1 /* $OpenBSD: if_wpi.c,v 1.99 2009/11/17 20:35:51 damien Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/sysctl.h> 29 #include <sys/mbuf.h> 30 #include <sys/kernel.h> 31 #include <sys/socket.h> 32 #include <sys/systm.h> 33 #include <sys/malloc.h> 34 #include <sys/conf.h> 35 #include <sys/device.h> 36 37 #include <machine/bus.h> 38 #include <machine/endian.h> 39 #include <machine/intr.h> 40 41 #include <dev/pci/pcireg.h> 42 #include <dev/pci/pcivar.h> 43 #include <dev/pci/pcidevs.h> 44 45 #if NBPFILTER > 0 46 #include <net/bpf.h> 47 #endif 48 #include <net/if.h> 49 #include <net/if_arp.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 #include <net/if_types.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/in_var.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip.h> 59 60 #include <net80211/ieee80211_var.h> 61 #include <net80211/ieee80211_amrr.h> 62 #include <net80211/ieee80211_radiotap.h> 63 64 #include <dev/pci/if_wpireg.h> 65 #include <dev/pci/if_wpivar.h> 66 67 static const struct pci_matchid wpi_devices[] = { 68 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 69 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 70 }; 71 72 int wpi_match(struct device *, void *, void *); 73 void wpi_attach(struct device *, struct device *, void *); 74 #if NBPFILTER > 0 75 void wpi_radiotap_attach(struct wpi_softc *); 76 #endif 77 int wpi_detach(struct device *, int); 78 void wpi_power(int, void *); 79 int wpi_nic_lock(struct wpi_softc *); 80 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 81 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 82 void **, bus_size_t, bus_size_t); 83 void wpi_dma_contig_free(struct wpi_dma_info *); 84 int wpi_alloc_shared(struct wpi_softc *); 85 void wpi_free_shared(struct wpi_softc *); 86 int wpi_alloc_fwmem(struct wpi_softc *); 87 void wpi_free_fwmem(struct wpi_softc *); 88 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 89 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 90 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 91 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 92 int); 93 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 94 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 95 int wpi_read_eeprom(struct wpi_softc *); 96 void wpi_read_eeprom_channels(struct wpi_softc *, int); 97 void wpi_read_eeprom_group(struct wpi_softc *, int); 98 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 99 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 100 int); 101 int wpi_media_change(struct ifnet *); 102 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 103 void wpi_iter_func(void *, struct ieee80211_node *); 104 void wpi_calib_timeout(void *); 105 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 106 struct ieee80211_key *); 107 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 108 struct wpi_rx_data *); 109 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 110 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 111 void wpi_notif_intr(struct wpi_softc *); 112 void wpi_fatal_intr(struct wpi_softc *); 113 int wpi_intr(void *); 114 int wpi_tx(struct wpi_softc *, struct mbuf *, 115 struct ieee80211_node *); 116 void wpi_start(struct ifnet *); 117 void wpi_watchdog(struct ifnet *); 118 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 119 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 120 int wpi_mrr_setup(struct wpi_softc *); 121 void wpi_updateedca(struct ieee80211com *); 122 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 123 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 124 void wpi_power_calibration(struct wpi_softc *); 125 int wpi_set_txpower(struct wpi_softc *, int); 126 int wpi_get_power_index(struct wpi_softc *, 127 struct wpi_power_group *, struct ieee80211_channel *, int); 128 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 129 int wpi_config(struct wpi_softc *); 130 int wpi_scan(struct wpi_softc *, uint16_t); 131 int wpi_auth(struct wpi_softc *); 132 int wpi_run(struct wpi_softc *); 133 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 134 struct ieee80211_key *); 135 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 136 struct ieee80211_key *); 137 int wpi_post_alive(struct wpi_softc *); 138 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 139 int wpi_load_firmware(struct wpi_softc *); 140 int wpi_read_firmware(struct wpi_softc *); 141 int wpi_clock_wait(struct wpi_softc *); 142 int wpi_apm_init(struct wpi_softc *); 143 void wpi_apm_stop_master(struct wpi_softc *); 144 void wpi_apm_stop(struct wpi_softc *); 145 void wpi_nic_config(struct wpi_softc *); 146 int wpi_hw_init(struct wpi_softc *); 147 void wpi_hw_stop(struct wpi_softc *); 148 int wpi_init(struct ifnet *); 149 void wpi_stop(struct ifnet *, int); 150 151 #ifdef WPI_DEBUG 152 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 153 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 154 int wpi_debug = 0; 155 #else 156 #define DPRINTF(x) 157 #define DPRINTFN(n, x) 158 #endif 159 160 struct cfdriver wpi_cd = { 161 NULL, "wpi", DV_IFNET 162 }; 163 164 struct cfattach wpi_ca = { 165 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach 166 }; 167 168 int 169 wpi_match(struct device *parent, void *match, void *aux) 170 { 171 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 172 nitems(wpi_devices)); 173 } 174 175 void 176 wpi_attach(struct device *parent, struct device *self, void *aux) 177 { 178 struct wpi_softc *sc = (struct wpi_softc *)self; 179 struct ieee80211com *ic = &sc->sc_ic; 180 struct ifnet *ifp = &ic->ic_if; 181 struct pci_attach_args *pa = aux; 182 const char *intrstr; 183 pci_intr_handle_t ih; 184 pcireg_t memtype, reg; 185 int i, error; 186 187 sc->sc_pct = pa->pa_pc; 188 sc->sc_pcitag = pa->pa_tag; 189 sc->sc_dmat = pa->pa_dmat; 190 191 /* 192 * Get the offset of the PCI Express Capability Structure in PCI 193 * Configuration Space (the vendor driver hard-codes it as E0h.) 194 */ 195 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 196 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 197 if (error == 0) { 198 printf(": PCIe capability structure not found!\n"); 199 return; 200 } 201 202 /* Clear device-specific "PCI retry timeout" register (41h). */ 203 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 204 reg &= ~0xff00; 205 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 206 207 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 208 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 209 &sc->sc_sh, NULL, &sc->sc_sz, 0); 210 if (error != 0) { 211 printf(": can't map mem space\n"); 212 return; 213 } 214 215 /* Install interrupt handler. */ 216 if (pci_intr_map(pa, &ih) != 0) { 217 printf(": can't map interrupt\n"); 218 return; 219 } 220 intrstr = pci_intr_string(sc->sc_pct, ih); 221 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 222 sc->sc_dev.dv_xname); 223 if (sc->sc_ih == NULL) { 224 printf(": can't establish interrupt"); 225 if (intrstr != NULL) 226 printf(" at %s", intrstr); 227 printf("\n"); 228 return; 229 } 230 printf(": %s", intrstr); 231 232 /* Power ON adapter. */ 233 if ((error = wpi_apm_init(sc)) != 0) { 234 printf(": could not power ON adapter\n"); 235 return; 236 } 237 238 /* Read MAC address, channels, etc from EEPROM. */ 239 if ((error = wpi_read_eeprom(sc)) != 0) { 240 printf(": could not read EEPROM\n"); 241 return; 242 } 243 244 /* Allocate DMA memory for firmware transfers. */ 245 if ((error = wpi_alloc_fwmem(sc)) != 0) { 246 printf(": could not allocate memory for firmware\n"); 247 return; 248 } 249 250 /* Allocate shared area. */ 251 if ((error = wpi_alloc_shared(sc)) != 0) { 252 printf(": could not allocate shared area\n"); 253 goto fail1; 254 } 255 256 /* Allocate TX rings. */ 257 for (i = 0; i < WPI_NTXQUEUES; i++) { 258 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 259 printf(": could not allocate TX ring %d\n", i); 260 goto fail2; 261 } 262 } 263 264 /* Allocate RX ring. */ 265 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 266 printf(": could not allocate Rx ring\n"); 267 goto fail2; 268 } 269 270 /* Power OFF adapter. */ 271 wpi_apm_stop(sc); 272 /* Clear pending interrupts. */ 273 WPI_WRITE(sc, WPI_INT, 0xffffffff); 274 275 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 276 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 277 ic->ic_state = IEEE80211_S_INIT; 278 279 /* Set device capabilities. */ 280 ic->ic_caps = 281 IEEE80211_C_WEP | /* WEP */ 282 IEEE80211_C_RSN | /* WPA/RSN */ 283 IEEE80211_C_MONITOR | /* monitor mode supported */ 284 IEEE80211_C_SHSLOT | /* short slot time supported */ 285 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 286 IEEE80211_C_PMGT; /* power saving supported */ 287 288 /* Set supported rates. */ 289 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 290 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 291 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 292 ic->ic_sup_rates[IEEE80211_MODE_11A] = 293 ieee80211_std_rateset_11a; 294 } 295 296 /* IBSS channel undefined for now. */ 297 ic->ic_ibss_chan = &ic->ic_channels[0]; 298 299 ifp->if_softc = sc; 300 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 301 ifp->if_init = wpi_init; 302 ifp->if_ioctl = wpi_ioctl; 303 ifp->if_start = wpi_start; 304 ifp->if_watchdog = wpi_watchdog; 305 IFQ_SET_READY(&ifp->if_snd); 306 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 307 308 if_attach(ifp); 309 ieee80211_ifattach(ifp); 310 ic->ic_node_alloc = wpi_node_alloc; 311 ic->ic_newassoc = wpi_newassoc; 312 ic->ic_updateedca = wpi_updateedca; 313 ic->ic_set_key = wpi_set_key; 314 ic->ic_delete_key = wpi_delete_key; 315 316 /* Override 802.11 state transition machine. */ 317 sc->sc_newstate = ic->ic_newstate; 318 ic->ic_newstate = wpi_newstate; 319 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 320 321 sc->amrr.amrr_min_success_threshold = 1; 322 sc->amrr.amrr_max_success_threshold = 15; 323 324 #if NBPFILTER > 0 325 wpi_radiotap_attach(sc); 326 #endif 327 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 328 329 sc->powerhook = powerhook_establish(wpi_power, sc); 330 331 return; 332 333 /* Free allocated memory if something failed during attachment. */ 334 fail2: while (--i >= 0) 335 wpi_free_tx_ring(sc, &sc->txq[i]); 336 wpi_free_shared(sc); 337 fail1: wpi_free_fwmem(sc); 338 } 339 340 #if NBPFILTER > 0 341 /* 342 * Attach the interface to 802.11 radiotap. 343 */ 344 void 345 wpi_radiotap_attach(struct wpi_softc *sc) 346 { 347 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 348 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 349 350 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 351 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 352 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 353 354 sc->sc_txtap_len = sizeof sc->sc_txtapu; 355 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 356 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 357 } 358 #endif 359 360 int 361 wpi_detach(struct device *self, int flags) 362 { 363 struct wpi_softc *sc = (struct wpi_softc *)self; 364 struct ifnet *ifp = &sc->sc_ic.ic_if; 365 int qid; 366 367 timeout_del(&sc->calib_to); 368 369 /* Uninstall interrupt handler. */ 370 if (sc->sc_ih != NULL) 371 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 372 373 if (sc->powerhook != NULL) 374 powerhook_disestablish(sc->powerhook); 375 376 /* Free DMA resources. */ 377 wpi_free_rx_ring(sc, &sc->rxq); 378 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 379 wpi_free_tx_ring(sc, &sc->txq[qid]); 380 wpi_free_shared(sc); 381 wpi_free_fwmem(sc); 382 383 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 384 385 ieee80211_ifdetach(ifp); 386 if_detach(ifp); 387 388 return 0; 389 } 390 391 void 392 wpi_power(int why, void *arg) 393 { 394 struct wpi_softc *sc = arg; 395 struct ifnet *ifp; 396 pcireg_t reg; 397 int s; 398 399 if (why != PWR_RESUME) 400 return; 401 402 /* Clear device-specific "PCI retry timeout" register (41h). */ 403 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 404 reg &= ~0xff00; 405 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 406 407 s = splnet(); 408 ifp = &sc->sc_ic.ic_if; 409 if (ifp->if_flags & IFF_UP) { 410 ifp->if_init(ifp); 411 if (ifp->if_flags & IFF_RUNNING) 412 ifp->if_start(ifp); 413 } 414 splx(s); 415 } 416 417 int 418 wpi_nic_lock(struct wpi_softc *sc) 419 { 420 int ntries; 421 422 /* Request exclusive access to NIC. */ 423 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 424 425 /* Spin until we actually get the lock. */ 426 for (ntries = 0; ntries < 1000; ntries++) { 427 if ((WPI_READ(sc, WPI_GP_CNTRL) & 428 