1 /* $OpenBSD: if_wpi.c,v 1.119 2014/07/12 18:48:52 tedu Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/kernel.h> 30 #include <sys/socket.h> 31 #include <sys/systm.h> 32 #include <sys/malloc.h> 33 #include <sys/conf.h> 34 #include <sys/device.h> 35 #include <sys/task.h> 36 37 #include <machine/bus.h> 38 #include <machine/endian.h> 39 #include <machine/intr.h> 40 41 #include <dev/pci/pcireg.h> 42 #include <dev/pci/pcivar.h> 43 #include <dev/pci/pcidevs.h> 44 45 #if NBPFILTER > 0 46 #include <net/bpf.h> 47 #endif 48 #include <net/if.h> 49 #include <net/if_arp.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 #include <net/if_types.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip.h> 58 59 #include <net80211/ieee80211_var.h> 60 #include <net80211/ieee80211_amrr.h> 61 #include <net80211/ieee80211_radiotap.h> 62 63 #include <dev/pci/if_wpireg.h> 64 #include <dev/pci/if_wpivar.h> 65 66 static const struct pci_matchid wpi_devices[] = { 67 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 68 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 69 }; 70 71 int wpi_match(struct device *, void *, void *); 72 void wpi_attach(struct device *, struct device *, void *); 73 #if NBPFILTER > 0 74 void wpi_radiotap_attach(struct wpi_softc *); 75 #endif 76 int wpi_detach(struct device *, int); 77 int wpi_activate(struct device *, int); 78 void wpi_wakeup(struct wpi_softc *); 79 void wpi_init_task(void *, void *); 80 int wpi_nic_lock(struct wpi_softc *); 81 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 82 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 83 void **, bus_size_t, bus_size_t); 84 void wpi_dma_contig_free(struct wpi_dma_info *); 85 int wpi_alloc_shared(struct wpi_softc *); 86 void wpi_free_shared(struct wpi_softc *); 87 int wpi_alloc_fwmem(struct wpi_softc *); 88 void wpi_free_fwmem(struct wpi_softc *); 89 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 90 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 91 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 92 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 93 int); 94 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 95 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 96 int wpi_read_eeprom(struct wpi_softc *); 97 void wpi_read_eeprom_channels(struct wpi_softc *, int); 98 void wpi_read_eeprom_group(struct wpi_softc *, int); 99 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 100 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 101 int); 102 int wpi_media_change(struct ifnet *); 103 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 104 void wpi_iter_func(void *, struct ieee80211_node *); 105 void wpi_calib_timeout(void *); 106 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 107 struct ieee80211_key *); 108 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 109 struct wpi_rx_data *); 110 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 111 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 112 void wpi_notif_intr(struct wpi_softc *); 113 void wpi_fatal_intr(struct wpi_softc *); 114 int wpi_intr(void *); 115 int wpi_tx(struct wpi_softc *, struct mbuf *, 116 struct ieee80211_node *); 117 void wpi_start(struct ifnet *); 118 void wpi_watchdog(struct ifnet *); 119 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 120 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 121 int wpi_mrr_setup(struct wpi_softc *); 122 void wpi_updateedca(struct ieee80211com *); 123 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 124 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 125 void wpi_power_calibration(struct wpi_softc *); 126 int wpi_set_txpower(struct wpi_softc *, int); 127 int wpi_get_power_index(struct wpi_softc *, 128 struct wpi_power_group *, struct ieee80211_channel *, int); 129 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 130 int wpi_config(struct wpi_softc *); 131 int wpi_scan(struct wpi_softc *, uint16_t); 132 int wpi_auth(struct wpi_softc *); 133 int wpi_run(struct wpi_softc *); 134 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 135 struct ieee80211_key *); 136 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 137 struct ieee80211_key *); 138 int wpi_post_alive(struct wpi_softc *); 139 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 140 int wpi_load_firmware(struct wpi_softc *); 141 int wpi_read_firmware(struct wpi_softc *); 142 int wpi_clock_wait(struct wpi_softc *); 143 int wpi_apm_init(struct wpi_softc *); 144 void wpi_apm_stop_master(struct wpi_softc *); 145 void wpi_apm_stop(struct wpi_softc *); 146 void wpi_nic_config(struct wpi_softc *); 147 int wpi_hw_init(struct wpi_softc *); 148 void wpi_hw_stop(struct wpi_softc *); 149 int wpi_init(struct ifnet *); 150 void wpi_stop(struct ifnet *, int); 151 152 #ifdef WPI_DEBUG 153 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 154 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 155 int wpi_debug = 0; 156 #else 157 #define DPRINTF(x) 158 #define DPRINTFN(n, x) 159 #endif 160 161 struct cfdriver wpi_cd = { 162 NULL, "wpi", DV_IFNET 163 }; 164 165 struct cfattach wpi_ca = { 166 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach, 167 wpi_activate 168 }; 169 170 int 171 wpi_match(struct device *parent, void *match, void *aux) 172 { 173 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 174 nitems(wpi_devices)); 175 } 176 177 void 178 wpi_attach(struct device *parent, struct device *self, void *aux) 179 { 180 struct wpi_softc *sc = (struct wpi_softc *)self; 181 struct ieee80211com *ic = &sc->sc_ic; 182 struct ifnet *ifp = &ic->ic_if; 183 struct pci_attach_args *pa = aux; 184 const char *intrstr; 185 pci_intr_handle_t ih; 186 pcireg_t memtype, reg; 187 int i, error; 188 189 sc->sc_pct = pa->pa_pc; 190 sc->sc_pcitag = pa->pa_tag; 191 sc->sc_dmat = pa->pa_dmat; 192 193 /* 194 * Get the offset of the PCI Express Capability Structure in PCI 195 * Configuration Space (the vendor driver hard-codes it as E0h.) 196 */ 197 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 198 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 199 if (error == 0) { 200 printf(": PCIe capability structure not found!\n"); 201 return; 202 } 203 204 /* Clear device-specific "PCI retry timeout" register (41h). */ 205 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 206 reg &= ~0xff00; 207 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 208 209 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 210 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 211 &sc->sc_sh, NULL, &sc->sc_sz, 0); 212 if (error != 0) { 213 printf(": can't map mem space\n"); 214 return; 215 } 216 217 /* Install interrupt handler. */ 218 if (pci_intr_map_msi(pa, &ih) != 0 && pci_intr_map(pa, &ih) != 0) { 219 printf(": can't map interrupt\n"); 220 return; 221 } 222 intrstr = pci_intr_string(sc->sc_pct, ih); 223 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 224 sc->sc_dev.dv_xname); 225 if (sc->sc_ih == NULL) { 226 printf(": can't establish interrupt"); 227 if (intrstr != NULL) 228 printf(" at %s", intrstr); 229 printf("\n"); 230 return; 231 } 232 printf(": %s", intrstr); 233 234 /* Power ON adapter. */ 235 if ((error = wpi_apm_init(sc)) != 0) { 236 printf(": could not power ON adapter\n"); 237 return; 238 } 239 240 /* Read MAC address, channels, etc from EEPROM. */ 241 if ((error = wpi_read_eeprom(sc)) != 0) { 242 printf(": could not read EEPROM\n"); 243 return; 244 } 245 246 /* Allocate DMA memory for firmware transfers. */ 247 if ((error = wpi_alloc_fwmem(sc)) != 0) { 248 printf(": could not allocate memory for firmware\n"); 249 return; 250 } 251 252 /* Allocate shared area. */ 253 if ((error = wpi_alloc_shared(sc)) != 0) { 254 printf(": could not allocate shared area\n"); 255 goto fail1; 256 } 257 258 /* Allocate TX rings. */ 259 for (i = 0; i < WPI_NTXQUEUES; i++) { 260 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 261 printf(": could not allocate TX ring %d\n", i); 262 goto fail2; 263 } 264 } 265 266 /* Allocate RX ring. */ 267 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 268 printf(": could not allocate Rx ring\n"); 269 goto fail2; 270 } 271 272 /* Power OFF adapter. */ 273 wpi_apm_stop(sc); 274 /* Clear pending interrupts. */ 275 WPI_WRITE(sc, WPI_INT, 0xffffffff); 276 277 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 278 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 279 ic->ic_state = IEEE80211_S_INIT; 280 281 /* Set device capabilities. */ 282 ic->ic_caps = 283 IEEE80211_C_WEP | /* WEP */ 284 IEEE80211_C_RSN | /* WPA/RSN */ 285 IEEE80211_C_MONITOR | /* monitor mode supported */ 286 IEEE80211_C_SHSLOT | /* short slot time supported */ 287 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 288 IEEE80211_C_PMGT; /* power saving supported */ 289 290 /* Set supported rates. */ 291 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 292 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 293 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 294 ic->ic_sup_rates[IEEE80211_MODE_11A] = 295 ieee80211_std_rateset_11a; 296 } 297 298 /* IBSS channel undefined for now. */ 299 ic->ic_ibss_chan = &ic->ic_channels[0]; 300 301 ifp->if_softc = sc; 302 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 303 ifp->if_ioctl = wpi_ioctl; 304 ifp->if_start = wpi_start; 305 ifp->if_watchdog = wpi_watchdog; 306 IFQ_SET_READY(&ifp->if_snd); 307 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 308 309 if_attach(ifp); 310 ieee80211_ifattach(ifp); 311 ic->ic_node_alloc = wpi_node_alloc; 312 ic->ic_newassoc = wpi_newassoc; 313 ic->ic_updateedca = wpi_updateedca; 314 ic->ic_set_key = wpi_set_key; 315 ic->ic_delete_key = wpi_delete_key; 316 317 /* Override 802.11 state transition machine. */ 318 sc->sc_newstate = ic->ic_newstate; 319 ic->ic_newstate = wpi_newstate; 320 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 321 322 sc->amrr.amrr_min_success_threshold = 1; 323 sc->amrr.amrr_max_success_threshold = 15; 324 325 #if NBPFILTER > 0 326 wpi_radiotap_attach(sc); 327 #endif 328 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 329 task_set(&sc->init_task, wpi_init_task, sc, NULL); 330 return; 331 332 /* Free allocated memory if something failed during attachment. */ 333 fail2: while (--i >= 0) 334 wpi_free_tx_ring(sc, &sc->txq[i]); 335 wpi_free_shared(sc); 336 fail1: wpi_free_fwmem(sc); 337 } 338 339 #if NBPFILTER > 0 340 /* 341 * Attach the interface to 802.11 radiotap. 342 */ 343 void 344 wpi_radiotap_attach(struct wpi_softc *sc) 345 { 346 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 347 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 348 349 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 350 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 351 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 352 353 sc->sc_txtap_len = sizeof sc->sc_txtapu; 354 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 355 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 356 } 357 #endif 358 359 int 360 wpi_detach(struct device *self, int flags) 361 { 362 struct wpi_softc *sc = (struct wpi_softc *)self; 363 struct ifnet *ifp = &sc->sc_ic.ic_if; 364 int qid; 365 366 timeout_del(&sc->calib_to); 367 task_del(systq, &sc->init_task); 368 369 /* Uninstall interrupt handler. */ 370 if (sc->sc_ih != NULL) 371 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 372 373 /* Free DMA resources. */ 374 wpi_free_rx_ring(sc, &sc->rxq); 375 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 376 wpi_free_tx_ring(sc, &sc->txq[qid]); 377 wpi_free_shared(sc); 378 wpi_free_fwmem(sc); 379 380 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 381 382 ieee80211_ifdetach(ifp); 383 if_detach(ifp); 384 385 return 0; 386 } 387 388 int 389 wpi_activate(struct device *self, int act) 390 { 391 struct wpi_softc *sc = (struct wpi_softc *)self; 392 struct ifnet *ifp = &sc->sc_ic.ic_if; 393 394 switch (act) { 395 case DVACT_SUSPEND: 396 if (ifp->if_flags & IFF_RUNNING) 397 wpi_stop(ifp, 0); 398 break; 399 case DVACT_WAKEUP: 400 wpi_wakeup(sc); 401 break; 402 } 403 404 return 0; 405 } 406 407 void 408 wpi_wakeup(struct wpi_softc *sc) 409 { 410 pcireg_t reg; 411 412 /* Clear device-specific "PCI retry timeout" register (41h). */ 413 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 414 reg &= ~0xff00; 415 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 416 417 wpi_init_task(sc, NULL); 418 } 419 420 void 421 wpi_init_task(void *arg1, void *args2) 422 { 423 struct wpi_softc *sc = arg1; 424 struct ifnet *ifp = &sc->sc_ic.ic_if; 425 int s; 426 427 s = splnet(); 428 while (sc->sc_flags & WPI_FLAG_BUSY) 429 tsleep(&sc->sc_flags, 0, "wpipwr", 0); 430 sc->sc_flags |= WPI_FLAG_BUSY; 431 432 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP) 433 wpi_init(ifp); 434 435 