1 /* $OpenBSD: malo.c,v 1.87 2009/03/29 21:53:52 sthen Exp $ */ 2 3 /* 4 * Copyright (c) 2006 Claudio Jeker <claudio@openbsd.org> 5 * Copyright (c) 2006 Marcus Glocker <mglocker@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include "bpfilter.h" 21 22 #include <sys/cdefs.h> 23 #include <sys/param.h> 24 #include <sys/types.h> 25 26 #include <sys/device.h> 27 #include <sys/kernel.h> 28 #include <sys/malloc.h> 29 #include <sys/mbuf.h> 30 #include <sys/proc.h> 31 #include <sys/socket.h> 32 #include <sys/sockio.h> 33 #include <sys/systm.h> 34 35 #include <machine/bus.h> 36 #include <machine/endian.h> 37 #include <machine/intr.h> 38 39 #include <net/if.h> 40 #include <net/if_media.h> 41 42 #if NBPFILTER > 0 43 #include <net/bpf.h> 44 #endif 45 46 #include <netinet/in.h> 47 #include <netinet/in_systm.h> 48 #include <netinet/if_ether.h> 49 50 #include <net80211/ieee80211_var.h> 51 #include <net80211/ieee80211_radiotap.h> 52 53 #include <dev/ic/malo.h> 54 55 #ifdef MALO_DEBUG 56 int malo_d = 1; 57 #define DPRINTF(l, x...) do { if ((l) <= malo_d) printf(x); } while (0) 58 #else 59 #define DPRINTF(l, x...) 60 #endif 61 62 /* internal structures and defines */ 63 struct malo_node { 64 struct ieee80211_node ni; 65 }; 66 67 struct malo_rx_data { 68 bus_dmamap_t map; 69 struct mbuf *m; 70 }; 71 72 struct malo_tx_data { 73 bus_dmamap_t map; 74 struct mbuf *m; 75 uint32_t softstat; 76 struct ieee80211_node *ni; 77 }; 78 79 /* RX descriptor used by HW */ 80 struct malo_rx_desc { 81 uint8_t rxctrl; 82 uint8_t rssi; 83 uint8_t status; 84 uint8_t channel; 85 uint16_t len; 86 uint8_t reserved1; /* actually unused */ 87 uint8_t datarate; 88 uint32_t physdata; /* DMA address of data */ 89 uint32_t physnext; /* DMA address of next control block */ 90 uint16_t qosctrl; 91 uint16_t reserved2; 92 } __packed; 93 94 /* TX descriptor used by HW */ 95 struct malo_tx_desc { 96 uint32_t status; 97 uint8_t datarate; 98 uint8_t txpriority; 99 uint16_t qosctrl; 100 uint32_t physdata; /* DMA address of data */ 101 uint16_t len; 102 uint8_t destaddr[6]; 103 uint32_t physnext; /* DMA address of next control block */ 104 uint32_t reserved1; /* SAP packet info ??? */ 105 uint32_t reserved2; 106 } __packed; 107 108 #define MALO_RX_RING_COUNT 256 109 #define MALO_TX_RING_COUNT 256 110 #define MALO_MAX_SCATTER 8 /* XXX unknown, wild guess */ 111 #define MALO_CMD_TIMEOUT 50 /* MALO_CMD_TIMEOUT * 100us */ 112 113 /* 114 * Firmware commands 115 */ 116 #define MALO_CMD_GET_HW_SPEC 0x0003 117 #define MALO_CMD_SET_RADIO 0x001c 118 #define MALO_CMD_SET_AID 0x010d 119 #define MALO_CMD_SET_TXPOWER 0x001e 120 #define MALO_CMD_SET_ANTENNA 0x0020 121 #define MALO_CMD_SET_PRESCAN 0x0107 122 #define MALO_CMD_SET_POSTSCAN 0x0108 123 #define MALO_CMD_SET_RATE 0x0110 124 #define MALO_CMD_SET_CHANNEL 0x010a 125 #define MALO_CMD_SET_RTS 0x0113 126 #define MALO_CMD_SET_SLOT 0x0114 127 #define MALO_CMD_RESPONSE 0x8000 128 129 #define MALO_CMD_RESULT_OK 0x0000 /* everything is fine */ 130 #define MALO_CMD_RESULT_ERROR 0x0001 /* general error */ 131 #define MALO_CMD_RESULT_NOSUPPORT 0x0002 /* command not valid */ 132 #define MALO_CMD_RESULT_PENDING 0x0003 /* will be processed */ 133 #define MALO_CMD_RESULT_BUSY 0x0004 /* command ignored */ 134 #define MALO_CMD_RESULT_PARTIALDATA 0x0005 /* buffer too small */ 135 136 struct malo_cmdheader { 137 uint16_t cmd; 138 uint16_t size; /* size of the command, incl. header */ 139 uint16_t seqnum; /* seems not to matter that much */ 140 uint16_t result; /* set to 0 on request */ 141 /* following the data payload, up to 256 bytes */ 142 }; 143 144 struct malo_hw_spec { 145 uint16_t HwVersion; 146 uint16_t NumOfWCB; 147 uint16_t NumOfMCastAdr; 148 uint8_t PermanentAddress[6]; 149 uint16_t RegionCode; 150 uint16_t NumberOfAntenna; 151 uint32_t FWReleaseNumber; 152 uint32_t WcbBase0; 153 uint32_t RxPdWrPtr; 154 uint32_t RxPdRdPtr; 155 uint32_t CookiePtr; 156 uint32_t WcbBase1; 157 uint32_t WcbBase2; 158 uint32_t WcbBase3; 159 } __packed; 160 161 struct malo_cmd_radio { 162 uint16_t action; 163 uint16_t preamble_mode; 164 uint16_t enable; 165 } __packed; 166 167 struct malo_cmd_aid { 168 uint16_t associd; 169 uint8_t macaddr[6]; 170 uint32_t gprotection; 171 uint8_t aprates[14]; 172 } __packed; 173 174 struct malo_cmd_txpower { 175 uint16_t action; 176 uint16_t supportpowerlvl; 177 uint16_t currentpowerlvl; 178 uint16_t reserved; 179 uint16_t powerlvllist[8]; 180 } __packed; 181 182 struct malo_cmd_antenna { 183 uint16_t action; 184 uint16_t mode; 185 } __packed; 186 187 struct malo_cmd_postscan { 188 uint32_t isibss; 189 uint8_t bssid[6]; 190 } __packed; 191 192 struct malo_cmd_channel { 193 uint16_t action; 194 uint8_t channel; 195 } __packed; 196 197 struct malo_cmd_rate { 198 uint8_t dataratetype; 199 uint8_t rateindex; 200 uint8_t aprates[14]; 201 } __packed; 202 203 struct malo_cmd_rts { 204 uint16_t action; 205 uint32_t threshold; 206 } __packed; 207 208 struct malo_cmd_slot { 209 uint16_t action; 210 uint8_t slot; 211 } __packed; 212 213 #define malo_mem_write4(sc, off, x) \ 214 bus_space_write_4((sc)->sc_mem1_bt, (sc)->sc_mem1_bh, (off), (x)) 215 #define malo_mem_write2(sc, off, x) \ 216 bus_space_write_2((sc)->sc_mem1_bt, (sc)->sc_mem1_bh, (off), (x)) 217 #define malo_mem_write1(sc, off, x) \ 218 bus_space_write_1((sc)->sc_mem1_bt, (sc)->sc_mem1_bh, (off), (x)) 219 220 #define malo_mem_read4(sc, off) \ 221 bus_space_read_4((sc)->sc_mem1_bt, (sc)->sc_mem1_bh, (off)) 222 #define malo_mem_read1(sc, off) \ 223 bus_space_read_1((sc)->sc_mem1_bt, (sc)->sc_mem1_bh, (off)) 224 225 #define malo_ctl_write4(sc, off, x) \ 226 bus_space_write_4((sc)->sc_mem2_bt, (sc)->sc_mem2_bh, (off), (x)) 227 #define malo_ctl_read4(sc, off) \ 228 bus_space_read_4((sc)->sc_mem2_bt, (sc)->sc_mem2_bh, (off)) 229 #define malo_ctl_read1(sc, off) \ 230 bus_space_read_1((sc)->sc_mem2_bt, (sc)->sc_mem2_bh, (off)) 231 232 #define malo_ctl_barrier(sc, t) \ 233 bus_space_barrier((sc)->sc_mem2_bt, (sc)->sc_mem2_bh, 0x0c00, 0xff, (t)) 234 235 struct cfdriver malo_cd = { 236 NULL, "malo", DV_IFNET 237 }; 238 239 int malo_alloc_cmd(struct malo_softc *sc); 240 void malo_free_cmd(struct malo_softc *sc); 241 void malo_send_cmd(struct malo_softc *sc, bus_addr_t addr); 242 int malo_send_cmd_dma(struct malo_softc *sc, bus_addr_t addr); 243 int malo_alloc_rx_ring(struct malo_softc *sc, struct malo_rx_ring *ring, 244 int count); 245 void malo_reset_rx_ring(struct malo_softc *sc, struct malo_rx_ring *ring); 246 void malo_free_rx_ring(struct malo_softc *sc, struct malo_rx_ring *ring); 247 int malo_alloc_tx_ring(struct malo_softc *sc, struct malo_tx_ring *ring, 248 int count); 249 void malo_reset_tx_ring(struct malo_softc *sc, struct malo_tx_ring *ring); 250 void malo_free_tx_ring(struct malo_softc *sc, struct malo_tx_ring *ring); 251 int malo_init(struct ifnet *ifp); 252 int malo_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data); 253 void malo_start(struct ifnet *ifp); 254 void malo_stop(struct malo_softc *sc); 255 void malo_watchdog(struct ifnet *ifp); 256 int malo_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, 257 int arg); 258 void malo_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, 259 int isnew); 260 struct ieee80211_node * 261 malo_node_alloc(struct ieee80211com *ic); 262 int malo_media_change(struct ifnet *ifp); 263 void malo_media_status(struct ifnet *ifp, struct ifmediareq *imr); 264 int malo_chip2rate(int chip_rate); 265 int malo_fix2rate(int fix_rate); 266 void malo_next_scan(void *arg); 267 void malo_tx_intr(struct malo_softc *sc); 268 int malo_tx_mgt(struct malo_softc *sc, struct mbuf *m0, 269 struct ieee80211_node *ni); 270 int malo_tx_data(struct malo_softc *sc, struct mbuf *m0, 271 struct ieee80211_node *ni); 272 void malo_tx_setup_desc(struct malo_softc *sc, struct malo_tx_desc *desc, 273 int len, int rate, const bus_dma_segment_t *segs, int nsegs); 274 void malo_rx_intr(struct malo_softc *sc); 275 int malo_load_bootimg(struct malo_softc *sc); 276 int malo_load_firmware(struct malo_softc *sc); 277 278 int malo_set_slot(struct malo_softc *sc); 279 void malo_update_slot(struct ieee80211com *ic); 280 #ifdef MALO_DEBUG 281 void malo_hexdump(void *buf, int len); 282 #endif 283 static char * 284 malo_cmd_string(uint16_t cmd); 285 static char * 286 malo_cmd_string_result(uint16_t result); 