 * Allocate and map RX buffers. 1302 */ 1303 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 1304 struct iwn_rx_data *data = &ring->data[i]; 1305 1306 error = bus_dmamap_create(sc->sc_dmat, IWN_RBUF_SIZE, 1, 1307 IWN_RBUF_SIZE, 0, BUS_DMA_NOWAIT | BUS_DMA_ALLOCNOW, 1308 &data->map); 1309 if (error != 0) { 1310 aprint_error_dev(sc->sc_dev, 1311 "could not create RX buf DMA map\n"); 1312 goto fail; 1313 } 1314 1315 data->m = MCLGETIalt(sc, M_DONTWAIT, NULL, IWN_RBUF_SIZE); 1316 if (data->m == NULL) { 1317 aprint_error_dev(sc->sc_dev, 1318 "could not allocate RX mbuf\n"); 1319 error = ENOBUFS; 1320 goto fail; 1321 } 1322 1323 error = bus_dmamap_load(sc->sc_dmat, data->map, 1324 mtod(data->m, void *), IWN_RBUF_SIZE, NULL, 1325 BUS_DMA_NOWAIT | BUS_DMA_READ); 1326 if (error != 0) { 1327 aprint_error_dev(sc->sc_dev, 1328 "can't not map mbuf (error %d)\n", error); 1329 goto fail; 1330 } 1331 1332 /* Set physical address of RX buffer (256-byte aligned). */ 1333 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr >> 8); 1334 } 1335 1336 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 1337 BUS_DMASYNC_PREWRITE); 1338 1339 return 0; 1340 1341 fail: iwn_free_rx_ring(sc, ring); 1342 return error; 1343 } 1344 1345 static void 1346 iwn_reset_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 1347 { 1348 int ntries; 1349 1350 if (iwn_nic_lock(sc) == 0) { 1351 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 0); 1352 for (ntries = 0; ntries < 1000; ntries++) { 1353 if (IWN_READ(sc, IWN_FH_RX_STATUS) & 1354 IWN_FH_RX_STATUS_IDLE) 1355 break; 1356 DELAY(10); 1357 } 1358 iwn_nic_unlock(sc); 1359 } 1360 ring->cur = 0; 1361 sc->last_rx_valid = 0; 1362 } 1363 1364 static void 1365 iwn_free_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 1366 { 1367 int i; 1368 1369 iwn_dma_contig_free(&ring->desc_dma); 1370 iwn_dma_contig_free(&ring->stat_dma); 1371 1372 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 1373 struct iwn_rx_data *data = &ring->data[i]; 1374 1375 if (data->m != NULL) { 1376 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1377 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 1378 bus_dmamap_unload(sc->sc_dmat, data->map); 1379 m_freem(data->m); 1380 } 1381 if (data->map != NULL) 1382 bus_dmamap_destroy(sc->sc_dmat, data->map); 1383 } 1384 } 1385 1386 static int 1387 iwn_alloc_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring, int qid) 1388 { 1389 bus_addr_t paddr; 1390 bus_size_t size; 1391 int i, error; 1392 1393 ring->qid = qid; 1394 ring->queued = 0; 1395 ring->cur = 0; 1396 1397 /* Allocate TX descriptors (256-byte aligned). */ 1398 size = IWN_TX_RING_COUNT * sizeof (struct iwn_tx_desc); 1399 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 1400 (void **)&ring->desc, size, 256); 1401 if (error != 0) { 1402 aprint_error_dev(sc->sc_dev, 1403 "could not allocate TX ring DMA memory\n"); 1404 goto fail; 1405 } 1406 /* 1407 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1408 * to allocate commands space for other rings. 1409 * XXX Do we really need to allocate descriptors for other rings? 1410 */ 1411 if (qid > 4) 1412 return 0; 1413 1414 size = IWN_TX_RING_COUNT * sizeof (struct iwn_tx_cmd); 1415 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 1416 (void **)&ring->cmd, size, 4); 1417 if (error != 0) { 1418 aprint_error_dev(sc->sc_dev, 1419 "could not allocate TX cmd DMA memory\n"); 1420 goto fail; 1421 } 1422 1423 paddr = ring->cmd_dma.paddr; 1424 for (i = 0; i < IWN_TX_RING_COUNT; i++) { 1425 struct iwn_tx_data *data = &ring->data[i]; 1426 1427 data->cmd_paddr = paddr; 1428 data->scratch_paddr = paddr + 12; 1429 paddr += sizeof (struct iwn_tx_cmd); 1430 1431 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1432 IWN_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 1433 &data->map); 1434 if (error != 0) { 1435 aprint_error_dev(sc->sc_dev, 1436 "could not create TX buf DMA map\n"); 1437 goto fail; 1438 } 1439 } 1440 return 0; 1441 1442 fail: iwn_free_tx_ring(sc, ring); 1443 return error; 1444 } 1445 1446 static void 1447 iwn_reset_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 1448 { 1449 int i; 1450 1451 for (i = 0; i < IWN_TX_RING_COUNT; i++) { 1452 struct iwn_tx_data *data = &ring->data[i]; 1453 1454 if (data->m != NULL) { 1455 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1456 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1457 bus_dmamap_unload(sc->sc_dmat, data->map); 1458 m_freem(data->m); 1459 data->m = NULL; 1460 } 1461 } 1462 /* Clear TX descriptors. */ 1463 memset(ring->desc, 0, ring->desc_dma.size); 1464 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, 1465 ring->desc_dma.size, BUS_DMASYNC_PREWRITE); 1466 sc->qfullmsk &= ~(1 << ring->qid); 1467 ring->queued = 0; 1468 ring->cur = 0; 1469 } 1470 1471 static void 1472 iwn_free_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 1473 { 1474 int i; 1475 1476 iwn_dma_contig_free(&ring->desc_dma); 1477 iwn_dma_contig_free(&ring->cmd_dma); 1478 1479 for (i = 0; i < IWN_TX_RING_COUNT; i++) { 1480 struct iwn_tx_data *data = &ring->data[i]; 1481 1482 if (data->m != NULL) { 1483 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1484 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1485 bus_dmamap_unload(sc->sc_dmat, data->map); 1486 m_freem(data->m); 1487 } 1488 if (data->map != NULL) 1489 bus_dmamap_destroy(sc->sc_dmat, data->map); 1490 } 1491 } 1492 1493 static void 1494 iwn5000_ict_reset(struct iwn_softc *sc) 1495 { 1496 /* Disable interrupts. */ 1497 IWN_WRITE(sc, IWN_INT_MASK, 0); 1498 1499 /* Reset ICT table. */ 1500 memset(sc->ict, 0, IWN_ICT_SIZE); 1501 bus_dmamap_sync(sc->sc_dmat, sc->ict_dma.map, 0, IWN_ICT_SIZE, 1502 BUS_DMASYNC_PREWRITE); 1503 sc->ict_cur = 0; 1504 1505 /* Set physical address of ICT table (4KB aligned). */ 1506 DPRINTF(("enabling ICT\n")); 1507 IWN_WRITE(sc, IWN_DRAM_INT_TBL, IWN_DRAM_INT_TBL_ENABLE | 1508 IWN_DRAM_INT_TBL_WRAP_CHECK | sc->ict_dma.paddr >> 12); 1509 1510 /* Enable periodic RX interrupt. */ 1511 sc->int_mask |= IWN_INT_RX_PERIODIC; 1512 /* Switch to ICT interrupt mode in driver. */ 1513 sc->sc_flags |= IWN_FLAG_USE_ICT; 1514 1515 /* Re-enable interrupts. */ 1516 IWN_WRITE(sc, IWN_INT, 0xffffffff); 1517 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask); 1518 } 1519 1520 static int 1521 iwn_read_eeprom(struct iwn_softc *sc) 1522 { 1523 struct iwn_ops *ops = &sc->ops; 1524 struct ieee80211com *ic = &sc->sc_ic; 1525 uint16_t val; 1526 int error; 1527 1528 /* Check whether adapter has an EEPROM or an OTPROM. */ 1529 if (sc->hw_type >= IWN_HW_REV_TYPE_1000 && 1530 (IWN_READ(sc, IWN_OTP_GP) & IWN_OTP_GP_DEV_SEL_OTP)) 1531 sc->sc_flags |= IWN_FLAG_HAS_OTPROM; 1532 DPRINTF(("%s found\n", (sc->sc_flags & IWN_FLAG_HAS_OTPROM) ? 1533 "OTPROM" : "EEPROM")); 1534 1535 /* Adapter has to be powered on for EEPROM access to work. */ 1536 if ((error = iwn_apm_init(sc)) != 0) { 1537 aprint_error_dev(sc->sc_dev, 1538 "could not power ON adapter\n"); 1539 return error; 1540 } 1541 1542 if ((IWN_READ(sc, IWN_EEPROM_GP) & 0x7) == 0) { 1543 aprint_error_dev(sc->sc_dev, 1544 "bad ROM signature\n"); 1545 return EIO; 1546 } 1547 if ((error = iwn_eeprom_lock(sc)) != 0) { 1548 aprint_error_dev(sc->sc_dev, 1549 "could not lock ROM (error=%d)\n", error); 1550 return error; 1551 } 1552 if (sc->sc_flags & IWN_FLAG_HAS_OTPROM) { 1553 if ((error = iwn_init_otprom(sc)) != 0) { 1554 aprint_error_dev(sc->sc_dev, 1555 "could not initialize OTPROM\n"); 1556 return error; 1557 } 1558 } 1559 1560 iwn_read_prom_data(sc, IWN_EEPROM_SKU_CAP, &val, 2); 1561 DPRINTF(("SKU capabilities=0x%04x\n", le16toh(val))); 1562 /* Check if HT support is bonded out. */ 1563 if (val & htole16(IWN_EEPROM_SKU_CAP_11N)) 1564 sc->sc_flags |= IWN_FLAG_HAS_11N; 1565 1566 iwn_read_prom_data(sc, IWN_EEPROM_RFCFG, &val, 2); 1567 sc->rfcfg = le16toh(val); 1568 DPRINTF(("radio config=0x%04x\n", sc->rfcfg)); 1569 /* Read Tx/Rx chains from ROM unless it's known to be broken. */ 1570 if (sc->txchainmask == 0) 1571 sc->txchainmask = IWN_RFCFG_TXANTMSK(sc->rfcfg); 1572 if (sc->rxchainmask == 0) 1573 sc->rxchainmask = IWN_RFCFG_RXANTMSK(sc->rfcfg); 1574 1575 /* Read MAC address. */ 1576 iwn_read_prom_data(sc, IWN_EEPROM_MAC, ic->ic_myaddr, 6); 1577 1578 /* Read adapter-specific information from EEPROM. */ 1579 ops->read_eeprom(sc); 1580 1581 iwn_apm_stop(sc); /* Power OFF adapter. */ 1582 1583 iwn_eeprom_unlock(sc); 1584 return 0; 1585 } 1586 1587 static void 1588 iwn4965_read_eeprom(struct iwn_softc *sc) 1589 { 1590 uint32_t addr; 1591 uint16_t val; 1592 int i; 1593 1594 /* Read regulatory domain (4 ASCII characters). */ 1595 iwn_read_prom_data(sc, IWN4965_EEPROM_DOMAIN, sc->eeprom_domain, 4); 1596 1597 /* Read the list of authorized channels (20MHz ones only). */ 1598 for (i = 0; i < 5; i++) { 1599 addr = iwn4965_regulatory_bands[i]; 1600 iwn_read_eeprom_channels(sc, i, addr); 1601 } 1602 1603 /* Read maximum allowed TX power for 2GHz and 5GHz bands. */ 1604 iwn_read_prom_data(sc, IWN4965_EEPROM_MAXPOW, &val, 2); 1605 sc->maxpwr2GHz = val & 0xff; 1606 sc->maxpwr5GHz = val >> 8; 1607 /* Check that EEPROM values are within valid range. */ 1608 if (sc->maxpwr5GHz < 20 || sc->maxpwr5GHz > 50) 1609 sc->maxpwr5GHz = 38; 1610 if (sc->maxpwr2GHz < 20 || sc->maxpwr2GHz > 50) 1611 sc->maxpwr2GHz = 38; 1612 DPRINTF(("maxpwr 2GHz=%d 5GHz=%d\n", sc->maxpwr2GHz, sc->maxpwr5GHz)); 1613 1614 /* Read samples for each TX power group. */ 1615 iwn_read_prom_data(sc, IWN4965_EEPROM_BANDS, sc->bands, 1616 sizeof sc->bands); 1617 1618 /* Read voltage at which samples were taken. */ 1619 iwn_read_prom_data(sc, IWN4965_EEPROM_VOLTAGE, &val, 2); 1620 sc->eeprom_voltage = (int16_t)le16toh(val); 1621 DPRINTF(("voltage=%d (in 0.3V)\n", sc->eeprom_voltage)); 1622 1623 #ifdef IWN_DEBUG 1624 /* Print samples. */ 1625 if (iwn_debug > 0) { 1626 for (i = 0; i < IWN_NBANDS; i++) 1627 iwn4965_print_power_group(sc, i); 1628 } 1629 #endif 1630 } 1631 1632 #ifdef IWN_DEBUG 1633 static void 1634 iwn4965_print_power_group(struct iwn_softc *sc, int i) 1635 { 1636 struct iwn4965_eeprom_band *band = &sc->bands[i]; 1637 struct iwn4965_eeprom_chan_samples *chans = band->chans; 1638 int j, c; 1639 1640 aprint_normal("===band %d===\n", i); 1641 aprint_normal("chan lo=%d, chan hi=%d\n", band->lo, band->hi); 1642 aprint_normal("chan1 num=%d\n", chans[0].num); 1643 for (c = 0; c < 2; c++) { 1644 for (j = 0; j < IWN_NSAMPLES; j++) { 1645 aprint_normal("chain %d, sample %d: temp=%d gain=%d " 1646 "power=%d pa_det=%d\n", c, j, 1647 chans[0].samples[c][j].temp, 1648 chans[0].samples[c][j].gain, 1649 chans[0].samples[c][j].power, 1650 chans[0].samples[c][j].pa_det); 1651 } 1652 } 1653 aprint_normal("chan2 num=%d\n", chans[1].num); 1654 for (c = 0; c < 2; c++) { 1655 for (j = 0; j < IWN_NSAMPLES; j++) { 1656 aprint_normal("chain %d, sample %d: temp=%d gain=%d " 1657 "power=%d pa_det=%d\n", c, j, 1658 chans[1].samples[c][j].temp, 1659 chans[1].samples[c][j].gain, 1660 chans[1].samples[c][j].power, 1661 chans[1].samples[c][j].pa_det); 1662 } 1663 } 1664 } 1665 #endif 1666 1667 static void 1668 iwn5000_read_eeprom(struct iwn_softc *sc) 1669 { 1670 struct iwn5000_eeprom_calib_hdr hdr; 1671 int32_t volt; 1672 uint32_t base, addr; 1673 uint16_t val; 1674 int i; 1675 1676 /* Read regulatory domain (4 ASCII characters). */ 1677 iwn_read_prom_data(sc, IWN5000_EEPROM_REG, &val, 2); 1678 base = le16toh(val); 1679 iwn_read_prom_data(sc, base + IWN5000_EEPROM_DOMAIN, 1680 sc->eeprom_domain, 4); 1681 1682 /* Read the list of authorized channels (20MHz ones only). */ 1683 for (i = 0; i < 5; i++) { 1684 addr = base + iwn5000_regulatory_bands[i]; 1685 iwn_read_eeprom_channels(sc, i, addr); 1686 } 1687 1688 /* Read enhanced TX power information for 6000 Series. */ 1689 if (sc->hw_type >= IWN_HW_REV_TYPE_6000) 1690 iwn_read_eeprom_enhinfo(sc); 1691 1692 iwn_read_prom_data(sc, IWN5000_EEPROM_CAL, &val, 2); 1693 base = le16toh(val); 1694 iwn_read_prom_data(sc, base, &hdr, sizeof hdr); 1695 DPRINTF(("calib version=%u pa type=%u voltage=%u\n", 1696 hdr.version, hdr.pa_type, le16toh(hdr.volt))); 1697 sc->calib_ver = hdr.version; 1698 1699 if (sc->hw_type == IWN_HW_REV_TYPE_2030 || 1700 sc->hw_type == IWN_HW_REV_TYPE_2000 || 1701 sc->hw_type == IWN_HW_REV_TYPE_135 || 1702 sc->hw_type == IWN_HW_REV_TYPE_105) { 1703 sc->eeprom_voltage = le16toh(hdr.volt); 1704 iwn_read_prom_data(sc, base + IWN5000_EEPROM_TEMP, &val, 2); 1705 sc->eeprom_temp = le16toh(val); 1706 iwn_read_prom_data(sc, base + IWN2000_EEPROM_RAWTEMP, &val, 2); 1707 sc->eeprom_rawtemp = le16toh(val); 1708 } 1709 1710 if (sc->hw_type == IWN_HW_REV_TYPE_5150) { 1711 /* Compute temperature offset. */ 1712 iwn_read_prom_data(sc, base + IWN5000_EEPROM_TEMP, &val, 2); 1713 sc->eeprom_temp = le16toh(val); 1714 iwn_read_prom_data(sc, base + IWN5000_EEPROM_VOLT, &val, 2); 1715 volt = le16toh(val); 1716 sc->temp_off = sc->eeprom_temp - (volt / -5); 1717 DPRINTF(("temp=%d volt=%d offset=%dK\n", 1718 sc->eeprom_temp, volt, sc->temp_off)); 1719 } else { 1720 /* Read crystal calibration. */ 1721 iwn_read_prom_data(sc, base + IWN5000_EEPROM_CRYSTAL, 1722 &sc->eeprom_crystal, sizeof (uint32_t)); 1723 DPRINTF(("crystal calibration 0x%08x\n", 1724 le32toh(sc->eeprom_crystal))); 1725 } 1726 } 1727 1728 static void 1729 iwn_read_eeprom_channels(struct iwn_softc *sc, int n, uint32_t addr) 1730 { 1731 struct ieee80211com *ic = &sc->sc_ic; 1732 const struct iwn_chan_band *band = &iwn_bands[n]; 1733 struct iwn_eeprom_chan channels[IWN_MAX_CHAN_PER_BAND]; 1734 uint8_t chan; 1735 int i; 1736 1737 iwn_read_prom_data(sc, addr, channels, 1738 band->nchan * sizeof (struct iwn_eeprom_chan)); 1739 1740 for (i = 0; i < band->nchan; i++) { 1741 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) 1742 continue; 1743 1744 chan = band->chan[i]; 1745 1746 if (n == 0) { /* 2GHz band */ 1747 ic->ic_channels[chan].ic_freq = 1748 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 1749 ic->ic_channels[chan].ic_flags = 1750 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 1751 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 1752 1753 } else { /* 5GHz band */ 1754 /* 1755 * Some adapters support channels 7, 8, 11 and 12 1756 * both in the 2GHz and 4.9GHz bands. 1757 * Because of limitations in our net80211 layer, 1758 * we don't support them in the 4.9GHz band. 1759 */ 1760 if (chan <= 14) 1761 continue; 1762 1763 ic->ic_channels[chan].ic_freq = 1764 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 1765 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 1766 /* We have at least one valid 5GHz channel. */ 1767 sc->sc_flags |= IWN_FLAG_HAS_5GHZ; 1768 } 1769 1770 /* Is active scan allowed on this channel? */ 1771 if (!(channels[i].flags & IWN_EEPROM_CHAN_ACTIVE)) { 1772 ic->ic_channels[chan].ic_flags |= 1773 IEEE80211_CHAN_PASSIVE; 1774 } 1775 1776 /* Save maximum allowed TX power for this channel. */ 1777 sc->maxpwr[chan] = channels[i].maxpwr; 1778 1779 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 1780 chan, channels[i].flags, sc->maxpwr[chan])); 1781 } 1782 } 1783 1784 static void 1785 iwn_read_eeprom_enhinfo(struct iwn_softc *sc) 1786 { 1787 struct iwn_eeprom_enhinfo enhinfo[35]; 1788 uint16_t val, base; 1789 int8_t maxpwr; 1790 uint8_t flags; 1791 int i; 1792 1793 iwn_read_prom_data(sc, IWN5000_EEPROM_REG, &val, 2); 1794 base = le16toh(val); 1795 iwn_read_prom_data(sc, base + IWN6000_EEPROM_ENHINFO, 1796 enhinfo, sizeof enhinfo); 1797 1798 memset(sc->enh_maxpwr, 0, sizeof sc->enh_maxpwr); 1799 for (i = 0; i < __arraycount(enhinfo); i++) { 1800 flags = enhinfo[i].flags; 1801 if (!(flags & IWN_ENHINFO_VALID)) 1802 continue; /* Skip invalid entries. */ 1803 1804 maxpwr = 0; 1805 if (sc->txchainmask & IWN_ANT_A) 1806 maxpwr = MAX(maxpwr, enhinfo[i].chain[0]); 1807 if (sc->txchainmask & IWN_ANT_B) 1808 maxpwr = MAX(maxpwr, enhinfo[i].chain[1]); 1809 if (sc->txchainmask & IWN_ANT_C) 1810 maxpwr = MAX(maxpwr, enhinfo[i].chain[2]); 1811 if (sc->ntxchains == 2) 1812 maxpwr = MAX(maxpwr, enhinfo[i].mimo2); 1813 else if (sc->ntxchains == 3) 1814 maxpwr = MAX(maxpwr, enhinfo[i].mimo3); 1815 maxpwr /= 2; /* Convert half-dBm to dBm. */ 1816 1817 DPRINTF(("enhinfo %d, maxpwr=%d\n", i, maxpwr)); 1818 sc->enh_maxpwr[i] = maxpwr; 1819 } 1820 } 1821 1822 static struct ieee80211_node * 1823 iwn_node_alloc(struct ieee80211_node_table *ic __unused) 1824 { 1825 return malloc(sizeof (struct iwn_node), M_80211_NODE, M_NOWAIT | M_ZERO); 1826 } 1827 1828 static void 1829 iwn_newassoc(struct ieee80211_node *ni, int isnew) 1830 { 1831 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc; 1832 struct iwn_node *wn = (void *)ni; 1833 uint8_t rate; 1834 int ridx, i; 1835 1836 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 1837 /* Start at lowest available bit-rate, AMRR will raise. */ 1838 ni->ni_txrate = 0; 1839 1840 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 1841 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 1842 /* Map 802.11 rate to HW rate index. */ 1843 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) 1844 if (iwn_rates[ridx].rate == rate) 1845 break; 1846 wn->ridx[i] = ridx; 1847 } 1848 } 1849 1850 static int 1851 iwn_media_change(struct ifnet *ifp) 1852 { 1853 struct iwn_softc *sc = ifp->if_softc; 1854 struct ieee80211com *ic = &sc->sc_ic; 1855 uint8_t rate, ridx; 1856 int error; 1857 1858 error = ieee80211_media_change(ifp); 1859 if (error != ENETRESET) 1860 return error; 1861 1862 if (ic->ic_fixed_rate != -1) { 1863 rate = ic->ic_sup_rates[ic->ic_curmode]. 1864 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1865 /* Map 802.11 rate to HW rate index. */ 1866 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) 1867 if (iwn_rates[ridx].rate == rate) 1868 break; 1869 sc->fixed_ridx = ridx; 1870 } 1871 1872 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1873 (IFF_UP | IFF_RUNNING)) { 1874 iwn_stop(ifp, 0); 1875 error = iwn_init(ifp); 1876 } 1877 return error; 1878 } 1879 1880 static int 1881 iwn_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1882 { 1883 struct ifnet *ifp = ic->ic_ifp; 1884 struct iwn_softc *sc = ifp->if_softc; 1885 int error; 1886 1887 callout_stop(&sc->calib_to); 1888 1889 switch (nstate) { 1890 case IEEE80211_S_SCAN: 1891 /* XXX Do not abort a running scan. */ 1892 if (sc->sc_flags & IWN_FLAG_SCANNING) { 1893 if (ic->ic_state != nstate) 1894 aprint_debug_dev(sc->sc_dev, "scan request(%d) " 1895 "while scanning(%d) ignored\n", nstate, 1896 ic->ic_state); 1897 break; 1898 } 1899 1900 /* XXX Not sure if call and flags are needed. */ 1901 ieee80211_node_table_reset(&ic->ic_scan); 1902 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1903 sc->sc_flags |= IWN_FLAG_SCANNING_2GHZ; 1904 1905 /* Make the link LED blink while we're scanning. */ 1906 iwn_set_led(sc, IWN_LED_LINK, 10, 10); 1907 1908 if ((error = iwn_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1909 aprint_error_dev(sc->sc_dev, 1910 "could not initiate scan\n"); 1911 return error; 1912 } 1913 ic->ic_state = nstate; 1914 return 0; 1915 1916 case IEEE80211_S_ASSOC: 1917 if (ic->ic_state != IEEE80211_S_RUN) 1918 break; 1919 /* FALLTHROUGH */ 1920 case IEEE80211_S_AUTH: 1921 /* Reset state to handle reassociations correctly. */ 1922 sc->rxon.associd = 0; 1923 sc->rxon.filter &= ~htole32(IWN_FILTER_BSS); 1924 sc->calib.state = IWN_CALIB_STATE_INIT; 1925 1926 /* Wait until we hear a beacon before we transmit */ 1927 if (IEEE80211_IS_CHAN_PASSIVE(ic->ic_curchan)) 1928 sc->sc_beacon_wait = 1; 1929 1930 if ((error = iwn_auth(sc)) != 0) { 1931 aprint_error_dev(sc->sc_dev, 1932 "could not move to auth state\n"); 1933 return error; 1934 } 1935 break; 1936 1937 case IEEE80211_S_RUN: 1938 /* 1939 * RUN -> RUN transition; Just restart timers. 1940 */ 1941 if (ic->ic_state == IEEE80211_S_RUN) { 1942 sc->calib_cnt = 0; 1943 break; 1944 } 1945 1946 /* Wait until we hear a beacon before we transmit */ 1947 if (IEEE80211_IS_CHAN_PASSIVE(ic->ic_curchan)) 1948 sc->sc_beacon_wait = 1; 1949 1950 if ((error = iwn_run(sc)) != 0) { 1951 aprint_error_dev(sc->sc_dev, 1952 "could not move to run state\n"); 1953 return error; 1954 } 1955 break; 1956 1957 case IEEE80211_S_INIT: 1958 sc->sc_flags &= ~IWN_FLAG_SCANNING; 1959 sc->calib.state = IWN_CALIB_STATE_INIT; 1960 /* 1961 * Purge the xmit queue so we don't have old frames 1962 * during a new association attempt. 1963 */ 1964 sc->sc_beacon_wait = 0; 1965 ifp->if_flags &= ~IFF_OACTIVE; 1966 iwn_start(ifp); 1967 break; 1968 } 1969 1970 return sc->sc_newstate(ic, nstate, arg); 1971 } 1972 1973 static void 1974 iwn_iter_func(void *arg, struct ieee80211_node *ni) 1975 { 1976 struct iwn_softc *sc = arg; 1977 struct iwn_node *wn = (struct iwn_node *)ni; 1978 1979 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1980 } 1981 1982 static void 1983 iwn_calib_timeout(void *arg) 1984 { 1985 struct iwn_softc *sc = arg; 1986 struct ieee80211com *ic = &sc->sc_ic; 1987 int s; 1988 1989 s = splnet(); 1990 if (ic->ic_fixed_rate == -1) { 1991 if (ic->ic_opmode == IEEE80211_M_STA) 1992 iwn_iter_func(sc, ic->ic_bss); 1993 else 1994 ieee80211_iterate_nodes(&ic->ic_sta, iwn_iter_func, sc); 1995 } 1996 /* Force automatic TX power calibration every 60 secs. */ 1997 if (++sc->calib_cnt >= 120) { 1998 uint32_t flags = 0; 1999 2000 DPRINTF(("sending request for statistics\n")); 2001 (void)iwn_cmd(sc, IWN_CMD_GET_STATISTICS, &flags, 2002 sizeof flags, 1); 2003 sc->calib_cnt = 0; 2004 } 2005 splx(s); 2006 2007 /* Automatic rate control triggered every 500ms. */ 2008 callout_schedule(&sc->calib_to, mstohz(500)); 2009 } 2010 2011 /* 2012 * Process an RX_PHY firmware notification. This is usually immediately 2013 * followed by an MPDU_RX_DONE notification. 