1 /* $OpenBSD: if_wpi.c,v 1.158 2024/05/24 06:02:57 jsg Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/rwlock.h> 30 #include <sys/systm.h> 31 #include <sys/malloc.h> 32 #include <sys/device.h> 33 #include <sys/task.h> 34 #include <sys/endian.h> 35 36 #include <machine/bus.h> 37 #include <machine/intr.h> 38 39 #include <dev/pci/pcireg.h> 40 #include <dev/pci/pcivar.h> 41 #include <dev/pci/pcidevs.h> 42 43 #if NBPFILTER > 0 44 #include <net/bpf.h> 45 #endif 46 #include <net/if.h> 47 #include <net/if_dl.h> 48 #include <net/if_media.h> 49 50 #include <netinet/in.h> 51 #include <netinet/if_ether.h> 52 53 #include <net80211/ieee80211_var.h> 54 #include <net80211/ieee80211_amrr.h> 55 #include <net80211/ieee80211_radiotap.h> 56 57 #include <dev/pci/if_wpireg.h> 58 #include <dev/pci/if_wpivar.h> 59 60 static const struct pci_matchid wpi_devices[] = { 61 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 62 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 63 }; 64 65 int wpi_match(struct device *, void *, void *); 66 void wpi_attach(struct device *, struct device *, void *); 67 #if NBPFILTER > 0 68 void wpi_radiotap_attach(struct wpi_softc *); 69 #endif 70 int wpi_detach(struct device *, int); 71 int wpi_activate(struct device *, int); 72 void wpi_wakeup(struct wpi_softc *); 73 void wpi_init_task(void *); 74 int wpi_nic_lock(struct wpi_softc *); 75 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 76 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 77 void **, bus_size_t, bus_size_t); 78 void wpi_dma_contig_free(struct wpi_dma_info *); 79 int wpi_alloc_shared(struct wpi_softc *); 80 void wpi_free_shared(struct wpi_softc *); 81 int wpi_alloc_fwmem(struct wpi_softc *); 82 void wpi_free_fwmem(struct wpi_softc *); 83 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 84 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 85 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 86 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 87 int); 88 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 89 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 90 int wpi_read_eeprom(struct wpi_softc *); 91 void wpi_read_eeprom_channels(struct wpi_softc *, int); 92 void wpi_read_eeprom_group(struct wpi_softc *, int); 93 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 94 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 95 int); 96 int wpi_media_change(struct ifnet *); 97 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 98 void wpi_iter_func(void *, struct ieee80211_node *); 99 void wpi_calib_timeout(void *); 100 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 101 struct ieee80211_key *); 102 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 103 struct wpi_rx_data *, struct mbuf_list *); 104 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 105 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 106 void wpi_notif_intr(struct wpi_softc *); 107 void wpi_fatal_intr(struct wpi_softc *); 108 int wpi_intr(void *); 109 int wpi_tx(struct wpi_softc *, struct mbuf *, 110 struct ieee80211_node *); 111 void wpi_start(struct ifnet *); 112 void wpi_watchdog(struct ifnet *); 113 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 114 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 115 int wpi_mrr_setup(struct wpi_softc *); 116 void wpi_updateedca(struct ieee80211com *); 117 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 118 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 119 void wpi_power_calibration(struct wpi_softc *); 120 int wpi_set_txpower(struct wpi_softc *, int); 121 int wpi_get_power_index(struct wpi_softc *, 122 struct wpi_power_group *, struct ieee80211_channel *, int); 123 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 124 int wpi_config(struct wpi_softc *); 125 int wpi_scan(struct wpi_softc *, uint16_t); 126 int wpi_auth(struct wpi_softc *); 127 int wpi_run(struct wpi_softc *); 128 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 129 struct ieee80211_key *); 130 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 131 struct ieee80211_key *); 132 int wpi_post_alive(struct wpi_softc *); 133 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 134 int wpi_load_firmware(struct wpi_softc *); 135 int wpi_read_firmware(struct wpi_softc *); 136 int wpi_clock_wait(struct wpi_softc *); 137 int wpi_apm_init(struct wpi_softc *); 138 void wpi_apm_stop_master(struct wpi_softc *); 139 void wpi_apm_stop(struct wpi_softc *); 140 void wpi_nic_config(struct wpi_softc *); 141 int wpi_hw_init(struct wpi_softc *); 142 void wpi_hw_stop(struct wpi_softc *); 143 int wpi_init(struct ifnet *); 144 void wpi_stop(struct ifnet *, int); 145 146 #ifdef WPI_DEBUG 147 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 148 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 149 int wpi_debug = 0; 150 #else 151 #define DPRINTF(x) 152 #define DPRINTFN(n, x) 153 #endif 154 155 struct cfdriver wpi_cd = { 156 NULL, "wpi", DV_IFNET 157 }; 158 159 const struct cfattach wpi_ca = { 160 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach, 161 wpi_activate 162 }; 163 164 int 165 wpi_match(struct device *parent, void *match, void *aux) 166 { 167 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 168 nitems(wpi_devices)); 169 } 170 171 void 172 wpi_attach(struct device *parent, struct device *self, void *aux) 173 { 174 struct wpi_softc *sc = (struct wpi_softc *)self; 175 struct ieee80211com *ic = &sc->sc_ic; 176 struct ifnet *ifp = &ic->ic_if; 177 struct pci_attach_args *pa = aux; 178 const char *intrstr; 179 pci_intr_handle_t ih; 180 pcireg_t memtype, reg; 181 int i, error; 182 183 sc->sc_pct = pa->pa_pc; 184 sc->sc_pcitag = pa->pa_tag; 185 sc->sc_dmat = pa->pa_dmat; 186 187 /* 188 * Get the offset of the PCI Express Capability Structure in PCI 189 * Configuration Space (the vendor driver hard-codes it as E0h.) 190 */ 191 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 192 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 193 if (error == 0) { 194 printf(": PCIe capability structure not found!\n"); 195 return; 196 } 197 198 /* Clear device-specific "PCI retry timeout" register (41h). */ 199 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 200 reg &= ~0xff00; 201 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 202 203 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 204 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 205 &sc->sc_sh, NULL, &sc->sc_sz, 0); 206 if (error != 0) { 207 printf(": can't map mem space\n"); 208 return; 209 } 210 211 /* Install interrupt handler. */ 212 if (pci_intr_map_msi(pa, &ih) != 0 && pci_intr_map(pa, &ih) != 0) { 213 printf(": can't map interrupt\n"); 214 return; 215 } 216 intrstr = pci_intr_string(sc->sc_pct, ih); 217 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 218 sc->sc_dev.dv_xname); 219 if (sc->sc_ih == NULL) { 220 printf(": can't establish interrupt"); 221 if (intrstr != NULL) 222 printf(" at %s", intrstr); 223 printf("\n"); 224 return; 225 } 226 printf(": %s", intrstr); 227 228 /* Power ON adapter. */ 229 if ((error = wpi_apm_init(sc)) != 0) { 230 printf(": could not power ON adapter\n"); 231 return; 232 } 233 234 /* Read MAC address, channels, etc from EEPROM. */ 235 if ((error = wpi_read_eeprom(sc)) != 0) { 236 printf(": could not read EEPROM\n"); 237 return; 238 } 239 240 /* Allocate DMA memory for firmware transfers. */ 241 if ((error = wpi_alloc_fwmem(sc)) != 0) { 242 printf(": could not allocate memory for firmware\n"); 243 return; 244 } 245 246 /* Allocate shared area. */ 247 if ((error = wpi_alloc_shared(sc)) != 0) { 248 printf(": could not allocate shared area\n"); 249 goto fail1; 250 } 251 252 /* Allocate TX rings. */ 253 for (i = 0; i < WPI_NTXQUEUES; i++) { 254 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 255 printf(": could not allocate TX ring %d\n", i); 256 goto fail2; 257 } 258 } 259 260 /* Allocate RX ring. */ 261 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 262 printf(": could not allocate Rx ring\n"); 263 goto fail2; 264 } 265 266 /* Power OFF adapter. */ 267 wpi_apm_stop(sc); 268 /* Clear pending interrupts. */ 269 WPI_WRITE(sc, WPI_INT, 0xffffffff); 270 271 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 272 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 273 ic->ic_state = IEEE80211_S_INIT; 274 275 /* Set device capabilities. */ 276 ic->ic_caps = 277 IEEE80211_C_WEP | /* WEP */ 278 IEEE80211_C_RSN | /* WPA/RSN */ 279 IEEE80211_C_SCANALL | /* device scans all channels at once */ 280 IEEE80211_C_SCANALLBAND | /* driver scans all bands at once */ 281 IEEE80211_C_MONITOR | /* monitor mode supported */ 282 IEEE80211_C_SHSLOT | /* short slot time supported */ 283 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 284 IEEE80211_C_PMGT; /* power saving supported */ 285 286 /* Set supported rates. */ 287 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 288 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 289 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 290 ic->ic_sup_rates[IEEE80211_MODE_11A] = 291 ieee80211_std_rateset_11a; 292 } 293 294 /* IBSS channel undefined for now. */ 295 ic->ic_ibss_chan = &ic->ic_channels[0]; 296 297 ifp->if_softc = sc; 298 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 299 ifp->if_ioctl = wpi_ioctl; 300 ifp->if_start = wpi_start; 301 ifp->if_watchdog = wpi_watchdog; 302 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 303 304 if_attach(ifp); 305 ieee80211_ifattach(ifp); 306 ic->ic_node_alloc = wpi_node_alloc; 307 ic->ic_newassoc = wpi_newassoc; 308 ic->ic_updateedca = wpi_updateedca; 309 ic->ic_set_key = wpi_set_key; 310 ic->ic_delete_key = wpi_delete_key; 311 312 /* Override 802.11 state transition machine. */ 313 sc->sc_newstate = ic->ic_newstate; 314 ic->ic_newstate = wpi_newstate; 315 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 316 317 sc->amrr.amrr_min_success_threshold = 1; 318 sc->amrr.amrr_max_success_threshold = 15; 319 320 #if NBPFILTER > 0 321 wpi_radiotap_attach(sc); 322 #endif 323 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 324 rw_init(&sc->sc_rwlock, "wpilock"); 325 task_set(&sc->init_task, wpi_init_task, sc); 326 return; 327 328 /* Free allocated memory if something failed during attachment. */ 329 fail2: while (--i >= 0) 330 wpi_free_tx_ring(sc, &sc->txq[i]); 331 wpi_free_shared(sc); 332 fail1: wpi_free_fwmem(sc); 333 } 334 335 #if NBPFILTER > 0 336 /* 337 * Attach the interface to 802.11 radiotap. 338 */ 339 void 340 wpi_radiotap_attach(struct wpi_softc *sc) 341 { 342 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 343 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 344 345 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 346 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 347 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 348 349 sc->sc_txtap_len = sizeof sc->sc_txtapu; 350 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 351 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 352 } 353 #endif 354 355 int 356 wpi_detach(struct device *self, int flags) 357 { 358 struct wpi_softc *sc = (struct wpi_softc *)self; 359 struct ifnet *ifp = &sc->sc_ic.ic_if; 360 int qid; 361 362 timeout_del(&sc->calib_to); 363 task_del(systq, &sc->init_task); 364 365 /* Uninstall interrupt handler. */ 366 if (sc->sc_ih != NULL) 367 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 368 369 /* Free DMA resources. */ 370 wpi_free_rx_ring(sc, &sc->rxq); 371 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 372 wpi_free_tx_ring(sc, &sc->txq[qid]); 373 wpi_free_shared(sc); 374 wpi_free_fwmem(sc); 375 376 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 377 378 ieee80211_ifdetach(ifp); 379 if_detach(ifp); 380 381 return 0; 382 } 383 384 int 385 wpi_activate(struct device *self, int act) 386 { 387 struct wpi_softc *sc = (struct wpi_softc *)self; 388 struct ifnet *ifp = &sc->sc_ic.ic_if; 389 390 switch (act) { 391 case DVACT_SUSPEND: 392 if (ifp->if_flags & IFF_RUNNING) 393 wpi_stop(ifp, 0); 394 break; 395 case DVACT_WAKEUP: 396 wpi_wakeup(sc); 397 break; 398 } 399 400 return 0; 401 } 402 403 void 404 wpi_wakeup(struct wpi_softc *sc) 405 { 406 pcireg_t reg; 407 408 /* Clear device-specific "PCI retry timeout" register (41h). */ 409 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 410 reg &= ~0xff00; 411 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 412 413 wpi_init_task(sc); 414 } 415 416 void 417 wpi_init_task(void *arg1) 418 { 419 struct wpi_softc *sc = arg1; 420 struct ifnet *ifp = &sc->sc_ic.ic_if; 421 int s; 422 423 rw_enter_write(&sc->sc_rwlock); 424 