1 /* $OpenBSD: if_wpi.c,v 1.135 2016/09/05 08:18:40 tedu Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/kernel.h> 30 #include <sys/rwlock.h> 31 #include <sys/socket.h> 32 #include <sys/systm.h> 33 #include <sys/malloc.h> 34 #include <sys/conf.h> 35 #include <sys/device.h> 36 #include <sys/task.h> 37 #include <sys/endian.h> 38 39 #include <machine/bus.h> 40 #include <machine/intr.h> 41 42 #include <dev/pci/pcireg.h> 43 #include <dev/pci/pcivar.h> 44 #include <dev/pci/pcidevs.h> 45 46 #if NBPFILTER > 0 47 #include <net/bpf.h> 48 #endif 49 #include <net/if.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 53 #include <netinet/in.h> 54 #include <netinet/if_ether.h> 55 56 #include <net80211/ieee80211_var.h> 57 #include <net80211/ieee80211_amrr.h> 58 #include <net80211/ieee80211_radiotap.h> 59 60 #include <dev/pci/if_wpireg.h> 61 #include <dev/pci/if_wpivar.h> 62 63 static const struct pci_matchid wpi_devices[] = { 64 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 65 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 66 }; 67 68 int wpi_match(struct device *, void *, void *); 69 void wpi_attach(struct device *, struct device *, void *); 70 #if NBPFILTER > 0 71 void wpi_radiotap_attach(struct wpi_softc *); 72 #endif 73 int wpi_detach(struct device *, int); 74 int wpi_activate(struct device *, int); 75 void wpi_wakeup(struct wpi_softc *); 76 void wpi_init_task(void *); 77 int wpi_nic_lock(struct wpi_softc *); 78 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 79 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 80 void **, bus_size_t, bus_size_t); 81 void wpi_dma_contig_free(struct wpi_dma_info *); 82 int wpi_alloc_shared(struct wpi_softc *); 83 void wpi_free_shared(struct wpi_softc *); 84 int wpi_alloc_fwmem(struct wpi_softc *); 85 void wpi_free_fwmem(struct wpi_softc *); 86 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 87 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 88 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 89 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 90 int); 91 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 92 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 93 int wpi_read_eeprom(struct wpi_softc *); 94 void wpi_read_eeprom_channels(struct wpi_softc *, int); 95 void wpi_read_eeprom_group(struct wpi_softc *, int); 96 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 97 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 98 int); 99 int wpi_media_change(struct ifnet *); 100 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 101 void wpi_iter_func(void *, struct ieee80211_node *); 102 void wpi_calib_timeout(void *); 103 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 104 struct ieee80211_key *); 105 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 106 struct wpi_rx_data *); 107 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 108 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 109 void wpi_notif_intr(struct wpi_softc *); 110 void wpi_fatal_intr(struct wpi_softc *); 111 int wpi_intr(void *); 112 int wpi_tx(struct wpi_softc *, struct mbuf *, 113 struct ieee80211_node *); 114 void wpi_start(struct ifnet *); 115 void wpi_watchdog(struct ifnet *); 116 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 117 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 118 int wpi_mrr_setup(struct wpi_softc *); 119 void wpi_updateedca(struct ieee80211com *); 120 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 121 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 122 void wpi_power_calibration(struct wpi_softc *); 123 int wpi_set_txpower(struct wpi_softc *, int); 124 int wpi_get_power_index(struct wpi_softc *, 125 struct wpi_power_group *, struct ieee80211_channel *, int); 126 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 127 int wpi_config(struct wpi_softc *); 128 int wpi_scan(struct wpi_softc *, uint16_t); 129 int wpi_auth(struct wpi_softc *); 130 int wpi_run(struct wpi_softc *); 131 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 132 struct ieee80211_key *); 133 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 134 struct ieee80211_key *); 135 int wpi_post_alive(struct wpi_softc *); 136 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 137 int wpi_load_firmware(struct wpi_softc *); 138 int wpi_read_firmware(struct wpi_softc *); 139 int wpi_clock_wait(struct wpi_softc *); 140 int wpi_apm_init(struct wpi_softc *); 141 void wpi_apm_stop_master(struct wpi_softc *); 142 void wpi_apm_stop(struct wpi_softc *); 143 void wpi_nic_config(struct wpi_softc *); 144 int wpi_hw_init(struct wpi_softc *); 145 void wpi_hw_stop(struct wpi_softc *); 146 int wpi_init(struct ifnet *); 147 void wpi_stop(struct ifnet *, int); 148 149 #ifdef WPI_DEBUG 150 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 151 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 152 int wpi_debug = 0; 153 #else 154 #define DPRINTF(x) 155 #define DPRINTFN(n, x) 156 #endif 157 158 struct cfdriver wpi_cd = { 159 NULL, "wpi", DV_IFNET 160 }; 161 162 struct cfattach wpi_ca = { 163 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach, 164 wpi_activate 165 }; 166 167 int 168 wpi_match(struct device *parent, void *match, void *aux) 169 { 170 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 171 nitems(wpi_devices)); 172 } 173 174 void 175 wpi_attach(struct device *parent, struct device *self, void *aux) 176 { 177 struct wpi_softc *sc = (struct wpi_softc *)self; 178 struct ieee80211com *ic = &sc->sc_ic; 179 struct ifnet *ifp = &ic->ic_if; 180 struct pci_attach_args *pa = aux; 181 const char *intrstr; 182 pci_intr_handle_t ih; 183 pcireg_t memtype, reg; 184 int i, error; 185 186 sc->sc_pct = pa->pa_pc; 187 sc->sc_pcitag = pa->pa_tag; 188 sc->sc_dmat = pa->pa_dmat; 189 190 /* 191 * Get the offset of the PCI Express Capability Structure in PCI 192 * Configuration Space (the vendor driver hard-codes it as E0h.) 193 */ 194 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 195 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 196 if (error == 0) { 197 printf(": PCIe capability structure not found!\n"); 198 return; 199 } 200 201 /* Clear device-specific "PCI retry timeout" register (41h). */ 202 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 203 reg &= ~0xff00; 204 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 205 206 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 207 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 208 &sc->sc_sh, NULL, &sc->sc_sz, 0); 209 if (error != 0) { 210 printf(": can't map mem space\n"); 211 return; 212 } 213 214 /* Install interrupt handler. */ 215 if (pci_intr_map_msi(pa, &ih) != 0 && pci_intr_map(pa, &ih) != 0) { 216 printf(": can't map interrupt\n"); 217 return; 218 } 219 intrstr = pci_intr_string(sc->sc_pct, ih); 220 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 221 sc->sc_dev.dv_xname); 222 if (sc->sc_ih == NULL) { 223 printf(": can't establish interrupt"); 224 if (intrstr != NULL) 225 printf(" at %s", intrstr); 226 printf("\n"); 227 return; 228 } 229 printf(": %s", intrstr); 230 231 /* Power ON adapter. */ 232 if ((error = wpi_apm_init(sc)) != 0) { 233 printf(": could not power ON adapter\n"); 234 return; 235 } 236 237 /* Read MAC address, channels, etc from EEPROM. */ 238 if ((error = wpi_read_eeprom(sc)) != 0) { 239 printf(": could not read EEPROM\n"); 240 return; 241 } 242 243 /* Allocate DMA memory for firmware transfers. */ 244 if ((error = wpi_alloc_fwmem(sc)) != 0) { 245 printf(": could not allocate memory for firmware\n"); 246 return; 247 } 248 249 /* Allocate shared area. */ 250 if ((error = wpi_alloc_shared(sc)) != 0) { 251 printf(": could not allocate shared area\n"); 252 goto fail1; 253 } 254 255 /* Allocate TX rings. */ 256 for (i = 0; i < WPI_NTXQUEUES; i++) { 257 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 258 printf(": could not allocate TX ring %d\n", i); 259 goto fail2; 260 } 261 } 262 263 /* Allocate RX ring. */ 264 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 265 printf(": could not allocate Rx ring\n"); 266 goto fail2; 267 } 268 269 /* Power OFF adapter. */ 270 wpi_apm_stop(sc); 271 /* Clear pending interrupts. */ 272 WPI_WRITE(sc, WPI_INT, 0xffffffff); 273 274 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 275 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 276 ic->ic_state = IEEE80211_S_INIT; 277 278 /* Set device capabilities. */ 279 ic->ic_caps = 280 IEEE80211_C_WEP | /* WEP */ 281 IEEE80211_C_RSN | /* WPA/RSN */ 282 IEEE80211_C_SCANALL | /* device scans all channels at once */ 283 IEEE80211_C_SCANALLBAND | /* driver scans all bands at once */ 284 IEEE80211_C_MONITOR | /* monitor mode supported */ 285 IEEE80211_C_SHSLOT | /* short slot time supported */ 286 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 287 IEEE80211_C_PMGT; /* power saving supported */ 288 289 /* Set supported rates. */ 290 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 291 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 292 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 293 ic->ic_sup_rates[IEEE80211_MODE_11A] = 294 ieee80211_std_rateset_11a; 295 } 296 297 /* IBSS channel undefined for now. */ 298 ic->ic_ibss_chan = &ic->ic_channels[0]; 299 300 ifp->if_softc = sc; 301 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 302 ifp->if_ioctl = wpi_ioctl; 303 ifp->if_start = wpi_start; 304 ifp->if_watchdog = wpi_watchdog; 305 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 306 307 if_attach(ifp); 308 ieee80211_ifattach(ifp); 309 ic->ic_node_alloc = wpi_node_alloc; 310 ic->ic_newassoc = wpi_newassoc; 311 ic->ic_updateedca = wpi_updateedca; 312 ic->ic_set_key = wpi_set_key; 313 ic->ic_delete_key = wpi_delete_key; 314 315 /* Override 802.11 state transition machine. */ 316 sc->sc_newstate = ic->ic_newstate; 317 ic->ic_newstate = wpi_newstate; 318 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 319 320 sc->amrr.amrr_min_success_threshold = 1; 321 sc->amrr.amrr_max_success_threshold = 15; 322 323 #if NBPFILTER > 0 324 wpi_radiotap_attach(sc); 325 #endif 326 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 327 rw_init(&sc->sc_rwlock, "wpilock"); 328 task_set(&sc->init_task, wpi_init_task, sc); 329 return; 330 331 /* Free allocated memory if something failed during attachment. */ 332 fail2: while (--i >= 0) 333 wpi_free_tx_ring(sc, &sc->txq[i]); 334 wpi_free_shared(sc); 335 fail1: wpi_free_fwmem(sc); 336 } 337 338 #if NBPFILTER > 0 339 /* 340 * Attach the interface to 802.11 radiotap. 