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 429 WPI_GP_CNTRL_MAC_ACCESS_ENA) 430 return 0; 431 DELAY(10); 432 } 433 return ETIMEDOUT; 434 } 435 436 static __inline void 437 wpi_nic_unlock(struct wpi_softc *sc) 438 { 439 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 440 } 441 442 static __inline uint32_t 443 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 444 { 445 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 446 WPI_BARRIER_READ_WRITE(sc); 447 return WPI_READ(sc, WPI_PRPH_RDATA); 448 } 449 450 static __inline void 451 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 452 { 453 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 454 WPI_BARRIER_WRITE(sc); 455 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 456 } 457 458 static __inline void 459 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 460 { 461 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 462 } 463 464 static __inline void 465 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 466 { 467 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 468 } 469 470 static __inline void 471 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 472 const uint32_t *data, int count) 473 { 474 for (; count > 0; count--, data++, addr += 4) 475 wpi_prph_write(sc, addr, *data); 476 } 477 478 static __inline uint32_t 479 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 480 { 481 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 482 WPI_BARRIER_READ_WRITE(sc); 483 return WPI_READ(sc, WPI_MEM_RDATA); 484 } 485 486 static __inline void 487 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 488 { 489 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 490 WPI_BARRIER_WRITE(sc); 491 WPI_WRITE(sc, WPI_MEM_WDATA, data); 492 } 493 494 static __inline void 495 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 496 int count) 497 { 498 for (; count > 0; count--, addr += 4) 499 *data++ = wpi_mem_read(sc, addr); 500 } 501 502 int 503 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 504 { 505 uint8_t *out = data; 506 uint32_t val; 507 int error, ntries; 508 509 if ((error = wpi_nic_lock(sc)) != 0) 510 return error; 511 512 for (; count > 0; count -= 2, addr++) { 513 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 514 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 515 516 for (ntries = 0; ntries < 10; ntries++) { 517 val = WPI_READ(sc, WPI_EEPROM); 518 if (val & WPI_EEPROM_READ_VALID) 519 break; 520 DELAY(5); 521 } 522 if (ntries == 10) { 523 printf("%s: could not read EEPROM\n", 524 sc->sc_dev.dv_xname); 525 return ETIMEDOUT; 526 } 527 *out++ = val >> 16; 528 if (count > 1) 529 *out++ = val >> 24; 530 } 531 532 wpi_nic_unlock(sc); 533 return 0; 534 } 535 536 int 537 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 538 bus_size_t size, bus_size_t alignment) 539 { 540 int nsegs, error; 541 542 dma->tag = tag; 543 dma->size = size; 544 545 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 546 &dma->map); 547 if (error != 0) 548 goto fail; 549 550 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 551 BUS_DMA_NOWAIT | BUS_DMA_ZERO); 552 if (error != 0) 553 goto fail; 554 555 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 556 BUS_DMA_NOWAIT | BUS_DMA_COHERENT); 557 if (error != 0) 558 goto fail; 559 560 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, 561 BUS_DMA_NOWAIT); 562 if (error != 0) 563 goto fail; 564 565 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 566 567 dma->paddr = dma->map->dm_segs[0].ds_addr; 568 if (kvap != NULL) 569 *kvap = dma->vaddr; 570 571 return 0; 572 573 fail: wpi_dma_contig_free(dma); 574 return error; 575 } 576 577 void 578 wpi_dma_contig_free(struct wpi_dma_info *dma) 579 { 580 if (dma->map != NULL) { 581 if (dma->vaddr != NULL) { 582 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 583 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 584 bus_dmamap_unload(dma->tag, dma->map); 585 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 586 bus_dmamem_free(dma->tag, &dma->seg, 1); 587 dma->vaddr = NULL; 588 } 589 bus_dmamap_destroy(dma->tag, dma->map); 590 dma->map = NULL; 591 } 592 } 593 594 int 595 wpi_alloc_shared(struct wpi_softc *sc) 596 { 597 /* Shared buffer must be aligned on a 4KB boundary. */ 598 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 599 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 600 } 601 602 void 603 wpi_free_shared(struct wpi_softc *sc) 604 { 605 wpi_dma_contig_free(&sc->shared_dma); 606 } 607 608 int 609 wpi_alloc_fwmem(struct wpi_softc *sc) 610 { 611 /* Allocate enough contiguous space to store text and data. */ 612 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 613 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 614 } 615 616 void 617 wpi_free_fwmem(struct wpi_softc *sc) 618 { 619 wpi_dma_contig_free(&sc->fw_dma); 620 } 621 622 int 623 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 624 { 625 bus_size_t size; 626 int i, error; 627 628 ring->cur = 0; 629 630 /* Allocate RX descriptors (16KB aligned.) */ 631 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 632 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 633 (void **)&ring->desc, size, 16 * 1024); 634 if (error != 0) { 635 printf("%s: could not allocate RX ring DMA memory\n", 636 sc->sc_dev.dv_xname); 637 goto fail; 638 } 639 640 /* 641 * Allocate and map RX buffers. 642 */ 643 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 644 struct wpi_rx_data *data = &ring->data[i]; 645 646 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1, 647 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map); 648 if (error != 0) { 649 printf("%s: could not create RX buf DMA map\n", 650 sc->sc_dev.dv_xname); 651 goto fail; 652 } 653 654 data->m = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 655 if (data->m == NULL) { 656 printf("%s: could not allocate RX mbuf\n", 657 sc->sc_dev.dv_xname); 658 error = ENOBUFS; 659 goto fail; 660 } 661 662 error = bus_dmamap_load(sc->sc_dmat, data->map, 663 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 664 BUS_DMA_NOWAIT | BUS_DMA_READ); 665 if (error != 0) { 666 printf("%s: can't map mbuf (error %d)\n", 667 sc->sc_dev.dv_xname, error); 668 goto fail; 669 } 670 671 /* Set physical address of RX buffer. */ 672 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr); 673 } 674 675 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 676 BUS_DMASYNC_PREWRITE); 677 678 return 0; 679 680 fail: wpi_free_rx_ring(sc, ring); 681 return error; 682 } 683 684 void 685 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 686 { 687 int ntries; 688 689 if (wpi_nic_lock(sc) == 0) { 690 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 691 for (ntries = 0; ntries < 100; ntries++) { 692 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 693 WPI_FH_RX_STATUS_IDLE) 694 break; 695 DELAY(10); 696 } 697 wpi_nic_unlock(sc); 698 } 699 ring->cur = 0; 700 } 701 702 void 703 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 704 { 705 int i; 706 707 wpi_dma_contig_free(&ring->desc_dma); 708 709 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 710 struct wpi_rx_data *data = &ring->data[i]; 711 712 if (data->m != NULL) { 713 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 714 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 715 bus_dmamap_unload(sc->sc_dmat, data->map); 716 m_freem(data->m); 717 } 718 if (data->map != NULL) 719 bus_dmamap_destroy(sc->sc_dmat, data->map); 720 } 721 } 722 723 int 724 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 725 { 726 bus_addr_t paddr; 727 bus_size_t size; 728 int i, error; 729 730 ring->qid = qid; 731 ring->queued = 0; 732 ring->cur = 0; 733 734 /* Allocate TX descriptors (16KB aligned.) */ 735 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 736 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 737 (void **)&ring->desc, size, 16 * 1024); 738 if (error != 0) { 739 printf("%s: could not allocate TX ring DMA memory\n", 740 sc->sc_dev.dv_xname); 741 goto fail; 742 } 743 744 /* Update shared area with ring physical address. */ 745 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 746 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 747 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 748 749 /* 750 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 751 * to allocate commands space for other rings. 752 * XXX Do we really need to allocate descriptors for other rings? 753 */ 754 if (qid > 4) 755 return 0; 756 757 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 758 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 759 (void **)&ring->cmd, size, 4); 760 if (error != 0) { 761 printf("%s: could not allocate TX cmd DMA memory\n", 762 sc->sc_dev.dv_xname); 763 goto fail; 764 } 765 766 paddr = ring->cmd_dma.paddr; 767 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 768 struct wpi_tx_data *data = &ring->data[i]; 769 770 data->cmd_paddr = paddr; 771 paddr += sizeof (struct wpi_tx_cmd); 772 773 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 774 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 775 &data->map); 776 if (error != 0) { 777 printf("%s: could not create TX buf DMA map\n", 778 sc->sc_dev.dv_xname); 779 goto fail; 780 } 781 } 782 return 0; 783 784 fail: wpi_free_tx_ring(sc, ring); 785 return error; 786 } 787 788 void 789 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 790 { 791 int i; 792 793 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 794 struct wpi_tx_data *data = &ring->data[i]; 795 796 if (data->m != NULL) { 797 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 798 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 799 bus_dmamap_unload(sc->sc_dmat, data->map); 800 m_freem(data->m); 801 data->m = NULL; 802 } 803 } 804 /* Clear TX descriptors. */ 805 memset(ring->desc, 0, ring->desc_dma.size); 806 sc->qfullmsk &= ~(1 << ring->qid); 807 ring->queued = 0; 808 ring->cur = 0; 809 } 810 811 void 812 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 813 { 814 int i; 815 816 wpi_dma_contig_free(&ring->desc_dma); 817 wpi_dma_contig_free(&ring->cmd_dma); 818 819 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 820 struct wpi_tx_data *data = &ring->data[i]; 821 822 if (data->m != NULL) { 823 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 824 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 825 bus_dmamap_unload(sc->sc_dmat, data->map); 826 m_freem(data->m); 827 } 828 if (data->map != NULL) 829 bus_dmamap_destroy(sc->sc_dmat, data->map); 830 } 831 } 832 833 int 834 wpi_read_eeprom(struct wpi_softc *sc) 835 { 836 struct ieee80211com *ic = &sc->sc_ic; 837 char domain[4]; 838 int i; 839 840 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 841 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 842 return EIO; 843 } 844 /* Clear HW ownership of EEPROM. */ 845 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 846 847 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 848 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 849 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 850 851 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 852 sc->type)); 853 854 /* Read and print regulatory domain (4 ASCII characters.) */ 855 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 856 printf(", %.4s", domain); 857 858 /* Read and print MAC address. */ 859 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 860 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 861 862 /* Read the list of authorized channels. */ 863 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 864 wpi_read_eeprom_channels(sc, i); 865 866 /* Read the list of TX power groups. */ 867 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 868 wpi_read_eeprom_group(sc, i); 869 870 return 0; 871 } 872 873 void 874 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 875 { 876 struct ieee80211com *ic = &sc->sc_ic; 877 const struct wpi_chan_band *band = &wpi_bands[n]; 878 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 879 int chan, i; 880 881 wpi_read_prom_data(sc, band->addr, channels, 882 band->nchan * sizeof (struct wpi_eeprom_chan)); 883 884 for (i = 0; i < band->nchan; i++) { 885 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 886 continue; 887 888 chan = band->chan[i]; 889 890 if (n == 0) { /* 2GHz band */ 891 ic->ic_channels[chan].ic_freq = 892 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 893 ic->ic_channels[chan].ic_flags = 894 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 895 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 896 897 } else { /* 5GHz band */ 898 /* 899 * Some adapters support channels 7, 8, 11 and 12 900 * both in the 2GHz and 4.9GHz bands. 