s = splnet(); 425 426 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP) 427 wpi_init(ifp); 428 429 splx(s); 430 rw_exit_write(&sc->sc_rwlock); 431 } 432 433 int 434 wpi_nic_lock(struct wpi_softc *sc) 435 { 436 int ntries; 437 438 /* Request exclusive access to NIC. */ 439 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 440 441 /* Spin until we actually get the lock. */ 442 for (ntries = 0; ntries < 1000; ntries++) { 443 if ((WPI_READ(sc, WPI_GP_CNTRL) & 444 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 445 WPI_GP_CNTRL_MAC_ACCESS_ENA) 446 return 0; 447 DELAY(10); 448 } 449 return ETIMEDOUT; 450 } 451 452 static __inline void 453 wpi_nic_unlock(struct wpi_softc *sc) 454 { 455 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 456 } 457 458 static __inline uint32_t 459 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 460 { 461 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 462 WPI_BARRIER_READ_WRITE(sc); 463 return WPI_READ(sc, WPI_PRPH_RDATA); 464 } 465 466 static __inline void 467 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 468 { 469 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 470 WPI_BARRIER_WRITE(sc); 471 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 472 } 473 474 static __inline void 475 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 476 { 477 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 478 } 479 480 static __inline void 481 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 482 { 483 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 484 } 485 486 static __inline void 487 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 488 const uint32_t *data, int count) 489 { 490 for (; count > 0; count--, data++, addr += 4) 491 wpi_prph_write(sc, addr, *data); 492 } 493 494 #ifdef WPI_DEBUG 495 496 static __inline uint32_t 497 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 498 { 499 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 500 WPI_BARRIER_READ_WRITE(sc); 501 return WPI_READ(sc, WPI_MEM_RDATA); 502 } 503 504 static __inline void 505 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 506 { 507 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 508 WPI_BARRIER_WRITE(sc); 509 WPI_WRITE(sc, WPI_MEM_WDATA, data); 510 } 511 512 static __inline void 513 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 514 int count) 515 { 516 for (; count > 0; count--, addr += 4) 517 *data++ = wpi_mem_read(sc, addr); 518 } 519 520 #endif 521 522 int 523 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 524 { 525 uint8_t *out = data; 526 uint32_t val; 527 int error, ntries; 528 529 if ((error = wpi_nic_lock(sc)) != 0) 530 return error; 531 532 for (; count > 0; count -= 2, addr++) { 533 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 534 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 535 536 for (ntries = 0; ntries < 10; ntries++) { 537 val = WPI_READ(sc, WPI_EEPROM); 538 if (val & WPI_EEPROM_READ_VALID) 539 break; 540 DELAY(5); 541 } 542 if (ntries == 10) { 543 printf("%s: could not read EEPROM\n", 544 sc->sc_dev.dv_xname); 545 return ETIMEDOUT; 546 } 547 *out++ = val >> 16; 548 if (count > 1) 549 *out++ = val >> 24; 550 } 551 552 wpi_nic_unlock(sc); 553 return 0; 554 } 555 556 int 557 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 558 bus_size_t size, bus_size_t alignment) 559 { 560 int nsegs, error; 561 562 dma->tag = tag; 563 dma->size = size; 564 565 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 566 &dma->map); 567 if (error != 0) 568 goto fail; 569 570 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 571 BUS_DMA_NOWAIT | BUS_DMA_ZERO); 572 if (error != 0) 573 goto fail; 574 575 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 576 BUS_DMA_NOWAIT | BUS_DMA_COHERENT); 577 if (error != 0) 578 goto fail; 579 580 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, 581 BUS_DMA_NOWAIT); 582 if (error != 0) 583 goto fail; 584 585 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 586 587 dma->paddr = dma->map->dm_segs[0].ds_addr; 588 if (kvap != NULL) 589 *kvap = dma->vaddr; 590 591 return 0; 592 593 fail: wpi_dma_contig_free(dma); 594 return error; 595 } 596 597 void 598 wpi_dma_contig_free(struct wpi_dma_info *dma) 599 { 600 if (dma->map != NULL) { 601 if (dma->vaddr != NULL) { 602 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 603 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 604 bus_dmamap_unload(dma->tag, dma->map); 605 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 606 bus_dmamem_free(dma->tag, &dma->seg, 1); 607 dma->vaddr = NULL; 608 } 609 bus_dmamap_destroy(dma->tag, dma->map); 610 dma->map = NULL; 611 } 612 } 613 614 int 615 wpi_alloc_shared(struct wpi_softc *sc) 616 { 617 /* Shared buffer must be aligned on a 4KB boundary. */ 618 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 619 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 620 } 621 622 void 623 wpi_free_shared(struct wpi_softc *sc) 624 { 625 wpi_dma_contig_free(&sc->shared_dma); 626 } 627 628 int 629 wpi_alloc_fwmem(struct wpi_softc *sc) 630 { 631 /* Allocate enough contiguous space to store text and data. */ 632 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 633 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 634 } 635 636 void 637 wpi_free_fwmem(struct wpi_softc *sc) 638 { 639 wpi_dma_contig_free(&sc->fw_dma); 640 } 641 642 int 643 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 644 { 645 bus_size_t size; 646 int i, error; 647 648 ring->cur = 0; 649 650 /* Allocate RX descriptors (16KB aligned.) */ 651 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 652 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 653 (void **)&ring->desc, size, 16 * 1024); 654 if (error != 0) { 655 printf("%s: could not allocate RX ring DMA memory\n", 656 sc->sc_dev.dv_xname); 657 goto fail; 658 } 659 660 /* 661 * Allocate and map RX buffers. 662 */ 663 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 664 struct wpi_rx_data *data = &ring->data[i]; 665 666 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1, 667 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map); 668 if (error != 0) { 669 printf("%s: could not create RX buf DMA map\n", 670 sc->sc_dev.dv_xname); 671 goto fail; 672 } 673 674 data->m = MCLGETL(NULL, M_DONTWAIT, WPI_RBUF_SIZE); 675 if (data->m == NULL) { 676 printf("%s: could not allocate RX mbuf\n", 677 sc->sc_dev.dv_xname); 678 error = ENOBUFS; 679 goto fail; 680 } 681 682 error = bus_dmamap_load(sc->sc_dmat, data->map, 683 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 684 BUS_DMA_NOWAIT | BUS_DMA_READ); 685 if (error != 0) { 686 printf("%s: can't map mbuf (error %d)\n", 687 sc->sc_dev.dv_xname, error); 688 goto fail; 689 } 690 691 /* Set physical address of RX buffer. */ 692 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr); 693 } 694 695 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 696 BUS_DMASYNC_PREWRITE); 697 698 return 0; 699 700 fail: wpi_free_rx_ring(sc, ring); 701 return error; 702 } 703 704 void 705 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 706 { 707 int ntries; 708 709 if (wpi_nic_lock(sc) == 0) { 710 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 711 for (ntries = 0; ntries < 100; ntries++) { 712 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 713 WPI_FH_RX_STATUS_IDLE) 714 break; 715 DELAY(10); 716 } 717 wpi_nic_unlock(sc); 718 } 719 ring->cur = 0; 720 } 721 722 void 723 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 724 { 725 int i; 726 727 wpi_dma_contig_free(&ring->desc_dma); 728 729 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 730 struct wpi_rx_data *data = &ring->data[i]; 731 732 if (data->m != NULL) { 733 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 734 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 735 bus_dmamap_unload(sc->sc_dmat, data->map); 736 m_freem(data->m); 737 } 738 if (data->map != NULL) 739 bus_dmamap_destroy(sc->sc_dmat, data->map); 740 } 741 } 742 743 int 744 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 745 { 746 bus_addr_t paddr; 747 bus_size_t size; 748 int i, error; 749 750 ring->qid = qid; 751 ring->queued = 0; 752 ring->cur = 0; 753 754 /* Allocate TX descriptors (16KB aligned.) */ 755 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 756 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 757 (void **)&ring->desc, size, 16 * 1024); 758 if (error != 0) { 759 printf("%s: could not allocate TX ring DMA memory\n", 760 sc->sc_dev.dv_xname); 761 goto fail; 762 } 763 764 /* Update shared area with ring physical address. */ 765 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 766 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 767 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 768 769 /* 770 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 771 * to allocate commands space for other rings. 772 * XXX Do we really need to allocate descriptors for other rings? 773 */ 774 if (qid > 4) 775 return 0; 776 777 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 778 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 779 (void **)&ring->cmd, size, 4); 780 if (error != 0) { 781 printf("%s: could not allocate TX cmd DMA memory\n", 782 sc->sc_dev.dv_xname); 783 goto fail; 784 } 785 786 paddr = ring->cmd_dma.paddr; 787 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 788 struct wpi_tx_data *data = &ring->data[i]; 789 790 data->cmd_paddr = paddr; 791 paddr += sizeof (struct wpi_tx_cmd); 792 793 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 794 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 795 &data->map); 796 if (error != 0) { 797 printf("%s: could not create TX buf DMA map\n", 798 sc->sc_dev.dv_xname); 799 goto fail; 800 } 801 } 802 return 0; 803 804 fail: wpi_free_tx_ring(sc, ring); 805 return error; 806 } 807 808 void 809 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 810 { 811 int i; 812 813 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 814 struct wpi_tx_data *data = &ring->data[i]; 815 816 if (data->m != NULL) { 817 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 818 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 819 bus_dmamap_unload(sc->sc_dmat, data->map); 820 m_freem(data->m); 821 data->m = NULL; 822 } 823 } 824 /* Clear TX descriptors. */ 825 memset(ring->desc, 0, ring->desc_dma.size); 826 sc->qfullmsk &= ~(1 << ring->qid); 827 ring->queued = 0; 828 ring->cur = 0; 829 } 830 831 void 832 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 833 { 834 int i; 835 836 wpi_dma_contig_free(&ring->desc_dma); 837 wpi_dma_contig_free(&ring->cmd_dma); 838 839 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 840 struct wpi_tx_data *data = &ring->data[i]; 841 842 if (data->m != NULL) { 843 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 844 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 845 bus_dmamap_unload(sc->sc_dmat, data->map); 846 m_freem(data->m); 847 } 848 if (data->map != NULL) 849 bus_dmamap_destroy(sc->sc_dmat, data->map); 850 } 851 } 852 853 int 854 wpi_read_eeprom(struct wpi_softc *sc) 855 { 856 struct ieee80211com *ic = &sc->sc_ic; 857 char domain[4]; 858 int i; 859 860 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 861 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 862 return EIO; 863 } 864 /* Clear HW ownership of EEPROM. */ 865 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 866 867 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 868 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 869 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 870 871 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 872 sc->type)); 873 874 /* Read and print regulatory domain (4 ASCII characters.) */ 875 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 876 printf(", %.4s", domain); 877 878 /* Read and print MAC address. */ 879 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 880 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 881 882 /* Read the list of authorized channels. */ 883 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 884 wpi_read_eeprom_channels(sc, i); 885 886 /* Read the list of TX power groups. */ 887 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 888 wpi_read_eeprom_group(sc, i); 889 890 return 0; 891 } 892 893 void 894 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 895 { 896 struct ieee80211com *ic = &sc->sc_ic; 897 const struct wpi_chan_band *band = &wpi_bands[n]; 898 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 899 int chan, i; 900 901 wpi_read_prom_data(sc, band->addr, channels, 902 band->nchan * sizeof (struct wpi_eeprom_chan)); 903 904 for (i = 0; i < band->nchan; i++) { 905 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 906 continue; 907 908 chan = band->chan[i]; 909 910 if (n == 0) { /* 2GHz band */ 911 ic->ic_channels[chan].ic_freq = 912 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 913 ic->ic_channels[chan].ic_flags = 914 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 915 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 916 917 } else { /* 5GHz band */ 918 /* 919 * Some adapters support channels 7, 8, 11 and 12 920 * both in the 2GHz and 4.9GHz bands. 