sc->sc_flags &= ~WPI_FLAG_BUSY; 436 wakeup(&sc->sc_flags); 437 splx(s); 438 } 439 440 int 441 wpi_nic_lock(struct wpi_softc *sc) 442 { 443 int ntries; 444 445 /* Request exclusive access to NIC. */ 446 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 447 448 /* Spin until we actually get the lock. */ 449 for (ntries = 0; ntries < 1000; ntries++) { 450 if ((WPI_READ(sc, WPI_GP_CNTRL) & 451 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 452 WPI_GP_CNTRL_MAC_ACCESS_ENA) 453 return 0; 454 DELAY(10); 455 } 456 return ETIMEDOUT; 457 } 458 459 static __inline void 460 wpi_nic_unlock(struct wpi_softc *sc) 461 { 462 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 463 } 464 465 static __inline uint32_t 466 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 467 { 468 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 469 WPI_BARRIER_READ_WRITE(sc); 470 return WPI_READ(sc, WPI_PRPH_RDATA); 471 } 472 473 static __inline void 474 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 475 { 476 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 477 WPI_BARRIER_WRITE(sc); 478 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 479 } 480 481 static __inline void 482 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 483 { 484 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 485 } 486 487 static __inline void 488 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 489 { 490 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 491 } 492 493 static __inline void 494 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 495 const uint32_t *data, int count) 496 { 497 for (; count > 0; count--, data++, addr += 4) 498 wpi_prph_write(sc, addr, *data); 499 } 500 501 static __inline uint32_t 502 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 503 { 504 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 505 WPI_BARRIER_READ_WRITE(sc); 506 return WPI_READ(sc, WPI_MEM_RDATA); 507 } 508 509 static __inline void 510 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 511 { 512 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 513 WPI_BARRIER_WRITE(sc); 514 WPI_WRITE(sc, WPI_MEM_WDATA, data); 515 } 516 517 static __inline void 518 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 519 int count) 520 { 521 for (; count > 0; count--, addr += 4) 522 *data++ = wpi_mem_read(sc, addr); 523 } 524 525 int 526 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 527 { 528 uint8_t *out = data; 529 uint32_t val; 530 int error, ntries; 531 532 if ((error = wpi_nic_lock(sc)) != 0) 533 return error; 534 535 for (; count > 0; count -= 2, addr++) { 536 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 537 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 538 539 for (ntries = 0; ntries < 10; ntries++) { 540 val = WPI_READ(sc, WPI_EEPROM); 541 if (val & WPI_EEPROM_READ_VALID) 542 break; 543 DELAY(5); 544 } 545 if (ntries == 10) { 546 printf("%s: could not read EEPROM\n", 547 sc->sc_dev.dv_xname); 548 return ETIMEDOUT; 549 } 550 *out++ = val >> 16; 551 if (count > 1) 552 *out++ = val >> 24; 553 } 554 555 wpi_nic_unlock(sc); 556 return 0; 557 } 558 559 int 560 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 561 bus_size_t size, bus_size_t alignment) 562 { 563 int nsegs, error; 564 565 dma->tag = tag; 566 dma->size = size; 567 568 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 569 &dma->map); 570 if (error != 0) 571 goto fail; 572 573 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 574 BUS_DMA_NOWAIT | BUS_DMA_ZERO); 575 if (error != 0) 576 goto fail; 577 578 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 579 BUS_DMA_NOWAIT | BUS_DMA_COHERENT); 580 if (error != 0) 581 goto fail; 582 583 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, 584 BUS_DMA_NOWAIT); 585 if (error != 0) 586 goto fail; 587 588 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 589 590 dma->paddr = dma->map->dm_segs[0].ds_addr; 591 if (kvap != NULL) 592 *kvap = dma->vaddr; 593 594 return 0; 595 596 fail: wpi_dma_contig_free(dma); 597 return error; 598 } 599 600 void 601 wpi_dma_contig_free(struct wpi_dma_info *dma) 602 { 603 if (dma->map != NULL) { 604 if (dma->vaddr != NULL) { 605 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 606 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 607 bus_dmamap_unload(dma->tag, dma->map); 608 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 609 bus_dmamem_free(dma->tag, &dma->seg, 1); 610 dma->vaddr = NULL; 611 } 612 bus_dmamap_destroy(dma->tag, dma->map); 613 dma->map = NULL; 614 } 615 } 616 617 int 618 wpi_alloc_shared(struct wpi_softc *sc) 619 { 620 /* Shared buffer must be aligned on a 4KB boundary. */ 621 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 622 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 623 } 624 625 void 626 wpi_free_shared(struct wpi_softc *sc) 627 { 628 wpi_dma_contig_free(&sc->shared_dma); 629 } 630 631 int 632 wpi_alloc_fwmem(struct wpi_softc *sc) 633 { 634 /* Allocate enough contiguous space to store text and data. */ 635 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 636 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 637 } 638 639 void 640 wpi_free_fwmem(struct wpi_softc *sc) 641 { 642 wpi_dma_contig_free(&sc->fw_dma); 643 } 644 645 int 646 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 647 { 648 bus_size_t size; 649 int i, error; 650 651 ring->cur = 0; 652 653 /* Allocate RX descriptors (16KB aligned.) */ 654 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 655 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 656 (void **)&ring->desc, size, 16 * 1024); 657 if (error != 0) { 658 printf("%s: could not allocate RX ring DMA memory\n", 659 sc->sc_dev.dv_xname); 660 goto fail; 661 } 662 663 /* 664 * Allocate and map RX buffers. 665 */ 666 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 667 struct wpi_rx_data *data = &ring->data[i]; 668 669 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1, 670 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map); 671 if (error != 0) { 672 printf("%s: could not create RX buf DMA map\n", 673 sc->sc_dev.dv_xname); 674 goto fail; 675 } 676 677 data->m = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 678 if (data->m == NULL) { 679 printf("%s: could not allocate RX mbuf\n", 680 sc->sc_dev.dv_xname); 681 error = ENOBUFS; 682 goto fail; 683 } 684 685 error = bus_dmamap_load(sc->sc_dmat, data->map, 686 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 687 BUS_DMA_NOWAIT | BUS_DMA_READ); 688 if (error != 0) { 689 printf("%s: can't map mbuf (error %d)\n", 690 sc->sc_dev.dv_xname, error); 691 goto fail; 692 } 693 694 /* Set physical address of RX buffer. */ 695 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr); 696 } 697 698 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 699 BUS_DMASYNC_PREWRITE); 700 701 return 0; 702 703 fail: wpi_free_rx_ring(sc, ring); 704 return error; 705 } 706 707 void 708 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 709 { 710 int ntries; 711 712 if (wpi_nic_lock(sc) == 0) { 713 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 714 for (ntries = 0; ntries < 100; ntries++) { 715 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 716 WPI_FH_RX_STATUS_IDLE) 717 break; 718 DELAY(10); 719 } 720 wpi_nic_unlock(sc); 721 } 722 ring->cur = 0; 723 } 724 725 void 726 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 727 { 728 int i; 729 730 wpi_dma_contig_free(&ring->desc_dma); 731 732 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 733 struct wpi_rx_data *data = &ring->data[i]; 734 735 if (data->m != NULL) { 736 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 737 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 738 bus_dmamap_unload(sc->sc_dmat, data->map); 739 m_freem(data->m); 740 } 741 if (data->map != NULL) 742 bus_dmamap_destroy(sc->sc_dmat, data->map); 743 } 744 } 745 746 int 747 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 748 { 749 bus_addr_t paddr; 750 bus_size_t size; 751 int i, error; 752 753 ring->qid = qid; 754 ring->queued = 0; 755 ring->cur = 0; 756 757 /* Allocate TX descriptors (16KB aligned.) */ 758 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 759 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 760 (void **)&ring->desc, size, 16 * 1024); 761 if (error != 0) { 762 printf("%s: could not allocate TX ring DMA memory\n", 763 sc->sc_dev.dv_xname); 764 goto fail; 765 } 766 767 /* Update shared area with ring physical address. */ 768 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 769 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 770 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 771 772 /* 773 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 774 * to allocate commands space for other rings. 775 * XXX Do we really need to allocate descriptors for other rings? 776 */ 777 if (qid > 4) 778 return 0; 779 780 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 781 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 782 (void **)&ring->cmd, size, 4); 783 if (error != 0) { 784 printf("%s: could not allocate TX cmd DMA memory\n", 785 sc->sc_dev.dv_xname); 786 goto fail; 787 } 788 789 paddr = ring->cmd_dma.paddr; 790 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 791 struct wpi_tx_data *data = &ring->data[i]; 792 793 data->cmd_paddr = paddr; 794 paddr += sizeof (struct wpi_tx_cmd); 795 796 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 797 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 798 &data->map); 799 if (error != 0) { 800 printf("%s: could not create TX buf DMA map\n", 801 sc->sc_dev.dv_xname); 802 goto fail; 803 } 804 } 805 return 0; 806 807 fail: wpi_free_tx_ring(sc, ring); 808 return error; 809 } 810 811 void 812 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 813 { 814 int i; 815 816 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 817 struct wpi_tx_data *data = &ring->data[i]; 818 819 if (data->m != NULL) { 820 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 821 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 822 bus_dmamap_unload(sc->sc_dmat, data->map); 823 m_freem(data->m); 824 data->m = NULL; 825 } 826 } 827 /* Clear TX descriptors. */ 828 memset(ring->desc, 0, ring->desc_dma.size); 829 sc->qfullmsk &= ~(1 << ring->qid); 830 ring->queued = 0; 831 ring->cur = 0; 832 } 833 834 void 835 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 836 { 837 int i; 838 839 wpi_dma_contig_free(&ring->desc_dma); 840 wpi_dma_contig_free(&ring->cmd_dma); 841 842 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 843 struct wpi_tx_data *data = &ring->data[i]; 844 845 if (data->m != NULL) { 846 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 847 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 848 bus_dmamap_unload(sc->sc_dmat, data->map); 849 m_freem(data->m); 850 } 851 if (data->map != NULL) 852 bus_dmamap_destroy(sc->sc_dmat, data->map); 853 } 854 } 855 856 int 857 wpi_read_eeprom(struct wpi_softc *sc) 858 { 859 struct ieee80211com *ic = &sc->sc_ic; 860 char domain[4]; 861 int i; 862 863 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 864 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 865 return EIO; 866 } 867 /* Clear HW ownership of EEPROM. */ 868 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 869 870 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 871 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 872 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 873 874 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 875 sc->type)); 876 877 /* Read and print regulatory domain (4 ASCII characters.) */ 878 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 879 printf(", %.4s", domain); 880 881 /* Read and print MAC address. */ 882 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 883 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 884 885 /* Read the list of authorized channels. */ 886 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 887 wpi_read_eeprom_channels(sc, i); 888 889 /* Read the list of TX power groups. */ 890 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 891 wpi_read_eeprom_group(sc, i); 892 893 return 0; 894 } 895 896 void 897 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 898 { 899 struct ieee80211com *ic = &sc->sc_ic; 900 const struct wpi_chan_band *band = &wpi_bands[n]; 901 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 902 int chan, i; 903 904 wpi_read_prom_data(sc, band->addr, channels, 905 band->nchan * sizeof (struct wpi_eeprom_chan)); 906 907 for (i = 0; i < band->nchan; i++) { 908 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 909 continue; 910 911 chan = band->chan[i]; 912 913 if (n == 0) { /* 2GHz band */ 914 ic->ic_channels[chan].ic_freq = 915 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 916 ic->ic_channels[chan].ic_flags = 917 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 918 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 919 920 } else { /* 5GHz band */ 921 /* 922 * Some adapters support channels 7, 8, 11 and 12 923 * both in the 2GHz and 4.9GHz bands. 