901 * Because of limitations in our net80211 layer, 902 * we don't support them in the 4.9GHz band. 903 */ 904 if (chan <= 14) 905 continue; 906 907 ic->ic_channels[chan].ic_freq = 908 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 909 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 910 } 911 912 /* Is active scan allowed on this channel? */ 913 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 914 ic->ic_channels[chan].ic_flags |= 915 IEEE80211_CHAN_PASSIVE; 916 } 917 918 /* Save maximum allowed TX power for this channel. */ 919 sc->maxpwr[chan] = channels[i].maxpwr; 920 921 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 922 chan, channels[i].flags, sc->maxpwr[chan])); 923 } 924 } 925 926 void 927 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 928 { 929 struct wpi_power_group *group = &sc->groups[n]; 930 struct wpi_eeprom_group rgroup; 931 int i; 932 933 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 934 sizeof rgroup); 935 936 /* Save TX power group information. */ 937 group->chan = rgroup.chan; 938 group->maxpwr = rgroup.maxpwr; 939 /* Retrieve temperature at which the samples were taken. */ 940 group->temp = (int16_t)letoh16(rgroup.temp); 941 942 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 943 group->chan, group->maxpwr, group->temp)); 944 945 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 946 group->samples[i].index = rgroup.samples[i].index; 947 group->samples[i].power = rgroup.samples[i].power; 948 949 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 950 group->samples[i].index, group->samples[i].power)); 951 } 952 } 953 954 struct ieee80211_node * 955 wpi_node_alloc(struct ieee80211com *ic) 956 { 957 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 958 } 959 960 void 961 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 962 { 963 struct wpi_softc *sc = ic->ic_if.if_softc; 964 struct wpi_node *wn = (void *)ni; 965 uint8_t rate; 966 int ridx, i; 967 968 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 969 /* Start at lowest available bit-rate, AMRR will raise. */ 970 ni->ni_txrate = 0; 971 972 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 973 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 974 /* Map 802.11 rate to HW rate index. */ 975 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 976 if (wpi_rates[ridx].rate == rate) 977 break; 978 wn->ridx[i] = ridx; 979 } 980 } 981 982 int 983 wpi_media_change(struct ifnet *ifp) 984 { 985 struct wpi_softc *sc = ifp->if_softc; 986 struct ieee80211com *ic = &sc->sc_ic; 987 uint8_t rate, ridx; 988 int error; 989 990 error = ieee80211_media_change(ifp); 991 if (error != ENETRESET) 992 return error; 993 994 if (ic->ic_fixed_rate != -1) { 995 rate = ic->ic_sup_rates[ic->ic_curmode]. 996 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 997 /* Map 802.11 rate to HW rate index. */ 998 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 999 if (wpi_rates[ridx].rate == rate) 1000 break; 1001 sc->fixed_ridx = ridx; 1002 } 1003 1004 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1005 (IFF_UP | IFF_RUNNING)) { 1006 wpi_stop(ifp, 0); 1007 error = wpi_init(ifp); 1008 } 1009 return error; 1010 } 1011 1012 int 1013 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1014 { 1015 struct ifnet *ifp = &ic->ic_if; 1016 struct wpi_softc *sc = ifp->if_softc; 1017 int error; 1018 1019 timeout_del(&sc->calib_to); 1020 1021 switch (nstate) { 1022 case IEEE80211_S_SCAN: 1023 /* Make the link LED blink while we're scanning. */ 1024 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1025 1026 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1027 printf("%s: could not initiate scan\n", 1028 sc->sc_dev.dv_xname); 1029 return error; 1030 } 1031 ic->ic_state = nstate; 1032 return 0; 1033 1034 case IEEE80211_S_ASSOC: 1035 if (ic->ic_state != IEEE80211_S_RUN) 1036 break; 1037 /* FALLTHROUGH */ 1038 case IEEE80211_S_AUTH: 1039 /* Reset state to handle reassociations correctly. */ 1040 sc->rxon.associd = 0; 1041 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1042 1043 if ((error = wpi_auth(sc)) != 0) { 1044 printf("%s: could not move to auth state\n", 1045 sc->sc_dev.dv_xname); 1046 return error; 1047 } 1048 break; 1049 1050 case IEEE80211_S_RUN: 1051 if ((error = wpi_run(sc)) != 0) { 1052 printf("%s: could not move to run state\n", 1053 sc->sc_dev.dv_xname); 1054 return error; 1055 } 1056 break; 1057 1058 case IEEE80211_S_INIT: 1059 break; 1060 } 1061 1062 return sc->sc_newstate(ic, nstate, arg); 1063 } 1064 1065 void 1066 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1067 { 1068 struct wpi_softc *sc = arg; 1069 struct wpi_node *wn = (struct wpi_node *)ni; 1070 1071 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1072 } 1073 1074 void 1075 wpi_calib_timeout(void *arg) 1076 { 1077 struct wpi_softc *sc = arg; 1078 struct ieee80211com *ic = &sc->sc_ic; 1079 int s; 1080 1081 s = splnet(); 1082 /* Automatic rate control triggered every 500ms. */ 1083 if (ic->ic_fixed_rate == -1) { 1084 if (ic->ic_opmode == IEEE80211_M_STA) 1085 wpi_iter_func(sc, ic->ic_bss); 1086 else 1087 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1088 } 1089 1090 /* Force automatic TX power calibration every 60 secs. */ 1091 if (++sc->calib_cnt >= 120) { 1092 wpi_power_calibration(sc); 1093 sc->calib_cnt = 0; 1094 } 1095 splx(s); 1096 1097 /* Automatic rate control triggered every 500ms. */ 1098 timeout_add_msec(&sc->calib_to, 500); 1099 } 1100 1101 int 1102 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1103 { 1104 struct ieee80211_frame *wh; 1105 uint64_t pn, *prsc; 1106 uint8_t *ivp; 1107 uint8_t tid; 1108 int hdrlen; 1109 1110 wh = mtod(m, struct ieee80211_frame *); 1111 hdrlen = ieee80211_get_hdrlen(wh); 1112 ivp = (uint8_t *)wh + hdrlen; 1113 1114 /* Check that ExtIV bit is be set. */ 1115 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1116 DPRINTF(("CCMP decap ExtIV not set\n")); 1117 return 1; 1118 } 1119 tid = ieee80211_has_qos(wh) ? 1120 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1121 prsc = &k->k_rsc[tid]; 1122 1123 /* Extract the 48-bit PN from the CCMP header. */ 1124 pn = (uint64_t)ivp[0] | 1125 (uint64_t)ivp[1] << 8 | 1126 (uint64_t)ivp[4] << 16 | 1127 (uint64_t)ivp[5] << 24 | 1128 (uint64_t)ivp[6] << 32 | 1129 (uint64_t)ivp[7] << 40; 1130 if (pn <= *prsc) { 1131 /* 1132 * Not necessarily a replayed frame since we did not check 1133 * the sequence number of the 802.11 header yet. 1134 */ 1135 DPRINTF(("CCMP replayed\n")); 1136 return 1; 1137 } 1138 /* Update last seen packet number. */ 1139 *prsc = pn; 1140 1141 /* Clear Protected bit and strip IV. */ 1142 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1143 ovbcopy(wh, mtod(m, caddr_t) + IEEE80211_CCMP_HDRLEN, hdrlen); 1144 m_adj(m, IEEE80211_CCMP_HDRLEN); 1145 /* Strip MIC. */ 1146 m_adj(m, -IEEE80211_CCMP_MICLEN); 1147 return 0; 1148 } 1149 1150 void 1151 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1152 struct wpi_rx_data *data) 1153 { 1154 struct ieee80211com *ic = &sc->sc_ic; 1155 struct ifnet *ifp = &ic->ic_if; 1156 struct wpi_rx_ring *ring = &sc->rxq; 1157 struct wpi_rx_stat *stat; 1158 struct wpi_rx_head *head; 1159 struct wpi_rx_tail *tail; 1160 struct ieee80211_frame *wh; 1161 struct ieee80211_rxinfo rxi; 1162 struct ieee80211_node *ni; 1163 struct mbuf *m, *m1; 1164 uint32_t flags; 1165 int error; 1166 1167 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE, 1168 BUS_DMASYNC_POSTREAD); 1169 stat = (struct wpi_rx_stat *)(desc + 1); 1170 1171 if (stat->len > WPI_STAT_MAXLEN) { 1172 printf("%s: invalid RX statistic header\n", 1173 sc->sc_dev.dv_xname); 1174 ifp->if_ierrors++; 1175 return; 1176 } 1177 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1178 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1179 flags = letoh32(tail->flags); 1180 1181 /* Discard frames with a bad FCS early. */ 1182 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1183 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1184 ifp->if_ierrors++; 1185 return; 1186 } 1187 /* Discard frames that are too short. */ 1188 if (letoh16(head->len) < sizeof (*wh)) { 1189 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1190 ic->ic_stats.is_rx_tooshort++; 1191 ifp->if_ierrors++; 1192 return; 1193 } 1194 1195 m1 = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 1196 if (m1 == NULL) { 1197 ic->ic_stats.is_rx_nombuf++; 1198 ifp->if_ierrors++; 1199 return; 1200 } 1201 bus_dmamap_unload(sc->sc_dmat, data->map); 1202 1203 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 1204 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 1205 if (error != 0) { 1206 m_freem(m1); 1207 1208 /* Try to reload the old mbuf. */ 1209 error = bus_dmamap_load(sc->sc_dmat, data->map, 1210 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 1211 BUS_DMA_NOWAIT | BUS_DMA_READ); 1212 if (error != 0) { 1213 panic("%s: could not load old RX mbuf", 1214 sc->sc_dev.dv_xname); 1215 } 1216 /* Physical address may have changed. */ 1217 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1218 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1219 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1220 BUS_DMASYNC_PREWRITE); 1221 ifp->if_ierrors++; 1222 return; 1223 } 1224 1225 m = data->m; 1226 data->m = m1; 1227 /* Update RX descriptor. */ 1228 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1229 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1230 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1231 BUS_DMASYNC_PREWRITE); 1232 1233 /* Finalize mbuf. */ 1234 m->m_pkthdr.rcvif = ifp; 1235 m->m_data = (caddr_t)(head + 1); 1236 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1237 1238 /* Grab a reference to the source node. */ 1239 wh = mtod(m, struct ieee80211_frame *); 1240 ni = ieee80211_find_rxnode(ic, wh); 1241 1242 rxi.rxi_flags = 0; 1243 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1244 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1245 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1246 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1247 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1248 ic->ic_stats.is_ccmp_dec_errs++; 1249 ifp->if_ierrors++; 1250 m_freem(m); 1251 return; 1252 } 1253 /* Check whether decryption was successful or not. */ 1254 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1255 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1256 ic->ic_stats.is_ccmp_dec_errs++; 1257 ifp->if_ierrors++; 1258 m_freem(m); 1259 return; 1260 } 1261 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1262 ifp->if_ierrors++; 1263 m_freem(m); 1264 return; 1265 } 1266 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1267 } 1268 1269 #if NBPFILTER > 0 1270 if (sc->sc_drvbpf != NULL) { 1271 struct mbuf mb; 1272 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1273 1274 tap->wr_flags = 0; 1275 if (letoh16(head->flags) & 0x4) 1276 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1277 tap->wr_chan_freq = 1278 htole16(ic->ic_channels[head->chan].ic_freq); 1279 tap->wr_chan_flags = 1280 htole16(ic->ic_channels[head->chan].ic_flags); 1281 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1282 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1283 tap->wr_tsft = tail->tstamp; 1284 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1285 switch (head->rate) { 1286 /* CCK rates. */ 1287 case 10: tap->wr_rate = 2; break; 1288 case 20: tap->wr_rate = 4; break; 1289 case 55: tap->wr_rate = 11; break; 1290 case 110: tap->wr_rate = 22; break; 1291 /* OFDM rates. */ 1292 case 0xd: tap->wr_rate = 12; break; 1293 case 0xf: tap->wr_rate = 18; break; 1294 case 0x5: tap->wr_rate = 24; break; 1295 case 0x7: tap->wr_rate = 36; break; 1296 case 0x9: tap->wr_rate = 48; break; 1297 case 0xb: tap->wr_rate = 72; break; 1298 case 0x1: tap->wr_rate = 96; break; 1299 case 0x3: tap->wr_rate = 108; break; 1300 /* Unknown rate: should not happen. */ 1301 default: tap->wr_rate = 0; 1302 } 1303 1304 mb.m_data = (caddr_t)tap; 1305 mb.m_len = sc->sc_rxtap_len; 1306 mb.m_next = m; 1307 mb.m_nextpkt = NULL; 1308 mb.m_type = 0; 1309 mb.m_flags = 0; 1310 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1311 } 1312 #endif 1313 1314 /* Send the frame to the 802.11 layer. */ 1315 rxi.rxi_rssi = stat->rssi; 1316 rxi.rxi_tstamp = 0; /* unused */ 1317 ieee80211_input(ifp, m, ni, &rxi); 1318 1319 /* Node is no longer needed. */ 1320 ieee80211_release_node(ic, ni); 1321 } 1322 1323 void 1324 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1325 { 1326 struct