1 /* $OpenBSD: if_wpi.c,v 1.138 2017/01/22 10:17:38 dlg Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/kernel.h> 30 #include <sys/rwlock.h> 31 #include <sys/socket.h> 32 #include <sys/systm.h> 33 #include <sys/malloc.h> 34 #include <sys/conf.h> 35 #include <sys/device.h> 36 #include <sys/task.h> 37 #include <sys/endian.h> 38 39 #include <machine/bus.h> 40 #include <machine/intr.h> 41 42 #include <dev/pci/pcireg.h> 43 #include <dev/pci/pcivar.h> 44 #include <dev/pci/pcidevs.h> 45 46 #if NBPFILTER > 0 47 #include <net/bpf.h> 48 #endif 49 #include <net/if.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 53 #include <netinet/in.h> 54 #include <netinet/if_ether.h> 55 56 #include <net80211/ieee80211_var.h> 57 #include <net80211/ieee80211_amrr.h> 58 #include <net80211/ieee80211_radiotap.h> 59 60 #include <dev/pci/if_wpireg.h> 61 #include <dev/pci/if_wpivar.h> 62 63 static const struct pci_matchid wpi_devices[] = { 64 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 65 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 66 }; 67 68 int wpi_match(struct device *, void *, void *); 69 void wpi_attach(struct device *, struct device *, void *); 70 #if NBPFILTER > 0 71 void wpi_radiotap_attach(struct wpi_softc *); 72 #endif 73 int wpi_detach(struct device *, int); 74 int wpi_activate(struct device *, int); 75 void wpi_wakeup(struct wpi_softc *); 76 void wpi_init_task(void *); 77 int wpi_nic_lock(struct wpi_softc *); 78 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 79 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 80 void **, bus_size_t, bus_size_t); 81 void wpi_dma_contig_free(struct wpi_dma_info *); 82 int wpi_alloc_shared(struct wpi_softc *); 83 void wpi_free_shared(struct wpi_softc *); 84 int wpi_alloc_fwmem(struct wpi_softc *); 85 void wpi_free_fwmem(struct wpi_softc *); 86 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 87 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 88 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 89 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 90 int); 91 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 92 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 93 int wpi_read_eeprom(struct wpi_softc *); 94 void wpi_read_eeprom_channels(struct wpi_softc *, int); 95 void wpi_read_eeprom_group(struct wpi_softc *, int); 96 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 97 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 98 int); 99 int wpi_media_change(struct ifnet *); 100 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 101 void wpi_iter_func(void *, struct ieee80211_node *); 102 void wpi_calib_timeout(void *); 103 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 104 struct ieee80211_key *); 105 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 106 struct wpi_rx_data *); 107 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 108 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 109 void wpi_notif_intr(struct wpi_softc *); 110 void wpi_fatal_intr(struct wpi_softc *); 111 int wpi_intr(void *); 112 int wpi_tx(struct wpi_softc *, struct mbuf *, 113 struct ieee80211_node *); 114 void wpi_start(struct ifnet *); 115 void wpi_watchdog(struct ifnet *); 116 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 117 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 118 int wpi_mrr_setup(struct wpi_softc *); 119 void wpi_updateedca(struct ieee80211com *); 120 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 121 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 122 void wpi_power_calibration(struct wpi_softc *); 123 int wpi_set_txpower(struct wpi_softc *, int); 124 int wpi_get_power_index(struct wpi_softc *, 125 struct wpi_power_group *, struct ieee80211_channel *, int); 126 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 127 int wpi_config(struct wpi_softc *); 128 int wpi_scan(struct wpi_softc *, uint16_t); 129 int wpi_auth(struct wpi_softc *); 130 int wpi_run(struct wpi_softc *); 131 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 132 struct ieee80211_key *); 133 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 134 struct ieee80211_key *); 135 int wpi_post_alive(struct wpi_softc *); 136 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 137 int wpi_load_firmware(struct wpi_softc *); 138 int wpi_read_firmware(struct wpi_softc *); 139 int wpi_clock_wait(struct wpi_softc *); 140 int wpi_apm_init(struct wpi_softc *); 141 void wpi_apm_stop_master(struct wpi_softc *); 142 void wpi_apm_stop(struct wpi_softc *); 143 void wpi_nic_config(struct wpi_softc *); 144 int wpi_hw_init(struct wpi_softc *); 145 void wpi_hw_stop(struct wpi_softc *); 146 int wpi_init(struct ifnet *); 147 void wpi_stop(struct ifnet *, int); 148 149 #ifdef WPI_DEBUG 150 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 151 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 152 int wpi_debug = 0; 153 #else 154 #define DPRINTF(x) 155 #define DPRINTFN(n, x) 156 #endif 157 158 struct cfdriver wpi_cd = { 159 NULL, "wpi", DV_IFNET 160 }; 161 162 struct cfattach wpi_ca = { 163 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach, 164 wpi_activate 165 }; 166 167 int 168 wpi_match(struct device *parent, void *match, void *aux) 169 { 170 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 171 nitems(wpi_devices)); 172 } 173 174 void 175 wpi_attach(struct device *parent, struct device *self, void *aux) 176 { 177 struct wpi_softc *sc = (struct wpi_softc *)self; 178 struct ieee80211com *ic = &sc->sc_ic; 179 struct ifnet *ifp = &ic->ic_if; 180 struct pci_attach_args *pa = aux; 181 const char *intrstr; 182 pci_intr_handle_t ih; 183 pcireg_t memtype, reg; 184 int i, error; 185 186 sc->sc_pct = pa->pa_pc; 187 sc->sc_pcitag = pa->pa_tag; 188 sc->sc_dmat = pa->pa_dmat; 189 190 /* 191 * Get the offset of the PCI Express Capability Structure in PCI 192 * Configuration Space (the vendor driver hard-codes it as E0h.) 193 */ 194 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 195 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 196 if (error == 0) { 197 printf(": PCIe capability structure not found!\n"); 198 return; 199 } 200 201 /* Clear device-specific "PCI retry timeout" register (41h). */ 202 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 203 reg &= ~0xff00; 204 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 205 206 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 207 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 208 &sc->sc_sh, NULL, &sc->sc_sz, 0); 209 if (error != 0) { 210 printf(": can't map mem space\n"); 211 return; 212 } 213 214 /* Install interrupt handler. */ 215 if (pci_intr_map_msi(pa, &ih) != 0 && pci_intr_map(pa, &ih) != 0) { 216 printf(": can't map interrupt\n"); 217 return; 218 } 219 intrstr = pci_intr_string(sc->sc_pct, ih); 220 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 221 sc->sc_dev.dv_xname); 222 if (sc->sc_ih == NULL) { 223 printf(": can't establish interrupt"); 224 if (intrstr != NULL) 225 printf(" at %s", intrstr); 226 printf("\n"); 227 return; 228 } 229 printf(": %s", intrstr); 230 231 /* Power ON adapter. */ 232 if ((error = wpi_apm_init(sc)) != 0) { 233 printf(": could not power ON adapter\n"); 234 return; 235 } 236 237 /* Read MAC address, channels, etc from EEPROM. */ 238 if ((error = wpi_read_eeprom(sc)) != 0) { 239 printf(": could not read EEPROM\n"); 240 return; 241 } 242 243 /* Allocate DMA memory for firmware transfers. */ 244 if ((error = wpi_alloc_fwmem(sc)) != 0) { 245 printf(": could not allocate memory for firmware\n"); 246 return; 247 } 248 249 /* Allocate shared area. */ 250 if ((error = wpi_alloc_shared(sc)) != 0) { 251 printf(": could not allocate shared area\n"); 252 goto fail1; 253 } 254 255 /* Allocate TX rings. */ 256 for (i = 0; i < WPI_NTXQUEUES; i++) { 257 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 258 printf(": could not allocate TX ring %d\n", i); 259 goto fail2; 260 } 261 } 262 263 /* Allocate RX ring. */ 264 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 265 printf(": could not allocate Rx ring\n"); 266 goto fail2; 267 } 268 269 /* Power OFF adapter. */ 270 wpi_apm_stop(sc); 271 /* Clear pending interrupts. */ 272 WPI_WRITE(sc, WPI_INT, 0xffffffff); 273 274 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 275 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 276 ic->ic_state = IEEE80211_S_INIT; 277 278 /* Set device capabilities. */ 279 ic->ic_caps = 280 IEEE80211_C_WEP | /* WEP */ 281 IEEE80211_C_RSN | /* WPA/RSN */ 282 IEEE80211_C_SCANALL | /* device scans all channels at once */ 283 IEEE80211_C_SCANALLBAND | /* driver scans all bands at once */ 284 IEEE80211_C_MONITOR | /* monitor mode supported */ 285 IEEE80211_C_SHSLOT | /* short slot time supported */ 286 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 287 IEEE80211_C_PMGT; /* power saving supported */ 288 289 /* Set supported rates. */ 290 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 291 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 292 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 293 ic->ic_sup_rates[IEEE80211_MODE_11A] = 294 ieee80211_std_rateset_11a; 295 } 296 297 /* IBSS channel undefined for now. */ 298 ic->ic_ibss_chan = &ic->ic_channels[0]; 299 300 ifp->if_softc = sc; 301 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 302 ifp->if_ioctl = wpi_ioctl; 303 ifp->if_start = wpi_start; 304 ifp->if_watchdog = wpi_watchdog; 305 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 306 307 if_attach(ifp); 308 ieee80211_ifattach(ifp); 309 ic->ic_node_alloc = wpi_node_alloc; 310 ic->ic_newassoc = wpi_newassoc; 311 ic->ic_updateedca = wpi_updateedca; 312 ic->ic_set_key = wpi_set_key; 313 ic->ic_delete_key = wpi_delete_key; 314 315 /* Override 802.11 state transition machine. */ 316 sc->sc_newstate = ic->ic_newstate; 317 ic->ic_newstate = wpi_newstate; 318 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 319 320 sc->amrr.amrr_min_success_threshold = 1; 321 sc->amrr.amrr_max_success_threshold = 15; 322 323 #if NBPFILTER > 0 324 wpi_radiotap_attach(sc); 325 #endif 326 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 327 rw_init(&sc->sc_rwlock, "wpilock"); 328 task_set(&sc->init_task, wpi_init_task, sc); 329 return; 330 331 /* Free allocated memory if something failed during attachment. */ 332 fail2: while (--i >= 0) 333 wpi_free_tx_ring(sc, &sc->txq[i]); 334 wpi_free_shared(sc); 335 fail1: wpi_free_fwmem(sc); 336 } 337 338 #if NBPFILTER > 0 339 /* 340 * Attach the interface to 802.11 radiotap. 341 */ 342 void 343 wpi_radiotap_attach(struct wpi_softc *sc) 344 { 345 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 346 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 347 348 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 349 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 350 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 351 352 sc->sc_txtap_len = sizeof sc->sc_txtapu; 353 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 354 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 355 } 356 #endif 357 358 int 359 wpi_detach(struct device *self, int flags) 360 { 361 struct wpi_softc *sc = (struct wpi_softc *)self; 362 struct ifnet *ifp = &sc->sc_ic.ic_if; 363 int qid; 364 365 timeout_del(&sc->calib_to); 366 task_del(systq, &sc->init_task); 367 368 /* Uninstall interrupt handler. */ 369 if (sc->sc_ih != NULL) 370 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 371 372 /* Free DMA resources. */ 373 wpi_free_rx_ring(sc, &sc->rxq); 374 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 375 wpi_free_tx_ring(sc, &sc->txq[qid]); 376 wpi_free_shared(sc); 377 wpi_free_fwmem(sc); 378 379 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 380 381 ieee80211_ifdetach(ifp); 382 if_detach(ifp); 383 384 return 0; 385 } 386 387 int 388 wpi_activate(struct device *self, int act) 389 { 390 struct wpi_softc *sc = (struct wpi_softc *)self; 391 struct ifnet *ifp = &sc->sc_ic.ic_if; 392 393 switch (act) { 394 case DVACT_SUSPEND: 395 if (ifp->if_flags & IFF_RUNNING) 396 wpi_stop(ifp, 0); 397 break; 398 case DVACT_WAKEUP: 399 wpi_wakeup(sc); 400 break; 401 } 402 403 return 0; 404 } 405 406 void 407 wpi_wakeup(struct wpi_softc *sc) 408 { 409 pcireg_t reg; 410 411 /* Clear device-specific "PCI retry timeout" register (41h). */ 412 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 413 reg &= ~0xff00; 414 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 415 416 wpi_init_task(sc); 417 } 418 419 void 420 wpi_init_task(void *arg1) 421 { 422 struct wpi_softc *sc = arg1; 423 struct ifnet *ifp = &sc->sc_ic.ic_if; 424 int s; 425 426 rw_enter_write(&sc->sc_rwlock); 427 s = splnet(); 