341 */ 342 void 343 wpi_radiotap_attach(struct wpi_softc *sc) 344 { 345 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 346 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 347 348 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 349 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 350 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 351 352 sc->sc_txtap_len = sizeof sc->sc_txtapu; 353 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 354 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 355 } 356 #endif 357 358 int 359 wpi_detach(struct device *self, int flags) 360 { 361 struct wpi_softc *sc = (struct wpi_softc *)self; 362 struct ifnet *ifp = &sc->sc_ic.ic_if; 363 int qid; 364 365 timeout_del(&sc->calib_to); 366 task_del(systq, &sc->init_task); 367 368 /* Uninstall interrupt handler. */ 369 if (sc->sc_ih != NULL) 370 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 371 372 /* Free DMA resources. */ 373 wpi_free_rx_ring(sc, &sc->rxq); 374 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 375 wpi_free_tx_ring(sc, &sc->txq[qid]); 376 wpi_free_shared(sc); 377 wpi_free_fwmem(sc); 378 379 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 380 381 ieee80211_ifdetach(ifp); 382 if_detach(ifp); 383 384 return 0; 385 } 386 387 int 388 wpi_activate(struct device *self, int act) 389 { 390 struct wpi_softc *sc = (struct wpi_softc *)self; 391 struct ifnet *ifp = &sc->sc_ic.ic_if; 392 393 switch (act) { 394 case DVACT_SUSPEND: 395 if (ifp->if_flags & IFF_RUNNING) 396 wpi_stop(ifp, 0); 397 break; 398 case DVACT_WAKEUP: 399 wpi_wakeup(sc); 400 break; 401 } 402 403 return 0; 404 } 405 406 void 407 wpi_wakeup(struct wpi_softc *sc) 408 { 409 pcireg_t reg; 410 411 /* Clear device-specific "PCI retry timeout" register (41h). */ 412 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 413 reg &= ~0xff00; 414 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 415 416 wpi_init_task(sc); 417 } 418 419 void 420 wpi_init_task(void *arg1) 421 { 422 struct wpi_softc *sc = arg1; 423 struct ifnet *ifp = &sc->sc_ic.ic_if; 424 int s; 425 426 rw_enter_write(&sc->sc_rwlock); 427 s = splnet(); 428 429 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP) 430 wpi_init(ifp); 431 432 splx(s); 433 rw_exit_write(&sc->sc_rwlock); 434 } 435 436 int 437 wpi_nic_lock(struct wpi_softc *sc) 438 { 439 int ntries; 440 441 /* Request exclusive access to NIC. */ 442 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 443 444 /* Spin until we actually get the lock. */ 445 for (ntries = 0; ntries < 1000; ntries++) { 446 if ((WPI_READ(sc, WPI_GP_CNTRL) & 447 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 448 WPI_GP_CNTRL_MAC_ACCESS_ENA) 449 return 0; 450 DELAY(10); 451 } 452 return ETIMEDOUT; 453 } 454 455 static __inline void 456 wpi_nic_unlock(struct wpi_softc *sc) 457 { 458 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 459 } 460 461 static __inline uint32_t 462 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 463 { 464 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 465 WPI_BARRIER_READ_WRITE(sc); 466 return WPI_READ(sc, WPI_PRPH_RDATA); 467 } 468 469 static __inline void 470 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 471 { 472 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 473 WPI_BARRIER_WRITE(sc); 474 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 475 } 476 477 static __inline void 478 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 479 { 480 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 481 } 482 483 static __inline void 484 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 485 { 486 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 487 } 488 489 static __inline void 490 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 491 const uint32_t *data, int count) 492 { 493 for (; count > 0; count--, data++, addr += 4) 494 wpi_prph_write(sc, addr, *data); 495 } 496 497 static __inline uint32_t 498 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 499 { 500 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 501 WPI_BARRIER_READ_WRITE(sc); 502 return WPI_READ(sc, WPI_MEM_RDATA); 503 } 504 505 static __inline void 506 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 507 { 508 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 509 WPI_BARRIER_WRITE(sc); 510 WPI_WRITE(sc, WPI_MEM_WDATA, data); 511 } 512 513 static __inline void 514 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 515 int count) 516 { 517 for (; count > 0; count--, addr += 4) 518 *data++ = wpi_mem_read(sc, addr); 519 } 520 521 int 522 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 523 { 524 uint8_t *out = data; 525 uint32_t val; 526 int error, ntries; 527 528 if ((error = wpi_nic_lock(sc)) != 0) 529 return error; 530 531 for (; count > 0; count -= 2, addr++) { 532 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 533 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 534 535 for (ntries = 0; ntries < 10; ntries++) { 536 val = WPI_READ(sc, WPI_EEPROM); 537 if (val & WPI_EEPROM_READ_VALID) 538 break; 539 DELAY(5); 540 } 541 if (ntries == 10) { 542 printf("%s: could not read EEPROM\n", 543 sc->sc_dev.dv_xname); 544 return ETIMEDOUT; 545 } 546 *out++ = val >> 16; 547 if (count > 1) 548 *out++ = val >> 24; 549 } 550 551 wpi_nic_unlock(sc); 552 return 0; 553 } 554 555 int 556 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 557 bus_size_t size, bus_size_t alignment) 558 { 559 int nsegs, error; 560 561 dma->tag = tag; 562 dma->size = size; 563 564 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 565 &dma->map); 566 if (error != 0) 567 goto fail; 568 569 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 570 BUS_DMA_NOWAIT | BUS_DMA_ZERO); 571 if (error != 0) 572 goto fail; 573 574 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 575 BUS_DMA_NOWAIT | BUS_DMA_COHERENT); 576 if (error != 0) 577 goto fail; 578 579 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, 580 BUS_DMA_NOWAIT); 581 if (error != 0) 582 goto fail; 583 584 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 585 586 dma->paddr = dma->map->dm_segs[0].ds_addr; 587 if (kvap != NULL) 588 *kvap = dma->vaddr; 589 590 return 0; 591 592 fail: wpi_dma_contig_free(dma); 593 return error; 594 } 595 596 void 597 wpi_dma_contig_free(struct wpi_dma_info *dma) 598 { 599 if (dma->map != NULL) { 600 if (dma->vaddr != NULL) { 601 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 602 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 603 bus_dmamap_unload(dma->tag, dma->map); 604 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 605 bus_dmamem_free(dma->tag, &dma->seg, 1); 606 dma->vaddr = NULL; 607 } 608 bus_dmamap_destroy(dma->tag, dma->map); 609 dma->map = NULL; 610 } 611 } 612 613 int 614 wpi_alloc_shared(struct wpi_softc *sc) 615 { 616 /* Shared buffer must be aligned on a 4KB boundary. */ 617 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 618 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 619 } 620 621 void 622 wpi_free_shared(struct wpi_softc *sc) 623 { 624 wpi_dma_contig_free(&sc->shared_dma); 625 } 626 627 int 628 wpi_alloc_fwmem(struct wpi_softc *sc) 629 { 630 /* Allocate enough contiguous space to store text and data. */ 631 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 632 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 633 } 634 635 void 636 wpi_free_fwmem(struct wpi_softc *sc) 637 { 638 wpi_dma_contig_free(&sc->fw_dma); 639 } 640 641 int 642 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 643 { 644 bus_size_t size; 645 int i, error; 646 647 ring->cur = 0; 648 649 /* Allocate RX descriptors (16KB aligned.) */ 650 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 651 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 652 (void **)&ring->desc, size, 16 * 1024); 653 if (error != 0) { 654 printf("%s: could not allocate RX ring DMA memory\n", 655 sc->sc_dev.dv_xname); 656 goto fail; 657 } 658 659 /* 660 * Allocate and map RX buffers. 