287 int malo_cmd_get_spec(struct malo_softc *sc); 288 int malo_cmd_set_prescan(struct malo_softc *sc); 289 int malo_cmd_set_postscan(struct malo_softc *sc, uint8_t *macaddr, 290 uint8_t ibsson); 291 int malo_cmd_set_channel(struct malo_softc *sc, uint8_t channel); 292 int malo_cmd_set_antenna(struct malo_softc *sc, uint16_t antenna_type); 293 int malo_cmd_set_radio(struct malo_softc *sc, uint16_t mode, 294 uint16_t preamble); 295 int malo_cmd_set_aid(struct malo_softc *sc, uint8_t *bssid, 296 uint16_t associd); 297 int malo_cmd_set_txpower(struct malo_softc *sc, unsigned int powerlevel); 298 int malo_cmd_set_rts(struct malo_softc *sc, uint32_t threshold); 299 int malo_cmd_set_slot(struct malo_softc *sc, uint8_t slot); 300 int malo_cmd_set_rate(struct malo_softc *sc, uint8_t rate); 301 void malo_cmd_response(struct malo_softc *sc); 302 303 int 304 malo_intr(void *arg) 305 { 306 struct malo_softc *sc = arg; 307 uint32_t status; 308 309 status = malo_ctl_read4(sc, 0x0c30); 310 if (status == 0xffffffff || status == 0) 311 /* not for us */ 312 return (0); 313 314 if (status & 0x1) 315 malo_tx_intr(sc); 316 if (status & 0x2) 317 malo_rx_intr(sc); 318 if (status & 0x4) { 319 /* XXX cmd done interrupt handling doesn't work yet */ 320 DPRINTF(1, "%s: got cmd done interrupt\n", sc->sc_dev.dv_xname); 321 //malo_cmd_response(sc); 322 } 323 324 if (status & ~0x7) 325 DPRINTF(1, "%s: unknown interrupt %x\n", 326 sc->sc_dev.dv_xname, status); 327 328 /* just ack the interrupt */ 329 malo_ctl_write4(sc, 0x0c30, 0); 330 331 return (1); 332 } 333 334 int 335 malo_attach(struct malo_softc *sc) 336 { 337 struct ieee80211com *ic = &sc->sc_ic; 338 struct ifnet *ifp = &sc->sc_ic.ic_if; 339 int i; 340 341 /* initialize channel scanning timer */ 342 timeout_set(&sc->sc_scan_to, malo_next_scan, sc); 343 344 /* allocate DMA structures */ 345 malo_alloc_cmd(sc); 346 malo_alloc_rx_ring(sc, &sc->sc_rxring, MALO_RX_RING_COUNT); 347 malo_alloc_tx_ring(sc, &sc->sc_txring, MALO_TX_RING_COUNT); 348 349 /* setup interface */ 350 ifp->if_softc = sc; 351 ifp->if_init = malo_init; 352 ifp->if_ioctl = malo_ioctl; 353 ifp->if_start = malo_start; 354 ifp->if_watchdog = malo_watchdog; 355 ifp->if_flags = IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST; 356 strlcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 357 IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN); 358 IFQ_SET_READY(&ifp->if_snd); 359 360 /* set supported rates */ 361 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 362 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 363 sc->sc_last_txrate = -1; 364 365 /* set channels */ 366 for (i = 1; i <= 14; i++) { 367 ic->ic_channels[i].ic_freq = 368 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 369 ic->ic_channels[i].ic_flags = 370 IEEE80211_CHAN_PUREG | 371 IEEE80211_CHAN_B | 372 IEEE80211_CHAN_G; 373 } 374 375 /* set the rest */ 376 ic->ic_caps = 377 IEEE80211_C_IBSS | 378 IEEE80211_C_MONITOR | 379 IEEE80211_C_SHPREAMBLE | 380 IEEE80211_C_SHSLOT | 381 IEEE80211_C_WEP | 382 IEEE80211_C_RSN; 383 ic->ic_opmode = IEEE80211_M_STA; 384 ic->ic_state = IEEE80211_S_INIT; 385 ic->ic_max_rssi = 75; 386 for (i = 0; i < 6; i++) 387 ic->ic_myaddr[i] = malo_ctl_read1(sc, 0xa528 + i); 388 389 /* show our mac address */ 390 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 391 392 /* attach interface */ 393 if_attach(ifp); 394 ieee80211_ifattach(ifp); 395 396 /* post attach vector functions */ 397 sc->sc_newstate = ic->ic_newstate; 398 ic->ic_newstate = malo_newstate; 399 ic->ic_newassoc = malo_newassoc; 400 ic->ic_node_alloc = malo_node_alloc; 401 ic->ic_updateslot = malo_update_slot; 402 403 ieee80211_media_init(ifp, malo_media_change, malo_media_status); 404 405 #if NBPFILTER > 0 406 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 407 sizeof(struct ieee80211_frame) + 64); 408 409 sc->sc_rxtap_len = sizeof(sc->sc_rxtapu); 410 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 411 sc->sc_rxtap.wr_ihdr.it_present = htole32(MALO_RX_RADIOTAP_PRESENT); 412 413 sc->sc_txtap_len = sizeof(sc->sc_txtapu); 414 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 415 sc->sc_txtap.wt_ihdr.it_present = htole32(MALO_TX_RADIOTAP_PRESENT); 416 #endif 417 418 return (0); 419 } 420 421 int 422 malo_detach(void *arg) 423 { 424 struct malo_softc *sc = arg; 425 struct ieee80211com *ic = &sc->sc_ic; 426 struct ifnet *ifp = &ic->ic_if; 427 428 /* remove channel scanning timer */ 429 timeout_del(&sc->sc_scan_to); 430 431 malo_stop(sc); 432 ieee80211_ifdetach(ifp); 433 if_detach(ifp); 434 malo_free_cmd(sc); 435 malo_free_rx_ring(sc, &sc->sc_rxring); 436 malo_free_tx_ring(sc, &sc->sc_txring); 437 438 return (0); 439 } 440 441 int 442 malo_alloc_cmd(struct malo_softc *sc) 443 { 444 int error, nsegs; 445 446 error = bus_dmamap_create(sc->sc_dmat, PAGE_SIZE, 1, 447 PAGE_SIZE, 0, BUS_DMA_ALLOCNOW, &sc->sc_cmd_dmam); 448 if (error != 0) { 449 printf("%s: can not create DMA tag\n", sc->sc_dev.dv_xname); 450 return (-1); 451 } 452 453 error = bus_dmamem_alloc(sc->sc_dmat, PAGE_SIZE, PAGE_SIZE, 454 0, &sc->sc_cmd_dmas, 1, &nsegs, BUS_DMA_WAITOK); 455 if (error != 0) { 456 printf("%s: error alloc dma memory\n", sc->sc_dev.dv_xname); 457 return (-1); 458 } 459 460 error = bus_dmamem_map(sc->sc_dmat, &sc->sc_cmd_dmas, nsegs, 461 PAGE_SIZE, (caddr_t *)&sc->sc_cmd_mem, BUS_DMA_WAITOK); 462 if (error != 0) { 463 printf("%s: error map dma memory\n", sc->sc_dev.dv_xname); 464 return (-1); 465 } 466 467 error = bus_dmamap_load(sc->sc_dmat, sc->sc_cmd_dmam, 468 sc->sc_cmd_mem, PAGE_SIZE, NULL, BUS_DMA_NOWAIT); 469 if (error != 0) { 470 printf("%s: error load dma memory\n", sc->sc_dev.dv_xname); 471 bus_dmamem_free(sc->sc_dmat, &sc->sc_cmd_dmas, nsegs); 472 return (-1); 473 } 474 475 sc->sc_cookie = sc->sc_cmd_mem; 476 *sc->sc_cookie = htole32(0xaa55aa55); 477 sc->sc_cmd_mem = sc->sc_cmd_mem + sizeof(uint32_t); 478 sc->sc_cookie_dmaaddr = sc->sc_cmd_dmam->dm_segs[0].ds_addr; 479 sc->sc_cmd_dmaaddr = sc->sc_cmd_dmam->dm_segs[0].ds_addr + 480 sizeof(uint32_t); 481 482 return (0); 483 } 484 485 void 486 malo_free_cmd(struct malo_softc *sc) 487 { 488 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 489 BUS_DMASYNC_POSTWRITE); 490 bus_dmamap_unload(sc->sc_dmat, sc->sc_cmd_dmam); 491 bus_dmamem_unmap(sc->sc_dmat, (caddr_t)sc->sc_cookie, PAGE_SIZE); 492 bus_dmamem_free(sc->sc_dmat, &sc->sc_cmd_dmas, 1); 493 } 494 495 void 496 malo_send_cmd(struct malo_softc *sc, bus_addr_t addr) 497 { 498 malo_ctl_write4(sc, 0x0c10, (uint32_t)addr); 499 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE); 500 malo_ctl_write4(sc, 0x0c18, 2); /* CPU_TRANSFER_CMD */ 501 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE); 502 } 503 504 int 505 malo_send_cmd_dma(struct malo_softc *sc, bus_addr_t addr) 506 { 507 int i; 508 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 509 510 malo_ctl_write4(sc, 0x0c10, (uint32_t)addr); 511 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE); 512 malo_ctl_write4(sc, 0x0c18, 2); /* CPU_TRANSFER_CMD */ 513 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE); 514 515 for (i = 0; i < MALO_CMD_TIMEOUT; i++) { 516 delay(100); 517 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 518 BUS_DMASYNC_POSTWRITE | BUS_DMASYNC_POSTREAD); 519 if (hdr->cmd & htole16(0x8000)) 520 break; 521 } 522 if (i == MALO_CMD_TIMEOUT) { 523 printf("%s: timeout while waiting for cmd response!