428 429 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP) 430 wpi_init(ifp); 431 432 splx(s); 433 rw_exit_write(&sc->sc_rwlock); 434 } 435 436 int 437 wpi_nic_lock(struct wpi_softc *sc) 438 { 439 int ntries; 440 441 /* Request exclusive access to NIC. */ 442 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 443 444 /* Spin until we actually get the lock. */ 445 for (ntries = 0; ntries < 1000; ntries++) { 446 if ((WPI_READ(sc, WPI_GP_CNTRL) & 447 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 448 WPI_GP_CNTRL_MAC_ACCESS_ENA) 449 return 0; 450 DELAY(10); 451 } 452 return ETIMEDOUT; 453 } 454 455 static __inline void 456 wpi_nic_unlock(struct wpi_softc *sc) 457 { 458 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 459 } 460 461 static __inline uint32_t 462 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 463 { 464 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 465 WPI_BARRIER_READ_WRITE(sc); 466 return WPI_READ(sc, WPI_PRPH_RDATA); 467 } 468 469 static __inline void 470 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 471 { 472 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 473 WPI_BARRIER_WRITE(sc); 474 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 475 } 476 477 static __inline void 478 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 479 { 480 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 481 } 482 483 static __inline void 484 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 485 { 486 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 487 } 488 489 static __inline void 490 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 491 const uint32_t *data, int count) 492 { 493 for (; count > 0; count--, data++, addr += 4) 494 wpi_prph_write(sc, addr, *data); 495 } 496 497 #ifdef WPI_DEBUG 498 499 static __inline uint32_t 500 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 501 { 502 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 503 WPI_BARRIER_READ_WRITE(sc); 504 return WPI_READ(sc, WPI_MEM_RDATA); 505 } 506 507 static __inline void 508 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 509 { 510 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 511 WPI_BARRIER_WRITE(sc); 512 WPI_WRITE(sc, WPI_MEM_WDATA, data); 513 } 514 515 static __inline void 516 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 517 int count) 518 { 519 for (; count > 0; count--, addr += 4) 520 *data++ = wpi_mem_read(sc, addr); 521 } 522 523 #endif 524 525 int 526 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 527 { 528 uint8_t *out = data; 529 uint32_t val; 530 int error, ntries; 531 532 if ((error = wpi_nic_lock(sc)) != 0) 533 return error; 534 535 for (; count > 0; count -= 2, addr++) { 536 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 537 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 538 539 for (ntries = 0; ntries < 10; ntries++) { 540 val = WPI_READ(sc, WPI_EEPROM); 541 if (val & WPI_EEPROM_READ_VALID) 542 break; 543 DELAY(5); 544 } 545 if (ntries == 10) { 546 printf("%s: could not read EEPROM\n", 547 sc->sc_dev.dv_xname); 548 return ETIMEDOUT; 549 } 550 *out++ = val >> 16; 551 if (count > 1) 552 *out++ = val >> 24; 553 } 554 555 wpi_nic_unlock(sc); 556 return 0; 557 } 558 559 int 560 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 561 bus_size_t size, bus_size_t alignment) 562 { 563 int nsegs, error; 564 565 dma->tag = tag; 566 dma->size = size; 567 568 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 569 &dma->map); 570 if (error != 0) 571 goto fail; 572 573 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 574 BUS_DMA_NOWAIT | BUS_DMA_ZERO); 575 if (error != 0) 576 goto fail; 577 578 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 579 BUS_DMA_NOWAIT | BUS_DMA_COHERENT); 580 if (error != 0) 581 goto fail; 582 583 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, 584 BUS_DMA_NOWAIT); 585 if (error != 0) 586 goto fail; 587 588 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 589 590 dma->paddr = dma->map->dm_segs[0].ds_addr; 591 if (kvap != NULL) 592 *kvap = dma->vaddr; 593 594 return 0; 595 596 fail: wpi_dma_contig_free(dma); 597 return error; 598 } 599 600 void 601 wpi_dma_contig_free(struct wpi_dma_info *dma) 602 { 603 if (dma->map != NULL) { 604 if (dma->vaddr != NULL) { 605 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 606 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 607 bus_dmamap_unload(dma->tag, dma->map); 608 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 609 bus_dmamem_free(dma->tag, &dma->seg, 1); 610 dma->vaddr = NULL; 611 } 612 bus_dmamap_destroy(dma->tag, dma->map); 613 dma->map = NULL; 614 } 615 } 616 617 int 618 wpi_alloc_shared(struct wpi_softc *sc) 619 { 620 /* Shared buffer must be aligned on a 4KB boundary. */ 621 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 622 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 623 } 624 625 void 626 wpi_free_shared(struct wpi_softc *sc) 627 { 628 wpi_dma_contig_free(&sc->shared_dma); 629 } 630 631 int 632 wpi_alloc_fwmem(struct wpi_softc *sc) 633 { 634 /* Allocate enough contiguous space to store text and data. */ 635 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 636 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 637 } 638 639 void 640 wpi_free_fwmem(struct wpi_softc *sc) 641 { 642 wpi_dma_contig_free(&sc->fw_dma); 643 } 644 645 int 646 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 647 { 648 bus_size_t size; 649 int i, error; 650 651 ring->cur = 0; 652 653 /* Allocate RX descriptors (16KB aligned.) */ 654 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 655 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 656 (void **)&ring->desc, size, 16 * 1024); 657 if (error != 0) { 658 printf("%s: could not allocate RX ring DMA memory\n", 659 sc->sc_dev.dv_xname); 660 goto fail; 661 } 662 663 /* 664 * Allocate and map RX buffers. 665 */ 666 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 667 struct wpi_rx_data *data = &ring->data[i]; 668 669 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1, 670 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map); 671 if (error != 0) { 672 printf("%s: could not create RX buf DMA map\n", 673 sc->sc_dev.dv_xname); 674 goto fail; 675 } 676 677 data->m = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 678 if (data->m == NULL) { 679 printf("%s: could not allocate RX mbuf\n", 680 sc->sc_dev.dv_xname); 681 error = ENOBUFS; 682 goto fail; 683 } 684 685 error = bus_dmamap_load(sc->sc_dmat, data->map, 686 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 687 BUS_DMA_NOWAIT | BUS_DMA_READ); 688 if (error != 0) { 689 printf("%s: can't map mbuf (error %d)\n", 690 sc->sc_dev.dv_xname, error); 691 goto fail; 692 } 693 694 /* Set physical address of RX buffer. */ 695 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr); 696 } 697 698 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 699 BUS_DMASYNC_PREWRITE); 700 701 return 0; 702 703 fail: wpi_free_rx_ring(sc, ring); 704 return error; 705 } 706 707 void 708 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 709 { 710 int ntries; 711 712 if (wpi_nic_lock(sc) == 0) { 713 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 714 for (ntries = 0; ntries < 100; ntries++) { 715 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 716 WPI_FH_RX_STATUS_IDLE) 717 break; 718 DELAY(10); 719 } 720 wpi_nic_unlock(sc); 721 } 722 ring->cur = 0; 723 } 724 725 void 726 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 727 { 728 int i; 729 730 wpi_dma_contig_free(&ring->desc_dma); 731 732 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 733 struct wpi_rx_data *data = &ring->data[i]; 734 735 if (data->m != NULL) { 736 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 737 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 738 bus_dmamap_unload(sc->sc_dmat, data->map); 739 m_freem(data->m); 740 } 741 if (data->map != NULL) 742 bus_dmamap_destroy(sc->sc_dmat, data->map); 743 } 744 } 745 746 int 747 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 748 { 749 bus_addr_t paddr; 750 bus_size_t size; 751 int i, error; 752 753 ring->qid = qid; 754 ring->queued = 0; 755 ring->cur = 0; 756 757 /* Allocate TX descriptors (16KB aligned.) */ 758 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 759 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 760 (void **)&ring->desc, size, 16 * 1024); 761 if (error != 0) { 762 printf("%s: could not allocate TX ring DMA memory\n", 763 sc->sc_dev.dv_xname); 764 goto fail; 765 } 766 767 /* Update shared area with ring physical address. */ 768 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 769 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 770 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 771 772 /* 773 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 774 * to allocate commands space for other rings. 775 * XXX Do we really need to allocate descriptors for other rings? 776 */ 777 if (qid > 4) 778 return 0; 779 780 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 781 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 782 (void **)&ring->cmd, size, 4); 783 if (error != 0) { 784 printf("%s: could not allocate TX cmd DMA memory\n", 785 sc->sc_dev.dv_xname); 786 goto fail; 787 } 788 789 paddr = ring->cmd_dma.paddr; 790 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 791 struct wpi_tx_data *data = &ring->data[i]; 792 793 data->cmd_paddr = paddr; 794 paddr += sizeof (struct wpi_tx_cmd); 795 796 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 797 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 798 &data->map); 799 if (error != 0) { 800 printf("%s: could not create TX buf DMA map\n", 801 sc->sc_dev.dv_xname); 802 goto fail; 803 } 804 } 805 return 0; 806 807 fail: wpi_free_tx_ring(sc, ring); 808 return error; 809 } 810 811 void 812 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 813 { 814 int i; 815 816 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 817 struct wpi_tx_data *data = &ring->data[i]; 818 819 if (data->m != NULL) { 820 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 821 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 822 bus_dmamap_unload(sc->sc_dmat, data->map); 823 m_freem(data->m); 824 data->m = NULL; 825 } 826 } 827 /* Clear TX descriptors. */ 828 memset(ring->desc, 0, ring->desc_dma.size); 829 sc->qfullmsk &= ~(1 << ring->qid); 830 ring->queued = 0; 831 ring->cur = 0; 832 } 833 834 void 835 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 836 { 837 int i; 838 839 wpi_dma_contig_free(&ring->desc_dma); 840 wpi_dma_contig_free(&ring->cmd_dma); 841 842 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 843 struct wpi_tx_data *data = &ring->data[i]; 844 845 if (data->m != NULL) { 846 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 847 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 848 bus_dmamap_unload(sc->sc_dmat, data->map); 849 m_freem(data->m); 850 } 851 if (data->map != NULL) 852 bus_dmamap_destroy(sc->sc_dmat, data->map); 853 } 854 } 855 856 int 857 wpi_read_eeprom(struct wpi_softc *sc) 858 { 859 struct ieee80211com *ic = &sc->sc_ic; 860 char domain[4]; 861 int i; 862 863 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 864 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 865 return EIO; 866 } 867 /* Clear HW ownership of EEPROM. */ 868 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 869 870 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 871 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 872 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 873 874 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 875 sc->type)); 876 877 /* Read and print regulatory domain (4 ASCII characters.) */ 878 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 879 printf(", %.4s", domain); 880 881 /* Read and print MAC address. */ 882 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 883 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 884 885 /* Read the list of authorized channels. */ 886 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 887 wpi_read_eeprom_channels(sc, i); 888 889 /* Read the list of TX power groups. */ 890 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 891 wpi_read_eeprom_group(sc, i); 892 893 return 0; 894 } 895 896 void 897 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 898 { 899 struct ieee80211com *ic = &sc->sc_ic; 900 const struct wpi_chan_band *band = &wpi_bands[n]; 901 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 902 int chan, i; 903 904 wpi_read_prom_data(sc, band->addr, channels, 905 band->nchan * sizeof (struct wpi_eeprom_chan)); 906 907 for (i = 0; i < band->nchan; i++) { 908 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 909 continue; 910 911 chan = band->chan[i]; 912 913 if (n == 0) { /* 2GHz band */ 914 ic->ic_channels[chan].ic_freq = 915 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 916 ic->ic_channels[chan].ic_flags = 917 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 918 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 919 920 } else { /* 5GHz band */ 921 /* 922 * Some adapters support channels 7, 8, 11 and 12 923 * both in the 2GHz and 4.9GHz bands. 