924 * Because of limitations in our net80211 layer, 925 * we don't support them in the 4.9GHz band. 926 */ 927 if (chan <= 14) 928 continue; 929 930 ic->ic_channels[chan].ic_freq = 931 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 932 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 933 /* We have at least one valid 5GHz channel. */ 934 sc->sc_flags |= WPI_FLAG_HAS_5GHZ; 935 } 936 937 /* Is active scan allowed on this channel? */ 938 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 939 ic->ic_channels[chan].ic_flags |= 940 IEEE80211_CHAN_PASSIVE; 941 } 942 943 /* Save maximum allowed TX power for this channel. */ 944 sc->maxpwr[chan] = channels[i].maxpwr; 945 946 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 947 chan, channels[i].flags, sc->maxpwr[chan])); 948 } 949 } 950 951 void 952 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 953 { 954 struct wpi_power_group *group = &sc->groups[n]; 955 struct wpi_eeprom_group rgroup; 956 int i; 957 958 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 959 sizeof rgroup); 960 961 /* Save TX power group information. */ 962 group->chan = rgroup.chan; 963 group->maxpwr = rgroup.maxpwr; 964 /* Retrieve temperature at which the samples were taken. */ 965 group->temp = (int16_t)letoh16(rgroup.temp); 966 967 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 968 group->chan, group->maxpwr, group->temp)); 969 970 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 971 group->samples[i].index = rgroup.samples[i].index; 972 group->samples[i].power = rgroup.samples[i].power; 973 974 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 975 group->samples[i].index, group->samples[i].power)); 976 } 977 } 978 979 struct ieee80211_node * 980 wpi_node_alloc(struct ieee80211com *ic) 981 { 982 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 983 } 984 985 void 986 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 987 { 988 struct wpi_softc *sc = ic->ic_if.if_softc; 989 struct wpi_node *wn = (void *)ni; 990 uint8_t rate; 991 int ridx, i; 992 993 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 994 /* Start at lowest available bit-rate, AMRR will raise. */ 995 ni->ni_txrate = 0; 996 997 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 998 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 999 /* Map 802.11 rate to HW rate index. */ 1000 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1001 if (wpi_rates[ridx].rate == rate) 1002 break; 1003 wn->ridx[i] = ridx; 1004 } 1005 } 1006 1007 int 1008 wpi_media_change(struct ifnet *ifp) 1009 { 1010 struct wpi_softc *sc = ifp->if_softc; 1011 struct ieee80211com *ic = &sc->sc_ic; 1012 uint8_t rate, ridx; 1013 int error; 1014 1015 error = ieee80211_media_change(ifp); 1016 if (error != ENETRESET) 1017 return error; 1018 1019 if (ic->ic_fixed_rate != -1) { 1020 rate = ic->ic_sup_rates[ic->ic_curmode]. 1021 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1022 /* Map 802.11 rate to HW rate index. */ 1023 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1024 if (wpi_rates[ridx].rate == rate) 1025 break; 1026 sc->fixed_ridx = ridx; 1027 } 1028 1029 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1030 (IFF_UP | IFF_RUNNING)) { 1031 wpi_stop(ifp, 0); 1032 error = wpi_init(ifp); 1033 } 1034 return error; 1035 } 1036 1037 int 1038 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1039 { 1040 struct ifnet *ifp = &ic->ic_if; 1041 struct wpi_softc *sc = ifp->if_softc; 1042 int error; 1043 1044 timeout_del(&sc->calib_to); 1045 1046 switch (nstate) { 1047 case IEEE80211_S_SCAN: 1048 /* Make the link LED blink while we're scanning. */ 1049 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1050 1051 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1052 printf("%s: could not initiate scan\n", 1053 sc->sc_dev.dv_xname); 1054 return error; 1055 } 1056 ic->ic_state = nstate; 1057 return 0; 1058 1059 case IEEE80211_S_ASSOC: 1060 if (ic->ic_state != IEEE80211_S_RUN) 1061 break; 1062 /* FALLTHROUGH */ 1063 case IEEE80211_S_AUTH: 1064 /* Reset state to handle reassociations correctly. */ 1065 sc->rxon.associd = 0; 1066 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1067 1068 if ((error = wpi_auth(sc)) != 0) { 1069 printf("%s: could not move to auth state\n", 1070 sc->sc_dev.dv_xname); 1071 return error; 1072 } 1073 break; 1074 1075 case IEEE80211_S_RUN: 1076 if ((error = wpi_run(sc)) != 0) { 1077 printf("%s: could not move to run state\n", 1078 sc->sc_dev.dv_xname); 1079 return error; 1080 } 1081 break; 1082 1083 case IEEE80211_S_INIT: 1084 break; 1085 } 1086 1087 return sc->sc_newstate(ic, nstate, arg); 1088 } 1089 1090 void 1091 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1092 { 1093 struct wpi_softc *sc = arg; 1094 struct wpi_node *wn = (struct wpi_node *)ni; 1095 1096 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1097 } 1098 1099 void 1100 wpi_calib_timeout(void *arg) 1101 { 1102 struct wpi_softc *sc = arg; 1103 struct ieee80211com *ic = &sc->sc_ic; 1104 int s; 1105 1106 s = splnet(); 1107 /* Automatic rate control triggered every 500ms. */ 1108 if (ic->ic_fixed_rate == -1) { 1109 if (ic->ic_opmode == IEEE80211_M_STA) 1110 wpi_iter_func(sc, ic->ic_bss); 1111 else 1112 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1113 } 1114 1115 /* Force automatic TX power calibration every 60 secs. */ 1116 if (++sc->calib_cnt >= 120) { 1117 wpi_power_calibration(sc); 1118 sc->calib_cnt = 0; 1119 } 1120 splx(s); 1121 1122 /* Automatic rate control triggered every 500ms. */ 1123 timeout_add_msec(&sc->calib_to, 500); 1124 } 1125 1126 int 1127 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1128 { 1129 struct ieee80211_frame *wh; 1130 uint64_t pn, *prsc; 1131 uint8_t *ivp; 1132 uint8_t tid; 1133 int hdrlen; 1134 1135 wh = mtod(m, struct ieee80211_frame *); 1136 hdrlen = ieee80211_get_hdrlen(wh); 1137 ivp = (uint8_t *)wh + hdrlen; 1138 1139 /* Check that ExtIV bit is be set. */ 1140 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1141 DPRINTF(("CCMP decap ExtIV not set\n")); 1142 return 1; 1143 } 1144 tid = ieee80211_has_qos(wh) ? 1145 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1146 prsc = &k->k_rsc[tid]; 1147 1148 /* Extract the 48-bit PN from the CCMP header. */ 1149 pn = (uint64_t)ivp[0] | 1150 (uint64_t)ivp[1] << 8 | 1151 (uint64_t)ivp[4] << 16 | 1152 (uint64_t)ivp[5] << 24 | 1153 (uint64_t)ivp[6] << 32 | 1154 (uint64_t)ivp[7] << 40; 1155 if (pn <= *prsc) { 1156 /* 1157 * Not necessarily a replayed frame since we did not check 1158 * the sequence number of the 802.11 header yet. 1159 */ 1160 DPRINTF(("CCMP replayed\n")); 1161 return 1; 1162 } 1163 /* Update last seen packet number. */ 1164 *prsc = pn; 1165 1166 /* Clear Protected bit and strip IV. */ 1167 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1168 memmove(mtod(m, caddr_t) + IEEE80211_CCMP_HDRLEN, wh, hdrlen); 1169 m_adj(m, IEEE80211_CCMP_HDRLEN); 1170 /* Strip MIC. */ 1171 m_adj(m, -IEEE80211_CCMP_MICLEN); 1172 return 0; 1173 } 1174 1175 void 1176 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1177 struct wpi_rx_data *data) 1178 { 1179 struct ieee80211com *ic = &sc->sc_ic; 1180 struct ifnet *ifp = &ic->ic_if; 1181 struct wpi_rx_ring *ring = &sc->rxq; 1182 struct wpi_rx_stat *stat; 1183 struct wpi_rx_head *head; 1184 struct wpi_rx_tail *tail; 1185 struct ieee80211_frame *wh; 1186 struct ieee80211_rxinfo rxi; 1187 struct ieee80211_node *ni; 1188 struct mbuf *m, *m1; 1189 uint32_t flags; 1190 int error; 1191 1192 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE, 1193 BUS_DMASYNC_POSTREAD); 1194 stat = (struct wpi_rx_stat *)(desc + 1); 1195 1196 if (stat->len > WPI_STAT_MAXLEN) { 1197 printf("%s: invalid RX statistic header\n", 1198 sc->sc_dev.dv_xname); 1199 ifp->if_ierrors++; 1200 return; 1201 } 1202 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1203 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1204 flags = letoh32(tail->flags); 1205 1206 /* Discard frames with a bad FCS early. */ 1207 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1208 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1209 ifp->if_ierrors++; 1210 return; 1211 } 1212 /* Discard frames that are too short. */ 1213 if (letoh16(head->len) < sizeof (*wh)) { 1214 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1215 ic->ic_stats.is_rx_tooshort++; 1216 ifp->if_ierrors++; 1217 return; 1218 } 1219 1220 m1 = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 1221 if (m1 == NULL) { 1222 ic->ic_stats.is_rx_nombuf++; 1223 ifp->if_ierrors++; 1224 return; 1225 } 1226 bus_dmamap_unload(sc->sc_dmat, data->map); 1227 1228 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 1229 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 1230 if (error != 0) { 1231 m_freem(m1); 1232 1233 /* Try to reload the old mbuf. */ 1234 error = bus_dmamap_load(sc->sc_dmat, data->map, 1235 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 1236 BUS_DMA_NOWAIT | BUS_DMA_READ); 1237 if (error != 0) { 1238 panic("%s: could not load old RX mbuf", 1239 sc->sc_dev.dv_xname); 1240 } 1241 /* Physical address may have changed. */ 1242 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1243 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1244 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1245 BUS_DMASYNC_PREWRITE); 1246 ifp->if_ierrors++; 1247 return; 1248 } 1249 1250 m = data->m; 1251 data->m = m1; 1252 /* Update RX descriptor. */ 1253 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1254 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1255 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1256 BUS_DMASYNC_PREWRITE); 1257 1258 /* Finalize mbuf. */ 1259 m->m_pkthdr.rcvif = ifp; 1260 m->m_data = (caddr_t)(head + 1); 1261 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1262 1263 /* Grab a reference to the source node. */ 1264 wh = mtod(m, struct ieee80211_frame *); 1265 ni = ieee80211_find_rxnode(ic, wh); 1266 1267 rxi.rxi_flags = 0; 1268 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1269 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1270 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1271 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1272 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1273 ic->ic_stats.is_ccmp_dec_errs++; 1274 ifp->if_ierrors++; 1275 m_freem(m); 1276 return; 1277 } 1278 /* Check whether decryption was successful or not. */ 1279 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1280 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1281 ic->ic_stats.is_ccmp_dec_errs++; 1282 ifp->if_ierrors++; 1283 m_freem(m); 1284 return; 1285 } 1286 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1287 ifp->if_ierrors++; 1288 m_freem(m); 1289 return; 1290 } 1291 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1292 } 1293 1294 #if NBPFILTER > 0 1295 if (sc->sc_drvbpf != NULL) { 1296 struct mbuf mb; 1297 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1298 1299 tap->wr_flags = 0; 1300 if (letoh16(head->flags) & 0x4) 1301 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1302 tap->wr_chan_freq = 1303 htole16(ic->ic_channels[head->chan].ic_freq); 1304 tap->wr_chan_flags = 1305 htole16(ic->ic_channels[head->chan].ic_flags); 1306 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1307 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1308 tap->wr_tsft = tail->tstamp; 1309 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1310 switch (head->rate) { 1311 /* CCK rates. */ 1312 case 10: tap->wr_rate = 2; break; 1313 case 20: tap->wr_rate = 4; break; 1314 case 55: tap->wr_rate = 11; break; 1315 case 110: tap->wr_rate = 22; break; 1316 /* OFDM rates. */ 1317 case 0xd: tap->wr_rate = 12; break; 1318 case 0xf: tap->wr_rate = 18; break; 1319 case 0x5: tap->wr_rate = 24; break; 1320 case 0x7: tap->wr_rate = 36; break; 1321 case 0x9: tap->wr_rate = 48; break; 1322 case 0xb: tap->wr_rate = 72; break; 1323 case 0x1: tap->wr_rate = 96; break; 1324 case 0x3: tap->wr_rate = 108; break; 1325 /* Unknown rate: should not happen. */ 1326 default: tap->wr_rate = 0; 1327 } 1328 1329 mb.m_data = (caddr_t)tap; 1330 mb.m_len = sc->sc_rxtap_len; 1331 mb.m_next = m; 1332 mb.m_nextpkt = NULL; 1333 mb.m_type = 0; 1334 mb.m_flags = 0; 1335 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1336 } 1337 #endif 1338 1339 /* Send the frame to the 802.11 layer. */ 1340 rxi.rxi_rssi = stat->rssi; 1341 rxi.rxi_tstamp = 0; /* unused */ 1342 ieee80211_input(ifp, m, ni, &rxi); 1343 1344 /* Node is no longer needed. */ 1345 ieee80211_release_node(ic, ni); 1346 } 1347 1348 void 1349 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1350 { 1351 struct ieee80211com *ic = &sc->sc_ic; 1352 struct ifnet *ifp = &ic->ic_if; 1353 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1354 struct wpi_tx_data *data = &ring->data[desc->idx]; 1355 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1356 struct wpi_node *wn = (struct wpi_node *)data->ni; 1357 1358 /* Update rate control statistics. */ 1359 wn->amn.amn_txcnt++; 1360 if (stat->retrycnt > 0) 1361 wn->amn.amn_retrycnt++; 1362 1363 if ((letoh32(stat->status) & 0xff) != 1) 1364 ifp->if_oerrors++; 1365 else 1366 ifp->if_opackets++; 1367 1368 /* Unmap and free mbuf. */ 1369 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1370 BUS_DMASYNC_POSTWRITE); 1371 bus_dmamap_unload(sc->sc_dmat, data->map); 1372 m_freem(data->m); 1373 data->m = NULL; 1374 ieee80211_release_node(ic, data->ni); 1375 data->ni = NULL; 1376 1377 sc->sc_tx_timer = 0; 1378 if (--ring->queued < WPI_TX_RING_LOMARK) { 1379 sc->qfullmsk &= ~(1 << ring->qid); 1380 if (sc->qfullmsk == 0 && (ifp->if_flags & IFF_OACTIVE)) { 1381 ifp->if_flags &= ~IFF_OACTIVE; 1382 (*ifp->if_start)(ifp); 1383 } 1384 } 1385 } 1386 1387 void 1388 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1389 { 1390 struct wpi_tx_ring *ring = &sc->txq[4]; 1391 struct wpi_tx_data *data; 1392 1393 if ((desc->qid & 7) != 4) 1394 return; /* Not a command ack. */ 1395 1396 data = &ring->data[desc->idx]; 1397 1398 /* If the command was mapped in an mbuf, free it. */ 1399 if (data->m != NULL) { 1400 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1401 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1402 bus_dmamap_unload(sc->sc_dmat, data->map); 1403 m_freem(data->m); 1404 data->m = NULL; 1405 } 1406 wakeup(&ring->cmd[desc->idx]); 1407 } 1408 1409 void 1410 wpi_notif_intr(struct wpi_softc *sc) 1411 { 1412 struct ieee80211com *ic = &sc->sc_ic; 1413 struct ifnet *ifp = &ic->ic_if; 1414 uint32_t hw; 1415 1416 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1417 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1418 1419 hw = letoh32(sc->shared->next); 1420 while (sc->rxq.cur != hw) { 1421 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1422 struct wpi_rx_desc *desc; 1423 1424 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 1425 BUS_DMASYNC_POSTREAD); 1426 desc = mtod(data->m, struct wpi_rx_desc *); 1427 1428 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1429 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1430 letoh32(desc->len))); 1431 1432 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1433 wpi_cmd_done(sc, desc); 1434 1435 switch (desc->type) { 1436 case WPI_RX_DONE: 1437 /* An 802.11 frame has been received. */ 1438 wpi_rx_done(sc, desc, data); 1439 break; 1440 1441 case WPI_TX_DONE: 1442 /* An 802.11 frame has been transmitted. */ 1443 wpi_tx_done(sc, desc); 1444 break; 1445 1446 case WPI_UC_READY: 1447 { 1448 struct wpi_ucode_info *uc = 1449 (struct wpi_ucode_info *)(desc + 1); 1450 1451 /* The microcontroller is ready. */ 1452 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1453 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1454 DPRINTF(("microcode alive notification version %x " 1455 "alive %x\n", letoh32(uc->version), 1456 letoh32(uc->valid))); 1457 1458 if (letoh32(uc->valid) != 1) { 1459 printf("%s: microcontroller initialization " 1460 "failed\n", sc->sc_dev.dv_xname); 1461 } 1462 if (uc->subtype != WPI_UCODE_INIT) { 1463 /* Save the address of the error log. */ 1464 sc->errptr = letoh32(uc->errptr); 1465 } 1466 break; 1467 } 1468 case WPI_STATE_CHANGED: 1469 { 1470 uint32_t *status = (uint32_t *)(desc + 1); 1471 1472 /* Enabled/disabled notification. */ 1473 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1474 sizeof (*status), BUS_DMASYNC_POSTREAD); 1475 DPRINTF(("state changed to %x\n", letoh32(*status))); 1476 1477 if (letoh32(*status) & 1) { 1478 /* The radio button has to be pushed. */ 1479 printf("%s: Radio transmitter is off\n", 1480 sc->sc_dev.dv_xname); 1481 /* Turn the interface down. */ 1482 ifp->if_flags &= ~IFF_UP; 1483 wpi_stop(ifp, 1); 1484 return; /* No further processing. */ 1485 } 1486 break; 1487 } 1488 case WPI_START_SCAN: 1489 { 1490 struct wpi_start_scan *scan = 1491 (struct wpi_start_scan *)(desc + 1); 1492 1493 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1494 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1495 DPRINTFN(2, ("scanning channel %d status %x\n", 1496 scan->chan, letoh32(scan->status))); 1497 1498 /* Fix current channel. */ 1499 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1500 break; 1501 } 1502 case WPI_STOP_SCAN: 1503 { 1504 struct wpi_stop_scan *scan = 1505 (struct wpi_stop_scan *)(desc + 1); 1506 1507 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1508 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1509 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1510 scan->nchan, scan->status, scan->chan)); 1511 1512 if (scan->status == 1 && scan->chan <= 14 && 1513 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1514 /* 1515 * We just finished scanning 2GHz channels, 1516 * start scanning 5GHz ones. 1517 */ 1518 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1519 break; 1520 } 1521 ieee80211_end_scan(ifp); 1522 break; 1523 } 1524 } 1525 1526 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1527 } 1528 1529 /* Tell the firmware what we have processed. */ 1530 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1531 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1532 } 1533 1534 /* 1535 * Dump the error log of the firmware when a firmware panic occurs. Although 1536 * we can't debug the firmware because it is neither open source nor free, it 1537 * can help us to identify certain classes of problems. 1538 */ 1539 void 1540 wpi_fatal_intr(struct wpi_softc *sc) 1541 { 1542 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1543 struct wpi_fwdump dump; 1544 uint32_t i, offset, count; 1545 1546 /* Check that the error log address is valid. */ 1547 if (sc->errptr < WPI_FW_DATA_BASE || 1548 sc->errptr + sizeof (dump) > 1549 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1550 printf("%s: bad firmware error log address 0x%08x\n", 1551 sc->sc_dev.dv_xname, sc->errptr); 1552 return; 1553 } 1554 1555 if (wpi_nic_lock(sc) != 0) { 1556 printf("%s: could not read firmware error log\n", 1557 sc->sc_dev.dv_xname); 1558 return; 1559 } 1560 /* Read number of entries in the log. */ 1561 count = wpi_mem_read(sc, sc->errptr); 1562 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1563 printf("%s: invalid count field (count=%u)\n", 1564 sc->sc_dev.dv_xname, count); 1565 wpi_nic_unlock(sc); 1566 return; 1567 } 1568 /* Skip "count" field. */ 1569 offset = sc->errptr + sizeof (uint32_t); 1570 printf("firmware error log (count=%u):\n", count); 1571 for (i = 0; i < count; i++) { 1572 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1573 sizeof (dump) / sizeof (uint32_t)); 1574 1575 printf(" error type = \"%s\" (0x%08X)\n", 1576 (dump.desc < N(wpi_fw_errmsg)) ? 1577 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1578 dump.desc); 1579 printf(" error data = 0x%08X\n", 1580 dump.data); 1581 printf(" branch link = 0x%08X%08X\n", 1582 dump.blink[0], dump.blink[1]); 1583 printf(" interrupt link = 0x%08X%08X\n", 1584 dump.ilink[0], dump.ilink[1]); 1585 printf(" time = %u\n", dump.time); 1586 1587 offset += sizeof (dump); 1588 } 1589 wpi_nic_unlock(sc); 1590 /* Dump driver status (TX and RX rings) while we're here. */ 1591 printf("driver status:\n"); 1592 for (i = 0; i < 6; i++) { 1593 struct wpi_tx_ring *ring = &sc->txq[i]; 1594 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1595 i, ring->qid, ring->cur, ring->queued); 1596 } 1597 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1598 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1599 #undef N 1600 } 1601 1602 int 1603 wpi_intr(void *arg) 1604 { 1605 struct wpi_softc *sc = arg; 1606 struct ifnet *ifp = &sc->sc_ic.ic_if; 1607 uint32_t r1, r2; 1608 1609 /* Disable interrupts. */ 1610 WPI_WRITE(sc, WPI_MASK, 0); 1611 1612 r1 = WPI_READ(sc, WPI_INT); 1613 r2 = WPI_READ(sc, WPI_FH_INT); 1614 1615 if (r1 == 0 && r2 == 0) { 1616 if (ifp->if_flags & IFF_UP) 1617 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1618 return 0; /* Interrupt not for us. */ 1619 } 1620 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1621 return 0; /* Hardware gone! */ 1622 1623 /* Acknowledge interrupts. */ 1624 WPI_WRITE(sc, WPI_INT, r1); 1625 WPI_WRITE(sc, WPI_FH_INT, r2); 1626 1627 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1628 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1629 /* Dump firmware error log and stop. */ 1630 wpi_fatal_intr(sc); 1631 wpi_stop(ifp, 1); 1632 task_add(systq, &sc->init_task); 1633 return 1; 1634 } 1635 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1636 (r2 & WPI_FH_INT_RX)) 1637 wpi_notif_intr(sc); 1638 1639 if (r1 & WPI_INT_ALIVE) 1640 wakeup(sc); /* Firmware is alive. */ 1641 1642 /* Re-enable interrupts. */ 1643 if (ifp->if_flags & IFF_UP) 1644 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1645 1646 return 1; 1647 } 1648 1649 int 1650 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1651 { 1652 struct ieee80211com *ic = &sc->sc_ic; 1653 struct wpi_node *wn = (void *)ni; 1654 struct wpi_tx_ring *ring; 1655 struct wpi_tx_desc *desc; 1656 struct wpi_tx_data *data; 1657 struct wpi_tx_cmd *cmd; 1658 struct wpi_cmd_data *tx; 1659 const struct wpi_rate *rinfo; 1660 struct ieee80211_frame *wh; 1661 struct ieee80211_key *k = NULL; 1662 struct mbuf *m1; 1663 enum ieee80211_edca_ac ac; 1664 uint32_t flags; 1665 uint16_t qos; 1666 u_int hdrlen; 1667 uint8_t *ivp, tid, ridx, type; 1668 int i, totlen, hasqos, error; 1669 1670 wh = mtod(m, struct ieee80211_frame *); 1671 hdrlen = ieee80211_get_hdrlen(wh); 1672 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1673 1674 /* Select EDCA Access Category and TX ring for this frame. */ 1675 if ((hasqos = ieee80211_has_qos(wh))) { 1676 qos = ieee80211_get_qos(wh); 1677 tid = qos & IEEE80211_QOS_TID; 1678 ac = ieee80211_up_to_ac(ic, tid); 1679 } else { 1680 tid = 0; 1681 ac = EDCA_AC_BE; 1682 } 1683 1684 ring = &sc->txq[ac]; 1685 desc = &ring->desc[ring->cur]; 1686 data = &ring->data[ring->cur]; 1687 1688 /* Choose a TX rate index. */ 1689 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1690 type != IEEE80211_FC0_TYPE_DATA) { 1691 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1692 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1693 } else if (ic->ic_fixed_rate != -1) { 1694 ridx = sc->fixed_ridx; 1695 } else 1696 ridx = wn->ridx[ni->ni_txrate]; 1697 rinfo = &wpi_rates[ridx]; 1698 1699 #if NBPFILTER > 0 1700 if (sc->sc_drvbpf != NULL) { 1701 struct mbuf mb; 1702 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1703 1704 tap->wt_flags = 0; 1705 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1706 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1707 tap->wt_rate = rinfo->rate; 1708 tap->wt_hwqueue = ac; 1709 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1710 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1711 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1712 1713 mb.m_data = (caddr_t)tap; 1714 mb.m_len = sc->sc_txtap_len; 1715 mb.m_next = m; 1716 mb.m_nextpkt = NULL; 1717 mb.m_type = 0; 1718 mb.m_flags = 0; 1719 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1720 } 1721 #endif 1722 1723 totlen = m->m_pkthdr.len; 1724 1725 /* Encrypt the frame if need be. */ 1726 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1727 /* Retrieve key for TX. */ 1728 k = ieee80211_get_txkey(ic, wh, ni); 1729 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1730 /* Do software encryption. */ 1731 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1732 return ENOBUFS; 1733 /* 802.11 header may have moved. */ 1734 wh = mtod(m, struct ieee80211_frame *); 1735 totlen = m->m_pkthdr.len; 1736 1737 } else /* HW appends CCMP MIC. */ 1738 totlen += IEEE80211_CCMP_HDRLEN; 1739 } 1740 1741 /* Prepare TX firmware command. */ 1742 cmd = &ring->cmd[ring->cur]; 1743 cmd->code = WPI_CMD_TX_DATA; 1744 cmd->flags = 0; 1745 cmd->qid = ring->qid; 1746 cmd->idx = ring->cur; 1747 1748 tx = (struct wpi_cmd_data *)cmd->data; 1749 /* NB: No need to clear tx, all fields are reinitialized here. */ 1750 1751 flags = 0; 1752 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1753 /* Unicast frame, check if an ACK is expected. */ 1754 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1755 IEEE80211_QOS_ACK_POLICY_NOACK) 