1 /* $OpenBSD: if_wpi.c,v 1.84 2009/03/29 21:53:52 sthen Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/sysctl.h> 29 #include <sys/mbuf.h> 30 #include <sys/kernel.h> 31 #include <sys/socket.h> 32 #include <sys/systm.h> 33 #include <sys/malloc.h> 34 #include <sys/conf.h> 35 #include <sys/device.h> 36 #include <sys/sensors.h> 37 38 #include <machine/bus.h> 39 #include <machine/endian.h> 40 #include <machine/intr.h> 41 42 #include <dev/pci/pcireg.h> 43 #include <dev/pci/pcivar.h> 44 #include <dev/pci/pcidevs.h> 45 46 #if NBPFILTER > 0 47 #include <net/bpf.h> 48 #endif 49 #include <net/if.h> 50 #include <net/if_arp.h> 51 #include <net/if_dl.h> 52 #include <net/if_media.h> 53 #include <net/if_types.h> 54 55 #include <netinet/in.h> 56 #include <netinet/in_systm.h> 57 #include <netinet/in_var.h> 58 #include <netinet/if_ether.h> 59 #include <netinet/ip.h> 60 61 #include <net80211/ieee80211_var.h> 62 #include <net80211/ieee80211_amrr.h> 63 #include <net80211/ieee80211_radiotap.h> 64 65 #include <dev/pci/if_wpireg.h> 66 #include <dev/pci/if_wpivar.h> 67 68 static const struct pci_matchid wpi_devices[] = { 69 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 70 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 71 }; 72 73 int wpi_match(struct device *, void *, void *); 74 void wpi_attach(struct device *, struct device *, void *); 75 #ifndef SMALL_KERNEL 76 void wpi_sensor_attach(struct wpi_softc *); 77 #endif 78 #if NBPFILTER > 0 79 void wpi_radiotap_attach(struct wpi_softc *); 80 #endif 81 void wpi_power(int, void *); 82 int wpi_nic_lock(struct wpi_softc *); 83 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 84 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 85 void **, bus_size_t, bus_size_t, int); 86 void wpi_dma_contig_free(struct wpi_dma_info *); 87 int wpi_alloc_shared(struct wpi_softc *); 88 void wpi_free_shared(struct wpi_softc *); 89 int wpi_alloc_fwmem(struct wpi_softc *); 90 void wpi_free_fwmem(struct wpi_softc *); 91 struct wpi_rbuf *wpi_alloc_rbuf(struct wpi_softc *); 92 void wpi_free_rbuf(caddr_t, u_int, void *); 93 int wpi_alloc_rpool(struct wpi_softc *); 94 void wpi_free_rpool(struct wpi_softc *); 95 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 96 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 97 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 98 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 99 int); 100 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 101 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 102 int wpi_read_eeprom(struct wpi_softc *); 103 void wpi_read_eeprom_channels(struct wpi_softc *, int); 104 void wpi_read_eeprom_group(struct wpi_softc *, int); 105 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 106 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 107 int); 108 int wpi_media_change(struct ifnet *); 109 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 110 void wpi_iter_func(void *, struct ieee80211_node *); 111 void wpi_calib_timeout(void *); 112 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 113 struct ieee80211_key *); 114 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 115 struct wpi_rx_data *); 116 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 117 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 118 void wpi_notif_intr(struct wpi_softc *); 119 void wpi_fatal_intr(struct wpi_softc *); 120 int wpi_intr(void *); 121 int wpi_tx(struct wpi_softc *, struct mbuf *, 122 struct ieee80211_node *); 123 void wpi_start(struct ifnet *); 124 void wpi_watchdog(struct ifnet *); 125 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 126 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 127 int wpi_mrr_setup(struct wpi_softc *); 128 void wpi_updateedca(struct ieee80211com *); 129 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 130 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 131 void wpi_power_calibration(struct wpi_softc *, int); 132 int wpi_set_txpower(struct wpi_softc *, int); 133 int wpi_get_power_index(struct wpi_softc *, 134 struct wpi_power_group *, struct ieee80211_channel *, int); 135 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 136 int wpi_config(struct wpi_softc *); 137 int wpi_scan(struct wpi_softc *, uint16_t); 138 int wpi_auth(struct wpi_softc *); 139 int wpi_run(struct wpi_softc *); 140 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 141 struct ieee80211_key *); 142 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 143 struct ieee80211_key *); 144 int wpi_post_alive(struct wpi_softc *); 145 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 146 int wpi_load_firmware(struct wpi_softc *); 147 int wpi_read_firmware(struct wpi_softc *); 148 int wpi_clock_wait(struct wpi_softc *); 149 int wpi_apm_init(struct wpi_softc *); 150 void wpi_apm_stop_master(struct wpi_softc *); 151 void wpi_apm_stop(struct wpi_softc *); 152 void wpi_nic_config(struct wpi_softc *); 153 int wpi_hw_init(struct wpi_softc *); 154 void wpi_hw_stop(struct wpi_softc *); 155 int wpi_init(struct ifnet *); 156 void wpi_stop(struct ifnet *, int); 157 158 #ifdef WPI_DEBUG 159 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 160 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 161 int wpi_debug = 0; 162 #else 163 #define DPRINTF(x) 164 #define DPRINTFN(n, x) 165 #endif 166 167 struct cfdriver wpi_cd = { 168 NULL, "wpi", DV_IFNET 169 }; 170 171 struct cfattach wpi_ca = { 172 sizeof (struct wpi_softc), wpi_match, wpi_attach 173 }; 174 175 int 176 wpi_match(struct device *parent, void *match, void *aux) 177 { 178 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 179 nitems(wpi_devices)); 180 } 181 182 void 183 wpi_attach(struct device *parent, struct device *self, void *aux) 184 { 185 struct wpi_softc *sc = (struct wpi_softc *)self; 186 struct ieee80211com *ic = &sc->sc_ic; 187 struct ifnet *ifp = &ic->ic_if; 188 struct pci_attach_args *pa = aux; 189 const char *intrstr; 190 pci_intr_handle_t ih; 191 pcireg_t memtype, reg; 192 int i, error; 193 194 sc->sc_pct = pa->pa_pc; 195 sc->sc_pcitag = pa->pa_tag; 196 sc->sc_dmat = pa->pa_dmat; 197 198 /* 199 * Get the offset of the PCI Express Capability Structure in PCI 200 * Configuration Space (the vendor driver hard-codes it as E0h.) 201 */ 202 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 203 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 204 if (error == 0) { 205 printf(": PCIe capability structure not found!\n"); 206 return; 207 } 208 209 /* Clear device-specific "PCI retry timeout" register (41h). */ 210 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 211 reg &= ~0xff00; 212 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 213 214 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 215 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 216 &sc->sc_sh, NULL, &sc->sc_sz, 0); 217 if (error != 0) { 218 printf(": can't map mem space\n"); 219 return; 220 } 221 222 /* Install interrupt handler. */ 223 if (pci_intr_map(pa, &ih) != 0) { 224 printf(": can't map interrupt\n"); 225 return; 226 } 227 intrstr = pci_intr_string(sc->sc_pct, ih); 228 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 229 sc->sc_dev.dv_xname); 230 if (sc->sc_ih == NULL) { 231 printf(": can't establish interrupt"); 232 if (intrstr != NULL) 233 printf(" at %s", intrstr); 234 printf("\n"); 235 return; 236 } 237 printf(": %s", intrstr); 238 239 /* Power ON adapter. */ 240 if ((error = wpi_apm_init(sc)) != 0) { 241 printf(": could not power ON adapter\n"); 242 return; 243 } 244 245 /* Read MAC address, channels, etc from EEPROM. */ 246 if ((error = wpi_read_eeprom(sc)) != 0) { 247 printf(": could not read EEPROM\n"); 248 return; 249 } 250 251 /* Allocate DMA memory for firmware transfers. */ 252 if ((error = wpi_alloc_fwmem(sc)) != 0) { 253 printf(": could not allocate memory for firmware\n"); 254 return; 255 } 256 257 /* Allocate shared area. */ 258 if ((error = wpi_alloc_shared(sc)) != 0) { 259 printf(": could not allocate shared area\n"); 260 goto fail1; 261 } 262 263 /* Allocate RX buffers. */ 264 if ((error = wpi_alloc_rpool(sc)) != 0) { 265 printf(": could not allocate RX buffers\n"); 266 goto fail2; 267 } 268 269 /* Allocate TX rings. */ 270 for (i = 0; i < WPI_NTXQUEUES; i++) { 271 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 272 printf(": could not allocate TX ring %d\n", i); 273 goto fail3; 274 } 275 } 276 277 /* Allocate RX ring. */ 278 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 279 printf(": could not allocate Rx ring\n"); 280 goto fail3; 281 } 282 283 /* Power OFF adapter. */ 284 wpi_apm_stop(sc); 285 /* Clear pending interrupts. */ 286 WPI_WRITE(sc, WPI_INT, 0xffffffff); 287 288 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 289 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 290 ic->ic_state = IEEE80211_S_INIT; 291 292 /* Set device capabilities. */ 293 ic->ic_caps = 294 IEEE80211_C_WEP | /* WEP */ 295 IEEE80211_C_RSN | /* WPA/RSN */ 296 IEEE80211_C_MONITOR | /* monitor mode supported */ 297 IEEE80211_C_SHSLOT | /* short slot time supported */ 298 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 299 IEEE80211_C_PMGT; /* power saving supported */ 300 301 /* Set supported rates. */ 302 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 303 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 304 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 305 ic->ic_sup_rates[IEEE80211_MODE_11A] = 306 ieee80211_std_rateset_11a; 307 } 308 309 /* IBSS channel undefined for now. */ 310 ic->ic_ibss_chan = &ic->ic_channels[0]; 311 312 ifp->if_softc = sc; 313 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 314 ifp->if_init = wpi_init; 315 ifp->if_ioctl = wpi_ioctl; 316 ifp->if_start = wpi_start; 317 ifp->if_watchdog = wpi_watchdog; 318 IFQ_SET_READY(&ifp->if_snd); 319 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 320 321 if_attach(ifp); 322 ieee80211_ifattach(ifp); 323 ic->ic_node_alloc = wpi_node_alloc; 324 ic->ic_newassoc = wpi_newassoc; 325 ic->ic_updateedca = wpi_updateedca; 326 ic->ic_set_key = wpi_set_key; 327 ic->ic_delete_key = wpi_delete_key; 328 329 /* Override 802.11 state transition machine. */ 330 sc->sc_newstate = ic->ic_newstate; 331 ic->ic_newstate = wpi_newstate; 332 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 333 334 sc->amrr.amrr_min_success_threshold = 1; 335 sc->amrr.amrr_max_success_threshold = 15; 336 337 #ifndef SMALL_KERNEL 338 wpi_sensor_attach(sc); 339 #endif 340 #if NBPFILTER > 0 341 wpi_radiotap_attach(sc); 342 #endif 343 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 344 345 sc->powerhook = powerhook_establish(wpi_power, sc); 346 347 return; 348 349 /* Free allocated memory if something failed during attachment. */ 350 fail3: while (--i >= 0) 351 wpi_free_tx_ring(sc, &sc->txq[i]); 352 wpi_free_rpool(sc); 353 fail2: wpi_free_shared(sc); 354 fail1: wpi_free_fwmem(sc); 355 } 356 357 #ifndef SMALL_KERNEL 358 /* 359 * Attach the adapter's on-board thermal sensor to the sensors framework. 360 */ 361 void 362 wpi_sensor_attach(struct wpi_softc *sc) 363 { 364 strlcpy(sc->sensordev.xname, sc->sc_dev.dv_xname, 365 sizeof sc->sensordev.xname); 366 strlcpy(sc->sensor.desc, "temperature 0 - 285", 367 sizeof sc->sensor.desc); 368 sc->sensor.type = SENSOR_INTEGER; /* not in muK! */ 369 /* Temperature is not valid unless interface is up. */ 370 sc->sensor.value = 0; 371 sc->sensor.flags = SENSOR_FINVALID; 372 sensor_attach(&sc->sensordev, &sc->sensor); 373 sensordev_install(&sc->sensordev); 374 } 375 #endif 376 377 #if NBPFILTER > 0 378 /* 379 * Attach the interface to 802.11 radiotap. 