924 * Because of limitations in our net80211 layer, 925 * we don't support them in the 4.9GHz band. 926 */ 927 if (chan <= 14) 928 continue; 929 930 ic->ic_channels[chan].ic_freq = 931 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 932 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 933 /* We have at least one valid 5GHz channel. */ 934 sc->sc_flags |= WPI_FLAG_HAS_5GHZ; 935 } 936 937 /* Is active scan allowed on this channel? */ 938 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 939 ic->ic_channels[chan].ic_flags |= 940 IEEE80211_CHAN_PASSIVE; 941 } 942 943 /* Save maximum allowed TX power for this channel. */ 944 sc->maxpwr[chan] = channels[i].maxpwr; 945 946 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 947 chan, channels[i].flags, sc->maxpwr[chan])); 948 } 949 } 950 951 void 952 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 953 { 954 struct wpi_power_group *group = &sc->groups[n]; 955 struct wpi_eeprom_group rgroup; 956 int i; 957 958 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 959 sizeof rgroup); 960 961 /* Save TX power group information. */ 962 group->chan = rgroup.chan; 963 group->maxpwr = rgroup.maxpwr; 964 /* Retrieve temperature at which the samples were taken. */ 965 group->temp = (int16_t)letoh16(rgroup.temp); 966 967 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 968 group->chan, group->maxpwr, group->temp)); 969 970 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 971 group->samples[i].index = rgroup.samples[i].index; 972 group->samples[i].power = rgroup.samples[i].power; 973 974 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 975 group->samples[i].index, group->samples[i].power)); 976 } 977 } 978 979 struct ieee80211_node * 980 wpi_node_alloc(struct ieee80211com *ic) 981 { 982 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 983 } 984 985 void 986 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 987 { 988 struct wpi_softc *sc = ic->ic_if.if_softc; 989 struct wpi_node *wn = (void *)ni; 990 uint8_t rate; 991 int ridx, i; 992 993 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 994 /* Start at lowest available bit-rate, AMRR will raise. */ 995 ni->ni_txrate = 0; 996 997 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 998 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 999 /* Map 802.11 rate to HW rate index. */ 1000 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1001 if (wpi_rates[ridx].rate == rate) 1002 break; 1003 wn->ridx[i] = ridx; 1004 } 1005 } 1006 1007 int 1008 wpi_media_change(struct ifnet *ifp) 1009 { 1010 struct wpi_softc *sc = ifp->if_softc; 1011 struct ieee80211com *ic = &sc->sc_ic; 1012 uint8_t rate, ridx; 1013 int error; 1014 1015 error = ieee80211_media_change(ifp); 1016 if (error != ENETRESET) 1017 return error; 1018 1019 if (ic->ic_fixed_rate != -1) { 1020 rate = ic->ic_sup_rates[ic->ic_curmode]. 1021 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1022 /* Map 802.11 rate to HW rate index. */ 1023 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1024 if (wpi_rates[ridx].rate == rate) 1025 break; 1026 sc->fixed_ridx = ridx; 1027 } 1028 1029 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1030 (IFF_UP | IFF_RUNNING)) { 1031 wpi_stop(ifp, 0); 1032 error = wpi_init(ifp); 1033 } 1034 return error; 1035 } 1036 1037 int 1038 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1039 { 1040 struct ifnet *ifp = &ic->ic_if; 1041 struct wpi_softc *sc = ifp->if_softc; 1042 int error; 1043 1044 timeout_del(&sc->calib_to); 1045 1046 switch (nstate) { 1047 case IEEE80211_S_SCAN: 1048 /* Make the link LED blink while we're scanning. */ 1049 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1050 1051 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1052 printf("%s: could not initiate scan\n", 1053 sc->sc_dev.dv_xname); 1054 return error; 1055 } 1056 ic->ic_state = nstate; 1057 return 0; 1058 1059 case IEEE80211_S_ASSOC: 1060 if (ic->ic_state != IEEE80211_S_RUN) 1061 break; 1062 /* FALLTHROUGH */ 1063 case IEEE80211_S_AUTH: 1064 /* Reset state to handle reassociations correctly. */ 1065 sc->rxon.associd = 0; 1066 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1067 1068 if ((error = wpi_auth(sc)) != 0) { 1069 printf("%s: could not move to auth state\n", 1070 sc->sc_dev.dv_xname); 1071 return error; 1072 } 1073 break; 1074 1075 case IEEE80211_S_RUN: 1076 if ((error = wpi_run(sc)) != 0) { 1077 printf("%s: could not move to run state\n", 1078 sc->sc_dev.dv_xname); 1079 return error; 1080 } 1081 break; 1082 1083 case IEEE80211_S_INIT: 1084 break; 1085 } 1086 1087 return sc->sc_newstate(ic, nstate, arg); 1088 } 1089 1090 void 1091 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1092 { 1093 struct wpi_softc *sc = arg; 1094 struct wpi_node *wn = (struct wpi_node *)ni; 1095 1096 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1097 } 1098 1099 void 1100 wpi_calib_timeout(void *arg) 1101 { 1102 struct wpi_softc *sc = arg; 1103 struct ieee80211com *ic = &sc->sc_ic; 1104 int s; 1105 1106 s = splnet(); 1107 /* Automatic rate control triggered every 500ms. */ 1108 if (ic->ic_fixed_rate == -1) { 1109 if (ic->ic_opmode == IEEE80211_M_STA) 1110 wpi_iter_func(sc, ic->ic_bss); 1111 else 1112 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1113 } 1114 1115 /* Force automatic TX power calibration every 60 secs. */ 1116 if (++sc->calib_cnt >= 120) { 1117 wpi_power_calibration(sc); 1118 sc->calib_cnt = 0; 1119 } 1120 splx(s); 1121 1122 /* Automatic rate control triggered every 500ms. */ 1123 timeout_add_msec(&sc->calib_to, 500); 1124 } 1125 1126 int 1127 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1128 { 1129 struct ieee80211_frame *wh; 1130 uint64_t pn, *prsc; 1131 uint8_t *ivp; 1132 uint8_t tid; 1133 int hdrlen; 1134 1135 wh = mtod(m, struct ieee80211_frame *); 1136 hdrlen = ieee80211_get_hdrlen(wh); 1137 ivp = (uint8_t *)wh + hdrlen; 1138 1139 /* Check that ExtIV bit is be set. */ 1140 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1141 DPRINTF(("CCMP decap ExtIV not set\n")); 1142 return 1; 1143 } 1144 tid = ieee80211_has_qos(wh) ? 1145 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1146 prsc = &k->k_rsc[tid]; 1147 1148 /* Extract the 48-bit PN from the CCMP header. */ 1149 pn = (uint64_t)ivp[0] | 1150 (uint64_t)ivp[1] << 8 | 1151 (uint64_t)ivp[4] << 16 | 1152 (uint64_t)ivp[5] << 24 | 1153 (uint64_t)ivp[6] << 32 | 1154 (uint64_t)ivp[7] << 40; 1155 if (pn <= *prsc) { 1156 /* 1157 * Not necessarily a replayed frame since we did not check 1158 * the sequence number of the 802.11 header yet. 1159 */ 1160 DPRINTF(("CCMP replayed\n")); 1161 return 1; 1162 } 1163 /* Update last seen packet number. */ 1164 *prsc = pn; 1165 1166 /* Clear Protected bit and strip IV. */ 1167 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1168 memmove(mtod(m, caddr_t) + IEEE80211_CCMP_HDRLEN, wh, hdrlen); 1169 m_adj(m, IEEE80211_CCMP_HDRLEN); 1170 /* Strip MIC. */ 1171 m_adj(m, -IEEE80211_CCMP_MICLEN); 1172 return 0; 1173 } 1174 1175 void 1176 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1177 struct wpi_rx_data *data) 1178 { 1179 struct ieee80211com *ic = &sc->sc_ic; 1180 struct ifnet *ifp = &ic->ic_if; 1181 struct wpi_rx_ring *ring = &sc->rxq; 1182 struct wpi_rx_stat *stat; 1183 struct wpi_rx_head *head; 1184 struct wpi_rx_tail *tail; 1185 struct ieee80211_frame *wh; 1186 struct ieee80211_rxinfo rxi; 1187 struct ieee80211_node *ni; 1188 struct mbuf *m, *m1; 1189 uint32_t flags; 1190 int error; 1191 1192 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE, 1193 BUS_DMASYNC_POSTREAD); 1194 stat = (struct wpi_rx_stat *)(desc + 1); 1195 1196 if (stat->len > WPI_STAT_MAXLEN) { 1197 printf("%s: invalid RX statistic header\n", 1198 sc->sc_dev.dv_xname); 1199 ifp->if_ierrors++; 1200 return; 1201 } 1202 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1203 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1204 flags = letoh32(tail->flags); 1205 1206 /* Discard frames with a bad FCS early. */ 1207 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1208 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1209 ifp->if_ierrors++; 1210 return; 1211 } 1212 /* Discard frames that are too short. */ 1213 if (letoh16(head->len) < sizeof (*wh)) { 1214 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1215 ic->ic_stats.is_rx_tooshort++; 1216 ifp->if_ierrors++; 1217 return; 1218 } 1219 1220 m1 = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 1221 if (m1 == NULL) { 1222 ic->ic_stats.is_rx_nombuf++; 1223 ifp->if_ierrors++; 1224 return; 1225 } 1226 bus_dmamap_unload(sc->sc_dmat, data->map); 1227 1228 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 1229 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 1230 if (error != 0) { 1231 m_freem(m1); 1232 1233 /* Try to reload the old mbuf. */ 1234 error = bus_dmamap_load(sc->sc_dmat, data->map, 1235 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 1236 BUS_DMA_NOWAIT | BUS_DMA_READ); 1237 if (error != 0) { 1238 panic("%s: could not load old RX mbuf", 1239 sc->sc_dev.dv_xname); 1240 } 1241 /* Physical address may have changed. */ 1242 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1243 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1244 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1245 BUS_DMASYNC_PREWRITE); 1246 ifp->if_ierrors++; 1247 return; 1248 } 1249 1250 m = data->m; 1251 data->m = m1; 1252 /* Update RX descriptor. */ 1253 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1254 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1255 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1256 BUS_DMASYNC_PREWRITE); 1257 1258 /* Finalize mbuf. */ 1259 m->m_data = (caddr_t)(head + 1); 1260 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1261 1262 /* Grab a reference to the source node. */ 1263 wh = mtod(m, struct ieee80211_frame *); 1264 ni = ieee80211_find_rxnode(ic, wh); 1265 1266 rxi.rxi_flags = 0; 1267 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1268 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1269 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1270 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1271 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1272 ic->ic_stats.is_ccmp_dec_errs++; 1273 ifp->if_ierrors++; 1274 m_freem(m); 1275 return; 1276 } 1277 /* Check whether decryption was successful or not. */ 1278 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1279 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1280 ic->ic_stats.is_ccmp_dec_errs++; 1281 ifp->if_ierrors++; 1282 m_freem(m); 1283 return; 1284 } 1285 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1286 ifp->if_ierrors++; 1287 m_freem(m); 1288 return; 1289 } 1290 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1291 } 1292 1293 #if NBPFILTER > 0 1294 if (sc->sc_drvbpf != NULL) { 1295 struct mbuf mb; 1296 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1297 1298 tap->wr_flags = 0; 1299 if (letoh16(head->flags) & 0x4) 1300 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1301 tap->wr_chan_freq = 1302 htole16(ic->ic_channels[head->chan].ic_freq); 1303 tap->wr_chan_flags = 1304 htole16(ic->ic_channels[head->chan].ic_flags); 1305 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1306 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1307 tap->wr_tsft = tail->tstamp; 1308 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1309 switch (head->rate) { 1310 /* CCK rates. */ 1311 case 10: tap->wr_rate = 2; break; 1312 case 20: tap->wr_rate = 4; break; 1313 case 55: tap->wr_rate = 11; break; 1314 case 110: tap->wr_rate = 22; break; 1315 /* OFDM rates. */ 1316 case 0xd: tap->wr_rate = 12; break; 1317 case 0xf: tap->wr_rate = 18; break; 1318 case 0x5: tap->wr_rate = 24; break; 1319 case 0x7: tap->wr_rate = 36; break; 1320 case 0x9: tap->wr_rate = 48; break; 1321 case 0xb: tap->wr_rate = 72; break; 1322 case 0x1: tap->wr_rate = 96; break; 1323 case 0x3: tap->wr_rate = 108; break; 1324 /* Unknown rate: should not happen. */ 1325 default: tap->wr_rate = 0; 1326 } 1327 1328 mb.m_data = (caddr_t)tap; 1329 mb.m_len = sc->sc_rxtap_len; 