1756 flags |= WPI_TX_NEED_ACK; 1757 } 1758 1759 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1760 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1761 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1762 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1763 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1764 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1765 ridx <= WPI_RIDX_OFDM54) { 1766 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1767 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1768 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1769 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1770 } 1771 } 1772 1773 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1774 type != IEEE80211_FC0_TYPE_DATA) 1775 tx->id = WPI_ID_BROADCAST; 1776 else 1777 tx->id = wn->id; 1778 1779 if (type == IEEE80211_FC0_TYPE_MGT) { 1780 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1781 1782 #ifndef IEEE80211_STA_ONLY 1783 /* Tell HW to set timestamp in probe responses. */ 1784 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1785 flags |= WPI_TX_INSERT_TSTAMP; 1786 #endif 1787 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1788 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1789 tx->timeout = htole16(3); 1790 else 1791 tx->timeout = htole16(2); 1792 } else 1793 tx->timeout = htole16(0); 1794 1795 tx->len = htole16(totlen); 1796 tx->tid = tid; 1797 tx->rts_ntries = 7; 1798 tx->data_ntries = 15; 1799 tx->ofdm_mask = 0xff; 1800 tx->cck_mask = 0x0f; 1801 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1802 tx->plcp = rinfo->plcp; 1803 1804 /* Copy 802.11 header in TX command. */ 1805 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1806 1807 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1808 /* Trim 802.11 header and prepend CCMP IV. */ 1809 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1810 ivp = mtod(m, uint8_t *); 1811 k->k_tsc++; 1812 ivp[0] = k->k_tsc; 1813 ivp[1] = k->k_tsc >> 8; 1814 ivp[2] = 0; 1815 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1816 ivp[4] = k->k_tsc >> 16; 1817 ivp[5] = k->k_tsc >> 24; 1818 ivp[6] = k->k_tsc >> 32; 1819 ivp[7] = k->k_tsc >> 40; 1820 1821 tx->security = WPI_CIPHER_CCMP; 1822 memcpy(tx->key, k->k_key, k->k_len); 1823 } else { 1824 /* Trim 802.11 header. */ 1825 m_adj(m, hdrlen); 1826 tx->security = 0; 1827 } 1828 tx->flags = htole32(flags); 1829 1830 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1831 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1832 if (error != 0 && error != EFBIG) { 1833 printf("%s: can't map mbuf (error %d)\n", 1834 sc->sc_dev.dv_xname, error); 1835 m_freem(m); 1836 return error; 1837 } 1838 if (error != 0) { 1839 /* Too many DMA segments, linearize mbuf. */ 1840 MGETHDR(m1, M_DONTWAIT, MT_DATA); 1841 if (m1 == NULL) { 1842 m_freem(m); 1843 return ENOBUFS; 1844 } 1845 if (m->m_pkthdr.len > MHLEN) { 1846 MCLGET(m1, M_DONTWAIT); 1847 if (!(m1->m_flags & M_EXT)) { 1848 m_freem(m); 1849 m_freem(m1); 1850 return ENOBUFS; 1851 } 1852 } 1853 m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, caddr_t)); 1854 m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len; 1855 m_freem(m); 1856 m = m1; 1857 1858 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1859 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1860 if (error != 0) { 1861 printf("%s: can't map mbuf (error %d)\n", 1862 sc->sc_dev.dv_xname, error); 1863 m_freem(m); 1864 return error; 1865 } 1866 } 1867 1868 data->m = m; 1869 data->ni = ni; 1870 1871 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1872 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1873 1874 /* Fill TX descriptor. */ 1875 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1876 (1 + data->map->dm_nsegs) << 24); 1877 /* First DMA segment is used by the TX command. */ 1878 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1879 ring->cur * sizeof (struct wpi_tx_cmd)); 1880 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1881 ((hdrlen + 3) & ~3)); 1882 /* Other DMA segments are for data payload. */ 1883 for (i = 1; i <= data->map->dm_nsegs; i++) { 1884 desc->segs[i].addr = 1885 htole32(data->map->dm_segs[i - 1].ds_addr); 1886 desc->segs[i].len = 1887 htole32(data->map->dm_segs[i - 1].ds_len); 1888 } 1889 1890 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1891 BUS_DMASYNC_PREWRITE); 1892 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1893 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1894 BUS_DMASYNC_PREWRITE); 1895 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1896 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1897 BUS_DMASYNC_PREWRITE); 1898 1899 /* Kick TX ring. */ 1900 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1901 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1902 1903 /* Mark TX ring as full if we reach a certain threshold. */ 1904 if (++ring->queued > WPI_TX_RING_HIMARK) 1905 sc->qfullmsk |= 1 << ring->qid; 1906 1907 return 0; 1908 } 1909 1910 void 1911 wpi_start(struct ifnet *ifp) 1912 { 1913 struct wpi_softc *sc = ifp->if_softc; 1914 struct ieee80211com *ic = &sc->sc_ic; 1915 struct ieee80211_node *ni; 1916 struct mbuf *m; 1917 1918 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1919 return; 1920 1921 for (;;) { 1922 if (sc->qfullmsk != 0) { 1923 ifp->if_flags |= IFF_OACTIVE; 1924 break; 1925 } 1926 /* Send pending management frames first. */ 1927 IF_DEQUEUE(&ic->ic_mgtq, m); 1928 if (m != NULL) { 1929 ni = m->m_pkthdr.ph_cookie; 1930 goto sendit; 1931 } 1932 if (ic->ic_state != IEEE80211_S_RUN) 1933 break; 1934 1935 /* Encapsulate and send data frames. */ 1936 IFQ_DEQUEUE(&ifp->if_snd, m); 1937 if (m == NULL) 1938 break; 1939 #if NBPFILTER > 0 1940 if (ifp->if_bpf != NULL) 1941 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1942 #endif 1943 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1944 continue; 1945 sendit: 1946 #if NBPFILTER > 0 1947 if (ic->ic_rawbpf != NULL) 1948 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1949 #endif 1950 if (wpi_tx(sc, m, ni) != 0) { 1951 ieee80211_release_node(ic, ni); 1952 ifp->if_oerrors++; 1953 continue; 1954 } 1955 1956 sc->sc_tx_timer = 5; 1957 ifp->if_timer = 1; 1958 } 1959 } 1960 1961 void 1962 wpi_watchdog(struct ifnet *ifp) 1963 { 1964 struct wpi_softc *sc = ifp->if_softc; 1965 1966 ifp->if_timer = 0; 1967 1968 if (sc->sc_tx_timer > 0) { 1969 if (--sc->sc_tx_timer == 0) { 1970 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1971 ifp->if_flags &= ~IFF_UP; 1972 wpi_stop(ifp, 1); 1973 ifp->if_oerrors++; 1974 return; 1975 } 1976 ifp->if_timer = 1; 1977 } 1978 1979 ieee80211_watchdog(ifp); 1980 } 1981 1982 int 1983 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1984 { 1985 struct wpi_softc *sc = ifp->if_softc; 1986 struct ieee80211com *ic = &sc->sc_ic; 1987 struct ifaddr *ifa; 1988 struct ifreq *ifr; 1989 int s, error = 0; 1990 1991 s = splnet(); 1992 /* 1993 * Prevent processes from entering this function while another 1994 * process is tsleep'ing in it. 1995 */ 1996 while ((sc->sc_flags & WPI_FLAG_BUSY) && error == 0) 1997 error = tsleep(&sc->sc_flags, PCATCH, "wpiioc", 0); 1998 if (error != 0) { 1999 splx(s); 2000 return error; 2001 } 2002 sc->sc_flags |= WPI_FLAG_BUSY; 2003 2004 switch (cmd) { 2005 case SIOCSIFADDR: 2006 ifa = (struct ifaddr *)data; 2007 ifp->if_flags |= IFF_UP; 2008 #ifdef INET 2009 if (ifa->ifa_addr->sa_family == AF_INET) 2010 arp_ifinit(&ic->ic_ac, ifa); 2011 #endif 2012 /* FALLTHROUGH */ 2013 case SIOCSIFFLAGS: 2014 if (ifp->if_flags & IFF_UP) { 2015 if (!(ifp->if_flags & IFF_RUNNING)) 2016 error = wpi_init(ifp); 2017 } else { 2018 if (ifp->if_flags & IFF_RUNNING) 2019 wpi_stop(ifp, 1); 2020 } 2021 break; 2022 2023 case SIOCADDMULTI: 2024 case SIOCDELMULTI: 2025 ifr = (struct ifreq *)data; 2026 error = (cmd == SIOCADDMULTI) ? 2027 ether_addmulti(ifr, &ic->ic_ac) : 2028 ether_delmulti(ifr, &ic->ic_ac); 2029 2030 if (error == ENETRESET) 2031 error = 0; 2032 break; 2033 2034 case SIOCS80211POWER: 2035 error = ieee80211_ioctl(ifp, cmd, data); 2036 if (error != ENETRESET) 2037 break; 2038 if (ic->ic_state == IEEE80211_S_RUN) { 2039 if (ic->ic_flags & IEEE80211_F_PMGTON) 2040 error = wpi_set_pslevel(sc, 0, 3, 0); 2041 else /* back to CAM */ 2042 error = wpi_set_pslevel(sc, 0, 0, 0); 2043 } else { 2044 /* Defer until transition to IEEE80211_S_RUN. */ 2045 error = 0; 2046 } 2047 break; 2048 2049 default: 2050 error = ieee80211_ioctl(ifp, cmd, data); 2051 } 2052 2053 if (error == ENETRESET) { 2054 error = 0; 2055 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2056 (IFF_UP | IFF_RUNNING)) { 2057 wpi_stop(ifp, 0); 2058 error = wpi_init(ifp); 2059 } 2060 } 2061 2062 sc->sc_flags &= ~WPI_FLAG_BUSY; 2063 wakeup(&sc->sc_flags); 2064 splx(s); 2065 return error; 2066 } 2067 2068 /* 2069 * Send a command to the firmware. 2070 */ 2071 int 2072 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2073 { 2074 struct wpi_tx_ring *ring = &sc->txq[4]; 2075 struct wpi_tx_desc *desc; 2076 struct wpi_tx_data *data; 2077 struct wpi_tx_cmd *cmd; 2078 struct mbuf *m; 2079 bus_addr_t paddr; 2080 int totlen, error; 2081 2082 desc = &ring->desc[ring->cur]; 2083 data = &ring->data[ring->cur]; 2084 totlen = 4 + size; 2085 2086 if (size > sizeof cmd->data) { 2087 /* Command is too large to fit in a descriptor. */ 2088 if (totlen > MCLBYTES) 2089 return EINVAL; 2090 MGETHDR(m, M_DONTWAIT, MT_DATA); 2091 if (m == NULL) 2092 return ENOMEM; 2093 if (totlen > MHLEN) { 2094 MCLGET(m, M_DONTWAIT); 2095 if (!(m->m_flags & M_EXT)) { 2096 m_freem(m); 2097 return ENOMEM; 2098 } 2099 } 2100 cmd = mtod(m, struct wpi_tx_cmd *); 2101 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2102 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2103 if (error != 0) { 2104 m_freem(m); 2105 return error; 2106 } 2107 data->m = m; 2108 paddr = data->map->dm_segs[0].ds_addr; 2109 } else { 2110 cmd = &ring->cmd[ring->cur]; 2111 paddr = data->cmd_paddr; 2112 } 2113 2114 cmd->code = code; 2115 cmd->flags = 0; 2116 cmd->qid = ring->qid; 2117 cmd->idx = ring->cur; 2118 memcpy(cmd->data, buf, size); 2119 2120 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2121 desc->segs[0].addr = htole32(paddr); 2122 desc->segs[0].len = htole32(totlen); 2123 2124 if (size > sizeof cmd->data) { 2125 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2126 BUS_DMASYNC_PREWRITE); 2127 } else { 2128 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2129 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2130 BUS_DMASYNC_PREWRITE); 2131 } 2132 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2133 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2134 BUS_DMASYNC_PREWRITE); 2135 2136 /* Kick command ring. */ 2137 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2138 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2139 2140 return async ? 0 : tsleep(cmd, PCATCH, "wpicmd", hz); 2141 } 2142 2143 /* 2144 * Configure HW multi-rate retries. 