ieee80211com *ic = &sc->sc_ic; 1327 struct ifnet *ifp = &ic->ic_if; 1328 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1329 struct wpi_tx_data *data = &ring->data[desc->idx]; 1330 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1331 struct wpi_node *wn = (struct wpi_node *)data->ni; 1332 1333 /* Update rate control statistics. */ 1334 wn->amn.amn_txcnt++; 1335 if (stat->retrycnt > 0) 1336 wn->amn.amn_retrycnt++; 1337 1338 if ((letoh32(stat->status) & 0xff) != 1) 1339 ifp->if_oerrors++; 1340 else 1341 ifp->if_opackets++; 1342 1343 /* Unmap and free mbuf. */ 1344 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1345 BUS_DMASYNC_POSTWRITE); 1346 bus_dmamap_unload(sc->sc_dmat, data->map); 1347 m_freem(data->m); 1348 data->m = NULL; 1349 ieee80211_release_node(ic, data->ni); 1350 data->ni = NULL; 1351 1352 sc->sc_tx_timer = 0; 1353 if (--ring->queued < WPI_TX_RING_LOMARK) { 1354 sc->qfullmsk &= ~(1 << ring->qid); 1355 if (sc->qfullmsk == 0 && (ifp->if_flags & IFF_OACTIVE)) { 1356 ifp->if_flags &= ~IFF_OACTIVE; 1357 (*ifp->if_start)(ifp); 1358 } 1359 } 1360 } 1361 1362 void 1363 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1364 { 1365 struct wpi_tx_ring *ring = &sc->txq[4]; 1366 struct wpi_tx_data *data; 1367 1368 if ((desc->qid & 7) != 4) 1369 return; /* Not a command ack. */ 1370 1371 data = &ring->data[desc->idx]; 1372 1373 /* If the command was mapped in an mbuf, free it. */ 1374 if (data->m != NULL) { 1375 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1376 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1377 bus_dmamap_unload(sc->sc_dmat, data->map); 1378 m_freem(data->m); 1379 data->m = NULL; 1380 } 1381 wakeup(&ring->cmd[desc->idx]); 1382 } 1383 1384 void 1385 wpi_notif_intr(struct wpi_softc *sc) 1386 { 1387 struct ieee80211com *ic = &sc->sc_ic; 1388 struct ifnet *ifp = &ic->ic_if; 1389 uint32_t hw; 1390 1391 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1392 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1393 1394 hw = letoh32(sc->shared->next); 1395 while (sc->rxq.cur != hw) { 1396 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1397 struct wpi_rx_desc *desc; 1398 1399 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 1400 BUS_DMASYNC_POSTREAD); 1401 desc = mtod(data->m, struct wpi_rx_desc *); 1402 1403 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1404 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1405 letoh32(desc->len))); 1406 1407 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1408 wpi_cmd_done(sc, desc); 1409 1410 switch (desc->type) { 1411 case WPI_RX_DONE: 1412 /* An 802.11 frame has been received. */ 1413 wpi_rx_done(sc, desc, data); 1414 break; 1415 1416 case WPI_TX_DONE: 1417 /* An 802.11 frame has been transmitted. */ 1418 wpi_tx_done(sc, desc); 1419 break; 1420 1421 case WPI_UC_READY: 1422 { 1423 struct wpi_ucode_info *uc = 1424 (struct wpi_ucode_info *)(desc + 1); 1425 1426 /* The microcontroller is ready. */ 1427 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1428 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1429 DPRINTF(("microcode alive notification version %x " 1430 "alive %x\n", letoh32(uc->version), 1431 letoh32(uc->valid))); 1432 1433 if (letoh32(uc->valid) != 1) { 1434 printf("%s: microcontroller initialization " 1435 "failed\n", sc->sc_dev.dv_xname); 1436 } 1437 if (uc->subtype != WPI_UCODE_INIT) { 1438 /* Save the address of the error log. */ 1439 sc->errptr = letoh32(uc->errptr); 1440 } 1441 break; 1442 } 1443 case WPI_STATE_CHANGED: 1444 { 1445 uint32_t *status = (uint32_t *)(desc + 1); 1446 1447 /* Enabled/disabled notification. */ 1448 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1449 sizeof (*status), BUS_DMASYNC_POSTREAD); 1450 DPRINTF(("state changed to %x\n", letoh32(*status))); 1451 1452 if (letoh32(*status) & 1) { 1453 /* The radio button has to be pushed. */ 1454 printf("%s: Radio transmitter is off\n", 1455 sc->sc_dev.dv_xname); 1456 /* Turn the interface down. */ 1457 ifp->if_flags &= ~IFF_UP; 1458 wpi_stop(ifp, 1); 1459 return; /* No further processing. */ 1460 } 1461 break; 1462 } 1463 case WPI_START_SCAN: 1464 { 1465 struct wpi_start_scan *scan = 1466 (struct wpi_start_scan *)(desc + 1); 1467 1468 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1469 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1470 DPRINTFN(2, ("scanning channel %d status %x\n", 1471 scan->chan, letoh32(scan->status))); 1472 1473 /* Fix current channel. */ 1474 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1475 break; 1476 } 1477 case WPI_STOP_SCAN: 1478 { 1479 struct wpi_stop_scan *scan = 1480 (struct wpi_stop_scan *)(desc + 1); 1481 1482 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1483 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1484 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1485 scan->nchan, scan->status, scan->chan)); 1486 1487 if (scan->status == 1 && scan->chan <= 14 && 1488 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1489 /* 1490 * We just finished scanning 2GHz channels, 1491 * start scanning 5GHz ones. 1492 */ 1493 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1494 break; 1495 } 1496 ieee80211_end_scan(ifp); 1497 break; 1498 } 1499 } 1500 1501 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1502 } 1503 1504 /* Tell the firmware what we have processed. */ 1505 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1506 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1507 } 1508 1509 /* 1510 * Dump the error log of the firmware when a firmware panic occurs. Although 1511 * we can't debug the firmware because it is neither open source nor free, it 1512 * can help us to identify certain classes of problems. 1513 */ 1514 void 1515 wpi_fatal_intr(struct wpi_softc *sc) 1516 { 1517 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1518 struct wpi_fwdump dump; 1519 uint32_t i, offset, count; 1520 1521 /* Check that the error log address is valid. */ 1522 if (sc->errptr < WPI_FW_DATA_BASE || 1523 sc->errptr + sizeof (dump) > 1524 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1525 printf("%s: bad firmware error log address 0x%08x\n", 1526 sc->sc_dev.dv_xname, sc->errptr); 1527 return; 1528 } 1529 1530 if (wpi_nic_lock(sc) != 0) { 1531 printf("%s: could not read firmware error log\n", 1532 sc->sc_dev.dv_xname); 1533 return; 1534 } 1535 /* Read number of entries in the log. */ 1536 count = wpi_mem_read(sc, sc->errptr); 1537 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1538 printf("%s: invalid count field (count=%u)\n", 1539 sc->sc_dev.dv_xname, count); 1540 wpi_nic_unlock(sc); 1541 return; 1542 } 1543 /* Skip "count" field. */ 1544 offset = sc->errptr + sizeof (uint32_t); 1545 printf("firmware error log (count=%u):\n", count); 1546 for (i = 0; i < count; i++) { 1547 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1548 sizeof (dump) / sizeof (uint32_t)); 1549 1550 printf(" error type = \"%s\" (0x%08X)\n", 1551 (dump.desc < N(wpi_fw_errmsg)) ? 1552 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1553 dump.desc); 1554 printf(" error data = 0x%08X\n", 1555 dump.data); 1556 printf(" branch link = 0x%08X%08X\n", 1557 dump.blink[0], dump.blink[1]); 1558 printf(" interrupt link = 0x%08X%08X\n", 1559 dump.ilink[0], dump.ilink[1]); 1560 printf(" time = %u\n", dump.time); 1561 1562 offset += sizeof (dump); 1563 } 1564 wpi_nic_unlock(sc); 1565 /* Dump driver status (TX and RX rings) while we're here. */ 1566 printf("driver status:\n"); 1567 for (i = 0; i < 6; i++) { 1568 struct wpi_tx_ring *ring = &sc->txq[i]; 1569 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1570 i, ring->qid, ring->cur, ring->queued); 1571 } 1572 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1573 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1574 #undef N 1575 } 1576 1577 int 1578 wpi_intr(void *arg) 1579 { 1580 struct wpi_softc *sc = arg; 1581 struct ifnet *ifp = &sc->sc_ic.ic_if; 1582 uint32_t r1, r2; 1583 1584 /* Disable interrupts. */ 1585 WPI_WRITE(sc, WPI_MASK, 0); 1586 1587 r1 = WPI_READ(sc, WPI_INT); 1588 r2 = WPI_READ(sc, WPI_FH_INT); 1589 1590 if (r1 == 0 && r2 == 0) { 1591 if (ifp->if_flags & IFF_UP) 1592 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1593 return 0; /* Interrupt not for us. */ 1594 } 1595 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1596 return 0; /* Hardware gone! */ 1597 1598 /* Acknowledge interrupts. */ 1599 WPI_WRITE(sc, WPI_INT, r1); 1600 WPI_WRITE(sc, WPI_FH_INT, r2); 1601 1602 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1603 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1604 /* Dump firmware error log and stop. */ 1605 wpi_fatal_intr(sc); 1606 ifp->if_flags &= ~IFF_UP; 1607 wpi_stop(ifp, 1); 1608 return 1; 1609 } 1610 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1611 (r2 & WPI_FH_INT_RX)) 1612 wpi_notif_intr(sc); 1613 1614 if (r1 & WPI_INT_ALIVE) 1615 wakeup(sc); /* Firmware is alive. */ 1616 1617 /* Re-enable interrupts. */ 1618 if (ifp->if_flags & IFF_UP) 1619 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1620 1621 return 1; 1622 } 1623 1624 int 1625 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1626 { 1627 struct ieee80211com *ic = &sc->sc_ic; 1628 struct wpi_node *wn = (void *)ni; 1629 struct wpi_tx_ring *ring; 1630 struct wpi_tx_desc *desc; 1631 struct wpi_tx_data *data; 1632 struct wpi_tx_cmd *cmd; 1633 struct wpi_cmd_data *tx; 1634 const struct wpi_rate *rinfo; 1635 struct ieee80211_frame *wh; 1636 struct ieee80211_key *k = NULL; 1637 struct mbuf *m1; 1638 enum ieee80211_edca_ac ac; 1639 uint32_t flags; 1640 uint16_t qos; 1641 u_int hdrlen; 1642 uint8_t *ivp, tid, ridx, type; 1643 int i, totlen, hasqos, error; 1644 1645 wh = mtod(m, struct ieee80211_frame *); 1646 hdrlen = ieee80211_get_hdrlen(wh); 1647 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1648 1649 /* Select EDCA Access Category and TX ring for this frame. */ 1650 if ((hasqos = ieee80211_has_qos(wh))) { 1651 qos = ieee80211_get_qos(wh); 1652 tid = qos & IEEE80211_QOS_TID; 1653 ac = ieee80211_up_to_ac(ic, tid); 1654 } else { 1655 tid = 0; 1656 ac = EDCA_AC_BE; 1657 } 1658 1659 ring = &sc->txq[ac]; 1660 desc = &ring->desc[ring->cur]; 1661 data = &ring->data[ring->cur]; 1662 1663 /* Choose a TX rate index. */ 1664 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1665 type != IEEE80211_FC0_TYPE_DATA) { 1666 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1667 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1668 } else if (ic->ic_fixed_rate != -1) { 1669 ridx = sc->fixed_ridx; 1670 } else 1671 ridx = wn->ridx[ni->ni_txrate]; 1672 rinfo = &wpi_rates[ridx]; 1673 1674 #if NBPFILTER > 0 1675 if (sc->sc_drvbpf != NULL) { 1676 struct mbuf mb; 1677 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1678 1679 tap->wt_flags = 0; 1680 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1681 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1682 tap->wt_rate = rinfo->rate; 1683 tap->wt_hwqueue = ac; 1684 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1685 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1686 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1687 1688 mb.m_data = (caddr_t)tap; 1689 mb.m_len = sc->sc_txtap_len; 1690 mb.m_next = m; 1691 mb.m_nextpkt = NULL; 1692 mb.m_type = 0; 1693 mb.m_flags = 0; 1694 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1695 } 1696 #endif 1697 1698 totlen = m->m_pkthdr.len; 1699 1700 /* Encrypt the frame if need be. */ 1701 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1702 /* Retrieve key for TX. */ 1703 k = ieee80211_get_txkey(ic, wh, ni); 1704 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1705 /* Do software encryption. */ 1706 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1707 return ENOBUFS; 1708 /* 802.11 header may have moved. */ 1709 wh = mtod(m, struct ieee80211_frame *); 1710 totlen = m->m_pkthdr.len; 1711 1712 } else /* HW appends CCMP MIC. */ 1713 totlen += IEEE80211_CCMP_HDRLEN; 1714 } 1715 1716 /* Prepare TX firmware command. */ 1717 cmd = &ring->cmd[ring->cur]; 1718 cmd->code = WPI_CMD_TX_DATA; 1719 cmd->flags = 0; 1720 cmd->qid = ring->qid; 1721 cmd->idx = ring->cur; 1722 1723 tx = (struct wpi_cmd_data *)cmd->data; 1724 /* NB: No need to clear tx, all fields are reinitialized here. */ 1725 1726 flags = 0; 1727 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1728 /* Unicast frame, check if an ACK is expected. */ 1729 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1730 IEEE80211_QOS_ACK_POLICY_NOACK) 1731 flags |= WPI_TX_NEED_ACK; 1732 } 1733 1734 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1735 