1330 mb.m_next = m; 1331 mb.m_nextpkt = NULL; 1332 mb.m_type = 0; 1333 mb.m_flags = 0; 1334 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1335 } 1336 #endif 1337 1338 /* Send the frame to the 802.11 layer. */ 1339 rxi.rxi_rssi = stat->rssi; 1340 rxi.rxi_tstamp = 0; /* unused */ 1341 ieee80211_input(ifp, m, ni, &rxi); 1342 1343 /* Node is no longer needed. */ 1344 ieee80211_release_node(ic, ni); 1345 } 1346 1347 void 1348 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1349 { 1350 struct ieee80211com *ic = &sc->sc_ic; 1351 struct ifnet *ifp = &ic->ic_if; 1352 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1353 struct wpi_tx_data *data = &ring->data[desc->idx]; 1354 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1355 struct wpi_node *wn = (struct wpi_node *)data->ni; 1356 1357 /* Update rate control statistics. */ 1358 wn->amn.amn_txcnt++; 1359 if (stat->retrycnt > 0) 1360 wn->amn.amn_retrycnt++; 1361 1362 if ((letoh32(stat->status) & 0xff) != 1) 1363 ifp->if_oerrors++; 1364 1365 /* Unmap and free mbuf. */ 1366 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1367 BUS_DMASYNC_POSTWRITE); 1368 bus_dmamap_unload(sc->sc_dmat, data->map); 1369 m_freem(data->m); 1370 data->m = NULL; 1371 ieee80211_release_node(ic, data->ni); 1372 data->ni = NULL; 1373 1374 sc->sc_tx_timer = 0; 1375 if (--ring->queued < WPI_TX_RING_LOMARK) { 1376 sc->qfullmsk &= ~(1 << ring->qid); 1377 if (sc->qfullmsk == 0 && ifq_is_oactive(&ifp->if_snd)) { 1378 ifq_clr_oactive(&ifp->if_snd); 1379 (*ifp->if_start)(ifp); 1380 } 1381 } 1382 } 1383 1384 void 1385 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1386 { 1387 struct wpi_tx_ring *ring = &sc->txq[4]; 1388 struct wpi_tx_data *data; 1389 1390 if ((desc->qid & 7) != 4) 1391 return; /* Not a command ack. */ 1392 1393 data = &ring->data[desc->idx]; 1394 1395 /* If the command was mapped in an mbuf, free it. */ 1396 if (data->m != NULL) { 1397 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1398 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1399 bus_dmamap_unload(sc->sc_dmat, data->map); 1400 m_freem(data->m); 1401 data->m = NULL; 1402 } 1403 wakeup(&ring->cmd[desc->idx]); 1404 } 1405 1406 void 1407 wpi_notif_intr(struct wpi_softc *sc) 1408 { 1409 struct ieee80211com *ic = &sc->sc_ic; 1410 struct ifnet *ifp = &ic->ic_if; 1411 uint32_t hw; 1412 1413 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1414 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1415 1416 hw = letoh32(sc->shared->next); 1417 while (sc->rxq.cur != hw) { 1418 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1419 struct wpi_rx_desc *desc; 1420 1421 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 1422 BUS_DMASYNC_POSTREAD); 1423 desc = mtod(data->m, struct wpi_rx_desc *); 1424 1425 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1426 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1427 letoh32(desc->len))); 1428 1429 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1430 wpi_cmd_done(sc, desc); 1431 1432 switch (desc->type) { 1433 case WPI_RX_DONE: 1434 /* An 802.11 frame has been received. */ 1435 wpi_rx_done(sc, desc, data); 1436 break; 1437 1438 case WPI_TX_DONE: 1439 /* An 802.11 frame has been transmitted. */ 1440 wpi_tx_done(sc, desc); 1441 break; 1442 1443 case WPI_UC_READY: 1444 { 1445 struct wpi_ucode_info *uc = 1446 (struct wpi_ucode_info *)(desc + 1); 1447 1448 /* The microcontroller is ready. */ 1449 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1450 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1451 DPRINTF(("microcode alive notification version %x " 1452 "alive %x\n", letoh32(uc->version), 1453 letoh32(uc->valid))); 1454 1455 if (letoh32(uc->valid) != 1) { 1456 printf("%s: microcontroller initialization " 1457 "failed\n", sc->sc_dev.dv_xname); 1458 } 1459 if (uc->subtype != WPI_UCODE_INIT) { 1460 /* Save the address of the error log. */ 1461 sc->errptr = letoh32(uc->errptr); 1462 } 1463 break; 1464 } 1465 case WPI_STATE_CHANGED: 1466 { 1467 uint32_t *status = (uint32_t *)(desc + 1); 1468 1469 /* Enabled/disabled notification. */ 1470 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1471 sizeof (*status), BUS_DMASYNC_POSTREAD); 1472 DPRINTF(("state changed to %x\n", letoh32(*status))); 1473 1474 if (letoh32(*status) & 1) { 1475 /* The radio button has to be pushed. */ 1476 printf("%s: Radio transmitter is off\n", 1477 sc->sc_dev.dv_xname); 1478 /* Turn the interface down. */ 1479 ifp->if_flags &= ~IFF_UP; 1480 wpi_stop(ifp, 1); 1481 return; /* No further processing. */ 1482 } 1483 break; 1484 } 1485 case WPI_START_SCAN: 1486 { 1487 struct wpi_start_scan *scan = 1488 (struct wpi_start_scan *)(desc + 1); 1489 1490 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1491 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1492 DPRINTFN(2, ("scanning channel %d status %x\n", 1493 scan->chan, letoh32(scan->status))); 1494 1495 /* Fix current channel. */ 1496 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1497 break; 1498 } 1499 case WPI_STOP_SCAN: 1500 { 1501 struct wpi_stop_scan *scan = 1502 (struct wpi_stop_scan *)(desc + 1); 1503 1504 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1505 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1506 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1507 scan->nchan, scan->status, scan->chan)); 1508 1509 if (scan->status == 1 && scan->chan <= 14 && 1510 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1511 /* 1512 * We just finished scanning 2GHz channels, 1513 * start scanning 5GHz ones. 1514 */ 1515 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1516 break; 1517 } 1518 ieee80211_end_scan(ifp); 1519 break; 1520 } 1521 } 1522 1523 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1524 } 1525 1526 /* Tell the firmware what we have processed. */ 1527 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1528 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1529 } 1530 1531 #ifdef WPI_DEBUG 1532 /* 1533 * Dump the error log of the firmware when a firmware panic occurs. Although 1534 * we can't debug the firmware because it is neither open source nor free, it 1535 * can help us to identify certain classes of problems. 1536 */ 1537 void 1538 wpi_fatal_intr(struct wpi_softc *sc) 1539 { 1540 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1541 struct wpi_fwdump dump; 1542 uint32_t i, offset, count; 1543 1544 /* Check that the error log address is valid. */ 1545 if (sc->errptr < WPI_FW_DATA_BASE || 1546 sc->errptr + sizeof (dump) > 1547 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1548 printf("%s: bad firmware error log address 0x%08x\n", 1549 sc->sc_dev.dv_xname, sc->errptr); 1550 return; 1551 } 1552 1553 if (wpi_nic_lock(sc) != 0) { 1554 printf("%s: could not read firmware error log\n", 1555 sc->sc_dev.dv_xname); 1556 return; 1557 } 1558 /* Read number of entries in the log. */ 1559 count = wpi_mem_read(sc, sc->errptr); 1560 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1561 printf("%s: invalid count field (count=%u)\n", 1562 sc->sc_dev.dv_xname, count); 1563 wpi_nic_unlock(sc); 1564 return; 1565 } 1566 /* Skip "count" field. */ 1567 offset = sc->errptr + sizeof (uint32_t); 1568 printf("firmware error log (count=%u):\n", count); 1569 for (i = 0; i < count; i++) { 1570 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1571 sizeof (dump) / sizeof (uint32_t)); 1572 1573 printf(" error type = \"%s\" (0x%08X)\n", 1574 (dump.desc < N(wpi_fw_errmsg)) ? 1575 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1576 dump.desc); 1577 printf(" error data = 0x%08X\n", 1578 dump.data); 1579 printf(" branch link = 0x%08X%08X\n", 1580 dump.blink[0], dump.blink[1]); 1581 printf(" interrupt link = 0x%08X%08X\n", 1582 dump.ilink[0], dump.ilink[1]); 1583 printf(" time = %u\n", dump.time); 1584 1585 offset += sizeof (dump); 1586 } 1587 wpi_nic_unlock(sc); 1588 /* Dump driver status (TX and RX rings) while we're here. */ 1589 printf("driver status:\n"); 1590 for (i = 0; i < 6; i++) { 1591 struct wpi_tx_ring *ring = &sc->txq[i]; 1592 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1593 i, ring->qid, ring->cur, ring->queued); 1594 } 1595 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1596 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1597 #undef N 1598 } 1599 #endif 1600 1601 int 1602 wpi_intr(void *arg) 1603 { 1604 struct wpi_softc *sc = arg; 1605 struct ifnet *ifp = &sc->sc_ic.ic_if; 1606 uint32_t r1, r2; 1607 1608 /* Disable interrupts. */ 1609 WPI_WRITE(sc, WPI_MASK, 0); 1610 1611 r1 = WPI_READ(sc, WPI_INT); 1612 r2 = WPI_READ(sc, WPI_FH_INT); 1613 1614 if (r1 == 0 && r2 == 0) { 1615 if (ifp->if_flags & IFF_UP) 1616 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1617 return 0; /* Interrupt not for us. */ 1618 } 1619 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1620 return 0; /* Hardware gone! */ 1621 1622 /* Acknowledge interrupts. */ 1623 WPI_WRITE(sc, WPI_INT, r1); 1624 WPI_WRITE(sc, WPI_FH_INT, r2); 1625 1626 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1627 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1628 /* Dump firmware error log and stop. */ 1629 #ifdef WPI_DEBUG 1630 wpi_fatal_intr(sc); 1631 #endif 1632 wpi_stop(ifp, 1); 1633 task_add(systq, &sc->init_task); 1634 return 1; 1635 } 1636 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1637 (r2 & WPI_FH_INT_RX)) 1638 wpi_notif_intr(sc); 1639 1640 if (r1 & WPI_INT_ALIVE) 1641 wakeup(sc); /* Firmware is alive. */ 1642 1643 /* Re-enable interrupts. */ 1644 if (ifp->if_flags & IFF_UP) 1645 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1646 1647 return 1; 1648 } 1649 1650 int 1651 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1652 { 1653 struct ieee80211com *ic = &sc->sc_ic; 1654 struct wpi_node *wn = (void *)ni; 1655 struct wpi_tx_ring *ring; 1656 struct wpi_tx_desc *desc; 1657 struct wpi_tx_data *data; 1658 struct wpi_tx_cmd *cmd; 1659 struct wpi_cmd_data *tx; 1660 const struct wpi_rate *rinfo; 1661 struct ieee80211_frame *wh; 1662 struct ieee80211_key *k = NULL; 1663 enum ieee80211_edca_ac ac; 1664 uint32_t flags; 1665 uint16_t qos; 1666 u_int hdrlen; 1667 uint8_t *ivp, tid, ridx, type; 1668 int i, totlen, hasqos, error; 1669 1670 wh = mtod(m, struct ieee80211_frame *); 1671 hdrlen = ieee80211_get_hdrlen(wh); 1672 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1673 1674 /* Select EDCA Access Category and TX ring for this frame. */ 1675 if ((hasqos = ieee80211_has_qos(wh))) { 1676 qos = ieee80211_get_qos(wh); 1677 tid = qos & IEEE80211_QOS_TID; 1678 ac = ieee80211_up_to_ac(ic, tid); 1679 } else { 1680 tid = 0; 1681 ac = EDCA_AC_BE; 1682 } 1683 1684 ring = &sc->txq[ac]; 1685 desc = &ring->desc[ring->cur]; 1686 data = &ring->data[ring->cur]; 1687 1688 /* Choose a TX rate index. */ 1689 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1690 type != IEEE80211_FC0_TYPE_DATA) { 1691 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1692 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1693 } else if (ic->ic_fixed_rate != -1) { 1694 ridx = sc->fixed_ridx; 1695 } else 1696 ridx = wn->ridx[ni->ni_txrate]; 1697 rinfo = &wpi_rates[ridx]; 1698 1699 #if NBPFILTER > 0 1700 if (sc->sc_drvbpf != NULL) { 1701 struct mbuf mb; 1702 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1703 1704 tap->wt_flags = 0; 1705 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1706 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1707 tap->wt_rate = rinfo->rate; 1708 tap->wt_hwqueue = ac; 1709 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1710 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1711 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1712 1713 mb.m_data = (caddr_t)tap; 1714 mb.m_len = sc->sc_txtap_len; 1715 mb.m_next = m; 1716 mb.m_nextpkt = NULL; 1717 mb.m_type = 0; 1718 mb.m_flags = 0; 1719 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1720 } 1721 #endif 1722 1723 totlen = m->m_pkthdr.len; 1724 1725 /* Encrypt the frame if need be. */ 1726 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1727 /* Retrieve key for TX. */ 1728 k = ieee80211_get_txkey(ic, wh, ni); 1729 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1730 /* Do software encryption. */ 1731 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1732 return ENOBUFS; 1733 /* 802.11 header may have moved. */ 1734 wh = mtod(m, struct ieee80211_frame *); 1735 totlen = m->m_pkthdr.len; 1736 1737 } else /* HW appends CCMP MIC. */ 1738 totlen += IEEE80211_CCMP_HDRLEN; 1739 } 1740 1741 /* Prepare TX firmware command. */ 1742 cmd = &ring->cmd[ring->cur]; 1743 cmd->code = WPI_CMD_TX_DATA; 1744 cmd->flags = 0; 1745 cmd->qid = ring->qid; 