380 */ 381 void 382 wpi_radiotap_attach(struct wpi_softc *sc) 383 { 384 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 385 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 386 387 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 388 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 389 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 390 391 sc->sc_txtap_len = sizeof sc->sc_txtapu; 392 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 393 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 394 } 395 #endif 396 397 void 398 wpi_power(int why, void *arg) 399 { 400 struct wpi_softc *sc = arg; 401 struct ifnet *ifp; 402 pcireg_t reg; 403 int s; 404 405 if (why != PWR_RESUME) 406 return; 407 408 /* Clear device-specific "PCI retry timeout" register (41h). */ 409 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 410 reg &= ~0xff00; 411 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 412 413 s = splnet(); 414 ifp = &sc->sc_ic.ic_if; 415 if (ifp->if_flags & IFF_UP) { 416 ifp->if_init(ifp); 417 if (ifp->if_flags & IFF_RUNNING) 418 ifp->if_start(ifp); 419 } 420 splx(s); 421 } 422 423 int 424 wpi_nic_lock(struct wpi_softc *sc) 425 { 426 int ntries; 427 428 /* Request exclusive access to NIC. */ 429 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 430 431 /* Spin until we actually get the lock. */ 432 for (ntries = 0; ntries < 1000; ntries++) { 433 if ((WPI_READ(sc, WPI_GP_CNTRL) & 434 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 435 WPI_GP_CNTRL_MAC_ACCESS_ENA) 436 return 0; 437 DELAY(10); 438 } 439 return ETIMEDOUT; 440 } 441 442 static __inline void 443 wpi_nic_unlock(struct wpi_softc *sc) 444 { 445 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 446 } 447 448 static __inline uint32_t 449 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 450 { 451 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 452 return WPI_READ(sc, WPI_PRPH_RDATA); 453 } 454 455 static __inline void 456 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 457 { 458 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 459 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 460 } 461 462 static __inline void 463 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 464 { 465 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 466 } 467 468 static __inline void 469 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 470 { 471 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 472 } 473 474 static __inline void 475 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 476 const uint32_t *data, int count) 477 { 478 for (; count > 0; count--, data++, addr += 4) 479 wpi_prph_write(sc, addr, *data); 480 } 481 482 static __inline uint32_t 483 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 484 { 485 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 486 return WPI_READ(sc, WPI_MEM_RDATA); 487 } 488 489 static __inline void 490 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 491 { 492 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 493 WPI_WRITE(sc, WPI_MEM_WDATA, data); 494 } 495 496 static __inline void 497 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 498 int count) 499 { 500 for (; count > 0; count--, addr += 4) 501 *data++ = wpi_mem_read(sc, addr); 502 } 503 504 int 505 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 506 { 507 uint8_t *out = data; 508 uint32_t val; 509 int error, ntries; 510 511 if ((error = wpi_nic_lock(sc)) != 0) 512 return error; 513 514 for (; count > 0; count -= 2, addr++) { 515 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 516 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 517 518 for (ntries = 0; ntries < 10; ntries++) { 519 val = WPI_READ(sc, WPI_EEPROM); 520 if (val & WPI_EEPROM_READ_VALID) 521 break; 522 DELAY(5); 523 } 524 if (ntries == 10) { 525 printf("%s: could not read EEPROM\n", 526 sc->sc_dev.dv_xname); 527 return ETIMEDOUT; 528 } 529 *out++ = val >> 16; 530 if (count > 1) 531 *out++ = val >> 24; 532 } 533 534 wpi_nic_unlock(sc); 535 return 0; 536 } 537 538 int 539 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 540 bus_size_t size, bus_size_t alignment, int flags) 541 { 542 int nsegs, error; 543 544 dma->tag = tag; 545 dma->size = size; 546 547 error = bus_dmamap_create(tag, size, 1, size, 0, flags, &dma->map); 548 if (error != 0) 549 goto fail; 550 551 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 552 flags); 553 if (error != 0) 554 goto fail; 555 556 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, flags); 557 if (error != 0) 558 goto fail; 559 560 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, flags); 561 if (error != 0) 562 goto fail; 563 564 memset(dma->vaddr, 0, size); 565 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 566 567 dma->paddr = dma->map->dm_segs[0].ds_addr; 568 if (kvap != NULL) 569 *kvap = dma->vaddr; 570 571 return 0; 572 573 fail: wpi_dma_contig_free(dma); 574 return error; 575 } 576 577 void 578 wpi_dma_contig_free(struct wpi_dma_info *dma) 579 { 580 if (dma->map != NULL) { 581 if (dma->vaddr != NULL) { 582 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 583 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 584 bus_dmamap_unload(dma->tag, dma->map); 585 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 586 bus_dmamem_free(dma->tag, &dma->seg, 1); 587 dma->vaddr = NULL; 588 } 589 bus_dmamap_destroy(dma->tag, dma->map); 590 dma->map = NULL; 591 } 592 } 593 594 int 595 wpi_alloc_shared(struct wpi_softc *sc) 596 { 597 /* Shared buffer must be aligned on a 4KB boundary. */ 598 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 599 (void **)&sc->shared, sizeof (struct wpi_shared), 4096, 600 BUS_DMA_NOWAIT); 601 } 602 603 void 604 wpi_free_shared(struct wpi_softc *sc) 605 { 606 wpi_dma_contig_free(&sc->shared_dma); 607 } 608 609 int 610 wpi_alloc_fwmem(struct wpi_softc *sc) 611 { 612 /* Allocate enough contiguous space to store text and data. */ 613 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 614 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16, BUS_DMA_NOWAIT); 615 } 616 617 void 618 wpi_free_fwmem(struct wpi_softc *sc) 619 { 620 wpi_dma_contig_free(&sc->fw_dma); 621 } 622 623 struct wpi_rbuf * 624 wpi_alloc_rbuf(struct wpi_softc *sc) 625 { 626 struct wpi_rbuf *rbuf; 627 628 rbuf = SLIST_FIRST(&sc->rxq.freelist); 629 if (rbuf == NULL) 630 return NULL; 631 SLIST_REMOVE_HEAD(&sc->rxq.freelist, next); 632 return rbuf; 633 } 634 635 /* 636 * This is called automatically by the network stack when the mbuf to which 637 * our RX buffer is attached is freed. 638 */ 639 void 640 wpi_free_rbuf(caddr_t buf, u_int size, void *arg) 641 { 642 struct wpi_rbuf *rbuf = arg; 643 struct wpi_softc *sc = rbuf->sc; 644 645 /* Put the RX buffer back in the free list. */ 646 SLIST_INSERT_HEAD(&sc->rxq.freelist, rbuf, next); 647 } 648 649 int 650 wpi_alloc_rpool(struct wpi_softc *sc) 651 { 652 struct wpi_rx_ring *ring = &sc->rxq; 653 int i, error; 654 655 /* Allocate a big chunk of DMA'able memory... */ 656 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->buf_dma, NULL, 657 WPI_RBUF_COUNT * WPI_RBUF_SIZE, 4096, BUS_DMA_NOWAIT); 658 if (error != 0) { 659 printf("%s: could not allocate Rx buffers DMA memory\n", 660 sc->sc_dev.dv_xname); 661 return error; 662 } 663 664 /* ...and split it into chunks of WPI_RBUF_SIZE bytes. */ 665 SLIST_INIT(&ring->freelist); 666 for (i = 0; i < WPI_RBUF_COUNT; i++) { 667 struct wpi_rbuf *rbuf = &ring->rbuf[i]; 668 669 rbuf->sc = sc; /* Backpointer for callbacks. */ 670 rbuf->vaddr = ring->buf_dma.vaddr + i * WPI_RBUF_SIZE; 671 rbuf->paddr = ring->buf_dma.paddr + i * WPI_RBUF_SIZE; 672 673 SLIST_INSERT_HEAD(&ring->freelist, rbuf, next); 674 } 675 return 0; 676 } 677 678 void 679 wpi_free_rpool(struct wpi_softc *sc) 680 { 681 wpi_dma_contig_free(&sc->rxq.buf_dma); 682 } 683 684 int 685 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 686 { 687 bus_size_t size; 688 int i, error; 689 690 ring->cur = 0; 691 692 /* Allocate RX descriptors (16KB aligned.) */ 693 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 694 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 695 (void **)&ring->desc, size, 16 * 1024, BUS_DMA_NOWAIT); 696 if (error != 0) { 697 printf("%s: could not allocate RX ring DMA memory\n", 698 sc->sc_dev.dv_xname); 699 goto fail; 700 } 701 702 /* 703 * Allocate RX buffers. 704 */ 705 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 706 struct wpi_rx_data *data = &ring->data[i]; 707 struct wpi_rbuf *rbuf; 708 709 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 710 if (data->m == NULL) { 711 printf("%s: could not allocate RX mbuf\n", 712 sc->sc_dev.dv_xname); 713 error = ENOMEM; 714 goto fail; 715 } 716 if ((rbuf = wpi_alloc_rbuf(sc)) == NULL) { 717 m_freem(data->m); 718 data->m = NULL; 719 printf("%s: could not allocate RX buffer\n", 720 sc->sc_dev.dv_xname); 721 error = ENOMEM; 722 goto fail; 723 } 724 /* Attach RX buffer to mbuf header. */ 725 MEXTADD(data->m, rbuf->vaddr, WPI_RBUF_SIZE, 0, wpi_free_rbuf, 726 rbuf); 727 728 /* Set physical address of RX buffer. */ 729 ring->desc[i] = htole32(rbuf->paddr); 730 } 731 return 0; 732 733 fail: wpi_free_rx_ring(sc, ring); 734 return error; 735 } 736 737 void 738 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 739 { 740 int ntries; 741 742 if (wpi_nic_lock(sc) == 0) { 743 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 744 for (ntries = 0; ntries < 100; ntries++) { 745 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 746 WPI_FH_RX_STATUS_IDLE) 747 break; 748 DELAY(10); 749 } 750 wpi_nic_unlock(sc); 751 } 752 ring->cur = 0; 753 } 754 755 void 756 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 757 { 758 int i; 759 760 wpi_dma_contig_free(&ring->desc_dma); 761 762 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 763 if (ring->data[i].m != NULL) 764 m_freem(ring->data[i].m); 765 } 766 } 767 768 int 769 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 770 { 771 bus_addr_t paddr; 772 bus_size_t size; 773 int i, error; 774 775 ring->qid = qid; 776 ring->queued = 0; 777 ring->cur = 0; 778 779 /* Allocate TX descriptors (16KB aligned.) */ 780 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 781 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 782 (void **)&ring->desc, size, 16 * 1024, BUS_DMA_NOWAIT); 783 if (error != 0) { 784 printf("%s: could not allocate TX ring DMA memory\n", 785 sc->sc_dev.dv_xname); 786 goto fail; 787 } 788 789 /* Update shared area with ring's physical address. */ 790 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 791 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 792 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 793 794 /* 795 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 796 * to allocate commands space for other rings. 797 * XXX Do we really need to allocate descriptors for other rings? 798 */ 799 if (qid > 4) 800 return 0; 801 802 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 803 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 804 (void **)&ring->cmd, size, 4, BUS_DMA_NOWAIT); 805 if (error != 0) { 806 printf("%s: could not allocate TX cmd DMA memory\n", 807 sc->sc_dev.dv_xname); 808 goto fail; 809 } 810 811 paddr = ring->cmd_dma.paddr; 812 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 813 struct wpi_tx_data *data = &ring->data[i]; 814 815 data->cmd_paddr = paddr; 816 paddr += sizeof (struct wpi_tx_cmd); 817 818 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 819 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 820 &data->map); 821 if (error != 0) { 822 printf("%s: could not create TX buf DMA map\n", 823 sc->sc_dev.dv_xname); 824 goto fail; 825 } 826 } 827 return 0; 828 829 fail: wpi_free_tx_ring(sc, ring); 830 return error; 831 } 832 833 void 834 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 835 { 836 uint32_t tmp; 837 int i, ntries; 838 839 if (wpi_nic_lock(sc) == 0) { 840 WPI_WRITE(sc, WPI_FH_TX_CONFIG(ring->qid), 0); 841 for (ntries = 0; ntries < 100; ntries++) { 842 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 843 if ((tmp & WPI_FH_TX_STATUS_IDLE(ring->qid)) == 844 WPI_FH_TX_STATUS_IDLE(ring->qid)) 845 break; 846 DELAY(10); 847 } 848 wpi_nic_unlock(sc); 849 } 850 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 851 struct wpi_tx_data *data = &ring->data[i]; 852 853 if (data->m != NULL) { 854 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 855 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 856 bus_dmamap_unload(sc->sc_dmat, data->map); 857 m_freem(data->m); 858 data->m = NULL; 859 } 860 } 861 /* Clear TX descriptors. */ 862 memset(ring->desc, 0, ring->desc_dma.size); 863 sc->qfullmsk &= ~(1 << ring->qid); 864 ring->queued = 0; 865 ring->cur = 0; 866 } 867 868 void 869 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 870 { 871 int i; 872 873 wpi_dma_contig_free(&ring->desc_dma); 874 wpi_dma_contig_free(&ring->cmd_dma); 875 876 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 877 struct wpi_tx_data *data = &ring->data[i]; 878 879 if (data->m != NULL) { 880 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 881 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 882 bus_dmamap_unload(sc->sc_dmat, data->map); 883 m_freem(data->m); 884 } 885 if (data->map != NULL) 886 bus_dmamap_destroy(sc->sc_dmat, data->map); 887 } 888 } 889 890 int 891 wpi_read_eeprom(struct wpi_softc *sc) 892 { 893 struct ieee80211com *ic = &sc->sc_ic; 894 char domain[4]; 895 int i; 896 897 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 898 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 899 return EIO; 900 } 901 /* Clear HW ownership of EEPROM. */ 902 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 903 904 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 905 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 906 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 907 908 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 909 sc->type)); 910 911 /* Read and print regulatory domain (4 ASCII characters.) */ 912 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 913 printf(", %.4s", domain); 914 915 /* Read and print MAC address. */ 916 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 917 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 918 919 /* Read the list of authorized channels. */ 920 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 921 wpi_read_eeprom_channels(sc, i); 922 923 /* Read the list of TX power groups. */ 924 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 925 wpi_read_eeprom_group(sc, i); 926 927 return 0; 928 } 929 930 void 931 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 932 { 933 struct ieee80211com *ic = &sc->sc_ic; 934 const struct wpi_chan_band *band = &wpi_bands[n]; 935 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 936 int chan, i; 937 938 wpi_read_prom_data(sc, band->addr, channels, 939 band->nchan * sizeof (struct wpi_eeprom_chan)); 940 941 for (i = 0; i < band->nchan; i++) { 942 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 943 continue; 944 945 chan = band->chan[i]; 946 947 if (n == 0) { /* 2GHz band */ 948 ic->ic_channels[chan].ic_freq = 949 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 950 ic->ic_channels[chan].ic_flags = 951 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 952 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 953 954 } else { /* 5GHz band */ 955 /* 956 * Some adapters support channels 7, 8, 11 and 12 957 * both in the 2GHz and 4.9GHz bands. 