\n", 524 sc->sc_dev.dv_xname); 525 return (ETIMEDOUT); 526 } 527 528 malo_cmd_response(sc); 529 530 return (0); 531 } 532 533 int 534 malo_alloc_rx_ring(struct malo_softc *sc, struct malo_rx_ring *ring, int count) 535 { 536 struct malo_rx_desc *desc; 537 struct malo_rx_data *data; 538 int i, nsegs, error; 539 540 ring->count = count; 541 ring->cur = ring->next = 0; 542 543 error = bus_dmamap_create(sc->sc_dmat, 544 count * sizeof(struct malo_rx_desc), 1, 545 count * sizeof(struct malo_rx_desc), 0, 546 BUS_DMA_NOWAIT, &ring->map); 547 if (error != 0) { 548 printf("%s: could not create desc DMA map\n", 549 sc->sc_dev.dv_xname); 550 goto fail; 551 } 552 553 error = bus_dmamem_alloc(sc->sc_dmat, 554 count * sizeof(struct malo_rx_desc), 555 PAGE_SIZE, 0, &ring->seg, 1, &nsegs, BUS_DMA_NOWAIT); 556 if (error != 0) { 557 printf("%s: could not allocate DMA memory\n", 558 sc->sc_dev.dv_xname); 559 goto fail; 560 } 561 562 error = bus_dmamem_map(sc->sc_dmat, &ring->seg, nsegs, 563 count * sizeof(struct malo_rx_desc), (caddr_t *)&ring->desc, 564 BUS_DMA_NOWAIT); 565 if (error != 0) { 566 printf("%s: can't map desc DMA memory\n", 567 sc->sc_dev.dv_xname); 568 goto fail; 569 } 570 571 error = bus_dmamap_load(sc->sc_dmat, ring->map, ring->desc, 572 count * sizeof(struct malo_rx_desc), NULL, BUS_DMA_NOWAIT); 573 if (error != 0) { 574 printf("%s: could not load desc DMA map\n", 575 sc->sc_dev.dv_xname); 576 goto fail; 577 } 578 579 bzero(ring->desc, count * sizeof(struct malo_rx_desc)); 580 ring->physaddr = ring->map->dm_segs->ds_addr; 581 582 ring->data = malloc(count * sizeof (struct malo_rx_data), M_DEVBUF, 583 M_NOWAIT); 584 if (ring->data == NULL) { 585 printf("%s: could not allocate soft data\n", 586 sc->sc_dev.dv_xname); 587 error = ENOMEM; 588 goto fail; 589 } 590 591 /* 592 * Pre-allocate Rx buffers and populate Rx ring. 593 */ 594 bzero(ring->data, count * sizeof (struct malo_rx_data)); 595 for (i = 0; i < count; i++) { 596 desc = &ring->desc[i]; 597 data = &ring->data[i]; 598 599 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, MCLBYTES, 600 0, BUS_DMA_NOWAIT, &data->map); 601 if (error != 0) { 602 printf("%s: could not create DMA map\n", 603 sc->sc_dev.dv_xname); 604 goto fail; 605 } 606 607 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 608 if (data->m == NULL) { 609 printf("%s: could not allocate rx mbuf\n", 610 sc->sc_dev.dv_xname); 611 error = ENOMEM; 612 goto fail; 613 } 614 615 MCLGET(data->m, M_DONTWAIT); 616 if (!(data->m->m_flags & M_EXT)) { 617 printf("%s: could not allocate rx mbuf cluster\n", 618 sc->sc_dev.dv_xname); 619 error = ENOMEM; 620 goto fail; 621 } 622 623 error = bus_dmamap_load(sc->sc_dmat, data->map, 624 mtod(data->m, void *), MCLBYTES, NULL, BUS_DMA_NOWAIT); 625 if (error != 0) { 626 printf("%s: could not load rx buf DMA map", 627 sc->sc_dev.dv_xname); 628 goto fail; 629 } 630 631 desc->status = htole16(1); 632 desc->physdata = htole32(data->map->dm_segs->ds_addr); 633 desc->physnext = htole32(ring->physaddr + 634 (i + 1) % count * sizeof(struct malo_rx_desc)); 635 } 636 637 bus_dmamap_sync(sc->sc_dmat, ring->map, 0, ring->map->dm_mapsize, 638 BUS_DMASYNC_PREWRITE); 639 640 return (0); 641 642 fail: malo_free_rx_ring(sc, ring); 643 return (error); 644 } 645 646 void 647 malo_reset_rx_ring(struct malo_softc *sc, struct malo_rx_ring *ring) 648 { 649 int i; 650 651 for (i = 0; i < ring->count; i++) 652 ring->desc[i].status = 0; 653 654 bus_dmamap_sync(sc->sc_dmat, ring->map, 0, ring->map->dm_mapsize, 655 BUS_DMASYNC_PREWRITE); 656 657 ring->cur = ring->next = 0; 658 } 659 660 void 661 malo_free_rx_ring(struct malo_softc *sc, struct malo_rx_ring *ring) 662 { 663 struct malo_rx_data *data; 664 int i; 665 666 if (ring->desc != NULL) { 667 bus_dmamap_sync(sc->sc_dmat, ring->map, 0, 668 ring->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 669 bus_dmamap_unload(sc->sc_dmat, ring->map); 670 bus_dmamem_unmap(sc->sc_dmat, (caddr_t)ring->desc, 671 ring->count * sizeof(struct malo_rx_desc)); 672 bus_dmamem_free(sc->sc_dmat, &ring->seg, 1); 673 } 674 675 if (ring->data != NULL) { 676 for (i = 0; i < ring->count; i++) { 677 data = &ring->data[i]; 678 679 if (data->m != NULL) { 680 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 681 data->map->dm_mapsize, 682 BUS_DMASYNC_POSTREAD); 683 bus_dmamap_unload(sc->sc_dmat, data->map); 684 m_freem(data->m); 685 } 686 687 if (data->map != NULL) 688 bus_dmamap_destroy(sc->sc_dmat, data->map); 689 } 690 free(ring->data, M_DEVBUF); 691 } 692 } 693 694 int 695 malo_alloc_tx_ring(struct malo_softc *sc, struct malo_tx_ring *ring, 696 int count) 697 { 698 int i, nsegs, error; 699 700 ring->count = count; 701 ring->queued = 0; 702 ring->cur = ring->next = ring->stat = 0; 703 704 error = bus_dmamap_create(sc->sc_dmat, 705 count * sizeof(struct malo_tx_desc), 1, 706 count * sizeof(struct malo_tx_desc), 0, BUS_DMA_NOWAIT, &ring->map); 707 if (error != 0) { 708 printf("%s: could not create desc DMA map\n", 709 sc->sc_dev.dv_xname); 710 goto fail; 711 } 712 713 error = bus_dmamem_alloc(sc->sc_dmat, 714 count * sizeof(struct malo_tx_desc), 715 PAGE_SIZE, 0, &ring->seg, 1, &nsegs, BUS_DMA_NOWAIT); 716 if (error != 0) { 717 printf("%s: could not allocate DMA memory\n", 718 sc->sc_dev.dv_xname); 719 goto fail; 720 } 721 722 error = bus_dmamem_map(sc->sc_dmat, &ring->seg, nsegs, 723 count * sizeof(struct malo_tx_desc), (caddr_t *)&ring->desc, 724 BUS_DMA_NOWAIT); 725 if (error != 0) { 726 printf("%s: can't map desc DMA memory\n", 727 sc->sc_dev.dv_xname); 728 goto fail; 729 } 730 731 error = bus_dmamap_load(sc->sc_dmat, ring->map, ring->desc, 732 count * sizeof(struct malo_tx_desc), NULL, BUS_DMA_NOWAIT); 733 if (error != 0) { 734 printf("%s: could not load desc DMA map\n", 735 sc->sc_dev.dv_xname); 736 goto fail; 737 } 738 739 memset(ring->desc, 0, count * sizeof(struct malo_tx_desc)); 740 ring->physaddr = ring->map->dm_segs->ds_addr; 741 742 ring->data = malloc(count * sizeof(struct malo_tx_data), M_DEVBUF, 743 M_NOWAIT); 744 if (ring->data == NULL) { 745 printf("%s: could not allocate soft data\n", 746 sc->sc_dev.dv_xname); 747 error = ENOMEM; 748 goto fail; 749 } 750 751 memset(ring->data, 0, count * sizeof(struct malo_tx_data)); 752 for (i = 0; i < count; i++) { 753 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 754 MALO_MAX_SCATTER, MCLBYTES, 0, BUS_DMA_NOWAIT, 755 &ring->data[i].map); 756 if (error != 0) { 757 printf("%s: could not create DMA map\n", 758 sc->sc_dev.dv_xname); 759 goto fail; 760 } 761 ring->desc[i].physnext = htole32(ring->physaddr + 762 (i + 1) % count * sizeof(struct malo_tx_desc)); 763 } 764 765 return (0); 766 767 fail: malo_free_tx_ring(sc, ring); 768 return (error); 769 } 770 771 void 772 malo_reset_tx_ring(struct malo_softc *sc, struct malo_tx_ring *ring) 773 { 774 struct malo_tx_desc *desc; 775 struct malo_tx_data *data; 776 int i; 777 778 for (i = 0; i < ring->count; i++) { 779 desc = &ring->desc[i]; 780 data = &ring->data[i]; 781 782 if (data->m != NULL) { 783 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 784 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 785 bus_dmamap_unload(sc->sc_dmat, data->map); 786 m_freem(data->m); 787 data->m = NULL; 788 } 789 790 /* 791 * The node has already been freed at that point so don't call 792 * ieee80211_release_node() here. 793 */ 794 data->ni = NULL; 795 796 desc->status = 0; 797 } 798 799 bus_dmamap_sync(sc->sc_dmat, ring->map, 0, ring->map->dm_mapsize, 800 BUS_DMASYNC_PREWRITE); 801 802 ring->queued = 0; 803 ring->cur = ring->next = ring->stat = 0; 804 } 805 806 void 807 malo_free_tx_ring(struct malo_softc *sc, struct malo_tx_ring *ring) 808 { 809 struct malo_tx_data *data; 810 int i; 811 812 if (ring->desc != NULL) { 813 bus_dmamap_sync(sc->sc_dmat, ring->map, 0, 814 ring->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 815 bus_dmamap_unload(sc->sc_dmat, ring->map); 816 bus_dmamem_unmap(sc->sc_dmat, (caddr_t)ring->desc, 817 ring->count * sizeof(struct malo_tx_desc)); 818 bus_dmamem_free(sc->sc_dmat, &ring->seg, 1); 819 } 820 821 if (ring->data != NULL) { 822 for (i = 0; i < ring->count; i++) { 823 data = &ring->data[i]; 824 825 if (data->m != NULL) { 826 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 827 data->map->dm_mapsize, 828 BUS_DMASYNC_POSTWRITE); 829 bus_dmamap_unload(sc->sc_dmat, data->map); 830 m_freem(data->m); 831 } 832 833 /* 834 * The node has already been freed at that point so 835 * don't call ieee80211_release_node() here. 836 */ 837 data->ni = NULL; 838 839 if (data->map != NULL) 840 bus_dmamap_destroy(sc->sc_dmat, data->map); 841 } 842 free(ring->data, M_DEVBUF); 843 } 844 } 845 846 int 847 malo_init(struct ifnet *ifp) 848 { 849 struct malo_softc *sc = ifp->if_softc; 850 struct ieee80211com *ic = &sc->sc_ic; 851 uint8_t chan; 852 int error; 853 854 DPRINTF(1, "%s: %s\n", ifp->if_xname, __func__); 855 856 /* if interface already runs stop it first */ 857 if (ifp->if_flags & IFF_RUNNING) 858 malo_stop(sc); 859 860 /* power on cardbus socket */ 861 if (sc->sc_enable) 862 sc->sc_enable(sc); 863 864 /* disable interrupts */ 865 malo_ctl_read4(sc, 0x0c30); 866 malo_ctl_write4(sc, 0x0c30, 0); 867 malo_ctl_write4(sc, 0x0c34, 0); 868 malo_ctl_write4(sc, 0x0c3c, 0); 869 870 /* load firmware */ 871 if ((error = malo_load_bootimg(sc))) 872 goto fail; 873 if ((error = malo_load_firmware(sc))) 874 goto fail; 875 876 /* enable interrupts */ 877 malo_ctl_write4(sc, 0x0c34, 0x1f); 878 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE); 879 malo_ctl_write4(sc, 0x0c3c, 0x1f); 880 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE); 881 882 if ((error = malo_cmd_get_spec(sc))) 883 goto fail; 884 885 /* select default channel */ 886 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 887 chan = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 888 889 /* initialize hardware */ 890 if ((error = malo_cmd_set_channel(sc, chan))) { 891 printf("%s: setting channel failed!