1746 cmd->idx = ring->cur; 1747 1748 tx = (struct wpi_cmd_data *)cmd->data; 1749 /* NB: No need to clear tx, all fields are reinitialized here. */ 1750 1751 flags = 0; 1752 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1753 /* Unicast frame, check if an ACK is expected. */ 1754 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1755 IEEE80211_QOS_ACK_POLICY_NOACK) 1756 flags |= WPI_TX_NEED_ACK; 1757 } 1758 1759 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1760 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1761 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1762 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1763 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1764 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1765 ridx <= WPI_RIDX_OFDM54) { 1766 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1767 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1768 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1769 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1770 } 1771 } 1772 1773 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1774 type != IEEE80211_FC0_TYPE_DATA) 1775 tx->id = WPI_ID_BROADCAST; 1776 else 1777 tx->id = wn->id; 1778 1779 if (type == IEEE80211_FC0_TYPE_MGT) { 1780 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1781 1782 #ifndef IEEE80211_STA_ONLY 1783 /* Tell HW to set timestamp in probe responses. */ 1784 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1785 flags |= WPI_TX_INSERT_TSTAMP; 1786 #endif 1787 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1788 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1789 tx->timeout = htole16(3); 1790 else 1791 tx->timeout = htole16(2); 1792 } else 1793 tx->timeout = htole16(0); 1794 1795 tx->len = htole16(totlen); 1796 tx->tid = tid; 1797 tx->rts_ntries = 7; 1798 tx->data_ntries = 15; 1799 tx->ofdm_mask = 0xff; 1800 tx->cck_mask = 0x0f; 1801 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1802 tx->plcp = rinfo->plcp; 1803 1804 /* Copy 802.11 header in TX command. */ 1805 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1806 1807 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1808 /* Trim 802.11 header and prepend CCMP IV. */ 1809 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1810 ivp = mtod(m, uint8_t *); 1811 k->k_tsc++; 1812 ivp[0] = k->k_tsc; 1813 ivp[1] = k->k_tsc >> 8; 1814 ivp[2] = 0; 1815 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1816 ivp[4] = k->k_tsc >> 16; 1817 ivp[5] = k->k_tsc >> 24; 1818 ivp[6] = k->k_tsc >> 32; 1819 ivp[7] = k->k_tsc >> 40; 1820 1821 tx->security = WPI_CIPHER_CCMP; 1822 memcpy(tx->key, k->k_key, k->k_len); 1823 } else { 1824 /* Trim 802.11 header. */ 1825 m_adj(m, hdrlen); 1826 tx->security = 0; 1827 } 1828 tx->flags = htole32(flags); 1829 1830 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1831 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1832 if (error != 0 && error != EFBIG) { 1833 printf("%s: can't map mbuf (error %d)\n", 1834 sc->sc_dev.dv_xname, error); 1835 m_freem(m); 1836 return error; 1837 } 1838 if (error != 0) { 1839 /* Too many DMA segments, linearize mbuf. */ 1840 if (m_defrag(m, M_DONTWAIT)) { 1841 m_freem(m); 1842 return ENOBUFS; 1843 } 1844 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1845 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1846 if (error != 0) { 1847 printf("%s: can't map mbuf (error %d)\n", 1848 sc->sc_dev.dv_xname, error); 1849 m_freem(m); 1850 return error; 1851 } 1852 } 1853 1854 data->m = m; 1855 data->ni = ni; 1856 1857 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1858 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1859 1860 /* Fill TX descriptor. */ 1861 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1862 (1 + data->map->dm_nsegs) << 24); 1863 /* First DMA segment is used by the TX command. */ 1864 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1865 ring->cur * sizeof (struct wpi_tx_cmd)); 1866 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1867 ((hdrlen + 3) & ~3)); 1868 /* Other DMA segments are for data payload. */ 1869 for (i = 1; i <= data->map->dm_nsegs; i++) { 1870 desc->segs[i].addr = 1871 htole32(data->map->dm_segs[i - 1].ds_addr); 1872 desc->segs[i].len = 1873 htole32(data->map->dm_segs[i - 1].ds_len); 1874 } 1875 1876 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1877 BUS_DMASYNC_PREWRITE); 1878 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1879 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1880 BUS_DMASYNC_PREWRITE); 1881 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1882 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1883 BUS_DMASYNC_PREWRITE); 1884 1885 /* Kick TX ring. */ 1886 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1887 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1888 1889 /* Mark TX ring as full if we reach a certain threshold. */ 1890 if (++ring->queued > WPI_TX_RING_HIMARK) 1891 sc->qfullmsk |= 1 << ring->qid; 1892 1893 return 0; 1894 } 1895 1896 void 1897 wpi_start(struct ifnet *ifp) 1898 { 1899 struct wpi_softc *sc = ifp->if_softc; 1900 struct ieee80211com *ic = &sc->sc_ic; 1901 struct ieee80211_node *ni; 1902 struct mbuf *m; 1903 1904 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 1905 return; 1906 1907 for (;;) { 1908 if (sc->qfullmsk != 0) { 1909 ifq_set_oactive(&ifp->if_snd); 1910 break; 1911 } 1912 /* Send pending management frames first. */ 1913 m = mq_dequeue(&ic->ic_mgtq); 1914 if (m != NULL) { 1915 ni = m->m_pkthdr.ph_cookie; 1916 goto sendit; 1917 } 1918 if (ic->ic_state != IEEE80211_S_RUN) 1919 break; 1920 1921 /* Encapsulate and send data frames. */ 1922 IFQ_DEQUEUE(&ifp->if_snd, m); 1923 if (m == NULL) 1924 break; 1925 #if NBPFILTER > 0 1926 if (ifp->if_bpf != NULL) 1927 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1928 #endif 1929 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1930 continue; 1931 sendit: 1932 #if NBPFILTER > 0 1933 if (ic->ic_rawbpf != NULL) 1934 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1935 #endif 1936 if (wpi_tx(sc, m, ni) != 0) { 1937 ieee80211_release_node(ic, ni); 1938 ifp->if_oerrors++; 1939 continue; 1940 } 1941 1942 sc->sc_tx_timer = 5; 1943 ifp->if_timer = 1; 1944 } 1945 } 1946 1947 void 1948 wpi_watchdog(struct ifnet *ifp) 1949 { 1950 struct wpi_softc *sc = ifp->if_softc; 1951 1952 ifp->if_timer = 0; 1953 1954 if (sc->sc_tx_timer > 0) { 1955 if (--sc->sc_tx_timer == 0) { 1956 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1957 ifp->if_flags &= ~IFF_UP; 1958 wpi_stop(ifp, 1); 1959 ifp->if_oerrors++; 1960 return; 1961 } 1962 ifp->if_timer = 1; 1963 } 1964 1965 ieee80211_watchdog(ifp); 1966 } 1967 1968 int 1969 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1970 { 1971 struct wpi_softc *sc = ifp->if_softc; 1972 struct ieee80211com *ic = &sc->sc_ic; 1973 struct ifreq *ifr; 1974 int s, error = 0; 1975 1976 error = rw_enter(&sc->sc_rwlock, RW_WRITE | RW_INTR); 1977 if (error) 1978 return error; 1979 s = splnet(); 1980 1981 switch (cmd) { 1982 case SIOCSIFADDR: 1983 ifp->if_flags |= IFF_UP; 1984 /* FALLTHROUGH */ 1985 case SIOCSIFFLAGS: 1986 if (ifp->if_flags & IFF_UP) { 1987 if (!(ifp->if_flags & IFF_RUNNING)) 1988 error = wpi_init(ifp); 1989 } else { 1990 if (ifp->if_flags & IFF_RUNNING) 1991 wpi_stop(ifp, 1); 1992 } 1993 break; 1994 1995 case SIOCADDMULTI: 1996 case SIOCDELMULTI: 1997 ifr = (struct ifreq *)data; 1998 error = (cmd == SIOCADDMULTI) ? 1999 ether_addmulti(ifr, &ic->ic_ac) : 2000 ether_delmulti(ifr, &ic->ic_ac); 2001 2002 if (error == ENETRESET) 2003 error = 0; 2004 break; 2005 2006 case SIOCS80211POWER: 2007 error = ieee80211_ioctl(ifp, cmd, data); 2008 if (error != ENETRESET) 2009 break; 2010 if (ic->ic_state == IEEE80211_S_RUN) { 2011 if (ic->ic_flags & IEEE80211_F_PMGTON) 2012 error = wpi_set_pslevel(sc, 0, 3, 0); 2013 else /* back to CAM */ 2014 error = wpi_set_pslevel(sc, 0, 0, 0); 2015 } else { 2016 /* Defer until transition to IEEE80211_S_RUN. */ 2017 error = 0; 2018 } 2019 break; 2020 2021 default: 2022 error = ieee80211_ioctl(ifp, cmd, data); 2023 } 2024 2025 if (error == ENETRESET) { 2026 error = 0; 2027 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2028 (IFF_UP | IFF_RUNNING)) { 2029 wpi_stop(ifp, 0); 2030 error = wpi_init(ifp); 2031 } 2032 } 2033 2034 splx(s); 2035 rw_exit_write(&sc->sc_rwlock); 2036 return error; 2037 } 2038 2039 /* 2040 * Send a command to the firmware. 2041 */ 2042 int 2043 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2044 { 2045 struct wpi_tx_ring *ring = &sc->txq[4]; 2046 struct wpi_tx_desc *desc; 2047 struct wpi_tx_data *data; 2048 struct wpi_tx_cmd *cmd; 2049 struct mbuf *m; 2050 bus_addr_t paddr; 2051 int totlen, error; 2052 2053 desc = &ring->desc[ring->cur]; 2054 data = &ring->data[ring->cur]; 2055 totlen = 4 + size; 2056 2057 if (size > sizeof cmd->data) { 2058 /* Command is too large to fit in a descriptor. */ 2059 if (totlen > MCLBYTES) 2060 return EINVAL; 2061 MGETHDR(m, M_DONTWAIT, MT_DATA); 2062 if (m == NULL) 2063 return ENOMEM; 2064 if (totlen > MHLEN) { 2065 MCLGET(m, M_DONTWAIT); 2066 if (!(m->m_flags & M_EXT)) { 2067 m_freem(m); 2068 return ENOMEM; 2069 } 2070 } 2071 cmd = mtod(m, struct wpi_tx_cmd *); 2072 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2073 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2074 if (error != 0) { 2075 m_freem(m); 2076 return error; 2077 } 2078 data->m = m; 2079 paddr = data->map->dm_segs[0].ds_addr; 2080 } else { 2081 cmd = &ring->cmd[ring->cur]; 2082 paddr = data->cmd_paddr; 2083 } 2084 2085 cmd->code = code; 2086 cmd->flags = 0; 2087 cmd->qid = ring->qid; 2088 cmd->idx = ring->cur; 2089 memcpy(cmd->data, buf, size); 2090 2091 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2092 desc->segs[0].addr = htole32(paddr); 2093 desc->segs[0].len = htole32(totlen); 2094 2095 if (size > sizeof cmd->data) { 2096 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2097 BUS_DMASYNC_PREWRITE); 2098 } else { 2099 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2100 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2101 BUS_DMASYNC_PREWRITE); 2102 } 2103 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2104 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2105 BUS_DMASYNC_PREWRITE); 2106 2107 /* Kick command ring. */ 2108 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2109 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2110 2111 return async ? 0 : tsleep(cmd, PCATCH, "wpicmd", hz); 2112 } 2113 2114 /* 2115 * Configure HW multi-rate retries. 2116 */ 2117 int 2118 wpi_mrr_setup(struct wpi_softc *sc) 2119 { 2120 struct ieee80211com *ic = &sc->sc_ic; 2121 struct wpi_mrr_setup mrr; 2122 int i, error; 2123 2124 /* CCK rates (not used with 802.11a). */ 2125 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2126 mrr.rates[i].flags = 0; 2127 mrr.rates[i].plcp = wpi_rates[i].plcp; 2128 /* Fallback to the immediate lower CCK rate (if any.) */ 2129 mrr.rates[i].next = 2130 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2131 /* Try one time at this rate before falling back to "next". */ 2132 mrr.rates[i].ntries = 1; 2133 } 2134 /* OFDM rates (not used with 802.11b). */ 2135 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2136 mrr.rates[i].flags = 0; 2137 mrr.rates[i].plcp = wpi_rates[i].plcp; 2138 /* Fallback to the immediate lower rate (if any.) */ 2139 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2140 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2141 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2142 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2143 i - 1; 2144 /* Try one time at this rate before falling back to "next". */ 2145 mrr.rates[i].ntries = 1; 2146 } 2147 /* Setup MRR for control frames. */ 2148 mrr.which = htole32(WPI_MRR_CTL); 2149 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2150 if (error != 0) { 2151 printf("%s: could not setup MRR for control frames\n", 2152 sc->sc_dev.dv_xname); 2153 return error; 2154 } 2155 /* Setup MRR for data frames. */ 2156 mrr.which = htole32(WPI_MRR_DATA); 2157 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2158 if (error != 0) { 2159 printf("%s: could not setup MRR for data frames\n", 2160 sc->sc_dev.dv_xname); 2161 return error; 2162 } 2163 return 0; 2164 } 2165 2166 void 2167 wpi_updateedca(struct ieee80211com *ic) 2168 { 2169 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2170 struct wpi_softc *sc = ic->ic_softc; 2171 struct wpi_edca_params cmd; 2172 int aci; 2173 2174 memset(&cmd, 0, sizeof cmd); 2175 cmd.flags = htole32(WPI_EDCA_UPDATE); 2176 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2177 const struct ieee80211_edca_ac_params *ac = 2178 &ic->ic_edca_ac[aci]; 2179 cmd.ac[aci].aifsn = ac->ac_aifsn; 2180 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2181 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2182 cmd.ac[aci].txoplimit = 2183 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2184 } 2185 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2186 #undef WPI_EXP2 2187 } 2188 2189 void 2190 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2191 { 2192 struct wpi_cmd_led led; 2193 2194 led.which = which; 2195 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2196 led.off = off; 2197 led.on = on; 2198 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2199 } 2200 2201 int 2202 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2203 { 2204 struct wpi_cmd_timing cmd; 2205 uint64_t val, mod; 2206 2207 memset(&cmd, 0, sizeof cmd); 2208 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2209 cmd.bintval = htole16(ni->ni_intval); 2210 cmd.lintval = htole16(10); 2211 2212 /* Compute remaining time until next beacon. */ 2213 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2214 mod = letoh64(cmd.tstamp) % val; 2215 cmd.binitval = htole32((uint32_t)(val - mod)); 2216 2217 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2218 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2219 2220 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2221 } 2222 2223 /* 2224 * This function is called periodically (every minute) to adjust TX power 2225 * based on temperature variation. 