958 * Because of limitations in our net80211 layer, 959 * we don't support them in the 4.9GHz band. 960 */ 961 if (chan <= 14) 962 continue; 963 964 ic->ic_channels[chan].ic_freq = 965 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 966 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 967 } 968 969 /* Is active scan allowed on this channel? */ 970 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 971 ic->ic_channels[chan].ic_flags |= 972 IEEE80211_CHAN_PASSIVE; 973 } 974 975 /* Save maximum allowed TX power for this channel. */ 976 sc->maxpwr[chan] = channels[i].maxpwr; 977 978 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 979 chan, channels[i].flags, sc->maxpwr[chan])); 980 } 981 } 982 983 void 984 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 985 { 986 struct wpi_power_group *group = &sc->groups[n]; 987 struct wpi_eeprom_group rgroup; 988 int i; 989 990 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 991 sizeof rgroup); 992 993 /* Save TX power group information. */ 994 group->chan = rgroup.chan; 995 group->maxpwr = rgroup.maxpwr; 996 /* Retrieve temperature at which the samples were taken. */ 997 group->temp = (int16_t)letoh16(rgroup.temp); 998 999 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 1000 group->chan, group->maxpwr, group->temp)); 1001 1002 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1003 group->samples[i].index = rgroup.samples[i].index; 1004 group->samples[i].power = rgroup.samples[i].power; 1005 1006 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 1007 group->samples[i].index, group->samples[i].power)); 1008 } 1009 } 1010 1011 struct ieee80211_node * 1012 wpi_node_alloc(struct ieee80211com *ic) 1013 { 1014 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1015 } 1016 1017 void 1018 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1019 { 1020 struct wpi_softc *sc = ic->ic_if.if_softc; 1021 struct wpi_node *wn = (void *)ni; 1022 uint8_t rate; 1023 int ridx, i; 1024 1025 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 1026 1027 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 1028 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 1029 /* Map 802.11 rate to HW rate index. */ 1030 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1031 if (wpi_rates[ridx].rate == rate) 1032 break; 1033 wn->ridx[i] = ridx; 1034 /* Initial TX rate <= 24Mbps. */ 1035 if (rate <= 48) 1036 ni->ni_txrate = i; 1037 } 1038 } 1039 1040 int 1041 wpi_media_change(struct ifnet *ifp) 1042 { 1043 struct wpi_softc *sc = ifp->if_softc; 1044 struct ieee80211com *ic = &sc->sc_ic; 1045 uint8_t rate, ridx; 1046 int error; 1047 1048 error = ieee80211_media_change(ifp); 1049 if (error != ENETRESET) 1050 return error; 1051 1052 if (ic->ic_fixed_rate != -1) { 1053 rate = ic->ic_sup_rates[ic->ic_curmode]. 1054 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1055 /* Map 802.11 rate to HW rate index. */ 1056 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1057 if (wpi_rates[ridx].rate == rate) 1058 break; 1059 sc->fixed_ridx = ridx; 1060 } 1061 1062 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1063 (IFF_UP | IFF_RUNNING)) { 1064 wpi_stop(ifp, 0); 1065 error = wpi_init(ifp); 1066 } 1067 return error; 1068 } 1069 1070 int 1071 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1072 { 1073 struct ifnet *ifp = &ic->ic_if; 1074 struct wpi_softc *sc = ifp->if_softc; 1075 int error; 1076 1077 timeout_del(&sc->calib_to); 1078 1079 switch (nstate) { 1080 case IEEE80211_S_SCAN: 1081 /* Make the link LED blink while we're scanning. */ 1082 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1083 1084 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1085 printf("%s: could not initiate scan\n", 1086 sc->sc_dev.dv_xname); 1087 return error; 1088 } 1089 ic->ic_state = nstate; 1090 return 0; 1091 1092 case IEEE80211_S_ASSOC: 1093 if (ic->ic_state != IEEE80211_S_RUN) 1094 break; 1095 /* FALLTHROUGH */ 1096 case IEEE80211_S_AUTH: 1097 /* Reset state to handle reassociations correctly. */ 1098 sc->rxon.associd = 0; 1099 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1100 1101 if ((error = wpi_auth(sc)) != 0) { 1102 printf("%s: could not move to auth state\n", 1103 sc->sc_dev.dv_xname); 1104 return error; 1105 } 1106 break; 1107 1108 case IEEE80211_S_RUN: 1109 if ((error = wpi_run(sc)) != 0) { 1110 printf("%s: could not move to run state\n", 1111 sc->sc_dev.dv_xname); 1112 return error; 1113 } 1114 break; 1115 1116 case IEEE80211_S_INIT: 1117 break; 1118 } 1119 1120 return sc->sc_newstate(ic, nstate, arg); 1121 } 1122 1123 void 1124 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1125 { 1126 struct wpi_softc *sc = arg; 1127 struct wpi_node *wn = (struct wpi_node *)ni; 1128 1129 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1130 } 1131 1132 void 1133 wpi_calib_timeout(void *arg) 1134 { 1135 struct wpi_softc *sc = arg; 1136 struct ieee80211com *ic = &sc->sc_ic; 1137 int temp, s; 1138 1139 /* Automatic rate control triggered every 500ms. */ 1140 if (ic->ic_fixed_rate == -1) { 1141 s = splnet(); 1142 if (ic->ic_opmode == IEEE80211_M_STA) 1143 wpi_iter_func(sc, ic->ic_bss); 1144 else 1145 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1146 splx(s); 1147 } 1148 /* Update sensor. */ 1149 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 1150 sc->sensor.value = temp + 260; 1151 1152 /* Force automatic TX power calibration every 60 secs. */ 1153 if (++sc->calib_cnt >= 120) { 1154 wpi_power_calibration(sc, temp); 1155 sc->calib_cnt = 0; 1156 } 1157 /* Automatic rate control triggered every 500ms. */ 1158 timeout_add(&sc->calib_to, hz / 2); 1159 } 1160 1161 int 1162 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1163 { 1164 struct ieee80211_frame *wh; 1165 uint64_t pn, *prsc; 1166 uint8_t *ivp; 1167 uint8_t tid; 1168 int hdrlen; 1169 1170 wh = mtod(m, struct ieee80211_frame *); 1171 hdrlen = ieee80211_get_hdrlen(wh); 1172 ivp = (uint8_t *)wh + hdrlen; 1173 1174 /* Check that ExtIV bit is be set. */ 1175 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1176 DPRINTF(("CCMP decap ExtIV not set\n")); 1177 return 1; 1178 } 1179 tid = ieee80211_has_qos(wh) ? 1180 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1181 prsc = &k->k_rsc[tid]; 1182 1183 /* Extract the 48-bit PN from the CCMP header. */ 1184 pn = (uint64_t)ivp[0] | 1185 (uint64_t)ivp[1] << 8 | 1186 (uint64_t)ivp[4] << 16 | 1187 (uint64_t)ivp[5] << 24 | 1188 (uint64_t)ivp[6] << 32 | 1189 (uint64_t)ivp[7] << 40; 1190 if (pn <= *prsc) { 1191 /* 1192 * Not necessarily a replayed frame since we did not check 1193 * the sequence number of the 802.11 header yet. 1194 */ 1195 DPRINTF(("CCMP replayed\n")); 1196 return 1; 1197 } 1198 /* Update last seen packet number. */ 1199 *prsc = pn; 1200 1201 /* Clear Protected bit and strip IV. */ 1202 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1203 ovbcopy(wh, mtod(m, caddr_t) + IEEE80211_CCMP_HDRLEN, hdrlen); 1204 m_adj(m, IEEE80211_CCMP_HDRLEN); 1205 /* Strip MIC. */ 1206 m_adj(m, -IEEE80211_CCMP_MICLEN); 1207 return 0; 1208 } 1209 1210 void 1211 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1212 struct wpi_rx_data *data) 1213 { 1214 struct ieee80211com *ic = &sc->sc_ic; 1215 struct ifnet *ifp = &ic->ic_if; 1216 struct wpi_rx_ring *ring = &sc->rxq; 1217 struct wpi_rx_stat *stat; 1218 struct wpi_rx_head *head; 1219 struct wpi_rx_tail *tail; 1220 struct wpi_rbuf *rbuf; 1221 struct ieee80211_frame *wh; 1222 struct ieee80211_rxinfo rxi; 1223 struct ieee80211_node *ni; 1224 struct mbuf *m, *m1; 1225 uint32_t flags; 1226 1227 stat = (struct wpi_rx_stat *)(desc + 1); 1228 bus_dmamap_sync(sc->sc_dmat, ring->buf_dma.map, 1229 (caddr_t)stat - ring->buf_dma.vaddr, WPI_RBUF_SIZE, 1230 BUS_DMASYNC_POSTREAD); 1231 1232 if (stat->len > WPI_STAT_MAXLEN) { 1233 printf("%s: invalid RX statistic header\n", 1234 sc->sc_dev.dv_xname); 1235 ifp->if_ierrors++; 1236 return; 1237 } 1238 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1239 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1240 flags = letoh32(tail->flags); 1241 1242 /* Discard frames with a bad FCS early. */ 1243 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1244 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1245 ifp->if_ierrors++; 1246 return; 1247 } 1248 /* Discard frames that are too short. */ 1249 if (letoh16(head->len) < sizeof (struct ieee80211_frame)) { 1250 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1251 ic->ic_stats.is_rx_tooshort++; 1252 ifp->if_ierrors++; 1253 return; 1254 } 1255 1256 m = data->m; 1257 1258 /* Finalize mbuf. */ 1259 m->m_pkthdr.rcvif = ifp; 1260 m->m_data = (caddr_t)(head + 1); 1261 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1262 1263 /* Grab a reference to the source node. */ 1264 wh = mtod(m, struct ieee80211_frame *); 1265 ni = ieee80211_find_rxnode(ic, wh); 1266 1267 rxi.rxi_flags = 0; 1268 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1269 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1270 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1271 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1272 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1273 ic->ic_stats.is_ccmp_dec_errs++; 1274 ifp->if_ierrors++; 1275 return; 1276 } 1277 /* Check whether decryption was successful or not. */ 1278 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1279 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1280 ic->ic_stats.is_ccmp_dec_errs++; 1281 ifp->if_ierrors++; 1282 return; 1283 } 1284 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1285 ifp->if_ierrors++; 1286 return; 1287 } 1288 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1289 } 1290 1291 if ((rbuf = SLIST_FIRST(&sc->rxq.freelist)) != NULL) { 1292 MGETHDR(m1, M_DONTWAIT, MT_DATA); 1293 if (m1 == NULL) { 1294 ic->ic_stats.is_rx_nombuf++; 1295 ifp->if_ierrors++; 1296 return; 1297 } 1298 /* Attach RX buffer to mbuf header. */ 1299 MEXTADD(m1, rbuf->vaddr, WPI_RBUF_SIZE, 0, wpi_free_rbuf, 1300 rbuf); 1301 SLIST_REMOVE_HEAD(&sc->rxq.freelist, next); 1302 1303 data->m = m1; 1304 1305 /* Update RX descriptor. */ 1306 ring->desc[ring->cur] = htole32(rbuf->paddr); 1307 } else { 1308 /* No free rbufs, copy frame into an mbuf. */ 1309 m = m_copym2(m, 0, M_COPYALL, M_DONTWAIT); 1310 if (m == NULL) { 1311 /* No free mbufs either, drop frame. */ 1312 ic->ic_stats.is_rx_nombuf++; 1313 ifp->if_ierrors++; 1314 return; 1315 } 1316 } 1317 1318 #if NBPFILTER > 0 1319 if (sc->sc_drvbpf != NULL) { 1320 struct mbuf mb; 1321 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1322 1323 tap->wr_flags = 0; 1324 if (letoh16(head->flags) & 0x4) 1325 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1326 tap->wr_chan_freq = 1327 htole16(ic->ic_channels[head->chan].ic_freq); 1328 tap->wr_chan_flags = 1329 htole16(ic->ic_channels[head->chan].ic_flags); 1330 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1331 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1332 tap->wr_tsft = tail->tstamp; 1333 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1334 switch (head->rate) { 1335 /* CCK rates. */ 1336 case 10: tap->wr_rate = 2; break; 1337 case 20: tap->wr_rate = 4; break; 1338 case 55: tap->wr_rate = 11; break; 1339 case 110: tap->wr_rate = 