2145 */ 2146 int 2147 wpi_mrr_setup(struct wpi_softc *sc) 2148 { 2149 struct ieee80211com *ic = &sc->sc_ic; 2150 struct wpi_mrr_setup mrr; 2151 int i, error; 2152 2153 /* CCK rates (not used with 802.11a). */ 2154 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2155 mrr.rates[i].flags = 0; 2156 mrr.rates[i].plcp = wpi_rates[i].plcp; 2157 /* Fallback to the immediate lower CCK rate (if any.) */ 2158 mrr.rates[i].next = 2159 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2160 /* Try one time at this rate before falling back to "next". */ 2161 mrr.rates[i].ntries = 1; 2162 } 2163 /* OFDM rates (not used with 802.11b). */ 2164 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2165 mrr.rates[i].flags = 0; 2166 mrr.rates[i].plcp = wpi_rates[i].plcp; 2167 /* Fallback to the immediate lower rate (if any.) */ 2168 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2169 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2170 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2171 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2172 i - 1; 2173 /* Try one time at this rate before falling back to "next". */ 2174 mrr.rates[i].ntries = 1; 2175 } 2176 /* Setup MRR for control frames. */ 2177 mrr.which = htole32(WPI_MRR_CTL); 2178 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2179 if (error != 0) { 2180 printf("%s: could not setup MRR for control frames\n", 2181 sc->sc_dev.dv_xname); 2182 return error; 2183 } 2184 /* Setup MRR for data frames. */ 2185 mrr.which = htole32(WPI_MRR_DATA); 2186 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2187 if (error != 0) { 2188 printf("%s: could not setup MRR for data frames\n", 2189 sc->sc_dev.dv_xname); 2190 return error; 2191 } 2192 return 0; 2193 } 2194 2195 void 2196 wpi_updateedca(struct ieee80211com *ic) 2197 { 2198 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2199 struct wpi_softc *sc = ic->ic_softc; 2200 struct wpi_edca_params cmd; 2201 int aci; 2202 2203 memset(&cmd, 0, sizeof cmd); 2204 cmd.flags = htole32(WPI_EDCA_UPDATE); 2205 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2206 const struct ieee80211_edca_ac_params *ac = 2207 &ic->ic_edca_ac[aci]; 2208 cmd.ac[aci].aifsn = ac->ac_aifsn; 2209 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2210 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2211 cmd.ac[aci].txoplimit = 2212 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2213 } 2214 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2215 #undef WPI_EXP2 2216 } 2217 2218 void 2219 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2220 { 2221 struct wpi_cmd_led led; 2222 2223 led.which = which; 2224 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2225 led.off = off; 2226 led.on = on; 2227 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2228 } 2229 2230 int 2231 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2232 { 2233 struct wpi_cmd_timing cmd; 2234 uint64_t val, mod; 2235 2236 memset(&cmd, 0, sizeof cmd); 2237 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2238 cmd.bintval = htole16(ni->ni_intval); 2239 cmd.lintval = htole16(10); 2240 2241 /* Compute remaining time until next beacon. */ 2242 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2243 mod = letoh64(cmd.tstamp) % val; 2244 cmd.binitval = htole32((uint32_t)(val - mod)); 2245 2246 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2247 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2248 2249 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2250 } 2251 2252 /* 2253 * This function is called periodically (every minute) to adjust TX power 2254 * based on temperature variation. 2255 */ 2256 void 2257 wpi_power_calibration(struct wpi_softc *sc) 2258 { 2259 int temp; 2260 2261 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 2262 /* Sanity-check temperature. */ 2263 if (temp < -260 || temp > 25) { 2264 /* This can't be correct, ignore. */ 2265 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2266 return; 2267 } 2268 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2269 /* Adjust TX power if need be (delta > 6). */ 2270 if (abs(temp - sc->temp) > 6) { 2271 /* Record temperature of last calibration. */ 2272 sc->temp = temp; 2273 (void)wpi_set_txpower(sc, 1); 2274 } 2275 } 2276 2277 /* 2278 * Set TX power for current channel (each rate has its own power settings). 2279 */ 2280 int 2281 wpi_set_txpower(struct wpi_softc *sc, int async) 2282 { 2283 struct ieee80211com *ic = &sc->sc_ic; 2284 struct ieee80211_channel *ch; 2285 struct wpi_power_group *group; 2286 struct wpi_cmd_txpower cmd; 2287 u_int chan; 2288 int idx, i; 2289 2290 /* Retrieve current channel from last RXON. */ 2291 chan = sc->rxon.chan; 2292 DPRINTF(("setting TX power for channel %d\n", chan)); 2293 ch = &ic->ic_channels[chan]; 2294 2295 /* Find the TX power group to which this channel belongs. */ 2296 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2297 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2298 if (chan <= group->chan) 2299 break; 2300 } else 2301 group = &sc->groups[0]; 2302 2303 memset(&cmd, 0, sizeof cmd); 2304 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2305 cmd.chan = htole16(chan); 2306 2307 /* Set TX power for all OFDM and CCK rates. */ 2308 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2309 /* Retrieve TX power for this channel/rate. */ 2310 idx = wpi_get_power_index(sc, group, ch, i); 2311 2312 cmd.rates[i].plcp = wpi_rates[i].plcp; 2313 2314 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2315 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2316 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2317 } else { 2318 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2319 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2320 } 2321 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2322 wpi_rates[i].rate, idx)); 2323 } 2324 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2325 } 2326 2327 /* 2328 * Determine TX power index for a given channel/rate combination. 2329 * This takes into account the regulatory information from EEPROM and the 2330 * current temperature. 2331 */ 2332 int 2333 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2334 struct ieee80211_channel *c, int ridx) 2335 { 2336 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2337 #define fdivround(a, b, n) \ 2338 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2339 2340 /* Linear interpolation. */ 2341 #define interpolate(x, x1, y1, x2, y2, n) \ 2342 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2343 2344 struct ieee80211com *ic = &sc->sc_ic; 2345 struct wpi_power_sample *sample; 2346 int pwr, idx; 2347 u_int chan; 2348 2349 /* Get channel number. */ 2350 chan = ieee80211_chan2ieee(ic, c); 2351 2352 /* Default TX power is group maximum TX power minus 3dB. */ 2353 pwr = group->maxpwr / 2; 2354 2355 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2356 switch (ridx) { 2357 case WPI_RIDX_OFDM36: 2358 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2359 break; 2360 case WPI_RIDX_OFDM48: 2361 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2362 break; 2363 case WPI_RIDX_OFDM54: 2364 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2365 break; 2366 } 2367 2368 /* Never exceed the channel maximum allowed TX power. */ 2369 pwr = MIN(pwr, sc->maxpwr[chan]); 2370 2371 /* Retrieve TX power index into gain tables from samples. */ 2372 for (sample = group->samples; sample < &group->samples[3]; sample++) 2373 if (pwr > sample[1].power) 2374 break; 2375 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2376 idx = interpolate(pwr, sample[0].power, sample[0].index, 2377 sample[1].power, sample[1].index, 19); 2378 2379 /*- 2380 * Adjust power index based on current temperature: 2381 * - if cooler than factory-calibrated: decrease output power 2382 * - if warmer than factory-calibrated: increase output power 2383 */ 2384 idx -= (sc->temp - group->temp) * 11 / 100; 2385 2386 /* Decrease TX power for CCK rates (-5dB). */ 2387 if (ridx >= WPI_RIDX_CCK1) 2388 idx += 10; 2389 2390 /* Make sure idx stays in a valid range. */ 2391 if (idx < 0) 2392 idx = 0; 2393 else if (idx > WPI_MAX_PWR_INDEX) 2394 idx = WPI_MAX_PWR_INDEX; 2395 return idx; 2396 2397 #undef interpolate 2398 #undef fdivround 2399 } 2400 2401 /* 2402 * Set STA mode power saving level (between 0 and 5). 2403 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2404 */ 2405 int 2406 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2407 { 2408 struct wpi_pmgt_cmd cmd; 2409 const struct wpi_pmgt *pmgt; 2410 uint32_t max, skip_dtim; 2411 pcireg_t reg; 2412 int i; 2413 2414 /* Select which PS parameters to use. */ 2415 if (dtim <= 10) 2416 pmgt = &wpi_pmgt[0][level]; 2417 else 2418 pmgt = &wpi_pmgt[1][level]; 2419 2420 memset(&cmd, 0, sizeof cmd); 2421 if (level != 0) /* not CAM */ 2422 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2423 /* Retrieve PCIe Active State Power Management (ASPM). */ 2424 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2425 sc->sc_cap_off + PCI_PCIE_LCSR); 2426 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2427 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2428 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2429 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2430 2431 if (dtim == 0) { 2432 dtim = 1; 2433 skip_dtim = 0; 2434 } else 2435 skip_dtim = pmgt->skip_dtim; 2436 if (skip_dtim != 0) { 2437 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2438 max = pmgt->intval[4]; 2439 if (max == (uint32_t)-1) 2440 max = dtim * (skip_dtim + 1); 2441 else if (max > dtim) 2442 max = (max / dtim) * dtim; 2443 } else 2444 max = dtim; 2445 for (i = 0; i < 5; i++) 2446 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2447 2448 DPRINTF(("setting power saving level to %d\n", level)); 2449 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2450 } 2451 2452 int 2453 wpi_config(struct wpi_softc *sc) 2454 { 2455 struct ieee80211com *ic = &sc->sc_ic; 2456 struct ifnet *ifp = &ic->ic_if; 2457 struct wpi_bluetooth bluetooth; 2458 struct wpi_node_info node; 2459 int error; 2460 2461 /* Set power saving level to CAM during initialization. */ 2462 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2463 printf("%s: could not set power saving level\n", 2464 sc->sc_dev.dv_xname); 2465 return error; 2466 } 2467 2468 /* Configure bluetooth coexistence. */ 2469 memset(&bluetooth, 0, sizeof bluetooth); 2470 bluetooth.flags = WPI_BT_COEX_MODE_4WIRE; 2471 bluetooth.lead_time = WPI_BT_LEAD_TIME_DEF; 2472 bluetooth.max_kill = WPI_BT_MAX_KILL_DEF; 2473 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2474 if (error != 0) { 2475 printf("%s: could not configure bluetooth coexistence\n", 2476 sc->sc_dev.dv_xname); 2477 return error; 2478 } 2479 2480 /* Configure adapter. */ 2481 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2482 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2483 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2484 /* Set default channel. */ 2485 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2486 sc->rxon.flags = htole32(WPI_RXON_TSF); 2487 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2488 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2489 switch (ic->ic_opmode) { 2490 case IEEE80211_M_STA: 2491 sc->rxon.mode = WPI_MODE_STA; 2492 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2493 break; 2494 case IEEE80211_M_MONITOR: 2495 sc->rxon.mode = WPI_MODE_MONITOR; 2496 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2497 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2498 break; 2499 default: 2500 /* Should not get there. */ 2501 break; 2502 } 2503 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2504 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2505 DPRINTF(("setting configuration\n")); 2506 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2507 0); 2508 if (error != 0) { 2509 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2510 return error; 2511 } 2512 2513 /* Configuration has changed, set TX power accordingly. */ 2514 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2515 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2516 return error; 2517 } 2518 2519 /* Add broadcast node. */ 2520 memset(&node, 0, sizeof node); 2521 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2522 node.id = WPI_ID_BROADCAST; 2523 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2524 node.action = htole32(WPI_ACTION_SET_RATE); 2525 node.antenna = WPI_ANTENNA_BOTH; 2526 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2527 if (error != 0) { 2528 printf("%s: could not add broadcast node\n", 2529 sc->sc_dev.dv_xname); 2530 return error; 2531 } 2532 2533 if ((error = wpi_mrr_setup(sc)) != 0) { 2534 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2535 return error; 2536 } 2537 return 0; 2538 } 2539 2540 int 2541 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2542 { 2543 struct ieee80211com *ic = &sc->sc_ic; 2544 struct wpi_scan_hdr *hdr; 2545 struct wpi_cmd_data *tx; 2546 struct wpi_scan_essid *essid; 2547 struct wpi_scan_chan *chan; 2548 struct ieee80211_frame *wh; 2549 struct ieee80211_rateset *rs; 2550 struct ieee80211_channel *c; 2551 uint8_t *buf, *frm; 2552 int buflen, error; 2553 2554 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2555 if (buf == NULL) { 2556 printf("%s: could not allocate buffer for scan command\n", 2557 sc->sc_dev.dv_xname); 2558 return ENOMEM; 2559 } 2560 hdr = (struct wpi_scan_hdr *)buf; 2561 /* 2562 * Move to the next channel if no frames are received within 10ms 2563 * after sending the probe request. 2564 */ 2565 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2566 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2567 2568 tx = (struct wpi_cmd_data *)(hdr + 1); 2569 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2570 tx->id = WPI_ID_BROADCAST; 2571 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2572 2573 if (flags & IEEE80211_CHAN_5GHZ) { 2574 hdr->crc_threshold = htole16(1); 2575 /* Send probe requests at 6Mbps. */ 2576 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2577 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2578 } else { 2579 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2580 /* Send probe requests at 1Mbps. */ 2581 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2582 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2583 } 2584 2585 essid = (struct wpi_scan_essid *)(tx + 1); 2586 if (ic->ic_des_esslen != 0) { 2587 essid[0].id = IEEE80211_ELEMID_SSID; 2588 essid[0].len = ic->ic_des_esslen; 2589 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2590 } 2591 /* 2592 * Build a probe request frame. Most of the following code is a 2593 * copy & paste of what is done in net80211. 