2226 */ 2227 void 2228 wpi_power_calibration(struct wpi_softc *sc) 2229 { 2230 int temp; 2231 2232 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 2233 /* Sanity-check temperature. */ 2234 if (temp < -260 || temp > 25) { 2235 /* This can't be correct, ignore. */ 2236 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2237 return; 2238 } 2239 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2240 /* Adjust TX power if need be (delta > 6). */ 2241 if (abs(temp - sc->temp) > 6) { 2242 /* Record temperature of last calibration. */ 2243 sc->temp = temp; 2244 (void)wpi_set_txpower(sc, 1); 2245 } 2246 } 2247 2248 /* 2249 * Set TX power for current channel (each rate has its own power settings). 2250 */ 2251 int 2252 wpi_set_txpower(struct wpi_softc *sc, int async) 2253 { 2254 struct ieee80211com *ic = &sc->sc_ic; 2255 struct ieee80211_channel *ch; 2256 struct wpi_power_group *group; 2257 struct wpi_cmd_txpower cmd; 2258 u_int chan; 2259 int idx, i; 2260 2261 /* Retrieve current channel from last RXON. */ 2262 chan = sc->rxon.chan; 2263 DPRINTF(("setting TX power for channel %d\n", chan)); 2264 ch = &ic->ic_channels[chan]; 2265 2266 /* Find the TX power group to which this channel belongs. */ 2267 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2268 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2269 if (chan <= group->chan) 2270 break; 2271 } else 2272 group = &sc->groups[0]; 2273 2274 memset(&cmd, 0, sizeof cmd); 2275 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2276 cmd.chan = htole16(chan); 2277 2278 /* Set TX power for all OFDM and CCK rates. */ 2279 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2280 /* Retrieve TX power for this channel/rate. */ 2281 idx = wpi_get_power_index(sc, group, ch, i); 2282 2283 cmd.rates[i].plcp = wpi_rates[i].plcp; 2284 2285 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2286 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2287 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2288 } else { 2289 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2290 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2291 } 2292 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2293 wpi_rates[i].rate, idx)); 2294 } 2295 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2296 } 2297 2298 /* 2299 * Determine TX power index for a given channel/rate combination. 2300 * This takes into account the regulatory information from EEPROM and the 2301 * current temperature. 2302 */ 2303 int 2304 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2305 struct ieee80211_channel *c, int ridx) 2306 { 2307 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2308 #define fdivround(a, b, n) \ 2309 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2310 2311 /* Linear interpolation. */ 2312 #define interpolate(x, x1, y1, x2, y2, n) \ 2313 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2314 2315 struct ieee80211com *ic = &sc->sc_ic; 2316 struct wpi_power_sample *sample; 2317 int pwr, idx; 2318 u_int chan; 2319 2320 /* Get channel number. */ 2321 chan = ieee80211_chan2ieee(ic, c); 2322 2323 /* Default TX power is group maximum TX power minus 3dB. */ 2324 pwr = group->maxpwr / 2; 2325 2326 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2327 switch (ridx) { 2328 case WPI_RIDX_OFDM36: 2329 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2330 break; 2331 case WPI_RIDX_OFDM48: 2332 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2333 break; 2334 case WPI_RIDX_OFDM54: 2335 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2336 break; 2337 } 2338 2339 /* Never exceed the channel maximum allowed TX power. */ 2340 pwr = MIN(pwr, sc->maxpwr[chan]); 2341 2342 /* Retrieve TX power index into gain tables from samples. */ 2343 for (sample = group->samples; sample < &group->samples[3]; sample++) 2344 if (pwr > sample[1].power) 2345 break; 2346 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2347 idx = interpolate(pwr, sample[0].power, sample[0].index, 2348 sample[1].power, sample[1].index, 19); 2349 2350 /*- 2351 * Adjust power index based on current temperature: 2352 * - if cooler than factory-calibrated: decrease output power 2353 * - if warmer than factory-calibrated: increase output power 2354 */ 2355 idx -= (sc->temp - group->temp) * 11 / 100; 2356 2357 /* Decrease TX power for CCK rates (-5dB). */ 2358 if (ridx >= WPI_RIDX_CCK1) 2359 idx += 10; 2360 2361 /* Make sure idx stays in a valid range. */ 2362 if (idx < 0) 2363 idx = 0; 2364 else if (idx > WPI_MAX_PWR_INDEX) 2365 idx = WPI_MAX_PWR_INDEX; 2366 return idx; 2367 2368 #undef interpolate 2369 #undef fdivround 2370 } 2371 2372 /* 2373 * Set STA mode power saving level (between 0 and 5). 2374 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2375 */ 2376 int 2377 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2378 { 2379 struct wpi_pmgt_cmd cmd; 2380 const struct wpi_pmgt *pmgt; 2381 uint32_t max, skip_dtim; 2382 pcireg_t reg; 2383 int i; 2384 2385 /* Select which PS parameters to use. */ 2386 if (dtim <= 10) 2387 pmgt = &wpi_pmgt[0][level]; 2388 else 2389 pmgt = &wpi_pmgt[1][level]; 2390 2391 memset(&cmd, 0, sizeof cmd); 2392 if (level != 0) /* not CAM */ 2393 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2394 /* Retrieve PCIe Active State Power Management (ASPM). */ 2395 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2396 sc->sc_cap_off + PCI_PCIE_LCSR); 2397 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2398 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2399 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2400 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2401 2402 if (dtim == 0) { 2403 dtim = 1; 2404 skip_dtim = 0; 2405 } else 2406 skip_dtim = pmgt->skip_dtim; 2407 if (skip_dtim != 0) { 2408 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2409 max = pmgt->intval[4]; 2410 if (max == (uint32_t)-1) 2411 max = dtim * (skip_dtim + 1); 2412 else if (max > dtim) 2413 max = (max / dtim) * dtim; 2414 } else 2415 max = dtim; 2416 for (i = 0; i < 5; i++) 2417 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2418 2419 DPRINTF(("setting power saving level to %d\n", level)); 2420 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2421 } 2422 2423 int 2424 wpi_config(struct wpi_softc *sc) 2425 { 2426 struct ieee80211com *ic = &sc->sc_ic; 2427 struct ifnet *ifp = &ic->ic_if; 2428 struct wpi_bluetooth bluetooth; 2429 struct wpi_node_info node; 2430 int error; 2431 2432 /* Set power saving level to CAM during initialization. */ 2433 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2434 printf("%s: could not set power saving level\n", 2435 sc->sc_dev.dv_xname); 2436 return error; 2437 } 2438 2439 /* Configure bluetooth coexistence. */ 2440 memset(&bluetooth, 0, sizeof bluetooth); 2441 bluetooth.flags = WPI_BT_COEX_MODE_4WIRE; 2442 bluetooth.lead_time = WPI_BT_LEAD_TIME_DEF; 2443 bluetooth.max_kill = WPI_BT_MAX_KILL_DEF; 2444 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2445 if (error != 0) { 2446 printf("%s: could not configure bluetooth coexistence\n", 2447 sc->sc_dev.dv_xname); 2448 return error; 2449 } 2450 2451 /* Configure adapter. */ 2452 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2453 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2454 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2455 /* Set default channel. */ 2456 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2457 sc->rxon.flags = htole32(WPI_RXON_TSF); 2458 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2459 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2460 switch (ic->ic_opmode) { 2461 case IEEE80211_M_STA: 2462 sc->rxon.mode = WPI_MODE_STA; 2463 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2464 break; 2465 case IEEE80211_M_MONITOR: 2466 sc->rxon.mode = WPI_MODE_MONITOR; 2467 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2468 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2469 break; 2470 default: 2471 /* Should not get there. */ 2472 break; 2473 } 2474 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2475 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2476 DPRINTF(("setting configuration\n")); 2477 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2478 0); 2479 if (error != 0) { 2480 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2481 return error; 2482 } 2483 2484 /* Configuration has changed, set TX power accordingly. */ 2485 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2486 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2487 return error; 2488 } 2489 2490 /* Add broadcast node. */ 2491 memset(&node, 0, sizeof node); 2492 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2493 node.id = WPI_ID_BROADCAST; 2494 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2495 node.action = htole32(WPI_ACTION_SET_RATE); 2496 node.antenna = WPI_ANTENNA_BOTH; 2497 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2498 if (error != 0) { 2499 printf("%s: could not add broadcast node\n", 2500 sc->sc_dev.dv_xname); 2501 return error; 2502 } 2503 2504 if ((error = wpi_mrr_setup(sc)) != 0) { 2505 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2506 return error; 2507 } 2508 return 0; 2509 } 2510 2511 int 2512 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2513 { 2514 struct ieee80211com *ic = &sc->sc_ic; 2515 struct wpi_scan_hdr *hdr; 2516 struct wpi_cmd_data *tx; 2517 struct wpi_scan_essid *essid; 2518 struct wpi_scan_chan *chan; 2519 struct ieee80211_frame *wh; 2520 struct ieee80211_rateset *rs; 2521 struct ieee80211_channel *c; 2522 uint8_t *buf, *frm; 2523 int buflen, error; 2524 2525 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2526 if (buf == NULL) { 2527 printf("%s: could not allocate buffer for scan command\n", 2528 sc->sc_dev.dv_xname); 2529 return ENOMEM; 2530 } 2531 hdr = (struct wpi_scan_hdr *)buf; 2532 /* 2533 * Move to the next channel if no frames are received within 10ms 2534 * after sending the probe request. 2535 */ 2536 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2537 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2538 2539 tx = (struct wpi_cmd_data *)(hdr + 1); 2540 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2541 tx->id = WPI_ID_BROADCAST; 2542 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2543 2544 if (flags & IEEE80211_CHAN_5GHZ) { 2545 hdr->crc_threshold = htole16(1); 2546 /* Send probe requests at 6Mbps. */ 2547 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2548 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2549 } else { 2550 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2551 /* Send probe requests at 1Mbps. */ 2552 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2553 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2554 } 2555 2556 essid = (struct wpi_scan_essid *)(tx + 1); 2557 if (ic->ic_des_esslen != 0) { 2558 essid[0].id = IEEE80211_ELEMID_SSID; 2559 essid[0].len = ic->ic_des_esslen; 2560 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2561 } 2562 /* 2563 * Build a probe request frame. Most of the following code is a 2564 * copy & paste of what is done in net80211. 