2014 */ 2015 static void 2016 iwn_rx_phy(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2017 struct iwn_rx_data *data) 2018 { 2019 struct iwn_rx_stat *stat = (struct iwn_rx_stat *)(desc + 1); 2020 2021 DPRINTFN(2, ("received PHY stats\n")); 2022 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2023 sizeof (*stat), BUS_DMASYNC_POSTREAD); 2024 2025 /* Save RX statistics, they will be used on MPDU_RX_DONE. */ 2026 memcpy(&sc->last_rx_stat, stat, sizeof (*stat)); 2027 sc->last_rx_valid = 1; 2028 } 2029 2030 /* 2031 * Process an RX_DONE (4965AGN only) or MPDU_RX_DONE firmware notification. 2032 * Each MPDU_RX_DONE notification must be preceded by an RX_PHY one. 2033 */ 2034 static void 2035 iwn_rx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2036 struct iwn_rx_data *data) 2037 { 2038 struct iwn_ops *ops = &sc->ops; 2039 struct ieee80211com *ic = &sc->sc_ic; 2040 struct ifnet *ifp = ic->ic_ifp; 2041 struct iwn_rx_ring *ring = &sc->rxq; 2042 struct ieee80211_frame *wh; 2043 struct ieee80211_node *ni; 2044 struct mbuf *m, *m1; 2045 struct iwn_rx_stat *stat; 2046 char *head; 2047 uint32_t flags; 2048 int error, len, rssi, s; 2049 2050 if (desc->type == IWN_MPDU_RX_DONE) { 2051 /* Check for prior RX_PHY notification. */ 2052 if (!sc->last_rx_valid) { 2053 DPRINTF(("missing RX_PHY\n")); 2054 return; 2055 } 2056 sc->last_rx_valid = 0; 2057 stat = &sc->last_rx_stat; 2058 } else 2059 stat = (struct iwn_rx_stat *)(desc + 1); 2060 2061 bus_dmamap_sync(sc->sc_dmat, data->map, 0, IWN_RBUF_SIZE, 2062 BUS_DMASYNC_POSTREAD); 2063 2064 if (stat->cfg_phy_len > IWN_STAT_MAXLEN) { 2065 aprint_error_dev(sc->sc_dev, 2066 "invalid RX statistic header\n"); 2067 return; 2068 } 2069 if (desc->type == IWN_MPDU_RX_DONE) { 2070 struct iwn_rx_mpdu *mpdu = (struct iwn_rx_mpdu *)(desc + 1); 2071 head = (char *)(mpdu + 1); 2072 len = le16toh(mpdu->len); 2073 } else { 2074 head = (char *)(stat + 1) + stat->cfg_phy_len; 2075 len = le16toh(stat->len); 2076 } 2077 2078 flags = le32toh(*(uint32_t *)(head + len)); 2079 2080 /* Discard frames with a bad FCS early. */ 2081 if ((flags & IWN_RX_NOERROR) != IWN_RX_NOERROR) { 2082 DPRINTFN(2, ("RX flags error %x\n", flags)); 2083 ifp->if_ierrors++; 2084 return; 2085 } 2086 /* Discard frames that are too short. */ 2087 if (len < sizeof (*wh)) { 2088 DPRINTF(("frame too short: %d\n", len)); 2089 ic->ic_stats.is_rx_tooshort++; 2090 ifp->if_ierrors++; 2091 return; 2092 } 2093 2094 m1 = MCLGETIalt(sc, M_DONTWAIT, NULL, IWN_RBUF_SIZE); 2095 if (m1 == NULL) { 2096 ic->ic_stats.is_rx_nobuf++; 2097 ifp->if_ierrors++; 2098 return; 2099 } 2100 bus_dmamap_unload(sc->sc_dmat, data->map); 2101 2102 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 2103 IWN_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 2104 if (error != 0) { 2105 m_freem(m1); 2106 2107 /* Try to reload the old mbuf. */ 2108 error = bus_dmamap_load(sc->sc_dmat, data->map, 2109 mtod(data->m, void *), IWN_RBUF_SIZE, NULL, 2110 BUS_DMA_NOWAIT | BUS_DMA_READ); 2111 if (error != 0) { 2112 panic("%s: could not load old RX mbuf", 2113 device_xname(sc->sc_dev)); 2114 } 2115 /* Physical address may have changed. */ 2116 ring->desc[ring->cur] = 2117 htole32(data->map->dm_segs[0].ds_addr >> 8); 2118 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2119 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 2120 BUS_DMASYNC_PREWRITE); 2121 ifp->if_ierrors++; 2122 return; 2123 } 2124 2125 m = data->m; 2126 data->m = m1; 2127 /* Update RX descriptor. */ 2128 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr >> 8); 2129 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2130 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 2131 BUS_DMASYNC_PREWRITE); 2132 2133 /* Finalize mbuf. */ 2134 m_set_rcvif(m, ifp); 2135 m->m_data = head; 2136 m->m_pkthdr.len = m->m_len = len; 2137 2138 s = splnet(); 2139 2140 /* Grab a reference to the source node. */ 2141 wh = mtod(m, struct ieee80211_frame *); 2142 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 2143 2144 /* XXX OpenBSD adds decryption here (see also comments in iwn_tx). */ 2145 /* NetBSD does decryption in ieee80211_input. */ 2146 2147 rssi = ops->get_rssi(stat); 2148 2149 /* XXX Added for NetBSD: scans never stop without it */ 2150 if (ic->ic_state == IEEE80211_S_SCAN) 2151 iwn_fix_channel(ic, m, stat); 2152 2153 if (sc->sc_drvbpf != NULL) { 2154 struct iwn_rx_radiotap_header *tap = &sc->sc_rxtap; 2155 2156 tap->wr_flags = 0; 2157 if (stat->flags & htole16(IWN_STAT_FLAG_SHPREAMBLE)) 2158 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2159 tap->wr_chan_freq = 2160 htole16(ic->ic_channels[stat->chan].ic_freq); 2161 tap->wr_chan_flags = 2162 htole16(ic->ic_channels[stat->chan].ic_flags); 2163 tap->wr_dbm_antsignal = (int8_t)rssi; 2164 tap->wr_dbm_antnoise = (int8_t)sc->noise; 2165 tap->wr_tsft = stat->tstamp; 2166 switch (stat->rate) { 2167 /* CCK rates. */ 2168 case 10: tap->wr_rate = 2; break; 2169 case 20: tap->wr_rate = 4; break; 2170 case 55: tap->wr_rate = 11; break; 2171 case 110: tap->wr_rate = 22; break; 2172 /* OFDM rates. */ 2173 case 0xd: tap->wr_rate = 12; break; 2174 case 0xf: tap->wr_rate = 18; break; 2175 case 0x5: tap->wr_rate = 24; break; 2176 case 0x7: tap->wr_rate = 36; break; 2177 case 0x9: tap->wr_rate = 48; break; 2178 case 0xb: tap->wr_rate = 72; break; 2179 case 0x1: tap->wr_rate = 96; break; 2180 case 0x3: tap->wr_rate = 108; break; 2181 /* Unknown rate: should not happen. */ 2182 default: tap->wr_rate = 0; 2183 } 2184 2185 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 2186 } 2187 2188 /* 2189 * If it's a beacon and we're waiting, then do the wakeup. 2190 */ 2191 if (sc->sc_beacon_wait) { 2192 uint8_t type, subtype; 2193 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2194 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2195 /* 2196 * This assumes at this point we've received our own 2197 * beacon. 2198 */ 2199 if (type == IEEE80211_FC0_TYPE_MGT && 2200 subtype == IEEE80211_FC0_SUBTYPE_BEACON) { 2201 sc->sc_beacon_wait = 0; 2202 ifp->if_flags &= ~IFF_OACTIVE; 2203 iwn_start(ifp); 2204 } 2205 } 2206 2207 /* Send the frame to the 802.11 layer. */ 2208 ieee80211_input(ic, m, ni, rssi, 0); 2209 2210 /* Node is no longer needed. */ 2211 ieee80211_free_node(ni); 2212 2213 splx(s); 2214 } 2215 2216 #ifndef IEEE80211_NO_HT 2217 /* Process an incoming Compressed BlockAck. */ 2218 static void 2219 iwn_rx_compressed_ba(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2220 struct iwn_rx_data *data) 2221 { 2222 struct iwn_compressed_ba *ba = (struct iwn_compressed_ba *)(desc + 1); 2223 struct iwn_tx_ring *txq; 2224 2225 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), sizeof (*ba), 2226 BUS_DMASYNC_POSTREAD); 2227 2228 txq = &sc->txq[le16toh(ba->qid)]; 2229 /* XXX TBD */ 2230 } 2231 #endif 2232 2233 /* 2234 * Process a CALIBRATION_RESULT notification sent by the initialization 2235 * firmware on response to a CMD_CALIB_CONFIG command (5000 only). 2236 */ 2237 static void 2238 iwn5000_rx_calib_results(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2239 struct iwn_rx_data *data) 2240 { 2241 struct iwn_phy_calib *calib = (struct iwn_phy_calib *)(desc + 1); 2242 int len, idx = -1; 2243 2244 /* Runtime firmware should not send such a notification. */ 2245 if (sc->sc_flags & IWN_FLAG_CALIB_DONE) 2246 return; 2247 2248 len = (le32toh(desc->len) & 0x3fff) - 4; 2249 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), len, 2250 BUS_DMASYNC_POSTREAD); 2251 2252 switch (calib->code) { 2253 case IWN5000_PHY_CALIB_DC: 2254 if (sc->hw_type == IWN_HW_REV_TYPE_5150 || 2255 sc->hw_type == IWN_HW_REV_TYPE_2030 || 2256 sc->hw_type == IWN_HW_REV_TYPE_2000 || 2257 sc->hw_type == IWN_HW_REV_TYPE_135 || 2258 sc->hw_type == IWN_HW_REV_TYPE_105) 2259 idx = 0; 2260 break; 2261 case IWN5000_PHY_CALIB_LO: 2262 idx = 1; 2263 break; 2264 case IWN5000_PHY_CALIB_TX_IQ: 2265 idx = 2; 2266 break; 2267 case IWN5000_PHY_CALIB_TX_IQ_PERIODIC: 2268 if (sc->hw_type < IWN_HW_REV_TYPE_6000 && 2269 sc->hw_type != IWN_HW_REV_TYPE_5150) 2270 idx = 3; 2271 break; 2272 case IWN5000_PHY_CALIB_BASE_BAND: 2273 idx = 4; 2274 break; 2275 } 2276 if (idx == -1) /* Ignore other results. */ 2277 return; 2278 2279 /* Save calibration result. */ 2280 if (sc->calibcmd[idx].buf != NULL) 2281 free(sc->calibcmd[idx].buf, M_DEVBUF); 2282 sc->calibcmd[idx].buf = malloc(len, M_DEVBUF, M_NOWAIT); 2283 if (sc->calibcmd[idx].buf == NULL) { 2284 DPRINTF(("not enough memory for calibration result %d\n", 2285 calib->code)); 2286 return; 2287 } 2288 DPRINTF(("saving calibration result code=%d len=%d\n", 2289 calib->code, len)); 2290 sc->calibcmd[idx].len = len; 2291 memcpy(sc->calibcmd[idx].buf, calib, len); 2292 } 2293 2294 /* 2295 * Process an RX_STATISTICS or BEACON_STATISTICS firmware notification. 2296 * The latter is sent by the firmware after each received beacon. 2297 */ 2298 static void 2299 iwn_rx_statistics(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2300 struct iwn_rx_data *data) 2301 { 2302 struct iwn_ops *ops = &sc->ops; 2303 struct ieee80211com *ic = &sc->sc_ic; 2304 struct iwn_calib_state *calib = &sc->calib; 2305 struct iwn_stats *stats = (struct iwn_stats *)(desc + 1); 2306 int temp; 2307 2308 /* Ignore statistics received during a scan. */ 2309 if (ic->ic_state != IEEE80211_S_RUN) 2310 return; 2311 2312 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2313 sizeof (*stats), BUS_DMASYNC_POSTREAD); 2314 2315 DPRINTFN(3, ("received statistics (cmd=%d)\n", desc->type)); 2316 sc->calib_cnt = 0; /* Reset TX power calibration timeout. */ 2317 2318 /* Test if temperature has changed. */ 2319 if (stats->general.temp != sc->rawtemp) { 2320 /* Convert "raw" temperature to degC. */ 2321 sc->rawtemp = stats->general.temp; 2322 temp = ops->get_temperature(sc); 2323 DPRINTFN(2, ("temperature=%dC\n", temp)); 2324 2325 /* Update TX power if need be (4965AGN only). */ 2326 if (sc->hw_type == IWN_HW_REV_TYPE_4965) 2327 iwn4965_power_calibration(sc, temp); 2328 } 2329 2330 if (desc->type != IWN_BEACON_STATISTICS) 2331 return; /* Reply to a statistics request. */ 2332 2333 sc->noise = iwn_get_noise(&stats->rx.general); 2334 2335 /* Test that RSSI and noise are present in stats report. */ 2336 if (le32toh(stats->rx.general.flags) != 1) { 2337 DPRINTF(("received statistics without RSSI\n")); 2338 return; 2339 } 2340 2341 /* 2342 * XXX Differential gain calibration makes the 6005 firmware 2343 * crap out, so skip it for now. This effectively disables 2344 * sensitivity tuning as well. 2345 */ 2346 if (sc->hw_type == IWN_HW_REV_TYPE_6005) 2347 return; 2348 2349 if (calib->state == IWN_CALIB_STATE_ASSOC) 2350 iwn_collect_noise(sc, &stats->rx.general); 2351 else if (calib->state == IWN_CALIB_STATE_RUN) 2352 iwn_tune_sensitivity(sc, &stats->rx); 2353 } 2354 2355 /* 2356 * Process a TX_DONE firmware notification. Unfortunately, the 4965AGN 2357 * and 5000 adapters have different incompatible TX status formats. 2358 */ 2359 static void 2360 iwn4965_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2361 struct iwn_rx_data *data) 2362 { 2363 struct iwn4965_tx_stat *stat = (struct iwn4965_tx_stat *)(desc + 1); 2364 2365 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2366 sizeof (*stat), BUS_DMASYNC_POSTREAD); 2367 iwn_tx_done(sc, desc, stat->ackfailcnt, le32toh(stat->status) & 0xff); 2368 } 2369 2370 static void 2371 iwn5000_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2372 struct iwn_rx_data *data) 2373 { 2374 struct iwn5000_tx_stat *stat = (struct iwn5000_tx_stat *)(desc + 1); 2375 2376 #ifdef notyet 2377 /* Reset TX scheduler slot. */ 2378 iwn5000_reset_sched(sc, desc->qid & 0xf, desc->idx); 2379 #endif 2380 2381 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2382 sizeof (*stat), BUS_DMASYNC_POSTREAD); 2383 iwn_tx_done(sc, desc, stat->ackfailcnt, le16toh(stat->status) & 0xff); 2384 } 2385 2386 /* 2387 * Adapter-independent backend for TX_DONE firmware notifications. 2388 */ 2389 static void 2390 iwn_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, int ackfailcnt, 2391 uint8_t status) 2392 { 2393 struct ieee80211com *ic = &sc->sc_ic; 2394 struct ifnet *ifp = ic->ic_ifp; 2395 struct iwn_tx_ring *ring = &sc->txq[desc->qid & 0xf]; 2396 struct iwn_tx_data *data = &ring->data[desc->idx]; 2397 struct iwn_node *wn = (struct iwn_node *)data->ni; 2398 int s; 2399 2400 s = splnet(); 2401 2402 /* Update rate control statistics. */ 2403 wn->amn.amn_txcnt++; 2404 if (ackfailcnt > 0) 2405 wn->amn.amn_retrycnt++; 2406 2407 if (status != 1 && status != 2) 2408 ifp->if_oerrors++; 2409 else 2410 ifp->if_opackets++; 2411 2412 /* Unmap and free mbuf. */ 2413 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 2414 BUS_DMASYNC_POSTWRITE); 2415 bus_dmamap_unload(sc->sc_dmat, data->map); 2416 m_freem(data->m); 2417 data->m = NULL; 2418 ieee80211_free_node(data->ni); 2419 data->ni = NULL; 2420 2421 sc->sc_tx_timer = 0; 2422 if (--ring->queued < IWN_TX_RING_LOMARK) { 2423 sc->qfullmsk &= ~(1 << ring->qid); 2424 if (sc->qfullmsk == 0 && (ifp->if_flags & IFF_OACTIVE)) { 2425 ifp->if_flags &= ~IFF_OACTIVE; 2426 iwn_start(ifp); 2427 } 2428 } 2429 2430 splx(s); 2431 } 2432 2433 /* 2434 * Process a "command done" firmware notification. This is where we wakeup 2435 * processes waiting for a synchronous command completion. 2436 */ 2437 static void 2438 iwn_cmd_done(struct iwn_softc *sc, struct iwn_rx_desc *desc) 2439 { 2440 struct iwn_tx_ring *ring = &sc->txq[4]; 2441 struct iwn_tx_data *data; 2442 2443 if ((desc->qid & 0xf) != 4) 2444 return; /* Not a command ack. */ 2445 2446 data = &ring->data[desc->idx]; 2447 2448 /* If the command was mapped in an mbuf, free it. */ 2449 if (data->m != NULL) { 2450 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 2451 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 2452 bus_dmamap_unload(sc->sc_dmat, data->map); 2453 m_freem(data->m); 2454 data->m = NULL; 2455 } 2456 wakeup(&ring->desc[desc->idx]); 2457 } 2458 2459 /* 2460 * Process an INT_FH_RX or INT_SW_RX interrupt. 2461 */ 2462 static void 2463 iwn_notif_intr(struct iwn_softc *sc) 2464 { 2465 struct iwn_ops *ops = &sc->ops; 2466 struct ieee80211com *ic = &sc->sc_ic; 2467 struct ifnet *ifp = ic->ic_ifp; 2468 uint16_t hw; 2469 int s; 2470 2471 bus_dmamap_sync(sc->sc_dmat, sc->rxq.stat_dma.map, 2472 0, sc->rxq.stat_dma.size, BUS_DMASYNC_POSTREAD); 2473 2474 hw = le16toh(sc->rxq.stat->closed_count) & 0xfff; 2475 while (sc->rxq.cur != hw) { 2476 struct iwn_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2477 struct iwn_rx_desc *desc; 2478 2479 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 2480 BUS_DMASYNC_POSTREAD); 2481 desc = mtod(data->m, struct iwn_rx_desc *); 2482 2483 DPRINTFN(4, ("notification qid=%d idx=%d flags=%x type=%d\n", 2484 desc->qid & 0xf, desc->idx, desc->flags, desc->type)); 2485 2486 if (!(desc->qid & 0x80)) /* Reply to a command. */ 2487 iwn_cmd_done(sc, desc); 2488 2489 switch (desc->type) { 2490 case IWN_RX_PHY: 2491 iwn_rx_phy(sc, desc, data); 2492 break; 2493 2494 case IWN_RX_DONE: /* 4965AGN only. */ 2495 case IWN_MPDU_RX_DONE: 2496 /* An 802.11 frame has been received. */ 2497 iwn_rx_done(sc, desc, data); 2498 break; 2499 #ifndef IEEE80211_NO_HT 2500 case IWN_RX_COMPRESSED_BA: 2501 /* A Compressed BlockAck has been received. */ 2502 iwn_rx_compressed_ba(sc, desc, data); 2503 break; 2504 #endif 2505 case IWN_TX_DONE: 2506 /* An 802.11 frame has been transmitted. */ 2507 ops->tx_done(sc, desc, data); 2508 break; 2509 2510 case IWN_RX_STATISTICS: 2511 case IWN_BEACON_STATISTICS: 2512 iwn_rx_statistics(sc, desc, data); 2513 break; 2514 2515 case IWN_BEACON_MISSED: 2516 { 2517 struct iwn_beacon_missed *miss = 2518 (struct iwn_beacon_missed *)(desc + 1); 2519 2520 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2521 sizeof (*miss), BUS_DMASYNC_POSTREAD); 2522 /* 2523 * If more than 5 consecutive beacons are missed, 2524 * reinitialize the sensitivity state machine. 2525 */ 2526 DPRINTF(("beacons missed %d/%d\n", 2527 le32toh(miss->consecutive), le32toh(miss->total))); 2528 if (ic->ic_state == IEEE80211_S_RUN && 2529 le32toh(miss->consecutive) > 5) 2530 (void)iwn_init_sensitivity(sc); 2531 break; 2532 } 2533 case IWN_UC_READY: 2534 { 2535 struct iwn_ucode_info *uc = 2536 (struct iwn_ucode_info *)(desc + 1); 2537 2538 /* The microcontroller is ready. */ 2539 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2540 sizeof (*uc), BUS_DMASYNC_POSTREAD); 2541 DPRINTF(("microcode alive notification version=%d.%d " 2542 "subtype=%x alive=%x\n", uc->major, uc->minor, 2543 uc->subtype, le32toh(uc->valid))); 2544 2545 if (le32toh(uc->valid) != 1) { 2546 aprint_error_dev(sc->sc_dev, 2547 "microcontroller initialization " 2548 "failed\n"); 2549 break; 2550 } 2551 if (uc->subtype == IWN_UCODE_INIT) { 2552 /* Save microcontroller report. */ 2553 memcpy(&sc->ucode_info, uc, sizeof (*uc)); 2554 } 2555 /* Save the address of the error log in SRAM. */ 2556 sc->errptr = le32toh(uc->errptr); 2557 break; 2558 } 2559 case IWN_STATE_CHANGED: 2560 { 2561 uint32_t *status = (uint32_t *)(desc + 1); 2562 2563 /* Enabled/disabled notification. */ 2564 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2565 sizeof (*status), BUS_DMASYNC_POSTREAD); 2566 DPRINTF(("state changed to %x\n", le32toh(*status))); 2567 2568 if (le32toh(*status) & 1) { 2569 /* The radio button has to be pushed. */ 2570 aprint_error_dev(sc->sc_dev, 2571 "Radio transmitter is off\n"); 2572 /* Turn the interface down. */ 2573 s = splnet(); 2574 ifp->if_flags &= ~IFF_UP; 2575 iwn_stop(ifp, 1); 2576 splx(s); 2577 return; /* No further processing. */ 2578 } 2579 break; 2580 } 2581 case IWN_START_SCAN: 2582 { 2583 struct iwn_start_scan *scan = 2584 (struct iwn_start_scan *)(desc + 1); 2585 2586 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2587 sizeof (*scan), BUS_DMASYNC_POSTREAD); 2588 DPRINTFN(2, ("scanning channel %d status %x\n", 2589 scan->chan, le32toh(scan->status))); 2590 2591 /* Fix current channel. */ 2592 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 2593 break; 2594 } 2595 case IWN_STOP_SCAN: 2596 { 2597 struct iwn_stop_scan *scan = 2598 (struct iwn_stop_scan *)(desc + 1); 2599 2600 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2601 sizeof (*scan), BUS_DMASYNC_POSTREAD); 2602 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 2603 scan->nchan, scan->status, scan->chan)); 2604 2605 if (scan->status == 1 && scan->chan <= 14 && 2606 (sc->sc_flags & IWN_FLAG_HAS_5GHZ)) { 2607 /* 2608 * We just finished scanning 2GHz channels, 2609 * start scanning 5GHz ones. 2610 */ 2611 sc->sc_flags &= ~IWN_FLAG_SCANNING_2GHZ; 2612 sc->sc_flags |= IWN_FLAG_SCANNING_5GHZ; 2613 if (iwn_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 2614 break; 2615 } 2616 sc->sc_flags &= ~IWN_FLAG_SCANNING; 2617 ieee80211_end_scan(ic); 2618 break; 2619 } 2620 case IWN5000_CALIBRATION_RESULT: 2621 iwn5000_rx_calib_results(sc, desc, data); 2622 break; 2623 2624 case IWN5000_CALIBRATION_DONE: 2625 sc->sc_flags |= IWN_FLAG_CALIB_DONE; 2626 wakeup(sc); 2627 break; 2628 } 2629 2630 sc->rxq.cur = (sc->rxq.cur + 1) % IWN_RX_RING_COUNT; 2631 } 2632 2633 /* Tell the firmware what we have processed. */ 2634 hw = (hw == 0) ? IWN_RX_RING_COUNT - 1 : hw - 1; 2635 IWN_WRITE(sc, IWN_FH_RX_WPTR, hw & ~7); 2636 } 2637 2638 /* 2639 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2640 * from power-down sleep mode. 2641 */ 2642 static void 2643 iwn_wakeup_intr(struct iwn_softc *sc) 2644 { 2645 int qid; 2646 2647 DPRINTF(("ucode wakeup from power-down sleep\n")); 2648 2649 /* Wakeup RX and TX rings. */ 2650 IWN_WRITE(sc, IWN_FH_RX_WPTR, sc->rxq.cur & ~7); 2651 for (qid = 0; qid < sc->ntxqs; qid++) { 2652 struct iwn_tx_ring *ring = &sc->txq[qid]; 2653 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | ring->cur); 2654 } 2655 } 2656 2657 /* 2658 * Dump the error log of the firmware when a firmware panic occurs. Although 2659 * we can't debug the firmware because it is neither open source nor free, it 2660 * can help us to identify certain classes of problems. 2661 */ 2662 static void 2663 iwn_fatal_intr(struct iwn_softc *sc) 2664 { 2665 struct iwn_fw_dump dump; 2666 int i; 2667 2668 /* Force a complete recalibration on next init. */ 2669 sc->sc_flags &= ~IWN_FLAG_CALIB_DONE; 2670 2671 /* Check that the error log address is valid. */ 2672 if (sc->errptr < IWN_FW_DATA_BASE || 2673 sc->errptr + sizeof (dump) > 2674 IWN_FW_DATA_BASE + sc->fw_data_maxsz) { 2675 aprint_error_dev(sc->sc_dev, 2676 "bad firmware error log address 0x%08x\n", sc->errptr); 2677 return; 2678 } 2679 if (iwn_nic_lock(sc) != 0) { 2680 aprint_error_dev(sc->sc_dev, 2681 "could not read firmware error log\n"); 2682 return; 2683 } 2684 /* Read firmware error log from SRAM. */ 2685 iwn_mem_read_region_4(sc, sc->errptr, (uint32_t *)&dump, 2686 sizeof (dump) / sizeof (uint32_t)); 2687 iwn_nic_unlock(sc); 2688 2689 if (dump.valid == 0) { 2690 aprint_error_dev(sc->sc_dev, 2691 "firmware error log is empty\n"); 2692 return; 2693 } 2694 aprint_error("firmware error log:\n"); 2695 aprint_error(" error type = \"%s\" (0x%08X)\n", 2696 (dump.id < __arraycount(iwn_fw_errmsg)) ? 