\n", 892 sc->sc_dev.dv_xname); 893 goto fail; 894 } 895 if ((error = malo_cmd_set_antenna(sc, 1))) { 896 printf("%s: setting RX antenna failed!\n", 897 sc->sc_dev.dv_xname); 898 goto fail; 899 } 900 if ((error = malo_cmd_set_antenna(sc, 2))) { 901 printf("%s: setting TX antenna failed!\n", 902 sc->sc_dev.dv_xname); 903 goto fail; 904 } 905 if ((error = malo_cmd_set_radio(sc, 1, 5))) { 906 printf("%s: turn radio on failed!\n", 907 sc->sc_dev.dv_xname); 908 goto fail; 909 } 910 if ((error = malo_cmd_set_txpower(sc, 100))) { 911 printf("%s: setting TX power failed!\n", 912 sc->sc_dev.dv_xname); 913 goto fail; 914 } 915 if ((error = malo_cmd_set_rts(sc, IEEE80211_RTS_MAX))) { 916 printf("%s: setting RTS failed!\n", 917 sc->sc_dev.dv_xname); 918 goto fail; 919 } 920 921 ifp->if_flags |= IFF_RUNNING; 922 923 if (ic->ic_opmode != IEEE80211_M_MONITOR) 924 /* start background scanning */ 925 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 926 else 927 /* in monitor mode change directly into run state */ 928 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 929 930 return (0); 931 932 fail: 933 /* reset adapter */ 934 DPRINTF(1, "%s: malo_init failed, reseting card\n", 935 sc->sc_dev.dv_xname); 936 malo_ctl_write4(sc, 0x0c18, (1 << 15)); 937 return (error); 938 } 939 940 int 941 malo_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 942 { 943 struct malo_softc *sc = ifp->if_softc; 944 struct ieee80211com *ic = &sc->sc_ic; 945 struct ifaddr *ifa; 946 struct ifreq *ifr; 947 int s, error = 0; 948 uint8_t chan; 949 950 s = splnet(); 951 952 switch (cmd) { 953 case SIOCSIFADDR: 954 ifa = (struct ifaddr *)data; 955 ifp->if_flags |= IFF_UP; 956 #ifdef INET 957 if (ifa->ifa_addr->sa_family == AF_INET) 958 arp_ifinit(&ic->ic_ac, ifa); 959 #endif 960 /* FALLTHROUGH */ 961 case SIOCSIFFLAGS: 962 if (ifp->if_flags & IFF_UP) { 963 if ((ifp->if_flags & IFF_RUNNING) == 0) 964 malo_init(ifp); 965 } else { 966 if (ifp->if_flags & IFF_RUNNING) 967 malo_stop(sc); 968 } 969 break; 970 case SIOCADDMULTI: 971 case SIOCDELMULTI: 972 ifr = (struct ifreq *)data; 973 error = (cmd == SIOCADDMULTI) ? 974 ether_addmulti(ifr, &ic->ic_ac) : 975 ether_delmulti(ifr, &ic->ic_ac); 976 977 if (error == ENETRESET) 978 error = 0; 979 break; 980 case SIOCS80211CHANNEL: 981 /* allow fast channel switching in monitor mode */ 982 error = ieee80211_ioctl(ifp, cmd, data); 983 if (error == ENETRESET && 984 ic->ic_opmode == IEEE80211_M_MONITOR) { 985 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 986 (IFF_UP | IFF_RUNNING)) { 987 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 988 chan = ieee80211_chan2ieee(ic, 989 ic->ic_bss->ni_chan); 990 malo_cmd_set_channel(sc, chan); 991 } 992 error = 0; 993 } 994 break; 995 default: 996 error = ieee80211_ioctl(ifp, cmd, data); 997 break; 998 } 999 1000 if (error == ENETRESET) { 1001 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1002 (IFF_UP | IFF_RUNNING)) 1003 malo_init(ifp); 1004 error = 0; 1005 } 1006 1007 splx(s); 1008 1009 return (error); 1010 } 1011 1012 void 1013 malo_start(struct ifnet *ifp) 1014 { 1015 struct malo_softc *sc = ifp->if_softc; 1016 struct ieee80211com *ic = &sc->sc_ic; 1017 struct mbuf *m0; 1018 struct ieee80211_node *ni; 1019 1020 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1021 1022 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1023 return; 1024 1025 for (;;) { 1026 IF_POLL(&ic->ic_mgtq, m0); 1027 if (m0 != NULL) { 1028 if (sc->sc_txring.queued >= MALO_TX_RING_COUNT) { 1029 ifp->if_flags |= IFF_OACTIVE; 1030 break; 1031 } 1032 IF_DEQUEUE(&ic->ic_mgtq, m0); 1033 1034 ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif; 1035 m0->m_pkthdr.rcvif = NULL; 1036 #if NBPFILTER > 0 1037 if (ic->ic_rawbpf != NULL) 1038 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT); 1039 #endif 1040 if (malo_tx_mgt(sc, m0, ni) != 0) 1041 break; 1042 } else { 1043 if (ic->ic_state != IEEE80211_S_RUN) 1044 break; 1045 IFQ_POLL(&ifp->if_snd, m0); 1046 if (m0 == NULL) 1047 break; 1048 if (sc->sc_txring.queued >= MALO_TX_RING_COUNT - 1) { 1049 ifp->if_flags |= IFF_OACTIVE; 1050 break; 1051 } 1052 IFQ_DEQUEUE(&ifp->if_snd, m0); 1053 #if NBPFILTER > 0 1054 if (ifp->if_bpf != NULL) 1055 bpf_mtap(ifp->if_bpf, m0, BPF_DIRECTION_OUT); 1056 #endif 1057 m0 = ieee80211_encap(ifp, m0, &ni); 1058 if (m0 == NULL) 1059 continue; 1060 #if NBPFILTER > 0 1061 if (ic->ic_rawbpf != NULL) 1062 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT); 1063 #endif 1064 if (malo_tx_data(sc, m0, ni) != 0) { 1065 if (ni != NULL) 1066 ieee80211_release_node(ic, ni); 1067 ifp->if_oerrors++; 1068 break; 1069 } 1070 } 1071 } 1072 } 1073 1074 void 1075 malo_stop(struct malo_softc *sc) 1076 { 1077 struct ieee80211com *ic = &sc->sc_ic; 1078 struct ifnet *ifp = &ic->ic_if; 1079 1080 DPRINTF(1, "%s: %s\n", ifp->if_xname, __func__); 1081 1082 /* reset adapter */ 1083 if (ifp->if_flags & IFF_RUNNING) 1084 malo_ctl_write4(sc, 0x0c18, (1 << 15)); 1085 1086 /* device is not running anymore */ 1087 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 1088 1089 /* change back to initial state */ 1090 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 1091 1092 /* reset RX / TX rings */ 1093 malo_reset_tx_ring(sc, &sc->sc_txring); 1094 malo_reset_rx_ring(sc, &sc->sc_rxring); 1095 1096 /* set initial rate */ 1097 sc->sc_last_txrate = -1; 1098 1099 /* power off cardbus socket */ 1100 if (sc->sc_disable) 1101 sc->sc_disable(sc); 1102 } 1103 1104 void 1105 malo_watchdog(struct ifnet *ifp) 1106 { 1107 1108 } 1109 1110 int 1111 malo_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1112 { 1113 struct malo_softc *sc = ic->ic_if.if_softc; 1114 enum ieee80211_state ostate; 1115 uint8_t chan; 1116 int rate; 1117 1118 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1119 1120 ostate = ic->ic_state; 1121 timeout_del(&sc->sc_scan_to); 1122 1123 switch (nstate) { 1124 case IEEE80211_S_INIT: 1125 break; 1126 case IEEE80211_S_SCAN: 1127 if (ostate == IEEE80211_S_INIT) { 1128 if (malo_cmd_set_prescan(sc) != 0) 1129 DPRINTF(1, "%s: can't set prescan\n", 1130 sc->sc_dev.dv_xname); 1131 } else { 1132 chan = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1133 1134 malo_cmd_set_channel(sc, chan); 1135 } 1136 timeout_add(&sc->sc_scan_to, hz / 2); 1137 break; 1138 case IEEE80211_S_AUTH: 1139 DPRINTF(1, "%s: newstate AUTH\n", sc->sc_dev.dv_xname); 1140 malo_cmd_set_postscan(sc, ic->ic_myaddr, 1); 1141 chan = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1142 malo_cmd_set_channel(sc, chan); 1143 break; 1144 case IEEE80211_S_ASSOC: 1145 DPRINTF(1, "%s: newstate ASSOC\n", sc->sc_dev.dv_xname); 1146 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1147 malo_cmd_set_radio(sc, 1, 3); /* short preamble */ 1148 else 1149 malo_cmd_set_radio(sc, 1, 1); /* long preamble */ 1150 1151 malo_cmd_set_aid(sc, ic->ic_bss->ni_bssid, 1152 ic->ic_bss->ni_associd); 1153 1154 if (ic->ic_fixed_rate == -1) 1155 /* automatic rate adaption */ 1156 malo_cmd_set_rate(sc, 0); 1157 else { 1158 /* fixed rate */ 1159 rate = malo_fix2rate(ic->ic_fixed_rate); 1160 malo_cmd_set_rate(sc, rate); 1161 } 1162 1163 malo_set_slot(sc); 1164 break; 1165 case IEEE80211_S_RUN: 1166 DPRINTF(1, "%s: newstate RUN\n", sc->sc_dev.dv_xname); 1167 break; 1168 default: 1169 break; 1170 } 1171 1172 return (sc->sc_newstate(ic, nstate, arg)); 1173 } 1174 1175 void 1176 malo_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1177 { 1178 1179 } 1180 1181 struct ieee80211_node * 1182 malo_node_alloc(struct ieee80211com *ic) 1183 { 1184 struct malo_node *wn; 1185 1186 wn = malloc(sizeof(*wn), M_DEVBUF, M_NOWAIT | M_ZERO); 