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1736 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1737 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1738 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1739 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1740 ridx <= WPI_RIDX_OFDM54) { 1741 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1742 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1743 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1744 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1745 } 1746 } 1747 1748 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1749 type != IEEE80211_FC0_TYPE_DATA) 1750 tx->id = WPI_ID_BROADCAST; 1751 else 1752 tx->id = wn->id; 1753 1754 if (type == IEEE80211_FC0_TYPE_MGT) { 1755 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1756 1757 #ifndef IEEE80211_STA_ONLY 1758 /* Tell HW to set timestamp in probe responses. */ 1759 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1760 flags |= WPI_TX_INSERT_TSTAMP; 1761 #endif 1762 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1763 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1764 tx->timeout = htole16(3); 1765 else 1766 tx->timeout = htole16(2); 1767 } else 1768 tx->timeout = htole16(0); 1769 1770 tx->len = htole16(totlen); 1771 tx->tid = tid; 1772 tx->rts_ntries = 7; 1773 tx->data_ntries = 15; 1774 tx->ofdm_mask = 0xff; 1775 tx->cck_mask = 0x0f; 1776 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1777 tx->plcp = rinfo->plcp; 1778 1779 /* Copy 802.11 header in TX command. */ 1780 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1781 1782 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1783 /* Trim 802.11 header and prepend CCMP IV. */ 1784 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1785 ivp = mtod(m, uint8_t *); 1786 k->k_tsc++; 1787 ivp[0] = k->k_tsc; 1788 ivp[1] = k->k_tsc >> 8; 1789 ivp[2] = 0; 1790 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1791 ivp[4] = k->k_tsc >> 16; 1792 ivp[5] = k->k_tsc >> 24; 1793 ivp[6] = k->k_tsc >> 32; 1794 ivp[7] = k->k_tsc >> 40; 1795 1796 tx->security = WPI_CIPHER_CCMP; 1797 memcpy(tx->key, k->k_key, k->k_len); 1798 } else { 1799 /* Trim 802.11 header. */ 1800 m_adj(m, hdrlen); 1801 tx->security = 0; 1802 } 1803 tx->flags = htole32(flags); 1804 1805 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1806 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1807 if (error != 0 && error != EFBIG) { 1808 printf("%s: can't map mbuf (error %d)\n", 1809 sc->sc_dev.dv_xname, error); 1810 m_freem(m); 1811 return error; 1812 } 1813 if (error != 0) { 1814 /* Too many DMA segments, linearize mbuf. */ 1815 MGETHDR(m1, M_DONTWAIT, MT_DATA); 1816 if (m1 == NULL) { 1817 m_freem(m); 1818 return ENOBUFS; 1819 } 1820 if (m->m_pkthdr.len > MHLEN) { 1821 MCLGET(m1, M_DONTWAIT); 1822 if (!(m1->m_flags & M_EXT)) { 1823 m_freem(m); 1824 m_freem(m1); 1825 return ENOBUFS; 1826 } 1827 } 1828 m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, caddr_t)); 1829 m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len; 1830 m_freem(m); 1831 m = m1; 1832 1833 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1834 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1835 if (error != 0) { 1836 printf("%s: can't map mbuf (error %d)\n", 1837 sc->sc_dev.dv_xname, error); 1838 m_freem(m); 1839 return error; 1840 } 1841 } 1842 1843 data->m = m; 1844 data->ni = ni; 1845 1846 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1847 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1848 1849 /* Fill TX descriptor. */ 1850 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1851 (1 + data->map->dm_nsegs) << 24); 1852 /* First DMA segment is used by the TX command. */ 1853 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1854 ring->cur * sizeof (struct wpi_tx_cmd)); 1855 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1856 ((hdrlen + 3) & ~3)); 1857 /* Other DMA segments are for data payload. */ 1858 for (i = 1; i <= data->map->dm_nsegs; i++) { 1859 desc->segs[i].addr = 1860 htole32(data->map->dm_segs[i - 1].ds_addr); 1861 desc->segs[i].len = 1862 htole32(data->map->dm_segs[i - 1].ds_len); 1863 } 1864 1865 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1866 BUS_DMASYNC_PREWRITE); 1867 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1868 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1869 BUS_DMASYNC_PREWRITE); 1870 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1871 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1872 BUS_DMASYNC_PREWRITE); 1873 1874 /* Kick TX ring. */ 1875 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1876 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1877 1878 /* Mark TX ring as full if we reach a certain threshold. */ 1879 if (++ring->queued > WPI_TX_RING_HIMARK) 1880 sc->qfullmsk |= 1 << ring->qid; 1881 1882 return 0; 1883 } 1884 1885 void 1886 wpi_start(struct ifnet *ifp) 1887 { 1888 struct wpi_softc *sc = ifp->if_softc; 1889 struct ieee80211com *ic = &sc->sc_ic; 1890 struct ieee80211_node *ni; 1891 struct mbuf *m; 1892 1893 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1894 return; 1895 1896 for (;;) { 1897 if (sc->qfullmsk != 0) { 1898 ifp->if_flags |= IFF_OACTIVE; 1899 break; 1900 } 1901 /* Send pending management frames first. */ 1902 IF_DEQUEUE(&ic->ic_mgtq, m); 1903 if (m != NULL) { 1904 ni = (void *)m->m_pkthdr.rcvif; 1905 goto sendit; 1906 } 1907 if (ic->ic_state != IEEE80211_S_RUN) 1908 break; 1909 1910 /* Encapsulate and send data frames. */ 1911 IFQ_DEQUEUE(&ifp->if_snd, m); 1912 if (m == NULL) 1913 break; 1914 #if NBPFILTER > 0 1915 if (ifp->if_bpf != NULL) 1916 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1917 #endif 1918 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1919 continue; 1920 sendit: 1921 #if NBPFILTER > 0 1922 if (ic->ic_rawbpf != NULL) 1923 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1924 #endif 1925 if (wpi_tx(sc, m, ni) != 0) { 1926 ieee80211_release_node(ic, ni); 1927 ifp->if_oerrors++; 1928 continue; 1929 } 1930 1931 sc->sc_tx_timer = 5; 1932 ifp->if_timer = 1; 1933 } 1934 } 1935 1936 void 1937 wpi_watchdog(struct ifnet *ifp) 1938 { 1939 struct wpi_softc *sc = ifp->if_softc; 1940 1941 ifp->if_timer = 0; 1942 1943 if (sc->sc_tx_timer > 0) { 1944 if (--sc->sc_tx_timer == 0) { 1945 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1946 ifp->if_flags &= ~IFF_UP; 1947 wpi_stop(ifp, 1); 1948 ifp->if_oerrors++; 1949 return; 1950 } 1951 ifp->if_timer = 1; 1952 } 1953 1954 ieee80211_watchdog(ifp); 1955 } 1956 1957 int 1958 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1959 { 1960 struct wpi_softc *sc = ifp->if_softc; 1961 struct ieee80211com *ic = &sc->sc_ic; 1962 struct ifaddr *ifa; 1963 struct ifreq *ifr; 1964 int s, error = 0; 1965 1966 s = splnet(); 1967 1968 switch (cmd) { 1969 case SIOCSIFADDR: 1970 ifa = (struct ifaddr *)data; 1971 ifp->if_flags |= IFF_UP; 1972 #ifdef INET 1973 if (ifa->ifa_addr->sa_family == AF_INET) 1974 arp_ifinit(&ic->ic_ac, ifa); 1975 #endif 1976 /* FALLTHROUGH */ 1977 case SIOCSIFFLAGS: 1978 if (ifp->if_flags & IFF_UP) { 1979 if (!(ifp->if_flags & IFF_RUNNING)) 1980 error = wpi_init(ifp); 1981 } else { 1982 if (ifp->if_flags & IFF_RUNNING) 1983 wpi_stop(ifp, 1); 1984 } 1985 break; 1986 1987 case SIOCADDMULTI: 1988 case SIOCDELMULTI: 1989 ifr = (struct ifreq *)data; 1990 error = (cmd == SIOCADDMULTI) ? 1991 ether_addmulti(ifr, &ic->ic_ac) : 1992 ether_delmulti(ifr, &ic->ic_ac); 1993 1994 if (error == ENETRESET) 1995 error = 0; 1996 break; 1997 1998 case SIOCS80211POWER: 1999 error = ieee80211_ioctl(ifp, cmd, data); 2000 if (error != ENETRESET) 2001 break; 2002 if (ic->ic_state == IEEE80211_S_RUN) { 2003 if (ic->ic_flags & IEEE80211_F_PMGTON) 2004 error = wpi_set_pslevel(sc, 0, 3, 0); 2005 else /* back to CAM */ 2006 error = wpi_set_pslevel(sc, 0, 0, 0); 2007 } else { 2008 /* Defer until transition to IEEE80211_S_RUN. */ 2009 error = 0; 2010 } 2011 break; 2012 2013 default: 2014 error = ieee80211_ioctl(ifp, cmd, data); 2015 } 2016 2017 if (error == ENETRESET) { 2018 error = 0; 2019 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2020 (IFF_UP | IFF_RUNNING)) { 2021 wpi_stop(ifp, 0); 2022 error = wpi_init(ifp); 2023 } 2024 } 2025 2026 splx(s); 2027 return error; 2028 } 2029 2030 /* 2031 * Send a command to the firmware. 2032 */ 2033 int 2034 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2035 { 2036 struct wpi_tx_ring *ring = &sc->txq[4]; 2037 struct wpi_tx_desc *desc; 2038 struct wpi_tx_data *data; 2039 struct wpi_tx_cmd *cmd; 2040 struct mbuf *m; 2041 bus_addr_t paddr; 2042 int totlen, error; 2043 2044 desc = &ring->desc[ring->cur]; 2045 data = &ring->data[ring->cur]; 2046 totlen = 4 + size; 2047 2048 if (size > sizeof cmd->data) { 2049 /* Command is too large to fit in a descriptor. */ 2050 if (totlen > MCLBYTES) 2051 return EINVAL; 2052 MGETHDR(m, M_DONTWAIT, MT_DATA); 2053 if (m == NULL) 2054 return ENOMEM; 2055 if (totlen > MHLEN) { 2056 MCLGET(m, M_DONTWAIT); 2057 if (!(m->m_flags & M_EXT)) { 2058 m_freem(m); 2059 return ENOMEM; 2060 } 2061 } 2062 cmd = mtod(m, struct wpi_tx_cmd *); 2063 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2064 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2065 if (error != 0) { 2066 m_freem(m); 2067 return error; 2068 } 2069 data->m = m; 2070 paddr = data->map->dm_segs[0].ds_addr; 2071 } else { 2072 cmd = &ring->cmd[ring->cur]; 2073 paddr = data->cmd_paddr; 2074 } 2075 2076 cmd->code = code; 2077 cmd->flags = 0; 2078 cmd->qid = ring->qid; 2079 cmd->idx = ring->cur; 2080 memcpy(cmd->data, buf, size); 2081 2082 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2083 desc->segs[0].addr = htole32(paddr); 2084 desc->segs[0].len = htole32(totlen); 2085 2086 if (size > sizeof cmd->data) { 2087 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2088 BUS_DMASYNC_PREWRITE); 2089 } else { 2090 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2091 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2092 BUS_DMASYNC_PREWRITE); 2093 } 2094 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2095 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2096 BUS_DMASYNC_PREWRITE); 2097 2098 /* Kick command ring. */ 2099 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2100 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2101 2102 return async ? 0 : tsleep(cmd, PCATCH, "wpicmd", hz); 2103 } 2104 2105 /* 2106 * Configure HW multi-rate retries. 2107 */ 2108 int 2109 wpi_mrr_setup(struct wpi_softc *sc) 2110 { 2111 struct ieee80211com *ic = &sc->sc_ic; 2112 struct wpi_mrr_setup mrr; 2113 int i, error; 2114 2115 /* CCK rates (not used with 802.11a). */ 2116 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2117 mrr.rates[i].flags = 0; 2118 mrr.rates[i].plcp = wpi_rates[i].plcp; 2119 /* Fallback to the immediate lower CCK rate (if any.) */ 2120 mrr.rates[i].next = 2121 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2122 /* Try one time at this rate before falling back to "next". */ 2123 mrr.rates[i].ntries = 1; 2124 } 2125 /* OFDM rates (not used with 802.11b). */ 2126 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2127 mrr.rates[i].flags = 0; 2128 mrr.rates[i].plcp = wpi_rates[i].plcp; 2129 /* Fallback to the immediate lower rate (if any.) */ 2130 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2131 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2132 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2133 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2134 i - 1; 2135 /* Try one time at this rate before falling back to "next". */ 2136 mrr.rates[i].ntries = 1; 2137 } 2138 /* Setup MRR for control frames. */ 2139 mrr.which = htole32(WPI_MRR_CTL); 2140 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2141 if (error != 0) { 2142 printf("%s: could not setup MRR for control frames\n", 2143 sc->sc_dev.dv_xname); 2144 return error; 2145 } 2146 /* Setup MRR for data frames. */ 2147 mrr.which = htole32(WPI_MRR_DATA); 2148 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2149 if (error != 0) { 2150 printf("%s: could not setup MRR for data frames\n", 2151 sc->sc_dev.dv_xname); 2152 return error; 2153 } 2154 return 0; 2155 } 2156 2157 void 2158 wpi_updateedca(struct ieee80211com *ic) 2159 { 2160 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2161 struct wpi_softc *sc = ic->ic_softc; 2162 struct wpi_edca_params cmd; 2163 int aci; 2164 2165 memset(&cmd, 0, sizeof cmd); 2166 cmd.flags = htole32(WPI_EDCA_UPDATE); 2167 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2168 const struct ieee80211_edca_ac_params *ac = 2169 &ic->ic_edca_ac[aci]; 2170 cmd.ac[aci].aifsn = ac->ac_aifsn; 2171 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2172 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2173 cmd.ac[aci].txoplimit = 2174 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2175 } 2176 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2177 #undef WPI_EXP2 2178 } 2179 2180 void 2181 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2182 { 2183 struct wpi_cmd_led led; 2184 2185 led.which = which; 2186 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2187 led.off = off; 2188 led.on = on; 2189 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2190 } 2191 2192 int 2193 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2194 { 2195 struct wpi_cmd_timing cmd; 2196 uint64_t val, mod; 2197 2198 memset(&cmd, 0, sizeof cmd); 2199 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2200 cmd.bintval = htole16(ni->ni_intval); 2201 cmd.lintval = htole16(10); 2202 2203 /* Compute remaining time until next beacon. */ 2204 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2205 mod = letoh64(cmd.tstamp) % val; 2206 cmd.binitval = htole32((uint32_t)(val - mod)); 2207 2208 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2209 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2210 2211 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2212 } 2213 2214 /* 2215 * This function is called periodically (every minute) to adjust TX power 2216 * based on temperature variation. 