2594 */ 2595 wh = (struct ieee80211_frame *)(essid + 4); 2596 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2597 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2598 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2599 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2600 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2601 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2602 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2603 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2604 2605 frm = (uint8_t *)(wh + 1); 2606 frm = ieee80211_add_ssid(frm, NULL, 0); 2607 frm = ieee80211_add_rates(frm, rs); 2608 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2609 frm = ieee80211_add_xrates(frm, rs); 2610 2611 /* Set length of probe request. */ 2612 tx->len = htole16(frm - (uint8_t *)wh); 2613 2614 chan = (struct wpi_scan_chan *)frm; 2615 for (c = &ic->ic_channels[1]; 2616 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2617 if ((c->ic_flags & flags) != flags) 2618 continue; 2619 2620 chan->chan = ieee80211_chan2ieee(ic, c); 2621 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2622 chan->flags = 0; 2623 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2624 chan->flags |= WPI_CHAN_ACTIVE; 2625 if (ic->ic_des_esslen != 0) 2626 chan->flags |= WPI_CHAN_NPBREQS(1); 2627 chan->dsp_gain = 0x6e; 2628 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2629 chan->rf_gain = 0x3b; 2630 chan->active = htole16(24); 2631 chan->passive = htole16(110); 2632 } else { 2633 chan->rf_gain = 0x28; 2634 chan->active = htole16(36); 2635 chan->passive = htole16(120); 2636 } 2637 hdr->nchan++; 2638 chan++; 2639 } 2640 2641 buflen = (uint8_t *)chan - buf; 2642 hdr->len = htole16(buflen); 2643 2644 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2645 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2646 free(buf, M_DEVBUF, 0); 2647 return error; 2648 } 2649 2650 int 2651 wpi_auth(struct wpi_softc *sc) 2652 { 2653 struct ieee80211com *ic = &sc->sc_ic; 2654 struct ieee80211_node *ni = ic->ic_bss; 2655 struct wpi_node_info node; 2656 int error; 2657 2658 /* Update adapter configuration. */ 2659 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2660 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2661 sc->rxon.flags = htole32(WPI_RXON_TSF); 2662 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2663 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2664 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2665 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2666 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2667 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2668 switch (ic->ic_curmode) { 2669 case IEEE80211_MODE_11A: 2670 sc->rxon.cck_mask = 0; 2671 sc->rxon.ofdm_mask = 0x15; 2672 break; 2673 case IEEE80211_MODE_11B: 2674 sc->rxon.cck_mask = 0x03; 2675 sc->rxon.ofdm_mask = 0; 2676 break; 2677 default: /* Assume 802.11b/g. */ 2678 sc->rxon.cck_mask = 0x0f; 2679 sc->rxon.ofdm_mask = 0x15; 2680 } 2681 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2682 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2683 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2684 1); 2685 if (error != 0) { 2686 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2687 return error; 2688 } 2689 2690 /* Configuration has changed, set TX power accordingly. */ 2691 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2692 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2693 return error; 2694 } 2695 /* 2696 * Reconfiguring RXON clears the firmware nodes table so we must 2697 * add the broadcast node again. 2698 */ 2699 memset(&node, 0, sizeof node); 2700 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2701 node.id = WPI_ID_BROADCAST; 2702 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2703 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2704 node.action = htole32(WPI_ACTION_SET_RATE); 2705 node.antenna = WPI_ANTENNA_BOTH; 2706 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2707 if (error != 0) { 2708 printf("%s: could not add broadcast node\n", 2709 sc->sc_dev.dv_xname); 2710 return error; 2711 } 2712 return 0; 2713 } 2714 2715 int 2716 wpi_run(struct wpi_softc *sc) 2717 { 2718 struct ieee80211com *ic = &sc->sc_ic; 2719 struct ieee80211_node *ni = ic->ic_bss; 2720 struct wpi_node_info node; 2721 int error; 2722 2723 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2724 /* Link LED blinks while monitoring. */ 2725 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2726 return 0; 2727 } 2728 if ((error = wpi_set_timing(sc, ni)) != 0) { 2729 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2730 return error; 2731 } 2732 2733 /* Update adapter configuration. */ 2734 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2735 /* Short preamble and slot time are negotiated when associating. */ 2736 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2737 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2738 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2739 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2740 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2741 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2742 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2743 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2744 1); 2745 if (error != 0) { 2746 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2747 return error; 2748 } 2749 2750 /* Configuration has changed, set TX power accordingly. */ 2751 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2752 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2753 return error; 2754 } 2755 2756 /* Fake a join to init the TX rate. */ 2757 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2758 wpi_newassoc(ic, ni, 1); 2759 2760 /* Add BSS node. */ 2761 memset(&node, 0, sizeof node); 2762 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2763 node.id = WPI_ID_BSS; 2764 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2765 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2766 node.action = htole32(WPI_ACTION_SET_RATE); 2767 node.antenna = WPI_ANTENNA_BOTH; 2768 DPRINTF(("adding BSS node\n")); 2769 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2770 if (error != 0) { 2771 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2772 return error; 2773 } 2774 2775 /* Start periodic calibration timer. */ 2776 sc->calib_cnt = 0; 2777 timeout_add(&sc->calib_to, hz / 2); 2778 2779 /* Link LED always on while associated. */ 2780 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2781 2782 /* Enable power-saving mode if requested by user. */ 2783 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2784 (void)wpi_set_pslevel(sc, 0, 3, 1); 2785 2786 return 0; 2787 } 2788 2789 /* 2790 * We support CCMP hardware encryption/decryption of unicast frames only. 2791 * HW support for TKIP really sucks. We should let TKIP die anyway. 2792 */ 2793 int 2794 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2795 struct ieee80211_key *k) 2796 { 2797 struct wpi_softc *sc = ic->ic_softc; 2798 struct wpi_node *wn = (void *)ni; 2799 struct wpi_node_info node; 2800 uint16_t kflags; 2801 2802 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2803 k->k_cipher != IEEE80211_CIPHER_CCMP) 2804 return ieee80211_set_key(ic, ni, k); 2805 2806 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2807 memset(&node, 0, sizeof node); 2808 node.id = wn->id; 2809 node.control = WPI_NODE_UPDATE; 2810 node.flags = WPI_FLAG_SET_KEY; 2811 node.kflags = htole16(kflags); 2812 memcpy(node.key, k->k_key, k->k_len); 2813 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2814 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2815 } 2816 2817 void 2818 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2819 struct ieee80211_key *k) 2820 { 2821 struct wpi_softc *sc = ic->ic_softc; 2822 struct wpi_node *wn = (void *)ni; 2823 struct wpi_node_info node; 2824 2825 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2826 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2827 /* See comment about other ciphers above. */ 2828 ieee80211_delete_key(ic, ni, k); 2829 return; 2830 } 2831 if (ic->ic_state != IEEE80211_S_RUN) 2832 return; /* Nothing to do. */ 2833 memset(&node, 0, sizeof node); 2834 node.id = wn->id; 2835 node.control = WPI_NODE_UPDATE; 2836 node.flags = WPI_FLAG_SET_KEY; 2837 node.kflags = 0; 2838 DPRINTF(("delete keys for node %d\n", node.id)); 2839 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2840 } 2841 2842 int 2843 wpi_post_alive(struct wpi_softc *sc) 2844 { 2845 int ntries, error; 2846 2847 /* Check (again) that the radio is not disabled. */ 2848 if ((error = wpi_nic_lock(sc)) != 0) 2849 return error; 2850 /* NB: Runtime firmware must be up and running. */ 2851 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2852 printf("%s: radio is disabled by hardware switch\n", 2853 sc->sc_dev.dv_xname); 2854 wpi_nic_unlock(sc); 2855 return EPERM; /* :-) */ 2856 } 2857 wpi_nic_unlock(sc); 2858 2859 /* Wait for thermal sensor to calibrate. */ 2860 for (ntries = 0; ntries < 1000; ntries++) { 2861 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2862 break; 2863 DELAY(10); 2864 } 2865 if (ntries == 1000) { 2866 printf("%s: timeout waiting for thermal sensor calibration\n", 2867 sc->sc_dev.dv_xname); 2868 return ETIMEDOUT; 2869 } 2870 DPRINTF(("temperature %d\n", sc->temp)); 2871 return 0; 2872 } 2873 2874 /* 2875 * The firmware boot code is small and is intended to be copied directly into 2876 * the NIC internal memory (no DMA transfer.) 2877 */ 2878 int 2879 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2880 { 2881 int error, ntries; 2882 2883 size /= sizeof (uint32_t); 2884 2885 if ((error = wpi_nic_lock(sc)) != 0) 2886 return error; 2887 2888 /* Copy microcode image into NIC memory. */ 2889 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2890 (const uint32_t *)ucode, size); 2891 2892 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2893 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2894 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2895 2896 /* Start boot load now. */ 2897 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2898 2899 /* Wait for transfer to complete. */ 2900 for (ntries = 0; ntries < 1000; ntries++) { 2901 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2902 WPI_BSM_WR_CTRL_START)) 2903 break; 2904 DELAY(10); 2905 } 2906 if (ntries == 1000) { 2907 printf("%s: could not load boot firmware\n", 2908 sc->sc_dev.dv_xname); 2909 wpi_nic_unlock(sc); 2910 return ETIMEDOUT; 2911 } 2912 2913 /* Enable boot after power up. */ 2914 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2915 2916 wpi_nic_unlock(sc); 2917 return 0; 2918 } 2919 2920 int 2921 wpi_load_firmware(struct wpi_softc *sc) 2922 { 2923 struct wpi_fw_info *fw = &sc->fw; 2924 struct wpi_dma_info *dma = &sc->fw_dma; 2925 int error; 2926 2927 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2928 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2929 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2930 BUS_DMASYNC_PREWRITE); 2931 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2932 fw->init.text, fw->init.textsz); 2933 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2934 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2935 2936 /* Tell adapter where to find initialization sections. */ 2937 if ((error = wpi_nic_lock(sc)) != 0) 2938 return error; 2939 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2940 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2941 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2942 dma->paddr + WPI_FW_DATA_MAXSZ); 2943 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2944 wpi_nic_unlock(sc); 2945 2946 /* Load firmware boot code. */ 2947 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2948 if (error != 0) { 2949 printf("%s: could not load boot firmware\n", 2950 sc->sc_dev.dv_xname); 2951 return error; 2952 } 2953 /* Now press "execute". */ 2954 WPI_WRITE(sc, WPI_RESET, 0); 2955 2956 /* Wait at most one second for first alive notification. */ 2957 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 2958 printf("%s: timeout waiting for adapter to initialize\n", 2959 sc->sc_dev.dv_xname); 2960 return error; 2961 } 2962 2963 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2964 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2965 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2966 BUS_DMASYNC_PREWRITE); 2967 