1187 if (wn == NULL) 1188 return (NULL); 1189 1190 return ((struct ieee80211_node *)wn); 1191 } 1192 1193 int 1194 malo_media_change(struct ifnet *ifp) 1195 { 1196 int error; 1197 1198 DPRINTF(1, "%s: %s\n", ifp->if_xname, __func__); 1199 1200 error = ieee80211_media_change(ifp); 1201 if (error != ENETRESET) 1202 return (error); 1203 1204 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) 1205 malo_init(ifp); 1206 1207 return (0); 1208 } 1209 1210 void 1211 malo_media_status(struct ifnet *ifp, struct ifmediareq *imr) 1212 { 1213 struct malo_softc *sc = ifp->if_softc; 1214 struct ieee80211com *ic = &sc->sc_ic; 1215 1216 imr->ifm_status = IFM_AVALID; 1217 imr->ifm_active = IFM_IEEE80211; 1218 if (ic->ic_state == IEEE80211_S_RUN) 1219 imr->ifm_status |= IFM_ACTIVE; 1220 1221 /* report last TX rate used by chip */ 1222 imr->ifm_active |= ieee80211_rate2media(ic, sc->sc_last_txrate, 1223 ic->ic_curmode); 1224 1225 switch (ic->ic_opmode) { 1226 case IEEE80211_M_STA: 1227 break; 1228 #ifndef IEEE80211_STA_ONLY 1229 case IEEE80211_M_IBSS: 1230 imr->ifm_active |= IFM_IEEE80211_ADHOC; 1231 break; 1232 case IEEE80211_M_AHDEMO: 1233 break; 1234 case IEEE80211_M_HOSTAP: 1235 break; 1236 #endif 1237 case IEEE80211_M_MONITOR: 1238 imr->ifm_active |= IFM_IEEE80211_MONITOR; 1239 break; 1240 default: 1241 break; 1242 } 1243 1244 switch (ic->ic_curmode) { 1245 case IEEE80211_MODE_11B: 1246 imr->ifm_active |= IFM_IEEE80211_11B; 1247 break; 1248 case IEEE80211_MODE_11G: 1249 imr->ifm_active |= IFM_IEEE80211_11G; 1250 break; 1251 } 1252 } 1253 1254 int 1255 malo_chip2rate(int chip_rate) 1256 { 1257 switch (chip_rate) { 1258 /* CCK rates */ 1259 case 0: return (2); 1260 case 1: return (4); 1261 case 2: return (11); 1262 case 3: return (22); 1263 1264 /* OFDM rates */ 1265 case 4: return (0); /* reserved */ 1266 case 5: return (12); 1267 case 6: return (18); 1268 case 7: return (24); 1269 case 8: return (36); 1270 case 9: return (48); 1271 case 10: return (72); 1272 case 11: return (96); 1273 case 12: return (108); 1274 1275 /* no rate select yet or unknown rate */ 1276 default: return (-1); 1277 } 1278 } 1279 1280 int 1281 malo_fix2rate(int fix_rate) 1282 { 1283 switch (fix_rate) { 1284 /* CCK rates */ 1285 case 0: return (2); 1286 case 1: return (4); 1287 case 2: return (11); 1288 case 3: return (22); 1289 1290 /* OFDM rates */ 1291 case 4: return (12); 1292 case 5: return (18); 1293 case 6: return (24); 1294 case 7: return (36); 1295 case 8: return (48); 1296 case 9: return (72); 1297 case 10: return (96); 1298 case 11: return (108); 1299 1300 /* unknown rate: should not happen */ 1301 default: return (0); 1302 } 1303 } 1304 1305 void 1306 malo_next_scan(void *arg) 1307 { 1308 struct malo_softc *sc = arg; 1309 struct ieee80211com *ic = &sc->sc_ic; 1310 struct ifnet *ifp = &ic->ic_if; 1311 int s; 1312 1313 DPRINTF(1, "%s: %s\n", ifp->if_xname, __func__); 1314 1315 s = splnet(); 1316 1317 if (ic->ic_state == IEEE80211_S_SCAN) 1318 ieee80211_next_scan(ifp); 1319 1320 splx(s); 1321 } 1322 1323 void 1324 malo_tx_intr(struct malo_softc *sc) 1325 { 1326 struct ieee80211com *ic = &sc->sc_ic; 1327 struct ifnet *ifp = &ic->ic_if; 1328 struct malo_tx_desc *desc; 1329 struct malo_tx_data *data; 1330 struct malo_node *rn; 1331 int stat; 1332 1333 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1334 1335 stat = sc->sc_txring.stat; 1336 for (;;) { 1337 desc = &sc->sc_txring.desc[sc->sc_txring.stat]; 1338 data = &sc->sc_txring.data[sc->sc_txring.stat]; 1339 rn = (struct malo_node *)data->ni; 1340 1341 /* check if TX descriptor is not owned by FW anymore */ 1342 if ((letoh32(desc->status) & 0x80000000) || 1343 !(letoh32(data->softstat) & 0x80)) 1344 break; 1345 1346 /* if no frame has been sent, ignore */ 1347 if (rn == NULL) 1348 goto next; 1349 1350 /* check TX state */ 1351 switch (letoh32(desc->status) & 0x1) { 1352 case 0x1: 1353 DPRINTF(2, "%s: data frame was sent successfully\n", 1354 sc->sc_dev.dv_xname); 1355 ifp->if_opackets++; 1356 break; 1357 default: 1358 DPRINTF(1, "%s: data frame sending error\n", 1359 sc->sc_dev.dv_xname); 1360 ifp->if_oerrors++; 1361 break; 1362 } 1363 1364 /* save last used TX rate */ 1365 sc->sc_last_txrate = malo_chip2rate(desc->datarate); 1366 1367 /* cleanup TX data and TX descriptor */ 1368 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1369 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1370 bus_dmamap_unload(sc->sc_dmat, data->map); 1371 m_freem(data->m); 1372 ieee80211_release_node(ic, data->ni); 1373 data->m = NULL; 1374 data->ni = NULL; 1375 data->softstat &= htole32(~0x80); 1376 desc->status = 0; 1377 desc->len = 0; 1378 1379 DPRINTF(2, "%s: tx done idx=%u\n", 1380 sc->sc_txring.stat, sc->sc_dev.dv_xname); 1381 1382 sc->sc_txring.queued--; 1383 next: 1384 if (++sc->sc_txring.stat >= sc->sc_txring.count) 1385 sc->sc_txring.stat = 0; 1386 if (sc->sc_txring.stat == stat) 1387 break; 1388 } 1389 1390 sc->sc_tx_timer = 0; 1391 ifp->if_flags &= ~IFF_OACTIVE; 1392 malo_start(ifp); 1393 } 1394 1395 int 1396 malo_tx_mgt(struct malo_softc *sc, struct mbuf *m0, struct ieee80211_node *ni) 1397 { 1398 struct ieee80211com *ic = &sc->sc_ic; 1399 struct ifnet *ifp = &ic->ic_if; 1400 struct malo_tx_desc *desc; 1401 struct malo_tx_data *data; 1402 struct ieee80211_frame *wh; 1403 int error; 1404 1405 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1406 1407 desc = &sc->sc_txring.desc[sc->sc_txring.cur]; 1408 data = &sc->sc_txring.data[sc->sc_txring.cur]; 1409 1410 if (m0->m_len < sizeof(struct ieee80211_frame)) { 1411 m0 = m_pullup(m0, sizeof(struct ieee80211_frame)); 1412 if (m0 == NULL) { 1413 ifp->if_ierrors++; 1414 return (ENOBUFS); 1415 } 1416 } 1417 wh = mtod(m0, struct ieee80211_frame *); 1418 1419 #if NBPFILTER > 0 1420 if (sc->sc_drvbpf != NULL) { 1421 struct mbuf mb; 1422 struct malo_tx_radiotap_hdr *tap = &sc->sc_txtap; 1423 1424 tap->wt_flags = 0; 1425 tap->wt_rate = sc->sc_last_txrate; 1426 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 1427 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1428 1429 mb.m_data = (caddr_t)tap; 1430 mb.m_len = sc->sc_txtap_len; 1431 mb.m_next = m0; 1432 mb.m_nextpkt = NULL; 1433 mb.m_type = 0; 1434 mb.m_flags = 0; 1435 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1436 } 1437 #endif 1438 /* 1439 * inject FW specific fields into the 802.11 frame 1440 * 1441 * 2 bytes FW len (inject) 1442 * 24 bytes 802.11 frame header 1443 * 6 bytes addr4 (inject) 1444 * n bytes 802.11 frame body 1445 */ 1446 if (M_LEADINGSPACE(m0) < 8) { 1447 if (M_TRAILINGSPACE(m0) < 8) 1448 panic("%s: not enough space for mbuf dance", 1449 sc->sc_dev.dv_xname); 1450 bcopy(m0->m_data, m0->m_data + 8, m0->m_len); 1451 m0->m_data += 8; 1452 } 1453 1454 /* move frame header */ 1455 bcopy(m0->m_data, m0->m_data - 6, sizeof(*wh)); 1456 m0->m_data -= 8; 1457 m0->m_len += 8; 1458 m0->m_pkthdr.len += 8; 1459 *mtod(m0, uint16_t *) = htole16(m0->m_len - 32); /* FW len */ 1460 1461 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 1462 BUS_DMA_NOWAIT); 1463 if (error != 0) { 1464 printf("%s: can't map mbuf (error %d)\n", 1465 sc->sc_dev.dv_xname, error); 1466 m_freem(m0); 1467 return (error); 1468 } 1469 1470 data->m = m0; 1471 data->ni = ni; 1472 data->softstat |= htole32(0x80); 1473 1474 malo_tx_setup_desc(sc, desc, m0->m_pkthdr.len, 0, 1475 data->map->dm_segs, data->map->dm_nsegs); 1476 1477 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1478 BUS_DMASYNC_PREWRITE); 1479 bus_dmamap_sync(sc->sc_dmat, sc->sc_txring.map, 1480 sc->sc_txring.cur * sizeof(struct malo_tx_desc), 1481 sizeof(struct malo_tx_desc), BUS_DMASYNC_PREWRITE); 1482 1483 DPRINTF(2, "%s: sending mgmt frame, pktlen=%u, idx=%u\n", 1484 sc->sc_dev.dv_xname, m0->m_pkthdr.len, sc->sc_txring.cur); 1485 1486 sc->sc_txring.queued++; 1487 sc->sc_txring.cur = (sc->sc_txring.cur + 1) % MALO_TX_RING_COUNT; 1488 1489 /* kick mgmt TX */ 1490 malo_ctl_write4(sc, 0x0c18, 1); 1491 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE); 1492 1493 return (0); 1494 } 1495 1496 int 1497 malo_tx_data(struct malo_softc *sc, struct mbuf *m0, 1498 struct ieee80211_node *ni) 1499 { 1500 struct ieee80211com *ic = &sc->sc_ic; 1501 struct ifnet *ifp = &ic->ic_if; 1502 struct malo_tx_desc *desc; 1503 struct malo_tx_data *data; 1504 struct ieee80211_frame *wh; 1505 struct