921 * Because of limitations in our net80211 layer, 922 * we don't support them in the 4.9GHz band. 923 */ 924 if (chan <= 14) 925 continue; 926 927 ic->ic_channels[chan].ic_freq = 928 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 929 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 930 /* We have at least one valid 5GHz channel. */ 931 sc->sc_flags |= WPI_FLAG_HAS_5GHZ; 932 } 933 934 /* Is active scan allowed on this channel? */ 935 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 936 ic->ic_channels[chan].ic_flags |= 937 IEEE80211_CHAN_PASSIVE; 938 } 939 940 /* Save maximum allowed TX power for this channel. */ 941 sc->maxpwr[chan] = channels[i].maxpwr; 942 943 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 944 chan, channels[i].flags, sc->maxpwr[chan])); 945 } 946 } 947 948 void 949 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 950 { 951 struct wpi_power_group *group = &sc->groups[n]; 952 struct wpi_eeprom_group rgroup; 953 int i; 954 955 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 956 sizeof rgroup); 957 958 /* Save TX power group information. */ 959 group->chan = rgroup.chan; 960 group->maxpwr = rgroup.maxpwr; 961 /* Retrieve temperature at which the samples were taken. */ 962 group->temp = (int16_t)letoh16(rgroup.temp); 963 964 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 965 group->chan, group->maxpwr, group->temp)); 966 967 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 968 group->samples[i].index = rgroup.samples[i].index; 969 group->samples[i].power = rgroup.samples[i].power; 970 971 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 972 group->samples[i].index, group->samples[i].power)); 973 } 974 } 975 976 struct ieee80211_node * 977 wpi_node_alloc(struct ieee80211com *ic) 978 { 979 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 980 } 981 982 void 983 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 984 { 985 struct wpi_softc *sc = ic->ic_if.if_softc; 986 struct wpi_node *wn = (void *)ni; 987 uint8_t rate; 988 int ridx, i; 989 990 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 991 /* Start at lowest available bit-rate, AMRR will raise. */ 992 ni->ni_txrate = 0; 993 994 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 995 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 996 /* Map 802.11 rate to HW rate index. */ 997 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 998 if (wpi_rates[ridx].rate == rate) 999 break; 1000 wn->ridx[i] = ridx; 1001 } 1002 } 1003 1004 int 1005 wpi_media_change(struct ifnet *ifp) 1006 { 1007 struct wpi_softc *sc = ifp->if_softc; 1008 struct ieee80211com *ic = &sc->sc_ic; 1009 uint8_t rate, ridx; 1010 int error; 1011 1012 error = ieee80211_media_change(ifp); 1013 if (error != ENETRESET) 1014 return error; 1015 1016 if (ic->ic_fixed_rate != -1) { 1017 rate = ic->ic_sup_rates[ic->ic_curmode]. 1018 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1019 /* Map 802.11 rate to HW rate index. */ 1020 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1021 if (wpi_rates[ridx].rate == rate) 1022 break; 1023 sc->fixed_ridx = ridx; 1024 } 1025 1026 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1027 (IFF_UP | IFF_RUNNING)) { 1028 wpi_stop(ifp, 0); 1029 error = wpi_init(ifp); 1030 } 1031 return error; 1032 } 1033 1034 int 1035 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1036 { 1037 struct ifnet *ifp = &ic->ic_if; 1038 struct wpi_softc *sc = ifp->if_softc; 1039 int error; 1040 1041 timeout_del(&sc->calib_to); 1042 1043 switch (nstate) { 1044 case IEEE80211_S_SCAN: 1045 /* Make the link LED blink while we're scanning. */ 1046 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1047 1048 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1049 printf("%s: could not initiate scan\n", 1050 sc->sc_dev.dv_xname); 1051 return error; 1052 } 1053 if (ifp->if_flags & IFF_DEBUG) 1054 printf("%s: %s -> %s\n", ifp->if_xname, 1055 ieee80211_state_name[ic->ic_state], 1056 ieee80211_state_name[nstate]); 1057 ieee80211_set_link_state(ic, LINK_STATE_DOWN); 1058 ieee80211_node_cleanup(ic, ic->ic_bss); 1059 ic->ic_state = nstate; 1060 return 0; 1061 1062 case IEEE80211_S_ASSOC: 1063 if (ic->ic_state != IEEE80211_S_RUN) 1064 break; 1065 /* FALLTHROUGH */ 1066 case IEEE80211_S_AUTH: 1067 /* Reset state to handle reassociations correctly. */ 1068 sc->rxon.associd = 0; 1069 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1070 1071 if ((error = wpi_auth(sc)) != 0) { 1072 printf("%s: could not move to auth state\n", 1073 sc->sc_dev.dv_xname); 1074 return error; 1075 } 1076 break; 1077 1078 case IEEE80211_S_RUN: 1079 if ((error = wpi_run(sc)) != 0) { 1080 printf("%s: could not move to run state\n", 1081 sc->sc_dev.dv_xname); 1082 return error; 1083 } 1084 break; 1085 1086 case IEEE80211_S_INIT: 1087 break; 1088 } 1089 1090 return sc->sc_newstate(ic, nstate, arg); 1091 } 1092 1093 void 1094 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1095 { 1096 struct wpi_softc *sc = arg; 1097 struct wpi_node *wn = (struct wpi_node *)ni; 1098 1099 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1100 } 1101 1102 void 1103 wpi_calib_timeout(void *arg) 1104 { 1105 struct wpi_softc *sc = arg; 1106 struct ieee80211com *ic = &sc->sc_ic; 1107 int s; 1108 1109 s = splnet(); 1110 /* Automatic rate control triggered every 500ms. */ 1111 if (ic->ic_fixed_rate == -1) { 1112 if (ic->ic_opmode == IEEE80211_M_STA) 1113 wpi_iter_func(sc, ic->ic_bss); 1114 else 1115 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1116 } 1117 1118 /* Force automatic TX power calibration every 60 secs. */ 1119 if (++sc->calib_cnt >= 120) { 1120 wpi_power_calibration(sc); 1121 sc->calib_cnt = 0; 1122 } 1123 splx(s); 1124 1125 /* Automatic rate control triggered every 500ms. */ 1126 timeout_add_msec(&sc->calib_to, 500); 1127 } 1128 1129 int 1130 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1131 { 1132 struct ieee80211com *ic = &sc->sc_ic; 1133 struct ieee80211_frame *wh; 1134 uint64_t pn, *prsc; 1135 uint8_t *ivp; 1136 uint8_t tid; 1137 int hdrlen; 1138 1139 wh = mtod(m, struct ieee80211_frame *); 1140 hdrlen = ieee80211_get_hdrlen(wh); 1141 ivp = (uint8_t *)wh + hdrlen; 1142 1143 /* Check that ExtIV bit is set. */ 1144 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1145 DPRINTF(("CCMP decap ExtIV not set\n")); 1146 return 1; 1147 } 1148 tid = ieee80211_has_qos(wh) ? 1149 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1150 prsc = &k->k_rsc[tid]; 1151 1152 /* Extract the 48-bit PN from the CCMP header. */ 1153 pn = (uint64_t)ivp[0] | 1154 (uint64_t)ivp[1] << 8 | 1155 (uint64_t)ivp[4] << 16 | 1156 (uint64_t)ivp[5] << 24 | 1157 (uint64_t)ivp[6] << 32 | 1158 (uint64_t)ivp[7] << 40; 1159 if (pn <= *prsc) { 1160 DPRINTF(("CCMP replayed\n")); 1161 ic->ic_stats.is_ccmp_replays++; 1162 return 1; 1163 } 1164 /* Last seen packet number is updated in ieee80211_inputm(). */ 1165 1166 /* Strip MIC. IV will be stripped by ieee80211_inputm(). */ 1167 m_adj(m, -IEEE80211_CCMP_MICLEN); 1168 return 0; 1169 } 1170 1171 void 1172 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1173 struct wpi_rx_data *data, struct mbuf_list *ml) 1174 { 1175 struct ieee80211com *ic = &sc->sc_ic; 1176 struct ifnet *ifp = &ic->ic_if; 1177 struct wpi_rx_ring *ring = &sc->rxq; 1178 struct wpi_rx_stat *stat; 1179 struct wpi_rx_head *head; 1180 struct wpi_rx_tail *tail; 1181 struct ieee80211_frame *wh; 1182 struct ieee80211_rxinfo rxi; 1183 struct ieee80211_node *ni; 1184 struct mbuf *m, *m1; 1185 uint32_t flags; 1186 int error; 1187 1188 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE, 1189 BUS_DMASYNC_POSTREAD); 1190 stat = (struct wpi_rx_stat *)(desc + 1); 1191 1192 if (stat->len > WPI_STAT_MAXLEN) { 1193 printf("%s: invalid RX statistic header\n", 1194 sc->sc_dev.dv_xname); 1195 ifp->if_ierrors++; 1196 return; 1197 } 1198 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1199 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1200 flags = letoh32(tail->flags); 1201 1202 /* Discard frames with a bad FCS early. */ 1203 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1204 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1205 ifp->if_ierrors++; 1206 return; 1207 } 1208 /* Discard frames that are too short. */ 1209 if (letoh16(head->len) < sizeof (*wh)) { 1210 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1211 ic->ic_stats.is_rx_tooshort++; 1212 ifp->if_ierrors++; 1213 return; 1214 } 1215 1216 m1 = MCLGETL(NULL, M_DONTWAIT, WPI_RBUF_SIZE); 1217 if (m1 == NULL) { 1218 ic->ic_stats.is_rx_nombuf++; 1219 ifp->if_ierrors++; 1220 return; 1221 } 1222 bus_dmamap_unload(sc->sc_dmat, data->map); 1223 1224 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 1225 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 1226 if (error != 0) { 1227 m_freem(m1); 1228 1229 /* Try to reload the old mbuf. */ 1230 error = bus_dmamap_load(sc->sc_dmat, data->map, 1231 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 1232 BUS_DMA_NOWAIT | BUS_DMA_READ); 1233 if (error != 0) { 1234 panic("%s: could not load old RX mbuf", 1235 sc->sc_dev.dv_xname); 1236 } 1237 /* Physical address may have changed. */ 1238 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1239 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1240 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1241 BUS_DMASYNC_PREWRITE); 1242 ifp->if_ierrors++; 1243 return; 1244 } 1245 1246 m = data->m; 1247 data->m = m1; 1248 /* Update RX descriptor. */ 1249 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1250 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1251 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1252 BUS_DMASYNC_PREWRITE); 1253 1254 /* Finalize mbuf. */ 1255 m->m_data = (caddr_t)(head + 1); 1256 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1257 1258 /* Grab a reference to the source node. */ 1259 wh = mtod(m, struct ieee80211_frame *); 1260 ni = ieee80211_find_rxnode(ic, wh); 1261 1262 memset(&rxi, 0, sizeof(rxi)); 1263 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1264 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1265 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1266 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1267 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1268 ic->ic_stats.is_ccmp_dec_errs++; 1269 ifp->if_ierrors++; 1270 m_freem(m); 1271 ieee80211_release_node(ic, ni); 1272 return; 1273 } 1274 /* Check whether decryption was successful or not. */ 1275 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1276 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1277 ic->ic_stats.is_ccmp_dec_errs++; 1278 ifp->if_ierrors++; 1279 m_freem(m); 1280 ieee80211_release_node(ic, ni); 1281 return; 1282 } 1283 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1284 ifp->if_ierrors++; 1285 m_freem(m); 1286 ieee80211_release_node(ic, ni); 1287 return; 1288 } 1289 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1290 } 1291 1292 #if NBPFILTER > 0 1293 if (sc->sc_drvbpf != NULL) { 1294 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1295 1296 tap->wr_flags = 0; 1297 if (letoh16(head->flags) & 0x4) 1298 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1299 tap->wr_chan_freq = 1300 htole16(ic->ic_channels[head->chan].ic_freq); 1301 tap->wr_chan_flags = 1302 htole16(ic->ic_channels[head->chan].ic_flags); 1303 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1304 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1305 tap->wr_tsft = tail->tstamp; 1306 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1307 switch (head->rate) { 1308 /* CCK rates. */ 1309 case 10: tap->wr_rate = 2; break; 1310 case 20: tap->wr_rate = 4; break; 1311 case 55: tap->wr_rate = 11; break; 1312 case 110: tap->wr_rate = 22; break; 1313 /* OFDM rates. */ 1314 case 0xd: tap->wr_rate = 12; break; 1315 case 0xf: tap->wr_rate = 18; break; 1316 case 0x5: tap->wr_rate = 24; break; 1317 case 0x7: tap->wr_rate = 36; break; 1318 case 0x9: tap->wr_rate = 48; break; 