661 */ 662 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 663 struct wpi_rx_data *data = &ring->data[i]; 664 665 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1, 666 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map); 667 if (error != 0) { 668 printf("%s: could not create RX buf DMA map\n", 669 sc->sc_dev.dv_xname); 670 goto fail; 671 } 672 673 data->m = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 674 if (data->m == NULL) { 675 printf("%s: could not allocate RX mbuf\n", 676 sc->sc_dev.dv_xname); 677 error = ENOBUFS; 678 goto fail; 679 } 680 681 error = bus_dmamap_load(sc->sc_dmat, data->map, 682 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 683 BUS_DMA_NOWAIT | BUS_DMA_READ); 684 if (error != 0) { 685 printf("%s: can't map mbuf (error %d)\n", 686 sc->sc_dev.dv_xname, error); 687 goto fail; 688 } 689 690 /* Set physical address of RX buffer. */ 691 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr); 692 } 693 694 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 695 BUS_DMASYNC_PREWRITE); 696 697 return 0; 698 699 fail: wpi_free_rx_ring(sc, ring); 700 return error; 701 } 702 703 void 704 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 705 { 706 int ntries; 707 708 if (wpi_nic_lock(sc) == 0) { 709 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 710 for (ntries = 0; ntries < 100; ntries++) { 711 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 712 WPI_FH_RX_STATUS_IDLE) 713 break; 714 DELAY(10); 715 } 716 wpi_nic_unlock(sc); 717 } 718 ring->cur = 0; 719 } 720 721 void 722 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 723 { 724 int i; 725 726 wpi_dma_contig_free(&ring->desc_dma); 727 728 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 729 struct wpi_rx_data *data = &ring->data[i]; 730 731 if (data->m != NULL) { 732 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 733 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 734 bus_dmamap_unload(sc->sc_dmat, data->map); 735 m_freem(data->m); 736 } 737 if (data->map != NULL) 738 bus_dmamap_destroy(sc->sc_dmat, data->map); 739 } 740 } 741 742 int 743 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 744 { 745 bus_addr_t paddr; 746 bus_size_t size; 747 int i, error; 748 749 ring->qid = qid; 750 ring->queued = 0; 751 ring->cur = 0; 752 753 /* Allocate TX descriptors (16KB aligned.) */ 754 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 755 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 756 (void **)&ring->desc, size, 16 * 1024); 757 if (error != 0) { 758 printf("%s: could not allocate TX ring DMA memory\n", 759 sc->sc_dev.dv_xname); 760 goto fail; 761 } 762 763 /* Update shared area with ring physical address. */ 764 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 765 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 766 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 767 768 /* 769 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 770 * to allocate commands space for other rings. 771 * XXX Do we really need to allocate descriptors for other rings? 772 */ 773 if (qid > 4) 774 return 0; 775 776 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 777 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 778 (void **)&ring->cmd, size, 4); 779 if (error != 0) { 780 printf("%s: could not allocate TX cmd DMA memory\n", 781 sc->sc_dev.dv_xname); 782 goto fail; 783 } 784 785 paddr = ring->cmd_dma.paddr; 786 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 787 struct wpi_tx_data *data = &ring->data[i]; 788 789 data->cmd_paddr = paddr; 790 paddr += sizeof (struct wpi_tx_cmd); 791 792 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 793 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 794 &data->map); 795 if (error != 0) { 796 printf("%s: could not create TX buf DMA map\n", 797 sc->sc_dev.dv_xname); 798 goto fail; 799 } 800 } 801 return 0; 802 803 fail: wpi_free_tx_ring(sc, ring); 804 return error; 805 } 806 807 void 808 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 809 { 810 int i; 811 812 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 813 struct wpi_tx_data *data = &ring->data[i]; 814 815 if (data->m != NULL) { 816 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 817 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 818 bus_dmamap_unload(sc->sc_dmat, data->map); 819 m_freem(data->m); 820 data->m = NULL; 821 } 822 } 823 /* Clear TX descriptors. */ 824 memset(ring->desc, 0, ring->desc_dma.size); 825 sc->qfullmsk &= ~(1 << ring->qid); 826 ring->queued = 0; 827 ring->cur = 0; 828 } 829 830 void 831 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 832 { 833 int i; 834 835 wpi_dma_contig_free(&ring->desc_dma); 836 wpi_dma_contig_free(&ring->cmd_dma); 837 838 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 839 struct wpi_tx_data *data = &ring->data[i]; 840 841 if (data->m != NULL) { 842 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 843 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 844 bus_dmamap_unload(sc->sc_dmat, data->map); 845 m_freem(data->m); 846 } 847 if (data->map != NULL) 848 bus_dmamap_destroy(sc->sc_dmat, data->map); 849 } 850 } 851 852 int 853 wpi_read_eeprom(struct wpi_softc *sc) 854 { 855 struct ieee80211com *ic = &sc->sc_ic; 856 char domain[4]; 857 int i; 858 859 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 860 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 861 return EIO; 862 } 863 /* Clear HW ownership of EEPROM. */ 864 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 865 866 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 867 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 868 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 869 870 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 871 sc->type)); 872 873 /* Read and print regulatory domain (4 ASCII characters.) */ 874 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 875 printf(", %.4s", domain); 876 877 /* Read and print MAC address. */ 878 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 879 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 880 881 /* Read the list of authorized channels. */ 882 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 883 wpi_read_eeprom_channels(sc, i); 884 885 /* Read the list of TX power groups. */ 886 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 887 wpi_read_eeprom_group(sc, i); 888 889 return 0; 890 } 891 892 void 893 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 894 { 895 struct ieee80211com *ic = &sc->sc_ic; 896 const struct wpi_chan_band *band = &wpi_bands[n]; 897 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 898 int chan, i; 899 900 wpi_read_prom_data(sc, band->addr, channels, 901 band->nchan * sizeof (struct wpi_eeprom_chan)); 902 903 for (i = 0; i < band->nchan; i++) { 904 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 905 continue; 906 907 chan = band->chan[i]; 908 909 if (n == 0) { /* 2GHz band */ 910 ic->ic_channels[chan].ic_freq = 911 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 912 ic->ic_channels[chan].ic_flags = 913 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 914 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 915 916 } else { /* 5GHz band */ 917 /* 918 * Some adapters support channels 7, 8, 11 and 12 919 * both in the 2GHz and 4.9GHz bands. 920 * Because of limitations in our net80211 layer, 921 * we don't support them in the 4.9GHz band. 922 */ 923 if (chan <= 14) 924 continue; 925 926 ic->ic_channels[chan].ic_freq = 927 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 928 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 929 /* We have at least one valid 5GHz channel. */ 930 sc->sc_flags |= WPI_FLAG_HAS_5GHZ; 931 } 932 933 /* Is active scan allowed on this channel? */ 934 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 935 ic->ic_channels[chan].ic_flags |= 936 IEEE80211_CHAN_PASSIVE; 937 } 938 939 /* Save maximum allowed TX power for this channel. */ 940 sc->maxpwr[chan] = channels[i].maxpwr; 941 942 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 943 chan, channels[i].flags, sc->maxpwr[chan])); 944 } 945 } 946 947 void 948 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 949 { 950 struct wpi_power_group *group = &sc->groups[n]; 951 struct wpi_eeprom_group rgroup; 952 int i; 953 954 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 955 sizeof rgroup); 956 957 /* Save TX power group information. */ 958 group->chan = rgroup.chan; 959 group->maxpwr = rgroup.maxpwr; 960 /* Retrieve temperature at which the samples were taken. */ 961 group->temp = (int16_t)letoh16(rgroup.temp); 962 963 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 964 group->chan, group->maxpwr, group->temp)); 965 966 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 967 group->samples[i].index = rgroup.samples[i].index; 968 group->samples[i].power = rgroup.samples[i].power; 969 970 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 971 group->samples[i].index, group->samples[i].power)); 972 } 973 } 974 975 struct ieee80211_node * 976 wpi_node_alloc(struct ieee80211com *ic) 977 { 978 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 979 } 980 981 void 982 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 983 { 984 struct wpi_softc *sc = ic->ic_if.if_softc; 985 struct wpi_node *wn = (void *)ni; 986 uint8_t rate; 987 int ridx, i; 988 989 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 990 /* Start at lowest available bit-rate, AMRR will raise. */ 991 ni->ni_txrate = 0; 992 993 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 994 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 995 /* Map 802.11 rate to HW rate index. */ 996 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 997 if (wpi_rates[ridx].rate == rate) 998 break; 999 wn->ridx[i] = ridx; 1000 } 1001 } 1002 1003 int 1004 wpi_media_change(struct ifnet *ifp) 1005 { 1006 struct wpi_softc *sc = ifp->if_softc; 1007 struct ieee80211com *ic = &sc->sc_ic; 1008 uint8_t rate, ridx; 1009 int error; 1010 1011 error = ieee80211_media_change(ifp); 1012 if (error != ENETRESET) 1013 return error; 1014 1015 if (ic->ic_fixed_rate != -1) { 1016 rate = ic->ic_sup_rates[ic->ic_curmode]. 