2697 iwn_fw_errmsg[dump.id] : "UNKNOWN", 2698 dump.id); 2699 aprint_error(" program counter = 0x%08X\n", dump.pc); 2700 aprint_error(" source line = 0x%08X\n", dump.src_line); 2701 aprint_error(" error data = 0x%08X%08X\n", 2702 dump.error_data[0], dump.error_data[1]); 2703 aprint_error(" branch link = 0x%08X%08X\n", 2704 dump.branch_link[0], dump.branch_link[1]); 2705 aprint_error(" interrupt link = 0x%08X%08X\n", 2706 dump.interrupt_link[0], dump.interrupt_link[1]); 2707 aprint_error(" time = %u\n", dump.time[0]); 2708 2709 /* Dump driver status (TX and RX rings) while we're here. */ 2710 aprint_error("driver status:\n"); 2711 for (i = 0; i < sc->ntxqs; i++) { 2712 struct iwn_tx_ring *ring = &sc->txq[i]; 2713 aprint_error(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2714 i, ring->qid, ring->cur, ring->queued); 2715 } 2716 aprint_error(" rx ring: cur=%d\n", sc->rxq.cur); 2717 aprint_error(" 802.11 state %d\n", sc->sc_ic.ic_state); 2718 } 2719 2720 static int 2721 iwn_intr(void *arg) 2722 { 2723 struct iwn_softc *sc = arg; 2724 2725 /* Disable interrupts. */ 2726 IWN_WRITE(sc, IWN_INT_MASK, 0); 2727 2728 softint_schedule(sc->sc_soft_ih); 2729 return 1; 2730 } 2731 2732 static void 2733 iwn_softintr(void *arg) 2734 { 2735 struct iwn_softc *sc = arg; 2736 struct ifnet *ifp = sc->sc_ic.ic_ifp; 2737 uint32_t r1, r2, tmp; 2738 int s; 2739 2740 /* Read interrupts from ICT (fast) or from registers (slow). */ 2741 if (sc->sc_flags & IWN_FLAG_USE_ICT) { 2742 bus_dmamap_sync(sc->sc_dmat, sc->ict_dma.map, 0, 2743 IWN_ICT_SIZE, BUS_DMASYNC_POSTREAD); 2744 tmp = 0; 2745 while (sc->ict[sc->ict_cur] != 0) { 2746 tmp |= sc->ict[sc->ict_cur]; 2747 sc->ict[sc->ict_cur] = 0; /* Acknowledge. */ 2748 sc->ict_cur = (sc->ict_cur + 1) % IWN_ICT_COUNT; 2749 } 2750 bus_dmamap_sync(sc->sc_dmat, sc->ict_dma.map, 0, 2751 IWN_ICT_SIZE, BUS_DMASYNC_PREWRITE); 2752 tmp = le32toh(tmp); 2753 if (tmp == 0xffffffff) /* Shouldn't happen. */ 2754 tmp = 0; 2755 else if (tmp & 0xc0000) /* Workaround a HW bug. */ 2756 tmp |= 0x8000; 2757 r1 = (tmp & 0xff00) << 16 | (tmp & 0xff); 2758 r2 = 0; /* Unused. */ 2759 } else { 2760 r1 = IWN_READ(sc, IWN_INT); 2761 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 2762 return; /* Hardware gone! */ 2763 r2 = IWN_READ(sc, IWN_FH_INT); 2764 } 2765 if (r1 == 0 && r2 == 0) { 2766 goto out; /* Interrupt not for us. */ 2767 } 2768 2769 /* Acknowledge interrupts. */ 2770 IWN_WRITE(sc, IWN_INT, r1); 2771 if (!(sc->sc_flags & IWN_FLAG_USE_ICT)) 2772 IWN_WRITE(sc, IWN_FH_INT, r2); 2773 2774 if (r1 & IWN_INT_RF_TOGGLED) { 2775 tmp = IWN_READ(sc, IWN_GP_CNTRL); 2776 aprint_error_dev(sc->sc_dev, 2777 "RF switch: radio %s\n", 2778 (tmp & IWN_GP_CNTRL_RFKILL) ? "enabled" : "disabled"); 2779 } 2780 if (r1 & IWN_INT_CT_REACHED) { 2781 aprint_error_dev(sc->sc_dev, 2782 "critical temperature reached!\n"); 2783 } 2784 if (r1 & (IWN_INT_SW_ERR | IWN_INT_HW_ERR)) { 2785 aprint_error_dev(sc->sc_dev, 2786 "fatal firmware error\n"); 2787 /* Dump firmware error log and stop. */ 2788 iwn_fatal_intr(sc); 2789 s = splnet(); 2790 ifp->if_flags &= ~IFF_UP; 2791 iwn_stop(ifp, 1); 2792 splx(s); 2793 return; 2794 } 2795 if ((r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX | IWN_INT_RX_PERIODIC)) || 2796 (r2 & IWN_FH_INT_RX)) { 2797 if (sc->sc_flags & IWN_FLAG_USE_ICT) { 2798 if (r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX)) 2799 IWN_WRITE(sc, IWN_FH_INT, IWN_FH_INT_RX); 2800 IWN_WRITE_1(sc, IWN_INT_PERIODIC, IWN_INT_PERIODIC_DIS); 2801 iwn_notif_intr(sc); 2802 if (r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX)) { 2803 IWN_WRITE_1(sc, IWN_INT_PERIODIC, 2804 IWN_INT_PERIODIC_ENA); 2805 } 2806 } else 2807 iwn_notif_intr(sc); 2808 } 2809 2810 if ((r1 & IWN_INT_FH_TX) || (r2 & IWN_FH_INT_TX)) { 2811 if (sc->sc_flags & IWN_FLAG_USE_ICT) 2812 IWN_WRITE(sc, IWN_FH_INT, IWN_FH_INT_TX); 2813 wakeup(sc); /* FH DMA transfer completed. */ 2814 } 2815 2816 if (r1 & IWN_INT_ALIVE) 2817 wakeup(sc); /* Firmware is alive. */ 2818 2819 if (r1 & IWN_INT_WAKEUP) 2820 iwn_wakeup_intr(sc); 2821 2822 out: 2823 /* Re-enable interrupts. */ 2824 if (ifp->if_flags & IFF_UP) 2825 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask); 2826 } 2827 2828 /* 2829 * Update TX scheduler ring when transmitting an 802.11 frame (4965AGN and 2830 * 5000 adapters use a slightly different format). 2831 */ 2832 static void 2833 iwn4965_update_sched(struct iwn_softc *sc, int qid, int idx, uint8_t id, 2834 uint16_t len) 2835 { 2836 uint16_t *w = &sc->sched[qid * IWN4965_SCHED_COUNT + idx]; 2837 2838 *w = htole16(len + 8); 2839 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2840 (char *)(void *)w - (char *)(void *)sc->sched_dma.vaddr, 2841 sizeof (uint16_t), 2842 BUS_DMASYNC_PREWRITE); 2843 if (idx < IWN_SCHED_WINSZ) { 2844 *(w + IWN_TX_RING_COUNT) = *w; 2845 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2846 (char *)(void *)(w + IWN_TX_RING_COUNT) - 2847 (char *)(void *)sc->sched_dma.vaddr, 2848 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2849 } 2850 } 2851 2852 static void 2853 iwn5000_update_sched(struct iwn_softc *sc, int qid, int idx, uint8_t id, 2854 uint16_t len) 2855 { 2856 uint16_t *w = &sc->sched[qid * IWN5000_SCHED_COUNT + idx]; 2857 2858 *w = htole16(id << 12 | (len + 8)); 2859 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2860 (char *)(void *)w - (char *)(void *)sc->sched_dma.vaddr, 2861 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2862 if (idx < IWN_SCHED_WINSZ) { 2863 *(w + IWN_TX_RING_COUNT) = *w; 2864 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2865 (char *)(void *)(w + IWN_TX_RING_COUNT) - 2866 (char *)(void *)sc->sched_dma.vaddr, 2867 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2868 } 2869 } 2870 2871 #ifdef notyet 2872 static void 2873 iwn5000_reset_sched(struct iwn_softc *sc, int qid, int idx) 2874 { 2875 uint16_t *w = &sc->sched[qid * IWN5000_SCHED_COUNT + idx]; 2876 2877 *w = (*w & htole16(0xf000)) | htole16(1); 2878 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2879 (char *)(void *)w - (char *)(void *)sc->sched_dma.vaddr, 2880 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2881 if (idx < IWN_SCHED_WINSZ) { 2882 *(w + IWN_TX_RING_COUNT) = *w; 2883 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2884 (char *)(void *)(w + IWN_TX_RING_COUNT) - 2885 (char *)(void *)sc->sched_dma.vaddr, 2886 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2887 } 2888 } 2889 #endif 2890 2891 static int 2892 iwn_tx(struct iwn_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 2893 { 2894 struct ieee80211com *ic = &sc->sc_ic; 2895 struct iwn_node *wn = (void *)ni; 2896 struct iwn_tx_ring *ring; 2897 struct iwn_tx_desc *desc; 2898 struct iwn_tx_data *data; 2899 struct iwn_tx_cmd *cmd; 2900 struct iwn_cmd_data *tx; 2901 const struct iwn_rate *rinfo; 2902 struct ieee80211_frame *wh; 2903 struct ieee80211_key *k = NULL; 2904 struct mbuf *m1; 2905 uint32_t flags; 2906 u_int hdrlen; 2907 bus_dma_segment_t *seg; 2908 uint8_t tid, ridx, txant, type; 2909 int i, totlen, error, pad; 2910 2911 const struct chanAccParams *cap; 2912 int noack; 2913 int hdrlen2; 2914 2915 wh = mtod(m, struct ieee80211_frame *); 2916 hdrlen = ieee80211_anyhdrsize(wh); 2917 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2918 2919 hdrlen2 = (ieee80211_has_qos(wh)) ? 2920 sizeof (struct ieee80211_qosframe) : 2921 sizeof (struct ieee80211_frame); 2922 2923 if (hdrlen != hdrlen2) 2924 aprint_error_dev(sc->sc_dev, "hdrlen error (%d != %d)\n", 2925 hdrlen, hdrlen2); 2926 2927 /* XXX OpenBSD sets a different tid when using QOS */ 2928 tid = 0; 2929 if (ieee80211_has_qos(wh)) { 2930 cap = &ic->ic_wme.wme_chanParams; 2931 noack = cap->cap_wmeParams[ac].wmep_noackPolicy; 2932 } 2933 else 2934 noack = 0; 2935 2936 ring = &sc->txq[ac]; 2937 desc = &ring->desc[ring->cur]; 2938 data = &ring->data[ring->cur]; 2939 2940 /* Choose a TX rate index. */ 2941 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2942 type != IEEE80211_FC0_TYPE_DATA) { 2943 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2944 IWN_RIDX_OFDM6 : IWN_RIDX_CCK1; 2945 } else if (ic->ic_fixed_rate != -1) { 2946 ridx = sc->fixed_ridx; 2947 } else 2948 ridx = wn->ridx[ni->ni_txrate]; 2949 rinfo = &iwn_rates[ridx]; 2950 2951 /* Encrypt the frame if need be. */ 2952 /* 2953 * XXX For now, NetBSD swaps the encryption and bpf sections 2954 * in order to match old code and other drivers. Tests with 2955 * tcpdump indicates that the order is irrelevant, however, 2956 * as bpf produces unencrypted data for both ordering choices. 2957 */ 2958 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2959 k = ieee80211_crypto_encap(ic, ni, m); 2960 if (k == NULL) { 2961 m_freem(m); 2962 return ENOBUFS; 2963 } 2964 /* Packet header may have moved, reset our local pointer. */ 2965 wh = mtod(m, struct ieee80211_frame *); 2966 } 2967 totlen = m->m_pkthdr.len; 2968 2969 if (sc->sc_drvbpf != NULL) { 2970 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap; 2971 2972 tap->wt_flags = 0; 2973 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 2974 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 2975 tap->wt_rate = rinfo->rate; 2976 tap->wt_hwqueue = ac; 2977 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2978 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2979 2980 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m); 2981 } 2982 2983 /* Prepare TX firmware command. */ 2984 cmd = &ring->cmd[ring->cur]; 2985 cmd->code = IWN_CMD_TX_DATA; 2986 cmd->flags = 0; 2987 cmd->qid = ring->qid; 2988 cmd->idx = ring->cur; 2989 2990 tx = (struct iwn_cmd_data *)cmd->data; 2991 /* NB: No need to clear tx, all fields are reinitialized here. */ 2992 tx->scratch = 0; /* clear "scratch" area */ 2993 2994 flags = 0; 2995 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2996 /* Unicast frame, check if an ACK is expected. */ 2997 if (!noack) 2998 flags |= IWN_TX_NEED_ACK; 2999 } 3000 3001 #ifdef notyet 3002 /* XXX NetBSD does not define IEEE80211_FC0_SUBTYPE_BAR */ 3003 if ((wh->i_fc[0] & 3004 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3005 (IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_BAR)) 3006 flags |= IWN_TX_IMM_BA; /* Cannot happen yet. */ 3007 #endif 3008 3009 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 3010 flags |= IWN_TX_MORE_FRAG; /* Cannot happen yet. */ 3011 3012 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 3013 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3014 /* NB: Group frames are sent using CCK in 802.11b/g. */ 3015 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 3016 flags |= IWN_TX_NEED_RTS; 3017 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 3018 ridx >= IWN_RIDX_OFDM6) { 3019 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 3020 flags |= IWN_TX_NEED_CTS; 3021 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 3022 flags |= IWN_TX_NEED_RTS; 3023 } 3024 if (flags & (IWN_TX_NEED_RTS | IWN_TX_NEED_CTS)) { 3025 if (sc->hw_type != IWN_HW_REV_TYPE_4965) { 3026 /* 5000 autoselects RTS/CTS or CTS-to-self. */ 3027 flags &= ~(IWN_TX_NEED_RTS | IWN_TX_NEED_CTS); 3028 flags |= IWN_TX_NEED_PROTECTION; 3029 } else 3030 flags |= IWN_TX_FULL_TXOP; 3031 } 3032 } 3033 3034 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3035 type != IEEE80211_FC0_TYPE_DATA) 3036 tx->id = sc->broadcast_id; 3037 else 3038 tx->id = wn->id; 3039 3040 if (type == IEEE80211_FC0_TYPE_MGT) { 3041 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3042 3043 #ifndef IEEE80211_STA_ONLY 3044 /* Tell HW to set timestamp in probe responses. */ 3045 /* XXX NetBSD rev 1.11 added probe requests here but */ 3046 /* probe requests do not take timestamps (from Bergamini). */ 3047 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 3048 flags |= IWN_TX_INSERT_TSTAMP; 3049 #endif 3050 /* XXX NetBSD rev 1.11 and 1.20 added AUTH/DAUTH and RTS/CTS */ 3051 /* changes here. These are not needed (from Bergamini). */ 3052 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3053 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 3054 tx->timeout = htole16(3); 3055 else 3056 tx->timeout = htole16(2); 3057 } else 3058 tx->timeout = htole16(0); 3059 3060 if (hdrlen & 3) { 3061 /* First segment length must be a multiple of 4. */ 3062 flags |= IWN_TX_NEED_PADDING; 3063 pad = 4 - (hdrlen & 3); 3064 } else 3065 pad = 0; 3066 3067 tx->len = htole16(totlen); 3068 tx->tid = tid; 3069 tx->rts_ntries = 60; 3070 tx->data_ntries = 15; 3071 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 3072 tx->plcp = rinfo->plcp; 3073 tx->rflags = rinfo->flags; 3074 if (tx->id == sc->broadcast_id) { 3075 /* Group or management frame. */ 3076 tx->linkq = 0; 3077 /* XXX Alternate between antenna A and B? */ 3078 txant = IWN_LSB(sc->txchainmask); 3079 tx->rflags |= IWN_RFLAG_ANT(txant); 3080 } else { 3081 tx->linkq = ni->ni_rates.rs_nrates - ni->ni_txrate - 1; 3082 flags |= IWN_TX_LINKQ; /* enable MRR */ 3083 } 3084 /* Set physical address of "scratch area". */ 3085 tx->loaddr = htole32(IWN_LOADDR(data->scratch_paddr)); 3086 tx->hiaddr = IWN_HIADDR(data->scratch_paddr); 3087 3088 /* Copy 802.11 header in TX command. */ 3089 /* XXX NetBSD changed this in rev 1.20 */ 3090 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 3091 3092 /* Trim 802.11 header. */ 3093 m_adj(m, hdrlen); 3094 tx->security = 0; 3095 tx->flags = htole32(flags); 3096 3097 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 3098 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 3099 if (error != 0) { 3100 if (error != EFBIG) { 3101 aprint_error_dev(sc->sc_dev, 3102 "can't map mbuf (error %d)\n", error); 3103 m_freem(m); 3104 return error; 3105 } 3106 /* Too many DMA segments, linearize mbuf. */ 3107 MGETHDR(m1, M_DONTWAIT, MT_DATA); 3108 if (m1 == NULL) { 3109 m_freem(m); 3110 return ENOBUFS; 3111 } 3112 if (m->m_pkthdr.len > MHLEN) { 3113 MCLGET(m1, M_DONTWAIT); 3114 if (!(m1->m_flags & M_EXT)) { 3115 m_freem(m); 3116 m_freem(m1); 3117 return ENOBUFS; 3118 } 3119 } 3120 m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, void *)); 3121 m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len; 3122 m_freem(m); 3123 m = m1; 3124 3125 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 3126 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 3127 if (error != 0) { 3128 aprint_error_dev(sc->sc_dev, 3129 "can't map mbuf (error %d)\n", error); 3130 m_freem(m); 3131 return error; 3132 } 3133 } 3134 3135 data->m = m; 3136 data->ni = ni; 3137 3138 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 3139 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 3140 3141 /* Fill TX descriptor. */ 3142 desc->nsegs = 1 + data->map->dm_nsegs; 3143 /* First DMA segment is used by the TX command. */ 3144 desc->segs[0].addr = htole32(IWN_LOADDR(data->cmd_paddr)); 3145 desc->segs[0].len = htole16(IWN_HIADDR(data->cmd_paddr) | 3146 (4 + sizeof (*tx) + hdrlen + pad) << 4); 3147 /* Other DMA segments are for data payload. */ 3148 seg = data->map->dm_segs; 3149 for (i = 1; i <= data->map->dm_nsegs; i++) { 3150 desc->segs[i].addr = htole32(IWN_LOADDR(seg->ds_addr)); 3151 desc->segs[i].len = htole16(IWN_HIADDR(seg->ds_addr) | 3152 seg->ds_len << 4); 3153 seg++; 3154 } 3155 3156 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 3157 BUS_DMASYNC_PREWRITE); 3158 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 3159 (char *)(void *)cmd - (char *)(void *)ring->cmd_dma.vaddr, 3160 sizeof (*cmd), BUS_DMASYNC_PREWRITE); 3161 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 3162 (char *)(void *)desc - (char *)(void *)ring->desc_dma.vaddr, 3163 sizeof (*desc), BUS_DMASYNC_PREWRITE); 3164 3165 #ifdef notyet 3166 /* Update TX scheduler. */ 3167 ops->update_sched(sc, ring->qid, ring->cur, tx->id, totlen); 3168 #endif 3169 3170 /* Kick TX ring. */ 3171 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 3172 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3173 3174 /* Mark TX ring as full if we reach a certain threshold. */ 3175 if (++ring->queued > IWN_TX_RING_HIMARK) 3176 sc->qfullmsk |= 1 << ring->qid; 3177 3178 return 0; 3179 } 3180 3181 static void 3182 iwn_start(struct ifnet *ifp) 3183 { 3184 struct iwn_softc *sc = ifp->if_softc; 3185 struct ieee80211com *ic = &sc->sc_ic; 3186 struct ieee80211_node *ni; 3187 struct ether_header *eh; 3188 struct mbuf *m; 3189 int ac; 3190 3191 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 3192 return; 3193 3194 for (;;) { 3195 if (sc->sc_beacon_wait == 1) { 3196 ifp->if_flags |= IFF_OACTIVE; 3197 break; 3198 } 3199 3200 if (sc->qfullmsk != 0) { 3201 ifp->if_flags |= IFF_OACTIVE; 3202 break; 3203 } 3204 /* Send pending management frames first. */ 3205 IF_DEQUEUE(&ic->ic_mgtq, m); 3206 if (m != NULL) { 3207 ni = M_GETCTX(m, struct ieee80211_node *); 3208 ac = 0; 3209 goto sendit; 3210 } 3211 if (ic->ic_state != IEEE80211_S_RUN) 3212 break; 3213 3214 /* Encapsulate and send data frames. */ 3215 IFQ_DEQUEUE(&ifp->if_snd, m); 3216 if (m == NULL) 3217 break; 3218 if (m->m_len < sizeof (*eh) && 3219 (m = m_pullup(m, sizeof (*eh))) == NULL) { 3220 ifp->if_oerrors++; 3221 continue; 3222 } 3223 eh = mtod(m, struct ether_header *); 3224 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 3225 if (ni == NULL) { 3226 m_freem(m); 3227 ifp->if_oerrors++; 3228 continue; 3229 } 3230 /* classify mbuf so we can find which tx ring to use */ 3231 if (ieee80211_classify(ic, m, ni) != 0) { 3232 m_freem(m); 3233 ieee80211_free_node(ni); 3234 ifp->if_oerrors++; 3235 continue; 3236 } 3237 3238 /* No QoS encapsulation for EAPOL frames. */ 3239 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ? 3240 M_WME_GETAC(m) : WME_AC_BE; 3241 3242 if (sc->sc_beacon_wait == 0) 3243 bpf_mtap(ifp, m); 3244 3245 if ((m = ieee80211_encap(ic, m, ni)) == NULL) { 3246 ieee80211_free_node(ni); 3247 ifp->if_oerrors++; 3248 continue; 3249 } 3250 sendit: 3251 if (sc->sc_beacon_wait) 3252 continue; 3253 3254 bpf_mtap3(ic->ic_rawbpf, m); 3255 3256 if (iwn_tx(sc, m, ni, ac) != 0) { 3257 ieee80211_free_node(ni); 3258 ifp->if_oerrors++; 3259 continue; 3260 } 3261 3262 sc->sc_tx_timer = 5; 3263 ifp->if_timer = 1; 3264 } 3265 3266 if (sc->sc_beacon_wait > 1) 3267 sc->sc_beacon_wait = 0; 3268 } 3269 3270 static void 3271 iwn_watchdog(struct ifnet *ifp) 3272 { 3273 struct iwn_softc *sc = ifp->if_softc; 3274 3275 ifp->if_timer = 0; 3276 3277 if (sc->sc_tx_timer > 0) { 3278 if (--sc->sc_tx_timer == 0) { 3279 aprint_error_dev(sc->sc_dev, 3280 "device timeout\n"); 3281 ifp->if_flags &= ~IFF_UP; 3282 iwn_stop(ifp, 1); 3283 ifp->if_oerrors++; 3284 return; 3285 } 3286 ifp->if_timer = 1; 3287 } 3288 3289 ieee80211_watchdog(&sc->sc_ic); 3290 } 3291 3292 static int 3293 iwn_ioctl(struct ifnet *ifp, u_long cmd, void *data) 3294 { 3295 struct iwn_softc *sc = ifp->if_softc; 3296 struct ieee80211com *ic = &sc->sc_ic; 3297 const struct sockaddr *sa; 3298 int s, error = 0; 3299 3300 s = splnet(); 3301 3302 switch (cmd) { 3303 case SIOCSIFADDR: 3304 ifp->if_flags |= IFF_UP; 3305 /* FALLTHROUGH */ 3306 case SIOCSIFFLAGS: 3307 /* XXX Added as it is in every NetBSD driver */ 3308 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 3309 break; 3310 if (ifp->if_flags & IFF_UP) { 3311 if (!(ifp->if_flags & IFF_RUNNING)) 3312 error = iwn_init(ifp); 3313 } else { 3314 if (ifp->if_flags & IFF_RUNNING) 3315 iwn_stop(ifp, 1); 3316 } 3317 break; 3318 3319 case SIOCADDMULTI: 3320 case SIOCDELMULTI: 3321 sa = ifreq_getaddr(SIOCADDMULTI, (struct ifreq *)data); 3322 error = (cmd == SIOCADDMULTI) ? 3323 ether_addmulti(sa, &sc->sc_ec) : 3324 ether_delmulti(sa, &sc->sc_ec); 3325 3326 if (error == ENETRESET) 3327 error = 0; 3328 break; 3329 3330 default: 3331 error = ieee80211_ioctl(ic, cmd, data); 3332 } 3333 3334 if (error == ENETRESET) { 3335 error = 0; 3336 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 3337 (IFF_UP | IFF_RUNNING)) { 3338 iwn_stop(ifp, 0); 3339 error = iwn_init(ifp); 3340 } 3341 } 3342 3343 splx(s); 3344 return error; 3345 } 3346 3347 /* 3348 * Send a command to the firmware. 3349 */ 3350 static int 3351 iwn_cmd(struct iwn_softc *sc, int code, const void *buf, int size, int async) 3352 { 3353 struct iwn_tx_ring *ring = &sc->txq[4]; 3354 struct iwn_tx_desc *desc; 3355 struct iwn_tx_data *data; 3356 struct iwn_tx_cmd *cmd; 3357 struct mbuf *m; 3358 bus_addr_t paddr; 3359 int totlen, error; 3360 3361 desc = &ring->desc[ring->cur]; 3362 data = &ring->data[ring->cur]; 3363 totlen = 4 + size; 3364 3365 if (size > sizeof cmd->data) { 3366 /* Command is too large to fit in a descriptor. */ 3367 if (totlen > MCLBYTES) 3368 return EINVAL; 3369 MGETHDR(m, M_DONTWAIT, MT_DATA); 3370 if (m == NULL) 3371 return ENOMEM; 3372 if (totlen > MHLEN) { 3373 MCLGET(m, M_DONTWAIT); 3374 if (!