1319 case 0xb: tap->wr_rate = 72; break; 1320 case 0x1: tap->wr_rate = 96; break; 1321 case 0x3: tap->wr_rate = 108; break; 1322 /* Unknown rate: should not happen. */ 1323 default: tap->wr_rate = 0; 1324 } 1325 1326 bpf_mtap_hdr(sc->sc_drvbpf, tap, sc->sc_rxtap_len, 1327 m, BPF_DIRECTION_IN); 1328 } 1329 #endif 1330 1331 /* Send the frame to the 802.11 layer. */ 1332 rxi.rxi_rssi = stat->rssi; 1333 ieee80211_inputm(ifp, m, ni, &rxi, ml); 1334 1335 /* Node is no longer needed. */ 1336 ieee80211_release_node(ic, ni); 1337 } 1338 1339 void 1340 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1341 { 1342 struct ieee80211com *ic = &sc->sc_ic; 1343 struct ifnet *ifp = &ic->ic_if; 1344 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1345 struct wpi_tx_data *data = &ring->data[desc->idx]; 1346 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1347 struct wpi_node *wn = (struct wpi_node *)data->ni; 1348 1349 /* Update rate control statistics. */ 1350 wn->amn.amn_txcnt++; 1351 if (stat->retrycnt > 0) 1352 wn->amn.amn_retrycnt++; 1353 1354 if ((letoh32(stat->status) & 0xff) != 1) 1355 ifp->if_oerrors++; 1356 1357 /* Unmap and free mbuf. */ 1358 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1359 BUS_DMASYNC_POSTWRITE); 1360 bus_dmamap_unload(sc->sc_dmat, data->map); 1361 m_freem(data->m); 1362 data->m = NULL; 1363 ieee80211_release_node(ic, data->ni); 1364 data->ni = NULL; 1365 1366 sc->sc_tx_timer = 0; 1367 if (--ring->queued < WPI_TX_RING_LOMARK) { 1368 sc->qfullmsk &= ~(1 << ring->qid); 1369 if (sc->qfullmsk == 0 && ifq_is_oactive(&ifp->if_snd)) { 1370 ifq_clr_oactive(&ifp->if_snd); 1371 (*ifp->if_start)(ifp); 1372 } 1373 } 1374 } 1375 1376 void 1377 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1378 { 1379 struct wpi_tx_ring *ring = &sc->txq[4]; 1380 struct wpi_tx_data *data; 1381 1382 if ((desc->qid & 7) != 4) 1383 return; /* Not a command ack. */ 1384 1385 data = &ring->data[desc->idx]; 1386 1387 /* If the command was mapped in an mbuf, free it. */ 1388 if (data->m != NULL) { 1389 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1390 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1391 bus_dmamap_unload(sc->sc_dmat, data->map); 1392 m_freem(data->m); 1393 data->m = NULL; 1394 } 1395 wakeup(&ring->cmd[desc->idx]); 1396 } 1397 1398 void 1399 wpi_notif_intr(struct wpi_softc *sc) 1400 { 1401 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 1402 struct ieee80211com *ic = &sc->sc_ic; 1403 struct ifnet *ifp = &ic->ic_if; 1404 uint32_t hw; 1405 1406 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1407 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1408 1409 hw = letoh32(sc->shared->next); 1410 while (sc->rxq.cur != hw) { 1411 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1412 struct wpi_rx_desc *desc; 1413 1414 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 1415 BUS_DMASYNC_POSTREAD); 1416 desc = mtod(data->m, struct wpi_rx_desc *); 1417 1418 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1419 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1420 letoh32(desc->len))); 1421 1422 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1423 wpi_cmd_done(sc, desc); 1424 1425 switch (desc->type) { 1426 case WPI_RX_DONE: 1427 /* An 802.11 frame has been received. */ 1428 wpi_rx_done(sc, desc, data, &ml); 1429 break; 1430 1431 case WPI_TX_DONE: 1432 /* An 802.11 frame has been transmitted. */ 1433 wpi_tx_done(sc, desc); 1434 break; 1435 1436 case WPI_UC_READY: 1437 { 1438 struct wpi_ucode_info *uc = 1439 (struct wpi_ucode_info *)(desc + 1); 1440 1441 /* The microcontroller is ready. */ 1442 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1443 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1444 DPRINTF(("microcode alive notification version %x " 1445 "alive %x\n", letoh32(uc->version), 1446 letoh32(uc->valid))); 1447 1448 if (letoh32(uc->valid) != 1) { 1449 printf("%s: microcontroller initialization " 1450 "failed\n", sc->sc_dev.dv_xname); 1451 } 1452 if (uc->subtype != WPI_UCODE_INIT) { 1453 /* Save the address of the error log. */ 1454 sc->errptr = letoh32(uc->errptr); 1455 } 1456 break; 1457 } 1458 case WPI_STATE_CHANGED: 1459 { 1460 uint32_t *status = (uint32_t *)(desc + 1); 1461 1462 /* Enabled/disabled notification. */ 1463 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1464 sizeof (*status), BUS_DMASYNC_POSTREAD); 1465 DPRINTF(("state changed to %x\n", letoh32(*status))); 1466 1467 if (letoh32(*status) & 1) { 1468 /* The radio button has to be pushed. */ 1469 printf("%s: Radio transmitter is off\n", 1470 sc->sc_dev.dv_xname); 1471 /* Turn the interface down. */ 1472 wpi_stop(ifp, 1); 1473 return; /* No further processing. */ 1474 } 1475 break; 1476 } 1477 case WPI_START_SCAN: 1478 { 1479 struct wpi_start_scan *scan = 1480 (struct wpi_start_scan *)(desc + 1); 1481 1482 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1483 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1484 DPRINTFN(2, ("scanning channel %d status %x\n", 1485 scan->chan, letoh32(scan->status))); 1486 1487 /* Fix current channel. */ 1488 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1489 break; 1490 } 1491 case WPI_STOP_SCAN: 1492 { 1493 struct wpi_stop_scan *scan = 1494 (struct wpi_stop_scan *)(desc + 1); 1495 1496 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1497 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1498 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1499 scan->nchan, scan->status, scan->chan)); 1500 1501 if (scan->status == 1 && scan->chan <= 14 && 1502 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1503 /* 1504 * We just finished scanning 2GHz channels, 1505 * start scanning 5GHz ones. 1506 */ 1507 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1508 break; 1509 } 1510 ieee80211_end_scan(ifp); 1511 break; 1512 } 1513 } 1514 1515 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1516 } 1517 if_input(&ic->ic_if, &ml); 1518 1519 /* Tell the firmware what we have processed. */ 1520 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1521 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1522 } 1523 1524 #ifdef WPI_DEBUG 1525 /* 1526 * Dump the error log of the firmware when a firmware panic occurs. Although 1527 * we can't debug the firmware because it is neither open source nor free, it 1528 * can help us to identify certain classes of problems. 1529 */ 1530 void 1531 wpi_fatal_intr(struct wpi_softc *sc) 1532 { 1533 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1534 struct wpi_fwdump dump; 1535 uint32_t i, offset, count; 1536 1537 /* Check that the error log address is valid. */ 1538 if (sc->errptr < WPI_FW_DATA_BASE || 1539 sc->errptr + sizeof (dump) > 1540 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1541 printf("%s: bad firmware error log address 0x%08x\n", 1542 sc->sc_dev.dv_xname, sc->errptr); 1543 return; 1544 } 1545 1546 if (wpi_nic_lock(sc) != 0) { 1547 printf("%s: could not read firmware error log\n", 1548 sc->sc_dev.dv_xname); 1549 return; 1550 } 1551 /* Read number of entries in the log. */ 1552 count = wpi_mem_read(sc, sc->errptr); 1553 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1554 printf("%s: invalid count field (count=%u)\n", 1555 sc->sc_dev.dv_xname, count); 1556 wpi_nic_unlock(sc); 1557 return; 1558 } 1559 /* Skip "count" field. */ 1560 offset = sc->errptr + sizeof (uint32_t); 1561 printf("firmware error log (count=%u):\n", count); 1562 for (i = 0; i < count; i++) { 1563 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1564 sizeof (dump) / sizeof (uint32_t)); 1565 1566 printf(" error type = \"%s\" (0x%08X)\n", 1567 (dump.desc < N(wpi_fw_errmsg)) ? 1568 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1569 dump.desc); 1570 printf(" error data = 0x%08X\n", 1571 dump.data); 1572 printf(" branch link = 0x%08X%08X\n", 1573 dump.blink[0], dump.blink[1]); 1574 printf(" interrupt link = 0x%08X%08X\n", 1575 dump.ilink[0], dump.ilink[1]); 1576 printf(" time = %u\n", dump.time); 1577 1578 offset += sizeof (dump); 1579 } 1580 wpi_nic_unlock(sc); 1581 /* Dump driver status (TX and RX rings) while we're here. */ 1582 printf("driver status:\n"); 1583 for (i = 0; i < 6; i++) { 1584 struct wpi_tx_ring *ring = &sc->txq[i]; 1585 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1586 i, ring->qid, ring->cur, ring->queued); 1587 } 1588 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1589 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1590 #undef N 1591 } 1592 #endif 1593 1594 int 1595 wpi_intr(void *arg) 1596 { 1597 struct wpi_softc *sc = arg; 1598 struct ifnet *ifp = &sc->sc_ic.ic_if; 1599 uint32_t r1, r2; 1600 1601 /* Disable interrupts. */ 1602 WPI_WRITE(sc, WPI_MASK, 0); 1603 1604 r1 = WPI_READ(sc, WPI_INT); 1605 r2 = WPI_READ(sc, WPI_FH_INT); 1606 1607 if (r1 == 0 && r2 == 0) { 1608 if (ifp->if_flags & IFF_UP) 1609 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1610 return 0; /* Interrupt not for us. */ 1611 } 1612 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1613 return 0; /* Hardware gone! */ 1614 1615 /* Acknowledge interrupts. */ 1616 WPI_WRITE(sc, WPI_INT, r1); 1617 WPI_WRITE(sc, WPI_FH_INT, r2); 1618 1619 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1620 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1621 /* Dump firmware error log and stop. */ 1622 #ifdef WPI_DEBUG 1623 wpi_fatal_intr(sc); 1624 #endif 1625 wpi_stop(ifp, 1); 1626 task_add(systq, &sc->init_task); 1627 return 1; 1628 } 1629 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1630 (r2 & WPI_FH_INT_RX)) 1631 wpi_notif_intr(sc); 1632 1633 if (r1 & WPI_INT_ALIVE) 1634 wakeup(sc); /* Firmware is alive. */ 1635 1636 /* Re-enable interrupts. */ 1637 if (ifp->if_flags & IFF_UP) 1638 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1639 1640 return 1; 1641 } 1642 1643 int 1644 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1645 { 1646 struct ieee80211com *ic = &sc->sc_ic; 1647 struct wpi_node *wn = (void *)ni; 1648 struct wpi_tx_ring *ring; 1649 struct wpi_tx_desc *desc; 1650 struct wpi_tx_data *data; 1651 struct wpi_tx_cmd *cmd; 1652 struct wpi_cmd_data *tx; 1653 const struct wpi_rate *rinfo; 1654 struct ieee80211_frame *wh; 1655 struct ieee80211_key *k = NULL; 1656 enum ieee80211_edca_ac ac; 1657 uint32_t flags; 1658 uint16_t qos; 1659 u_int hdrlen; 1660 uint8_t *ivp, tid, ridx, type; 1661 int i, totlen, hasqos, error; 1662 1663 wh = mtod(m, struct ieee80211_frame *); 1664 hdrlen = ieee80211_get_hdrlen(wh); 1665 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1666 1667 /* Select EDCA Access Category and TX ring for this frame. */ 1668 if ((hasqos = ieee80211_has_qos(wh))) { 1669 qos = ieee80211_get_qos(wh); 1670 tid = qos & IEEE80211_QOS_TID; 1671 ac = ieee80211_up_to_ac(ic, tid); 1672 } else { 1673 tid = 0; 1674 ac = EDCA_AC_BE; 1675 } 1676 1677 ring = &sc->txq[ac]; 1678 desc = &ring->desc[ring->cur]; 1679 data = &ring->data[ring->cur]; 1680 1681 /* Choose a TX rate index. */ 1682 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1683 type != IEEE80211_FC0_TYPE_DATA) { 1684 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1685 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1686 } else if (ic->ic_fixed_rate != -1) { 1687 ridx = sc->fixed_ridx; 1688 } else 1689 ridx = wn->ridx[ni->ni_txrate]; 1690 rinfo = &wpi_rates[ridx]; 1691 1692 #if NBPFILTER > 0 1693 if (sc->sc_drvbpf != NULL) { 1694 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1695 1696 tap->wt_flags = 0; 1697 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1698 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1699 tap->wt_rate = rinfo->rate; 1700 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1701 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1702 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1703 1704 bpf_mtap_hdr(sc->sc_drvbpf, tap, sc->sc_txtap_len, 1705 m, BPF_DIRECTION_OUT); 1706 } 1707 #endif 1708 1709 totlen = m->m_pkthdr.len; 1710 1711 /* Encrypt the frame if need be. */ 1712 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1713 /* Retrieve key for TX. */ 1714 k = ieee80211_get_txkey(ic, wh, ni); 1715 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1716 /* Do software encryption. */ 1717 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1718 return ENOBUFS; 1719 /* 802.11 header may have moved. */ 1720 wh = mtod(m, struct ieee80211_frame *); 1721 totlen = m->m_pkthdr.len; 1722 1723 } else /* HW appends CCMP MIC. */ 1724 totlen += IEEE80211_CCMP_HDRLEN; 1725 } 1726 1727 /* Prepare TX firmware command. */ 1728 cmd = &ring->cmd[ring->cur]; 1729 cmd->code = WPI_CMD_TX_DATA; 1730 cmd->flags = 0; 1731 cmd->qid = ring->qid; 1732 cmd->idx = ring->cur; 1733 1734 tx = (struct wpi_cmd_data *)cmd->data; 1735 /* NB: No need to clear tx, all fields are reinitialized here. */ 1736 1737 flags = 0; 1738 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1739 /* Unicast frame, check if an ACK is expected. */ 1740 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1741 IEEE80211_QOS_ACK_POLICY_NOACK) 1742 flags |= WPI_TX_NEED_ACK; 1743 } 1744 1745 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1746 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1747 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1748 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1749 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1750 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1751 ridx <= WPI_RIDX_OFDM54) { 1752 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1753 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1754 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1755 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1756 } 1757 } 1758 1759 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1760 type != IEEE80211_FC0_TYPE_DATA) 1761 tx->id = WPI_ID_BROADCAST; 1762 else 1763 tx->id = wn->id; 1764 1765 if (type == IEEE80211_FC0_TYPE_MGT) { 1766 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1767 1768 #ifndef IEEE80211_STA_ONLY 1769 /* Tell HW to set timestamp in probe responses. */ 1770 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1771 flags |= WPI_TX_INSERT_TSTAMP; 1772 #endif 1773 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1774 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1775 tx->timeout = htole16(3); 1776 else 1777 tx->timeout = htole16(2); 1778 } else 1779 tx->timeout = htole16(0); 1780 1781 tx->len = htole16(totlen); 1782 tx->tid = tid; 1783 tx->rts_ntries = 7; 1784 tx->data_ntries = 15; 1785 tx->ofdm_mask = 0xff; 1786 tx->cck_mask = 0x0f; 1787 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1788 tx->plcp = rinfo->plcp; 1789 1790 /* Copy 802.11 header in TX command. */ 1791 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1792 1793 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1794 /* Trim 802.11 header and prepend CCMP IV. */ 1795 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1796 ivp = mtod(m, uint8_t *); 1797 k->k_tsc++; 1798 ivp[0] = k->k_tsc; 1799 ivp[1] = k->k_tsc >> 8; 1800 ivp[2] = 0; 1801 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1802 ivp[4] = k->k_tsc >> 16; 1803 ivp[5] = k->k_tsc >> 24; 1804 ivp[6] = k->k_tsc >> 32; 1805 ivp[7] = k->k_tsc >> 40; 1806 1807 tx->security = WPI_CIPHER_CCMP; 1808 memcpy(tx->key, k->k_key, k->k_len); 1809 } else { 1810 /* Trim 802.11 header. */ 1811 m_adj(m, hdrlen); 1812 tx->security = 0; 1813 } 1814 tx->flags = htole32(flags); 1815 1816 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1817 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1818 if (error != 0 && error != EFBIG) { 1819 printf("%s: can't map mbuf (error %d)\n", 1820 sc->sc_dev.dv_xname, error); 1821 m_freem(m); 1822 return error; 1823 } 1824 if (error != 0) { 1825 /* Too many DMA segments, linearize mbuf. */ 1826 if (m_defrag(m, M_DONTWAIT)) { 1827 m_freem(m); 1828 return ENOBUFS; 1829 } 1830 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1831 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1832 if (error != 0) { 1833 printf("%s: can't map mbuf (error %d)\n", 1834 sc->sc_dev.dv_xname, error); 1835 m_freem(m); 1836 return error; 1837 } 1838 } 1839 1840 data->m = m; 1841 data->ni = ni; 1842 1843 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1844 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1845 1846 /* Fill TX descriptor. */ 1847 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1848 (1 + data->map->dm_nsegs) << 24); 1849 /* First DMA segment is used by the TX command. */ 1850 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1851 ring->cur * sizeof (struct wpi_tx_cmd)); 1852 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1853 ((hdrlen + 3) & ~3)); 1854 /* Other DMA segments are for data payload. */ 1855 for (i = 1; i <= data->map->dm_nsegs; i++) { 1856 desc->segs[i].addr = 1857 htole32(data->map->dm_segs[i - 1].ds_addr); 1858 desc->segs[i].len = 1859 htole32(data->map->dm_segs[i - 1].ds_len); 1860 } 1861 1862 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1863 BUS_DMASYNC_PREWRITE); 1864 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1865 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1866 BUS_DMASYNC_PREWRITE); 1867 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1868 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1869 BUS_DMASYNC_PREWRITE); 1870 1871 /* Kick TX ring. */ 1872 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1873 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1874 1875 /* Mark TX ring as full if we reach a certain threshold. */ 1876 if (++ring->queued > WPI_TX_RING_HIMARK) 1877 sc->qfullmsk |= 1 << ring->qid; 1878 1879 return 0; 1880 } 1881 1882 void 1883 wpi_start(struct ifnet *ifp) 1884 { 1885 struct wpi_softc *sc = ifp->if_softc; 1886 struct ieee80211com *ic = &sc->sc_ic; 1887 struct ieee80211_node *ni; 1888 struct mbuf *m; 1889 1890 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 1891 return; 1892 1893 for (;;) { 1894 if (sc->qfullmsk != 0) { 1895 ifq_set_oactive(&ifp->if_snd); 1896 break; 1897 } 1898 /* Send pending management frames first. */ 1899 m = mq_dequeue(&ic->ic_mgtq); 1900 if (m != NULL) { 1901 ni = m->m_pkthdr.ph_cookie; 1902 goto sendit; 1903 } 1904 if (ic->ic_state != IEEE80211_S_RUN) 1905 break; 1906 1907 /* Encapsulate and send data frames. */ 1908 m = ifq_dequeue(&ifp->if_snd); 1909 if (m == NULL) 1910 break; 1911 #if NBPFILTER > 0 1912 if (ifp->if_bpf != NULL) 1913 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1914 #endif 1915 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1916 continue; 1917 sendit: 1918 #if NBPFILTER > 0 1919 if (ic->ic_rawbpf != NULL) 1920 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1921 #endif 1922 if (wpi_tx(sc, m, ni) != 0) { 1923 ieee80211_release_node(ic, ni); 1924 ifp->if_oerrors++; 1925 continue; 1926 } 1927 1928 sc->sc_tx_timer = 5; 1929 ifp->if_timer = 1; 1930 } 1931 } 1932 1933 void 1934 wpi_watchdog(struct ifnet *ifp) 1935 { 1936 struct wpi_softc *sc = ifp->if_softc; 1937 1938 ifp->if_timer = 0; 1939 1940 if (sc->sc_tx_timer > 0) { 1941 if (--sc->sc_tx_timer == 0) { 1942 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1943 wpi_stop(ifp, 1); 1944 ifp->if_oerrors++; 1945 return; 1946 } 1947 ifp->if_timer = 1; 1948 } 1949 1950 ieee80211_watchdog(ifp); 1951 } 1952 1953 int 1954 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1955 { 1956 struct wpi_softc *sc = ifp->if_softc; 1957 struct ieee80211com *ic = &sc->sc_ic; 1958 int s, error = 0; 1959 1960 error = rw_enter(&sc->sc_rwlock, RW_WRITE | RW_INTR); 1961 if (error) 1962 return error; 1963 s = splnet(); 1964 1965 switch (cmd) { 1966 case SIOCSIFADDR: 1967 ifp->if_flags |= IFF_UP; 1968 /* FALLTHROUGH */ 1969 case SIOCSIFFLAGS: 1970 if (ifp->if_flags & IFF_UP) { 1971 if (!(ifp->if_flags & IFF_RUNNING)) 1972 error = wpi_init(ifp); 1973 } else { 1974 if (ifp->if_flags & IFF_RUNNING) 1975 wpi_stop(ifp, 1); 1976 } 1977 break; 1978 1979 case SIOCS80211POWER: 1980 error = ieee80211_ioctl(ifp, cmd, data); 1981 if (error != ENETRESET) 1982 break; 1983 if (ic->ic_state == IEEE80211_S_RUN) { 1984 if (ic->ic_flags & IEEE80211_F_PMGTON) 1985 error = wpi_set_pslevel(sc, 0, 3, 0); 1986 else /* back to CAM */ 1987 error = wpi_set_pslevel(sc, 0, 0, 0); 1988 } else { 1989 /* Defer until transition to IEEE80211_S_RUN. */ 1990 error = 0; 1991 } 1992 break; 1993 1994 default: 1995 error = ieee80211_ioctl(ifp, cmd, data); 1996 } 1997 1998 if (error == ENETRESET) { 1999 error = 0; 2000 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2001 (IFF_UP | IFF_RUNNING)) { 2002 wpi_stop(ifp, 0); 2003 error = wpi_init(ifp); 2004 } 2005 } 2006 2007 splx(s); 2008 rw_exit_write(&sc->sc_rwlock); 2009 return error; 2010 } 2011 2012 /* 2013 * Send a command to the firmware. 2014 */ 2015 int 2016 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2017 { 2018 struct wpi_tx_ring *ring = &sc->txq[4]; 2019 struct wpi_tx_desc *desc; 2020 struct wpi_tx_data *data; 2021 struct wpi_tx_cmd *cmd; 2022 struct mbuf *m; 2023 bus_addr_t paddr; 2024 int totlen, error; 2025 2026 desc = &ring->desc[ring->cur]; 2027 data = &ring->data[ring->cur]; 2028 totlen = 4 + size; 2029 2030 if (size > sizeof cmd->data) { 2031 /* Command is too large to fit in a descriptor. */ 2032 if (totlen > MCLBYTES) 2033 return EINVAL; 2034 MGETHDR(m, M_DONTWAIT, MT_DATA); 2035 if (m == NULL) 2036 return ENOMEM; 2037 if (totlen > MHLEN) { 2038 MCLGET(m, M_DONTWAIT); 2039 if (!(m->m_flags & M_EXT)) { 2040 m_freem(m); 2041 return ENOMEM; 2042 } 2043 } 2044 cmd = mtod(m, struct wpi_tx_cmd *); 2045 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2046 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2047 if (error != 0) { 2048 m_freem(m); 2049 return error; 2050 } 2051 data->m = m; 2052 paddr = data->map->dm_segs[0].ds_addr; 2053 } else { 2054 cmd = &ring->cmd[ring->cur]; 2055 paddr = data->cmd_paddr; 2056 } 2057 2058 cmd->code = code; 2059 cmd->flags = 0; 2060 cmd->qid = ring->qid; 2061 cmd->idx = ring->cur; 2062 memcpy(cmd->data, buf, size); 2063 2064 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2065 desc->segs[0].addr = htole32(paddr); 2066 desc->segs[0].len = htole32(totlen); 2067 2068 if (size > sizeof cmd->data) { 2069 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2070 BUS_DMASYNC_PREWRITE); 2071 } else { 2072 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2073 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2074 BUS_DMASYNC_PREWRITE); 2075 } 2076 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2077 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2078 BUS_DMASYNC_PREWRITE); 2079 2080 /* Kick command ring. */ 2081 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2082 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2083 2084 return async ? 0 : tsleep_nsec(cmd, PCATCH, "wpicmd", SEC_TO_NSEC(1)); 2085 } 2086 2087 /* 2088 * Configure HW multi-rate retries. 2089 */ 2090 int 2091 wpi_mrr_setup(struct wpi_softc *sc) 2092 { 2093 struct ieee80211com *ic = &sc->sc_ic; 2094 struct wpi_mrr_setup mrr; 2095 int i, error; 2096 2097 /* CCK rates (not used with 802.11a). */ 2098 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2099 mrr.rates[i].flags = 0; 2100 mrr.rates[i].plcp = wpi_rates[i].plcp; 2101 /* Fallback to the immediate lower CCK rate (if any.) */ 2102 mrr.rates[i].next = 2103 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2104 /* Try one time at this rate before falling back to "next". */ 2105 mrr.rates[i].ntries = 1; 2106 } 2107 /* OFDM rates (not used with 802.11b). */ 2108 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2109 mrr.rates[i].flags = 0; 2110 mrr.rates[i].plcp = wpi_rates[i].plcp; 2111 /* Fallback to the immediate lower rate (if any.) */ 2112 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2113 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2114 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2115 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2116 i - 1; 2117 /* Try one time at this rate before falling back to "next". */ 2118 mrr.rates[i].ntries = 1; 2119 } 2120 /* Setup MRR for control frames. */ 2121 mrr.which = htole32(WPI_MRR_CTL); 2122 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2123 if (error != 0) { 2124 printf("%s: could not setup MRR for control frames\n", 2125 sc->sc_dev.dv_xname); 2126 return error; 2127 } 2128 /* Setup MRR for data frames. */ 2129 mrr.which = htole32(WPI_MRR_DATA); 2130 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2131 if (error != 0) { 2132 printf("%s: could not setup MRR for data frames\n", 2133 sc->sc_dev.dv_xname); 2134 return error; 2135 } 2136 return 0; 2137 } 2138 2139 void 2140 wpi_updateedca(struct ieee80211com *ic) 2141 { 2142 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2143 struct wpi_softc *sc = ic->ic_softc; 2144 struct wpi_edca_params cmd; 2145 int aci; 2146 2147 memset(&cmd, 0, sizeof cmd); 2148 cmd.flags = htole32(WPI_EDCA_UPDATE); 2149 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2150 const struct ieee80211_edca_ac_params *ac = 2151 &ic->ic_edca_ac[aci]; 2152 cmd.ac[aci].aifsn = ac->ac_aifsn; 2153 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2154 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2155 cmd.ac[aci].txoplimit = 2156 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2157 } 2158 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2159 #undef WPI_EXP2 2160 } 2161 2162 void 2163 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2164 { 2165 struct wpi_cmd_led led; 2166 2167 led.which = which; 2168 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2169 led.off = off; 2170 led.on = on; 2171 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2172 } 2173 2174 int 2175 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2176 { 2177 struct wpi_cmd_timing cmd; 2178 uint64_t val, mod; 2179 2180 memset(&cmd, 0, sizeof cmd); 2181 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2182 cmd.bintval = htole16(ni->ni_intval); 2183 cmd.lintval = htole16(10); 2184 2185 /* Compute remaining time until next beacon. */ 2186 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2187 mod = letoh64(cmd.tstamp) % val; 2188 cmd.binitval = htole32((uint32_t)(val - mod)); 2189 2190 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2191 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2192 2193 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2194 } 2195 2196 /* 2197 * This function is called periodically (every minute) to adjust TX power 2198 * based on temperature variation. 