1017 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1018 /* Map 802.11 rate to HW rate index. */ 1019 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1020 if (wpi_rates[ridx].rate == rate) 1021 break; 1022 sc->fixed_ridx = ridx; 1023 } 1024 1025 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1026 (IFF_UP | IFF_RUNNING)) { 1027 wpi_stop(ifp, 0); 1028 error = wpi_init(ifp); 1029 } 1030 return error; 1031 } 1032 1033 int 1034 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1035 { 1036 struct ifnet *ifp = &ic->ic_if; 1037 struct wpi_softc *sc = ifp->if_softc; 1038 int error; 1039 1040 timeout_del(&sc->calib_to); 1041 1042 switch (nstate) { 1043 case IEEE80211_S_SCAN: 1044 /* Make the link LED blink while we're scanning. */ 1045 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1046 1047 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1048 printf("%s: could not initiate scan\n", 1049 sc->sc_dev.dv_xname); 1050 return error; 1051 } 1052 ic->ic_state = nstate; 1053 return 0; 1054 1055 case IEEE80211_S_ASSOC: 1056 if (ic->ic_state != IEEE80211_S_RUN) 1057 break; 1058 /* FALLTHROUGH */ 1059 case IEEE80211_S_AUTH: 1060 /* Reset state to handle reassociations correctly. */ 1061 sc->rxon.associd = 0; 1062 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1063 1064 if ((error = wpi_auth(sc)) != 0) { 1065 printf("%s: could not move to auth state\n", 1066 sc->sc_dev.dv_xname); 1067 return error; 1068 } 1069 break; 1070 1071 case IEEE80211_S_RUN: 1072 if ((error = wpi_run(sc)) != 0) { 1073 printf("%s: could not move to run state\n", 1074 sc->sc_dev.dv_xname); 1075 return error; 1076 } 1077 break; 1078 1079 case IEEE80211_S_INIT: 1080 break; 1081 } 1082 1083 return sc->sc_newstate(ic, nstate, arg); 1084 } 1085 1086 void 1087 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1088 { 1089 struct wpi_softc *sc = arg; 1090 struct wpi_node *wn = (struct wpi_node *)ni; 1091 1092 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1093 } 1094 1095 void 1096 wpi_calib_timeout(void *arg) 1097 { 1098 struct wpi_softc *sc = arg; 1099 struct ieee80211com *ic = &sc->sc_ic; 1100 int s; 1101 1102 s = splnet(); 1103 /* Automatic rate control triggered every 500ms. */ 1104 if (ic->ic_fixed_rate == -1) { 1105 if (ic->ic_opmode == IEEE80211_M_STA) 1106 wpi_iter_func(sc, ic->ic_bss); 1107 else 1108 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1109 } 1110 1111 /* Force automatic TX power calibration every 60 secs. */ 1112 if (++sc->calib_cnt >= 120) { 1113 wpi_power_calibration(sc); 1114 sc->calib_cnt = 0; 1115 } 1116 splx(s); 1117 1118 /* Automatic rate control triggered every 500ms. */ 1119 timeout_add_msec(&sc->calib_to, 500); 1120 } 1121 1122 int 1123 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1124 { 1125 struct ieee80211_frame *wh; 1126 uint64_t pn, *prsc; 1127 uint8_t *ivp; 1128 uint8_t tid; 1129 int hdrlen; 1130 1131 wh = mtod(m, struct ieee80211_frame *); 1132 hdrlen = ieee80211_get_hdrlen(wh); 1133 ivp = (uint8_t *)wh + hdrlen; 1134 1135 /* Check that ExtIV bit is be set. */ 1136 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1137 DPRINTF(("CCMP decap ExtIV not set\n")); 1138 return 1; 1139 } 1140 tid = ieee80211_has_qos(wh) ? 1141 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1142 prsc = &k->k_rsc[tid]; 1143 1144 /* Extract the 48-bit PN from the CCMP header. */ 1145 pn = (uint64_t)ivp[0] | 1146 (uint64_t)ivp[1] << 8 | 1147 (uint64_t)ivp[4] << 16 | 1148 (uint64_t)ivp[5] << 24 | 1149 (uint64_t)ivp[6] << 32 | 1150 (uint64_t)ivp[7] << 40; 1151 if (pn <= *prsc) { 1152 /* 1153 * Not necessarily a replayed frame since we did not check 1154 * the sequence number of the 802.11 header yet. 1155 */ 1156 DPRINTF(("CCMP replayed\n")); 1157 return 1; 1158 } 1159 /* Update last seen packet number. */ 1160 *prsc = pn; 1161 1162 /* Clear Protected bit and strip IV. */ 1163 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1164 memmove(mtod(m, caddr_t) + IEEE80211_CCMP_HDRLEN, wh, hdrlen); 1165 m_adj(m, IEEE80211_CCMP_HDRLEN); 1166 /* Strip MIC. */ 1167 m_adj(m, -IEEE80211_CCMP_MICLEN); 1168 return 0; 1169 } 1170 1171 void 1172 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1173 struct wpi_rx_data *data) 1174 { 1175 struct ieee80211com *ic = &sc->sc_ic; 1176 struct ifnet *ifp = &ic->ic_if; 1177 struct wpi_rx_ring *ring = &sc->rxq; 1178 struct wpi_rx_stat *stat; 1179 struct wpi_rx_head *head; 1180 struct wpi_rx_tail *tail; 1181 struct ieee80211_frame *wh; 1182 struct ieee80211_rxinfo rxi; 1183 struct ieee80211_node *ni; 1184 struct mbuf *m, *m1; 1185 uint32_t flags; 1186 int error; 1187 1188 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE, 1189 BUS_DMASYNC_POSTREAD); 1190 stat = (struct wpi_rx_stat *)(desc + 1); 1191 1192 if (stat->len > WPI_STAT_MAXLEN) { 1193 printf("%s: invalid RX statistic header\n", 1194 sc->sc_dev.dv_xname); 1195 ifp->if_ierrors++; 1196 return; 1197 } 1198 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1199 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1200 flags = letoh32(tail->flags); 1201 1202 /* Discard frames with a bad FCS early. */ 1203 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1204 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1205 ifp->if_ierrors++; 1206 return; 1207 } 1208 /* Discard frames that are too short. */ 1209 if (letoh16(head->len) < sizeof (*wh)) { 1210 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1211 ic->ic_stats.is_rx_tooshort++; 1212 ifp->if_ierrors++; 1213 return; 1214 } 1215 1216 m1 = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 1217 if (m1 == NULL) { 1218 ic->ic_stats.is_rx_nombuf++; 1219 ifp->if_ierrors++; 1220 return; 1221 } 1222 bus_dmamap_unload(sc->sc_dmat, data->map); 1223 1224 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 1225 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 1226 if (error != 0) { 1227 m_freem(m1); 1228 1229 /* Try to reload the old mbuf. */ 1230 error = bus_dmamap_load(sc->sc_dmat, data->map, 1231 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 1232 BUS_DMA_NOWAIT | BUS_DMA_READ); 1233 if (error != 0) { 1234 panic("%s: could not load old RX mbuf", 1235 sc->sc_dev.dv_xname); 1236 } 1237 /* Physical address may have changed. */ 1238 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1239 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1240 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1241 BUS_DMASYNC_PREWRITE); 1242 ifp->if_ierrors++; 1243 return; 1244 } 1245 1246 m = data->m; 1247 data->m = m1; 1248 /* Update RX descriptor. */ 1249 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1250 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1251 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1252 BUS_DMASYNC_PREWRITE); 1253 1254 /* Finalize mbuf. */ 1255 m->m_data = (caddr_t)(head + 1); 1256 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1257 1258 /* Grab a reference to the source node. */ 1259 wh = mtod(m, struct ieee80211_frame *); 1260 ni = ieee80211_find_rxnode(ic, wh); 1261 1262 rxi.rxi_flags = 0; 1263 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1264 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1265 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1266 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1267 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1268 ic->ic_stats.is_ccmp_dec_errs++; 1269 ifp->if_ierrors++; 1270 m_freem(m); 1271 return; 1272 } 1273 /* Check whether decryption was successful or not. */ 1274 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1275 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1276 ic->ic_stats.is_ccmp_dec_errs++; 1277 ifp->if_ierrors++; 1278 m_freem(m); 1279 return; 1280 } 1281 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1282 ifp->if_ierrors++; 1283 m_freem(m); 1284 return; 1285 } 1286 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1287 } 1288 1289 #if NBPFILTER > 0 1290 if (sc->sc_drvbpf != NULL) { 1291 struct mbuf mb; 1292 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1293 1294 tap->wr_flags = 0; 1295 if (letoh16(head->flags) & 0x4) 1296 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1297 tap->wr_chan_freq = 1298 htole16(ic->ic_channels[head->chan].ic_freq); 1299 tap->wr_chan_flags = 1300 htole16(ic->ic_channels[head->chan].ic_flags); 1301 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1302 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1303 tap->wr_tsft = tail->tstamp; 1304 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1305 switch (head->rate) { 1306 /* CCK rates. */ 1307 case 10: tap->wr_rate = 2; break; 1308 case 20: tap->wr_rate = 4; break; 1309 case 55: tap->wr_rate = 11; break; 1310 case 110: tap->wr_rate = 22; break; 1311 /* OFDM rates. */ 1312 case 0xd: tap->wr_rate = 12; break; 1313 case 0xf: tap->wr_rate = 18; break; 1314 case 0x5: tap->wr_rate = 24; break; 1315 case 0x7: tap->wr_rate = 36; break; 1316 case 0x9: tap->wr_rate = 48; break; 1317 case 0xb: tap->wr_rate = 72; break; 1318 case 0x1: tap->wr_rate = 96; break; 1319 case 0x3: tap->wr_rate = 108; break; 1320 /* Unknown rate: should not happen. */ 1321 default: tap->wr_rate = 0; 1322 } 1323 1324 mb.m_data = (caddr_t)tap; 1325 mb.m_len = sc->sc_rxtap_len; 1326 mb.m_next = m; 1327 mb.m_nextpkt = NULL; 1328 mb.m_type = 0; 1329 mb.m_flags = 0; 1330 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1331 } 1332 #endif 1333 1334 /* Send the frame to the 802.11 layer. */ 1335 rxi.rxi_rssi = stat->rssi; 1336 rxi.rxi_tstamp = 0; /* unused */ 1337 ieee80211_input(ifp, m, ni, &rxi); 1338 1339 /* Node is no longer needed. */ 1340 ieee80211_release_node(ic, ni); 1341 } 1342 1343 void 1344 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1345 { 1346 struct ieee80211com *ic = &sc->sc_ic; 1347 struct ifnet *ifp = &ic->ic_if; 1348 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1349 struct wpi_tx_data *data = &ring->data[desc->idx]; 1350 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1351 struct wpi_node *wn = (struct wpi_node *)data->ni; 1352 1353 /* Update rate control statistics. */ 1354 wn->amn.amn_txcnt++; 1355 if (stat->retrycnt > 0) 1356 wn->amn.amn_retrycnt++; 1357 1358 if ((letoh32(stat->status) & 0xff) != 1) 1359 ifp->if_oerrors++; 1360 else 1361 ifp->if_opackets++; 1362 1363 /* Unmap and free