(m->m_flags & M_EXT)) { 3375 m_freem(m); 3376 return ENOMEM; 3377 } 3378 } 3379 cmd = mtod(m, struct iwn_tx_cmd *); 3380 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 3381 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 3382 if (error != 0) { 3383 m_freem(m); 3384 return error; 3385 } 3386 data->m = m; 3387 paddr = data->map->dm_segs[0].ds_addr; 3388 } else { 3389 cmd = &ring->cmd[ring->cur]; 3390 paddr = data->cmd_paddr; 3391 } 3392 3393 cmd->code = code; 3394 cmd->flags = 0; 3395 cmd->qid = ring->qid; 3396 cmd->idx = ring->cur; 3397 memcpy(cmd->data, buf, size); 3398 3399 desc->nsegs = 1; 3400 desc->segs[0].addr = htole32(IWN_LOADDR(paddr)); 3401 desc->segs[0].len = htole16(IWN_HIADDR(paddr) | totlen << 4); 3402 3403 if (size > sizeof cmd->data) { 3404 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 3405 BUS_DMASYNC_PREWRITE); 3406 } else { 3407 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 3408 (char *)(void *)cmd - (char *)(void *)ring->cmd_dma.vaddr, 3409 totlen, BUS_DMASYNC_PREWRITE); 3410 } 3411 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 3412 (char *)(void *)desc - (char *)(void *)ring->desc_dma.vaddr, 3413 sizeof (*desc), BUS_DMASYNC_PREWRITE); 3414 3415 #ifdef notyet 3416 /* Update TX scheduler. */ 3417 ops->update_sched(sc, ring->qid, ring->cur, 0, 0); 3418 #endif 3419 DPRINTFN(4, ("iwn_cmd %d size=%d %s\n", code, size, async ? " (async)" : "")); 3420 3421 /* Kick command ring. */ 3422 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 3423 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3424 3425 return async ? 0 : tsleep(desc, PCATCH, "iwncmd", hz); 3426 } 3427 3428 static int 3429 iwn4965_add_node(struct iwn_softc *sc, struct iwn_node_info *node, int async) 3430 { 3431 struct iwn4965_node_info hnode; 3432 char *src, *dst; 3433 3434 /* 3435 * We use the node structure for 5000 Series internally (it is 3436 * a superset of the one for 4965AGN). We thus copy the common 3437 * fields before sending the command. 3438 */ 3439 src = (char *)node; 3440 dst = (char *)&hnode; 3441 memcpy(dst, src, 48); 3442 /* Skip TSC, RX MIC and TX MIC fields from ``src''. */ 3443 memcpy(dst + 48, src + 72, 20); 3444 return iwn_cmd(sc, IWN_CMD_ADD_NODE, &hnode, sizeof hnode, async); 3445 } 3446 3447 static int 3448 iwn5000_add_node(struct iwn_softc *sc, struct iwn_node_info *node, int async) 3449 { 3450 /* Direct mapping. */ 3451 return iwn_cmd(sc, IWN_CMD_ADD_NODE, node, sizeof (*node), async); 3452 } 3453 3454 static int 3455 iwn_set_link_quality(struct iwn_softc *sc, struct ieee80211_node *ni) 3456 { 3457 struct iwn_node *wn = (void *)ni; 3458 struct ieee80211_rateset *rs = &ni->ni_rates; 3459 struct iwn_cmd_link_quality linkq; 3460 const struct iwn_rate *rinfo; 3461 uint8_t txant; 3462 int i, txrate; 3463 3464 /* Use the first valid TX antenna. */ 3465 txant = IWN_LSB(sc->txchainmask); 3466 3467 memset(&linkq, 0, sizeof linkq); 3468 linkq.id = wn->id; 3469 linkq.antmsk_1stream = txant; 3470 linkq.antmsk_2stream = IWN_ANT_AB; 3471 linkq.ampdu_max = 31; 3472 linkq.ampdu_threshold = 3; 3473 linkq.ampdu_limit = htole16(4000); /* 4ms */ 3474 3475 /* Start at highest available bit-rate. */ 3476 txrate = rs->rs_nrates - 1; 3477 for (i = 0; i < IWN_MAX_TX_RETRIES; i++) { 3478 rinfo = &iwn_rates[wn->ridx[txrate]]; 3479 linkq.retry[i].plcp = rinfo->plcp; 3480 linkq.retry[i].rflags = rinfo->flags; 3481 linkq.retry[i].rflags |= IWN_RFLAG_ANT(txant); 3482 /* Next retry at immediate lower bit-rate. */ 3483 if (txrate > 0) 3484 txrate--; 3485 } 3486 return iwn_cmd(sc, IWN_CMD_LINK_QUALITY, &linkq, sizeof linkq, 1); 3487 } 3488 3489 /* 3490 * Broadcast node is used to send group-addressed and management frames. 3491 */ 3492 static int 3493 iwn_add_broadcast_node(struct iwn_softc *sc, int async) 3494 { 3495 struct iwn_ops *ops = &sc->ops; 3496 struct iwn_node_info node; 3497 struct iwn_cmd_link_quality linkq; 3498 const struct iwn_rate *rinfo; 3499 uint8_t txant; 3500 int i, error; 3501 3502 memset(&node, 0, sizeof node); 3503 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 3504 node.id = sc->broadcast_id; 3505 DPRINTF(("adding broadcast node\n")); 3506 if ((error = ops->add_node(sc, &node, async)) != 0) 3507 return error; 3508 3509 /* Use the first valid TX antenna. */ 3510 txant = IWN_LSB(sc->txchainmask); 3511 3512 memset(&linkq, 0, sizeof linkq); 3513 linkq.id = sc->broadcast_id; 3514 linkq.antmsk_1stream = txant; 3515 linkq.antmsk_2stream = IWN_ANT_AB; 3516 linkq.ampdu_max = 64; 3517 linkq.ampdu_threshold = 3; 3518 linkq.ampdu_limit = htole16(4000); /* 4ms */ 3519 3520 /* Use lowest mandatory bit-rate. */ 3521 rinfo = (sc->sc_ic.ic_curmode != IEEE80211_MODE_11A) ? 3522 &iwn_rates[IWN_RIDX_CCK1] : &iwn_rates[IWN_RIDX_OFDM6]; 3523 linkq.retry[0].plcp = rinfo->plcp; 3524 linkq.retry[0].rflags = rinfo->flags; 3525 linkq.retry[0].rflags |= IWN_RFLAG_ANT(txant); 3526 /* Use same bit-rate for all TX retries. */ 3527 for (i = 1; i < IWN_MAX_TX_RETRIES; i++) { 3528 linkq.retry[i].plcp = linkq.retry[0].plcp; 3529 linkq.retry[i].rflags = linkq.retry[0].rflags; 3530 } 3531 return iwn_cmd(sc, IWN_CMD_LINK_QUALITY, &linkq, sizeof linkq, async); 3532 } 3533 3534 static void 3535 iwn_set_led(struct iwn_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3536 { 3537 struct iwn_cmd_led led; 3538 3539 /* Clear microcode LED ownership. */ 3540 IWN_CLRBITS(sc, IWN_LED, IWN_LED_BSM_CTRL); 3541 3542 led.which = which; 3543 led.unit = htole32(10000); /* on/off in unit of 100ms */ 3544 led.off = off; 3545 led.on = on; 3546 (void)iwn_cmd(sc, IWN_CMD_SET_LED, &led, sizeof led, 1); 3547 } 3548 3549 /* 3550 * Set the critical temperature at which the firmware will stop the radio 3551 * and notify us. 3552 */ 3553 static int 3554 iwn_set_critical_temp(struct iwn_softc *sc) 3555 { 3556 struct iwn_critical_temp crit; 3557 int32_t temp; 3558 3559 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_CTEMP_STOP_RF); 3560 3561 if (sc->hw_type == IWN_HW_REV_TYPE_5150) 3562 temp = (IWN_CTOK(110) - sc->temp_off) * -5; 3563 else if (sc->hw_type == IWN_HW_REV_TYPE_4965) 3564 temp = IWN_CTOK(110); 3565 else 3566 temp = 110; 3567 memset(&crit, 0, sizeof crit); 3568 crit.tempR = htole32(temp); 3569 DPRINTF(("setting critical temperature to %d\n", temp)); 3570 return iwn_cmd(sc, IWN_CMD_SET_CRITICAL_TEMP, &crit, sizeof crit, 0); 3571 } 3572 3573 static int 3574 iwn_set_timing(struct iwn_softc *sc, struct ieee80211_node *ni) 3575 { 3576 struct iwn_cmd_timing cmd; 3577 uint64_t val, mod; 3578 3579 memset(&cmd, 0, sizeof cmd); 3580 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3581 cmd.bintval = htole16(ni->ni_intval); 3582 cmd.lintval = htole16(10); 3583 3584 /* Compute remaining time until next beacon. */ 3585 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 3586 mod = le64toh(cmd.tstamp) % val; 3587 cmd.binitval = htole32((uint32_t)(val - mod)); 3588 3589 DPRINTF(("timing bintval=%u, tstamp=%" PRIu64 ", init=%" PRIu32 "\n", 3590 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod))); 3591 3592 return iwn_cmd(sc, IWN_CMD_TIMING, &cmd, sizeof cmd, 1); 3593 } 3594 3595 static void 3596 iwn4965_power_calibration(struct iwn_softc *sc, int temp) 3597 { 3598 /* Adjust TX power if need be (delta >= 3 degC). */ 3599 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 3600 if (abs(temp - sc->temp) >= 3) { 3601 /* Record temperature of last calibration. */ 3602 sc->temp = temp; 3603 (void)iwn4965_set_txpower(sc, 1); 3604 } 3605 } 3606 3607 /* 3608 * Set TX power for current channel (each rate has its own power settings). 3609 * This function takes into account the regulatory information from EEPROM, 3610 * the current temperature and the current voltage. 3611 */ 3612 static int 3613 iwn4965_set_txpower(struct iwn_softc *sc, int async) 3614 { 3615 /* Fixed-point arithmetic division using a n-bit fractional part. */ 3616 #define fdivround(a, b, n) \ 3617 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3618 /* Linear interpolation. */ 3619 #define interpolate(x, x1, y1, x2, y2, n) \ 3620 ((y1) + fdivround(((int)(x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3621 3622 static const int tdiv[IWN_NATTEN_GROUPS] = { 9, 8, 8, 8, 6 }; 3623 struct ieee80211com *ic = &sc->sc_ic; 3624 struct iwn_ucode_info *uc = &sc->ucode_info; 3625 struct ieee80211_channel *ch; 3626 struct iwn4965_cmd_txpower cmd; 3627 struct iwn4965_eeprom_chan_samples *chans; 3628 const uint8_t *rf_gain, *dsp_gain; 3629 int32_t vdiff, tdiff; 3630 int i, c, grp, maxpwr; 3631 uint8_t chan; 3632 3633 /* Retrieve current channel from last RXON. */ 3634 chan = sc->rxon.chan; 3635 DPRINTF(("setting TX power for channel %d\n", chan)); 3636 ch = &ic->ic_channels[chan]; 3637 3638 memset(&cmd, 0, sizeof cmd); 3639 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 3640 cmd.chan = chan; 3641 3642 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3643 maxpwr = sc->maxpwr5GHz; 3644 rf_gain = iwn4965_rf_gain_5ghz; 3645 dsp_gain = iwn4965_dsp_gain_5ghz; 3646 } else { 3647 maxpwr = sc->maxpwr2GHz; 3648 rf_gain = iwn4965_rf_gain_2ghz; 3649 dsp_gain = iwn4965_dsp_gain_2ghz; 3650 } 3651 3652 /* Compute voltage compensation. */ 3653 vdiff = ((int32_t)le32toh(uc->volt) - sc->eeprom_voltage) / 7; 3654 if (vdiff > 0) 3655 vdiff *= 2; 3656 if (abs(vdiff) > 2) 3657 vdiff = 0; 3658 DPRINTF(("voltage compensation=%d (UCODE=%d, EEPROM=%d)\n", 3659 vdiff, le32toh(uc->volt), sc->eeprom_voltage)); 3660 3661 /* Get channel attenuation group. */ 3662 if (chan <= 20) /* 1-20 */ 3663 grp = 4; 3664 else if (chan <= 43) /* 34-43 */ 3665 grp = 0; 3666 else if (chan <= 70) /* 44-70 */ 3667 grp = 1; 3668 else if (chan <= 124) /* 71-124 */ 3669 grp = 2; 3670 else /* 125-200 */ 3671 grp = 3; 3672 DPRINTF(("chan %d, attenuation group=%d\n", chan, grp)); 3673 3674 /* Get channel sub-band. */ 3675 for (i = 0; i < IWN_NBANDS; i++) 3676 if (sc->bands[i].lo != 0 && 3677 sc->bands[i].lo <= chan && chan <= sc->bands[i].hi) 3678 break; 3679 if (i == IWN_NBANDS) /* Can't happen in real-life. */ 3680 return EINVAL; 3681 chans = sc->bands[i].chans; 3682 DPRINTF(("chan %d sub-band=%d\n", chan, i)); 3683 3684 for (c = 0; c < 2; c++) { 3685 uint8_t power, gain, temp; 3686 int maxchpwr, pwr, ridx, idx; 3687 3688 power = interpolate(chan, 3689 chans[0].num, chans[0].samples[c][1].power, 3690 chans[1].num, chans[1].samples[c][1].power, 1); 3691 gain = interpolate(chan, 3692 chans[0].num, chans[0].samples[c][1].gain, 3693 chans[1].num, chans[1].samples[c][1].gain, 1); 3694 temp = interpolate(chan, 3695 chans[0].num, chans[0].samples[c][1].temp, 3696 chans[1].num, chans[1].samples[c][1].temp, 1); 3697 DPRINTF(("TX chain %d: power=%d gain=%d temp=%d\n", 3698 c, power, gain, temp)); 3699 3700 /* Compute temperature compensation. */ 3701 tdiff = ((sc->temp - temp) * 2) / tdiv[grp]; 3702 DPRINTF(("temperature compensation=%d (current=%d, " 3703 "EEPROM=%d)\n", tdiff, sc->temp, temp)); 3704 3705 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) { 3706 /* Convert dBm to half-dBm. */ 3707 maxchpwr = sc->maxpwr[chan] * 2; 3708 if ((ridx / 8) & 1) 3709 maxchpwr -= 6; /* MIMO 2T: -3dB */ 3710 3711 pwr = maxpwr; 3712 3713 /* Adjust TX power based on rate. */ 3714 if ((ridx % 8) == 5) 3715 pwr -= 15; /* OFDM48: -7.5dB */ 3716 else if ((ridx % 8) == 6) 3717 pwr -= 17; /* OFDM54: -8.5dB */ 3718 else if ((ridx % 8) == 7) 3719 pwr -= 20; /* OFDM60: -10dB */ 3720 else 3721 pwr -= 10; /* Others: -5dB */ 3722 3723 /* Do not exceed channel max TX power. */ 3724 if (pwr > maxchpwr) 3725 pwr = maxchpwr; 3726 3727 idx = gain - (pwr - power) - tdiff - vdiff; 3728 if ((ridx / 8) & 1) /* MIMO */ 3729 idx += (int32_t)le32toh(uc->atten[grp][c]); 3730 3731 if (cmd.band == 0) 3732 idx += 9; /* 5GHz */ 3733 if (ridx == IWN_RIDX_MAX) 3734 idx += 5; /* CCK */ 3735 3736 /* Make sure idx stays in a valid range. */ 3737 if (idx < 0) 3738 idx = 0; 3739 else if (idx > IWN4965_MAX_PWR_INDEX) 3740 idx = IWN4965_MAX_PWR_INDEX; 3741 3742 DPRINTF(("TX chain %d, rate idx %d: power=%d\n", 3743 c, ridx, idx)); 3744 cmd.power[ridx].rf_gain[c] = rf_gain[idx]; 3745 cmd.power[ridx].dsp_gain[c] = dsp_gain[idx]; 3746 } 3747 } 3748 3749 DPRINTF(("setting TX power for chan %d\n", chan)); 3750 return iwn_cmd(sc, IWN_CMD_TXPOWER, &cmd, sizeof cmd, async); 3751 3752 #undef interpolate 3753 #undef fdivround 3754 } 3755 3756 static int 3757 iwn5000_set_txpower(struct iwn_softc *sc, int async) 3758 { 3759 struct iwn5000_cmd_txpower cmd; 3760 int cmdid; 3761 3762 /* 3763 * TX power calibration is handled automatically by the firmware 3764 * for 5000 Series. 3765 */ 3766 memset(&cmd, 0, sizeof cmd); 3767 cmd.global_limit = 2 * IWN5000_TXPOWER_MAX_DBM; /* 16 dBm */ 3768 cmd.flags = IWN5000_TXPOWER_NO_CLOSED; 3769 cmd.srv_limit = IWN5000_TXPOWER_AUTO; 3770 DPRINTF(("setting TX power\n")); 3771 if (IWN_UCODE_API(sc->ucode_rev) == 1) 3772 cmdid = IWN_CMD_TXPOWER_DBM_V1; 3773 else 3774 cmdid = IWN_CMD_TXPOWER_DBM; 3775 return iwn_cmd(sc, cmdid, &cmd, sizeof cmd, async); 3776 } 3777 3778 /* 3779 * Retrieve the maximum RSSI (in dBm) among receivers. 3780 */ 3781 static int 3782 iwn4965_get_rssi(const struct iwn_rx_stat *stat) 3783 { 3784 const struct iwn4965_rx_phystat *phy = (const void *)stat->phybuf; 3785 uint8_t mask, agc; 3786 int rssi; 3787 3788 mask = (le16toh(phy->antenna) >> 4) & IWN_ANT_ABC; 3789 agc = (le16toh(phy->agc) >> 7) & 0x7f; 3790 3791 rssi = 0; 3792 if (mask & IWN_ANT_A) 3793 rssi = MAX(rssi, phy->rssi[0]); 3794 if (mask & IWN_ANT_B) 3795 rssi = MAX(rssi, phy->rssi[2]); 3796 if (mask & IWN_ANT_C) 3797 rssi = MAX(rssi, phy->rssi[4]); 3798 3799 return rssi - agc - IWN_RSSI_TO_DBM; 3800 } 3801 3802 static int 3803 iwn5000_get_rssi(const struct iwn_rx_stat *stat) 3804 { 3805 const struct iwn5000_rx_phystat *phy = (const void *)stat->phybuf; 3806 uint8_t agc; 3807 int rssi; 3808 3809 agc = (le32toh(phy->agc) >> 9) & 0x7f; 3810 3811 rssi = MAX(le16toh(phy->rssi[0]) & 0xff, 3812 le16toh(phy->rssi[1]) & 0xff); 3813 rssi = MAX(le16toh(phy->rssi[2]) & 0xff, rssi); 3814 3815 return rssi - agc - IWN_RSSI_TO_DBM; 3816 } 3817 3818 /* 3819 * Retrieve the average noise (in dBm) among receivers. 3820 */ 3821 static int 3822 iwn_get_noise(const struct iwn_rx_general_stats *stats) 3823 { 3824 int i, total, nbant, noise; 3825 3826 total = nbant = 0; 3827 for (i = 0; i < 3; i++) { 3828 if ((noise = le32toh(stats->noise[i]) & 0xff) == 0) 3829 continue; 3830 total += noise; 3831 nbant++; 3832 } 3833 /* There should be at least one antenna but check anyway. */ 3834 return (nbant == 0) ? -127 : (total / nbant) - 107; 3835 } 3836 3837 /* 3838 * Compute temperature (in degC) from last received statistics. 3839 */ 3840 static int 3841 iwn4965_get_temperature(struct iwn_softc *sc) 3842 { 3843 struct iwn_ucode_info *uc = &sc->ucode_info; 3844 int32_t r1, r2, r3, r4, temp; 3845 3846 r1 = le32toh(uc->temp[0].chan20MHz); 3847 r2 = le32toh(uc->temp[1].chan20MHz); 3848 r3 = le32toh(uc->temp[2].chan20MHz); 3849 r4 = le32toh(sc->rawtemp); 3850 3851 if (r1 == r3) /* Prevents division by 0 (should not happen). */ 3852 return 0; 3853 3854 /* Sign-extend 23-bit R4 value to 32-bit. */ 3855 r4 = ((r4 & 0xffffff) ^ 0x800000) - 0x800000; 3856 /* Compute temperature in Kelvin. */ 3857 temp = (259 * (r4 - r2)) / (r3 - r1); 3858 temp = (temp * 97) / 100 + 8; 3859 3860 DPRINTF(("temperature %dK/%dC\n", temp, IWN_KTOC(temp))); 3861 return IWN_KTOC(temp); 3862 } 3863 3864 static int 3865 iwn5000_get_temperature(struct iwn_softc *sc) 3866 { 3867 int32_t temp; 3868 3869 /* 3870 * Temperature is not used by the driver for 5000 Series because 3871 * TX power calibration is handled by firmware. We export it to 3872 * users through the sensor framework though. 3873 */ 3874 temp = le32toh(sc->rawtemp); 3875 if (sc->hw_type == IWN_HW_REV_TYPE_5150) { 3876 temp = (temp / -5) + sc->temp_off; 3877 temp = IWN_KTOC(temp); 3878 } 3879 return temp; 3880 } 3881 3882 /* 3883 * Initialize sensitivity calibration state machine. 3884 */ 3885 static int 3886 iwn_init_sensitivity(struct iwn_softc *sc) 3887 { 3888 struct iwn_ops *ops = &sc->ops; 3889 struct iwn_calib_state *calib = &sc->calib; 3890 uint32_t flags; 3891 int error; 3892 3893 /* Reset calibration state machine. */ 3894 memset(calib, 0, sizeof (*calib)); 3895 calib->state = IWN_CALIB_STATE_INIT; 3896 calib->cck_state = IWN_CCK_STATE_HIFA; 3897 /* Set initial correlation values. */ 3898 calib->ofdm_x1 = sc->limits->min_ofdm_x1; 3899 calib->ofdm_mrc_x1 = sc->limits->min_ofdm_mrc_x1; 3900 calib->ofdm_x4 = sc->limits->min_ofdm_x4; 3901 calib->ofdm_mrc_x4 = sc->limits->min_ofdm_mrc_x4; 3902 calib->cck_x4 = 125; 3903 calib->cck_mrc_x4 = sc->limits->min_cck_mrc_x4; 3904 calib->energy_cck = sc->limits->energy_cck; 3905 3906 /* Write initial sensitivity. */ 3907 if ((error = iwn_send_sensitivity(sc)) != 0) 3908 return error; 3909 3910 /* Write initial gains. */ 3911 if ((error = ops->init_gains(sc)) != 0) 3912 return error; 3913 3914 /* Request statistics at each beacon interval. */ 3915 flags = 0; 3916 DPRINTF(("sending request for statistics\n")); 3917 return iwn_cmd(sc, IWN_CMD_GET_STATISTICS, &flags, sizeof flags, 1); 3918 } 3919 3920 /* 3921 * Collect noise and RSSI statistics for the first 20 beacons received 3922 * after association and use them to determine connected antennas and 3923 * to set differential gains. 3924 */ 3925 static void 3926 iwn_collect_noise(struct iwn_softc *sc, 3927 const struct iwn_rx_general_stats *stats) 3928 { 3929 struct iwn_ops *ops = &sc->ops; 3930 struct iwn_calib_state *calib = &sc->calib; 3931 uint32_t val; 3932 int i; 3933 3934 /* Accumulate RSSI and noise for all 3 antennas. */ 3935 for (i = 0; i < 3; i++) { 3936 calib->rssi[i] += le32toh(stats->rssi[i]) & 0xff; 3937 calib->noise[i] += le32toh(stats->noise[i]) & 0xff; 3938 } 3939 /* NB: We update differential gains only once after 20 beacons. */ 3940 if (++calib->nbeacons < 20) 3941 return; 3942 3943 /* Determine highest average RSSI. */ 3944 val = MAX(calib->rssi[0], calib->rssi[1]); 3945 val = MAX(calib->rssi[2], val); 3946 3947 /* Determine which antennas are connected. */ 3948 sc->chainmask = sc->rxchainmask; 3949 for (i = 0; i < 3; i++) 3950 if (val - calib->rssi[i] > 15 * 20) 3951 sc->chainmask &= ~(1 << i); 3952 DPRINTF(("RX chains mask: theoretical=0x%x, actual=0x%x\n", 3953 sc->rxchainmask, sc->chainmask)); 3954 3955 /* If none of the TX antennas are connected, keep at least one. */ 3956 if ((sc->chainmask & sc->txchainmask) == 0) 3957 sc->chainmask |= IWN_LSB(sc->txchainmask); 3958 3959 (void)ops->set_gains(sc); 3960 calib->state = IWN_CALIB_STATE_RUN; 3961 3962 #ifdef notyet 3963 /* XXX Disable RX chains with no antennas connected. */ 3964 sc->rxon.rxchain = htole16(IWN_RXCHAIN_SEL(sc->chainmask)); 3965 (void)iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, sc->rxonsz, 1); 3966 #endif 3967 3968 /* Enable power-saving mode if requested by user. */ 3969 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 3970 (void)iwn_set_pslevel(sc, 0, 3, 1); 3971 } 3972 3973 static int 3974 iwn4965_init_gains(struct iwn_softc *sc) 3975 { 3976 struct iwn_phy_calib_gain cmd; 3977 3978 memset(&cmd, 0, sizeof cmd); 3979 cmd.code = IWN4965_PHY_CALIB_DIFF_GAIN; 3980 /* Differential gains initially set to 0 for all 3 antennas. */ 3981 DPRINTF(("setting initial differential gains\n")); 3982 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1); 3983 } 3984 3985 static int 3986 iwn5000_init_gains(struct iwn_softc *sc) 3987 { 3988 struct iwn_phy_calib cmd; 3989 3990 memset(&cmd, 0, sizeof cmd); 3991 cmd.code = sc->reset_noise_gain; 3992 cmd.ngroups = 1; 3993 cmd.isvalid = 1; 3994 DPRINTF(("setting initial differential gains\n")); 3995 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1); 3996 } 3997 3998 static int 3999 iwn4965_set_gains(struct iwn_softc *sc) 4000 { 4001 struct iwn_calib_state *calib = &sc->calib; 4002 struct iwn_phy_calib_gain cmd; 4003 int i, delta, noise; 4004 4005 /* Get minimal noise among connected antennas. */ 4006 noise = INT_MAX; /* NB: There's at least one antenna. */ 4007 for (i = 0; i < 3; i++) 4008 if (sc->chainmask & (1 << i)) 4009 noise = MIN(calib->noise[i], noise); 4010 4011 memset(&cmd, 0, sizeof cmd); 4012 cmd.code = IWN4965_PHY_CALIB_DIFF_GAIN; 4013 /* Set differential gains for connected antennas. */ 4014 for (i = 0; i < 3; i++) { 4015 if (sc->chainmask & (1 << i)) { 4016 /* Compute attenuation (in unit of 1.5dB). */ 4017 delta = (noise - (int32_t)calib->noise[i]) / 30; 4018 /* NB: delta <= 0 */ 4019 /* Limit to [-4.5dB,0]. */ 4020 cmd.gain[i] = MIN(abs(delta), 3); 4021 if (delta < 0) 4022 cmd.gain[i] |= 1 << 2; /* sign bit */ 4023 } 4024 } 4025 DPRINTF(("setting differential gains Ant A/B/C: %x/%x/%x (%x)\n", 4026 cmd.gain[0], cmd.gain[1], cmd.gain[2], sc->chainmask)); 4027 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1); 4028 } 4029 4030 static int 4031 iwn5000_set_gains(struct iwn_softc *sc) 4032 { 4033 struct iwn_calib_state *calib = &sc->calib; 4034 struct iwn_phy_calib_gain cmd; 4035 int i, ant, div, delta; 4036 4037 /* We collected 20 beacons and !=6050 need a 1.5 factor. */ 4038 div = (sc->hw_type == IWN_HW_REV_TYPE_6050) ? 