2199 */ 2200 void 2201 wpi_power_calibration(struct wpi_softc *sc) 2202 { 2203 int temp; 2204 2205 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 2206 /* Sanity-check temperature. */ 2207 if (temp < -260 || temp > 25) { 2208 /* This can't be correct, ignore. */ 2209 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2210 return; 2211 } 2212 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2213 /* Adjust TX power if need be (delta > 6). */ 2214 if (abs(temp - sc->temp) > 6) { 2215 /* Record temperature of last calibration. */ 2216 sc->temp = temp; 2217 (void)wpi_set_txpower(sc, 1); 2218 } 2219 } 2220 2221 /* 2222 * Set TX power for current channel (each rate has its own power settings). 2223 */ 2224 int 2225 wpi_set_txpower(struct wpi_softc *sc, int async) 2226 { 2227 struct ieee80211com *ic = &sc->sc_ic; 2228 struct ieee80211_channel *ch; 2229 struct wpi_power_group *group; 2230 struct wpi_cmd_txpower cmd; 2231 u_int chan; 2232 int idx, i; 2233 2234 /* Retrieve current channel from last RXON. */ 2235 chan = sc->rxon.chan; 2236 DPRINTF(("setting TX power for channel %d\n", chan)); 2237 ch = &ic->ic_channels[chan]; 2238 2239 /* Find the TX power group to which this channel belongs. */ 2240 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2241 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2242 if (chan <= group->chan) 2243 break; 2244 } else 2245 group = &sc->groups[0]; 2246 2247 memset(&cmd, 0, sizeof cmd); 2248 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2249 cmd.chan = htole16(chan); 2250 2251 /* Set TX power for all OFDM and CCK rates. */ 2252 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2253 /* Retrieve TX power for this channel/rate. */ 2254 idx = wpi_get_power_index(sc, group, ch, i); 2255 2256 cmd.rates[i].plcp = wpi_rates[i].plcp; 2257 2258 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2259 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2260 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2261 } else { 2262 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2263 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2264 } 2265 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2266 wpi_rates[i].rate, idx)); 2267 } 2268 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2269 } 2270 2271 /* 2272 * Determine TX power index for a given channel/rate combination. 2273 * This takes into account the regulatory information from EEPROM and the 2274 * current temperature. 2275 */ 2276 int 2277 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2278 struct ieee80211_channel *c, int ridx) 2279 { 2280 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2281 #define fdivround(a, b, n) \ 2282 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2283 2284 /* Linear interpolation. */ 2285 #define interpolate(x, x1, y1, x2, y2, n) \ 2286 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2287 2288 struct ieee80211com *ic = &sc->sc_ic; 2289 struct wpi_power_sample *sample; 2290 int pwr, idx; 2291 u_int chan; 2292 2293 /* Get channel number. */ 2294 chan = ieee80211_chan2ieee(ic, c); 2295 2296 /* Default TX power is group maximum TX power minus 3dB. */ 2297 pwr = group->maxpwr / 2; 2298 2299 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2300 switch (ridx) { 2301 case WPI_RIDX_OFDM36: 2302 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2303 break; 2304 case WPI_RIDX_OFDM48: 2305 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2306 break; 2307 case WPI_RIDX_OFDM54: 2308 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2309 break; 2310 } 2311 2312 /* Never exceed the channel maximum allowed TX power. */ 2313 pwr = MIN(pwr, sc->maxpwr[chan]); 2314 2315 /* Retrieve TX power index into gain tables from samples. */ 2316 for (sample = group->samples; sample < &group->samples[3]; sample++) 2317 if (pwr > sample[1].power) 2318 break; 2319 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2320 idx = interpolate(pwr, sample[0].power, sample[0].index, 2321 sample[1].power, sample[1].index, 19); 2322 2323 /*- 2324 * Adjust power index based on current temperature: 2325 * - if cooler than factory-calibrated: decrease output power 2326 * - if warmer than factory-calibrated: increase output power 2327 */ 2328 idx -= (sc->temp - group->temp) * 11 / 100; 2329 2330 /* Decrease TX power for CCK rates (-5dB). */ 2331 if (ridx >= WPI_RIDX_CCK1) 2332 idx += 10; 2333 2334 /* Make sure idx stays in a valid range. */ 2335 if (idx < 0) 2336 idx = 0; 2337 else if (idx > WPI_MAX_PWR_INDEX) 2338 idx = WPI_MAX_PWR_INDEX; 2339 return idx; 2340 2341 #undef interpolate 2342 #undef fdivround 2343 } 2344 2345 /* 2346 * Set STA mode power saving level (between 0 and 5). 2347 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2348 */ 2349 int 2350 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2351 { 2352 struct wpi_pmgt_cmd cmd; 2353 const struct wpi_pmgt *pmgt; 2354 uint32_t max, skip_dtim; 2355 pcireg_t reg; 2356 int i; 2357 2358 /* Select which PS parameters to use. */ 2359 if (dtim <= 10) 2360 pmgt = &wpi_pmgt[0][level]; 2361 else 2362 pmgt = &wpi_pmgt[1][level]; 2363 2364 memset(&cmd, 0, sizeof cmd); 2365 if (level != 0) /* not CAM */ 2366 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2367 /* Retrieve PCIe Active State Power Management (ASPM). */ 2368 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2369 sc->sc_cap_off + PCI_PCIE_LCSR); 2370 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2371 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2372 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2373 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2374 2375 if (dtim == 0) { 2376 dtim = 1; 2377 skip_dtim = 0; 2378 } else 2379 skip_dtim = pmgt->skip_dtim; 2380 if (skip_dtim != 0) { 2381 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2382 max = pmgt->intval[4]; 2383 if (max == (uint32_t)-1) 2384 max = dtim * (skip_dtim + 1); 2385 else if (max > dtim) 2386 max = (max / dtim) * dtim; 2387 } else 2388 max = dtim; 2389 for (i = 0; i < 5; i++) 2390 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2391 2392 DPRINTF(("setting power saving level to %d\n", level)); 2393 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2394 } 2395 2396 int 2397 wpi_config(struct wpi_softc *sc) 2398 { 2399 struct ieee80211com *ic = &sc->sc_ic; 2400 struct ifnet *ifp = &ic->ic_if; 2401 struct wpi_bluetooth bluetooth; 2402 struct wpi_node_info node; 2403 int error; 2404 2405 /* Set power saving level to CAM during initialization. */ 2406 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2407 printf("%s: could not set power saving level\n", 2408 sc->sc_dev.dv_xname); 2409 return error; 2410 } 2411 2412 /* Configure bluetooth coexistence. */ 2413 memset(&bluetooth, 0, sizeof bluetooth); 2414 bluetooth.flags = WPI_BT_COEX_MODE_4WIRE; 2415 bluetooth.lead_time = WPI_BT_LEAD_TIME_DEF; 2416 bluetooth.max_kill = WPI_BT_MAX_KILL_DEF; 2417 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2418 if (error != 0) { 2419 printf("%s: could not configure bluetooth coexistence\n", 2420 sc->sc_dev.dv_xname); 2421 return error; 2422 } 2423 2424 /* Configure adapter. */ 2425 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2426 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2427 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2428 /* Set default channel. */ 2429 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2430 sc->rxon.flags = htole32(WPI_RXON_TSF); 2431 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2432 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2433 switch (ic->ic_opmode) { 2434 case IEEE80211_M_STA: 2435 sc->rxon.mode = WPI_MODE_STA; 2436 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2437 break; 2438 case IEEE80211_M_MONITOR: 2439 sc->rxon.mode = WPI_MODE_MONITOR; 2440 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2441 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2442 break; 2443 default: 2444 /* Should not get there. */ 2445 break; 2446 } 2447 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2448 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2449 DPRINTF(("setting configuration\n")); 2450 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2451 0); 2452 if (error != 0) { 2453 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2454 return error; 2455 } 2456 2457 /* Configuration has changed, set TX power accordingly. */ 2458 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2459 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2460 return error; 2461 } 2462 2463 /* Add broadcast node. */ 2464 memset(&node, 0, sizeof node); 2465 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2466 node.id = WPI_ID_BROADCAST; 2467 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2468 node.action = htole32(WPI_ACTION_SET_RATE); 2469 node.antenna = WPI_ANTENNA_BOTH; 2470 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2471 if (error != 0) { 2472 printf("%s: could not add broadcast node\n", 2473 sc->sc_dev.dv_xname); 2474 return error; 2475 } 2476 2477 if ((error = wpi_mrr_setup(sc)) != 0) { 2478 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2479 return error; 2480 } 2481 return 0; 2482 } 2483 2484 int 2485 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2486 { 2487 struct ieee80211com *ic = &sc->sc_ic; 2488 struct wpi_scan_hdr *hdr; 2489 struct wpi_cmd_data *tx; 2490 struct wpi_scan_essid *essid; 2491 struct wpi_scan_chan *chan; 2492 struct ieee80211_frame *wh; 2493 struct ieee80211_rateset *rs; 2494 struct ieee80211_channel *c; 2495 uint8_t *buf, *frm; 2496 int buflen, error; 2497 2498 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2499 if (buf == NULL) { 2500 printf("%s: could not allocate buffer for scan command\n", 2501 sc->sc_dev.dv_xname); 2502 return ENOMEM; 2503 } 2504 hdr = (struct wpi_scan_hdr *)buf; 2505 /* 2506 * Move to the next channel if no frames are received within 10ms 2507 * after sending the probe request. 2508 */ 2509 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2510 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2511 2512 tx = (struct wpi_cmd_data *)(hdr + 1); 2513 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2514 tx->id = WPI_ID_BROADCAST; 2515 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2516 2517 if (flags & IEEE80211_CHAN_5GHZ) { 2518 hdr->crc_threshold = htole16(1); 2519 /* Send probe requests at 6Mbps. */ 2520 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2521 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2522 } else { 2523 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2524 /* Send probe requests at 1Mbps. */ 2525 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2526 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2527 } 2528 2529 essid = (struct wpi_scan_essid *)(tx + 1); 2530 if (ic->ic_des_esslen != 0) { 2531 essid[0].id = IEEE80211_ELEMID_SSID; 2532 essid[0].len = ic->ic_des_esslen; 2533 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2534 } 2535 /* 2536 * Build a probe request frame. Most of the following code is a 2537 * copy & paste of what is done in net80211. 