mbuf. */ 1364 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1365 BUS_DMASYNC_POSTWRITE); 1366 bus_dmamap_unload(sc->sc_dmat, data->map); 1367 m_freem(data->m); 1368 data->m = NULL; 1369 ieee80211_release_node(ic, data->ni); 1370 data->ni = NULL; 1371 1372 sc->sc_tx_timer = 0; 1373 if (--ring->queued < WPI_TX_RING_LOMARK) { 1374 sc->qfullmsk &= ~(1 << ring->qid); 1375 if (sc->qfullmsk == 0 && ifq_is_oactive(&ifp->if_snd)) { 1376 ifq_clr_oactive(&ifp->if_snd); 1377 (*ifp->if_start)(ifp); 1378 } 1379 } 1380 } 1381 1382 void 1383 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1384 { 1385 struct wpi_tx_ring *ring = &sc->txq[4]; 1386 struct wpi_tx_data *data; 1387 1388 if ((desc->qid & 7) != 4) 1389 return; /* Not a command ack. */ 1390 1391 data = &ring->data[desc->idx]; 1392 1393 /* If the command was mapped in an mbuf, free it. */ 1394 if (data->m != NULL) { 1395 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1396 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1397 bus_dmamap_unload(sc->sc_dmat, data->map); 1398 m_freem(data->m); 1399 data->m = NULL; 1400 } 1401 wakeup(&ring->cmd[desc->idx]); 1402 } 1403 1404 void 1405 wpi_notif_intr(struct wpi_softc *sc) 1406 { 1407 struct ieee80211com *ic = &sc->sc_ic; 1408 struct ifnet *ifp = &ic->ic_if; 1409 uint32_t hw; 1410 1411 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1412 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1413 1414 hw = letoh32(sc->shared->next); 1415 while (sc->rxq.cur != hw) { 1416 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1417 struct wpi_rx_desc *desc; 1418 1419 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 1420 BUS_DMASYNC_POSTREAD); 1421 desc = mtod(data->m, struct wpi_rx_desc *); 1422 1423 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1424 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1425 letoh32(desc->len))); 1426 1427 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1428 wpi_cmd_done(sc, desc); 1429 1430 switch (desc->type) { 1431 case WPI_RX_DONE: 1432 /* An 802.11 frame has been received. */ 1433 wpi_rx_done(sc, desc, data); 1434 break; 1435 1436 case WPI_TX_DONE: 1437 /* An 802.11 frame has been transmitted. */ 1438 wpi_tx_done(sc, desc); 1439 break; 1440 1441 case WPI_UC_READY: 1442 { 1443 struct wpi_ucode_info *uc = 1444 (struct wpi_ucode_info *)(desc + 1); 1445 1446 /* The microcontroller is ready. */ 1447 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1448 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1449 DPRINTF(("microcode alive notification version %x " 1450 "alive %x\n", letoh32(uc->version), 1451 letoh32(uc->valid))); 1452 1453 if (letoh32(uc->valid) != 1) { 1454 printf("%s: microcontroller initialization " 1455 "failed\n", sc->sc_dev.dv_xname); 1456 } 1457 if (uc->subtype != WPI_UCODE_INIT) { 1458 /* Save the address of the error log. */ 1459 sc->errptr = letoh32(uc->errptr); 1460 } 1461 break; 1462 } 1463 case WPI_STATE_CHANGED: 1464 { 1465 uint32_t *status = (uint32_t *)(desc + 1); 1466 1467 /* Enabled/disabled notification. */ 1468 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1469 sizeof (*status), BUS_DMASYNC_POSTREAD); 1470 DPRINTF(("state changed to %x\n", letoh32(*status))); 1471 1472 if (letoh32(*status) & 1) { 1473 /* The radio button has to be pushed. */ 1474 printf("%s: Radio transmitter is off\n", 1475 sc->sc_dev.dv_xname); 1476 /* Turn the interface down. */ 1477 ifp->if_flags &= ~IFF_UP; 1478 wpi_stop(ifp, 1); 1479 return; /* No further processing. */ 1480 } 1481 break; 1482 } 1483 case WPI_START_SCAN: 1484 { 1485 struct wpi_start_scan *scan = 1486 (struct wpi_start_scan *)(desc + 1); 1487 1488 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1489 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1490 DPRINTFN(2, ("scanning channel %d status %x\n", 1491 scan->chan, letoh32(scan->status))); 1492 1493 /* Fix current channel. */ 1494 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1495 break; 1496 } 1497 case WPI_STOP_SCAN: 1498 { 1499 struct wpi_stop_scan *scan = 1500 (struct wpi_stop_scan *)(desc + 1); 1501 1502 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1503 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1504 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1505 scan->nchan, scan->status, scan->chan)); 1506 1507 if (scan->status == 1 && scan->chan <= 14 && 1508 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1509 /* 1510 * We just finished scanning 2GHz channels, 1511 * start scanning 5GHz ones. 1512 */ 1513 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1514 break; 1515 } 1516 ieee80211_end_scan(ifp); 1517 break; 1518 } 1519 } 1520 1521 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1522 } 1523 1524 /* Tell the firmware what we have processed. */ 1525 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1526 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1527 } 1528 1529 /* 1530 * Dump the error log of the firmware when a firmware panic occurs. Although 1531 * we can't debug the firmware because it is neither open source nor free, it 1532 * can help us to identify certain classes of problems. 1533 */ 1534 void 1535 wpi_fatal_intr(struct wpi_softc *sc) 1536 { 1537 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1538 struct wpi_fwdump dump; 1539 uint32_t i, offset, count; 1540 1541 /* Check that the error log address is valid. */ 1542 if (sc->errptr < WPI_FW_DATA_BASE || 1543 sc->errptr + sizeof (dump) > 1544 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1545 printf("%s: bad firmware error log address 0x%08x\n", 1546 sc->sc_dev.dv_xname, sc->errptr); 1547 return; 1548 } 1549 1550 if (wpi_nic_lock(sc) != 0) { 1551 printf("%s: could not read firmware error log\n", 1552 sc->sc_dev.dv_xname); 1553 return; 1554 } 1555 /* Read number of entries in the log. */ 1556 count = wpi_mem_read(sc, sc->errptr); 1557 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1558 printf("%s: invalid count field (count=%u)\n", 1559 sc->sc_dev.dv_xname, count); 1560 wpi_nic_unlock(sc); 1561 return; 1562 } 1563 /* Skip "count" field. */ 1564 offset = sc->errptr + sizeof (uint32_t); 1565 printf("firmware error log (count=%u):\n", count); 1566 for (i = 0; i < count; i++) { 1567 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1568 sizeof (dump) / sizeof (uint32_t)); 1569 1570 printf(" error type = \"%s\" (0x%08X)\n", 1571 (dump.desc < N(wpi_fw_errmsg)) ? 1572 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1573 dump.desc); 1574 printf(" error data = 0x%08X\n", 1575 dump.data); 1576 printf(" branch link = 0x%08X%08X\n", 1577 dump.blink[0], dump.blink[1]); 1578 printf(" interrupt link = 0x%08X%08X\n", 1579 dump.ilink[0], dump.ilink[1]); 1580 printf(" time = %u\n", dump.time); 1581 1582 offset += sizeof (dump); 1583 } 1584 wpi_nic_unlock(sc); 1585 /* Dump driver status (TX and RX rings) while we're here. */ 1586 printf("driver status:\n"); 1587 for (i = 0; i < 6; i++) { 1588 struct wpi_tx_ring *ring = &sc->txq[i]; 1589 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1590 i, ring->qid, ring->cur, ring->queued); 1591 } 1592 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1593 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1594 #undef N 1595 } 1596 1597 int 1598 wpi_intr(void *arg) 1599 { 1600 struct wpi_softc *sc = arg; 1601 struct ifnet *ifp = &sc->sc_ic.ic_if; 1602 uint32_t r1, r2; 1603 1604 /* Disable interrupts. */ 1605 WPI_WRITE(sc, WPI_MASK, 0); 1606 1607 r1 = WPI_READ(sc, WPI_INT); 1608 r2 = WPI_READ(sc, WPI_FH_INT); 1609 1610 if (r1 == 0 && r2 == 0) { 1611 if (ifp->if_flags & IFF_UP) 1612 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1613 return 0; /* Interrupt not for us. */ 1614 } 1615 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1616 return 0; /* Hardware gone! */ 1617 1618 /* Acknowledge interrupts. */ 1619 WPI_WRITE(sc, WPI_INT, r1); 1620 WPI_WRITE(sc, WPI_FH_INT, r2); 1621 1622 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1623 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1624 /* Dump firmware error log and stop. */ 1625 wpi_fatal_intr(sc); 1626 wpi_stop(ifp, 1); 1627 task_add(systq, &sc->init_task); 1628 return 1; 1629 } 1630 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1631 (r2 & WPI_FH_INT_RX)) 1632 wpi_notif_intr(sc); 1633 1634 if (r1 & WPI_INT_ALIVE) 1635 wakeup(sc); /* Firmware is alive. */ 1636 1637 /* Re-enable interrupts. */ 1638 if (ifp->if_flags & IFF_UP) 1639 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1640 1641 return 1; 1642 } 1643 1644 int 1645 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1646 { 1647 struct ieee80211com *ic = &sc->sc_ic; 1648 struct wpi_node *wn = (void *)ni; 1649 struct wpi_tx_ring *ring; 1650 struct wpi_tx_desc *desc; 1651 struct wpi_tx_data *data; 1652 struct wpi_tx_cmd *cmd; 1653 struct wpi_cmd_data *tx; 1654 const struct wpi_rate *rinfo; 1655 struct ieee80211_frame *wh; 1656 struct ieee80211_key *k = NULL; 1657 enum ieee80211_edca_ac ac; 1658 uint32_t flags; 1659 uint16_t qos; 1660 u_int hdrlen; 1661 uint8_t *ivp, tid, ridx, type; 1662 int i, totlen, hasqos, error; 1663 1664 wh = mtod(m, struct ieee80211_frame *); 1665 hdrlen = ieee80211_get_hdrlen(wh); 1666 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1667 1668 /* Select EDCA Access Category and TX ring for this frame. */ 1669 if ((hasqos = ieee80211_has_qos(wh))) { 1670 qos = ieee80211_get_qos(wh); 1671 tid = qos & IEEE80211_QOS_TID; 1672 ac = ieee80211_up_to_ac(ic, tid); 1673 } else { 1674 tid = 0; 1675 ac = EDCA_AC_BE; 1676 } 1677 1678 ring = &sc->txq[ac]; 1679 desc = &ring->desc[ring->cur]; 1680 data = &ring->data[ring->cur]; 1681 1682 /* Choose a TX rate index. */ 1683 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1684 type != IEEE80211_FC0_TYPE_DATA) { 1685 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1686 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1687 } else if (ic->ic_fixed_rate != -1) { 1688 ridx = sc->fixed_ridx; 1689 } else 1690 ridx = wn->ridx[ni->ni_txrate]; 1691 rinfo = &wpi_rates[ridx]; 1692 1693 #if NBPFILTER > 0 1694 if (sc->sc_drvbpf != NULL) { 1695 struct mbuf mb; 1696 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1697 1698 tap->wt_flags = 0; 1699 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1700 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1701 tap->wt_rate = rinfo->rate; 1702 tap->wt_hwqueue = ac; 1703 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1704 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1705 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1706 1707 mb.m_data = (caddr_t)tap; 1708 mb.m_len = sc->sc_txtap_len; 1709 mb.m_next = m; 1710 mb.m_nextpkt = NULL; 1711 mb.m_type = 0; 1712 mb.m_flags = 0; 1713 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1714 } 1715 #endif 1716 1717 totlen = m->m_pkthdr.len; 1718 1719 /* Encrypt the frame if need be. */ 1720 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1721 /* Retrieve key for TX. */ 1722 k = ieee80211_get_txkey(ic, wh, ni); 1723 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1724 /* Do software encryption. */ 1725 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1726 return ENOBUFS; 1727 /* 802.11 header may have moved. */ 1728 wh = mtod(m, struct ieee80211_frame *); 1729 totlen = m->m_pkthdr.len; 1730 1731 } else /* HW appends CCMP MIC. */ 1732 totlen += IEEE80211_CCMP_HDRLEN; 1733 } 1734 1735 /* Prepare TX firmware command. */ 1736 cmd = &ring->cmd[ring->cur]; 1737 cmd->code = WPI_CMD_TX_DATA; 1738 cmd->flags = 0; 1739 cmd->qid = ring->qid; 1740 cmd->idx = ring->cur; 1741 1742 tx = (struct wpi_cmd_data *)cmd->data; 1743 /* NB: No need to clear tx, all fields are reinitialized here. */ 1744 1745 flags = 0; 1746 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1747 /* Unicast frame, check if an ACK is expected. */ 1748 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1749 IEEE80211_QOS_ACK_POLICY_NOACK) 1750 flags |= WPI_TX_NEED_ACK; 1751 } 1752 1753 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1754 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1755 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1756 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1757 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1758 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1759 ridx <= WPI_RIDX_OFDM54) { 1760 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1761 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1762 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1763 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1764 } 1765 } 1766 1767 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1768 type != IEEE80211_FC0_TYPE_DATA) 1769 tx->id = WPI_ID_BROADCAST; 1770 else 1771 tx->id = wn->id; 1772 1773 if (type == IEEE80211_FC0_TYPE_MGT) { 1774 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1775 1776 #ifndef IEEE80211_STA_ONLY 1777 /* Tell HW to set timestamp in probe responses. */ 1778 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1779 flags |= WPI_TX_INSERT_TSTAMP; 1780 #endif 1781 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1782 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1783 tx->timeout = htole16(3); 1784 else 1785 tx->timeout = htole16(2); 1786 } else 1787 tx->timeout = htole16(0); 1788 1789 tx->len = htole16(totlen); 1790 tx->tid = tid; 1791 tx->rts_ntries = 7; 1792 tx->data_ntries = 15; 1793 tx->ofdm_mask = 0xff; 1794 tx->cck_mask = 0x0f; 1795 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1796 tx->plcp = rinfo->plcp; 1797 1798 /* Copy 802.11 header in TX command. */ 1799 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1800 1801 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1802 /* Trim 802.11 header and prepend CCMP IV. */ 1803 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1804 ivp = mtod(m, uint8_t *); 1805 k->k_tsc++; 1806 ivp[0] = k->k_tsc; 1807 ivp[1] = k->k_tsc >> 8; 1808 ivp[2] = 0; 1809 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1810 ivp[4] = k->k_tsc >> 16; 1811 ivp[5] = k->k_tsc >> 24; 1812 ivp[6] = k->k_tsc >> 32; 1813 ivp[7] = k->k_tsc >> 40; 1814 1815 tx->security = WPI_CIPHER_CCMP; 1816 memcpy(tx->key, k->k_key, k->k_len); 1817 } else { 1818 /* Trim 802.11 header. */ 1819 m_adj(m, hdrlen); 1820 tx->security = 0; 1821 } 1822 tx->flags = htole32(flags); 1823 1824 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1825 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1826 if (error != 0 && error != EFBIG) { 1827 printf("%s: can't map mbuf (error %d)\n", 1828 sc->sc_dev.dv_xname, error); 1829 m_freem(m); 1830 return error; 1831 } 1832 if (error != 0) { 1833 /* Too many DMA segments, linearize mbuf. */ 1834 if (m_defrag(m, M_DONTWAIT)) { 1835 m_freem(m); 1836 return ENOBUFS; 1837 } 1838 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1839 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1840 if (error != 0) { 1841 printf("%s: can't map mbuf (error %d)\n", 1842 sc->sc_dev.dv_xname, error); 1843 m_freem(m); 1844 return error; 1845 } 1846 } 1847 1848 data->m = m; 1849 data->ni = ni; 1850 1851 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1852 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1853 1854 /* Fill TX descriptor. */ 1855 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1856 (1 + data->map->dm_nsegs) << 24); 1857 /* First DMA segment is used by the TX command. */ 1858 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1859 ring->cur * sizeof (struct wpi_tx_cmd)); 1860 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1861 ((hdrlen + 3) & ~3)); 1862 /* Other DMA segments are for data payload. */ 1863 for (i = 1; i <= data->map->dm_nsegs; i++) { 1864 desc->segs[i].addr = 1865 htole32(data->map->dm_segs[i - 1].ds_addr); 1866 desc->segs[i].len = 1867 htole32(data->map->dm_segs[i - 1].ds_len); 1868 } 1869 1870 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1871 BUS_DMASYNC_PREWRITE); 1872 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1873 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1874 BUS_DMASYNC_PREWRITE); 1875 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1876 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1877 BUS_DMASYNC_PREWRITE); 1878 1879 /* Kick TX ring. */ 1880 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1881 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1882 1883 /* Mark TX ring as full if we reach a certain threshold. */ 1884 if (++ring->queued > WPI_TX_RING_HIMARK) 1885 sc->qfullmsk |= 1 << ring->qid; 1886 1887 return 0; 1888 } 1889 1890 void 1891 wpi_start(struct ifnet *ifp) 1892 { 1893 struct wpi_softc *sc = ifp->if_softc; 1894 struct ieee80211com *ic = &sc->sc_ic; 1895 struct ieee80211_node *ni; 1896 struct mbuf *m; 1897 1898 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 1899 return; 1900 1901 for (;;) { 1902 if (sc->qfullmsk != 0) { 1903 ifq_set_oactive(&ifp->if_snd); 1904 break; 1905 } 1906 /* Send pending management frames first. */ 1907 m = mq_dequeue(&ic->ic_mgtq); 1908 if (m != NULL) { 1909 ni = m->m_pkthdr.ph_cookie; 1910 goto sendit; 1911 } 1912 if (ic->ic_state != IEEE80211_S_RUN) 1913 break; 1914 1915 /* Encapsulate and send data frames. */ 1916 IFQ_DEQUEUE(&ifp->if_snd, m); 1917 if (m == NULL) 1918 break; 1919 #if NBPFILTER > 0 1920 if (ifp->if_bpf != NULL) 1921 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1922 #endif 1923 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1924 continue; 1925 sendit: 1926 #if NBPFILTER > 0 1927 if (ic->ic_rawbpf != NULL) 1928 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1929 #endif 1930 if (wpi_tx(sc, m, ni) != 0) { 1931 ieee80211_release_node(ic, ni); 1932 ifp->if_oerrors++; 1933 continue; 1934 } 1935 1936 sc->sc_tx_timer = 5; 1937 ifp->if_timer = 1; 1938 } 1939 } 1940 1941 void 1942 wpi_watchdog(struct ifnet *ifp) 1943 { 1944 struct wpi_softc *sc = ifp->if_softc; 1945 1946 ifp->if_timer = 0; 1947 1948 if (sc->sc_tx_timer > 0) { 1949 if (--sc->sc_tx_timer == 0) { 1950 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1951 ifp->if_flags &= ~IFF_UP; 1952 wpi_stop(ifp, 1); 1953 ifp->if_oerrors++; 1954 return; 1955 } 1956 ifp->if_timer = 1; 1957 } 1958 1959 ieee80211_watchdog(ifp); 1960 } 1961 1962 int 1963 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1964 { 1965 struct wpi_softc *sc = ifp->if_softc; 1966 struct ieee80211com *ic = &sc->sc_ic; 1967 struct ifreq *ifr; 1968 int s, error = 0; 1969 1970 error = rw_enter(&sc->sc_rwlock, RW_WRITE | RW_INTR); 1971 if (error) 1972 return error; 1973 s = splnet(); 1974 1975 switch (cmd) { 1976 case SIOCSIFADDR: 1977 ifp->if_flags |= IFF_UP; 1978 /* FALLTHROUGH */ 1979 case SIOCSIFFLAGS: 1980 if (ifp->if_flags & IFF_UP) { 1981 if (!(ifp->if_flags & IFF_RUNNING)) 1982 error = wpi_init(ifp); 1983 } else { 1984 if (ifp->if_flags & IFF_RUNNING) 1985 wpi_stop(ifp, 1); 1986 } 1987 break; 1988 1989 case SIOCADDMULTI: 1990 case SIOCDELMULTI: 1991 ifr = (struct ifreq *)data; 1992 error = (cmd == SIOCADDMULTI) ? 1993 ether_addmulti(ifr, &ic->ic_ac) : 1994 ether_delmulti(ifr, &ic->ic_ac); 1995 1996 if (error == ENETRESET) 1997 error = 0; 1998 break; 1999 2000 case SIOCS80211POWER: 2001 error = ieee80211_ioctl(ifp, cmd, data); 2002 if (error != ENETRESET) 2003 break; 2004 if (ic->ic_state == IEEE80211_S_RUN) { 2005 if (ic->ic_flags & IEEE80211_F_PMGTON) 2006 error = wpi_set_pslevel(sc, 0, 3, 0); 2007 else /* back to CAM */ 2008 error = wpi_set_pslevel(sc, 0, 0, 0); 2009 } else { 2010 /* Defer until transition to IEEE80211_S_RUN. */ 2011 error = 0; 2012 } 2013 break; 2014 2015 default: 2016 error = ieee80211_ioctl(ifp, cmd, data); 2017 } 2018 2019 if (error == ENETRESET) { 2020 error = 0; 2021 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2022 (IFF_UP | IFF_RUNNING)) { 2023 wpi_stop(ifp, 0); 2024 error = wpi_init(ifp); 2025 } 2026 } 2027 2028 splx(s); 2029 rw_exit_write(&sc->sc_rwlock); 2030 return error; 2031 } 2032 2033 /* 2034 * Send a command to the firmware. 