2217 */ 2218 void 2219 wpi_power_calibration(struct wpi_softc *sc) 2220 { 2221 int temp; 2222 2223 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 2224 /* Sanity-check temperature. */ 2225 if (temp < -260 || temp > 25) { 2226 /* This can't be correct, ignore. */ 2227 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2228 return; 2229 } 2230 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2231 /* Adjust TX power if need be (delta > 6). */ 2232 if (abs(temp - sc->temp) > 6) { 2233 /* Record temperature of last calibration. */ 2234 sc->temp = temp; 2235 (void)wpi_set_txpower(sc, 1); 2236 } 2237 } 2238 2239 /* 2240 * Set TX power for current channel (each rate has its own power settings). 2241 */ 2242 int 2243 wpi_set_txpower(struct wpi_softc *sc, int async) 2244 { 2245 struct ieee80211com *ic = &sc->sc_ic; 2246 struct ieee80211_channel *ch; 2247 struct wpi_power_group *group; 2248 struct wpi_cmd_txpower cmd; 2249 u_int chan; 2250 int idx, i; 2251 2252 /* Retrieve current channel from last RXON. */ 2253 chan = sc->rxon.chan; 2254 DPRINTF(("setting TX power for channel %d\n", chan)); 2255 ch = &ic->ic_channels[chan]; 2256 2257 /* Find the TX power group to which this channel belongs. */ 2258 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2259 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2260 if (chan <= group->chan) 2261 break; 2262 } else 2263 group = &sc->groups[0]; 2264 2265 memset(&cmd, 0, sizeof cmd); 2266 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2267 cmd.chan = htole16(chan); 2268 2269 /* Set TX power for all OFDM and CCK rates. */ 2270 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2271 /* Retrieve TX power for this channel/rate. */ 2272 idx = wpi_get_power_index(sc, group, ch, i); 2273 2274 cmd.rates[i].plcp = wpi_rates[i].plcp; 2275 2276 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2277 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2278 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2279 } else { 2280 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2281 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2282 } 2283 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2284 wpi_rates[i].rate, idx)); 2285 } 2286 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2287 } 2288 2289 /* 2290 * Determine TX power index for a given channel/rate combination. 2291 * This takes into account the regulatory information from EEPROM and the 2292 * current temperature. 2293 */ 2294 int 2295 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2296 struct ieee80211_channel *c, int ridx) 2297 { 2298 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2299 #define fdivround(a, b, n) \ 2300 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2301 2302 /* Linear interpolation. */ 2303 #define interpolate(x, x1, y1, x2, y2, n) \ 2304 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2305 2306 struct ieee80211com *ic = &sc->sc_ic; 2307 struct wpi_power_sample *sample; 2308 int pwr, idx; 2309 u_int chan; 2310 2311 /* Get channel number. */ 2312 chan = ieee80211_chan2ieee(ic, c); 2313 2314 /* Default TX power is group maximum TX power minus 3dB. */ 2315 pwr = group->maxpwr / 2; 2316 2317 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2318 switch (ridx) { 2319 case WPI_RIDX_OFDM36: 2320 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2321 break; 2322 case WPI_RIDX_OFDM48: 2323 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2324 break; 2325 case WPI_RIDX_OFDM54: 2326 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2327 break; 2328 } 2329 2330 /* Never exceed the channel maximum allowed TX power. */ 2331 pwr = MIN(pwr, sc->maxpwr[chan]); 2332 2333 /* Retrieve TX power index into gain tables from samples. */ 2334 for (sample = group->samples; sample < &group->samples[3]; sample++) 2335 if (pwr > sample[1].power) 2336 break; 2337 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2338 idx = interpolate(pwr, sample[0].power, sample[0].index, 2339 sample[1].power, sample[1].index, 19); 2340 2341 /*- 2342 * Adjust power index based on current temperature: 2343 * - if cooler than factory-calibrated: decrease output power 2344 * - if warmer than factory-calibrated: increase output power 2345 */ 2346 idx -= (sc->temp - group->temp) * 11 / 100; 2347 2348 /* Decrease TX power for CCK rates (-5dB). */ 2349 if (ridx >= WPI_RIDX_CCK1) 2350 idx += 10; 2351 2352 /* Make sure idx stays in a valid range. */ 2353 if (idx < 0) 2354 idx = 0; 2355 else if (idx > WPI_MAX_PWR_INDEX) 2356 idx = WPI_MAX_PWR_INDEX; 2357 return idx; 2358 2359 #undef interpolate 2360 #undef fdivround 2361 } 2362 2363 /* 2364 * Set STA mode power saving level (between 0 and 5). 2365 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2366 */ 2367 int 2368 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2369 { 2370 struct wpi_pmgt_cmd cmd; 2371 const struct wpi_pmgt *pmgt; 2372 uint32_t max, skip_dtim; 2373 pcireg_t reg; 2374 int i; 2375 2376 /* Select which PS parameters to use. */ 2377 if (dtim <= 10) 2378 pmgt = &wpi_pmgt[0][level]; 2379 else 2380 pmgt = &wpi_pmgt[1][level]; 2381 2382 memset(&cmd, 0, sizeof cmd); 2383 if (level != 0) /* not CAM */ 2384 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2385 /* Retrieve PCIe Active State Power Management (ASPM). */ 2386 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2387 sc->sc_cap_off + PCI_PCIE_LCSR); 2388 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2389 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2390 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2391 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2392 2393 if (dtim == 0) { 2394 dtim = 1; 2395 skip_dtim = 0; 2396 } else 2397 skip_dtim = pmgt->skip_dtim; 2398 if (skip_dtim != 0) { 2399 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2400 max = pmgt->intval[4]; 2401 if (max == (uint32_t)-1) 2402 max = dtim * (skip_dtim + 1); 2403 else if (max > dtim) 2404 max = (max / dtim) * dtim; 2405 } else 2406 max = dtim; 2407 for (i = 0; i < 5; i++) 2408 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2409 2410 DPRINTF(("setting power saving level to %d\n", level)); 2411 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2412 } 2413 2414 int 2415 wpi_config(struct wpi_softc *sc) 2416 { 2417 struct ieee80211com *ic = &sc->sc_ic; 2418 struct ifnet *ifp = &ic->ic_if; 2419 struct wpi_bluetooth bluetooth; 2420 struct wpi_node_info node; 2421 int error; 2422 2423 /* Set power saving level to CAM during initialization. */ 2424 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2425 printf("%s: could not set power saving level\n", 2426 sc->sc_dev.dv_xname); 2427 return error; 2428 } 2429 2430 /* Configure bluetooth coexistence. */ 2431 memset(&bluetooth, 0, sizeof bluetooth); 2432 bluetooth.flags = WPI_BT_COEX_MODE_4WIRE; 2433 bluetooth.lead_time = WPI_BT_LEAD_TIME_DEF; 2434 bluetooth.max_kill = WPI_BT_MAX_KILL_DEF; 2435 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2436 if (error != 0) { 2437 printf("%s: could not configure bluetooth coexistence\n", 2438 sc->sc_dev.dv_xname); 2439 return error; 2440 } 2441 2442 /* Configure adapter. */ 2443 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2444 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2445 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2446 /* Set default channel. */ 2447 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2448 sc->rxon.flags = htole32(WPI_RXON_TSF); 2449 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2450 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2451 switch (ic->ic_opmode) { 2452 case IEEE80211_M_STA: 2453 sc->rxon.mode = WPI_MODE_STA; 2454 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2455 break; 2456 case IEEE80211_M_MONITOR: 2457 sc->rxon.mode = WPI_MODE_MONITOR; 2458 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2459 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2460 break; 2461 default: 2462 /* Should not get there. */ 2463 break; 2464 } 2465 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2466 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2467 DPRINTF(("setting configuration\n")); 2468 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2469 0); 2470 if (error != 0) { 2471 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2472 return error; 2473 } 2474 2475 /* Configuration has changed, set TX power accordingly. */ 2476 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2477 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2478 return error; 2479 } 2480 2481 /* Add broadcast node. */ 2482 memset(&node, 0, sizeof node); 2483 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2484 node.id = WPI_ID_BROADCAST; 2485 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2486 node.action = htole32(WPI_ACTION_SET_RATE); 2487 node.antenna = WPI_ANTENNA_BOTH; 2488 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2489 if (error != 0) { 2490 printf("%s: could not add broadcast node\n", 2491 sc->sc_dev.dv_xname); 2492 return error; 2493 } 2494 2495 if ((error = wpi_mrr_setup(sc)) != 0) { 2496 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2497 return error; 2498 } 2499 return 0; 2500 } 2501 2502 int 2503 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2504 { 2505 struct ieee80211com *ic = &sc->sc_ic; 2506 struct wpi_scan_hdr *hdr; 2507 struct wpi_cmd_data *tx; 2508 struct wpi_scan_essid *essid; 2509 struct wpi_scan_chan *chan; 2510 struct ieee80211_frame *wh; 2511 struct ieee80211_rateset *rs; 2512 struct ieee80211_channel *c; 2513 uint8_t *buf, *frm; 2514 int buflen, error; 2515 2516 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2517 if (buf == NULL) { 2518 printf("%s: could not allocate buffer for scan command\n", 2519 sc->sc_dev.dv_xname); 2520 return ENOMEM; 2521 } 2522 hdr = (struct wpi_scan_hdr *)buf; 2523 /* 2524 * Move to the next channel if no frames are received within 10ms 2525 * after sending the probe request. 2526 */ 2527 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2528 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2529 2530 tx = (struct wpi_cmd_data *)(hdr + 1); 2531 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2532 tx->id = WPI_ID_BROADCAST; 2533 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2534 2535 if (flags & IEEE80211_CHAN_5GHZ) { 2536 hdr->crc_threshold = htole16(1); 2537 /* Send probe requests at 6Mbps. */ 2538 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2539 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2540 } else { 2541 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2542 /* Send probe requests at 1Mbps. */ 2543 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2544 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2545 } 2546 2547 essid = (struct wpi_scan_essid *)(tx + 1); 2548 if (ic->ic_des_esslen != 0) { 2549 essid[0].id = IEEE80211_ELEMID_SSID; 2550 essid[0].len = ic->ic_des_esslen; 2551 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2552 } 2553 /* 2554 * Build a probe request frame. Most of the following code is a 2555 * copy & paste of what is done in net80211. 