2538 */ 2539 wh = (struct ieee80211_frame *)(essid + 4); 2540 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2541 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2542 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2543 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2544 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2545 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2546 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2547 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2548 2549 frm = (uint8_t *)(wh + 1); 2550 frm = ieee80211_add_ssid(frm, NULL, 0); 2551 frm = ieee80211_add_rates(frm, rs); 2552 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2553 frm = ieee80211_add_xrates(frm, rs); 2554 2555 /* Set length of probe request. */ 2556 tx->len = htole16(frm - (uint8_t *)wh); 2557 2558 chan = (struct wpi_scan_chan *)frm; 2559 for (c = &ic->ic_channels[1]; 2560 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2561 if ((c->ic_flags & flags) != flags) 2562 continue; 2563 2564 chan->chan = ieee80211_chan2ieee(ic, c); 2565 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2566 chan->flags = 0; 2567 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2568 chan->flags |= WPI_CHAN_ACTIVE; 2569 if (ic->ic_des_esslen != 0) 2570 chan->flags |= WPI_CHAN_NPBREQS(1); 2571 chan->dsp_gain = 0x6e; 2572 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2573 chan->rf_gain = 0x3b; 2574 chan->active = htole16(24); 2575 chan->passive = htole16(110); 2576 } else { 2577 chan->rf_gain = 0x28; 2578 chan->active = htole16(36); 2579 chan->passive = htole16(120); 2580 } 2581 hdr->nchan++; 2582 chan++; 2583 } 2584 2585 buflen = (uint8_t *)chan - buf; 2586 hdr->len = htole16(buflen); 2587 2588 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2589 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2590 free(buf, M_DEVBUF, WPI_SCAN_MAXSZ); 2591 return error; 2592 } 2593 2594 int 2595 wpi_auth(struct wpi_softc *sc) 2596 { 2597 struct ieee80211com *ic = &sc->sc_ic; 2598 struct ieee80211_node *ni = ic->ic_bss; 2599 struct wpi_node_info node; 2600 int error; 2601 2602 /* Update adapter configuration. */ 2603 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2604 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2605 sc->rxon.flags = htole32(WPI_RXON_TSF); 2606 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2607 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2608 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2609 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2610 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2611 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2612 switch (ic->ic_curmode) { 2613 case IEEE80211_MODE_11A: 2614 sc->rxon.cck_mask = 0; 2615 sc->rxon.ofdm_mask = 0x15; 2616 break; 2617 case IEEE80211_MODE_11B: 2618 sc->rxon.cck_mask = 0x03; 2619 sc->rxon.ofdm_mask = 0; 2620 break; 2621 default: /* Assume 802.11b/g. */ 2622 sc->rxon.cck_mask = 0x0f; 2623 sc->rxon.ofdm_mask = 0x15; 2624 } 2625 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2626 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2627 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2628 1); 2629 if (error != 0) { 2630 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2631 return error; 2632 } 2633 2634 /* Configuration has changed, set TX power accordingly. */ 2635 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2636 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2637 return error; 2638 } 2639 /* 2640 * Reconfiguring RXON clears the firmware nodes table so we must 2641 * add the broadcast node again. 2642 */ 2643 memset(&node, 0, sizeof node); 2644 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2645 node.id = WPI_ID_BROADCAST; 2646 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2647 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2648 node.action = htole32(WPI_ACTION_SET_RATE); 2649 node.antenna = WPI_ANTENNA_BOTH; 2650 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2651 if (error != 0) { 2652 printf("%s: could not add broadcast node\n", 2653 sc->sc_dev.dv_xname); 2654 return error; 2655 } 2656 return 0; 2657 } 2658 2659 int 2660 wpi_run(struct wpi_softc *sc) 2661 { 2662 struct ieee80211com *ic = &sc->sc_ic; 2663 struct ieee80211_node *ni = ic->ic_bss; 2664 struct wpi_node_info node; 2665 int error; 2666 2667 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2668 /* Link LED blinks while monitoring. */ 2669 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2670 return 0; 2671 } 2672 if ((error = wpi_set_timing(sc, ni)) != 0) { 2673 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2674 return error; 2675 } 2676 2677 /* Update adapter configuration. */ 2678 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2679 /* Short preamble and slot time are negotiated when associating. */ 2680 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2681 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2682 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2683 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2684 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2685 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2686 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2687 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2688 1); 2689 if (error != 0) { 2690 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2691 return error; 2692 } 2693 2694 /* Configuration has changed, set TX power accordingly. */ 2695 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2696 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2697 return error; 2698 } 2699 2700 /* Fake a join to init the TX rate. */ 2701 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2702 wpi_newassoc(ic, ni, 1); 2703 2704 /* Add BSS node. */ 2705 memset(&node, 0, sizeof node); 2706 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2707 node.id = WPI_ID_BSS; 2708 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2709 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2710 node.action = htole32(WPI_ACTION_SET_RATE); 2711 node.antenna = WPI_ANTENNA_BOTH; 2712 DPRINTF(("adding BSS node\n")); 2713 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2714 if (error != 0) { 2715 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2716 return error; 2717 } 2718 2719 /* Start periodic calibration timer. */ 2720 sc->calib_cnt = 0; 2721 timeout_add_msec(&sc->calib_to, 500); 2722 2723 /* Link LED always on while associated. */ 2724 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2725 2726 /* Enable power-saving mode if requested by user. */ 2727 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2728 (void)wpi_set_pslevel(sc, 0, 3, 1); 2729 2730 return 0; 2731 } 2732 2733 /* 2734 * We support CCMP hardware encryption/decryption of unicast frames only. 2735 * HW support for TKIP really sucks. We should let TKIP die anyway. 2736 */ 2737 int 2738 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2739 struct ieee80211_key *k) 2740 { 2741 struct wpi_softc *sc = ic->ic_softc; 2742 struct wpi_node *wn = (void *)ni; 2743 struct wpi_node_info node; 2744 uint16_t kflags; 2745 2746 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2747 k->k_cipher != IEEE80211_CIPHER_CCMP) 2748 return ieee80211_set_key(ic, ni, k); 2749 2750 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2751 memset(&node, 0, sizeof node); 2752 node.id = wn->id; 2753 node.control = WPI_NODE_UPDATE; 2754 node.flags = WPI_FLAG_SET_KEY; 2755 node.kflags = htole16(kflags); 2756 memcpy(node.key, k->k_key, k->k_len); 2757 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2758 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2759 } 2760 2761 void 2762 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2763 struct ieee80211_key *k) 2764 { 2765 struct wpi_softc *sc = ic->ic_softc; 2766 struct wpi_node *wn = (void *)ni; 2767 struct wpi_node_info node; 2768 2769 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2770 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2771 /* See comment about other ciphers above. */ 2772 ieee80211_delete_key(ic, ni, k); 2773 return; 2774 } 2775 if (ic->ic_state != IEEE80211_S_RUN) 2776 return; /* Nothing to do. */ 2777 memset(&node, 0, sizeof node); 2778 node.id = wn->id; 2779 node.control = WPI_NODE_UPDATE; 2780 node.flags = WPI_FLAG_SET_KEY; 2781 node.kflags = 0; 2782 DPRINTF(("delete keys for node %d\n", node.id)); 2783 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2784 } 2785 2786 int 2787 wpi_post_alive(struct wpi_softc *sc) 2788 { 2789 int ntries, error; 2790 2791 /* Check (again) that the radio is not disabled. */ 2792 if ((error = wpi_nic_lock(sc)) != 0) 2793 return error; 2794 /* NB: Runtime firmware must be up and running. */ 2795 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2796 printf("%s: radio is disabled by hardware switch\n", 2797 sc->sc_dev.dv_xname); 2798 wpi_nic_unlock(sc); 2799 return EPERM; /* :-) */ 2800 } 2801 wpi_nic_unlock(sc); 2802 2803 /* Wait for thermal sensor to calibrate. */ 2804 for (ntries = 0; ntries < 1000; ntries++) { 2805 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2806 break; 2807 DELAY(10); 2808 } 2809 if (ntries == 1000) { 2810 printf("%s: timeout waiting for thermal sensor calibration\n", 2811 sc->sc_dev.dv_xname); 2812 return ETIMEDOUT; 2813 } 2814 DPRINTF(("temperature %d\n", sc->temp)); 2815 return 0; 2816 } 2817 2818 /* 2819 * The firmware boot code is small and is intended to be copied directly into 2820 * the NIC internal memory (no DMA transfer.) 2821 */ 2822 int 2823 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2824 { 2825 int error, ntries; 2826 2827 size /= sizeof (uint32_t); 2828 2829 if ((error = wpi_nic_lock(sc)) != 0) 2830 return error; 2831 2832 /* Copy microcode image into NIC memory. */ 2833 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2834 (const uint32_t *)ucode, size); 2835 2836 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2837 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2838 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2839 2840 /* Start boot load now. */ 2841 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2842 2843 /* Wait for transfer to complete. */ 2844 for (ntries = 0; ntries < 1000; ntries++) { 2845 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2846 WPI_BSM_WR_CTRL_START)) 2847 break; 2848 DELAY(10); 2849 } 2850 if (ntries == 1000) { 2851 printf("%s: could not load boot firmware\n", 2852 sc->sc_dev.dv_xname); 2853 wpi_nic_unlock(sc); 2854 return ETIMEDOUT; 2855 } 2856 2857 /* Enable boot after power up. */ 2858 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2859 2860 wpi_nic_unlock(sc); 2861 return 0; 2862 } 2863 2864 int 2865 wpi_load_firmware(struct wpi_softc *sc) 2866 { 2867 struct wpi_fw_info *fw = &sc->fw; 2868 struct wpi_dma_info *dma = &sc->fw_dma; 2869 int error; 2870 2871 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2872 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2873 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2874 BUS_DMASYNC_PREWRITE); 2875 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2876 fw->init.text, fw->init.textsz); 2877 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2878 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2879 2880 /* Tell adapter where to find initialization sections. */ 2881 if ((error = wpi_nic_lock(sc)) != 0) 2882 return error; 2883 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2884 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2885 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2886 dma->paddr + WPI_FW_DATA_MAXSZ); 2887 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2888 wpi_nic_unlock(sc); 2889 2890 /* Load firmware boot code. */ 2891 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2892 if (error != 0) { 2893 printf("%s: could not load boot firmware\n", 2894 sc->sc_dev.dv_xname); 2895 return error; 2896 } 2897 /* Now press "execute". */ 2898 WPI_WRITE(sc, WPI_RESET, 0); 2899 2900 /* Wait at most one second for first alive notification. */ 2901 if ((error = tsleep_nsec(sc, PCATCH, "wpiinit", SEC_TO_NSEC(1))) != 0) { 2902 printf("%s: timeout waiting for adapter to initialize\n", 2903 sc->sc_dev.dv_xname); 2904 return error; 2905 } 2906 2907 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2908 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2909 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2910 BUS_DMASYNC_PREWRITE); 2911 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2912 fw->main.text, fw->main.textsz); 2913 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2914 