2035 */ 2036 int 2037 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2038 { 2039 struct wpi_tx_ring *ring = &sc->txq[4]; 2040 struct wpi_tx_desc *desc; 2041 struct wpi_tx_data *data; 2042 struct wpi_tx_cmd *cmd; 2043 struct mbuf *m; 2044 bus_addr_t paddr; 2045 int totlen, error; 2046 2047 desc = &ring->desc[ring->cur]; 2048 data = &ring->data[ring->cur]; 2049 totlen = 4 + size; 2050 2051 if (size > sizeof cmd->data) { 2052 /* Command is too large to fit in a descriptor. */ 2053 if (totlen > MCLBYTES) 2054 return EINVAL; 2055 MGETHDR(m, M_DONTWAIT, MT_DATA); 2056 if (m == NULL) 2057 return ENOMEM; 2058 if (totlen > MHLEN) { 2059 MCLGET(m, M_DONTWAIT); 2060 if (!(m->m_flags & M_EXT)) { 2061 m_freem(m); 2062 return ENOMEM; 2063 } 2064 } 2065 cmd = mtod(m, struct wpi_tx_cmd *); 2066 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2067 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2068 if (error != 0) { 2069 m_freem(m); 2070 return error; 2071 } 2072 data->m = m; 2073 paddr = data->map->dm_segs[0].ds_addr; 2074 } else { 2075 cmd = &ring->cmd[ring->cur]; 2076 paddr = data->cmd_paddr; 2077 } 2078 2079 cmd->code = code; 2080 cmd->flags = 0; 2081 cmd->qid = ring->qid; 2082 cmd->idx = ring->cur; 2083 memcpy(cmd->data, buf, size); 2084 2085 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2086 desc->segs[0].addr = htole32(paddr); 2087 desc->segs[0].len = htole32(totlen); 2088 2089 if (size > sizeof cmd->data) { 2090 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2091 BUS_DMASYNC_PREWRITE); 2092 } else { 2093 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2094 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2095 BUS_DMASYNC_PREWRITE); 2096 } 2097 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2098 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2099 BUS_DMASYNC_PREWRITE); 2100 2101 /* Kick command ring. */ 2102 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2103 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2104 2105 return async ? 0 : tsleep(cmd, PCATCH, "wpicmd", hz); 2106 } 2107 2108 /* 2109 * Configure HW multi-rate retries. 2110 */ 2111 int 2112 wpi_mrr_setup(struct wpi_softc *sc) 2113 { 2114 struct ieee80211com *ic = &sc->sc_ic; 2115 struct wpi_mrr_setup mrr; 2116 int i, error; 2117 2118 /* CCK rates (not used with 802.11a). */ 2119 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2120 mrr.rates[i].flags = 0; 2121 mrr.rates[i].plcp = wpi_rates[i].plcp; 2122 /* Fallback to the immediate lower CCK rate (if any.) */ 2123 mrr.rates[i].next = 2124 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2125 /* Try one time at this rate before falling back to "next". */ 2126 mrr.rates[i].ntries = 1; 2127 } 2128 /* OFDM rates (not used with 802.11b). */ 2129 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2130 mrr.rates[i].flags = 0; 2131 mrr.rates[i].plcp = wpi_rates[i].plcp; 2132 /* Fallback to the immediate lower rate (if any.) */ 2133 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2134 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2135 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2136 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2137 i - 1; 2138 /* Try one time at this rate before falling back to "next". */ 2139 mrr.rates[i].ntries = 1; 2140 } 2141 /* Setup MRR for control frames. */ 2142 mrr.which = htole32(WPI_MRR_CTL); 2143 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2144 if (error != 0) { 2145 printf("%s: could not setup MRR for control frames\n", 2146 sc->sc_dev.dv_xname); 2147 return error; 2148 } 2149 /* Setup MRR for data frames. */ 2150 mrr.which = htole32(WPI_MRR_DATA); 2151 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2152 if (error != 0) { 2153 printf("%s: could not setup MRR for data frames\n", 2154 sc->sc_dev.dv_xname); 2155 return error; 2156 } 2157 return 0; 2158 } 2159 2160 void 2161 wpi_updateedca(struct ieee80211com *ic) 2162 { 2163 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2164 struct wpi_softc *sc = ic->ic_softc; 2165 struct wpi_edca_params cmd; 2166 int aci; 2167 2168 memset(&cmd, 0, sizeof cmd); 2169 cmd.flags = htole32(WPI_EDCA_UPDATE); 2170 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2171 const struct ieee80211_edca_ac_params *ac = 2172 &ic->ic_edca_ac[aci]; 2173 cmd.ac[aci].aifsn = ac->ac_aifsn; 2174 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2175 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2176 cmd.ac[aci].txoplimit = 2177 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2178 } 2179 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2180 #undef WPI_EXP2 2181 } 2182 2183 void 2184 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2185 { 2186 struct wpi_cmd_led led; 2187 2188 led.which = which; 2189 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2190 led.off = off; 2191 led.on = on; 2192 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2193 } 2194 2195 int 2196 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2197 { 2198 struct wpi_cmd_timing cmd; 2199 uint64_t val, mod; 2200 2201 memset(&cmd, 0, sizeof cmd); 2202 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2203 cmd.bintval = htole16(ni->ni_intval); 2204 cmd.lintval = htole16(10); 2205 2206 /* Compute remaining time until next beacon. */ 2207 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2208 mod = letoh64(cmd.tstamp) % val; 2209 cmd.binitval = htole32((uint32_t)(val - mod)); 2210 2211 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2212 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2213 2214 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2215 } 2216 2217 /* 2218 * This function is called periodically (every minute) to adjust TX power 2219 * based on temperature variation. 2220 */ 2221 void 2222 wpi_power_calibration(struct wpi_softc *sc) 2223 { 2224 int temp; 2225 2226 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 2227 /* Sanity-check temperature. */ 2228 if (temp < -260 || temp > 25) { 2229 /* This can't be correct, ignore. */ 2230 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2231 return; 2232 } 2233 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2234 /* Adjust TX power if need be (delta > 6). */ 2235 if (abs(temp - sc->temp) > 6) { 2236 /* Record temperature of last calibration. */ 2237 sc->temp = temp; 2238 (void)wpi_set_txpower(sc, 1); 2239 } 2240 } 2241 2242 /* 2243 * Set TX power for current channel (each rate has its own power settings). 2244 */ 2245 int 2246 wpi_set_txpower(struct wpi_softc *sc, int async) 2247 { 2248 struct ieee80211com *ic = &sc->sc_ic; 2249 struct ieee80211_channel *ch; 2250 struct wpi_power_group *group; 2251 struct wpi_cmd_txpower cmd; 2252 u_int chan; 2253 int idx, i; 2254 2255 /* Retrieve current channel from last RXON. */ 2256 chan = sc->rxon.chan; 2257 DPRINTF(("setting TX power for channel %d\n", chan)); 2258 ch = &ic->ic_channels[chan]; 2259 2260 /* Find the TX power group to which this channel belongs. */ 2261 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2262 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2263 if (chan <= group->chan) 2264 break; 2265 } else 2266 group = &sc->groups[0]; 2267 2268 memset(&cmd, 0, sizeof cmd); 2269 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2270 cmd.chan = htole16(chan); 2271 2272 /* Set TX power for all OFDM and CCK rates. */ 2273 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2274 /* Retrieve TX power for this channel/rate. */ 2275 idx = wpi_get_power_index(sc, group, ch, i); 2276 2277 cmd.rates[i].plcp = wpi_rates[i].plcp; 2278 2279 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2280 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2281 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2282 } else { 2283 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2284 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2285 } 2286 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2287 wpi_rates[i].rate, idx)); 2288 } 2289 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2290 } 2291 2292 /* 2293 * Determine TX power index for a given channel/rate combination. 2294 * This takes into account the regulatory information from EEPROM and the 2295 * current temperature. 