20 : 30; 4039 4040 memset(&cmd, 0, sizeof cmd); 4041 cmd.code = sc->noise_gain; 4042 cmd.ngroups = 1; 4043 cmd.isvalid = 1; 4044 /* Get first available RX antenna as referential. */ 4045 ant = IWN_LSB(sc->rxchainmask); 4046 /* Set differential gains for other antennas. */ 4047 for (i = ant + 1; i < 3; i++) { 4048 if (sc->chainmask & (1 << i)) { 4049 /* The delta is relative to antenna "ant". */ 4050 delta = ((int32_t)calib->noise[ant] - 4051 (int32_t)calib->noise[i]) / div; 4052 /* Limit to [-4.5dB,+4.5dB]. */ 4053 cmd.gain[i - 1] = MIN(abs(delta), 3); 4054 if (delta < 0) 4055 cmd.gain[i - 1] |= 1 << 2; /* sign bit */ 4056 } 4057 } 4058 DPRINTF(("setting differential gains: %x/%x (%x)\n", 4059 cmd.gain[0], cmd.gain[1], sc->chainmask)); 4060 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1); 4061 } 4062 4063 /* 4064 * Tune RF RX sensitivity based on the number of false alarms detected 4065 * during the last beacon period. 4066 */ 4067 static void 4068 iwn_tune_sensitivity(struct iwn_softc *sc, const struct iwn_rx_stats *stats) 4069 { 4070 #define inc(val, inc, max) \ 4071 if ((val) < (max)) { \ 4072 if ((val) < (max) - (inc)) \ 4073 (val) += (inc); \ 4074 else \ 4075 (val) = (max); \ 4076 needs_update = 1; \ 4077 } 4078 #define dec(val, dec, min) \ 4079 if ((val) > (min)) { \ 4080 if ((val) > (min) + (dec)) \ 4081 (val) -= (dec); \ 4082 else \ 4083 (val) = (min); \ 4084 needs_update = 1; \ 4085 } 4086 4087 const struct iwn_sensitivity_limits *limits = sc->limits; 4088 struct iwn_calib_state *calib = &sc->calib; 4089 uint32_t val, rxena, fa; 4090 uint32_t energy[3], energy_min; 4091 uint8_t noise[3], noise_ref; 4092 int i, needs_update = 0; 4093 4094 /* Check that we've been enabled long enough. */ 4095 if ((rxena = le32toh(stats->general.load)) == 0) 4096 return; 4097 4098 /* Compute number of false alarms since last call for OFDM. */ 4099 fa = le32toh(stats->ofdm.bad_plcp) - calib->bad_plcp_ofdm; 4100 fa += le32toh(stats->ofdm.fa) - calib->fa_ofdm; 4101 fa *= 200 * 1024; /* 200TU */ 4102 4103 /* Save counters values for next call. */ 4104 calib->bad_plcp_ofdm = le32toh(stats->ofdm.bad_plcp); 4105 calib->fa_ofdm = le32toh(stats->ofdm.fa); 4106 4107 if (fa > 50 * rxena) { 4108 /* High false alarm count, decrease sensitivity. */ 4109 DPRINTFN(2, ("OFDM high false alarm count: %u\n", fa)); 4110 inc(calib->ofdm_x1, 1, limits->max_ofdm_x1); 4111 inc(calib->ofdm_mrc_x1, 1, limits->max_ofdm_mrc_x1); 4112 inc(calib->ofdm_x4, 1, limits->max_ofdm_x4); 4113 inc(calib->ofdm_mrc_x4, 1, limits->max_ofdm_mrc_x4); 4114 4115 } else if (fa < 5 * rxena) { 4116 /* Low false alarm count, increase sensitivity. */ 4117 DPRINTFN(2, ("OFDM low false alarm count: %u\n", fa)); 4118 dec(calib->ofdm_x1, 1, limits->min_ofdm_x1); 4119 dec(calib->ofdm_mrc_x1, 1, limits->min_ofdm_mrc_x1); 4120 dec(calib->ofdm_x4, 1, limits->min_ofdm_x4); 4121 dec(calib->ofdm_mrc_x4, 1, limits->min_ofdm_mrc_x4); 4122 } 4123 4124 /* Compute maximum noise among 3 receivers. */ 4125 for (i = 0; i < 3; i++) 4126 noise[i] = (le32toh(stats->general.noise[i]) >> 8) & 0xff; 4127 val = MAX(noise[0], noise[1]); 4128 val = MAX(noise[2], val); 4129 /* Insert it into our samples table. */ 4130 calib->noise_samples[calib->cur_noise_sample] = val; 4131 calib->cur_noise_sample = (calib->cur_noise_sample + 1) % 20; 4132 4133 /* Compute maximum noise among last 20 samples. */ 4134 noise_ref = calib->noise_samples[0]; 4135 for (i = 1; i < 20; i++) 4136 noise_ref = MAX(noise_ref, calib->noise_samples[i]); 4137 4138 /* Compute maximum energy among 3 receivers. */ 4139 for (i = 0; i < 3; i++) 4140 energy[i] = le32toh(stats->general.energy[i]); 4141 val = MIN(energy[0], energy[1]); 4142 val = MIN(energy[2], val); 4143 /* Insert it into our samples table. */ 4144 calib->energy_samples[calib->cur_energy_sample] = val; 4145 calib->cur_energy_sample = (calib->cur_energy_sample + 1) % 10; 4146 4147 /* Compute minimum energy among last 10 samples. */ 4148 energy_min = calib->energy_samples[0]; 4149 for (i = 1; i < 10; i++) 4150 energy_min = MAX(energy_min, calib->energy_samples[i]); 4151 energy_min += 6; 4152 4153 /* Compute number of false alarms since last call for CCK. */ 4154 fa = le32toh(stats->cck.bad_plcp) - calib->bad_plcp_cck; 4155 fa += le32toh(stats->cck.fa) - calib->fa_cck; 4156 fa *= 200 * 1024; /* 200TU */ 4157 4158 /* Save counters values for next call. */ 4159 calib->bad_plcp_cck = le32toh(stats->cck.bad_plcp); 4160 calib->fa_cck = le32toh(stats->cck.fa); 4161 4162 if (fa > 50 * rxena) { 4163 /* High false alarm count, decrease sensitivity. */ 4164 DPRINTFN(2, ("CCK high false alarm count: %u\n", fa)); 4165 calib->cck_state = IWN_CCK_STATE_HIFA; 4166 calib->low_fa = 0; 4167 4168 if (calib->cck_x4 > 160) { 4169 calib->noise_ref = noise_ref; 4170 if (calib->energy_cck > 2) 4171 dec(calib->energy_cck, 2, energy_min); 4172 } 4173 if (calib->cck_x4 < 160) { 4174 calib->cck_x4 = 161; 4175 needs_update = 1; 4176 } else 4177 inc(calib->cck_x4, 3, limits->max_cck_x4); 4178 4179 inc(calib->cck_mrc_x4, 3, limits->max_cck_mrc_x4); 4180 4181 } else if (fa < 5 * rxena) { 4182 /* Low false alarm count, increase sensitivity. */ 4183 DPRINTFN(2, ("CCK low false alarm count: %u\n", fa)); 4184 calib->cck_state = IWN_CCK_STATE_LOFA; 4185 calib->low_fa++; 4186 4187 if (calib->cck_state != IWN_CCK_STATE_INIT && 4188 (((int32_t)calib->noise_ref - (int32_t)noise_ref) > 2 || 4189 calib->low_fa > 100)) { 4190 inc(calib->energy_cck, 2, limits->min_energy_cck); 4191 dec(calib->cck_x4, 3, limits->min_cck_x4); 4192 dec(calib->cck_mrc_x4, 3, limits->min_cck_mrc_x4); 4193 } 4194 } else { 4195 /* Not worth to increase or decrease sensitivity. */ 4196 DPRINTFN(2, ("CCK normal false alarm count: %u\n", fa)); 4197 calib->low_fa = 0; 4198 calib->noise_ref = noise_ref; 4199 4200 if (calib->cck_state == IWN_CCK_STATE_HIFA) { 4201 /* Previous interval had many false alarms. */ 4202 dec(calib->energy_cck, 8, energy_min); 4203 } 4204 calib->cck_state = IWN_CCK_STATE_INIT; 4205 } 4206 4207 if (needs_update) 4208 (void)iwn_send_sensitivity(sc); 4209 #undef dec 4210 #undef inc 4211 } 4212 4213 static int 4214 iwn_send_sensitivity(struct iwn_softc *sc) 4215 { 4216 struct iwn_calib_state *calib = &sc->calib; 4217 struct iwn_enhanced_sensitivity_cmd cmd; 4218 int len; 4219 4220 memset(&cmd, 0, sizeof cmd); 4221 len = sizeof (struct iwn_sensitivity_cmd); 4222 cmd.which = IWN_SENSITIVITY_WORKTBL; 4223 /* OFDM modulation. */ 4224 cmd.corr_ofdm_x1 = htole16(calib->ofdm_x1); 4225 cmd.corr_ofdm_mrc_x1 = htole16(calib->ofdm_mrc_x1); 4226 cmd.corr_ofdm_x4 = htole16(calib->ofdm_x4); 4227 cmd.corr_ofdm_mrc_x4 = htole16(calib->ofdm_mrc_x4); 4228 cmd.energy_ofdm = htole16(sc->limits->energy_ofdm); 4229 cmd.energy_ofdm_th = htole16(62); 4230 /* CCK modulation. */ 4231 cmd.corr_cck_x4 = htole16(calib->cck_x4); 4232 cmd.corr_cck_mrc_x4 = htole16(calib->cck_mrc_x4); 4233 cmd.energy_cck = htole16(calib->energy_cck); 4234 /* Barker modulation: use default values. */ 4235 cmd.corr_barker = htole16(190); 4236 cmd.corr_barker_mrc = htole16(sc->limits->barker_mrc); 4237 if (!(sc->sc_flags & IWN_FLAG_ENH_SENS)) 4238 goto send; 4239 /* Enhanced sensitivity settings. */ 4240 len = sizeof (struct iwn_enhanced_sensitivity_cmd); 4241 cmd.ofdm_det_slope_mrc = htole16(668); 4242 cmd.ofdm_det_icept_mrc = htole16(4); 4243 cmd.ofdm_det_slope = htole16(486); 4244 cmd.ofdm_det_icept = htole16(37); 4245 cmd.cck_det_slope_mrc = htole16(853); 4246 cmd.cck_det_icept_mrc = htole16(4); 4247 cmd.cck_det_slope = htole16(476); 4248 cmd.cck_det_icept = htole16(99); 4249 send: 4250 DPRINTFN(2, ("setting sensitivity %d/%d/%d/%d/%d/%d/%d\n", 4251 calib->ofdm_x1, calib->ofdm_mrc_x1, calib->ofdm_x4, 4252 calib->ofdm_mrc_x4, calib->cck_x4, calib->cck_mrc_x4, 4253 calib->energy_cck)); 4254 return iwn_cmd(sc, IWN_CMD_SET_SENSITIVITY, &cmd, len, 1); 4255 } 4256 4257 /* 4258 * Set STA mode power saving level (between 0 and 5). 4259 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 4260 */ 4261 static int 4262 iwn_set_pslevel(struct iwn_softc *sc, int dtim, int level, int async) 4263 { 4264 struct iwn_pmgt_cmd cmd; 4265 const struct iwn_pmgt *pmgt; 4266 uint32_t maxp, skip_dtim; 4267 pcireg_t reg; 4268 int i; 4269 4270 /* Select which PS parameters to use. */ 4271 if (dtim <= 2) 4272 pmgt = &iwn_pmgt[0][level]; 4273 else if (dtim <= 10) 4274 pmgt = &iwn_pmgt[1][level]; 4275 else 4276 pmgt = &iwn_pmgt[2][level]; 4277 4278 memset(&cmd, 0, sizeof cmd); 4279 if (level != 0) /* not CAM */ 4280 cmd.flags |= htole16(IWN_PS_ALLOW_SLEEP); 4281 if (level == 5) 4282 cmd.flags |= htole16(IWN_PS_FAST_PD); 4283 /* Retrieve PCIe Active State Power Management (ASPM). */ 4284 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 4285 sc->sc_cap_off + PCIE_LCSR); 4286 if (!(reg & PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 4287 cmd.flags |= htole16(IWN_PS_PCI_PMGT); 4288 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 4289 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 4290 4291 if (dtim == 0) { 4292 dtim = 1; 4293 skip_dtim = 0; 4294 } else 4295 skip_dtim = pmgt->skip_dtim; 4296 if (skip_dtim != 0) { 4297 cmd.flags |= htole16(IWN_PS_SLEEP_OVER_DTIM); 4298 maxp = pmgt->intval[4]; 4299 if (maxp == (uint32_t)-1) 4300 maxp = dtim * (skip_dtim + 1); 4301 else if (maxp > dtim) 4302 maxp = (maxp / dtim) * dtim; 4303 } else 4304 maxp = dtim; 4305 for (i = 0; i < 5; i++) 4306 cmd.intval[i] = htole32(MIN(maxp, pmgt->intval[i])); 4307 4308 DPRINTF(("setting power saving level to %d\n", level)); 4309 return iwn_cmd(sc, IWN_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 4310 } 4311 4312 int 4313 iwn5000_runtime_calib(struct iwn_softc *sc) 4314 { 4315 struct iwn5000_calib_config cmd; 4316 4317 memset(&cmd, 0, sizeof cmd); 4318 cmd.ucode.once.enable = 0xffffffff; 4319 cmd.ucode.once.start = IWN5000_CALIB_DC; 4320 DPRINTF(("configuring runtime calibration\n")); 4321 return iwn_cmd(sc, IWN5000_CMD_CALIB_CONFIG, &cmd, sizeof(cmd), 0); 4322 } 4323 4324 static int 4325 iwn_config_bt_coex_bluetooth(struct iwn_softc *sc) 4326 { 4327 struct iwn_bluetooth bluetooth; 4328 4329 memset(&bluetooth, 0, sizeof bluetooth); 4330 bluetooth.flags = IWN_BT_COEX_ENABLE; 4331 bluetooth.lead_time = IWN_BT_LEAD_TIME_DEF; 4332 bluetooth.max_kill = IWN_BT_MAX_KILL_DEF; 4333 4334 DPRINTF(("configuring bluetooth coexistence\n")); 4335 return iwn_cmd(sc, IWN_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 4336 } 4337 4338 static int 4339 iwn_config_bt_coex_prio_table(struct iwn_softc *sc) 4340 { 4341 uint8_t prio_table[16]; 4342 4343 memset(&prio_table, 0, sizeof prio_table); 4344 prio_table[ 0] = 6; /* init calibration 1 */ 4345 prio_table[ 1] = 7; /* init calibration 2 */ 4346 prio_table[ 2] = 2; /* periodic calib low 1 */ 4347 prio_table[ 3] = 3; /* periodic calib low 2 */ 4348 prio_table[ 4] = 4; /* periodic calib high 1 */ 4349 prio_table[ 5] = 5; /* periodic calib high 2 */ 4350 prio_table[ 6] = 6; /* dtim */ 4351 prio_table[ 7] = 8; /* scan52 */ 4352 prio_table[ 8] = 10; /* scan24 */ 4353 4354 DPRINTF(("sending priority lookup table\n")); 4355 return iwn_cmd(sc, IWN_CMD_BT_COEX_PRIO_TABLE, 4356 &prio_table, sizeof prio_table, 0); 4357 } 4358 4359 static int 4360 iwn_config_bt_coex_adv_config(struct iwn_softc *sc, struct iwn_bt_basic *basic, 4361 size_t len) 4362 { 4363 struct iwn_btcoex_prot btprot; 4364 int error; 4365 4366 basic->bt.flags = IWN_BT_COEX_ENABLE; 4367 basic->bt.lead_time = IWN_BT_LEAD_TIME_DEF; 4368 basic->bt.max_kill = IWN_BT_MAX_KILL_DEF; 4369 basic->bt.bt3_timer_t7_value = IWN_BT_BT3_T7_DEF; 4370 basic->bt.kill_ack_mask = IWN_BT_KILL_ACK_MASK_DEF; 4371 basic->bt.kill_cts_mask = IWN_BT_KILL_CTS_MASK_DEF; 4372 basic->bt3_prio_sample_time = IWN_BT_BT3_PRIO_SAMPLE_DEF; 4373 basic->bt3_timer_t2_value = IWN_BT_BT3_T2_DEF; 4374 basic->bt3_lookup_table[ 0] = htole32(0xaaaaaaaa); /* Normal */ 4375 basic->bt3_lookup_table[ 1] = htole32(0xaaaaaaaa); 4376 basic->bt3_lookup_table[ 2] = htole32(0xaeaaaaaa); 4377 basic->bt3_lookup_table[ 3] = htole32(0xaaaaaaaa); 4378 basic->bt3_lookup_table[ 4] = htole32(0xcc00ff28); 4379 basic->bt3_lookup_table[ 5] = htole32(0x0000aaaa); 4380 basic->bt3_lookup_table[ 6] = htole32(0xcc00aaaa); 4381 basic->bt3_lookup_table[ 7] = htole32(0x0000aaaa); 4382 basic->bt3_lookup_table[ 8] = htole32(0xc0004000); 4383 basic->bt3_lookup_table[ 9] = htole32(0x00004000); 4384 basic->bt3_lookup_table[10] = htole32(0xf0005000); 4385 basic->bt3_lookup_table[11] = htole32(0xf0005000); 4386 basic->reduce_txpower = 0; /* as not implemented */ 4387 basic->valid = IWN_BT_ALL_VALID_MASK; 4388 4389 DPRINTF(("configuring advanced bluetooth coexistence v1\n")); 4390 error = iwn_cmd(sc, IWN_CMD_BT_COEX, basic, len, 0); 4391 if (error != 0) { 4392 aprint_error_dev(sc->sc_dev, 4393 "could not configure advanced bluetooth coexistence\n"); 4394 return error; 4395 } 4396 4397 error = iwn_config_bt_coex_prio_table(sc); 4398 if (error != 0) { 4399 aprint_error_dev(sc->sc_dev, 4400 "could not configure send BT priority table\n"); 4401 return error; 4402 } 4403 4404 /* Force BT state machine change */ 4405 memset(&btprot, 0, sizeof btprot); 4406 btprot.open = 1; 4407 btprot.type = 1; 4408 error = iwn_cmd(sc, IWN_CMD_BT_COEX_PROT, &btprot, sizeof btprot, 1); 4409 if (error != 0) { 4410 aprint_error_dev(sc->sc_dev, "could not open BT protcol\n"); 4411 return error; 4412 } 4413 4414 btprot.open = 0; 4415 error = iwn_cmd(sc, IWN_CMD_BT_COEX_PROT, &btprot, sizeof btprot, 1); 4416 if (error != 0) { 4417 aprint_error_dev(sc->sc_dev, "could not close BT protcol\n"); 4418 return error; 4419 } 4420 return 0; 4421 } 4422 4423 static int 4424 iwn_config_bt_coex_adv1(struct iwn_softc *sc) 4425 { 4426 struct iwn_bt_adv1 d; 4427 4428 memset(&d, 0, sizeof d); 4429 d.prio_boost = IWN_BT_PRIO_BOOST_DEF; 4430 d.tx_prio_boost = 0; 4431 d.rx_prio_boost = 0; 4432 return iwn_config_bt_coex_adv_config(sc, &d.basic, sizeof d); 4433 } 4434 4435 static int 4436 iwn_config_bt_coex_adv2(struct iwn_softc *sc) 4437 { 4438 struct iwn_bt_adv2 d; 4439 4440 memset(&d, 0, sizeof d); 4441 d.prio_boost = IWN_BT_PRIO_BOOST_DEF; 4442 d.tx_prio_boost = 0; 4443 d.rx_prio_boost = 0; 4444 return iwn_config_bt_coex_adv_config(sc, &d.basic, sizeof d); 4445 } 4446 4447 static int 4448 iwn_config(struct iwn_softc *sc) 4449 { 4450 struct iwn_ops *ops = &sc->ops; 4451 struct ieee80211com *ic = &sc->sc_ic; 4452 struct ifnet *ifp = ic->ic_ifp; 4453 uint32_t txmask; 4454 uint16_t rxchain; 4455 int error; 4456 4457 error = ops->config_bt_coex(sc); 4458 if (error != 0) { 4459 aprint_error_dev(sc->sc_dev, 4460 "could not configure bluetooth coexistence\n"); 4461 return error; 4462 } 4463 4464 /* Set radio temperature sensor offset. */ 4465 if (sc->hw_type == IWN_HW_REV_TYPE_6005) { 4466 error = iwn6000_temp_offset_calib(sc); 4467 if (error != 0) { 4468 aprint_error_dev(sc->sc_dev, 4469 "could not set temperature offset\n"); 4470 return error; 4471 } 4472 } 4473 4474 if (sc->hw_type == IWN_HW_REV_TYPE_2030 || 4475 sc->hw_type == IWN_HW_REV_TYPE_2000 || 4476 sc->hw_type == IWN_HW_REV_TYPE_135 || 4477 sc->hw_type == IWN_HW_REV_TYPE_105) { 4478 error = iwn2000_temp_offset_calib(sc); 4479 if (error != 0) { 4480 aprint_error_dev(sc->sc_dev, 4481 "could not set temperature offset\n"); 4482 return error; 4483 } 4484 } 4485 4486 if (sc->hw_type == IWN_HW_REV_TYPE_6050 || 4487 sc->hw_type == IWN_HW_REV_TYPE_6005) { 4488 /* Configure runtime DC calibration. */ 4489 error = iwn5000_runtime_calib(sc); 4490 if (error != 0) { 4491 aprint_error_dev(sc->sc_dev, 4492 "could not configure runtime calibration\n"); 4493 return error; 4494 } 4495 } 4496 4497 /* Configure valid TX chains for 5000 Series. */ 4498 if (sc->hw_type != IWN_HW_REV_TYPE_4965) { 4499 txmask = htole32(sc->txchainmask); 4500 DPRINTF(("configuring valid TX chains 0x%x\n", txmask)); 4501 error = iwn_cmd(sc, IWN5000_CMD_TX_ANT_CONFIG, &txmask, 4502 sizeof txmask, 0); 4503 if (error != 0) { 4504 aprint_error_dev(sc->sc_dev, 4505 "could not configure valid TX chains\n"); 4506 return error; 4507 } 4508 } 4509 4510 /* Set mode, channel, RX filter and enable RX. */ 4511 memset(&sc->rxon, 0, sizeof (struct iwn_rxon)); 4512 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 4513 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 4514 IEEE80211_ADDR_COPY(sc->rxon.wlap, ic->ic_myaddr); 4515 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 4516 sc->rxon.flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF); 4517 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 4518 sc->rxon.flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ); 4519 switch (ic->ic_opmode) { 4520 case IEEE80211_M_STA: 4521 sc->rxon.mode = IWN_MODE_STA; 4522 sc->rxon.filter = htole32(IWN_FILTER_MULTICAST); 4523 break; 4524 case IEEE80211_M_MONITOR: 4525 sc->rxon.mode = IWN_MODE_MONITOR; 4526 sc->rxon.filter = htole32(IWN_FILTER_MULTICAST | 4527 IWN_FILTER_CTL | IWN_FILTER_PROMISC); 4528 break; 4529 default: 4530 /* Should not get there. */ 4531 break; 4532 } 4533 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 4534 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 4535 sc->rxon.ht_single_mask = 0xff; 4536 sc->rxon.ht_dual_mask = 0xff; 4537 sc->rxon.ht_triple_mask = 0xff; 4538 rxchain = 4539 IWN_RXCHAIN_VALID(sc->rxchainmask) | 4540 IWN_RXCHAIN_MIMO_COUNT(2) | 4541 IWN_RXCHAIN_IDLE_COUNT(2); 4542 sc->rxon.rxchain = htole16(rxchain); 4543 DPRINTF(("setting configuration\n")); 4544 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, sc->rxonsz, 0); 4545 if (error != 0) { 4546 aprint_error_dev(sc->sc_dev, 4547 "RXON command failed\n"); 4548 return error; 4549 } 4550 4551 if ((error = iwn_add_broadcast_node(sc, 0)) != 0) { 4552 aprint_error_dev(sc->sc_dev, 4553 "could not add broadcast node\n"); 4554 return error; 4555 } 4556 4557 /* Configuration has changed, set TX power accordingly. */ 4558 if ((error = ops->set_txpower(sc, 0)) != 0) { 4559 aprint_error_dev(sc->sc_dev, 4560 "could not set TX power\n"); 4561 return error; 4562 } 4563 4564 if ((error = iwn_set_critical_temp(sc)) != 0) { 4565 aprint_error_dev(sc->sc_dev, 4566 "could not set critical temperature\n"); 4567 return error; 4568 } 4569 4570 /* Set power saving level to CAM during initialization. */ 4571 if ((error = iwn_set_pslevel(sc, 0, 0, 0)) != 0) { 4572 aprint_error_dev(sc->sc_dev, 4573 "could not set power saving level\n"); 4574 return error; 4575 } 4576 return 0; 4577 } 4578 4579 static uint16_t 4580 iwn_get_active_dwell_time(struct iwn_softc *sc, uint16_t flags, 4581 uint8_t n_probes) 4582 { 4583 /* No channel? Default to 2GHz settings */ 4584 if (flags & IEEE80211_CHAN_2GHZ) 4585 return IWN_ACTIVE_DWELL_TIME_2GHZ + 4586 IWN_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1); 4587 4588 /* 5GHz dwell time */ 4589 return IWN_ACTIVE_DWELL_TIME_5GHZ + 4590 IWN_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1); 4591 } 4592 4593 /* 4594 * Limit the total dwell time to 85% of the beacon interval. 4595 * 4596 * Returns the dwell time in milliseconds. 4597 */ 4598 static uint16_t 4599 iwn_limit_dwell(struct iwn_softc *sc, uint16_t dwell_time) 4600 { 4601 struct ieee80211com *ic = &sc->sc_ic; 4602 struct ieee80211_node *ni = ic->ic_bss; 4603 int bintval = 0; 4604 4605 /* bintval is in TU (1.024mS) */ 4606 if (ni != NULL) 4607 bintval = ni->ni_intval; 4608 4609 /* 4610 * If it's non-zero, we should calculate the minimum of 4611 * it and the DWELL_BASE. 4612 * 4613 * XXX Yes, the math should take into account that bintval 4614 * is 1.024mS, not 1mS.. 4615 */ 4616 if (bintval > 0) 4617 return MIN(IWN_PASSIVE_DWELL_BASE, ((bintval * 85) / 100)); 4618 4619 /* No association context? Default */ 4620 return IWN_PASSIVE_DWELL_BASE; 4621 } 4622 4623 static uint16_t 4624 iwn_get_passive_dwell_time(struct iwn_softc *sc, uint16_t flags) 4625 { 4626 uint16_t passive; 4627 if (flags & IEEE80211_CHAN_2GHZ) 4628 passive = IWN_PASSIVE_DWELL_BASE + IWN_PASSIVE_DWELL_TIME_2GHZ; 4629 else 4630 passive = IWN_PASSIVE_DWELL_BASE + IWN_PASSIVE_DWELL_TIME_5GHZ; 4631 4632 /* Clamp to the beacon interval if we're associated */ 4633 return iwn_limit_dwell(sc, passive); 4634 } 4635 4636 static int 4637 iwn_scan(struct iwn_softc *sc, uint16_t flags) 4638 { 4639 struct ieee80211com *ic = &sc->sc_ic; 4640 struct iwn_scan_hdr *hdr; 4641 struct iwn_cmd_data *tx; 4642 struct iwn_scan_essid *essid; 4643 struct iwn_scan_chan *chan; 4644 struct ieee80211_frame *wh; 4645 struct ieee80211_rateset *rs; 4646 struct ieee80211_channel *c; 4647 uint8_t *buf, *frm; 4648 uint16_t rxchain, dwell_active, dwell_passive; 4649 uint8_t txant; 4650 int buflen, error, is_active; 4651 4652 buf = malloc(IWN_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 4653 if (buf == NULL) { 4654 aprint_error_dev(sc->sc_dev, 4655 "could not allocate buffer for scan command\n"); 4656 return ENOMEM; 4657 } 4658 hdr = (struct iwn_scan_hdr *)buf; 4659 /* 4660 * Move to the next channel if no frames are received within 10ms 4661 * after sending the probe request. 