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2968 fw->main.text, fw->main.textsz); 2969 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2970 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2971 2972 /* Tell adapter where to find runtime sections. */ 2973 if ((error = wpi_nic_lock(sc)) != 0) 2974 return error; 2975 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2976 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2977 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2978 dma->paddr + WPI_FW_DATA_MAXSZ); 2979 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2980 WPI_FW_UPDATED | fw->main.textsz); 2981 wpi_nic_unlock(sc); 2982 2983 return 0; 2984 } 2985 2986 int 2987 wpi_read_firmware(struct wpi_softc *sc) 2988 { 2989 struct wpi_fw_info *fw = &sc->fw; 2990 const struct wpi_firmware_hdr *hdr; 2991 size_t size; 2992 int error; 2993 2994 /* Read firmware image from filesystem. */ 2995 if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { 2996 printf("%s: error, %d, could not read firmware %s\n", 2997 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 2998 return error; 2999 } 3000 if (size < sizeof (*hdr)) { 3001 printf("%s: truncated firmware header: %zu bytes\n", 3002 sc->sc_dev.dv_xname, size); 3003 free(fw->data, M_DEVBUF, 0); 3004 return EINVAL; 3005 } 3006 /* Extract firmware header information. */ 3007 hdr = (struct wpi_firmware_hdr *)fw->data; 3008 fw->main.textsz = letoh32(hdr->main_textsz); 3009 fw->main.datasz = letoh32(hdr->main_datasz); 3010 fw->init.textsz = letoh32(hdr->init_textsz); 3011 fw->init.datasz = letoh32(hdr->init_datasz); 3012 fw->boot.textsz = letoh32(hdr->boot_textsz); 3013 fw->boot.datasz = 0; 3014 3015 /* Sanity-check firmware header. */ 3016 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 3017 fw->main.datasz > WPI_FW_DATA_MAXSZ || 3018 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 3019 fw->init.datasz > WPI_FW_DATA_MAXSZ || 3020 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 3021 (fw->boot.textsz & 3) != 0) { 3022 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 3023 free(fw->data, M_DEVBUF, 0); 3024 return EINVAL; 3025 } 3026 3027 /* Check that all firmware sections fit. */ 3028 if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 3029 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 3030 printf("%s: firmware file too short: %zu bytes\n", 3031 sc->sc_dev.dv_xname, size); 3032 free(fw->data, M_DEVBUF, 0); 3033 return EINVAL; 3034 } 3035 3036 /* Get pointers to firmware sections. */ 3037 fw->main.text = (const uint8_t *)(hdr + 1); 3038 fw->main.data = fw->main.text + fw->main.textsz; 3039 fw->init.text = fw->main.data + fw->main.datasz; 3040 fw->init.data = fw->init.text + fw->init.textsz; 3041 fw->boot.text = fw->init.data + fw->init.datasz; 3042 3043 return 0; 3044 } 3045 3046 int 3047 wpi_clock_wait(struct wpi_softc *sc) 3048 { 3049 int ntries; 3050 3051 /* Set "initialization complete" bit. */ 3052 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 3053 3054 /* Wait for clock stabilization. */ 3055 for (ntries = 0; ntries < 25000; ntries++) { 3056 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3057 return 0; 3058 DELAY(100); 3059 } 3060 printf("%s: timeout waiting for clock stabilization\n", 3061 sc->sc_dev.dv_xname); 3062 return ETIMEDOUT; 3063 } 3064 3065 int 3066 wpi_apm_init(struct wpi_softc *sc) 3067 { 3068 int error; 3069 3070 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3071 /* Disable L0s. */ 3072 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3073 3074 if ((error = wpi_clock_wait(sc)) != 0) 3075 return error; 3076 3077 if ((error = wpi_nic_lock(sc)) != 0) 3078 return error; 3079 /* Enable DMA. */ 3080 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3081 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3082 DELAY(20); 3083 /* Disable L1. */ 3084 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3085 wpi_nic_unlock(sc); 3086 3087 return 0; 3088 } 3089 3090 void 3091 wpi_apm_stop_master(struct wpi_softc *sc) 3092 { 3093 int ntries; 3094 3095 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3096 3097 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3098 WPI_GP_CNTRL_MAC_PS) 3099 return; /* Already asleep. */ 3100 3101 for (ntries = 0; ntries < 100; ntries++) { 3102 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3103 return; 3104 DELAY(10); 3105 } 3106 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3107 } 3108 3109 void 3110 wpi_apm_stop(struct wpi_softc *sc) 3111 { 3112 wpi_apm_stop_master(sc); 3113 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3114 } 3115 3116 void 3117 wpi_nic_config(struct wpi_softc *sc) 3118 { 3119 pcireg_t reg; 3120 uint8_t rev; 3121 3122 /* Voodoo from the reference driver. */ 3123 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3124 rev = PCI_REVISION(reg); 3125 if ((rev & 0xc0) == 0x40) 3126 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3127 else if (!(rev & 0x80)) 3128 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3129 3130 if (sc->cap == 0x80) 3131 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3132 3133 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3134 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3135 else 3136 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3137 3138 if (sc->type > 1) 3139 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3140 } 3141 3142 int 3143 wpi_hw_init(struct wpi_softc *sc) 3144 { 3145 int chnl, ntries, error; 3146 3147 /* Clear pending interrupts. */ 3148 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3149 3150 if ((error = wpi_apm_init(sc)) != 0) { 3151 printf("%s: could not power ON adapter\n", 3152 sc->sc_dev.dv_xname); 3153 return error; 3154 } 3155 3156 /* Select VMAIN power source. */ 3157 if ((error = wpi_nic_lock(sc)) != 0) 3158 return error; 3159 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3160 wpi_nic_unlock(sc); 3161 /* Spin until VMAIN gets selected. */ 3162 for (ntries = 0; ntries < 5000; ntries++) { 3163 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3164 break; 3165 DELAY(10); 3166 } 3167 if (ntries == 5000) { 3168 printf("%s: timeout selecting power source\n", 3169 sc->sc_dev.dv_xname); 3170 return ETIMEDOUT; 3171 } 3172 3173 /* Perform adapter initialization. */ 3174 (void)wpi_nic_config(sc); 3175 3176 /* Initialize RX ring. */ 3177 if ((error = wpi_nic_lock(sc)) != 0) 3178 return error; 3179 /* Set physical address of RX ring. */ 3180 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3181 /* Set physical address of RX read pointer. */ 3182 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3183 offsetof(struct wpi_shared, next)); 3184 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3185 /* Enable RX. */ 3186 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3187 WPI_FH_RX_CONFIG_DMA_ENA | 3188 WPI_FH_RX_CONFIG_RDRBD_ENA | 3189 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3190 WPI_FH_RX_CONFIG_MAXFRAG | 3191 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3192 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3193 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3194 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3195 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3196 wpi_nic_unlock(sc); 3197 3198 /* Initialize TX rings. */ 3199 if ((error = wpi_nic_lock(sc)) != 0) 3200 return error; 3201 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3202 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3203 /* Enable all 6 TX rings. */ 3204 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3205 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3206 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3207 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3208 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3209 /* Set physical address of TX rings. */ 3210 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3211 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3212 3213 /* Enable all DMA channels. */ 3214 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3215 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 3216 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 3217 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 3218 } 3219 wpi_nic_unlock(sc); 3220 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3221 3222 /* Clear "radio off" and "commands blocked" bits. */ 3223 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3224 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3225 3226 /* Clear pending interrupts. */ 3227 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3228 /* Enable interrupts. */ 3229 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3230 3231 /* _Really_ make sure "radio off" bit is cleared! */ 3232 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3233 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3234 3235 if ((error = wpi_load_firmware(sc)) != 0) { 3236 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3237 return error; 3238 } 3239 /* Wait at most one second for firmware alive notification. */ 3240 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 3241 printf("%s: timeout waiting for adapter to initialize\n", 3242 sc->sc_dev.dv_xname); 3243 return error; 3244 } 3245 /* Do post-firmware initialization. */ 3246 return wpi_post_alive(sc); 3247 } 3248 3249 void 3250 wpi_hw_stop(struct wpi_softc *sc) 3251 { 3252 int chnl, qid, ntries; 3253 uint32_t tmp; 3254 3255 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3256 3257 /* Disable interrupts. */ 3258 WPI_WRITE(sc, WPI_MASK, 0); 3259 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3260 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3261 3262 /* Make sure we no longer hold the NIC lock. */ 3263 wpi_nic_unlock(sc); 3264 3265 if (wpi_nic_lock(sc) == 0) { 3266 /* Stop TX scheduler. */ 3267 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3268 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 3269 3270 /* Stop all DMA channels. */ 3271 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3272 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 3273 for (ntries = 0; ntries < 100; ntries++) { 3274 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 3275 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) == 3276 WPI_FH_TX_STATUS_IDLE(chnl)) 3277 break; 3278 DELAY(10); 3279 } 3280 } 3281 wpi_nic_unlock(sc); 3282 } 3283 3284 /* Stop RX ring. */ 3285 wpi_reset_rx_ring(sc, &sc->rxq); 3286 3287 /* Reset all TX rings. */ 3288 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3289 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3290 3291 if (wpi_nic_lock(sc) == 0) { 3292 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3293 wpi_nic_unlock(sc); 3294 } 3295 DELAY(5); 3296 /* Power OFF adapter. */ 3297 wpi_apm_stop(sc); 3298 } 3299 3300 int 3301 wpi_init(struct ifnet *ifp) 3302 { 3303 struct wpi_softc *sc = ifp->if_softc; 3304 struct ieee80211com *ic = &sc->sc_ic; 3305 int error; 3306 3307 #ifdef notyet 3308 /* Check that the radio is not disabled by hardware switch. */ 3309 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3310 printf("%s: radio is disabled by hardware switch\n", 3311 sc->sc_dev.dv_xname); 3312 error = EPERM; /* :-) */ 3313 goto fail; 3314 } 3315 #endif 3316 /* Read firmware images from the filesystem. */ 3317 if ((error = wpi_read_firmware(sc)) != 0) { 3318 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3319 goto fail; 3320 } 3321 3322 /* Initialize hardware and upload firmware. */ 3323 error = wpi_hw_init(sc); 3324 free(sc->fw.data, M_DEVBUF, 0); 3325 if (error != 0) { 3326 printf("%s: could not initialize hardware\n", 3327 sc->sc_dev.dv_xname); 3328 goto fail; 3329 } 3330 3331 /* Configure adapter now that it is ready. */ 3332 if ((error = wpi_config(sc)) != 0) { 3333 printf("%s: could not configure device\n", 3334 sc->sc_dev.dv_xname); 3335 goto fail; 3336 } 3337 3338 ifp->if_flags &= ~IFF_OACTIVE; 3339 ifp->if_flags |= IFF_RUNNING; 3340 3341 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3342 ieee80211_begin_scan(ifp); 3343 else 3344 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3345 3346 return 0; 3347 3348 fail: wpi_stop(ifp, 1); 3349 return error; 3350 } 3351 3352 void 3353 wpi_stop(struct ifnet *ifp, int disable) 3354 { 3355 struct wpi_softc *sc = ifp->if_softc; 3356 struct ieee80211com *ic = &sc->sc_ic; 3357 3358 ifp->if_timer = sc->sc_tx_timer = 0; 3359 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3360 3361 /* In case we were scanning, release the scan "lock". */ 3362 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 3363 3364 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3365 3366 /* Power OFF hardware. */ 3367 wpi_hw_stop(sc); 3368 } 3369