22; break; 1340 /* OFDM rates. */ 1341 case 0xd: tap->wr_rate = 12; break; 1342 case 0xf: tap->wr_rate = 18; break; 1343 case 0x5: tap->wr_rate = 24; break; 1344 case 0x7: tap->wr_rate = 36; break; 1345 case 0x9: tap->wr_rate = 48; break; 1346 case 0xb: tap->wr_rate = 72; break; 1347 case 0x1: tap->wr_rate = 96; break; 1348 case 0x3: tap->wr_rate = 108; break; 1349 /* Unknown rate: should not happen. */ 1350 default: tap->wr_rate = 0; 1351 } 1352 1353 mb.m_data = (caddr_t)tap; 1354 mb.m_len = sc->sc_rxtap_len; 1355 mb.m_next = m; 1356 mb.m_nextpkt = NULL; 1357 mb.m_type = 0; 1358 mb.m_flags = 0; 1359 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1360 } 1361 #endif 1362 1363 /* Send the frame to the 802.11 layer. */ 1364 rxi.rxi_rssi = stat->rssi; 1365 rxi.rxi_tstamp = 0; /* unused */ 1366 ieee80211_input(ifp, m, ni, &rxi); 1367 1368 /* Node is no longer needed. */ 1369 ieee80211_release_node(ic, ni); 1370 } 1371 1372 void 1373 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1374 { 1375 struct ieee80211com *ic = &sc->sc_ic; 1376 struct ifnet *ifp = &ic->ic_if; 1377 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1378 struct wpi_tx_data *data = &ring->data[desc->idx]; 1379 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1380 struct wpi_node *wn = (struct wpi_node *)data->ni; 1381 1382 /* Update rate control statistics. */ 1383 wn->amn.amn_txcnt++; 1384 if (stat->retrycnt > 0) 1385 wn->amn.amn_retrycnt++; 1386 1387 if ((letoh32(stat->status) & 0xff) != 1) 1388 ifp->if_oerrors++; 1389 else 1390 ifp->if_opackets++; 1391 1392 /* Unmap and free mbuf. */ 1393 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1394 BUS_DMASYNC_POSTWRITE); 1395 bus_dmamap_unload(sc->sc_dmat, data->map); 1396 m_freem(data->m); 1397 data->m = NULL; 1398 ieee80211_release_node(ic, data->ni); 1399 data->ni = NULL; 1400 1401 sc->sc_tx_timer = 0; 1402 if (--ring->queued < WPI_TX_RING_LOMARK) { 1403 sc->qfullmsk &= ~(1 << ring->qid); 1404 if (sc->qfullmsk == 0 && (ifp->if_flags & IFF_OACTIVE)) { 1405 ifp->if_flags &= ~IFF_OACTIVE; 1406 (*ifp->if_start)(ifp); 1407 } 1408 } 1409 } 1410 1411 void 1412 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1413 { 1414 struct wpi_tx_ring *ring = &sc->txq[4]; 1415 struct wpi_tx_data *data; 1416 1417 if ((desc->qid & 7) != 4) 1418 return; /* Not a command ack. */ 1419 1420 data = &ring->data[desc->idx]; 1421 1422 /* If the command was mapped in an mbuf, free it. */ 1423 if (data->m != NULL) { 1424 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1425 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1426 bus_dmamap_unload(sc->sc_dmat, data->map); 1427 m_freem(data->m); 1428 data->m = NULL; 1429 } 1430 wakeup(&ring->cmd[desc->idx]); 1431 } 1432 1433 void 1434 wpi_notif_intr(struct wpi_softc *sc) 1435 { 1436 struct ieee80211com *ic = &sc->sc_ic; 1437 struct ifnet *ifp = &ic->ic_if; 1438 uint32_t hw; 1439 1440 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1441 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1442 1443 hw = letoh32(sc->shared->next); 1444 while (sc->rxq.cur != hw) { 1445 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1446 struct wpi_rx_desc *desc = (void *)data->m->m_ext.ext_buf; 1447 1448 bus_dmamap_sync(sc->sc_dmat, sc->rxq.buf_dma.map, 1449 (caddr_t)desc - sc->rxq.buf_dma.vaddr, sizeof (*desc), 1450 BUS_DMASYNC_POSTREAD); 1451 1452 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1453 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1454 letoh32(desc->len))); 1455 1456 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1457 wpi_cmd_done(sc, desc); 1458 1459 switch (desc->type) { 1460 case WPI_RX_DONE: 1461 /* An 802.11 frame has been received. */ 1462 wpi_rx_done(sc, desc, data); 1463 break; 1464 1465 case WPI_TX_DONE: 1466 /* An 802.11 frame has been transmitted. */ 1467 wpi_tx_done(sc, desc); 1468 break; 1469 1470 case WPI_UC_READY: 1471 { 1472 struct wpi_ucode_info *uc = 1473 (struct wpi_ucode_info *)(desc + 1); 1474 1475 /* The microcontroller is ready. */ 1476 bus_dmamap_sync(sc->sc_dmat, sc->rxq.buf_dma.map, 1477 (caddr_t)uc - sc->rxq.buf_dma.vaddr, 1478 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1479 DPRINTF(("microcode alive notification version %x " 1480 "alive %x\n", letoh32(uc->version), 1481 letoh32(uc->valid))); 1482 1483 if (letoh32(uc->valid) != 1) { 1484 printf("%s: microcontroller initialization " 1485 "failed\n", sc->sc_dev.dv_xname); 1486 } 1487 if (uc->subtype != WPI_UCODE_INIT) { 1488 /* Save the address of the error log. */ 1489 sc->errptr = letoh32(uc->errptr); 1490 } 1491 break; 1492 } 1493 case WPI_STATE_CHANGED: 1494 { 1495 uint32_t *status = (uint32_t *)(desc + 1); 1496 1497 /* Enabled/disabled notification. */ 1498 bus_dmamap_sync(sc->sc_dmat, sc->rxq.buf_dma.map, 1499 (caddr_t)status - sc->rxq.buf_dma.vaddr, 1500 sizeof (*status), BUS_DMASYNC_POSTREAD); 1501 DPRINTF(("state changed to %x\n", letoh32(*status))); 1502 1503 if (letoh32(*status) & 1) { 1504 /* The radio button has to be pushed. */ 1505 printf("%s: Radio transmitter is off\n", 1506 sc->sc_dev.dv_xname); 1507 /* Turn the interface down. */ 1508 ifp->if_flags &= ~IFF_UP; 1509 wpi_stop(ifp, 1); 1510 return; /* No further processing. */ 1511 } 1512 break; 1513 } 1514 case WPI_START_SCAN: 1515 { 1516 struct wpi_start_scan *scan = 1517 (struct wpi_start_scan *)(desc + 1); 1518 1519 bus_dmamap_sync(sc->sc_dmat, sc->rxq.buf_dma.map, 1520 (caddr_t)scan - sc->rxq.buf_dma.vaddr, 1521 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1522 DPRINTFN(2, ("scanning channel %d status %x\n", 1523 scan->chan, letoh32(scan->status))); 1524 1525 /* Fix current channel. */ 1526 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1527 break; 1528 } 1529 case WPI_STOP_SCAN: 1530 { 1531 struct wpi_stop_scan *scan = 1532 (struct wpi_stop_scan *)(desc + 1); 1533 1534 bus_dmamap_sync(sc->sc_dmat, sc->rxq.buf_dma.map, 1535 (caddr_t)scan - sc->rxq.buf_dma.vaddr, 1536 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1537 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1538 scan->nchan, scan->status, scan->chan)); 1539 1540 if (scan->status == 1 && scan->chan <= 14 && 1541 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1542 /* 1543 * We just finished scanning 2GHz channels, 1544 * start scanning 5GHz ones. 1545 */ 1546 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1547 break; 1548 } 1549 ieee80211_end_scan(ifp); 1550 break; 1551 } 1552 } 1553 1554 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1555 } 1556 1557 /* Tell the firmware what we have processed. */ 1558 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1559 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1560 } 1561 1562 /* 1563 * Dump the error log of the firmware when a firmware panic occurs. Although 1564 * we can't debug the firmware because it is neither open source nor free, it 1565 * can help us to identify certain classes of problems. 1566 */ 1567 void 1568 wpi_fatal_intr(struct wpi_softc *sc) 1569 { 1570 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1571 struct wpi_fwdump dump; 1572 uint32_t i, offset, count; 1573 1574 /* Check that the error log address is valid. */ 1575 if (sc->errptr < WPI_FW_DATA_BASE || 1576 sc->errptr + sizeof (dump) > 1577 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1578 printf("%s: bad firmware error log address 0x%08x\n", 1579 sc->sc_dev.dv_xname, sc->errptr); 1580 return; 1581 } 1582 1583 if (wpi_nic_lock(sc) != 0) { 1584 printf("%s: could not read firmware error log\n", 1585 sc->sc_dev.dv_xname); 1586 return; 1587 } 1588 /* Read number of entries in the log. */ 1589 count = wpi_mem_read(sc, sc->errptr); 1590 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1591 printf("%s: invalid count field (count=%u)\n", 1592 sc->sc_dev.dv_xname, count); 1593 wpi_nic_unlock(sc); 1594 return; 1595 } 1596 /* Skip "count" field. */ 1597 offset = sc->errptr + sizeof (uint32_t); 1598 printf("firmware error log (count=%u):\n", count); 1599 for (i = 0; i < count; i++) { 1600 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1601 sizeof (dump) / sizeof (uint32_t)); 1602 1603 printf(" error type = \"%s\" (0x%08X)\n", 1604 (dump.desc < N(wpi_fw_errmsg)) ? 1605 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1606 dump.desc); 1607 printf(" error data = 0x%08X\n", 1608 dump.data); 1609 printf(" branch link = 0x%08X%08X\n", 1610 dump.blink[0], dump.blink[1]); 1611 printf(" interrupt link = 0x%08X%08X\n", 1612 dump.ilink[0], dump.ilink[1]); 1613 printf(" time = %u\n", dump.time); 1614 1615 offset += sizeof (dump); 1616 } 1617 wpi_nic_unlock(sc); 1618 /* Dump driver status (TX and RX rings) while we're here. */ 1619 printf("driver status:\n"); 1620 for (i = 0; i < 6; i++) { 1621 struct wpi_tx_ring *ring = &sc->txq[i]; 1622 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1623 i, ring->qid, ring->cur, ring->queued); 1624 } 1625 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1626 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1627 #undef N 1628 } 1629 1630 int 1631 wpi_intr(void *arg) 1632 { 1633 struct wpi_softc *sc = arg; 1634 struct ifnet *ifp = &sc->sc_ic.ic_if; 1635 uint32_t r1, r2; 1636 1637 /* Disable interrupts. */ 1638 WPI_WRITE(sc, WPI_MASK, 0); 1639 1640 r1 = WPI_READ(sc, WPI_INT); 1641 r2 = WPI_READ(sc, WPI_FH_INT); 1642 1643 if (r1 == 0 && r2 == 0) { 1644 if (ifp->if_flags & IFF_UP) 1645 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1646 return 0; /* Interrupt not for us. */ 1647 } 1648 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1649 return 0; /* Hardware gone! */ 1650 1651 /* Acknowledge interrupts. */ 1652 WPI_WRITE(sc, WPI_INT, r1); 1653 WPI_WRITE(sc, WPI_FH_INT, r2); 1654 1655 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1656 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1657 /* Dump firmware error log and stop. */ 1658 wpi_fatal_intr(sc); 1659 ifp->if_flags &= ~IFF_UP; 1660 wpi_stop(ifp, 1); 1661 return 1; 1662 } 1663 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1664 (r2 & WPI_FH_INT_RX)) 1665 wpi_notif_intr(sc); 1666 1667 if (r1 & WPI_INT_ALIVE) 1668 wakeup(sc); /* Firmware is alive. */ 1669 1670 /* Re-enable interrupts. */ 1671 if (ifp->if_flags & IFF_UP) 1672 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1673 1674 return 1; 1675 } 1676 1677 int 1678 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1679 { 1680 struct ieee80211com *ic = &sc->sc_ic; 1681 struct wpi_node *wn = (void *)ni; 1682 struct wpi_tx_ring *ring; 1683 struct wpi_tx_desc *desc; 1684 struct wpi_tx_data *data; 1685 struct wpi_tx_cmd *cmd; 1686 struct wpi_cmd_data *tx; 1687 const struct wpi_rate *rinfo; 1688 struct ieee80211_frame *wh; 1689 struct ieee80211_key *k = NULL; 1690 struct mbuf *m1; 1691 enum ieee80211_edca_ac ac; 1692 uint32_t flags; 1693 uint16_t qos; 1694 u_int hdrlen; 1695 uint8_t *ivp, tid, ridx, type; 1696 int i, totlen, hasqos, error; 1697 1698 wh = mtod(m, struct ieee80211_frame *); 1699 hdrlen = ieee80211_get_hdrlen(wh); 1700 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1701 1702 /* Select EDCA Access Category and TX ring for this frame. */ 1703 if ((hasqos = ieee80211_has_qos(wh))) { 1704 qos = ieee80211_get_qos(wh); 1705 tid = qos & IEEE80211_QOS_TID; 1706 ac = ieee80211_up_to_ac(ic, tid); 1707 } else { 1708 tid = 0; 1709 ac = EDCA_AC_BE; 1710 } 1711 1712 ring = &sc->txq[ac]; 1713 desc = &ring->desc[ring->cur]; 1714 data = &ring->data[ring->cur]; 1715 1716 /* Choose a TX rate index. */ 1717 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1718 type != IEEE80211_FC0_TYPE_DATA) { 1719 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1720 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1721 } else if (ic->ic_fixed_rate != -1) { 1722 ridx = sc->fixed_ridx; 1723 } else 1724 ridx = wn->ridx[ni->ni_txrate]; 1725 rinfo = &wpi_rates[ridx]; 1726 1727 #if NBPFILTER > 0 1728 if (sc->sc_drvbpf != NULL) { 1729 struct mbuf mb; 1730 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1731 1732 tap->wt_flags = 0; 1733 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1734 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1735 tap->wt_rate = rinfo->rate; 1736 tap->wt_hwqueue = ac; 1737 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1738 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1739 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1740 1741 mb.m_data = (caddr_t)tap; 1742 mb.m_len = sc->sc_txtap_len; 1743 mb.m_next = m; 1744 mb.m_nextpkt = NULL; 1745 mb.m_type = 0; 1746 mb.m_flags = 0; 1747 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1748 } 1749 #endif 1750 1751 totlen = m->m_pkthdr.len; 1752 1753 /* Encrypt the frame if need be. */ 1754 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1755 /* Retrieve key for TX. */ 1756 k = ieee80211_get_txkey(ic, wh, ni); 1757 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1758 /* Do software encryption. */ 1759 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1760 return ENOBUFS; 1761 /* 802.11 header may have moved. */ 1762 wh = mtod(m, struct ieee80211_frame *); 1763 totlen = m->m_pkthdr.len; 1764 1765 } else /* HW appends CCMP MIC. */ 1766 totlen += IEEE80211_CCMP_HDRLEN; 1767 } 1768 1769 /* Prepare TX firmware command. */ 1770 cmd = &ring->cmd[ring->cur]; 1771 cmd->code = WPI_CMD_TX_DATA; 1772 cmd->flags = 0; 1773 cmd->qid = ring->qid; 1774 cmd->idx = ring->cur; 1775 1776 tx = (struct wpi_cmd_data *)cmd->data; 1777 /* NB: No need to clear tx, all fields are reinitialized here. */ 1778 1779 flags = 0; 1780 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1781 /* Unicast frame, check if an ACK is expected. */ 1782 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1783 IEEE80211_QOS_ACK_POLICY_NOACK) 1784 flags |= WPI_TX_NEED_ACK; 1785 } 1786 1787 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1788 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1789 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1790 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1791 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1792 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1793 ridx <= WPI_RIDX_OFDM54) { 1794 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1795 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1796 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1797 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1798 } 1799 } 1800 1801 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1802 type != IEEE80211_FC0_TYPE_DATA) 1803 tx->id = WPI_ID_BROADCAST; 1804 else 1805 tx->id = wn->id; 1806 1807 if (type == IEEE80211_FC0_TYPE_MGT) { 1808 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1809 1810 #ifndef IEEE80211_STA_ONLY 1811 /* Tell HW to set timestamp in probe responses. */ 1812 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1813 flags |= WPI_TX_INSERT_TSTAMP; 1814 #endif 1815 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1816 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1817 tx->timeout = htole16(3); 1818 else 1819 tx->timeout = htole16(2); 1820 } else 1821 tx->timeout = htole16(0); 1822 1823 tx->len = htole16(totlen); 1824 tx->tid = tid; 1825 tx->rts_ntries = 7; 1826 tx->data_ntries = 15; 1827 tx->ofdm_mask = 0xff; 1828 tx->cck_mask = 0x0f; 1829 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1830 tx->plcp = rinfo->plcp; 1831 1832 /* Copy 802.11 header in TX command. */ 1833 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1834 1835 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1836 /* Trim 802.11 header and prepend CCMP IV. */ 1837 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1838 ivp = mtod(m, uint8_t *); 1839 k->k_tsc++; 1840 ivp[0] = k->k_tsc; 1841 ivp[1] = k->k_tsc >> 8; 1842 ivp[2] = 0; 1843 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1844 ivp[4] = k->k_tsc >> 16; 1845 ivp[5] = k->k_tsc >> 24; 1846 ivp[6] = k->k_tsc >> 32; 1847 ivp[7] = k->k_tsc >> 40; 1848 1849 tx->security = WPI_CIPHER_CCMP; 1850 memcpy(tx->key, k->k_key, k->k_len); 1851 } else { 1852 /* Trim 802.11 header. */ 1853 m_adj(m, hdrlen); 1854 tx->security = 0; 1855 } 1856 tx->flags = htole32(flags); 1857 1858 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1859 BUS_DMA_NOWAIT); 1860 if (error != 0 && error != EFBIG) { 1861 printf("%s: can't map mbuf (error %d)\n", 1862 sc->sc_dev.dv_xname, error); 1863 m_freem(m); 1864 return error; 1865 } 1866 if (error != 0) { 1867 /* Too many DMA segments, linearize mbuf. */ 1868 MGETHDR(m1, M_DONTWAIT, MT_DATA); 1869 if (m1 == NULL) { 1870 m_freem(m); 1871 return ENOBUFS; 1872 } 1873 if (m->m_pkthdr.len > MHLEN) { 1874 MCLGET(m1, M_DONTWAIT); 1875 if (!(m1->m_flags & M_EXT)) { 1876 m_freem(m); 1877 m_freem(m1); 1878 return ENOBUFS; 1879 } 1880 } 1881 m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, caddr_t)); 1882 m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len; 1883 m_freem(m); 1884 m = m1; 1885 1886 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1887 BUS_DMA_NOWAIT); 1888 if (error != 0) { 1889 printf("%s: can't map mbuf (error %d)\n", 1890 sc->sc_dev.dv_xname, error); 1891 m_freem(m); 1892 return error; 1893 } 1894 } 1895 1896 data->m = m; 1897 data->ni = ni; 1898 1899 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1900 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1901 1902 /* Fill TX descriptor. */ 1903 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1904 (1 + data->map->dm_nsegs) << 24); 1905 /* First DMA segment is used by the TX command. */ 1906 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1907 ring->cur * sizeof (struct wpi_tx_cmd)); 1908 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1909 ((hdrlen + 3) & ~3)); 1910 /* Other DMA segments are for data payload. */ 1911 for (i = 1; i <= data->map->dm_nsegs; i++) { 1912 desc->segs[i].addr = 1913 htole32(data->map->dm_segs[i - 1].ds_addr); 1914 desc->segs[i].len = 1915 htole32(data->map->dm_segs[i - 1].ds_len); 1916 } 1917 1918 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1919 BUS_DMASYNC_PREWRITE); 1920 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1921 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1922 BUS_DMASYNC_PREWRITE); 1923 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1924 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1925 BUS_DMASYNC_PREWRITE); 1926 1927 /* Kick TX ring. */ 1928 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1929 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1930 1931 /* Mark TX ring as full if we reach a certain threshold. */ 1932 if (++ring->queued > WPI_TX_RING_HIMARK) 1933 sc->qfullmsk |= 1 << ring->qid; 1934 1935 return 0; 1936 } 1937 1938 void 1939 wpi_start(struct ifnet *ifp) 1940 { 1941 struct wpi_softc *sc = ifp->if_softc; 1942 struct ieee80211com *ic = &sc->sc_ic; 1943 struct ieee80211_node *ni; 1944 struct mbuf *m; 1945 1946 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1947 return; 1948 1949 for (;;) { 1950 if (sc->qfullmsk != 0) { 1951 ifp->if_flags |= IFF_OACTIVE; 1952 break; 1953 } 1954 /* Send pending management frames first. */ 1955 IF_DEQUEUE(&ic->ic_mgtq, m); 1956 if (m != NULL) { 1957 ni = (void *)m->m_pkthdr.rcvif; 1958 goto sendit; 1959 } 1960 if (ic->ic_state != IEEE80211_S_RUN) 1961 break; 1962 1963 /* Encapsulate and send data frames. */ 1964 IFQ_DEQUEUE(&ifp->if_snd, m); 1965 if (m == NULL) 1966 break; 1967 #if NBPFILTER > 0 1968 if (ifp->if_bpf != NULL) 1969 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1970 #endif 1971 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1972 continue; 1973 sendit: 1974 #if NBPFILTER > 0 1975 if (ic->ic_rawbpf != NULL) 1976 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1977 #endif 1978 if (wpi_tx(sc, m, ni) != 0) { 1979 ieee80211_release_node(ic, ni); 1980 ifp->if_oerrors++; 1981 continue; 1982 } 1983 1984 sc->sc_tx_timer = 5; 1985 ifp->if_timer = 1; 1986 } 1987 } 1988 1989 void 1990 wpi_watchdog(struct ifnet *ifp) 1991 { 1992 struct wpi_softc *sc = ifp->if_softc; 1993 1994 ifp->if_timer = 0; 1995 1996 if (sc->sc_tx_timer > 0) { 1997 if (--sc->sc_tx_timer == 0) { 1998 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1999 ifp->if_flags &= ~IFF_UP; 2000 wpi_stop(ifp, 1); 2001 ifp->if_oerrors++; 2002 return; 2003 } 2004 ifp->if_timer = 1; 2005 } 2006 2007 ieee80211_watchdog(ifp); 2008 } 2009 2010 int 2011 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2012 { 2013 struct wpi_softc *sc = ifp->if_softc; 2014 struct ieee80211com *ic = &sc->sc_ic; 2015 struct ifaddr *ifa; 2016 struct ifreq *ifr; 2017 int s, error = 0; 2018 2019 s = splnet(); 2020 2021 switch (cmd) { 2022 case SIOCSIFADDR: 2023 ifa = (struct ifaddr *)data; 2024 ifp->if_flags |= IFF_UP; 2025 #ifdef INET 2026 if (ifa->ifa_addr->sa_family == AF_INET) 2027 arp_ifinit(&ic->ic_ac, ifa); 2028 #endif 2029 /* FALLTHROUGH */ 2030 case SIOCSIFFLAGS: 2031 if (ifp->if_flags & IFF_UP) { 2032 if (!(ifp->if_flags & IFF_RUNNING)) 2033 error = wpi_init(ifp); 2034 } else { 2035 if (ifp->if_flags & IFF_RUNNING) 2036 wpi_stop(ifp, 1); 2037 } 2038 break; 2039 2040 case SIOCADDMULTI: 2041 case SIOCDELMULTI: 2042 ifr = (struct ifreq *)data; 2043 error = (cmd == SIOCADDMULTI) ? 2044 ether_addmulti(ifr, &ic->ic_ac) : 2045 ether_delmulti(ifr, &ic->ic_ac); 2046 2047 if (error == ENETRESET) 2048 error = 0; 2049 break; 2050 2051 case SIOCS80211POWER: 2052 error = ieee80211_ioctl(ifp, cmd, data); 2053 if (error != ENETRESET) 2054 break; 2055 if (ic->ic_state == IEEE80211_S_RUN) { 2056 if (ic->ic_flags & IEEE80211_F_PMGTON) 2057 error = wpi_set_pslevel(sc, 0, 3, 0); 2058 else /* back to CAM */ 2059 error = wpi_set_pslevel(sc, 0, 0, 0); 2060 } else { 2061 /* Defer until transition to IEEE80211_S_RUN. */ 2062 error = 0; 2063 } 2064 break; 2065 2066 default: 2067 error = ieee80211_ioctl(ifp, cmd, data); 2068 } 2069 2070 if (error == ENETRESET) { 2071 error = 0; 2072 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2073 (IFF_UP | IFF_RUNNING)) { 2074 wpi_stop(ifp, 0); 2075 error = wpi_init(ifp); 2076 } 2077 } 2078 2079 splx(s); 2080 return error; 2081 } 2082 2083 /* 2084 * Send a command to the firmware. 2085 */ 2086 int 2087 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2088 { 2089 struct wpi_tx_ring *ring = &sc->txq[4]; 2090 struct wpi_tx_desc *desc; 2091 struct wpi_tx_data *data; 2092 struct wpi_tx_cmd *cmd; 2093 struct mbuf *m; 2094 bus_addr_t paddr; 2095 int totlen, error; 2096 2097 desc = &ring->desc[ring->cur]; 2098 data = &ring->data[ring->cur]; 2099 totlen = 4 + size; 2100 2101 if (size > sizeof cmd->data) { 2102 /* Command is too large to fit in a descriptor. */ 2103 if (totlen > MCLBYTES) 2104 return EINVAL; 2105 MGETHDR(m, M_DONTWAIT, MT_DATA); 2106 if (m == NULL) 2107 return ENOMEM; 2108 if (totlen > MHLEN) { 2109 MCLGET(m, M_DONTWAIT); 2110 if (!(m->m_flags & M_EXT)) { 2111 m_freem(m); 2112 return ENOMEM; 2113 } 2114 } 2115 cmd = mtod(m, struct wpi_tx_cmd *); 2116 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2117 NULL, BUS_DMA_NOWAIT); 2118 if (error != 0) { 2119 m_freem(m); 2120 return error; 2121 } 2122 data->m = m; 2123 paddr = data->map->dm_segs[0].ds_addr; 2124 } else { 2125 cmd = &ring->cmd[ring->cur]; 2126 paddr = data->cmd_paddr; 2127 } 2128 2129 cmd->code = code; 2130 cmd->flags = 0; 2131 cmd->qid = ring->qid; 2132 cmd->idx = ring->cur; 2133 memcpy(cmd->data, buf, size); 2134 2135 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2136 desc->segs[0].addr = htole32(paddr); 2137 desc->segs[0].len = htole32(totlen); 2138 2139 if (size > sizeof cmd->data) { 2140 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2141 BUS_DMASYNC_PREWRITE); 2142 } else { 2143 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2144 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2145 BUS_DMASYNC_PREWRITE); 2146 } 2147 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2148 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2149 BUS_DMASYNC_PREWRITE); 2150 2151 /* Kick command ring. */ 2152 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2153 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2154 2155 return async ? 0 : tsleep(cmd, PCATCH, "wpicmd", hz); 2156 } 2157 2158 /* 2159 * Configure HW multi-rate retries. 