ieee80211_key *k; 1506 struct mbuf *mnew; 1507 int error; 1508 1509 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1510 1511 desc = &sc->sc_txring.desc[sc->sc_txring.cur]; 1512 data = &sc->sc_txring.data[sc->sc_txring.cur]; 1513 1514 if (m0->m_len < sizeof(struct ieee80211_frame)) { 1515 m0 = m_pullup(m0, sizeof(struct ieee80211_frame)); 1516 if (m0 == NULL) { 1517 ifp->if_ierrors++; 1518 return (ENOBUFS); 1519 } 1520 } 1521 wh = mtod(m0, struct ieee80211_frame *); 1522 1523 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1524 k = ieee80211_get_txkey(ic, wh, ni); 1525 if ((m0 = ieee80211_encrypt(ic, m0, k)) == NULL) 1526 return (ENOBUFS); 1527 1528 /* packet header may have moved, reset our local pointer */ 1529 wh = mtod(m0, struct ieee80211_frame *); 1530 } 1531 1532 #if NBPFILTER > 0 1533 if (sc->sc_drvbpf != NULL) { 1534 struct mbuf mb; 1535 struct malo_tx_radiotap_hdr *tap = &sc->sc_txtap; 1536 1537 tap->wt_flags = 0; 1538 tap->wt_rate = sc->sc_last_txrate; 1539 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 1540 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1541 1542 mb.m_data = (caddr_t)tap; 1543 mb.m_len = sc->sc_txtap_len; 1544 mb.m_next = m0; 1545 mb.m_nextpkt = NULL; 1546 mb.m_type = 0; 1547 mb.m_flags = 0; 1548 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1549 } 1550 #endif 1551 1552 /* 1553 * inject FW specific fields into the 802.11 frame 1554 * 1555 * 2 bytes FW len (inject) 1556 * 24 bytes 802.11 frame header 1557 * 6 bytes addr4 (inject) 1558 * n bytes 802.11 frame body 1559 * 1560 * For now copy all into a new mcluster. 1561 */ 1562 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1563 if (mnew == NULL) 1564 return (ENOBUFS); 1565 MCLGET(mnew, M_DONTWAIT); 1566 if (!(mnew->m_flags & M_EXT)) { 1567 m_free(mnew); 1568 return (ENOBUFS); 1569 } 1570 1571 *mtod(mnew, uint16_t *) = htole16(m0->m_pkthdr.len - 24); /* FW len */ 1572 bcopy(wh, mtod(mnew, caddr_t) + 2, sizeof(*wh)); 1573 bzero(mtod(mnew, caddr_t) + 26, 6); 1574 m_copydata(m0, sizeof(*wh), m0->m_pkthdr.len - sizeof(*wh), 1575 mtod(mnew, caddr_t) + 32); 1576 mnew->m_pkthdr.len = mnew->m_len = m0->m_pkthdr.len + 8; 1577 m_freem(m0); 1578 m0 = mnew; 1579 1580 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 1581 BUS_DMA_NOWAIT); 1582 if (error != 0) { 1583 printf("%s: can't map mbuf (error %d)\n", 1584 sc->sc_dev.dv_xname, error); 1585 m_freem(m0); 1586 return (error); 1587 } 1588 1589 data->m = m0; 1590 data->ni = ni; 1591 data->softstat |= htole32(0x80); 1592 1593 malo_tx_setup_desc(sc, desc, m0->m_pkthdr.len, 1, 1594 data->map->dm_segs, data->map->dm_nsegs); 1595 1596 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1597 BUS_DMASYNC_PREWRITE); 1598 bus_dmamap_sync(sc->sc_dmat, sc->sc_txring.map, 1599 sc->sc_txring.cur * sizeof(struct malo_tx_desc), 1600 sizeof(struct malo_tx_desc), BUS_DMASYNC_PREWRITE); 1601 1602 DPRINTF(2, "%s: sending data frame, pktlen=%u, idx=%u\n", 1603 sc->sc_dev.dv_xname, m0->m_pkthdr.len, sc->sc_txring.cur); 1604 1605 sc->sc_txring.queued++; 1606 sc->sc_txring.cur = (sc->sc_txring.cur + 1) % MALO_TX_RING_COUNT; 1607 1608 /* kick data TX */ 1609 malo_ctl_write4(sc, 0x0c18, 1); 1610 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE); 1611 1612 return (0); 1613 } 1614 1615 void 1616 malo_tx_setup_desc(struct malo_softc *sc, struct malo_tx_desc *desc, 1617 int len, int rate, const bus_dma_segment_t *segs, int nsegs) 1618 { 1619 desc->len = htole16(segs[0].ds_len); 1620 desc->datarate = rate; /* 0 = mgmt frame, 1 = data frame */ 1621 desc->physdata = htole32(segs[0].ds_addr); 1622 desc->status = htole32(0x00000001 | 0x80000000); 1623 } 1624 1625 void 1626 malo_rx_intr(struct malo_softc *sc) 1627 { 1628 struct ieee80211com *ic = &sc->sc_ic; 1629 struct ifnet *ifp = &ic->ic_if; 1630 struct malo_rx_desc *desc; 1631 struct malo_rx_data *data; 1632 struct ieee80211_frame *wh; 1633 struct ieee80211_rxinfo rxi; 1634 struct ieee80211_node *ni; 1635 struct mbuf *mnew, *m; 1636 uint32_t rxRdPtr, rxWrPtr; 1637 int error, i; 1638 1639 rxRdPtr = malo_mem_read4(sc, sc->sc_RxPdRdPtr); 1640 rxWrPtr = malo_mem_read4(sc, sc->sc_RxPdWrPtr); 1641 1642 for (i = 0; i < MALO_RX_RING_COUNT && rxRdPtr != rxWrPtr; i++) { 1643 desc = &sc->sc_rxring.desc[sc->sc_rxring.cur]; 1644 data = &sc->sc_rxring.data[sc->sc_rxring.cur]; 1645 1646 bus_dmamap_sync(sc->sc_dmat, sc->sc_rxring.map, 1647 sc->sc_rxring.cur * sizeof(struct malo_rx_desc), 1648 sizeof(struct malo_rx_desc), BUS_DMASYNC_POSTREAD); 1649 1650 DPRINTF(3, "%s: rx intr idx=%d, rxctrl=0x%02x, rssi=%d, " 1651 "status=0x%02x, channel=%d, len=%d, res1=%02x, rate=%d, " 1652 "physdata=0x%04x, physnext=0x%04x, qosctrl=%02x, res2=%d\n", 1653 sc->sc_dev.dv_xname, 1654 sc->sc_rxring.cur, desc->rxctrl, desc->rssi, desc->status, 1655 desc->channel, letoh16(desc->len), desc->reserved1, 1656 desc->datarate, letoh32(desc->physdata), 1657 letoh32(desc->physnext), desc->qosctrl, desc->reserved2); 1658 1659 if ((desc->rxctrl & 0x80) == 0) 1660 break; 1661 1662 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1663 if (mnew == NULL) { 1664 ifp->if_ierrors++; 1665 goto skip; 1666 } 1667 1668 MCLGET(mnew, M_DONTWAIT); 1669 if (!(mnew->m_flags & M_EXT)) { 1670 m_freem(mnew); 1671 ifp->if_ierrors++; 1672 goto skip; 1673 } 1674 1675 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1676 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 1677 bus_dmamap_unload(sc->sc_dmat, data->map); 1678 1679 error = bus_dmamap_load(sc->sc_dmat, data->map, 1680 mtod(mnew, void *), MCLBYTES, NULL, BUS_DMA_NOWAIT); 1681 if (error != 0) { 1682 m_freem(mnew); 1683 1684 error = bus_dmamap_load(sc->sc_dmat, data->map, 1685 mtod(data->m, void *), MCLBYTES, NULL, 1686 BUS_DMA_NOWAIT); 1687 if (error != 0) { 1688 panic("%s: could not load old rx mbuf", 1689 sc->sc_dev.dv_xname); 1690 } 1691 ifp->if_ierrors++; 1692 goto skip; 1693 } 1694 1695 /* 1696 * New mbuf mbuf successfully loaded 1697 */ 1698 m = data->m; 1699 data->m = mnew; 1700 desc->physdata = htole32(data->map->dm_segs->ds_addr); 1701 1702 /* finalize mbuf */ 1703 m->m_pkthdr.rcvif = ifp; 1704 m->m_pkthdr.len = m->m_len = letoh16(desc->len); 1705 1706 /* 1707 * cut out FW specific fields from the 802.11 frame 1708 * 1709 * 2 bytes FW len (cut out) 1710 * 24 bytes 802.11 frame header 1711 * 6 bytes addr4 (cut out) 1712 * n bytes 802.11 frame data 1713 */ 1714 bcopy(m->m_data, m->m_data + 6, 26); 1715 m_adj(m, 8); 1716 1717 #if NBPFILTER > 0 1718 if (sc->sc_drvbpf != NULL) { 1719 struct mbuf mb; 1720 struct malo_rx_radiotap_hdr *tap = &sc->sc_rxtap; 1721 1722 tap->wr_flags = 0; 1723 tap->wr_chan_freq = 1724 htole16(ic->ic_bss->ni_chan->ic_freq); 1725 tap->wr_chan_flags = 1726 htole16(ic->ic_bss->ni_chan->ic_flags); 1727 tap->wr_rssi = desc->rssi; 1728 tap->wr_max_rssi = ic->ic_max_rssi; 1729 1730 mb.m_data = (caddr_t)tap; 1731 mb.m_len = sc->sc_rxtap_len; 1732 mb.m_next = m; 1733 mb.m_nextpkt = NULL; 1734 mb.m_type = 0; 1735 mb.m_flags = 0; 1736 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1737 } 1738 #endif 1739 1740 wh = mtod(m, struct ieee80211_frame *); 1741 ni = ieee80211_find_rxnode(ic, wh); 1742 1743 /* send the frame to the 802.11 layer */ 1744 rxi.rxi_flags = 0; 1745 rxi.rxi_rssi = desc->rssi; 1746 rxi.rxi_tstamp = 0; /* unused */ 1747 ieee80211_input(ifp, m, ni, &rxi); 1748 1749 /* node is no longer needed */ 1750 ieee80211_release_node(ic, ni); 1751 1752 skip: 1753 desc->rxctrl = 0; 1754 rxRdPtr = letoh32(desc->physnext); 1755 1756 bus_dmamap_sync(sc->sc_dmat, sc->sc_rxring.map, 1757 sc->sc_rxring.cur * sizeof(struct malo_rx_desc), 1758 sizeof(struct malo_rx_desc), BUS_DMASYNC_PREWRITE); 1759 1760 sc->sc_rxring.cur = (sc->sc_rxring.cur + 1) % 1761 MALO_RX_RING_COUNT; 1762 } 1763 1764 malo_mem_write4(sc, sc->sc_RxPdRdPtr, rxRdPtr); 1765 } 1766 1767 int 1768 malo_load_bootimg(struct malo_softc *sc) 1769 { 1770 char *name = "malo8335-h"; 1771 uint8_t *ucode; 1772 size_t size; 1773 int error, i; 1774 1775 /* load boot firmware */ 1776 if ((error = loadfirmware(name, &ucode, &size)) != 0) { 1777 printf("%s: error %d, could not read firmware %s\n", 1778 sc->sc_dev.dv_xname, error, name); 1779 return (EIO); 1780 } 1781 1782 /* 1783 * It seems we are putting this code directly onto the stack of 1784 * the ARM cpu. I don't know why we need to instruct the DMA 1785 * engine to move the code. This is a big riddle without docu. 1786 */ 1787 DPRINTF(1, "%s: loading boot firmware\n", sc->sc_dev.dv_xname); 1788 malo_mem_write2(sc, 0xbef8, 0x001); 1789 malo_mem_write2(sc, 0xbefa, size); 1790 malo_mem_write4(sc, 0xbefc, 0); 1791 1792 bus_space_write_region_1(sc->sc_mem1_bt, sc->sc_mem1_bh, 0xbf00, 1793 ucode, size); 1794 1795 /* 1796 * we loaded the firmware into card memory now tell the CPU 1797 * to fetch the code and execute it. The memory mapped via the 1798 * first bar is internaly mapped to 0xc0000000. 