2565 */ 2566 wh = (struct ieee80211_frame *)(essid + 4); 2567 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2568 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2569 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2570 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2571 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2572 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2573 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2574 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2575 2576 frm = (uint8_t *)(wh + 1); 2577 frm = ieee80211_add_ssid(frm, NULL, 0); 2578 frm = ieee80211_add_rates(frm, rs); 2579 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2580 frm = ieee80211_add_xrates(frm, rs); 2581 2582 /* Set length of probe request. */ 2583 tx->len = htole16(frm - (uint8_t *)wh); 2584 2585 chan = (struct wpi_scan_chan *)frm; 2586 for (c = &ic->ic_channels[1]; 2587 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2588 if ((c->ic_flags & flags) != flags) 2589 continue; 2590 2591 chan->chan = ieee80211_chan2ieee(ic, c); 2592 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2593 chan->flags = 0; 2594 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2595 chan->flags |= WPI_CHAN_ACTIVE; 2596 if (ic->ic_des_esslen != 0) 2597 chan->flags |= WPI_CHAN_NPBREQS(1); 2598 chan->dsp_gain = 0x6e; 2599 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2600 chan->rf_gain = 0x3b; 2601 chan->active = htole16(24); 2602 chan->passive = htole16(110); 2603 } else { 2604 chan->rf_gain = 0x28; 2605 chan->active = htole16(36); 2606 chan->passive = htole16(120); 2607 } 2608 hdr->nchan++; 2609 chan++; 2610 } 2611 2612 buflen = (uint8_t *)chan - buf; 2613 hdr->len = htole16(buflen); 2614 2615 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2616 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2617 free(buf, M_DEVBUF, WPI_SCAN_MAXSZ); 2618 return error; 2619 } 2620 2621 int 2622 wpi_auth(struct wpi_softc *sc) 2623 { 2624 struct ieee80211com *ic = &sc->sc_ic; 2625 struct ieee80211_node *ni = ic->ic_bss; 2626 struct wpi_node_info node; 2627 int error; 2628 2629 /* Update adapter configuration. */ 2630 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2631 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2632 sc->rxon.flags = htole32(WPI_RXON_TSF); 2633 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2634 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2635 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2636 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2637 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2638 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2639 switch (ic->ic_curmode) { 2640 case IEEE80211_MODE_11A: 2641 sc->rxon.cck_mask = 0; 2642 sc->rxon.ofdm_mask = 0x15; 2643 break; 2644 case IEEE80211_MODE_11B: 2645 sc->rxon.cck_mask = 0x03; 2646 sc->rxon.ofdm_mask = 0; 2647 break; 2648 default: /* Assume 802.11b/g. */ 2649 sc->rxon.cck_mask = 0x0f; 2650 sc->rxon.ofdm_mask = 0x15; 2651 } 2652 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2653 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2654 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2655 1); 2656 if (error != 0) { 2657 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2658 return error; 2659 } 2660 2661 /* Configuration has changed, set TX power accordingly. */ 2662 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2663 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2664 return error; 2665 } 2666 /* 2667 * Reconfiguring RXON clears the firmware nodes table so we must 2668 * add the broadcast node again. 2669 */ 2670 memset(&node, 0, sizeof node); 2671 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2672 node.id = WPI_ID_BROADCAST; 2673 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2674 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2675 node.action = htole32(WPI_ACTION_SET_RATE); 2676 node.antenna = WPI_ANTENNA_BOTH; 2677 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2678 if (error != 0) { 2679 printf("%s: could not add broadcast node\n", 2680 sc->sc_dev.dv_xname); 2681 return error; 2682 } 2683 return 0; 2684 } 2685 2686 int 2687 wpi_run(struct wpi_softc *sc) 2688 { 2689 struct ieee80211com *ic = &sc->sc_ic; 2690 struct ieee80211_node *ni = ic->ic_bss; 2691 struct wpi_node_info node; 2692 int error; 2693 2694 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2695 /* Link LED blinks while monitoring. */ 2696 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2697 return 0; 2698 } 2699 if ((error = wpi_set_timing(sc, ni)) != 0) { 2700 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2701 return error; 2702 } 2703 2704 /* Update adapter configuration. */ 2705 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2706 /* Short preamble and slot time are negotiated when associating. */ 2707 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2708 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2709 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2710 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2711 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2712 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2713 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2714 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2715 1); 2716 if (error != 0) { 2717 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2718 return error; 2719 } 2720 2721 /* Configuration has changed, set TX power accordingly. */ 2722 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2723 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2724 return error; 2725 } 2726 2727 /* Fake a join to init the TX rate. */ 2728 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2729 wpi_newassoc(ic, ni, 1); 2730 2731 /* Add BSS node. */ 2732 memset(&node, 0, sizeof node); 2733 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2734 node.id = WPI_ID_BSS; 2735 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2736 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2737 node.action = htole32(WPI_ACTION_SET_RATE); 2738 node.antenna = WPI_ANTENNA_BOTH; 2739 DPRINTF(("adding BSS node\n")); 2740 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2741 if (error != 0) { 2742 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2743 return error; 2744 } 2745 2746 /* Start periodic calibration timer. */ 2747 sc->calib_cnt = 0; 2748 timeout_add_msec(&sc->calib_to, 500); 2749 2750 /* Link LED always on while associated. */ 2751 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2752 2753 /* Enable power-saving mode if requested by user. */ 2754 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2755 (void)wpi_set_pslevel(sc, 0, 3, 1); 2756 2757 return 0; 2758 } 2759 2760 /* 2761 * We support CCMP hardware encryption/decryption of unicast frames only. 2762 * HW support for TKIP really sucks. We should let TKIP die anyway. 2763 */ 2764 int 2765 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2766 struct ieee80211_key *k) 2767 { 2768 struct wpi_softc *sc = ic->ic_softc; 2769 struct wpi_node *wn = (void *)ni; 2770 struct wpi_node_info node; 2771 uint16_t kflags; 2772 2773 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2774 k->k_cipher != IEEE80211_CIPHER_CCMP) 2775 return ieee80211_set_key(ic, ni, k); 2776 2777 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2778 memset(&node, 0, sizeof node); 2779 node.id = wn->id; 2780 node.control = WPI_NODE_UPDATE; 2781 node.flags = WPI_FLAG_SET_KEY; 2782 node.kflags = htole16(kflags); 2783 memcpy(node.key, k->k_key, k->k_len); 2784 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2785 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2786 } 2787 2788 void 2789 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2790 struct ieee80211_key *k) 2791 { 2792 struct wpi_softc *sc = ic->ic_softc; 2793 struct wpi_node *wn = (void *)ni; 2794 struct wpi_node_info node; 2795 2796 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2797 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2798 /* See comment about other ciphers above. */ 2799 ieee80211_delete_key(ic, ni, k); 2800 return; 2801 } 2802 if (ic->ic_state != IEEE80211_S_RUN) 2803 return; /* Nothing to do. */ 2804 memset(&node, 0, sizeof node); 2805 node.id = wn->id; 2806 node.control = WPI_NODE_UPDATE; 2807 node.flags = WPI_FLAG_SET_KEY; 2808 node.kflags = 0; 2809 DPRINTF(("delete keys for node %d\n", node.id)); 2810 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2811 } 2812 2813 int 2814 wpi_post_alive(struct wpi_softc *sc) 2815 { 2816 int ntries, error; 2817 2818 /* Check (again) that the radio is not disabled. */ 2819 if ((error = wpi_nic_lock(sc)) != 0) 2820 return error; 2821 /* NB: Runtime firmware must be up and running. */ 2822 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2823 printf("%s: radio is disabled by hardware switch\n", 2824 sc->sc_dev.dv_xname); 2825 wpi_nic_unlock(sc); 2826 return EPERM; /* :-) */ 2827 } 2828 wpi_nic_unlock(sc); 2829 2830 /* Wait for thermal sensor to calibrate. */ 2831 for (ntries = 0; ntries < 1000; ntries++) { 2832 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2833 break; 2834 DELAY(10); 2835 } 2836 if (ntries == 1000) { 2837 printf("%s: timeout waiting for thermal sensor calibration\n", 2838 sc->sc_dev.dv_xname); 2839 return ETIMEDOUT; 2840 } 2841 DPRINTF(("temperature %d\n", sc->temp)); 2842 return 0; 2843 } 2844 2845 /* 2846 * The firmware boot code is small and is intended to be copied directly into 2847 * the NIC internal memory (no DMA transfer.) 2848 */ 2849 int 2850 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2851 { 2852 int error, ntries; 2853 2854 size /= sizeof (uint32_t); 2855 2856 if ((error = wpi_nic_lock(sc)) != 0) 2857 return error; 2858 2859 /* Copy microcode image into NIC memory. */ 2860 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2861 (const uint32_t *)ucode, size); 2862 2863 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2864 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2865 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2866 2867 /* Start boot load now. */ 2868 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2869 2870 /* Wait for transfer to complete. */ 2871 for (ntries = 0; ntries < 1000; ntries++) { 2872 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2873 WPI_BSM_WR_CTRL_START)) 2874 break; 2875 DELAY(10); 2876 } 2877 if (ntries == 1000) { 2878 printf("%s: could not load boot firmware\n", 2879 sc->sc_dev.dv_xname); 2880 wpi_nic_unlock(sc); 2881 return ETIMEDOUT; 2882 } 2883 2884 /* Enable boot after power up. */ 2885 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2886 2887 wpi_nic_unlock(sc); 2888 return 0; 2889 } 2890 2891 int 2892 wpi_load_firmware(struct wpi_softc *sc) 2893 { 2894 struct wpi_fw_info *fw = &sc->fw; 2895 struct wpi_dma_info *dma = &sc->fw_dma; 2896 int error; 2897 2898 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2899 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2900 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2901 BUS_DMASYNC_PREWRITE); 2902 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2903 fw->init.text, fw->init.textsz); 2904 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2905 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2906 2907 /* Tell adapter where to find initialization sections. */ 2908 if ((error = wpi_nic_lock(sc)) != 0) 2909 return error; 2910 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2911 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2912 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2913 dma->paddr + WPI_FW_DATA_MAXSZ); 2914 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2915 wpi_nic_unlock(sc); 2916 2917 /* Load firmware boot code. */ 2918 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2919 if (error != 0) { 2920 printf("%s: could not load boot firmware\n", 2921 sc->sc_dev.dv_xname); 2922 return error; 2923 } 2924 /* Now press "execute". */ 2925 WPI_WRITE(sc, WPI_RESET, 0); 2926 2927 /* Wait at most one second for first alive notification. */ 2928 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 2929 printf("%s: timeout waiting for adapter to initialize\n", 2930 sc->sc_dev.dv_xname); 2931 return error; 2932 } 2933 2934 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2935 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2936 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2937 BUS_DMASYNC_PREWRITE); 2938 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2939 fw->main.text, fw->main.textsz); 2940 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2941 