2160 */ 2161 int 2162 wpi_mrr_setup(struct wpi_softc *sc) 2163 { 2164 struct ieee80211com *ic = &sc->sc_ic; 2165 struct wpi_mrr_setup mrr; 2166 int i, error; 2167 2168 /* CCK rates (not used with 802.11a). */ 2169 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2170 mrr.rates[i].flags = 0; 2171 mrr.rates[i].plcp = wpi_rates[i].plcp; 2172 /* Fallback to the immediate lower CCK rate (if any.) */ 2173 mrr.rates[i].next = 2174 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2175 /* Try one time at this rate before falling back to "next". */ 2176 mrr.rates[i].ntries = 1; 2177 } 2178 /* OFDM rates (not used with 802.11b). */ 2179 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2180 mrr.rates[i].flags = 0; 2181 mrr.rates[i].plcp = wpi_rates[i].plcp; 2182 /* Fallback to the immediate lower rate (if any.) */ 2183 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2184 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2185 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2186 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2187 i - 1; 2188 /* Try one time at this rate before falling back to "next". */ 2189 mrr.rates[i].ntries = 1; 2190 } 2191 /* Setup MRR for control frames. */ 2192 mrr.which = htole32(WPI_MRR_CTL); 2193 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2194 if (error != 0) { 2195 printf("%s: could not setup MRR for control frames\n", 2196 sc->sc_dev.dv_xname); 2197 return error; 2198 } 2199 /* Setup MRR for data frames. */ 2200 mrr.which = htole32(WPI_MRR_DATA); 2201 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2202 if (error != 0) { 2203 printf("%s: could not setup MRR for data frames\n", 2204 sc->sc_dev.dv_xname); 2205 return error; 2206 } 2207 return 0; 2208 } 2209 2210 void 2211 wpi_updateedca(struct ieee80211com *ic) 2212 { 2213 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2214 struct wpi_softc *sc = ic->ic_softc; 2215 struct wpi_edca_params cmd; 2216 int aci; 2217 2218 memset(&cmd, 0, sizeof cmd); 2219 cmd.flags = htole32(WPI_EDCA_UPDATE); 2220 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2221 const struct ieee80211_edca_ac_params *ac = 2222 &ic->ic_edca_ac[aci]; 2223 cmd.ac[aci].aifsn = ac->ac_aifsn; 2224 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2225 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2226 cmd.ac[aci].txoplimit = 2227 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2228 } 2229 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2230 #undef WPI_EXP2 2231 } 2232 2233 void 2234 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2235 { 2236 struct wpi_cmd_led led; 2237 2238 led.which = which; 2239 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2240 led.off = off; 2241 led.on = on; 2242 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2243 } 2244 2245 int 2246 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2247 { 2248 struct wpi_cmd_timing cmd; 2249 uint64_t val, mod; 2250 2251 memset(&cmd, 0, sizeof cmd); 2252 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2253 cmd.bintval = htole16(ni->ni_intval); 2254 cmd.lintval = htole16(10); 2255 2256 /* Compute remaining time until next beacon. */ 2257 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2258 mod = letoh64(cmd.tstamp) % val; 2259 cmd.binitval = htole32((uint32_t)(val - mod)); 2260 2261 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2262 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2263 2264 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2265 } 2266 2267 /* 2268 * This function is called periodically (every minute) to adjust TX power 2269 * based on temperature variation. 2270 */ 2271 void 2272 wpi_power_calibration(struct wpi_softc *sc, int temp) 2273 { 2274 /* Sanity-check temperature. */ 2275 if (temp < -260 || temp > 25) { 2276 /* This can't be correct, ignore. */ 2277 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2278 return; 2279 } 2280 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2281 /* Adjust TX power if need be (delta > 6). */ 2282 if (abs(temp - sc->temp) > 6) { 2283 /* Record temperature of last calibration. */ 2284 sc->temp = temp; 2285 (void)wpi_set_txpower(sc, 1); 2286 } 2287 } 2288 2289 /* 2290 * Set TX power for current channel (each rate has its own power settings). 2291 */ 2292 int 2293 wpi_set_txpower(struct wpi_softc *sc, int async) 2294 { 2295 struct ieee80211com *ic = &sc->sc_ic; 2296 struct ieee80211_channel *ch; 2297 struct wpi_power_group *group; 2298 struct wpi_cmd_txpower cmd; 2299 u_int chan; 2300 int idx, i; 2301 2302 /* Retrieve current channel from last RXON. */ 2303 chan = sc->rxon.chan; 2304 DPRINTF(("setting TX power for channel %d\n", chan)); 2305 ch = &ic->ic_channels[chan]; 2306 2307 /* Find the TX power group to which this channel belongs. */ 2308 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2309 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2310 if (chan <= group->chan) 2311 break; 2312 } else 2313 group = &sc->groups[0]; 2314 2315 memset(&cmd, 0, sizeof cmd); 2316 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2317 cmd.chan = htole16(chan); 2318 2319 /* Set TX power for all OFDM and CCK rates. */ 2320 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2321 /* Retrieve TX power for this channel/rate. */ 2322 idx = wpi_get_power_index(sc, group, ch, i); 2323 2324 cmd.rates[i].plcp = wpi_rates[i].plcp; 2325 2326 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2327 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2328 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2329 } else { 2330 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2331 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2332 } 2333 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2334 wpi_rates[i].rate, idx)); 2335 } 2336 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2337 } 2338 2339 /* 2340 * Determine TX power index for a given channel/rate combination. 2341 * This takes into account the regulatory information from EEPROM and the 2342 * current temperature. 2343 */ 2344 int 2345 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2346 struct ieee80211_channel *c, int ridx) 2347 { 2348 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2349 #define fdivround(a, b, n) \ 2350 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2351 2352 /* Linear interpolation. */ 2353 #define interpolate(x, x1, y1, x2, y2, n) \ 2354 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2355 2356 struct ieee80211com *ic = &sc->sc_ic; 2357 struct wpi_power_sample *sample; 2358 int pwr, idx; 2359 u_int chan; 2360 2361 /* Get channel number. */ 2362 chan = ieee80211_chan2ieee(ic, c); 2363 2364 /* Default TX power is group's maximum TX power minus 3dB. */ 2365 pwr = group->maxpwr / 2; 2366 2367 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2368 switch (ridx) { 2369 case WPI_RIDX_OFDM36: 2370 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2371 break; 2372 case WPI_RIDX_OFDM48: 2373 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2374 break; 2375 case WPI_RIDX_OFDM54: 2376 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2377 break; 2378 } 2379 2380 /* Never exceed the channel's maximum allowed TX power. */ 2381 pwr = MIN(pwr, sc->maxpwr[chan]); 2382 2383 /* Retrieve TX power index into gain tables from samples. */ 2384 for (sample = group->samples; sample < &group->samples[3]; sample++) 2385 if (pwr > sample[1].power) 2386 break; 2387 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2388 idx = interpolate(pwr, sample[0].power, sample[0].index, 2389 sample[1].power, sample[1].index, 19); 2390 2391 /*- 2392 * Adjust power index based on current temperature: 2393 * - if cooler than factory-calibrated: decrease output power 2394 * - if warmer than factory-calibrated: increase output power 2395 */ 2396 idx -= (sc->temp - group->temp) * 11 / 100; 2397 2398 /* Decrease TX power for CCK rates (-5dB). */ 2399 if (ridx >= WPI_RIDX_CCK1) 2400 idx += 10; 2401 2402 /* Make sure idx stays in a valid range. */ 2403 if (idx < 0) 2404 idx = 0; 2405 else if (idx > WPI_MAX_PWR_INDEX) 2406 idx = WPI_MAX_PWR_INDEX; 2407 return idx; 2408 2409 #undef interpolate 2410 #undef fdivround 2411 } 2412 2413 /* 2414 * Set STA mode power saving level (between 0 and 5). 2415 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2416 */ 2417 int 2418 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2419 { 2420 struct wpi_pmgt_cmd cmd; 2421 const struct wpi_pmgt *pmgt; 2422 uint32_t max, skip_dtim; 2423 pcireg_t reg; 2424 int i; 2425 2426 /* Select which PS parameters to use. */ 2427 if (dtim <= 10) 2428 pmgt = &wpi_pmgt[0][level]; 2429 else 2430 pmgt = &wpi_pmgt[1][level]; 2431 2432 memset(&cmd, 0, sizeof cmd); 2433 if (level != 0) /* not CAM */ 2434 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2435 /* Retrieve PCIe Active State Power Management (ASPM). */ 2436 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2437 sc->sc_cap_off + PCI_PCIE_LCSR); 2438 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2439 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2440 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2441 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2442 2443 if (dtim == 0) { 2444 dtim = 1; 2445 skip_dtim = 0; 2446 } else 2447 skip_dtim = pmgt->skip_dtim; 2448 if (skip_dtim != 0) { 2449 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2450 max = pmgt->intval[4]; 2451 if (max == (uint32_t)-1) 2452 max = dtim * (skip_dtim + 1); 2453 else if (max > dtim) 2454 max = (max / dtim) * dtim; 2455 } else 2456 max = dtim; 2457 for (i = 0; i < 5; i++) 2458 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2459 2460 DPRINTF(("setting power saving level to %d\n", level)); 2461 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2462 } 2463 2464 int 2465 wpi_config(struct wpi_softc *sc) 2466 { 2467 struct ieee80211com *ic = &sc->sc_ic; 2468 struct ifnet *ifp = &ic->ic_if; 2469 struct wpi_bluetooth bluetooth; 2470 struct wpi_node_info node; 2471 int error; 2472 2473 /* Set power saving level to CAM during initialization. */ 2474 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2475 printf("%s: could not set power saving level\n", 2476 sc->sc_dev.dv_xname); 2477 return error; 2478 } 2479 2480 /* Configure bluetooth coexistence. */ 2481 memset(&bluetooth, 0, sizeof bluetooth); 2482 bluetooth.flags = 3; 2483 bluetooth.lead = 0xaa; 2484 bluetooth.kill = 1; 2485 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2486 if (error != 0) { 2487 printf("%s: could not configure bluetooth coexistence\n", 2488 sc->sc_dev.dv_xname); 2489 return error; 2490 } 2491 2492 /* Configure adapter. */ 2493 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2494 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2495 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2496 /* Set default channel. */ 2497 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2498 sc->rxon.flags = htole32(WPI_RXON_TSF); 2499 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2500 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2501 switch (ic->ic_opmode) { 2502 case IEEE80211_M_STA: 2503 sc->rxon.mode = WPI_MODE_STA; 2504 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2505 break; 2506 case IEEE80211_M_MONITOR: 2507 sc->rxon.mode = WPI_MODE_MONITOR; 2508 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2509 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2510 break; 2511 default: 2512 /* Should not get there. */ 2513 break; 2514 } 2515 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2516 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2517 DPRINTF(("setting configuration\n")); 2518 error = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->rxon, 2519 sizeof (struct wpi_rxon), 0); 2520 if (error != 0) { 2521 printf("%s: configure command failed\n", sc->sc_dev.dv_xname); 2522 return error; 2523 } 2524 2525 /* Configuration has changed, set TX power accordingly. */ 2526 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2527 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2528 return error; 2529 } 2530 2531 /* Add broadcast node. */ 2532 memset(&node, 0, sizeof node); 2533 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2534 node.id = WPI_ID_BROADCAST; 2535 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2536 node.action = htole32(WPI_ACTION_SET_RATE); 2537 node.antenna = WPI_ANTENNA_BOTH; 2538 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2539 if (error != 0) { 2540 printf("%s: could not add broadcast node\n", 2541 sc->sc_dev.dv_xname); 2542 return error; 2543 } 2544 2545 if ((error = wpi_mrr_setup(sc)) != 0) { 2546 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2547 return error; 2548 } 2549 return 0; 2550 } 2551 2552 int 2553 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2554 { 2555 struct ieee80211com *ic = &sc->sc_ic; 2556 struct wpi_scan_hdr *hdr; 2557 struct wpi_cmd_data *tx; 2558 struct wpi_scan_essid *essid; 2559 struct wpi_scan_chan *chan; 2560 struct ieee80211_frame *wh; 2561 struct ieee80211_rateset *rs; 2562 struct ieee80211_channel *c; 2563 uint8_t *buf, *frm; 2564 int buflen, error; 2565 2566 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2567 if (buf == NULL) { 2568 printf("%s: could not allocate buffer for scan command\n", 2569 sc->sc_dev.dv_xname); 2570 return ENOMEM; 2571 } 2572 hdr = (struct wpi_scan_hdr *)buf; 2573 /* 2574 * Move to the next channel if no frames are received within 10ms 2575 * after sending the probe request. 2576 */ 2577 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2578 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2579 2580 tx = (struct wpi_cmd_data *)(hdr + 1); 2581 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2582 tx->id = WPI_ID_BROADCAST; 2583 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2584 2585 if (flags & IEEE80211_CHAN_5GHZ) { 2586 hdr->crc_threshold = htole16(1); 2587 /* Send probe requests at 6Mbps. */ 2588 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2589 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2590 } else { 2591 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2592 /* Send probe requests at 1Mbps. */ 2593 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2594 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2595 } 2596 2597 essid = (struct wpi_scan_essid *)(tx + 1); 2598 if (ic->ic_des_esslen != 0) { 2599 essid[0].id = IEEE80211_ELEMID_SSID; 2600 essid[0].len = ic->ic_des_esslen; 2601 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2602 } 2603 /* 2604 * Build a probe request frame. Most of the following code is a 2605 * copy & paste of what is done in net80211. 