2556 */ 2557 wh = (struct ieee80211_frame *)(essid + 4); 2558 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2559 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2560 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2561 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2562 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2563 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2564 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2565 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2566 2567 frm = (uint8_t *)(wh + 1); 2568 frm = ieee80211_add_ssid(frm, NULL, 0); 2569 frm = ieee80211_add_rates(frm, rs); 2570 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2571 frm = ieee80211_add_xrates(frm, rs); 2572 2573 /* Set length of probe request. */ 2574 tx->len = htole16(frm - (uint8_t *)wh); 2575 2576 chan = (struct wpi_scan_chan *)frm; 2577 for (c = &ic->ic_channels[1]; 2578 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2579 if ((c->ic_flags & flags) != flags) 2580 continue; 2581 2582 chan->chan = ieee80211_chan2ieee(ic, c); 2583 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2584 chan->flags = 0; 2585 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2586 chan->flags |= WPI_CHAN_ACTIVE; 2587 if (ic->ic_des_esslen != 0) 2588 chan->flags |= WPI_CHAN_NPBREQS(1); 2589 chan->dsp_gain = 0x6e; 2590 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2591 chan->rf_gain = 0x3b; 2592 chan->active = htole16(24); 2593 chan->passive = htole16(110); 2594 } else { 2595 chan->rf_gain = 0x28; 2596 chan->active = htole16(36); 2597 chan->passive = htole16(120); 2598 } 2599 hdr->nchan++; 2600 chan++; 2601 } 2602 2603 buflen = (uint8_t *)chan - buf; 2604 hdr->len = htole16(buflen); 2605 2606 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2607 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2608 free(buf, M_DEVBUF); 2609 return error; 2610 } 2611 2612 int 2613 wpi_auth(struct wpi_softc *sc) 2614 { 2615 struct ieee80211com *ic = &sc->sc_ic; 2616 struct ieee80211_node *ni = ic->ic_bss; 2617 struct wpi_node_info node; 2618 int error; 2619 2620 /* Update adapter configuration. */ 2621 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2622 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2623 sc->rxon.flags = htole32(WPI_RXON_TSF); 2624 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2625 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2626 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2627 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2628 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2629 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2630 switch (ic->ic_curmode) { 2631 case IEEE80211_MODE_11A: 2632 sc->rxon.cck_mask = 0; 2633 sc->rxon.ofdm_mask = 0x15; 2634 break; 2635 case IEEE80211_MODE_11B: 2636 sc->rxon.cck_mask = 0x03; 2637 sc->rxon.ofdm_mask = 0; 2638 break; 2639 default: /* Assume 802.11b/g. */ 2640 sc->rxon.cck_mask = 0x0f; 2641 sc->rxon.ofdm_mask = 0x15; 2642 } 2643 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2644 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2645 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2646 1); 2647 if (error != 0) { 2648 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2649 return error; 2650 } 2651 2652 /* Configuration has changed, set TX power accordingly. */ 2653 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2654 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2655 return error; 2656 } 2657 /* 2658 * Reconfiguring RXON clears the firmware nodes table so we must 2659 * add the broadcast node again. 2660 */ 2661 memset(&node, 0, sizeof node); 2662 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2663 node.id = WPI_ID_BROADCAST; 2664 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2665 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2666 node.action = htole32(WPI_ACTION_SET_RATE); 2667 node.antenna = WPI_ANTENNA_BOTH; 2668 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2669 if (error != 0) { 2670 printf("%s: could not add broadcast node\n", 2671 sc->sc_dev.dv_xname); 2672 return error; 2673 } 2674 return 0; 2675 } 2676 2677 int 2678 wpi_run(struct wpi_softc *sc) 2679 { 2680 struct ieee80211com *ic = &sc->sc_ic; 2681 struct ieee80211_node *ni = ic->ic_bss; 2682 struct wpi_node_info node; 2683 int error; 2684 2685 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2686 /* Link LED blinks while monitoring. */ 2687 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2688 return 0; 2689 } 2690 if ((error = wpi_set_timing(sc, ni)) != 0) { 2691 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2692 return error; 2693 } 2694 2695 /* Update adapter configuration. */ 2696 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2697 /* Short preamble and slot time are negotiated when associating. */ 2698 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2699 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2700 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2701 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2702 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2703 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2704 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2705 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2706 1); 2707 if (error != 0) { 2708 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2709 return error; 2710 } 2711 2712 /* Configuration has changed, set TX power accordingly. */ 2713 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2714 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2715 return error; 2716 } 2717 2718 /* Fake a join to init the TX rate. */ 2719 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2720 wpi_newassoc(ic, ni, 1); 2721 2722 /* Add BSS node. */ 2723 memset(&node, 0, sizeof node); 2724 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2725 node.id = WPI_ID_BSS; 2726 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2727 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2728 node.action = htole32(WPI_ACTION_SET_RATE); 2729 node.antenna = WPI_ANTENNA_BOTH; 2730 DPRINTF(("adding BSS node\n")); 2731 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2732 if (error != 0) { 2733 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2734 return error; 2735 } 2736 2737 /* Start periodic calibration timer. */ 2738 sc->calib_cnt = 0; 2739 timeout_add(&sc->calib_to, hz / 2); 2740 2741 /* Link LED always on while associated. */ 2742 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2743 2744 /* Enable power-saving mode if requested by user. */ 2745 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2746 (void)wpi_set_pslevel(sc, 0, 3, 1); 2747 2748 return 0; 2749 } 2750 2751 /* 2752 * We support CCMP hardware encryption/decryption of unicast frames only. 2753 * HW support for TKIP really sucks. We should let TKIP die anyway. 2754 */ 2755 int 2756 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2757 struct ieee80211_key *k) 2758 { 2759 struct wpi_softc *sc = ic->ic_softc; 2760 struct wpi_node *wn = (void *)ni; 2761 struct wpi_node_info node; 2762 uint16_t kflags; 2763 2764 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2765 k->k_cipher != IEEE80211_CIPHER_CCMP) 2766 return ieee80211_set_key(ic, ni, k); 2767 2768 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2769 memset(&node, 0, sizeof node); 2770 node.id = wn->id; 2771 node.control = WPI_NODE_UPDATE; 2772 node.flags = WPI_FLAG_SET_KEY; 2773 node.kflags = htole16(kflags); 2774 memcpy(node.key, k->k_key, k->k_len); 2775 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2776 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2777 } 2778 2779 void 2780 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2781 struct ieee80211_key *k) 2782 { 2783 struct wpi_softc *sc = ic->ic_softc; 2784 struct wpi_node *wn = (void *)ni; 2785 struct wpi_node_info node; 2786 2787 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2788 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2789 /* See comment about other ciphers above. */ 2790 ieee80211_delete_key(ic, ni, k); 2791 return; 2792 } 2793 if (ic->ic_state != IEEE80211_S_RUN) 2794 return; /* Nothing to do. */ 2795 memset(&node, 0, sizeof node); 2796 node.id = wn->id; 2797 node.control = WPI_NODE_UPDATE; 2798 node.flags = WPI_FLAG_SET_KEY; 2799 node.kflags = 0; 2800 DPRINTF(("delete keys for node %d\n", node.id)); 2801 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2802 } 2803 2804 int 2805 wpi_post_alive(struct wpi_softc *sc) 2806 { 2807 int ntries, error; 2808 2809 /* Check (again) that the radio is not disabled. */ 2810 if ((error = wpi_nic_lock(sc)) != 0) 2811 return error; 2812 /* NB: Runtime firmware must be up and running. */ 2813 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2814 printf("%s: radio is disabled by hardware switch\n", 2815 sc->sc_dev.dv_xname); 2816 wpi_nic_unlock(sc); 2817 return EPERM; /* :-) */ 2818 } 2819 wpi_nic_unlock(sc); 2820 2821 /* Wait for thermal sensor to calibrate. */ 2822 for (ntries = 0; ntries < 1000; ntries++) { 2823 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2824 break; 2825 DELAY(10); 2826 } 2827 if (ntries == 1000) { 2828 printf("%s: timeout waiting for thermal sensor calibration\n", 2829 sc->sc_dev.dv_xname); 2830 return ETIMEDOUT; 2831 } 2832 DPRINTF(("temperature %d\n", sc->temp)); 2833 return 0; 2834 } 2835 2836 /* 2837 * The firmware boot code is small and is intended to be copied directly into 2838 * the NIC internal memory (no DMA transfer.) 2839 */ 2840 int 2841 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2842 { 2843 int error, ntries; 2844 2845 size /= sizeof (uint32_t); 2846 2847 if ((error = wpi_nic_lock(sc)) != 0) 2848 return error; 2849 2850 /* Copy microcode image into NIC memory. */ 2851 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2852 (const uint32_t *)ucode, size); 2853 2854 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2855 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2856 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2857 2858 /* Start boot load now. */ 2859 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2860 2861 /* Wait for transfer to complete. */ 2862 for (ntries = 0; ntries < 1000; ntries++) { 2863 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2864 WPI_BSM_WR_CTRL_START)) 2865 break; 2866 DELAY(10); 2867 } 2868 if (ntries == 1000) { 2869 printf("%s: could not load boot firmware\n", 2870 sc->sc_dev.dv_xname); 2871 wpi_nic_unlock(sc); 2872 return ETIMEDOUT; 2873 } 2874 2875 /* Enable boot after power up. */ 2876 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2877 2878 wpi_nic_unlock(sc); 2879 return 0; 2880 } 2881 2882 int 2883 wpi_load_firmware(struct wpi_softc *sc) 2884 { 2885 struct wpi_fw_info *fw = &sc->fw; 2886 struct wpi_dma_info *dma = &sc->fw_dma; 2887 int error; 2888 2889 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2890 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2891 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2892 BUS_DMASYNC_PREWRITE); 2893 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2894 fw->init.text, fw->init.textsz); 2895 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2896 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2897 2898 /* Tell adapter where to find initialization sections. */ 2899 if ((error = wpi_nic_lock(sc)) != 0) 2900 return error; 2901 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2902 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2903 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2904 dma->paddr + WPI_FW_DATA_MAXSZ); 2905 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2906 wpi_nic_unlock(sc); 2907 2908 /* Load firmware boot code. */ 2909 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2910 if (error != 0) { 2911 printf("%s: could not load boot firmware\n", 2912 sc->sc_dev.dv_xname); 2913 return error; 2914 } 2915 /* Now press "execute". */ 2916 WPI_WRITE(sc, WPI_RESET, 0); 2917 2918 /* Wait at most one second for first alive notification. */ 2919 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 2920 printf("%s: timeout waiting for adapter to initialize\n", 2921 sc->sc_dev.dv_xname); 2922 return error; 2923 } 2924 2925 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2926 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2927 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2928 BUS_DMASYNC_PREWRITE); 2929 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2930 fw->main.text, fw->main.textsz); 2931 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2932 