4662 */ 4663 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 4664 hdr->quiet_threshold = htole16(1); /* min # of packets */ 4665 4666 /* Select antennas for scanning. */ 4667 rxchain = 4668 IWN_RXCHAIN_VALID(sc->rxchainmask) | 4669 IWN_RXCHAIN_FORCE_MIMO_SEL(sc->rxchainmask) | 4670 IWN_RXCHAIN_DRIVER_FORCE; 4671 if ((flags & IEEE80211_CHAN_5GHZ) && 4672 sc->hw_type == IWN_HW_REV_TYPE_4965) { 4673 /* Ant A must be avoided in 5GHz because of an HW bug. */ 4674 rxchain |= IWN_RXCHAIN_FORCE_SEL(IWN_ANT_BC); 4675 } else /* Use all available RX antennas. */ 4676 rxchain |= IWN_RXCHAIN_FORCE_SEL(sc->rxchainmask); 4677 hdr->rxchain = htole16(rxchain); 4678 hdr->filter = htole32(IWN_FILTER_MULTICAST | IWN_FILTER_BEACON); 4679 4680 tx = (struct iwn_cmd_data *)(hdr + 1); 4681 tx->flags = htole32(IWN_TX_AUTO_SEQ); 4682 tx->id = sc->broadcast_id; 4683 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 4684 4685 if (flags & IEEE80211_CHAN_5GHZ) { 4686 hdr->crc_threshold = 0xffff; 4687 /* Send probe requests at 6Mbps. */ 4688 tx->plcp = iwn_rates[IWN_RIDX_OFDM6].plcp; 4689 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 4690 } else { 4691 hdr->flags = htole32(IWN_RXON_24GHZ | IWN_RXON_AUTO); 4692 /* Send probe requests at 1Mbps. */ 4693 tx->plcp = iwn_rates[IWN_RIDX_CCK1].plcp; 4694 tx->rflags = IWN_RFLAG_CCK; 4695 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 4696 } 4697 /* Use the first valid TX antenna. */ 4698 txant = IWN_LSB(sc->txchainmask); 4699 tx->rflags |= IWN_RFLAG_ANT(txant); 4700 4701 /* 4702 * Only do active scanning if we're announcing a probe request 4703 * for a given SSID (or more, if we ever add it to the driver.) 4704 */ 4705 is_active = 0; 4706 4707 essid = (struct iwn_scan_essid *)(tx + 1); 4708 if (ic->ic_des_esslen != 0) { 4709 essid[0].id = IEEE80211_ELEMID_SSID; 4710 essid[0].len = ic->ic_des_esslen; 4711 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 4712 4713 is_active = 1; 4714 } 4715 /* 4716 * Build a probe request frame. Most of the following code is a 4717 * copy & paste of what is done in net80211. 4718 */ 4719 wh = (struct ieee80211_frame *)(essid + 20); 4720 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 4721 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 4722 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 4723 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 4724 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 4725 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 4726 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 4727 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 4728 4729 frm = (uint8_t *)(wh + 1); 4730 frm = ieee80211_add_ssid(frm, NULL, 0); 4731 frm = ieee80211_add_rates(frm, rs); 4732 #ifndef IEEE80211_NO_HT 4733 if (ic->ic_flags & IEEE80211_F_HTON) 4734 frm = ieee80211_add_htcaps(frm, ic); 4735 #endif 4736 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 4737 frm = ieee80211_add_xrates(frm, rs); 4738 4739 /* Set length of probe request. */ 4740 tx->len = htole16(frm - (uint8_t *)wh); 4741 4742 4743 /* 4744 * If active scanning is requested but a certain channel is 4745 * marked passive, we can do active scanning if we detect 4746 * transmissions. 4747 * 4748 * There is an issue with some firmware versions that triggers 4749 * a sysassert on a "good CRC threshold" of zero (== disabled), 4750 * on a radar channel even though this means that we should NOT 4751 * send probes. 4752 * 4753 * The "good CRC threshold" is the number of frames that we 4754 * need to receive during our dwell time on a channel before 4755 * sending out probes -- setting this to a huge value will 4756 * mean we never reach it, but at the same time work around 4757 * the aforementioned issue. Thus use IWN_GOOD_CRC_TH_NEVER 4758 * here instead of IWN_GOOD_CRC_TH_DISABLED. 4759 * 4760 * This was fixed in later versions along with some other 4761 * scan changes, and the threshold behaves as a flag in those 4762 * versions. 4763 */ 4764 4765 /* 4766 * If we're doing active scanning, set the crc_threshold 4767 * to a suitable value. This is different to active veruss 4768 * passive scanning depending upon the channel flags; the 4769 * firmware will obey that particular check for us. 4770 */ 4771 if (sc->tlv_feature_flags & IWN_UCODE_TLV_FLAGS_NEWSCAN) 4772 hdr->crc_threshold = is_active ? 4773 IWN_GOOD_CRC_TH_DEFAULT : IWN_GOOD_CRC_TH_DISABLED; 4774 else 4775 hdr->crc_threshold = is_active ? 4776 IWN_GOOD_CRC_TH_DEFAULT : IWN_GOOD_CRC_TH_NEVER; 4777 4778 chan = (struct iwn_scan_chan *)frm; 4779 for (c = &ic->ic_channels[1]; 4780 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 4781 if ((c->ic_flags & flags) != flags) 4782 continue; 4783 4784 chan->chan = htole16(ieee80211_chan2ieee(ic, c)); 4785 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 4786 chan->flags = 0; 4787 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 4788 chan->flags |= htole32(IWN_CHAN_ACTIVE); 4789 if (ic->ic_des_esslen != 0) 4790 chan->flags |= htole32(IWN_CHAN_NPBREQS(1)); 4791 4792 /* 4793 * Calculate the active/passive dwell times. 4794 */ 4795 4796 dwell_active = iwn_get_active_dwell_time(sc, flags, is_active); 4797 dwell_passive = iwn_get_passive_dwell_time(sc, flags); 4798 4799 /* Make sure they're valid */ 4800 if (dwell_passive <= dwell_active) 4801 dwell_passive = dwell_active + 1; 4802 4803 chan->active = htole16(dwell_active); 4804 chan->passive = htole16(dwell_passive); 4805 4806 chan->dsp_gain = 0x6e; 4807 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4808 chan->rf_gain = 0x3b; 4809 } else { 4810 chan->rf_gain = 0x28; 4811 } 4812 hdr->nchan++; 4813 chan++; 4814 } 4815 4816 buflen = (uint8_t *)chan - buf; 4817 hdr->len = htole16(buflen); 4818 4819 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 4820 error = iwn_cmd(sc, IWN_CMD_SCAN, buf, buflen, 1); 4821 free(buf, M_DEVBUF); 4822 return error; 4823 } 4824 4825 static int 4826 iwn_auth(struct iwn_softc *sc) 4827 { 4828 struct iwn_ops *ops = &sc->ops; 4829 struct ieee80211com *ic = &sc->sc_ic; 4830 struct ieee80211_node *ni = ic->ic_bss; 4831 int error; 4832 4833 /* Update adapter configuration. */ 4834 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4835 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4836 sc->rxon.flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF); 4837 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4838 sc->rxon.flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ); 4839 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4840 sc->rxon.flags |= htole32(IWN_RXON_SHSLOT); 4841 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4842 sc->rxon.flags |= htole32(IWN_RXON_SHPREAMBLE); 4843 switch (ic->ic_curmode) { 4844 case IEEE80211_MODE_11A: 4845 sc->rxon.cck_mask = 0; 4846 sc->rxon.ofdm_mask = 0x15; 4847 break; 4848 case IEEE80211_MODE_11B: 4849 sc->rxon.cck_mask = 0x03; 4850 sc->rxon.ofdm_mask = 0; 4851 break; 4852 default: /* Assume 802.11b/g. */ 4853 sc->rxon.cck_mask = 0x0f; 4854 sc->rxon.ofdm_mask = 0x15; 4855 } 4856 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 4857 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 4858 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, sc->rxonsz, 1); 4859 if (error != 0) { 4860 aprint_error_dev(sc->sc_dev, 4861 "RXON command failed\n"); 4862 return error; 4863 } 4864 4865 /* Configuration has changed, set TX power accordingly. */ 4866 if ((error = ops->set_txpower(sc, 1)) != 0) { 4867 aprint_error_dev(sc->sc_dev, 4868 "could not set TX power\n"); 4869 return error; 4870 } 4871 /* 4872 * Reconfiguring RXON clears the firmware nodes table so we must 4873 * add the broadcast node again. 4874 */ 4875 if ((error = iwn_add_broadcast_node(sc, 1)) != 0) { 4876 aprint_error_dev(sc->sc_dev, 4877 "could not add broadcast node\n"); 4878 return error; 4879 } 4880 return 0; 4881 } 4882 4883 static int 4884 iwn_run(struct iwn_softc *sc) 4885 { 4886 struct iwn_ops *ops = &sc->ops; 4887 struct ieee80211com *ic = &sc->sc_ic; 4888 struct ieee80211_node *ni = ic->ic_bss; 4889 struct iwn_node_info node; 4890 int error; 4891 4892 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 4893 /* Link LED blinks while monitoring. */ 4894 iwn_set_led(sc, IWN_LED_LINK, 5, 5); 4895 return 0; 4896 } 4897 if ((error = iwn_set_timing(sc, ni)) != 0) { 4898 aprint_error_dev(sc->sc_dev, 4899 "could not set timing\n"); 4900 return error; 4901 } 4902 4903 /* Update adapter configuration. */ 4904 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 4905 /* Short preamble and slot time are negotiated when associating. */ 4906 sc->rxon.flags &= ~htole32(IWN_RXON_SHPREAMBLE | IWN_RXON_SHSLOT); 4907 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4908 sc->rxon.flags |= htole32(IWN_RXON_SHSLOT); 4909 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4910 sc->rxon.flags |= htole32(IWN_RXON_SHPREAMBLE); 4911 sc->rxon.filter |= htole32(IWN_FILTER_BSS); 4912 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 4913 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, sc->rxonsz, 1); 4914 if (error != 0) { 4915 aprint_error_dev(sc->sc_dev, 4916 "could not update configuration\n"); 4917 return error; 4918 } 4919 4920 /* Configuration has changed, set TX power accordingly. */ 4921 if ((error = ops->set_txpower(sc, 1)) != 0) { 4922 aprint_error_dev(sc->sc_dev, 4923 "could not set TX power\n"); 4924 return error; 4925 } 4926 4927 /* Fake a join to initialize the TX rate. */ 4928 ((struct iwn_node *)ni)->id = IWN_ID_BSS; 4929 iwn_newassoc(ni, 1); 4930 4931 /* Add BSS node. */ 4932 memset(&node, 0, sizeof node); 4933 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 4934 node.id = IWN_ID_BSS; 4935 #ifdef notyet 4936 node.htflags = htole32(IWN_AMDPU_SIZE_FACTOR(3) | 4937 IWN_AMDPU_DENSITY(5)); /* 2us */ 4938 #endif 4939 DPRINTF(("adding BSS node\n")); 4940 error = ops->add_node(sc, &node, 1); 4941 if (error != 0) { 4942 aprint_error_dev(sc->sc_dev, 4943 "could not add BSS node\n"); 4944 return error; 4945 } 4946 DPRINTF(("setting link quality for node %d\n", node.id)); 4947 if ((error = iwn_set_link_quality(sc, ni)) != 0) { 4948 aprint_error_dev(sc->sc_dev, 4949 "could not setup link quality for node %d\n", node.id); 4950 return error; 4951 } 4952 4953 if ((error = iwn_init_sensitivity(sc)) != 0) { 4954 aprint_error_dev(sc->sc_dev, 4955 "could not set sensitivity\n"); 4956 return error; 4957 } 4958 /* Start periodic calibration timer. */ 4959 sc->calib.state = IWN_CALIB_STATE_ASSOC; 4960 sc->calib_cnt = 0; 4961 callout_schedule(&sc->calib_to, hz/2); 4962 4963 /* Link LED always on while associated. */ 4964 iwn_set_led(sc, IWN_LED_LINK, 0, 1); 4965 return 0; 4966 } 4967 4968 #ifdef IWN_HWCRYPTO 4969 /* 4970 * We support CCMP hardware encryption/decryption of unicast frames only. 4971 * HW support for TKIP really sucks. We should let TKIP die anyway. 4972 */ 4973 static int 4974 iwn_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 4975 struct ieee80211_key *k) 4976 { 4977 struct iwn_softc *sc = ic->ic_softc; 4978 struct iwn_ops *ops = &sc->ops; 4979 struct iwn_node *wn = (void *)ni; 4980 struct iwn_node_info node; 4981 uint16_t kflags; 4982 4983 if ((k->k_flags & IEEE80211_KEY_GROUP) || 4984 k->k_cipher != IEEE80211_CIPHER_CCMP) 4985 return ieee80211_set_key(ic, ni, k); 4986 4987 kflags = IWN_KFLAG_CCMP | IWN_KFLAG_MAP | IWN_KFLAG_KID(k->k_id); 4988 if (k->k_flags & IEEE80211_KEY_GROUP) 4989 kflags |= IWN_KFLAG_GROUP; 4990 4991 memset(&node, 0, sizeof node); 4992 node.id = (k->k_flags & IEEE80211_KEY_GROUP) ? 4993 sc->broadcast_id : wn->id; 4994 node.control = IWN_NODE_UPDATE; 4995 node.flags = IWN_FLAG_SET_KEY; 4996 node.kflags = htole16(kflags); 4997 node.kid = k->k_id; 4998 memcpy(node.key, k->k_key, k->k_len); 4999 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 5000 return ops->add_node(sc, &node, 1); 5001 } 5002 5003 static void 5004 iwn_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 5005 struct ieee80211_key *k) 5006 { 5007 struct iwn_softc *sc = ic->ic_softc; 5008 struct iwn_ops *ops = &sc->ops; 5009 struct iwn_node *wn = (void *)ni; 5010 struct iwn_node_info node; 5011 5012 if ((k->k_flags & IEEE80211_KEY_GROUP) || 5013 k->k_cipher != IEEE80211_CIPHER_CCMP) { 5014 /* See comment about other ciphers above. */ 5015 ieee80211_delete_key(ic, ni, k); 5016 return; 5017 } 5018 if (ic->ic_state != IEEE80211_S_RUN) 5019 return; /* Nothing to do. */ 5020 memset(&node, 0, sizeof node); 5021 node.id = (k->k_flags & IEEE80211_KEY_GROUP) ? 5022 sc->broadcast_id : wn->id; 5023 node.control = IWN_NODE_UPDATE; 5024 node.flags = IWN_FLAG_SET_KEY; 5025 node.kflags = htole16(IWN_KFLAG_INVALID); 5026 node.kid = 0xff; 5027 DPRINTF(("delete keys for node %d\n", node.id)); 5028 (void)ops->add_node(sc, &node, 1); 5029 } 5030 #endif 5031 5032 /* XXX Added for NetBSD (copied from rev 1.39). */ 5033 5034 static int 5035 iwn_wme_update(struct ieee80211com *ic) 5036 { 5037 #define IWN_EXP2(v) htole16((1 << (v)) - 1) 5038 #define IWN_USEC(v) htole16(IEEE80211_TXOP_TO_US(v)) 5039 struct iwn_softc *sc = ic->ic_ifp->if_softc; 5040 const struct wmeParams *wmep; 5041 struct iwn_edca_params cmd; 5042 int ac; 5043 5044 /* don't override default WME values if WME is not actually enabled */ 5045 if (!(ic->ic_flags & IEEE80211_F_WME)) 5046 return 0; 5047 cmd.flags = 0; 5048 for (ac = 0; ac < WME_NUM_AC; ac++) { 5049 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac]; 5050 cmd.ac[ac].aifsn = wmep->wmep_aifsn; 5051 cmd.ac[ac].cwmin = IWN_EXP2(wmep->wmep_logcwmin); 5052 cmd.ac[ac].cwmax = IWN_EXP2(wmep->wmep_logcwmax); 5053 cmd.ac[ac].txoplimit = IWN_USEC(wmep->wmep_txopLimit); 5054 5055 DPRINTF(("setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 5056 "txop=%d\n", ac, cmd.ac[ac].aifsn, 5057 cmd.ac[ac].cwmin, 5058 cmd.ac[ac].cwmax, cmd.ac[ac].txoplimit)); 5059 } 5060 return iwn_cmd(sc, IWN_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 5061 #undef IWN_USEC 5062 #undef IWN_EXP2 5063 } 5064 5065 #ifndef IEEE80211_NO_HT 5066 /* 5067 * This function is called by upper layer when an ADDBA request is received 5068 * from another STA and before the ADDBA response is sent. 5069 */ 5070 static int 5071 iwn_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni, 5072 uint8_t tid) 5073 { 5074 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 5075 struct iwn_softc *sc = ic->ic_softc; 5076 struct iwn_ops *ops = &sc->ops; 5077 struct iwn_node *wn = (void *)ni; 5078 struct iwn_node_info node; 5079 5080 memset(&node, 0, sizeof node); 5081 node.id = wn->id; 5082 node.control = IWN_NODE_UPDATE; 5083 node.flags = IWN_FLAG_SET_ADDBA; 5084 node.addba_tid = tid; 5085 node.addba_ssn = htole16(ba->ba_winstart); 5086 DPRINTFN(2, ("ADDBA RA=%d TID=%d SSN=%d\n", wn->id, tid, 5087 ba->ba_winstart)); 5088 return ops->add_node(sc, &node, 1); 5089 } 5090 5091 /* 5092 * This function is called by upper layer on teardown of an HT-immediate 5093 * Block Ack agreement (eg. uppon receipt of a DELBA frame). 5094 */ 5095 static void 5096 iwn_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, 5097 uint8_t tid) 5098 { 5099 struct iwn_softc *sc = ic->ic_softc; 5100 struct iwn_ops *ops = &sc->ops; 5101 struct iwn_node *wn = (void *)ni; 5102 struct iwn_node_info node; 5103 5104 memset(&node, 0, sizeof node); 5105 node.id = wn->id; 5106 node.control = IWN_NODE_UPDATE; 5107 node.flags = IWN_FLAG_SET_DELBA; 5108 node.delba_tid = tid; 5109 DPRINTFN(2, ("DELBA RA=%d TID=%d\n", wn->id, tid)); 5110 (void)ops->add_node(sc, &node, 1); 5111 } 5112 5113 /* 5114 * This function is called by upper layer when an ADDBA response is received 5115 * from another STA. 5116 */ 5117 static int 5118 iwn_ampdu_tx_start(struct ieee80211com *ic, struct ieee80211_node *ni, 5119 uint8_t tid) 5120 { 5121 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 5122 struct iwn_softc *sc = ic->ic_softc; 5123 struct iwn_ops *ops = &sc->ops; 5124 struct iwn_node *wn = (void *)ni; 5125 struct iwn_node_info node; 5126 int error; 5127 5128 /* Enable TX for the specified RA/TID. */ 5129 wn->disable_tid &= ~(1 << tid); 5130 memset(&node, 0, sizeof node); 5131 node.id = wn->id; 5132 node.control = IWN_NODE_UPDATE; 5133 node.flags = IWN_FLAG_SET_DISABLE_TID; 5134 node.disable_tid = htole16(wn->disable_tid); 5135 error = ops->add_node(sc, &node, 1); 5136 if (error != 0) 5137 return error; 5138 5139 if ((error = iwn_nic_lock(sc)) != 0) 5140 return error; 5141 ops->ampdu_tx_start(sc, ni, tid, ba->ba_winstart); 5142 iwn_nic_unlock(sc); 5143 return 0; 5144 } 5145 5146 static void 5147 iwn_ampdu_tx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, 5148 uint8_t tid) 5149 { 5150 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 5151 struct iwn_softc *sc = ic->ic_softc; 5152 struct iwn_ops *ops = &sc->ops; 5153 5154 if (iwn_nic_lock(sc) != 0) 5155 return; 5156 ops->ampdu_tx_stop(sc, tid, ba->ba_winstart); 5157 iwn_nic_unlock(sc); 5158 } 5159 5160 static void 5161 iwn4965_ampdu_tx_start(struct iwn_softc *sc, struct ieee80211_node *ni, 5162 uint8_t tid, uint16_t ssn) 5163 { 5164 struct iwn_node *wn = (void *)ni; 5165 int qid = 7 + tid; 5166 5167 /* Stop TX scheduler while we're changing its configuration. */ 5168 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 5169 IWN4965_TXQ_STATUS_CHGACT); 5170 5171 /* Assign RA/TID translation to the queue. */ 5172 iwn_mem_write_2(sc, sc->sched_base + IWN4965_SCHED_TRANS_TBL(qid), 5173 wn->id << 4 | tid); 5174 5175 /* Enable chain-building mode for the queue. */ 5176 iwn_prph_setbits(sc, IWN4965_SCHED_QCHAIN_SEL, 1 << qid); 5177 5178 /* Set starting sequence number from the ADDBA request. */ 5179 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff)); 5180 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), ssn); 5181 5182 /* Set scheduler window size. */ 5183 iwn_mem_write(sc, sc->sched_base + IWN4965_SCHED_QUEUE_OFFSET(qid), 5184 IWN_SCHED_WINSZ); 5185 /* Set scheduler frame limit. */ 5186 iwn_mem_write(sc, sc->sched_base + IWN4965_SCHED_QUEUE_OFFSET(qid) + 4, 5187 IWN_SCHED_LIMIT << 16); 5188 5189 /* Enable interrupts for the queue. */ 5190 iwn_prph_setbits(sc, IWN4965_SCHED_INTR_MASK, 1 << qid); 5191 5192 /* Mark the queue as active. */ 5193 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 5194 IWN4965_TXQ_STATUS_ACTIVE | IWN4965_TXQ_STATUS_AGGR_ENA | 5195 iwn_tid2fifo[tid] << 1); 5196 } 5197 5198 static void 5199 iwn4965_ampdu_tx_stop(struct iwn_softc *sc, uint8_t tid, uint16_t ssn) 5200 { 5201 int qid = 7 + tid; 5202 5203 /* Stop TX scheduler while we're changing its configuration. */ 5204 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 5205 IWN4965_TXQ_STATUS_CHGACT); 5206 5207 /* Set starting sequence number from the ADDBA request. */ 5208 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff)); 5209 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), ssn); 5210 5211 /* Disable interrupts for the queue. */ 5212 iwn_prph_clrbits(sc, IWN4965_SCHED_INTR_MASK, 1 << qid); 5213 5214 /* Mark the queue as inactive. */ 5215 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 5216 IWN4965_TXQ_STATUS_INACTIVE | iwn_tid2fifo[tid] << 1); 5217 } 5218 5219 static void 5220 iwn5000_ampdu_tx_start(struct iwn_softc *sc, struct ieee80211_node *ni, 5221 uint8_t tid, uint16_t ssn) 5222 { 5223 struct iwn_node *wn = (void *)ni; 5224 int qid = 10 + tid; 5225 5226 /* Stop TX scheduler while we're changing its configuration. */ 5227 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 5228 IWN5000_TXQ_STATUS_CHGACT); 5229 5230 /* Assign RA/TID translation to the queue. */ 5231 iwn_mem_write_2(sc, sc->sched_base + IWN5000_SCHED_TRANS_TBL(qid), 5232 wn->id << 4 | tid); 5233 5234 /* Enable chain-building mode for the queue. */ 5235 iwn_prph_setbits(sc, IWN5000_SCHED_QCHAIN_SEL, 1 << qid); 5236 5237 /* Enable aggregation for the queue. */ 5238 iwn_prph_setbits(sc, IWN5000_SCHED_AGGR_SEL, 1 << qid); 5239 5240 /* Set starting sequence number from the ADDBA request. */ 5241 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff)); 5242 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), ssn); 5243 5244 /* Set scheduler window size and frame limit. */ 5245 iwn_mem_write(sc, sc->sched_base + IWN5000_SCHED_QUEUE_OFFSET(qid) + 4, 5246 IWN_SCHED_LIMIT << 16 | IWN_SCHED_WINSZ); 5247 5248 /* Enable interrupts for the queue. */ 5249 iwn_prph_setbits(sc, IWN5000_SCHED_INTR_MASK, 1 << qid); 5250 5251 /* Mark the queue as active. */ 5252 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 5253 IWN5000_TXQ_STATUS_ACTIVE | iwn_tid2fifo[tid]); 5254 } 5255 5256 static void 5257 iwn5000_ampdu_tx_stop(struct iwn_softc *sc, uint8_t tid, uint16_t ssn) 5258 { 5259 int qid = 10 + tid; 5260 5261 /* Stop TX scheduler while we're changing its configuration. */ 5262 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 5263 IWN5000_TXQ_STATUS_CHGACT); 5264 5265 /* Disable aggregation for the queue. */ 5266 iwn_prph_clrbits(sc, IWN5000_SCHED_AGGR_SEL, 1 << qid); 5267 5268 /* Set starting sequence number from the ADDBA request. */ 5269 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff)); 5270 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), ssn); 5271 5272 /* Disable interrupts for the queue. */ 5273 iwn_prph_clrbits(sc, IWN5000_SCHED_INTR_MASK, 1 << qid); 5274 5275 /* Mark the queue as inactive. */ 5276 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 5277 IWN5000_TXQ_STATUS_INACTIVE | iwn_tid2fifo[tid]); 5278 } 5279 #endif /* !IEEE80211_NO_HT */ 5280 5281 /* 5282 * Query calibration tables from the initialization firmware. We do this 5283 * only once at first boot. Called from a process context. 