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2915 2916 /* Tell adapter where to find runtime sections. */ 2917 if ((error = wpi_nic_lock(sc)) != 0) 2918 return error; 2919 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2920 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2921 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2922 dma->paddr + WPI_FW_DATA_MAXSZ); 2923 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2924 WPI_FW_UPDATED | fw->main.textsz); 2925 wpi_nic_unlock(sc); 2926 2927 return 0; 2928 } 2929 2930 int 2931 wpi_read_firmware(struct wpi_softc *sc) 2932 { 2933 struct wpi_fw_info *fw = &sc->fw; 2934 const struct wpi_firmware_hdr *hdr; 2935 int error; 2936 2937 /* Read firmware image from filesystem. */ 2938 if ((error = loadfirmware("wpi-3945abg", &fw->data, &fw->datalen)) != 0) { 2939 printf("%s: error, %d, could not read firmware %s\n", 2940 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 2941 return error; 2942 } 2943 if (fw->datalen < sizeof (*hdr)) { 2944 printf("%s: truncated firmware header: %zu bytes\n", 2945 sc->sc_dev.dv_xname, fw->datalen); 2946 free(fw->data, M_DEVBUF, fw->datalen); 2947 return EINVAL; 2948 } 2949 /* Extract firmware header information. */ 2950 hdr = (struct wpi_firmware_hdr *)fw->data; 2951 fw->main.textsz = letoh32(hdr->main_textsz); 2952 fw->main.datasz = letoh32(hdr->main_datasz); 2953 fw->init.textsz = letoh32(hdr->init_textsz); 2954 fw->init.datasz = letoh32(hdr->init_datasz); 2955 fw->boot.textsz = letoh32(hdr->boot_textsz); 2956 fw->boot.datasz = 0; 2957 2958 /* Sanity-check firmware header. */ 2959 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 2960 fw->main.datasz > WPI_FW_DATA_MAXSZ || 2961 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 2962 fw->init.datasz > WPI_FW_DATA_MAXSZ || 2963 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 2964 (fw->boot.textsz & 3) != 0) { 2965 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 2966 free(fw->data, M_DEVBUF, fw->datalen); 2967 return EINVAL; 2968 } 2969 2970 /* Check that all firmware sections fit. */ 2971 if (fw->datalen < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 2972 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 2973 printf("%s: firmware file too short: %zu bytes\n", 2974 sc->sc_dev.dv_xname, fw->datalen); 2975 free(fw->data, M_DEVBUF, fw->datalen); 2976 return EINVAL; 2977 } 2978 2979 /* Get pointers to firmware sections. */ 2980 fw->main.text = (const uint8_t *)(hdr + 1); 2981 fw->main.data = fw->main.text + fw->main.textsz; 2982 fw->init.text = fw->main.data + fw->main.datasz; 2983 fw->init.data = fw->init.text + fw->init.textsz; 2984 fw->boot.text = fw->init.data + fw->init.datasz; 2985 2986 return 0; 2987 } 2988 2989 int 2990 wpi_clock_wait(struct wpi_softc *sc) 2991 { 2992 int ntries; 2993 2994 /* Set "initialization complete" bit. */ 2995 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 2996 2997 /* Wait for clock stabilization. */ 2998 for (ntries = 0; ntries < 25000; ntries++) { 2999 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3000 return 0; 3001 DELAY(100); 3002 } 3003 printf("%s: timeout waiting for clock stabilization\n", 3004 sc->sc_dev.dv_xname); 3005 return ETIMEDOUT; 3006 } 3007 3008 int 3009 wpi_apm_init(struct wpi_softc *sc) 3010 { 3011 int error; 3012 3013 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3014 /* Disable L0s. */ 3015 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3016 3017 if ((error = wpi_clock_wait(sc)) != 0) 3018 return error; 3019 3020 if ((error = wpi_nic_lock(sc)) != 0) 3021 return error; 3022 /* Enable DMA. */ 3023 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3024 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3025 DELAY(20); 3026 /* Disable L1. */ 3027 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3028 wpi_nic_unlock(sc); 3029 3030 return 0; 3031 } 3032 3033 void 3034 wpi_apm_stop_master(struct wpi_softc *sc) 3035 { 3036 int ntries; 3037 3038 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3039 3040 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3041 WPI_GP_CNTRL_MAC_PS) 3042 return; /* Already asleep. */ 3043 3044 for (ntries = 0; ntries < 100; ntries++) { 3045 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3046 return; 3047 DELAY(10); 3048 } 3049 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3050 } 3051 3052 void 3053 wpi_apm_stop(struct wpi_softc *sc) 3054 { 3055 wpi_apm_stop_master(sc); 3056 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3057 } 3058 3059 void 3060 wpi_nic_config(struct wpi_softc *sc) 3061 { 3062 pcireg_t reg; 3063 uint8_t rev; 3064 3065 /* Voodoo from the reference driver. */ 3066 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3067 rev = PCI_REVISION(reg); 3068 if ((rev & 0xc0) == 0x40) 3069 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3070 else if (!(rev & 0x80)) 3071 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3072 3073 if (sc->cap == 0x80) 3074 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3075 3076 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3077 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3078 else 3079 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3080 3081 if (sc->type > 1) 3082 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3083 } 3084 3085 int 3086 wpi_hw_init(struct wpi_softc *sc) 3087 { 3088 int chnl, ntries, error; 3089 3090 /* Clear pending interrupts. */ 3091 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3092 3093 if ((error = wpi_apm_init(sc)) != 0) { 3094 printf("%s: could not power ON adapter\n", 3095 sc->sc_dev.dv_xname); 3096 return error; 3097 } 3098 3099 /* Select VMAIN power source. */ 3100 if ((error = wpi_nic_lock(sc)) != 0) 3101 return error; 3102 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3103 wpi_nic_unlock(sc); 3104 /* Spin until VMAIN gets selected. */ 3105 for (ntries = 0; ntries < 5000; ntries++) { 3106 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3107 break; 3108 DELAY(10); 3109 } 3110 if (ntries == 5000) { 3111 printf("%s: timeout selecting power source\n", 3112 sc->sc_dev.dv_xname); 3113 return ETIMEDOUT; 3114 } 3115 3116 /* Perform adapter initialization. */ 3117 (void)wpi_nic_config(sc); 3118 3119 /* Initialize RX ring. */ 3120 if ((error = wpi_nic_lock(sc)) != 0) 3121 return error; 3122 /* Set physical address of RX ring. */ 3123 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3124 /* Set physical address of RX read pointer. */ 3125 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3126 offsetof(struct wpi_shared, next)); 3127 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3128 /* Enable RX. */ 3129 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3130 WPI_FH_RX_CONFIG_DMA_ENA | 3131 WPI_FH_RX_CONFIG_RDRBD_ENA | 3132 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3133 WPI_FH_RX_CONFIG_MAXFRAG | 3134 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3135 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3136 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3137 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3138 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3139 wpi_nic_unlock(sc); 3140 3141 /* Initialize TX rings. */ 3142 if ((error = wpi_nic_lock(sc)) != 0) 3143 return error; 3144 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3145 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3146 /* Enable all 6 TX rings. */ 3147 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3148 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3149 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3150 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3151 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3152 /* Set physical address of TX rings. */ 3153 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3154 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3155 3156 /* Enable all DMA channels. */ 3157 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3158 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 3159 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 3160 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 3161 } 3162 wpi_nic_unlock(sc); 3163 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3164 3165 /* Clear "radio off" and "commands blocked" bits. */ 3166 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3167 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3168 3169 /* Clear pending interrupts. */ 3170 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3171 /* Enable interrupts. */ 3172 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3173 3174 /* _Really_ make sure "radio off" bit is cleared! */ 3175 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3176 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3177 3178 if ((error = wpi_load_firmware(sc)) != 0) { 3179 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3180 return error; 3181 } 3182 /* Wait at most one second for firmware alive notification. */ 3183 if ((error = tsleep_nsec(sc, PCATCH, "wpiinit", SEC_TO_NSEC(1))) != 0) { 3184 printf("%s: timeout waiting for adapter to initialize\n", 3185 sc->sc_dev.dv_xname); 3186 return error; 3187 } 3188 /* Do post-firmware initialization. */ 3189 return wpi_post_alive(sc); 3190 } 3191 3192 void 3193 wpi_hw_stop(struct wpi_softc *sc) 3194 { 3195 int chnl, qid, ntries; 3196 uint32_t tmp; 3197 3198 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3199 3200 /* Disable interrupts. */ 3201 WPI_WRITE(sc, WPI_MASK, 0); 3202 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3203 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3204 3205 /* Make sure we no longer hold the NIC lock. */ 3206 wpi_nic_unlock(sc); 3207 3208 if (wpi_nic_lock(sc) == 0) { 3209 /* Stop TX scheduler. */ 3210 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3211 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 3212 3213 /* Stop all DMA channels. */ 3214 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3215 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 3216 for (ntries = 0; ntries < 100; ntries++) { 3217 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 3218 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) == 3219 WPI_FH_TX_STATUS_IDLE(chnl)) 3220 break; 3221 DELAY(10); 3222 } 3223 } 3224 wpi_nic_unlock(sc); 3225 } 3226 3227 /* Stop RX ring. */ 3228 wpi_reset_rx_ring(sc, &sc->rxq); 3229 3230 /* Reset all TX rings. */ 3231 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3232 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3233 3234 if (wpi_nic_lock(sc) == 0) { 3235 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3236 wpi_nic_unlock(sc); 3237 } 3238 DELAY(5); 3239 /* Power OFF adapter. */ 3240 wpi_apm_stop(sc); 3241 } 3242 3243 int 3244 wpi_init(struct ifnet *ifp) 3245 { 3246 struct wpi_softc *sc = ifp->if_softc; 3247 struct ieee80211com *ic = &sc->sc_ic; 3248 int error; 3249 3250 #ifdef notyet 3251 /* Check that the radio is not disabled by hardware switch. */ 3252 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3253 printf("%s: radio is disabled by hardware switch\n", 3254 sc->sc_dev.dv_xname); 3255 error = EPERM; /* :-) */ 3256 goto fail; 3257 } 3258 #endif 3259 /* Read firmware images from the filesystem. */ 3260 if ((error = wpi_read_firmware(sc)) != 0) { 3261 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3262 goto fail; 3263 } 3264 3265 /* Initialize hardware and upload firmware. */ 3266 error = wpi_hw_init(sc); 3267 free(sc->fw.data, M_DEVBUF, sc->fw.datalen); 3268 if (error != 0) { 3269 printf("%s: could not initialize hardware\n", 3270 sc->sc_dev.dv_xname); 3271 goto fail; 3272 } 3273 3274 /* Configure adapter now that it is ready. */ 3275 if ((error = wpi_config(sc)) != 0) { 3276 printf("%s: could not configure device\n", 3277 sc->sc_dev.dv_xname); 3278 goto fail; 3279 } 3280 3281 ifq_clr_oactive(&ifp->if_snd); 3282 ifp->if_flags |= IFF_RUNNING; 3283 3284 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3285 ieee80211_begin_scan(ifp); 3286 else 3287 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3288 3289 return 0; 3290 3291 fail: wpi_stop(ifp, 1); 3292 return error; 3293 } 3294 3295 void 3296 wpi_stop(struct ifnet *ifp, int disable) 3297 { 3298 struct wpi_softc *sc = ifp->if_softc; 3299 struct ieee80211com *ic = &sc->sc_ic; 3300 3301 ifp->if_timer = sc->sc_tx_timer = 0; 3302 ifp->if_flags &= ~IFF_RUNNING; 3303 ifq_clr_oactive(&ifp->if_snd); 3304 3305 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3306 3307 /* Power OFF hardware. */ 3308 wpi_hw_stop(sc); 3309 } 3310