2606 */ 2607 wh = (struct ieee80211_frame *)(essid + 4); 2608 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2609 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2610 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2611 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2612 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2613 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2614 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2615 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2616 2617 frm = (uint8_t *)(wh + 1); 2618 frm = ieee80211_add_ssid(frm, NULL, 0); 2619 frm = ieee80211_add_rates(frm, rs); 2620 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2621 frm = ieee80211_add_xrates(frm, rs); 2622 2623 /* Set length of probe request. */ 2624 tx->len = htole16(frm - (uint8_t *)wh); 2625 2626 chan = (struct wpi_scan_chan *)frm; 2627 for (c = &ic->ic_channels[1]; 2628 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2629 if ((c->ic_flags & flags) != flags) 2630 continue; 2631 2632 chan->chan = ieee80211_chan2ieee(ic, c); 2633 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2634 chan->flags = 0; 2635 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2636 chan->flags |= WPI_CHAN_ACTIVE; 2637 if (ic->ic_des_esslen != 0) 2638 chan->flags |= WPI_CHAN_NPBREQS(1); 2639 chan->dsp_gain = 0x6e; 2640 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2641 chan->rf_gain = 0x3b; 2642 chan->active = htole16(24); 2643 chan->passive = htole16(110); 2644 } else { 2645 chan->rf_gain = 0x28; 2646 chan->active = htole16(36); 2647 chan->passive = htole16(120); 2648 } 2649 hdr->nchan++; 2650 chan++; 2651 } 2652 2653 buflen = (uint8_t *)chan - buf; 2654 hdr->len = htole16(buflen); 2655 2656 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2657 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2658 free(buf, M_DEVBUF); 2659 return error; 2660 } 2661 2662 int 2663 wpi_auth(struct wpi_softc *sc) 2664 { 2665 struct ieee80211com *ic = &sc->sc_ic; 2666 struct ieee80211_node *ni = ic->ic_bss; 2667 struct wpi_node_info node; 2668 int error; 2669 2670 /* Update adapter's configuration. */ 2671 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2672 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2673 sc->rxon.flags = htole32(WPI_RXON_TSF); 2674 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2675 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2676 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2677 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2678 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2679 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2680 switch (ic->ic_curmode) { 2681 case IEEE80211_MODE_11A: 2682 sc->rxon.cck_mask = 0; 2683 sc->rxon.ofdm_mask = 0x15; 2684 break; 2685 case IEEE80211_MODE_11B: 2686 sc->rxon.cck_mask = 0x03; 2687 sc->rxon.ofdm_mask = 0; 2688 break; 2689 default: /* Assume 802.11b/g. */ 2690 sc->rxon.cck_mask = 0x0f; 2691 sc->rxon.ofdm_mask = 0x15; 2692 } 2693 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2694 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2695 error = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->rxon, 2696 sizeof (struct wpi_rxon), 1); 2697 if (error != 0) { 2698 printf("%s: could not configure\n", sc->sc_dev.dv_xname); 2699 return error; 2700 } 2701 2702 /* Configuration has changed, set TX power accordingly. */ 2703 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2704 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2705 return error; 2706 } 2707 /* 2708 * Reconfiguring RXON clears the firmware's nodes table so we must 2709 * add the broadcast node again. 2710 */ 2711 memset(&node, 0, sizeof node); 2712 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2713 node.id = WPI_ID_BROADCAST; 2714 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2715 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2716 node.action = htole32(WPI_ACTION_SET_RATE); 2717 node.antenna = WPI_ANTENNA_BOTH; 2718 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2719 if (error != 0) { 2720 printf("%s: could not add broadcast node\n", 2721 sc->sc_dev.dv_xname); 2722 return error; 2723 } 2724 return 0; 2725 } 2726 2727 int 2728 wpi_run(struct wpi_softc *sc) 2729 { 2730 struct ieee80211com *ic = &sc->sc_ic; 2731 struct ieee80211_node *ni = ic->ic_bss; 2732 struct wpi_node_info node; 2733 int error; 2734 2735 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2736 /* Link LED blinks while monitoring. */ 2737 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2738 return 0; 2739 } 2740 if ((error = wpi_set_timing(sc, ni)) != 0) { 2741 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2742 return error; 2743 } 2744 2745 /* Update adapter's configuration. */ 2746 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2747 /* Short preamble and slot time are negotiated when associating. */ 2748 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2749 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2750 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2751 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2752 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2753 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2754 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2755 error = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->rxon, 2756 sizeof (struct wpi_rxon), 1); 2757 if (error != 0) { 2758 printf("%s: could not update configuration\n", 2759 sc->sc_dev.dv_xname); 2760 return error; 2761 } 2762 2763 /* Configuration has changed, set TX power accordingly. */ 2764 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2765 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2766 return error; 2767 } 2768 2769 /* Fake a join to init the TX rate. */ 2770 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2771 wpi_newassoc(ic, ni, 1); 2772 2773 /* Add BSS node. */ 2774 memset(&node, 0, sizeof node); 2775 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2776 node.id = WPI_ID_BSS; 2777 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2778 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2779 node.action = htole32(WPI_ACTION_SET_RATE); 2780 node.antenna = WPI_ANTENNA_BOTH; 2781 DPRINTF(("adding BSS node\n")); 2782 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2783 if (error != 0) { 2784 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2785 return error; 2786 } 2787 2788 /* Start periodic calibration timer. */ 2789 sc->calib_cnt = 0; 2790 timeout_add(&sc->calib_to, hz / 2); 2791 2792 /* Link LED always on while associated. */ 2793 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2794 2795 /* Enable power-saving mode if requested by user. */ 2796 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2797 (void)wpi_set_pslevel(sc, 0, 3, 1); 2798 2799 return 0; 2800 } 2801 2802 /* 2803 * We support CCMP hardware encryption/decryption of unicast frames only. 2804 * HW support for TKIP really sucks. We should let TKIP die anyway. 2805 */ 2806 int 2807 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2808 struct ieee80211_key *k) 2809 { 2810 struct wpi_softc *sc = ic->ic_softc; 2811 struct wpi_node *wn = (void *)ni; 2812 struct wpi_node_info node; 2813 uint16_t kflags; 2814 2815 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2816 k->k_cipher != IEEE80211_CIPHER_CCMP) 2817 return ieee80211_set_key(ic, ni, k); 2818 2819 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2820 memset(&node, 0, sizeof node); 2821 node.id = wn->id; 2822 node.control = WPI_NODE_UPDATE; 2823 node.flags = WPI_FLAG_SET_KEY; 2824 node.kflags = htole16(kflags); 2825 memcpy(node.key, k->k_key, k->k_len); 2826 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2827 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2828 } 2829 2830 void 2831 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2832 struct ieee80211_key *k) 2833 { 2834 struct wpi_softc *sc = ic->ic_softc; 2835 struct wpi_node *wn = (void *)ni; 2836 struct wpi_node_info node; 2837 2838 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2839 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2840 /* See comment about other ciphers above. */ 2841 ieee80211_delete_key(ic, ni, k); 2842 return; 2843 } 2844 if (ic->ic_state != IEEE80211_S_RUN) 2845 return; /* Nothing to do. */ 2846 memset(&node, 0, sizeof node); 2847 node.id = wn->id; 2848 node.control = WPI_NODE_UPDATE; 2849 node.flags = WPI_FLAG_SET_KEY; 2850 node.kflags = 0; 2851 DPRINTF(("delete keys for node %d\n", node.id)); 2852 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2853 } 2854 2855 int 2856 wpi_post_alive(struct wpi_softc *sc) 2857 { 2858 int ntries, error; 2859 2860 /* Check (again) that the radio is not disabled. */ 2861 if ((error = wpi_nic_lock(sc)) != 0) 2862 return error; 2863 /* NB: Runtime firmware must be up and running. */ 2864 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2865 printf("%s: radio is disabled by hardware switch\n", 2866 sc->sc_dev.dv_xname); 2867 wpi_nic_unlock(sc); 2868 return EPERM; /* :-) */ 2869 } 2870 wpi_nic_unlock(sc); 2871 2872 /* Wait for thermal sensor to calibrate. */ 2873 for (ntries = 0; ntries < 1000; ntries++) { 2874 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2875 break; 2876 DELAY(10); 2877 } 2878 if (ntries == 1000) { 2879 printf("%s: timeout waiting for thermal sensor calibration\n", 2880 sc->sc_dev.dv_xname); 2881 return ETIMEDOUT; 2882 } 2883 DPRINTF(("temperature %d\n", sc->temp)); 2884 sc->sensor.value = sc->temp + 260; 2885 sc->sensor.flags &= ~SENSOR_FINVALID; 2886 return 0; 2887 } 2888 2889 /* 2890 * The firmware boot code is small and is intended to be copied directly into 2891 * the NIC internal memory (no DMA transfer.) 2892 */ 2893 int 2894 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2895 { 2896 int error, ntries; 2897 2898 size /= sizeof (uint32_t); 2899 2900 if ((error = wpi_nic_lock(sc)) != 0) 2901 return error; 2902 2903 /* Copy microcode image into NIC memory. */ 2904 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2905 (const uint32_t *)ucode, size); 2906 2907 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2908 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2909 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2910 2911 /* Start boot load now. */ 2912 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2913 2914 /* Wait for transfer to complete. */ 2915 for (ntries = 0; ntries < 1000; ntries++) { 2916 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2917 WPI_BSM_WR_CTRL_START)) 2918 break; 2919 DELAY(10); 2920 } 2921 if (ntries == 1000) { 2922 printf("%s: could not load boot firmware\n", 2923 sc->sc_dev.dv_xname); 2924 wpi_nic_unlock(sc); 2925 return ETIMEDOUT; 2926 } 2927 2928 /* Enable boot after power up. */ 2929 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2930 2931 wpi_nic_unlock(sc); 2932 return 0; 2933 } 2934 2935 int 2936 wpi_load_firmware(struct wpi_softc *sc) 2937 { 2938 struct wpi_fw_info *fw = &sc->fw; 2939 struct wpi_dma_info *dma = &sc->fw_dma; 2940 int error; 2941 2942 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2943 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2944 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2945 BUS_DMASYNC_PREWRITE); 2946 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2947 fw->init.text, fw->init.textsz); 2948 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2949 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2950 2951 /* Tell adapter where to find initialization sections. */ 2952 if ((error = wpi_nic_lock(sc)) != 0) 2953 return error; 2954 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2955 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2956 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2957 dma->paddr + WPI_FW_DATA_MAXSZ); 2958 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2959 wpi_nic_unlock(sc); 2960 2961 /* Load firmware boot code. */ 2962 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2963 if (error != 0) { 2964 printf("%s: could not load boot firmware\n", 2965 sc->sc_dev.dv_xname); 2966 return error; 2967 } 2968 /* Now press "execute". */ 2969 WPI_WRITE(sc, WPI_RESET, 0); 2970 2971 /* Wait at most