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2933 2934 /* Tell adapter where to find runtime sections. */ 2935 if ((error = wpi_nic_lock(sc)) != 0) 2936 return error; 2937 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2938 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2939 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2940 dma->paddr + WPI_FW_DATA_MAXSZ); 2941 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2942 WPI_FW_UPDATED | fw->main.textsz); 2943 wpi_nic_unlock(sc); 2944 2945 return 0; 2946 } 2947 2948 int 2949 wpi_read_firmware(struct wpi_softc *sc) 2950 { 2951 struct wpi_fw_info *fw = &sc->fw; 2952 const struct wpi_firmware_hdr *hdr; 2953 size_t size; 2954 int error; 2955 2956 /* Read firmware image from filesystem. */ 2957 if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { 2958 printf("%s: error, %d, could not read firmware %s\n", 2959 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 2960 return error; 2961 } 2962 if (size < sizeof (*hdr)) { 2963 printf("%s: truncated firmware header: %d bytes\n", 2964 sc->sc_dev.dv_xname, size); 2965 free(fw->data, M_DEVBUF); 2966 return EINVAL; 2967 } 2968 /* Extract firmware header information. */ 2969 hdr = (struct wpi_firmware_hdr *)fw->data; 2970 fw->main.textsz = letoh32(hdr->main_textsz); 2971 fw->main.datasz = letoh32(hdr->main_datasz); 2972 fw->init.textsz = letoh32(hdr->init_textsz); 2973 fw->init.datasz = letoh32(hdr->init_datasz); 2974 fw->boot.textsz = letoh32(hdr->boot_textsz); 2975 fw->boot.datasz = 0; 2976 2977 /* Sanity-check firmware header. */ 2978 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 2979 fw->main.datasz > WPI_FW_DATA_MAXSZ || 2980 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 2981 fw->init.datasz > WPI_FW_DATA_MAXSZ || 2982 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 2983 (fw->boot.textsz & 3) != 0) { 2984 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 2985 free(fw->data, M_DEVBUF); 2986 return EINVAL; 2987 } 2988 2989 /* Check that all firmware sections fit. */ 2990 if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 2991 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 2992 printf("%s: firmware file too short: %d bytes\n", 2993 sc->sc_dev.dv_xname, size); 2994 free(fw->data, M_DEVBUF); 2995 return EINVAL; 2996 } 2997 2998 /* Get pointers to firmware sections. */ 2999 fw->main.text = (const uint8_t *)(hdr + 1); 3000 fw->main.data = fw->main.text + fw->main.textsz; 3001 fw->init.text = fw->main.data + fw->main.datasz; 3002 fw->init.data = fw->init.text + fw->init.textsz; 3003 fw->boot.text = fw->init.data + fw->init.datasz; 3004 3005 return 0; 3006 } 3007 3008 int 3009 wpi_clock_wait(struct wpi_softc *sc) 3010 { 3011 int ntries; 3012 3013 /* Set "initialization complete" bit. */ 3014 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 3015 3016 /* Wait for clock stabilization. */ 3017 for (ntries = 0; ntries < 25000; ntries++) { 3018 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3019 return 0; 3020 DELAY(100); 3021 } 3022 printf("%s: timeout waiting for clock stabilization\n", 3023 sc->sc_dev.dv_xname); 3024 return ETIMEDOUT; 3025 } 3026 3027 int 3028 wpi_apm_init(struct wpi_softc *sc) 3029 { 3030 int error; 3031 3032 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3033 /* Disable L0s. */ 3034 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3035 3036 if ((error = wpi_clock_wait(sc)) != 0) 3037 return error; 3038 3039 if ((error = wpi_nic_lock(sc)) != 0) 3040 return error; 3041 /* Enable DMA. */ 3042 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3043 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3044 DELAY(20); 3045 /* Disable L1. */ 3046 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3047 wpi_nic_unlock(sc); 3048 3049 return 0; 3050 } 3051 3052 void 3053 wpi_apm_stop_master(struct wpi_softc *sc) 3054 { 3055 int ntries; 3056 3057 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3058 3059 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3060 WPI_GP_CNTRL_MAC_PS) 3061 return; /* Already asleep. */ 3062 3063 for (ntries = 0; ntries < 100; ntries++) { 3064 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3065 return; 3066 DELAY(10); 3067 } 3068 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3069 } 3070 3071 void 3072 wpi_apm_stop(struct wpi_softc *sc) 3073 { 3074 wpi_apm_stop_master(sc); 3075 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3076 } 3077 3078 void 3079 wpi_nic_config(struct wpi_softc *sc) 3080 { 3081 pcireg_t reg; 3082 uint8_t rev; 3083 3084 /* Voodoo from the reference driver. */ 3085 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3086 rev = PCI_REVISION(reg); 3087 if ((rev & 0xc0) == 0x40) 3088 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3089 else if (!(rev & 0x80)) 3090 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3091 3092 if (sc->cap == 0x80) 3093 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3094 3095 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3096 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3097 else 3098 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3099 3100 if (sc->type > 1) 3101 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3102 } 3103 3104 int 3105 wpi_hw_init(struct wpi_softc *sc) 3106 { 3107 int chnl, ntries, error; 3108 3109 /* Clear pending interrupts. */ 3110 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3111 3112 if ((error = wpi_apm_init(sc)) != 0) { 3113 printf("%s: could not power ON adapter\n", 3114 sc->sc_dev.dv_xname); 3115 return error; 3116 } 3117 3118 /* Select VMAIN power source. */ 3119 if ((error = wpi_nic_lock(sc)) != 0) 3120 return error; 3121 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3122 wpi_nic_unlock(sc); 3123 /* Spin until VMAIN gets selected. */ 3124 for (ntries = 0; ntries < 5000; ntries++) { 3125 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3126 break; 3127 DELAY(10); 3128 } 3129 if (ntries == 5000) { 3130 printf("%s: timeout selecting power source\n", 3131 sc->sc_dev.dv_xname); 3132 return ETIMEDOUT; 3133 } 3134 3135 /* Perform adapter initialization. */ 3136 (void)wpi_nic_config(sc); 3137 3138 /* Initialize RX ring. */ 3139 if ((error = wpi_nic_lock(sc)) != 0) 3140 return error; 3141 /* Set physical address of RX ring. */ 3142 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3143 /* Set physical address of RX read pointer. */ 3144 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3145 offsetof(struct wpi_shared, next)); 3146 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3147 /* Enable RX. */ 3148 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3149 WPI_FH_RX_CONFIG_DMA_ENA | 3150 WPI_FH_RX_CONFIG_RDRBD_ENA | 3151 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3152 WPI_FH_RX_CONFIG_MAXFRAG | 3153 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3154 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3155 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3156 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3157 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3158 wpi_nic_unlock(sc); 3159 3160 /* Initialize TX rings. */ 3161 if ((error = wpi_nic_lock(sc)) != 0) 3162 return error; 3163 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3164 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3165 /* Enable all 6 TX rings. */ 3166 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3167 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3168 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3169 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3170 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3171 /* Set physical address of TX rings. */ 3172 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3173 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3174 3175 /* Enable all DMA channels. */ 3176 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3177 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 3178 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 3179 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 3180 } 3181 wpi_nic_unlock(sc); 3182 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3183 3184 /* Clear "radio off" and "commands blocked" bits. */ 3185 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3186 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3187 3188 /* Clear pending interrupts. */ 3189 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3190 /* Enable interrupts. */ 3191 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3192 3193 /* _Really_ make sure "radio off" bit is cleared! */ 3194 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3195 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3196 3197 if ((error = wpi_load_firmware(sc)) != 0) { 3198 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3199 return error; 3200 } 3201 /* Wait at most one second for firmware alive notification. */ 3202 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 3203 printf("%s: timeout waiting for adapter to initialize\n", 3204 sc->sc_dev.dv_xname); 3205 return error; 3206 } 3207 /* Do post-firmware initialization. */ 3208 return wpi_post_alive(sc); 3209 } 3210 3211 void 3212 wpi_hw_stop(struct wpi_softc *sc) 3213 { 3214 int chnl, qid, ntries; 3215 uint32_t tmp; 3216 3217 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3218 3219 /* Disable interrupts. */ 3220 WPI_WRITE(sc, WPI_MASK, 0); 3221 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3222 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3223 3224 /* Make sure we no longer hold the NIC lock. */ 3225 wpi_nic_unlock(sc); 3226 3227 if (wpi_nic_lock(sc) == 0) { 3228 /* Stop TX scheduler. */ 3229 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3230 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 3231 3232 /* Stop all DMA channels. */ 3233 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3234 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 3235 for (ntries = 0; ntries < 100; ntries++) { 3236 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 3237 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) == 3238 WPI_FH_TX_STATUS_IDLE(chnl)) 3239 break; 3240 DELAY(10); 3241 } 3242 } 3243 wpi_nic_unlock(sc); 3244 } 3245 3246 /* Stop RX ring. */ 3247 wpi_reset_rx_ring(sc, &sc->rxq); 3248 3249 /* Reset all TX rings. */ 3250 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3251 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3252 3253 if (wpi_nic_lock(sc) == 0) { 3254 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3255 wpi_nic_unlock(sc); 3256 } 3257 DELAY(5); 3258 /* Power OFF adapter. */ 3259 wpi_apm_stop(sc); 3260 } 3261 3262 int 3263 wpi_init(struct ifnet *ifp) 3264 { 3265 struct wpi_softc *sc = ifp->if_softc; 3266 struct ieee80211com *ic = &sc->sc_ic; 3267 int error; 3268 3269 #ifdef notyet 3270 /* Check that the radio is not disabled by hardware switch. */ 3271 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3272 printf("%s: radio is disabled by hardware switch\n", 3273 sc->sc_dev.dv_xname); 3274 error = EPERM; /* :-) */ 3275 goto fail; 3276 } 3277 #endif 3278 /* Read firmware images from the filesystem. */ 3279 if ((error = wpi_read_firmware(sc)) != 0) { 3280 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3281 goto fail; 3282 } 3283 3284 /* Initialize hardware and upload firmware. */ 3285 error = wpi_hw_init(sc); 3286 free(sc->fw.data, M_DEVBUF); 3287 if (error != 0) { 3288 printf("%s: could not initialize hardware\n", 3289 sc->sc_dev.dv_xname); 3290 goto fail; 3291 } 3292 3293 /* Configure adapter now that it is ready. */ 3294 if ((error = wpi_config(sc)) != 0) { 3295 printf("%s: could not configure device\n", 3296 sc->sc_dev.dv_xname); 3297 goto fail; 3298 } 3299 3300 ifp->if_flags &= ~IFF_OACTIVE; 3301 ifp->if_flags |= IFF_RUNNING; 3302 3303 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3304 ieee80211_begin_scan(ifp); 3305 else 3306 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3307 3308 return 0; 3309 3310 fail: wpi_stop(ifp, 1); 3311 return error; 3312 } 3313 3314 void 3315 wpi_stop(struct ifnet *ifp, int disable) 3316 { 3317 struct wpi_softc *sc = ifp->if_softc; 3318 struct ieee80211com *ic = &sc->sc_ic; 3319 3320 ifp->if_timer = sc->sc_tx_timer = 0; 3321 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3322 3323 /* In case we were scanning, release the scan "lock". */ 3324 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 3325 3326 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3327 3328 /* Power OFF hardware. */ 3329 wpi_hw_stop(sc); 3330 } 3331