5284 */ 5285 static int 5286 iwn5000_query_calibration(struct iwn_softc *sc) 5287 { 5288 struct iwn5000_calib_config cmd; 5289 int error; 5290 5291 memset(&cmd, 0, sizeof cmd); 5292 cmd.ucode.once.enable = 0xffffffff; 5293 cmd.ucode.once.start = 0xffffffff; 5294 cmd.ucode.once.send = 0xffffffff; 5295 cmd.ucode.flags = 0xffffffff; 5296 DPRINTF(("sending calibration query\n")); 5297 error = iwn_cmd(sc, IWN5000_CMD_CALIB_CONFIG, &cmd, sizeof cmd, 0); 5298 if (error != 0) 5299 return error; 5300 5301 /* Wait at most two seconds for calibration to complete. */ 5302 if (!(sc->sc_flags & IWN_FLAG_CALIB_DONE)) 5303 error = tsleep(sc, PCATCH, "iwncal", 2 * hz); 5304 return error; 5305 } 5306 5307 /* 5308 * Send calibration results to the runtime firmware. These results were 5309 * obtained on first boot from the initialization firmware. 5310 */ 5311 static int 5312 iwn5000_send_calibration(struct iwn_softc *sc) 5313 { 5314 int idx, error; 5315 5316 for (idx = 0; idx < 5; idx++) { 5317 if (sc->calibcmd[idx].buf == NULL) 5318 continue; /* No results available. */ 5319 DPRINTF(("send calibration result idx=%d len=%d\n", 5320 idx, sc->calibcmd[idx].len)); 5321 error = iwn_cmd(sc, IWN_CMD_PHY_CALIB, sc->calibcmd[idx].buf, 5322 sc->calibcmd[idx].len, 0); 5323 if (error != 0) { 5324 aprint_error_dev(sc->sc_dev, 5325 "could not send calibration result\n"); 5326 return error; 5327 } 5328 } 5329 return 0; 5330 } 5331 5332 static int 5333 iwn5000_send_wimax_coex(struct iwn_softc *sc) 5334 { 5335 struct iwn5000_wimax_coex wimax; 5336 5337 #ifdef notyet 5338 if (sc->hw_type == IWN_HW_REV_TYPE_6050) { 5339 /* Enable WiMAX coexistence for combo adapters. */ 5340 wimax.flags = 5341 IWN_WIMAX_COEX_ASSOC_WA_UNMASK | 5342 IWN_WIMAX_COEX_UNASSOC_WA_UNMASK | 5343 IWN_WIMAX_COEX_STA_TABLE_VALID | 5344 IWN_WIMAX_COEX_ENABLE; 5345 memcpy(wimax.events, iwn6050_wimax_events, 5346 sizeof iwn6050_wimax_events); 5347 } else 5348 #endif 5349 { 5350 /* Disable WiMAX coexistence. */ 5351 wimax.flags = 0; 5352 memset(wimax.events, 0, sizeof wimax.events); 5353 } 5354 DPRINTF(("Configuring WiMAX coexistence\n")); 5355 return iwn_cmd(sc, IWN5000_CMD_WIMAX_COEX, &wimax, sizeof wimax, 0); 5356 } 5357 5358 static int 5359 iwn6000_temp_offset_calib(struct iwn_softc *sc) 5360 { 5361 struct iwn6000_phy_calib_temp_offset cmd; 5362 5363 memset(&cmd, 0, sizeof cmd); 5364 cmd.code = IWN6000_PHY_CALIB_TEMP_OFFSET; 5365 cmd.ngroups = 1; 5366 cmd.isvalid = 1; 5367 if (sc->eeprom_temp != 0) 5368 cmd.offset = htole16(sc->eeprom_temp); 5369 else 5370 cmd.offset = htole16(IWN_DEFAULT_TEMP_OFFSET); 5371 DPRINTF(("setting radio sensor offset to %d\n", le16toh(cmd.offset))); 5372 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0); 5373 } 5374 5375 static int 5376 iwn2000_temp_offset_calib(struct iwn_softc *sc) 5377 { 5378 struct iwn2000_phy_calib_temp_offset cmd; 5379 5380 memset(&cmd, 0, sizeof cmd); 5381 cmd.code = IWN2000_PHY_CALIB_TEMP_OFFSET; 5382 cmd.ngroups = 1; 5383 cmd.isvalid = 1; 5384 if (sc->eeprom_rawtemp != 0) { 5385 cmd.offset_low = htole16(sc->eeprom_rawtemp); 5386 cmd.offset_high = htole16(sc->eeprom_temp); 5387 } else { 5388 cmd.offset_low = htole16(IWN_DEFAULT_TEMP_OFFSET); 5389 cmd.offset_high = htole16(IWN_DEFAULT_TEMP_OFFSET); 5390 } 5391 cmd.burnt_voltage_ref = htole16(sc->eeprom_voltage); 5392 DPRINTF(("setting radio sensor offset to %d:%d, voltage to %d\n", 5393 le16toh(cmd.offset_low), le16toh(cmd.offset_high), 5394 le16toh(cmd.burnt_voltage_ref))); 5395 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0); 5396 } 5397 5398 /* 5399 * This function is called after the runtime firmware notifies us of its 5400 * readiness (called in a process context). 5401 */ 5402 static int 5403 iwn4965_post_alive(struct iwn_softc *sc) 5404 { 5405 int error, qid; 5406 5407 if ((error = iwn_nic_lock(sc)) != 0) 5408 return error; 5409 5410 /* Clear TX scheduler state in SRAM. */ 5411 sc->sched_base = iwn_prph_read(sc, IWN_SCHED_SRAM_ADDR); 5412 iwn_mem_set_region_4(sc, sc->sched_base + IWN4965_SCHED_CTX_OFF, 0, 5413 IWN4965_SCHED_CTX_LEN / sizeof (uint32_t)); 5414 5415 /* Set physical address of TX scheduler rings (1KB aligned). */ 5416 iwn_prph_write(sc, IWN4965_SCHED_DRAM_ADDR, sc->sched_dma.paddr >> 10); 5417 5418 IWN_SETBITS(sc, IWN_FH_TX_CHICKEN, IWN_FH_TX_CHICKEN_SCHED_RETRY); 5419 5420 /* Disable chain mode for all our 16 queues. */ 5421 iwn_prph_write(sc, IWN4965_SCHED_QCHAIN_SEL, 0); 5422 5423 for (qid = 0; qid < IWN4965_NTXQUEUES; qid++) { 5424 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), 0); 5425 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | 0); 5426 5427 /* Set scheduler window size. */ 5428 iwn_mem_write(sc, sc->sched_base + 5429 IWN4965_SCHED_QUEUE_OFFSET(qid), IWN_SCHED_WINSZ); 5430 /* Set scheduler frame limit. */ 5431 iwn_mem_write(sc, sc->sched_base + 5432 IWN4965_SCHED_QUEUE_OFFSET(qid) + 4, 5433 IWN_SCHED_LIMIT << 16); 5434 } 5435 5436 /* Enable interrupts for all our 16 queues. */ 5437 iwn_prph_write(sc, IWN4965_SCHED_INTR_MASK, 0xffff); 5438 /* Identify TX FIFO rings (0-7). */ 5439 iwn_prph_write(sc, IWN4965_SCHED_TXFACT, 0xff); 5440 5441 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */ 5442 for (qid = 0; qid < 7; qid++) { 5443 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 4, 5, 6 }; 5444 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 5445 IWN4965_TXQ_STATUS_ACTIVE | qid2fifo[qid] << 1); 5446 } 5447 iwn_nic_unlock(sc); 5448 return 0; 5449 } 5450 5451 /* 5452 * This function is called after the initialization or runtime firmware 5453 * notifies us of its readiness (called in a process context). 5454 */ 5455 static int 5456 iwn5000_post_alive(struct iwn_softc *sc) 5457 { 5458 int error, qid; 5459 5460 /* Switch to using ICT interrupt mode. */ 5461 iwn5000_ict_reset(sc); 5462 5463 if ((error = iwn_nic_lock(sc)) != 0) 5464 return error; 5465 5466 /* Clear TX scheduler state in SRAM. */ 5467 sc->sched_base = iwn_prph_read(sc, IWN_SCHED_SRAM_ADDR); 5468 iwn_mem_set_region_4(sc, sc->sched_base + IWN5000_SCHED_CTX_OFF, 0, 5469 IWN5000_SCHED_CTX_LEN / sizeof (uint32_t)); 5470 5471 /* Set physical address of TX scheduler rings (1KB aligned). */ 5472 iwn_prph_write(sc, IWN5000_SCHED_DRAM_ADDR, sc->sched_dma.paddr >> 10); 5473 5474 IWN_SETBITS(sc, IWN_FH_TX_CHICKEN, IWN_FH_TX_CHICKEN_SCHED_RETRY); 5475 5476 /* Enable chain mode for all queues, except command queue. */ 5477 iwn_prph_write(sc, IWN5000_SCHED_QCHAIN_SEL, 0xfffef); 5478 iwn_prph_write(sc, IWN5000_SCHED_AGGR_SEL, 0); 5479 5480 for (qid = 0; qid < IWN5000_NTXQUEUES; qid++) { 5481 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), 0); 5482 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | 0); 5483 5484 iwn_mem_write(sc, sc->sched_base + 5485 IWN5000_SCHED_QUEUE_OFFSET(qid), 0); 5486 /* Set scheduler window size and frame limit. */ 5487 iwn_mem_write(sc, sc->sched_base + 5488 IWN5000_SCHED_QUEUE_OFFSET(qid) + 4, 5489 IWN_SCHED_LIMIT << 16 | IWN_SCHED_WINSZ); 5490 } 5491 5492 /* Enable interrupts for all our 20 queues. */ 5493 iwn_prph_write(sc, IWN5000_SCHED_INTR_MASK, 0xfffff); 5494 /* Identify TX FIFO rings (0-7). */ 5495 iwn_prph_write(sc, IWN5000_SCHED_TXFACT, 0xff); 5496 5497 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */ 5498 for (qid = 0; qid < 7; qid++) { 5499 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 7, 5, 6 }; 5500 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 5501 IWN5000_TXQ_STATUS_ACTIVE | qid2fifo[qid]); 5502 } 5503 iwn_nic_unlock(sc); 5504 5505 /* Configure WiMAX coexistence for combo adapters. */ 5506 error = iwn5000_send_wimax_coex(sc); 5507 if (error != 0) { 5508 aprint_error_dev(sc->sc_dev, 5509 "could not configure WiMAX coexistence\n"); 5510 return error; 5511 } 5512 if (sc->hw_type != IWN_HW_REV_TYPE_5150) { 5513 struct iwn5000_phy_calib_crystal cmd; 5514 5515 /* Perform crystal calibration. */ 5516 memset(&cmd, 0, sizeof cmd); 5517 cmd.code = IWN5000_PHY_CALIB_CRYSTAL; 5518 cmd.ngroups = 1; 5519 cmd.isvalid = 1; 5520 cmd.cap_pin[0] = le32toh(sc->eeprom_crystal) & 0xff; 5521 cmd.cap_pin[1] = (le32toh(sc->eeprom_crystal) >> 16) & 0xff; 5522 DPRINTF(("sending crystal calibration %d, %d\n", 5523 cmd.cap_pin[0], cmd.cap_pin[1])); 5524 error = iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0); 5525 if (error != 0) { 5526 aprint_error_dev(sc->sc_dev, 5527 "crystal calibration failed\n"); 5528 return error; 5529 } 5530 } 5531 if (!(sc->sc_flags & IWN_FLAG_CALIB_DONE)) { 5532 /* Query calibration from the initialization firmware. */ 5533 if ((error = iwn5000_query_calibration(sc)) != 0) { 5534 aprint_error_dev(sc->sc_dev, 5535 "could not query calibration\n"); 5536 return error; 5537 } 5538 /* 5539 * We have the calibration results now, reboot with the 5540 * runtime firmware (call ourselves recursively!) 5541 */ 5542 iwn_hw_stop(sc); 5543 error = iwn_hw_init(sc); 5544 } else { 5545 /* Send calibration results to runtime firmware. */ 5546 error = iwn5000_send_calibration(sc); 5547 } 5548 return error; 5549 } 5550 5551 /* 5552 * The firmware boot code is small and is intended to be copied directly into 5553 * the NIC internal memory (no DMA transfer). 5554 */ 5555 static int 5556 iwn4965_load_bootcode(struct iwn_softc *sc, const uint8_t *ucode, int size) 5557 { 5558 int error, ntries; 5559 5560 size /= sizeof (uint32_t); 5561 5562 if ((error = iwn_nic_lock(sc)) != 0) 5563 return error; 5564 5565 /* Copy microcode image into NIC memory. */ 5566 iwn_prph_write_region_4(sc, IWN_BSM_SRAM_BASE, 5567 (const uint32_t *)ucode, size); 5568 5569 iwn_prph_write(sc, IWN_BSM_WR_MEM_SRC, 0); 5570 iwn_prph_write(sc, IWN_BSM_WR_MEM_DST, IWN_FW_TEXT_BASE); 5571 iwn_prph_write(sc, IWN_BSM_WR_DWCOUNT, size); 5572 5573 /* Start boot load now. */ 5574 iwn_prph_write(sc, IWN_BSM_WR_CTRL, IWN_BSM_WR_CTRL_START); 5575 5576 /* Wait for transfer to complete. */ 5577 for (ntries = 0; ntries < 1000; ntries++) { 5578 if (!(iwn_prph_read(sc, IWN_BSM_WR_CTRL) & 5579 IWN_BSM_WR_CTRL_START)) 5580 break; 5581 DELAY(10); 5582 } 5583 if (ntries == 1000) { 5584 aprint_error_dev(sc->sc_dev, 5585 "could not load boot firmware\n"); 5586 iwn_nic_unlock(sc); 5587 return ETIMEDOUT; 5588 } 5589 5590 /* Enable boot after power up. */ 5591 iwn_prph_write(sc, IWN_BSM_WR_CTRL, IWN_BSM_WR_CTRL_START_EN); 5592 5593 iwn_nic_unlock(sc); 5594 return 0; 5595 } 5596 5597 static int 5598 iwn4965_load_firmware(struct iwn_softc *sc) 5599 { 5600 struct iwn_fw_info *fw = &sc->fw; 5601 struct iwn_dma_info *dma = &sc->fw_dma; 5602 int error; 5603 5604 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 5605 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 5606 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 5607 BUS_DMASYNC_PREWRITE); 5608 memcpy((char *)dma->vaddr + IWN4965_FW_DATA_MAXSZ, 5609 fw->init.text, fw->init.textsz); 5610 bus_dmamap_sync(sc->sc_dmat, dma->map, IWN4965_FW_DATA_MAXSZ, 5611 fw->init.textsz, BUS_DMASYNC_PREWRITE); 5612 5613 /* Tell adapter where to find initialization sections. */ 5614 if ((error = iwn_nic_lock(sc)) != 0) 5615 return error; 5616 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_ADDR, dma->paddr >> 4); 5617 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_SIZE, fw->init.datasz); 5618 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_ADDR, 5619 (dma->paddr + IWN4965_FW_DATA_MAXSZ) >> 4); 5620 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 5621 iwn_nic_unlock(sc); 5622 5623 /* Load firmware boot code. */ 5624 error = iwn4965_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 5625 if (error != 0) { 5626 aprint_error_dev(sc->sc_dev, 5627 "could not load boot firmware\n"); 5628 return error; 5629 } 5630 /* Now press "execute". */ 5631 IWN_WRITE(sc, IWN_RESET, 0); 5632 5633 /* Wait at most one second for first alive notification. */ 5634 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 5635 aprint_error_dev(sc->sc_dev, 5636 "timeout waiting for adapter to initialize\n"); 5637 return error; 5638 } 5639 5640 /* Retrieve current temperature for initial TX power calibration. */ 5641 sc->rawtemp = sc->ucode_info.temp[3].chan20MHz; 5642 sc->temp = iwn4965_get_temperature(sc); 5643 5644 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 5645 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 5646 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 5647 BUS_DMASYNC_PREWRITE); 5648 memcpy((char *)dma->vaddr + IWN4965_FW_DATA_MAXSZ, 5649 fw->main.text, fw->main.textsz); 5650 bus_dmamap_sync(sc->sc_dmat, dma->map, IWN4965_FW_DATA_MAXSZ, 5651 fw->main.textsz, BUS_DMASYNC_PREWRITE); 5652 5653 /* Tell adapter where to find runtime sections. */ 5654 if ((error = iwn_nic_lock(sc)) != 0) 5655 return error; 5656 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_ADDR, dma->paddr >> 4); 5657 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_SIZE, fw->main.datasz); 5658 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_ADDR, 5659 (dma->paddr + IWN4965_FW_DATA_MAXSZ) >> 4); 5660 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_SIZE, 5661 IWN_FW_UPDATED | fw->main.textsz); 5662 iwn_nic_unlock(sc); 5663 5664 return 0; 5665 } 5666 5667 static int 5668 iwn5000_load_firmware_section(struct iwn_softc *sc, uint32_t dst, 5669 const uint8_t *section, int size) 5670 { 5671 struct iwn_dma_info *dma = &sc->fw_dma; 5672 int error; 5673 5674 /* Copy firmware section into pre-allocated DMA-safe memory. */ 5675 memcpy(dma->vaddr, section, size); 5676 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 5677 5678 if ((error = iwn_nic_lock(sc)) != 0) 5679 return error; 5680 5681 IWN_WRITE(sc, IWN_FH_TX_CONFIG(IWN_SRVC_DMACHNL), 5682 IWN_FH_TX_CONFIG_DMA_PAUSE); 5683 5684 IWN_WRITE(sc, IWN_FH_SRAM_ADDR(IWN_SRVC_DMACHNL), dst); 5685 IWN_WRITE(sc, IWN_FH_TFBD_CTRL0(IWN_SRVC_DMACHNL), 5686 IWN_LOADDR(dma->paddr)); 5687 IWN_WRITE(sc, IWN_FH_TFBD_CTRL1(IWN_SRVC_DMACHNL), 5688 IWN_HIADDR(dma->paddr) << 28 | size); 5689 IWN_WRITE(sc, IWN_FH_TXBUF_STATUS(IWN_SRVC_DMACHNL), 5690 IWN_FH_TXBUF_STATUS_TBNUM(1) | 5691 IWN_FH_TXBUF_STATUS_TBIDX(1) | 5692 IWN_FH_TXBUF_STATUS_TFBD_VALID); 5693 5694 /* Kick Flow Handler to start DMA transfer. */ 5695 IWN_WRITE(sc, IWN_FH_TX_CONFIG(IWN_SRVC_DMACHNL), 5696 IWN_FH_TX_CONFIG_DMA_ENA | IWN_FH_TX_CONFIG_CIRQ_HOST_ENDTFD); 5697 5698 iwn_nic_unlock(sc); 5699 5700 /* Wait at most five seconds for FH DMA transfer to complete. */ 5701 return tsleep(sc, PCATCH, "iwninit", 5 * hz); 5702 } 5703 5704 static int 5705 iwn5000_load_firmware(struct iwn_softc *sc) 5706 { 5707 struct iwn_fw_part *fw; 5708 int error; 5709 5710 /* Load the initialization firmware on first boot only. */ 5711 fw = (sc->sc_flags & IWN_FLAG_CALIB_DONE) ? 5712 &sc->fw.main : &sc->fw.init; 5713 5714 error = iwn5000_load_firmware_section(sc, IWN_FW_TEXT_BASE, 5715 fw->text, fw->textsz); 5716 if (error != 0) { 5717 aprint_error_dev(sc->sc_dev, 5718 "could not load firmware %s section\n", ".text"); 5719 return error; 5720 } 5721 error = iwn5000_load_firmware_section(sc, IWN_FW_DATA_BASE, 5722 fw->data, fw->datasz); 5723 if (error != 0) { 5724 aprint_error_dev(sc->sc_dev, 5725 "could not load firmware %s section\n", ".data"); 5726 return error; 5727 } 5728 5729 /* Now press "execute". */ 5730 IWN_WRITE(sc, IWN_RESET, 0); 5731 return 0; 5732 } 5733 5734 /* 5735 * Extract text and data sections from a legacy firmware image. 5736 */ 5737 static int 5738 iwn_read_firmware_leg(struct iwn_softc *sc, struct iwn_fw_info *fw) 5739 { 5740 const uint32_t *ptr; 5741 size_t hdrlen = 24; 5742 uint32_t rev; 5743 5744 ptr = (const uint32_t *)fw->data; 5745 rev = le32toh(*ptr++); 5746 5747 sc->ucode_rev = rev; 5748 5749 /* Check firmware API version. */ 5750 if (IWN_FW_API(rev) <= 1) { 5751 aprint_error_dev(sc->sc_dev, 5752 "bad firmware, need API version >=2\n"); 5753 return EINVAL; 5754 } 5755 if (IWN_FW_API(rev) >= 3) { 5756 /* Skip build number (version 2 header). */ 5757 hdrlen += 4; 5758 ptr++; 5759 } 5760 if (fw->size < hdrlen) { 5761 aprint_error_dev(sc->sc_dev, 5762 "firmware too short: %zd bytes\n", fw->size); 5763 return EINVAL; 5764 } 5765 fw->main.textsz = le32toh(*ptr++); 5766 fw->main.datasz = le32toh(*ptr++); 5767 fw->init.textsz = le32toh(*ptr++); 5768 fw->init.datasz = le32toh(*ptr++); 5769 fw->boot.textsz = le32toh(*ptr++); 5770 5771 /* Check that all firmware sections fit. */ 5772 if (fw->size < hdrlen + fw->main.textsz + fw->main.datasz + 5773 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 5774 aprint_error_dev(sc->sc_dev, 5775 "firmware too short: %zd bytes\n", fw->size); 5776 return EINVAL; 5777 } 5778 5779 /* Get pointers to firmware sections. */ 5780 fw->main.text = (const uint8_t *)ptr; 5781 fw->main.data = fw->main.text + fw->main.textsz; 5782 fw->init.text = fw->main.data + fw->main.datasz; 5783 fw->init.data = fw->init.text + fw->init.textsz; 5784 fw->boot.text = fw->init.data + fw->init.datasz; 5785 return 0; 5786 } 5787 5788 /* 5789 * Extract text and data sections from a TLV firmware image. 5790 */ 5791 static int 5792 iwn_read_firmware_tlv(struct iwn_softc *sc, struct iwn_fw_info *fw, 5793 uint16_t alt) 5794 { 5795 const struct iwn_fw_tlv_hdr *hdr; 5796 const struct iwn_fw_tlv *tlv; 5797 const uint8_t *ptr, *end; 5798 uint64_t altmask; 5799 uint32_t len; 5800 5801 if (fw->size < sizeof (*hdr)) { 5802 aprint_error_dev(sc->sc_dev, 5803 "firmware too short: %zd bytes\n", fw->size); 5804 return EINVAL; 5805 } 5806 hdr = (const struct iwn_fw_tlv_hdr *)fw->data; 5807 if (hdr->signature != htole32(IWN_FW_SIGNATURE)) { 5808 aprint_error_dev(sc->sc_dev, 5809 "bad firmware signature 0x%08x\n", le32toh(hdr->signature)); 5810 return EINVAL; 5811 } 5812 DPRINTF(("FW: \"%.64s\", build 0x%x\n", hdr->descr, 5813 le32toh(hdr->build))); 5814 sc->ucode_rev = le32toh(hdr->rev); 5815 5816 /* 5817 * Select the closest supported alternative that is less than 5818 * or equal to the specified one. 5819 */ 5820 altmask = le64toh(hdr->altmask); 5821 while (alt > 0 && !(altmask & (1ULL << alt))) 5822 alt--; /* Downgrade. */ 5823 DPRINTF(("using alternative %d\n", alt)); 5824 5825 ptr = (const uint8_t *)(hdr + 1); 5826 end = (const uint8_t *)(fw->data + fw->size); 5827 5828 /* Parse type-length-value fields. */ 5829 while (ptr + sizeof (*tlv) <= end) { 5830 tlv = (const struct iwn_fw_tlv *)ptr; 5831 len = le32toh(tlv->len); 5832 5833 ptr += sizeof (*tlv); 5834 if (ptr + len > end) { 5835 aprint_error_dev(sc->sc_dev, 5836 "firmware too short: %zd bytes\n", fw->size); 5837 return EINVAL; 5838 } 5839 /* Skip other alternatives. */ 5840 if (tlv->alt != 0 && tlv->alt != htole16(alt)) 5841 goto next; 5842 5843 switch (le16toh(tlv->type)) { 5844 case IWN_FW_TLV_MAIN_TEXT: 5845 fw->main.text = ptr; 5846 fw->main.textsz = len; 5847 break; 5848 case IWN_FW_TLV_MAIN_DATA: 5849 fw->main.data = ptr; 5850 fw->main.datasz = len; 5851 break; 5852 case IWN_FW_TLV_INIT_TEXT: 5853 fw->init.text = ptr; 5854 fw->init.textsz = len; 5855 break; 5856 case IWN_FW_TLV_INIT_DATA: 5857 fw->init.data = ptr; 5858 fw->init.datasz = len; 5859 break; 5860 case IWN_FW_TLV_BOOT_TEXT: 5861 fw->boot.text = ptr; 5862 fw->boot.textsz = len; 5863 break; 5864 case IWN_FW_TLV_ENH_SENS: 5865 if (len != 0) { 5866 aprint_error_dev(sc->sc_dev, 5867 "TLV type %d has invalid size %u\n", 5868 le16toh(tlv->type), len); 5869 goto next; 5870 } 5871 sc->sc_flags |= IWN_FLAG_ENH_SENS; 5872 break; 5873 case IWN_FW_TLV_PHY_CALIB: 5874 if (len != sizeof(uint32_t)) { 5875 aprint_error_dev(sc->sc_dev, 5876 "TLV type %d has invalid size %u\n", 5877 le16toh(tlv->type), len); 5878 goto next; 5879 } 5880 if (le32toh(*ptr) <= IWN5000_PHY_CALIB_MAX) { 5881 sc->reset_noise_gain = le32toh(*ptr); 5882 sc->noise_gain = le32toh(*ptr) + 1; 5883 } 5884 break; 5885 case IWN_FW_TLV_FLAGS: 5886 if (len < sizeof(uint32_t)) 5887 break; 5888 if (len % sizeof(uint32_t)) 5889 break; 5890 sc->tlv_feature_flags = le32toh(*ptr); 5891 DPRINTF(("feature: 0x%08x\n", sc->tlv_feature_flags)); 5892 break; 5893 default: 5894 DPRINTF(("TLV type %d not handled\n", 5895 le16toh(tlv->type))); 5896 break; 5897 } 5898 next: /* TLV fields are 32-bit aligned. */ 5899 ptr += (len + 3) & ~3; 5900 } 5901 return 0; 5902 } 5903 5904 static int 5905 iwn_read_firmware(struct iwn_softc *sc) 5906 { 5907 struct iwn_fw_info *fw = &sc->fw; 5908 firmware_handle_t fwh; 5909 int error; 5910 5911 /* 5912 * Some PHY calibration commands are firmware-dependent; these 5913 * are the default values that will be overridden if 5914 * necessary. 