one second for first alive notification. */ 2972 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 2973 printf("%s: timeout waiting for adapter to initialize\n", 2974 sc->sc_dev.dv_xname); 2975 return error; 2976 } 2977 2978 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2979 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2980 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2981 BUS_DMASYNC_PREWRITE); 2982 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2983 fw->main.text, fw->main.textsz); 2984 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2985 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2986 2987 /* Tell adapter where to find runtime sections. */ 2988 if ((error = wpi_nic_lock(sc)) != 0) 2989 return error; 2990 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2991 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2992 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2993 dma->paddr + WPI_FW_DATA_MAXSZ); 2994 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2995 WPI_FW_UPDATED | fw->main.textsz); 2996 wpi_nic_unlock(sc); 2997 2998 return 0; 2999 } 3000 3001 int 3002 wpi_read_firmware(struct wpi_softc *sc) 3003 { 3004 struct wpi_fw_info *fw = &sc->fw; 3005 const struct wpi_firmware_hdr *hdr; 3006 size_t size; 3007 int error; 3008 3009 /* Read firmware image from filesystem. */ 3010 if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { 3011 printf("%s: error, %d, could not read firmware %s\n", 3012 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 3013 return error; 3014 } 3015 if (size < sizeof (*hdr)) { 3016 printf("%s: truncated firmware header: %d bytes\n", 3017 sc->sc_dev.dv_xname, size); 3018 free(fw->data, M_DEVBUF); 3019 return EINVAL; 3020 } 3021 /* Extract firmware header information. */ 3022 hdr = (struct wpi_firmware_hdr *)fw->data; 3023 fw->main.textsz = letoh32(hdr->main_textsz); 3024 fw->main.datasz = letoh32(hdr->main_datasz); 3025 fw->init.textsz = letoh32(hdr->init_textsz); 3026 fw->init.datasz = letoh32(hdr->init_datasz); 3027 fw->boot.textsz = letoh32(hdr->boot_textsz); 3028 fw->boot.datasz = 0; 3029 3030 /* Sanity-check firmware header. */ 3031 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 3032 fw->main.datasz > WPI_FW_DATA_MAXSZ || 3033 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 3034 fw->init.datasz > WPI_FW_DATA_MAXSZ || 3035 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 3036 (fw->boot.textsz & 3) != 0) { 3037 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 3038 free(fw->data, M_DEVBUF); 3039 return EINVAL; 3040 } 3041 3042 /* Check that all firmware sections fit. */ 3043 if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 3044 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 3045 printf("%s: firmware file too short: %d bytes\n", 3046 sc->sc_dev.dv_xname, size); 3047 free(fw->data, M_DEVBUF); 3048 return EINVAL; 3049 } 3050 3051 /* Get pointers to firmware sections. */ 3052 fw->main.text = (const uint8_t *)(hdr + 1); 3053 fw->main.data = fw->main.text + fw->main.textsz; 3054 fw->init.text = fw->main.data + fw->main.datasz; 3055 fw->init.data = fw->init.text + fw->init.textsz; 3056 fw->boot.text = fw->init.data + fw->init.datasz; 3057 3058 return 0; 3059 } 3060 3061 int 3062 wpi_clock_wait(struct wpi_softc *sc) 3063 { 3064 int ntries; 3065 3066 /* Set "initialization complete" bit. */ 3067 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 3068 3069 /* Wait for clock stabilization. */ 3070 for (ntries = 0; ntries < 25000; ntries++) { 3071 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3072 return 0; 3073 DELAY(100); 3074 } 3075 printf("%s: timeout waiting for clock stabilization\n", 3076 sc->sc_dev.dv_xname); 3077 return ETIMEDOUT; 3078 } 3079 3080 int 3081 wpi_apm_init(struct wpi_softc *sc) 3082 { 3083 int error; 3084 3085 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3086 /* Disable L0s. */ 3087 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3088 3089 if ((error = wpi_clock_wait(sc)) != 0) 3090 return error; 3091 3092 if ((error = wpi_nic_lock(sc)) != 0) 3093 return error; 3094 /* Enable DMA. */ 3095 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3096 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3097 DELAY(20); 3098 /* Disable L1. */ 3099 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3100 wpi_nic_unlock(sc); 3101 3102 return 0; 3103 } 3104 3105 void 3106 wpi_apm_stop_master(struct wpi_softc *sc) 3107 { 3108 int ntries; 3109 3110 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3111 3112 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3113 WPI_GP_CNTRL_MAC_PS) 3114 return; /* Already asleep. */ 3115 3116 for (ntries = 0; ntries < 100; ntries++) { 3117 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3118 return; 3119 DELAY(10); 3120 } 3121 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3122 } 3123 3124 void 3125 wpi_apm_stop(struct wpi_softc *sc) 3126 { 3127 wpi_apm_stop_master(sc); 3128 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3129 } 3130 3131 void 3132 wpi_nic_config(struct wpi_softc *sc) 3133 { 3134 pcireg_t reg; 3135 uint8_t rev; 3136 3137 /* Voodoo from the reference driver. */ 3138 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3139 rev = PCI_REVISION(reg); 3140 if ((rev & 0xc0) == 0x40) 3141 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3142 else if (!(rev & 0x80)) 3143 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3144 3145 if (sc->cap == 0x80) 3146 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3147 3148 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3149 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3150 else 3151 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3152 3153 if (sc->type > 1) 3154 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3155 } 3156 3157 int 3158 wpi_hw_init(struct wpi_softc *sc) 3159 { 3160 int qid, ntries, error; 3161 3162 /* Clear pending interrupts. */ 3163 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3164 3165 if ((error = wpi_apm_init(sc)) != 0) { 3166 printf("%s: could not power ON adapter\n", 3167 sc->sc_dev.dv_xname); 3168 return error; 3169 } 3170 3171 /* Select VMAIN power source. */ 3172 if ((error = wpi_nic_lock(sc)) != 0) 3173 return error; 3174 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3175 wpi_nic_unlock(sc); 3176 /* Spin until VMAIN gets selected. */ 3177 for (ntries = 0; ntries < 5000; ntries++) { 3178 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3179 break; 3180 DELAY(10); 3181 } 3182 if (ntries == 5000) { 3183 printf("%s: timeout selecting power source\n", 3184 sc->sc_dev.dv_xname); 3185 return ETIMEDOUT; 3186 } 3187 3188 /* Perform adapter initialization. */ 3189 (void)wpi_nic_config(sc); 3190 3191 /* Initialize RX ring. */ 3192 if ((error = wpi_nic_lock(sc)) != 0) 3193 return error; 3194 /* Set physical address of RX ring. */ 3195 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3196 /* Set physical address of RX read pointer. */ 3197 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3198 offsetof(struct wpi_shared, next)); 3199 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3200 /* Enable RX. */ 3201 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3202 WPI_FH_RX_CONFIG_DMA_ENA | 3203 WPI_FH_RX_CONFIG_RDRBD_ENA | 3204 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3205 WPI_FH_RX_CONFIG_MAXFRAG | 3206 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3207 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3208 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3209 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3210 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3211 wpi_nic_unlock(sc); 3212 3213 /* Initialize TX rings. */ 3214 if ((error = wpi_nic_lock(sc)) != 0) 3215 return error; 3216 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3217 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3218 /* Enable all 6 TX rings. */ 3219 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3220 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3221 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3222 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3223 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3224 /* Set physical address of TX rings. */ 3225 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3226 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3227 3228 for (qid = 0; qid < 6; qid++) { 3229 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(qid), 0); 3230 WPI_WRITE(sc, WPI_FH_CBBC_BASE(qid), 0); 3231 /* Enable TX for this ring. */ 3232 WPI_WRITE(sc, WPI_FH_TX_CONFIG(qid), 0x80200008); 3233 } 3234 wpi_nic_unlock(sc); 3235 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3236 3237 /* Clear "radio off" and "commands blocked" bits. */ 3238 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3239 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3240 3241 /* Clear pending interrupts. */ 3242 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3243 /* Enable interrupts. */ 3244 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3245 3246 /* _Really_ make sure "radio off" bit is cleared! */ 3247 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3248 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3249 3250 if ((error = wpi_load_firmware(sc)) != 0) { 3251 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3252 return error; 3253 } 3254 /* Wait at most one second for firmware alive notification. */ 3255 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 3256 printf("%s: timeout waiting for adapter to initialize\n", 3257 sc->sc_dev.dv_xname); 3258 return error; 3259 } 3260 /* Do post-firmware initialization. */ 3261 return wpi_post_alive(sc); 3262 } 3263 3264 void 3265 wpi_hw_stop(struct wpi_softc *sc) 3266 { 3267 int qid; 3268 3269 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3270 3271 /* Disable interrupts. */ 3272 WPI_WRITE(sc, WPI_MASK, 0); 3273 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3274 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3275 3276 /* Make sure we no longer hold the NIC lock. */ 3277 wpi_nic_unlock(sc); 3278 3279 /* Stop TX scheduler. */ 3280 if (wpi_nic_lock(sc) == 0) { 3281 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3282 wpi_nic_unlock(sc); 3283 } 3284 3285 /* Stop all TX rings. */ 3286 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3287 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3288 3289 /* Stop RX ring. */ 3290 wpi_reset_rx_ring(sc, &sc->rxq); 3291 3292 if (wpi_nic_lock(sc) == 0) { 3293 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3294 wpi_nic_unlock(sc); 3295 } 3296 DELAY(5); 3297 /* Power OFF adapter. */ 3298 wpi_apm_stop(sc); 3299 } 3300 3301 int 3302 wpi_init(struct ifnet *ifp) 3303 { 3304 struct wpi_softc *sc = ifp->if_softc; 3305 struct ieee80211com *ic = &sc->sc_ic; 3306 int error; 3307 3308 #ifdef notyet 3309 /* Check that the radio is not disabled by hardware switch. */ 3310 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3311 printf("%s: radio is disabled by hardware switch\n", 3312 sc->sc_dev.dv_xname); 3313 error = EPERM; /* :-) */ 3314 goto fail; 3315 } 3316 #endif 3317 /* Read firmware images from the filesystem. */ 3318 if ((error = wpi_read_firmware(sc)) != 0) { 3319 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3320 goto fail; 3321 } 3322 3323 /* Initialize hardware and upload firmware. */ 3324 error = wpi_hw_init(sc); 3325 free(sc->fw.data, M_DEVBUF); 3326 if (error != 0) { 3327 printf("%s: could not initialize hardware\n", 3328 sc->sc_dev.dv_xname); 3329 goto fail; 3330 } 3331 3332 /* Configure adapter now that it is ready. */ 3333 if ((error = wpi_config(sc)) != 0) { 3334 printf("%s: could not configure device\n", 3335 sc->sc_dev.dv_xname); 3336 goto fail; 3337 } 3338 3339 ifp->if_flags &= ~IFF_OACTIVE; 3340 ifp->if_flags |= IFF_RUNNING; 3341 3342 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3343 ieee80211_begin_scan(ifp); 3344 else 3345 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3346 3347 return 0; 3348 3349 fail: wpi_stop(ifp, 1); 3350 return error; 3351 } 3352 3353 void 3354 wpi_stop(struct ifnet *ifp, int disable) 3355 { 3356 struct wpi_softc *sc = ifp->if_softc; 3357 struct ieee80211com *ic = &sc->sc_ic; 3358 3359 ifp->if_timer = sc->sc_tx_timer = 0; 3360 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3361 3362 /* In case we were scanning, release the scan "lock". */ 3363 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 3364 3365 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3366 3367 /* Power OFF hardware. */ 3368 wpi_hw_stop(sc); 3369 3370 /* Temperature sensor is no longer valid. */ 3371 sc->sensor.value = 0; 3372 sc->sensor.flags |= SENSOR_FINVALID; 3373 } 3374