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2942 2943 /* Tell adapter where to find runtime sections. */ 2944 if ((error = wpi_nic_lock(sc)) != 0) 2945 return error; 2946 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2947 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2948 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2949 dma->paddr + WPI_FW_DATA_MAXSZ); 2950 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2951 WPI_FW_UPDATED | fw->main.textsz); 2952 wpi_nic_unlock(sc); 2953 2954 return 0; 2955 } 2956 2957 int 2958 wpi_read_firmware(struct wpi_softc *sc) 2959 { 2960 struct wpi_fw_info *fw = &sc->fw; 2961 const struct wpi_firmware_hdr *hdr; 2962 size_t size; 2963 int error; 2964 2965 /* Read firmware image from filesystem. */ 2966 if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { 2967 printf("%s: error, %d, could not read firmware %s\n", 2968 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 2969 return error; 2970 } 2971 if (size < sizeof (*hdr)) { 2972 printf("%s: truncated firmware header: %zu bytes\n", 2973 sc->sc_dev.dv_xname, size); 2974 free(fw->data, M_DEVBUF, size); 2975 return EINVAL; 2976 } 2977 /* Extract firmware header information. */ 2978 hdr = (struct wpi_firmware_hdr *)fw->data; 2979 fw->main.textsz = letoh32(hdr->main_textsz); 2980 fw->main.datasz = letoh32(hdr->main_datasz); 2981 fw->init.textsz = letoh32(hdr->init_textsz); 2982 fw->init.datasz = letoh32(hdr->init_datasz); 2983 fw->boot.textsz = letoh32(hdr->boot_textsz); 2984 fw->boot.datasz = 0; 2985 2986 /* Sanity-check firmware header. */ 2987 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 2988 fw->main.datasz > WPI_FW_DATA_MAXSZ || 2989 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 2990 fw->init.datasz > WPI_FW_DATA_MAXSZ || 2991 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 2992 (fw->boot.textsz & 3) != 0) { 2993 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 2994 free(fw->data, M_DEVBUF, size); 2995 return EINVAL; 2996 } 2997 2998 /* Check that all firmware sections fit. */ 2999 if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 3000 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 3001 printf("%s: firmware file too short: %zu bytes\n", 3002 sc->sc_dev.dv_xname, size); 3003 free(fw->data, M_DEVBUF, size); 3004 return EINVAL; 3005 } 3006 3007 /* Get pointers to firmware sections. */ 3008 fw->main.text = (const uint8_t *)(hdr + 1); 3009 fw->main.data = fw->main.text + fw->main.textsz; 3010 fw->init.text = fw->main.data + fw->main.datasz; 3011 fw->init.data = fw->init.text + fw->init.textsz; 3012 fw->boot.text = fw->init.data + fw->init.datasz; 3013 3014 return 0; 3015 } 3016 3017 int 3018 wpi_clock_wait(struct wpi_softc *sc) 3019 { 3020 int ntries; 3021 3022 /* Set "initialization complete" bit. */ 3023 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 3024 3025 /* Wait for clock stabilization. */ 3026 for (ntries = 0; ntries < 25000; ntries++) { 3027 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3028 return 0; 3029 DELAY(100); 3030 } 3031 printf("%s: timeout waiting for clock stabilization\n", 3032 sc->sc_dev.dv_xname); 3033 return ETIMEDOUT; 3034 } 3035 3036 int 3037 wpi_apm_init(struct wpi_softc *sc) 3038 { 3039 int error; 3040 3041 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3042 /* Disable L0s. */ 3043 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3044 3045 if ((error = wpi_clock_wait(sc)) != 0) 3046 return error; 3047 3048 if ((error = wpi_nic_lock(sc)) != 0) 3049 return error; 3050 /* Enable DMA. */ 3051 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3052 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3053 DELAY(20); 3054 /* Disable L1. */ 3055 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3056 wpi_nic_unlock(sc); 3057 3058 return 0; 3059 } 3060 3061 void 3062 wpi_apm_stop_master(struct wpi_softc *sc) 3063 { 3064 int ntries; 3065 3066 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3067 3068 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3069 WPI_GP_CNTRL_MAC_PS) 3070 return; /* Already asleep. */ 3071 3072 for (ntries = 0; ntries < 100; ntries++) { 3073 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3074 return; 3075 DELAY(10); 3076 } 3077 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3078 } 3079 3080 void 3081 wpi_apm_stop(struct wpi_softc *sc) 3082 { 3083 wpi_apm_stop_master(sc); 3084 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3085 } 3086 3087 void 3088 wpi_nic_config(struct wpi_softc *sc) 3089 { 3090 pcireg_t reg; 3091 uint8_t rev; 3092 3093 /* Voodoo from the reference driver. */ 3094 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3095 rev = PCI_REVISION(reg); 3096 if ((rev & 0xc0) == 0x40) 3097 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3098 else if (!(rev & 0x80)) 3099 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3100 3101 if (sc->cap == 0x80) 3102 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3103 3104 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3105 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3106 else 3107 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3108 3109 if (sc->type > 1) 3110 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3111 } 3112 3113 int 3114 wpi_hw_init(struct wpi_softc *sc) 3115 { 3116 int chnl, ntries, error; 3117 3118 /* Clear pending interrupts. */ 3119 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3120 3121 if ((error = wpi_apm_init(sc)) != 0) { 3122 printf("%s: could not power ON adapter\n", 3123 sc->sc_dev.dv_xname); 3124 return error; 3125 } 3126 3127 /* Select VMAIN power source. */ 3128 if ((error = wpi_nic_lock(sc)) != 0) 3129 return error; 3130 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3131 wpi_nic_unlock(sc); 3132 /* Spin until VMAIN gets selected. */ 3133 for (ntries = 0; ntries < 5000; ntries++) { 3134 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3135 break; 3136 DELAY(10); 3137 } 3138 if (ntries == 5000) { 3139 printf("%s: timeout selecting power source\n", 3140 sc->sc_dev.dv_xname); 3141 return ETIMEDOUT; 3142 } 3143 3144 /* Perform adapter initialization. */ 3145 (void)wpi_nic_config(sc); 3146 3147 /* Initialize RX ring. */ 3148 if ((error = wpi_nic_lock(sc)) != 0) 3149 return error; 3150 /* Set physical address of RX ring. */ 3151 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3152 /* Set physical address of RX read pointer. */ 3153 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3154 offsetof(struct wpi_shared, next)); 3155 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3156 /* Enable RX. */ 3157 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3158 WPI_FH_RX_CONFIG_DMA_ENA | 3159 WPI_FH_RX_CONFIG_RDRBD_ENA | 3160 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3161 WPI_FH_RX_CONFIG_MAXFRAG | 3162 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3163 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3164 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3165 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3166 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3167 wpi_nic_unlock(sc); 3168 3169 /* Initialize TX rings. */ 3170 if ((error = wpi_nic_lock(sc)) != 0) 3171 return error; 3172 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3173 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3174 /* Enable all 6 TX rings. */ 3175 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3176 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3177 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3178 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3179 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3180 /* Set physical address of TX rings. */ 3181 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3182 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3183 3184 /* Enable all DMA channels. */ 3185 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3186 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 3187 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 3188 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 3189 } 3190 wpi_nic_unlock(sc); 3191 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3192 3193 /* Clear "radio off" and "commands blocked" bits. */ 3194 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3195 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3196 3197 /* Clear pending interrupts. */ 3198 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3199 /* Enable interrupts. */ 3200 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3201 3202 /* _Really_ make sure "radio off" bit is cleared! */ 3203 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3204 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3205 3206 if ((error = wpi_load_firmware(sc)) != 0) { 3207 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3208 return error; 3209 } 3210 /* Wait at most one second for firmware alive notification. */ 3211 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 3212 printf("%s: timeout waiting for adapter to initialize\n", 3213 sc->sc_dev.dv_xname); 3214 return error; 3215 } 3216 /* Do post-firmware initialization. */ 3217 return wpi_post_alive(sc); 3218 } 3219 3220 void 3221 wpi_hw_stop(struct wpi_softc *sc) 3222 { 3223 int chnl, qid, ntries; 3224 uint32_t tmp; 3225 3226 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3227 3228 /* Disable interrupts. */ 3229 WPI_WRITE(sc, WPI_MASK, 0); 3230 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3231 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3232 3233 /* Make sure we no longer hold the NIC lock. */ 3234 wpi_nic_unlock(sc); 3235 3236 if (wpi_nic_lock(sc) == 0) { 3237 /* Stop TX scheduler. */ 3238 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3239 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 3240 3241 /* Stop all DMA channels. */ 3242 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3243 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 3244 for (ntries = 0; ntries < 100; ntries++) { 3245 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 3246 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) == 3247 WPI_FH_TX_STATUS_IDLE(chnl)) 3248 break; 3249 DELAY(10); 3250 } 3251 } 3252 wpi_nic_unlock(sc); 3253 } 3254 3255 /* Stop RX ring. */ 3256 wpi_reset_rx_ring(sc, &sc->rxq); 3257 3258 /* Reset all TX rings. */ 3259 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3260 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3261 3262 if (wpi_nic_lock(sc) == 0) { 3263 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3264 wpi_nic_unlock(sc); 3265 } 3266 DELAY(5); 3267 /* Power OFF adapter. */ 3268 wpi_apm_stop(sc); 3269 } 3270 3271 int 3272 wpi_init(struct ifnet *ifp) 3273 { 3274 struct wpi_softc *sc = ifp->if_softc; 3275 struct ieee80211com *ic = &sc->sc_ic; 3276 int error; 3277 3278 #ifdef notyet 3279 /* Check that the radio is not disabled by hardware switch. */ 3280 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3281 printf("%s: radio is disabled by hardware switch\n", 3282 sc->sc_dev.dv_xname); 3283 error = EPERM; /* :-) */ 3284 goto fail; 3285 } 3286 #endif 3287 /* Read firmware images from the filesystem. */ 3288 if ((error = wpi_read_firmware(sc)) != 0) { 3289 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3290 goto fail; 3291 } 3292 3293 /* Initialize hardware and upload firmware. */ 3294 error = wpi_hw_init(sc); 3295 free(sc->fw.data, M_DEVBUF, 0); 3296 if (error != 0) { 3297 printf("%s: could not initialize hardware\n", 3298 sc->sc_dev.dv_xname); 3299 goto fail; 3300 } 3301 3302 /* Configure adapter now that it is ready. */ 3303 if ((error = wpi_config(sc)) != 0) { 3304 printf("%s: could not configure device\n", 3305 sc->sc_dev.dv_xname); 3306 goto fail; 3307 } 3308 3309 ifq_clr_oactive(&ifp->if_snd); 3310 ifp->if_flags |= IFF_RUNNING; 3311 3312 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3313 ieee80211_begin_scan(ifp); 3314 else 3315 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3316 3317 return 0; 3318 3319 fail: wpi_stop(ifp, 1); 3320 return error; 3321 } 3322 3323 void 3324 wpi_stop(struct ifnet *ifp, int disable) 3325 { 3326 struct wpi_softc *sc = ifp->if_softc; 3327 struct ieee80211com *ic = &sc->sc_ic; 3328 3329 ifp->if_timer = sc->sc_tx_timer = 0; 3330 ifp->if_flags &= ~IFF_RUNNING; 3331 ifq_clr_oactive(&ifp->if_snd); 3332 3333 /* In case we were scanning, release the scan "lock". */ 3334 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 3335 3336 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3337 3338 /* Power OFF hardware. */ 3339 wpi_hw_stop(sc); 3340 } 3341