1799 */ 1800 malo_send_cmd(sc, 0xc000bef8); 1801 1802 /* wait for the device to go into FW loading mode */ 1803 for (i = 0; i < 10; i++) { 1804 delay(50); 1805 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_READ); 1806 if (malo_ctl_read4(sc, 0x0c14) == 0x5) 1807 break; 1808 } 1809 if (i == 10) { 1810 printf("%s: timeout at boot firmware load!\n", 1811 sc->sc_dev.dv_xname); 1812 free(ucode, M_DEVBUF); 1813 return (ETIMEDOUT); 1814 } 1815 free(ucode, M_DEVBUF); 1816 1817 /* tell the card we're done and... */ 1818 malo_mem_write2(sc, 0xbef8, 0x001); 1819 malo_mem_write2(sc, 0xbefa, 0); 1820 malo_mem_write4(sc, 0xbefc, 0); 1821 malo_send_cmd(sc, 0xc000bef8); 1822 1823 DPRINTF(1, "%s: boot firmware loaded\n", sc->sc_dev.dv_xname); 1824 1825 return (0); 1826 } 1827 1828 int 1829 malo_load_firmware(struct malo_softc *sc) 1830 { 1831 struct malo_cmdheader *hdr; 1832 char *name = "malo8335-m"; 1833 void *data; 1834 uint8_t *ucode; 1835 size_t size, count, bsize; 1836 int i, sn, error; 1837 1838 /* load real firmware now */ 1839 if ((error = loadfirmware(name, &ucode, &size)) != 0) { 1840 printf("%s: error %d, could not read firmware %s\n", 1841 sc->sc_dev.dv_xname, error, name); 1842 return (EIO); 1843 } 1844 1845 DPRINTF(1, "%s: uploading firmware\n", sc->sc_dev.dv_xname); 1846 1847 hdr = sc->sc_cmd_mem; 1848 data = hdr + 1; 1849 sn = 1; 1850 for (count = 0; count < size; count += bsize) { 1851 bsize = MIN(256, size - count); 1852 1853 hdr->cmd = htole16(0x0001); 1854 hdr->size = htole16(bsize); 1855 hdr->seqnum = htole16(sn++); 1856 hdr->result = 0; 1857 1858 bcopy(ucode + count, data, bsize); 1859 1860 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 1861 BUS_DMASYNC_PREWRITE); 1862 malo_send_cmd(sc, sc->sc_cmd_dmaaddr); 1863 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 1864 BUS_DMASYNC_POSTWRITE); 1865 delay(500); 1866 } 1867 free(ucode, M_DEVBUF); 1868 1869 DPRINTF(1, "%s: firmware upload finished\n", sc->sc_dev.dv_xname); 1870 1871 /* 1872 * send a command with size 0 to tell that the firmware has been 1873 * uploaded 1874 */ 1875 hdr->cmd = htole16(0x0001); 1876 hdr->size = 0; 1877 hdr->seqnum = htole16(sn++); 1878 hdr->result = 0; 1879 1880 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 1881 BUS_DMASYNC_PREWRITE); 1882 malo_send_cmd(sc, sc->sc_cmd_dmaaddr); 1883 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 1884 BUS_DMASYNC_POSTWRITE); 1885 delay(100); 1886 1887 DPRINTF(1, "%s: loading firmware\n", sc->sc_dev.dv_xname); 1888 1889 /* wait until firmware has been loaded */ 1890 for (i = 0; i < 200; i++) { 1891 malo_ctl_write4(sc, 0x0c10, 0x5a); 1892 delay(500); 1893 malo_ctl_barrier(sc, BUS_SPACE_BARRIER_WRITE | 1894 BUS_SPACE_BARRIER_READ); 1895 if (malo_ctl_read4(sc, 0x0c14) == 0xf0f1f2f4) 1896 break; 1897 } 1898 if (i == 200) { 1899 printf("%s: timeout at firmware load!\n", sc->sc_dev.dv_xname); 1900 return (ETIMEDOUT); 1901 } 1902 1903 DPRINTF(1, "%s: firmware loaded\n", sc->sc_dev.dv_xname); 1904 1905 return (0); 1906 } 1907 1908 int 1909 malo_set_slot(struct malo_softc *sc) 1910 { 1911 struct ieee80211com *ic = &sc->sc_ic; 1912 1913 if (ic->ic_flags & IEEE80211_F_SHSLOT) { 1914 /* set short slot */ 1915 if (malo_cmd_set_slot(sc, 1)) { 1916 printf("%s: setting short slot failed\n", 1917 sc->sc_dev.dv_xname); 1918 return (ENXIO); 1919 } 1920 } else { 1921 /* set long slot */ 1922 if (malo_cmd_set_slot(sc, 0)) { 1923 printf("%s: setting long slot failed\n", 1924 sc->sc_dev.dv_xname); 1925 return (ENXIO); 1926 } 1927 } 1928 1929 return (0); 1930 } 1931 1932 void 1933 malo_update_slot(struct ieee80211com *ic) 1934 { 1935 struct malo_softc *sc = ic->ic_if.if_softc; 1936 1937 malo_set_slot(sc); 1938 1939 #ifndef IEEE80211_STA_ONLY 1940 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 1941 /* TODO */ 1942 } 1943 #endif 1944 } 1945 1946 #ifdef MALO_DEBUG 1947 void 1948 malo_hexdump(void *buf, int len) 1949 { 1950 u_char b[16]; 1951 int i, j, l; 1952 1953 for (i = 0; i < len; i += l) { 1954 printf("%4i:", i); 1955 l = min(sizeof(b), len - i); 1956 bcopy(buf + i, b, l); 1957 1958 for (j = 0; j < sizeof(b); j++) { 1959 if (j % 2 == 0) 1960 printf(" "); 1961 if (j % 8 == 0) 1962 printf(" "); 1963 if (j < l) 1964 printf("%02x", (int)b[j]); 1965 else 1966 printf(" "); 1967 } 1968 printf(" |"); 1969 for (j = 0; j < l; j++) { 1970 if (b[j] >= 0x20 && b[j] <= 0x7e) 1971 printf("%c", b[j]); 1972 else 1973 printf("."); 1974 } 1975 printf("|\n"); 1976 } 1977 } 1978 #endif 1979 1980 static char * 1981 malo_cmd_string(uint16_t cmd) 1982 { 1983 int i; 1984 static char cmd_buf[16]; 1985 static const struct { 1986 uint16_t cmd_code; 1987 char *cmd_string; 1988 } cmds[] = { 1989 { MALO_CMD_GET_HW_SPEC, "GetHwSpecifications" }, 1990 { MALO_CMD_SET_RADIO, "SetRadio" }, 1991 { MALO_CMD_SET_AID, "SetAid" }, 1992 { MALO_CMD_SET_TXPOWER, "SetTxPower" }, 1993 { MALO_CMD_SET_ANTENNA, "SetAntenna" }, 1994 { MALO_CMD_SET_PRESCAN, "SetPrescan" }, 1995 { MALO_CMD_SET_POSTSCAN, "SetPostscan" }, 1996 { MALO_CMD_SET_RATE, "SetRate" }, 1997 { MALO_CMD_SET_CHANNEL, "SetChannel" }, 1998 { MALO_CMD_SET_RTS, "SetRTS" }, 1999 { MALO_CMD_SET_SLOT, "SetSlot" }, 2000 }; 2001 2002 for (i = 0; i < sizeof(cmds) / sizeof(cmds[0]); i++) 2003 if ((letoh16(cmd) & 0x7fff) == cmds[i].cmd_code) 2004 return (cmds[i].cmd_string); 2005 2006 snprintf(cmd_buf, sizeof(cmd_buf), "unknown %#x", cmd); 2007 return (cmd_buf); 2008 } 2009 2010 static char * 2011 malo_cmd_string_result(uint16_t result) 2012 { 2013 int i; 2014 static const struct { 2015 uint16_t result_code; 2016 char *result_string; 2017 } results[] = { 2018 { MALO_CMD_RESULT_OK, "OK" }, 2019 { MALO_CMD_RESULT_ERROR, "general error" }, 2020 { MALO_CMD_RESULT_NOSUPPORT, "not supported" }, 2021 { MALO_CMD_RESULT_PENDING, "pending" }, 2022 { MALO_CMD_RESULT_BUSY, "ignored" }, 2023 { MALO_CMD_RESULT_PARTIALDATA, "incomplete" }, 2024 }; 2025 2026 for (i = 0; i < sizeof(results) / sizeof(results[0]); i++) 2027 if (letoh16(result) == results[i].result_code) 2028 return (results[i].result_string); 2029 2030 return ("unknown"); 2031 } 2032 2033 int 2034 malo_cmd_get_spec(struct malo_softc *sc) 2035 { 2036 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2037 struct malo_hw_spec *spec; 2038 2039 hdr->cmd = htole16(MALO_CMD_GET_HW_SPEC); 2040 hdr->size = htole16(sizeof(*hdr) + sizeof(*spec)); 2041 hdr->seqnum = htole16(42); /* the one and only */ 2042 hdr->result = 0; 2043 spec = (struct malo_hw_spec *)(hdr + 1); 2044 2045 bzero(spec, sizeof(*spec)); 2046 memset(spec->PermanentAddress, 0xff, ETHER_ADDR_LEN); 2047 spec->CookiePtr = htole32(sc->sc_cookie_dmaaddr); 2048 2049 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2050 BUS_DMASYNC_PREWRITE|BUS_DMASYNC_PREREAD); 2051 2052 if (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr) != 0) 2053 return (ETIMEDOUT); 2054 2055 /* get the data from the buffer */ 2056 DPRINTF(1, "%s: get_hw_spec: V%x R%x, #WCB %d, #Mcast %d, Regcode %d, " 2057 "#Ant %d\n", sc->sc_dev.dv_xname, htole16(spec->HwVersion), 2058 htole32(spec->FWReleaseNumber), htole16(spec->NumOfWCB), 2059 htole16(spec->NumOfMCastAdr), htole16(spec->RegionCode), 2060 htole16(spec->NumberOfAntenna)); 2061 2062 /* tell the DMA engine where our rings are */ 2063 malo_mem_write4(sc, letoh32(spec->RxPdRdPtr) & 0xffff, 2064 sc->sc_rxring.physaddr); 2065 malo_mem_write4(sc, letoh32(spec->RxPdWrPtr) & 0xffff, 2066 sc->sc_rxring.physaddr); 2067 malo_mem_write4(sc, letoh32(spec->WcbBase0) & 0xffff, 2068 sc->sc_txring.physaddr); 2069 2070 /* save DMA RX pointers for later use */ 2071 sc->sc_RxPdRdPtr = letoh32(spec->RxPdRdPtr) & 0xffff; 2072 sc->sc_RxPdWrPtr = letoh32(spec->RxPdWrPtr) & 0xffff; 2073 2074 return (0); 2075 } 2076 2077 int 2078 malo_cmd_set_prescan(struct