5915 */ 5916 sc->reset_noise_gain = IWN5000_PHY_CALIB_RESET_NOISE_GAIN; 5917 sc->noise_gain = IWN5000_PHY_CALIB_NOISE_GAIN; 5918 5919 /* Initialize for error returns */ 5920 fw->data = NULL; 5921 fw->size = 0; 5922 5923 /* Open firmware image. */ 5924 if ((error = firmware_open("if_iwn", sc->fwname, &fwh)) != 0) { 5925 aprint_error_dev(sc->sc_dev, 5926 "could not get firmware handle %s\n", sc->fwname); 5927 return error; 5928 } 5929 fw->size = firmware_get_size(fwh); 5930 if (fw->size < sizeof (uint32_t)) { 5931 aprint_error_dev(sc->sc_dev, 5932 "firmware too short: %zd bytes\n", fw->size); 5933 firmware_close(fwh); 5934 return EINVAL; 5935 } 5936 5937 /* Read the firmware. */ 5938 fw->data = firmware_malloc(fw->size); 5939 if (fw->data == NULL) { 5940 aprint_error_dev(sc->sc_dev, 5941 "not enough memory to stock firmware %s\n", sc->fwname); 5942 firmware_close(fwh); 5943 return ENOMEM; 5944 } 5945 error = firmware_read(fwh, 0, fw->data, fw->size); 5946 firmware_close(fwh); 5947 if (error != 0) { 5948 aprint_error_dev(sc->sc_dev, 5949 "could not read firmware %s\n", sc->fwname); 5950 goto out; 5951 } 5952 5953 /* Retrieve text and data sections. */ 5954 if (*(const uint32_t *)fw->data != 0) /* Legacy image. */ 5955 error = iwn_read_firmware_leg(sc, fw); 5956 else 5957 error = iwn_read_firmware_tlv(sc, fw, 1); 5958 if (error != 0) { 5959 aprint_error_dev(sc->sc_dev, 5960 "could not read firmware sections\n"); 5961 goto out; 5962 } 5963 5964 /* Make sure text and data sections fit in hardware memory. */ 5965 if (fw->main.textsz > sc->fw_text_maxsz || 5966 fw->main.datasz > sc->fw_data_maxsz || 5967 fw->init.textsz > sc->fw_text_maxsz || 5968 fw->init.datasz > sc->fw_data_maxsz || 5969 fw->boot.textsz > IWN_FW_BOOT_TEXT_MAXSZ || 5970 (fw->boot.textsz & 3) != 0) { 5971 aprint_error_dev(sc->sc_dev, 5972 "firmware sections too large\n"); 5973 goto out; 5974 } 5975 5976 /* We can proceed with loading the firmware. */ 5977 return 0; 5978 out: 5979 firmware_free(fw->data, fw->size); 5980 fw->data = NULL; 5981 fw->size = 0; 5982 return error ? error : EINVAL; 5983 } 5984 5985 static int 5986 iwn_clock_wait(struct iwn_softc *sc) 5987 { 5988 int ntries; 5989 5990 /* Set "initialization complete" bit. */ 5991 IWN_SETBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_INIT_DONE); 5992 5993 /* Wait for clock stabilization. */ 5994 for (ntries = 0; ntries < 2500; ntries++) { 5995 if (IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_MAC_CLOCK_READY) 5996 return 0; 5997 DELAY(10); 5998 } 5999 aprint_error_dev(sc->sc_dev, 6000 "timeout waiting for clock stabilization\n"); 6001 return ETIMEDOUT; 6002 } 6003 6004 static int 6005 iwn_apm_init(struct iwn_softc *sc) 6006 { 6007 pcireg_t reg; 6008 int error; 6009 6010 /* Disable L0s exit timer (NMI bug workaround). */ 6011 IWN_SETBITS(sc, IWN_GIO_CHICKEN, IWN_GIO_CHICKEN_DIS_L0S_TIMER); 6012 /* Don't wait for ICH L0s (ICH bug workaround). */ 6013 IWN_SETBITS(sc, IWN_GIO_CHICKEN, IWN_GIO_CHICKEN_L1A_NO_L0S_RX); 6014 6015 /* Set FH wait threshold to max (HW bug under stress workaround). */ 6016 IWN_SETBITS(sc, IWN_DBG_HPET_MEM, 0xffff0000); 6017 6018 /* Enable HAP INTA to move adapter from L1a to L0s. */ 6019 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_HAP_WAKE_L1A); 6020 6021 /* Retrieve PCIe Active State Power Management (ASPM). */ 6022 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 6023 sc->sc_cap_off + PCIE_LCSR); 6024 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 6025 if (reg & PCIE_LCSR_ASPM_L1) /* L1 Entry enabled. */ 6026 IWN_SETBITS(sc, IWN_GIO, IWN_GIO_L0S_ENA); 6027 else 6028 IWN_CLRBITS(sc, IWN_GIO, IWN_GIO_L0S_ENA); 6029 6030 if (sc->hw_type != IWN_HW_REV_TYPE_4965 && 6031 sc->hw_type <= IWN_HW_REV_TYPE_1000) 6032 IWN_SETBITS(sc, IWN_ANA_PLL, IWN_ANA_PLL_INIT); 6033 6034 /* Wait for clock stabilization before accessing prph. */ 6035 if ((error = iwn_clock_wait(sc)) != 0) 6036 return error; 6037 6038 if ((error = iwn_nic_lock(sc)) != 0) 6039 return error; 6040 if (sc->hw_type == IWN_HW_REV_TYPE_4965) { 6041 /* Enable DMA and BSM (Bootstrap State Machine). */ 6042 iwn_prph_write(sc, IWN_APMG_CLK_EN, 6043 IWN_APMG_CLK_CTRL_DMA_CLK_RQT | 6044 IWN_APMG_CLK_CTRL_BSM_CLK_RQT); 6045 } else { 6046 /* Enable DMA. */ 6047 iwn_prph_write(sc, IWN_APMG_CLK_EN, 6048 IWN_APMG_CLK_CTRL_DMA_CLK_RQT); 6049 } 6050 DELAY(20); 6051 /* Disable L1-Active. */ 6052 iwn_prph_setbits(sc, IWN_APMG_PCI_STT, IWN_APMG_PCI_STT_L1A_DIS); 6053 iwn_nic_unlock(sc); 6054 6055 return 0; 6056 } 6057 6058 static void 6059 iwn_apm_stop_master(struct iwn_softc *sc) 6060 { 6061 int ntries; 6062 6063 /* Stop busmaster DMA activity. */ 6064 IWN_SETBITS(sc, IWN_RESET, IWN_RESET_STOP_MASTER); 6065 for (ntries = 0; ntries < 100; ntries++) { 6066 if (IWN_READ(sc, IWN_RESET) & IWN_RESET_MASTER_DISABLED) 6067 return; 6068 DELAY(10); 6069 } 6070 aprint_error_dev(sc->sc_dev, "timeout waiting for master\n"); 6071 } 6072 6073 static void 6074 iwn_apm_stop(struct iwn_softc *sc) 6075 { 6076 iwn_apm_stop_master(sc); 6077 6078 /* Reset the entire device. */ 6079 IWN_SETBITS(sc, IWN_RESET, IWN_RESET_SW); 6080 DELAY(10); 6081 /* Clear "initialization complete" bit. */ 6082 IWN_CLRBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_INIT_DONE); 6083 } 6084 6085 static int 6086 iwn4965_nic_config(struct iwn_softc *sc) 6087 { 6088 if (IWN_RFCFG_TYPE(sc->rfcfg) == 1) { 6089 /* 6090 * I don't believe this to be correct but this is what the 6091 * vendor driver is doing. Probably the bits should not be 6092 * shifted in IWN_RFCFG_*. 6093 */ 6094 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 6095 IWN_RFCFG_TYPE(sc->rfcfg) | 6096 IWN_RFCFG_STEP(sc->rfcfg) | 6097 IWN_RFCFG_DASH(sc->rfcfg)); 6098 } 6099 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 6100 IWN_HW_IF_CONFIG_RADIO_SI | IWN_HW_IF_CONFIG_MAC_SI); 6101 return 0; 6102 } 6103 6104 static int 6105 iwn5000_nic_config(struct iwn_softc *sc) 6106 { 6107 uint32_t tmp; 6108 int error; 6109 6110 if (IWN_RFCFG_TYPE(sc->rfcfg) < 3) { 6111 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 6112 IWN_RFCFG_TYPE(sc->rfcfg) | 6113 IWN_RFCFG_STEP(sc->rfcfg) | 6114 IWN_RFCFG_DASH(sc->rfcfg)); 6115 } 6116 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 6117 IWN_HW_IF_CONFIG_RADIO_SI | IWN_HW_IF_CONFIG_MAC_SI); 6118 6119 if ((error = iwn_nic_lock(sc)) != 0) 6120 return error; 6121 iwn_prph_setbits(sc, IWN_APMG_PS, IWN_APMG_PS_EARLY_PWROFF_DIS); 6122 6123 if (sc->hw_type == IWN_HW_REV_TYPE_1000) { 6124 /* 6125 * Select first Switching Voltage Regulator (1.32V) to 6126 * solve a stability issue related to noisy DC2DC line 6127 * in the silicon of 1000 Series. 6128 */ 6129 tmp = iwn_prph_read(sc, IWN_APMG_DIGITAL_SVR); 6130 tmp &= ~IWN_APMG_DIGITAL_SVR_VOLTAGE_MASK; 6131 tmp |= IWN_APMG_DIGITAL_SVR_VOLTAGE_1_32; 6132 iwn_prph_write(sc, IWN_APMG_DIGITAL_SVR, tmp); 6133 } 6134 iwn_nic_unlock(sc); 6135 6136 if (sc->sc_flags & IWN_FLAG_INTERNAL_PA) { 6137 /* Use internal power amplifier only. */ 6138 IWN_WRITE(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_RADIO_2X2_IPA); 6139 } 6140 if ((sc->hw_type == IWN_HW_REV_TYPE_6050 || 6141 sc->hw_type == IWN_HW_REV_TYPE_6005) && sc->calib_ver >= 6) { 6142 /* Indicate that ROM calibration version is >=6. */ 6143 IWN_SETBITS(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_CALIB_VER6); 6144 } 6145 if (sc->hw_type == IWN_HW_REV_TYPE_6005) 6146 IWN_SETBITS(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_6050_1X2); 6147 if (sc->hw_type == IWN_HW_REV_TYPE_2030 || 6148 sc->hw_type == IWN_HW_REV_TYPE_2000 || 6149 sc->hw_type == IWN_HW_REV_TYPE_135 || 6150 sc->hw_type == IWN_HW_REV_TYPE_105) 6151 IWN_SETBITS(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_RADIO_IQ_INVERT); 6152 return 0; 6153 } 6154 6155 /* 6156 * Take NIC ownership over Intel Active Management Technology (AMT). 6157 */ 6158 static int 6159 iwn_hw_prepare(struct iwn_softc *sc) 6160 { 6161 int ntries; 6162 6163 /* Check if hardware is ready. */ 6164 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_NIC_READY); 6165 for (ntries = 0; ntries < 5; ntries++) { 6166 if (IWN_READ(sc, IWN_HW_IF_CONFIG) & 6167 IWN_HW_IF_CONFIG_NIC_READY) 6168 return 0; 6169 DELAY(10); 6170 } 6171 6172 /* Hardware not ready, force into ready state. */ 6173 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_PREPARE); 6174 for (ntries = 0; ntries < 15000; ntries++) { 6175 if (!(IWN_READ(sc, IWN_HW_IF_CONFIG) & 6176 IWN_HW_IF_CONFIG_PREPARE_DONE)) 6177 break; 6178 DELAY(10); 6179 } 6180 if (ntries == 15000) 6181 return ETIMEDOUT; 6182 6183 /* Hardware should be ready now. */ 6184 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_NIC_READY); 6185 for (ntries = 0; ntries < 5; ntries++) { 6186 if (IWN_READ(sc, IWN_HW_IF_CONFIG) & 6187 IWN_HW_IF_CONFIG_NIC_READY) 6188 return 0; 6189 DELAY(10); 6190 } 6191 return ETIMEDOUT; 6192 } 6193 6194 static int 6195 iwn_hw_init(struct iwn_softc *sc) 6196 { 6197 struct iwn_ops *ops = &sc->ops; 6198 int error, chnl, qid; 6199 6200 /* Clear pending interrupts. */ 6201 IWN_WRITE(sc, IWN_INT, 0xffffffff); 6202 6203 if ((error = iwn_apm_init(sc)) != 0) { 6204 aprint_error_dev(sc->sc_dev, 6205 "could not power ON adapter\n"); 6206 return error; 6207 } 6208 6209 /* Select VMAIN power source. */ 6210 if ((error = iwn_nic_lock(sc)) != 0) 6211 return error; 6212 iwn_prph_clrbits(sc, IWN_APMG_PS, IWN_APMG_PS_PWR_SRC_MASK); 6213 iwn_nic_unlock(sc); 6214 6215 /* Perform adapter-specific initialization. */ 6216 if ((error = ops->nic_config(sc)) != 0) 6217 return error; 6218 6219 /* Initialize RX ring. */ 6220 if ((error = iwn_nic_lock(sc)) != 0) 6221 return error; 6222 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 0); 6223 IWN_WRITE(sc, IWN_FH_RX_WPTR, 0); 6224 /* Set physical address of RX ring (256-byte aligned). */ 6225 IWN_WRITE(sc, IWN_FH_RX_BASE, sc->rxq.desc_dma.paddr >> 8); 6226 /* Set physical address of RX status (16-byte aligned). */ 6227 IWN_WRITE(sc, IWN_FH_STATUS_WPTR, sc->rxq.stat_dma.paddr >> 4); 6228 /* Enable RX. */ 6229 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 6230 IWN_FH_RX_CONFIG_ENA | 6231 IWN_FH_RX_CONFIG_IGN_RXF_EMPTY | /* HW bug workaround */ 6232 IWN_FH_RX_CONFIG_IRQ_DST_HOST | 6233 IWN_FH_RX_CONFIG_SINGLE_FRAME | 6234 IWN_FH_RX_CONFIG_RB_TIMEOUT(0) | 6235 IWN_FH_RX_CONFIG_NRBD(IWN_RX_RING_COUNT_LOG)); 6236 iwn_nic_unlock(sc); 6237 IWN_WRITE(sc, IWN_FH_RX_WPTR, (IWN_RX_RING_COUNT - 1) & ~7); 6238 6239 if ((error = iwn_nic_lock(sc)) != 0) 6240 return error; 6241 6242 /* Initialize TX scheduler. */ 6243 iwn_prph_write(sc, sc->sched_txfact_addr, 0); 6244 6245 /* Set physical address of "keep warm" page (16-byte aligned). */ 6246 IWN_WRITE(sc, IWN_FH_KW_ADDR, sc->kw_dma.paddr >> 4); 6247 6248 /* Initialize TX rings. */ 6249 for (qid = 0; qid < sc->ntxqs; qid++) { 6250 struct iwn_tx_ring *txq = &sc->txq[qid]; 6251 6252 /* Set physical address of TX ring (256-byte aligned). */ 6253 IWN_WRITE(sc, IWN_FH_CBBC_QUEUE(qid), 6254 txq->desc_dma.paddr >> 8); 6255 } 6256 iwn_nic_unlock(sc); 6257 6258 /* Enable DMA channels. */ 6259 for (chnl = 0; chnl < sc->ndmachnls; chnl++) { 6260 IWN_WRITE(sc, IWN_FH_TX_CONFIG(chnl), 6261 IWN_FH_TX_CONFIG_DMA_ENA | 6262 IWN_FH_TX_CONFIG_DMA_CREDIT_ENA); 6263 } 6264 6265 /* Clear "radio off" and "commands blocked" bits. */ 6266 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL); 6267 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_CMD_BLOCKED); 6268 6269 /* Clear pending interrupts. */ 6270 IWN_WRITE(sc, IWN_INT, 0xffffffff); 6271 /* Enable interrupt coalescing. */ 6272 IWN_WRITE(sc, IWN_INT_COALESCING, 512 / 8); 6273 /* Enable interrupts. */ 6274 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask); 6275 6276 /* _Really_ make sure "radio off" bit is cleared! */ 6277 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL); 6278 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL); 6279 6280 /* Enable shadow registers. */ 6281 if (sc->hw_type >= IWN_HW_REV_TYPE_6000) 6282 IWN_SETBITS(sc, IWN_SHADOW_REG_CTRL, 0x800fffff); 6283 6284 if ((error = ops->load_firmware(sc)) != 0) { 6285 aprint_error_dev(sc->sc_dev, 6286 "could not load firmware\n"); 6287 return error; 6288 } 6289 /* Wait at most one second for firmware alive notification. */ 6290 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 6291 aprint_error_dev(sc->sc_dev, 6292 "timeout waiting for adapter to initialize\n"); 6293 return error; 6294 } 6295 /* Do post-firmware initialization. */ 6296 return ops->post_alive(sc); 6297 } 6298 6299 static void 6300 iwn_hw_stop(struct iwn_softc *sc) 6301 { 6302 int chnl, qid, ntries; 6303 6304 IWN_WRITE(sc, IWN_RESET, IWN_RESET_NEVO); 6305 6306 /* Disable interrupts. */ 6307 IWN_WRITE(sc, IWN_INT_MASK, 0); 6308 IWN_WRITE(sc, IWN_INT, 0xffffffff); 6309 IWN_WRITE(sc, IWN_FH_INT, 0xffffffff); 6310 sc->sc_flags &= ~IWN_FLAG_USE_ICT; 6311 6312 /* Make sure we no longer hold the NIC lock. */ 6313 iwn_nic_unlock(sc); 6314 6315 /* Stop TX scheduler. */ 6316 iwn_prph_write(sc, sc->sched_txfact_addr, 0); 6317 6318 /* Stop all DMA channels. */ 6319 if (iwn_nic_lock(sc) == 0) { 6320 for (chnl = 0; chnl < sc->ndmachnls; chnl++) { 6321 IWN_WRITE(sc, IWN_FH_TX_CONFIG(chnl), 0); 6322 for (ntries = 0; ntries < 200; ntries++) { 6323 if (IWN_READ(sc, IWN_FH_TX_STATUS) & 6324 IWN_FH_TX_STATUS_IDLE(chnl)) 6325 break; 6326 DELAY(10); 6327 } 6328 } 6329 iwn_nic_unlock(sc); 6330 } 6331 6332 /* Stop RX ring. */ 6333 iwn_reset_rx_ring(sc, &sc->rxq); 6334 6335 /* Reset all TX rings. */ 6336 for (qid = 0; qid < sc->ntxqs; qid++) 6337 iwn_reset_tx_ring(sc, &sc->txq[qid]); 6338 6339 if (iwn_nic_lock(sc) == 0) { 6340 iwn_prph_write(sc, IWN_APMG_CLK_DIS, 6341 IWN_APMG_CLK_CTRL_DMA_CLK_RQT); 6342 iwn_nic_unlock(sc); 6343 } 6344 DELAY(5); 6345 /* Power OFF adapter. */ 6346 iwn_apm_stop(sc); 6347 } 6348 6349 static int 6350 iwn_init(struct ifnet *ifp) 6351 { 6352 struct iwn_softc *sc = ifp->if_softc; 6353 struct ieee80211com *ic = &sc->sc_ic; 6354 int error; 6355 6356 mutex_enter(&sc->sc_mtx); 6357 if (sc->sc_flags & IWN_FLAG_HW_INITED) 6358 goto out; 6359 if ((error = iwn_hw_prepare(sc)) != 0) { 6360 aprint_error_dev(sc->sc_dev, 6361 "hardware not ready\n"); 6362 goto fail; 6363 } 6364 6365 /* Check that the radio is not disabled by hardware switch. */ 6366 if (!(IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_RFKILL)) { 6367 aprint_error_dev(sc->sc_dev, 6368 "radio is disabled by hardware switch\n"); 6369 error = EPERM; /* :-) */ 6370 goto fail; 6371 } 6372 6373 /* Read firmware images from the filesystem. */ 6374 if ((error = iwn_read_firmware(sc)) != 0) { 6375 aprint_error_dev(sc->sc_dev, 6376 "could not read firmware\n"); 6377 goto fail; 6378 } 6379 6380 /* Initialize interrupt mask to default value. */ 6381 sc->int_mask = IWN_INT_MASK_DEF; 6382 sc->sc_flags &= ~IWN_FLAG_USE_ICT; 6383 6384 /* Initialize hardware and upload firmware. */ 6385 KASSERT(sc->fw.data != NULL && sc->fw.size > 0); 6386 error = iwn_hw_init(sc); 6387 firmware_free(sc->fw.data, sc->fw.size); 6388 sc->fw.data = NULL; 6389 sc->fw.size = 0; 6390 if (error != 0) { 6391 aprint_error_dev(sc->sc_dev, 6392 "could not initialize hardware\n"); 6393 goto fail; 6394 } 6395 6396 /* Configure adapter now that it is ready. */ 6397 if ((error = iwn_config(sc)) != 0) { 6398 aprint_error_dev(sc->sc_dev, 6399 "could not configure device\n"); 6400 goto fail; 6401 } 6402 6403 sc->sc_beacon_wait = 0; 6404 6405 ifp->if_flags &= ~IFF_OACTIVE; 6406 ifp->if_flags |= IFF_RUNNING; 6407 6408 if (ic->ic_opmode != IEEE80211_M_MONITOR) 6409 ieee80211_begin_scan(ic, 0); 6410 else 6411 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 6412 6413 sc->sc_flags |= IWN_FLAG_HW_INITED; 6414 out: 6415 mutex_exit(&sc->sc_mtx); 6416 return 0; 6417 6418 fail: mutex_exit(&sc->sc_mtx); 6419 iwn_stop(ifp, 1); 6420 return error; 6421 } 6422 6423 static void 6424 iwn_stop(struct ifnet *ifp, int disable) 6425 { 6426 struct iwn_softc *sc = ifp->if_softc; 6427 struct ieee80211com *ic = &sc->sc_ic; 6428 6429 if (!disable) 6430 mutex_enter(&sc->sc_mtx); 6431 sc->sc_flags &= ~IWN_FLAG_HW_INITED; 6432 ifp->if_timer = sc->sc_tx_timer = 0; 6433 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 6434 6435 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 6436 6437 /* Power OFF hardware. */ 6438 iwn_hw_stop(sc); 6439 6440 if (!disable) 6441 mutex_exit(&sc->sc_mtx); 6442 } 6443 6444 /* 6445 * XXX MCLGETI alternative 6446 * 6447 * With IWN_USE_RBUF defined it uses the rbuf cache for receive buffers 6448 * as long as there are available free buffers then it uses MEXTMALLOC., 6449 * Without IWN_USE_RBUF defined it uses MEXTMALLOC exclusively. 6450 * The MCLGET4K code is used for testing an alternative mbuf cache. 6451 */ 6452 6453 static struct mbuf * 6454 MCLGETIalt(struct iwn_softc *sc, int how, 6455 struct ifnet *ifp __unused, u_int size) 6456 { 6457 struct mbuf *m; 6458 #ifdef IWN_USE_RBUF 6459 struct iwn_rbuf *rbuf; 6460 #endif 6461 6462 MGETHDR(m, how, MT_DATA); 6463 if (m == NULL) 6464 return NULL; 6465 6466 #ifdef IWN_USE_RBUF 6467 if (sc->rxq.nb_free_entries > 0 && 6468 (rbuf = iwn_alloc_rbuf(sc)) != NULL) { 6469 /* Attach buffer to mbuf header. */ 6470 MEXTADD(m, rbuf->vaddr, size, 0, iwn_free_rbuf, rbuf); 6471 m->m_flags |= M_EXT_RW; 6472 } 6473 else { 6474 MEXTMALLOC(m, size, how); 6475 if ((m->m_flags & M_EXT) == 0) { 6476 m_freem(m); 6477 return NULL; 6478 } 6479 } 6480 6481 #else 6482 #ifdef MCLGET4K 6483 if (size == 4096) 6484 MCLGET4K(m, how); 6485 else 6486 panic("size must be 4k"); 6487 #else 6488 MEXTMALLOC(m, size, how); 6489 #endif 6490 if ((m->m_flags & M_EXT) == 0) { 6491 m_freem(m); 6492 return NULL; 6493 } 6494 #endif 6495 6496 return m; 6497 } 6498 6499 #ifdef IWN_USE_RBUF 6500 static struct iwn_rbuf * 6501 iwn_alloc_rbuf(struct iwn_softc *sc) 6502 { 6503 struct iwn_rbuf *rbuf; 6504 mutex_enter(&sc->rxq.freelist_mtx); 6505 6506 rbuf = SLIST_FIRST(&sc->rxq.freelist); 6507 if (rbuf != NULL) { 6508 SLIST_REMOVE_HEAD(&sc->rxq.freelist, next); 6509 sc->rxq.nb_free_entries --; 6510 } 6511 mutex_exit(&sc->rxq.freelist_mtx); 6512 return rbuf; 6513 } 6514 6515 /* 6516 * This is called automatically by the network stack when the mbuf to which 6517 * our RX buffer is attached is freed. 6518 */ 6519 static void 6520 iwn_free_rbuf(struct mbuf* m, void *buf, size_t size, void *arg) 6521 { 6522 struct iwn_rbuf *rbuf = arg; 6523 struct iwn_softc *sc = rbuf->sc; 6524 6525 /* Put the RX buffer back in the free list. */ 6526 mutex_enter(&sc->rxq.freelist_mtx); 6527 SLIST_INSERT_HEAD(&sc->rxq.freelist, rbuf, next); 6528 mutex_exit(&sc->rxq.freelist_mtx); 6529 6530 sc->rxq.nb_free_entries ++; 6531 if (__predict_true(m != NULL)) 6532 pool_cache_put(mb_cache, m); 6533 } 6534 6535 static int 6536 iwn_alloc_rpool(struct iwn_softc *sc) 6537 { 6538 struct iwn_rx_ring *ring = &sc->rxq; 6539 struct iwn_rbuf *rbuf; 6540 int i, error; 6541 6542 mutex_init(&ring->freelist_mtx, MUTEX_DEFAULT, IPL_NET); 6543 6544 /* Allocate a big chunk of DMA'able memory... */ 6545 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->buf_dma, NULL, 6546 IWN_RBUF_COUNT * IWN_RBUF_SIZE, PAGE_SIZE); 6547 if (error != 0) { 6548 aprint_error_dev(sc->sc_dev, 6549 "could not allocate RX buffers DMA memory\n"); 6550 return error; 6551 } 6552 /* ...and split it into chunks of IWN_RBUF_SIZE bytes. */ 6553 SLIST_INIT(&ring->freelist); 6554 for (i = 0; i < IWN_RBUF_COUNT; i++) { 6555 rbuf = &ring->rbuf[i]; 6556 6557 rbuf->sc = sc; /* Backpointer for callbacks. */ 6558 rbuf->vaddr = (void *)((vaddr_t)ring->buf_dma.vaddr + i * IWN_RBUF_SIZE); 6559 rbuf->paddr = ring->buf_dma.paddr + i * IWN_RBUF_SIZE; 6560 6561 SLIST_INSERT_HEAD(&ring->freelist, rbuf, next); 6562 } 6563 ring->nb_free_entries = IWN_RBUF_COUNT; 6564 return 0; 6565 } 6566 6567 static void 6568 iwn_free_rpool(struct iwn_softc *sc) 6569 { 6570 iwn_dma_contig_free(&sc->rxq.buf_dma); 6571 } 6572 #endif 6573 6574 /* 6575 * XXX: Hack to set the current channel to the value advertised in beacons or 6576 * probe responses. Only used during AP detection. 6577 * XXX: Duplicated from if_iwi.c 6578 */ 6579 static void 6580 iwn_fix_channel(struct ieee80211com *ic, struct mbuf *m, 6581 struct iwn_rx_stat *stat) 6582 { 6583 struct iwn_softc *sc = ic->ic_ifp->if_softc; 6584 struct ieee80211_frame *wh; 6585 uint8_t subtype; 6586 uint8_t *frm, *efrm; 6587 6588 wh = mtod(m, struct ieee80211_frame *); 6589 6590 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT) 6591 return; 6592 6593 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 6594 6595 if (subtype != IEEE80211_FC0_SUBTYPE_BEACON && 6596 subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP) 6597 return; 6598 6599 if (sc->sc_flags & IWN_FLAG_SCANNING_5GHZ) { 6600 int chan = le16toh(stat->chan); 6601 if (chan < __arraycount(ic->ic_channels)) 6602 ic->ic_curchan = &ic->ic_channels[chan]; 6603 return; 6604 } 6605 6606 frm = (uint8_t *)(wh + 1); 6607 efrm = mtod(m, uint8_t *) + m->m_len; 6608 6609 frm += 12; /* skip tstamp, bintval and capinfo fields */ 6610 while (frm < efrm) { 6611 if (*frm == IEEE80211_ELEMID_DSPARMS) 6612 #if IEEE80211_CHAN_MAX < 255 6613 if (frm[2] <= IEEE80211_CHAN_MAX) 6614 #endif 6615 ic->ic_curchan = &ic->ic_channels[frm[2]]; 6616 6617 frm += frm[1] + 2; 6618 } 6619 } 6620 6621 #ifdef notyetMODULE 6622 6623 MODULE(MODULE_CLASS_DRIVER, if_iwn, "pci"); 6624 6625 #ifdef _MODULE 6626 #include "ioconf.c" 6627 #endif 6628 6629 static int 6630 if_iwn_modcmd(modcmd_t cmd, void *data) 6631 { 6632 int error = 0; 6633 6634 switch (cmd) { 6635 case MODULE_CMD_INIT: 6636 #ifdef _MODULE 6637 error = config_init_component(cfdriver_ioconf_if_iwn, 6638 cfattach_ioconf_if_iwn, cfdata_ioconf_if_iwn); 6639 #endif 6640 return error; 6641 case MODULE_CMD_FINI: 6642 #ifdef _MODULE 6643 error = config_fini_component(cfdriver_ioconf_if_iwn, 6644 cfattach_ioconf_if_iwn, cfdata_ioconf_if_iwn); 6645 #endif 6646 return error; 6647 case MODULE_CMD_AUTOUNLOAD: 6648 #ifdef _MODULE 6649 /* XXX This is not optional! */ 6650 #endif 6651 return error; 6652 default: 6653 return ENOTTY; 6654 } 6655 } 6656 #endif 6657