malo_softc *sc) 2079 { 2080 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2081 2082 hdr->cmd = htole16(MALO_CMD_SET_PRESCAN); 2083 hdr->size = htole16(sizeof(*hdr)); 2084 hdr->seqnum = 1; 2085 hdr->result = 0; 2086 2087 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2088 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2089 2090 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2091 } 2092 2093 int 2094 malo_cmd_set_postscan(struct malo_softc *sc, uint8_t *macaddr, uint8_t ibsson) 2095 { 2096 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2097 struct malo_cmd_postscan *body; 2098 2099 hdr->cmd = htole16(MALO_CMD_SET_POSTSCAN); 2100 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2101 hdr->seqnum = 1; 2102 hdr->result = 0; 2103 body = (struct malo_cmd_postscan *)(hdr + 1); 2104 2105 bzero(body, sizeof(*body)); 2106 memcpy(&body->bssid, macaddr, ETHER_ADDR_LEN); 2107 body->isibss = htole32(ibsson); 2108 2109 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2110 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2111 2112 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2113 } 2114 2115 int 2116 malo_cmd_set_channel(struct malo_softc *sc, uint8_t channel) 2117 { 2118 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2119 struct malo_cmd_channel *body; 2120 2121 hdr->cmd = htole16(MALO_CMD_SET_CHANNEL); 2122 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2123 hdr->seqnum = 1; 2124 hdr->result = 0; 2125 body = (struct malo_cmd_channel *)(hdr + 1); 2126 2127 bzero(body, sizeof(*body)); 2128 body->action = htole16(1); 2129 body->channel = channel; 2130 2131 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2132 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2133 2134 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2135 } 2136 2137 int 2138 malo_cmd_set_antenna(struct malo_softc *sc, uint16_t antenna) 2139 { 2140 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2141 struct malo_cmd_antenna *body; 2142 2143 hdr->cmd = htole16(MALO_CMD_SET_ANTENNA); 2144 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2145 hdr->seqnum = 1; 2146 hdr->result = 0; 2147 body = (struct malo_cmd_antenna *)(hdr + 1); 2148 2149 bzero(body, sizeof(*body)); 2150 body->action = htole16(antenna); 2151 if (antenna == 1) 2152 body->mode = htole16(0xffff); 2153 else 2154 body->mode = htole16(2); 2155 2156 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2157 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2158 2159 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2160 } 2161 2162 int 2163 malo_cmd_set_radio(struct malo_softc *sc, uint16_t enable, 2164 uint16_t preamble_mode) 2165 { 2166 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2167 struct malo_cmd_radio *body; 2168 2169 hdr->cmd = htole16(MALO_CMD_SET_RADIO); 2170 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2171 hdr->seqnum = 1; 2172 hdr->result = 0; 2173 body = (struct malo_cmd_radio *)(hdr + 1); 2174 2175 bzero(body, sizeof(*body)); 2176 body->action = htole16(1); 2177 body->preamble_mode = htole16(preamble_mode); 2178 body->enable = htole16(enable); 2179 2180 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2181 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2182 2183 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2184 } 2185 2186 int 2187 malo_cmd_set_aid(struct malo_softc *sc, uint8_t *bssid, uint16_t associd) 2188 { 2189 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2190 struct malo_cmd_aid *body; 2191 2192 hdr->cmd = htole16(MALO_CMD_SET_AID); 2193 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2194 hdr->seqnum = 1; 2195 hdr->result = 0; 2196 body = (struct malo_cmd_aid *)(hdr + 1); 2197 2198 bzero(body, sizeof(*body)); 2199 body->associd = htole16(associd); 2200 memcpy(&body->macaddr[0], bssid, IEEE80211_ADDR_LEN); 2201 2202 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2203 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2204 2205 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2206 } 2207 2208 int 2209 malo_cmd_set_txpower(struct malo_softc *sc, unsigned int powerlevel) 2210 { 2211 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2212 struct malo_cmd_txpower *body; 2213 2214 hdr->cmd = htole16(MALO_CMD_SET_TXPOWER); 2215 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2216 hdr->seqnum = 1; 2217 hdr->result = 0; 2218 body = (struct malo_cmd_txpower *)(hdr + 1); 2219 2220 bzero(body, sizeof(*body)); 2221 body->action = htole16(1); 2222 if (powerlevel >= 0 && powerlevel < 30) 2223 body->supportpowerlvl = htole16(5); /* LOW */ 2224 else if (powerlevel >= 30 && powerlevel < 60) 2225 body->supportpowerlvl = htole16(10); /* MEDIUM */ 2226 else 2227 body->supportpowerlvl = htole16(15); /* HIGH */ 2228 2229 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2230 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2231 2232 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2233 } 2234 2235 int 2236 malo_cmd_set_rts(struct malo_softc *sc, uint32_t threshold) 2237 { 2238 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2239 struct malo_cmd_rts *body; 2240 2241 hdr->cmd = htole16(MALO_CMD_SET_RTS); 2242 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2243 hdr->seqnum = 1; 2244 hdr->result = 0; 2245 body = (struct malo_cmd_rts *)(hdr + 1); 2246 2247 bzero(body, sizeof(*body)); 2248 body->action = htole16(1); 2249 body->threshold = htole32(threshold); 2250 2251 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2252 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2253 2254 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2255 } 2256 2257 int 2258 malo_cmd_set_slot(struct malo_softc *sc, uint8_t slot) 2259 { 2260 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2261 struct malo_cmd_slot *body; 2262 2263 hdr->cmd = htole16(MALO_CMD_SET_SLOT); 2264 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2265 hdr->seqnum = 1; 2266 hdr->result = 0; 2267 body = (struct malo_cmd_slot *)(hdr + 1); 2268 2269 bzero(body, sizeof(*body)); 2270 body->action = htole16(1); 2271 body->slot = slot; 2272 2273 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2274 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2275 2276 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2277 } 2278 2279 int 2280 malo_cmd_set_rate(struct malo_softc *sc, uint8_t rate) 2281 { 2282 struct ieee80211com *ic = &sc->sc_ic; 2283 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2284 struct malo_cmd_rate *body; 2285 int i; 2286 2287 hdr->cmd = htole16(MALO_CMD_SET_RATE); 2288 hdr->size = htole16(sizeof(*hdr) + sizeof(*body)); 2289 hdr->seqnum = 1; 2290 hdr->result = 0; 2291 body = (struct malo_cmd_rate *)(hdr + 1); 2292 2293 bzero(body, sizeof(*body)); 2294 2295 #ifndef IEEE80211_STA_ONLY 2296 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 2297 /* TODO */ 2298 } else 2299 #endif 2300 { 2301 body->aprates[0] = 2; 2302 body->aprates[1] = 4; 2303 body->aprates[2] = 11; 2304 body->aprates[3] = 22; 2305 if (ic->ic_curmode == IEEE80211_MODE_11G) { 2306 body->aprates[4] = 0; 2307 body->aprates[5] = 12; 2308 body->aprates[6] = 18; 2309 body->aprates[7] = 24; 2310 body->aprates[8] = 36; 2311 body->aprates[9] = 48; 2312 body->aprates[10] = 72; 2313 body->aprates[11] = 96; 2314 body->aprates[12] = 108; 2315 } 2316 } 2317 2318 if (rate != 0) { 2319 /* fixed rate */ 2320 for (i = 0; i < 13; i++) { 2321 if (body->aprates[i] == rate) { 2322 body->rateindex = i; 2323 body->dataratetype = 1; 2324 break; 2325 } 2326 } 2327 } 2328 2329 bus_dmamap_sync(sc->sc_dmat, sc->sc_cmd_dmam, 0, PAGE_SIZE, 2330 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 2331 2332 return (malo_send_cmd_dma(sc, sc->sc_cmd_dmaaddr)); 2333 } 2334 2335 void 2336 malo_cmd_response(struct malo_softc *sc) 2337 { 2338 struct malo_cmdheader *hdr = sc->sc_cmd_mem; 2339 2340 if (letoh16(hdr->result) != MALO_CMD_RESULT_OK) { 2341 printf("%s: firmware cmd %s failed with %s\n", 2342 sc->sc_dev.dv_xname, 2343 malo_cmd_string(hdr->cmd), 2344 malo_cmd_string_result(hdr->result)); 2345 } 2346 2347 #ifdef MALO_DEBUG 2348 printf("%s: cmd answer for %s=%s\n", 2349 sc->sc_dev.dv_xname, 2350 malo_cmd_string(hdr->cmd), 2351 malo_cmd_string_result(hdr->result)); 2352 2353 if (malo_d > 2) 2354 malo_hexdump(hdr, letoh16(hdr->size)); 2355 #endif 2356 } 2357