2296 */ 2297 int 2298 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2299 struct ieee80211_channel *c, int ridx) 2300 { 2301 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2302 #define fdivround(a, b, n) \ 2303 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2304 2305 /* Linear interpolation. */ 2306 #define interpolate(x, x1, y1, x2, y2, n) \ 2307 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2308 2309 struct ieee80211com *ic = &sc->sc_ic; 2310 struct wpi_power_sample *sample; 2311 int pwr, idx; 2312 u_int chan; 2313 2314 /* Get channel number. */ 2315 chan = ieee80211_chan2ieee(ic, c); 2316 2317 /* Default TX power is group maximum TX power minus 3dB. */ 2318 pwr = group->maxpwr / 2; 2319 2320 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2321 switch (ridx) { 2322 case WPI_RIDX_OFDM36: 2323 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2324 break; 2325 case WPI_RIDX_OFDM48: 2326 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2327 break; 2328 case WPI_RIDX_OFDM54: 2329 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2330 break; 2331 } 2332 2333 /* Never exceed the channel maximum allowed TX power. */ 2334 pwr = MIN(pwr, sc->maxpwr[chan]); 2335 2336 /* Retrieve TX power index into gain tables from samples. */ 2337 for (sample = group->samples; sample < &group->samples[3]; sample++) 2338 if (pwr > sample[1].power) 2339 break; 2340 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2341 idx = interpolate(pwr, sample[0].power, sample[0].index, 2342 sample[1].power, sample[1].index, 19); 2343 2344 /*- 2345 * Adjust power index based on current temperature: 2346 * - if cooler than factory-calibrated: decrease output power 2347 * - if warmer than factory-calibrated: increase output power 2348 */ 2349 idx -= (sc->temp - group->temp) * 11 / 100; 2350 2351 /* Decrease TX power for CCK rates (-5dB). */ 2352 if (ridx >= WPI_RIDX_CCK1) 2353 idx += 10; 2354 2355 /* Make sure idx stays in a valid range. */ 2356 if (idx < 0) 2357 idx = 0; 2358 else if (idx > WPI_MAX_PWR_INDEX) 2359 idx = WPI_MAX_PWR_INDEX; 2360 return idx; 2361 2362 #undef interpolate 2363 #undef fdivround 2364 } 2365 2366 /* 2367 * Set STA mode power saving level (between 0 and 5). 2368 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2369 */ 2370 int 2371 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2372 { 2373 struct wpi_pmgt_cmd cmd; 2374 const struct wpi_pmgt *pmgt; 2375 uint32_t max, skip_dtim; 2376 pcireg_t reg; 2377 int i; 2378 2379 /* Select which PS parameters to use. */ 2380 if (dtim <= 10) 2381 pmgt = &wpi_pmgt[0][level]; 2382 else 2383 pmgt = &wpi_pmgt[1][level]; 2384 2385 memset(&cmd, 0, sizeof cmd); 2386 if (level != 0) /* not CAM */ 2387 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2388 /* Retrieve PCIe Active State Power Management (ASPM). */ 2389 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2390 sc->sc_cap_off + PCI_PCIE_LCSR); 2391 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2392 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2393 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2394 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2395 2396 if (dtim == 0) { 2397 dtim = 1; 2398 skip_dtim = 0; 2399 } else 2400 skip_dtim = pmgt->skip_dtim; 2401 if (skip_dtim != 0) { 2402 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2403 max = pmgt->intval[4]; 2404 if (max == (uint32_t)-1) 2405 max = dtim * (skip_dtim + 1); 2406 else if (max > dtim) 2407 max = (max / dtim) * dtim; 2408 } else 2409 max = dtim; 2410 for (i = 0; i < 5; i++) 2411 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2412 2413 DPRINTF(("setting power saving level to %d\n", level)); 2414 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2415 } 2416 2417 int 2418 wpi_config(struct wpi_softc *sc) 2419 { 2420 struct ieee80211com *ic = &sc->sc_ic; 2421 struct ifnet *ifp = &ic->ic_if; 2422 struct wpi_bluetooth bluetooth; 2423 struct wpi_node_info node; 2424 int error; 2425 2426 /* Set power saving level to CAM during initialization. */ 2427 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2428 printf("%s: could not set power saving level\n", 2429 sc->sc_dev.dv_xname); 2430 return error; 2431 } 2432 2433 /* Configure bluetooth coexistence. */ 2434 memset(&bluetooth, 0, sizeof bluetooth); 2435 bluetooth.flags = WPI_BT_COEX_MODE_4WIRE; 2436 bluetooth.lead_time = WPI_BT_LEAD_TIME_DEF; 2437 bluetooth.max_kill = WPI_BT_MAX_KILL_DEF; 2438 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2439 if (error != 0) { 2440 printf("%s: could not configure bluetooth coexistence\n", 2441 sc->sc_dev.dv_xname); 2442 return error; 2443 } 2444 2445 /* Configure adapter. */ 2446 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2447 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2448 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2449 /* Set default channel. */ 2450 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2451 sc->rxon.flags = htole32(WPI_RXON_TSF); 2452 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2453 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2454 switch (ic->ic_opmode) { 2455 case IEEE80211_M_STA: 2456 sc->rxon.mode = WPI_MODE_STA; 2457 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2458 break; 2459 case IEEE80211_M_MONITOR: 2460 sc->rxon.mode = WPI_MODE_MONITOR; 2461 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2462 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2463 break; 2464 default: 2465 /* Should not get there. */ 2466 break; 2467 } 2468 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2469 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2470 DPRINTF(("setting configuration\n")); 2471 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2472 0); 2473 if (error != 0) { 2474 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2475 return error; 2476 } 2477 2478 /* Configuration has changed, set TX power accordingly. */ 2479 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2480 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2481 return error; 2482 } 2483 2484 /* Add broadcast node. */ 2485 memset(&node, 0, sizeof node); 2486 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2487 node.id = WPI_ID_BROADCAST; 2488 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2489 node.action = htole32(WPI_ACTION_SET_RATE); 2490 node.antenna = WPI_ANTENNA_BOTH; 2491 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2492 if (error != 0) { 2493 printf("%s: could not add broadcast node\n", 2494 sc->sc_dev.dv_xname); 2495 return error; 2496 } 2497 2498 if ((error = wpi_mrr_setup(sc)) != 0) { 2499 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2500 return error; 2501 } 2502 return 0; 2503 } 2504 2505 int 2506 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2507 { 2508 struct ieee80211com *ic = &sc->sc_ic; 2509 struct wpi_scan_hdr *hdr; 2510 struct wpi_cmd_data *tx; 2511 struct wpi_scan_essid *essid; 2512 struct wpi_scan_chan *chan; 2513 struct ieee80211_frame *wh; 2514 struct ieee80211_rateset *rs; 2515 struct ieee80211_channel *c; 2516 uint8_t *buf, *frm; 2517 int buflen, error; 2518 2519 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2520 if (buf == NULL) { 2521 printf("%s: could not allocate buffer for scan command\n", 2522 sc->sc_dev.dv_xname); 2523 return ENOMEM; 2524 } 2525 hdr = (struct wpi_scan_hdr *)buf; 2526 /* 2527 * Move to the next channel if no frames are received within 10ms 2528 * after sending the probe request. 2529 */ 2530 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2531 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2532 2533 tx = (struct wpi_cmd_data *)(hdr + 1); 2534 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2535 tx->id = WPI_ID_BROADCAST; 2536 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2537 2538 if (flags & IEEE80211_CHAN_5GHZ) { 2539 hdr->crc_threshold = htole16(1); 2540 /* Send probe requests at 6Mbps. */ 2541 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2542 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2543 } else { 2544 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2545 /* Send probe requests at 1Mbps. */ 2546 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2547 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2548 } 2549 2550 essid = (struct wpi_scan_essid *)(tx + 1); 2551 if (ic->ic_des_esslen != 0) { 2552 essid[0].id = IEEE80211_ELEMID_SSID; 2553 essid[0].len = ic->ic_des_esslen; 2554 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2555 } 2556 /* 2557 * Build a probe request frame. Most of the following code is a 2558 * copy & paste of what is done in net80211. 2559 */ 2560 wh = (struct ieee80211_frame *)(essid + 4); 2561 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2562 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2563 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2564 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2565 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2566 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2567 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2568 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2569 2570 frm = (uint8_t *)(wh + 1); 2571 frm = ieee80211_add_ssid(frm, NULL, 0); 2572 frm = ieee80211_add_rates(frm, rs); 2573 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2574 frm = ieee80211_add_xrates(frm, rs); 2575 2576 /* Set length of probe request. */ 2577 tx->len = htole16(frm - (uint8_t *)wh); 2578 2579 chan = (struct wpi_scan_chan *)frm; 2580 for (c = &ic->ic_channels[1]; 2581 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2582 if ((c->ic_flags & flags) != flags) 2583 continue; 2584 2585 chan->chan = ieee80211_chan2ieee(ic, c); 2586 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2587 chan->flags = 0; 2588 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2589 chan->flags |= WPI_CHAN_ACTIVE; 2590 if (ic->ic_des_esslen != 0) 2591 chan->flags |= WPI_CHAN_NPBREQS(1); 2592 chan->dsp_gain = 0x6e; 2593 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2594 chan->rf_gain = 0x3b; 2595 chan->active = htole16(24); 2596 chan->passive = htole16(110); 2597 } else { 2598 chan->rf_gain = 0x28; 2599 chan->active = htole16(36); 2600 chan->passive = htole16(120); 2601 } 2602 hdr->nchan++; 2603 chan++; 2604 } 2605 2606 buflen = (uint8_t *)chan - buf; 2607 hdr->len = htole16(buflen); 2608 2609 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2610 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2611 free(buf, M_DEVBUF, WPI_SCAN_MAXSZ); 2612 return error; 2613 } 2614 2615 int 2616 wpi_auth(struct wpi_softc *sc) 2617 { 2618 struct ieee80211com *ic = &sc->sc_ic; 2619 struct ieee80211_node *ni = ic->ic_bss; 2620 struct wpi_node_info node; 2621 int error; 2622 2623 /* Update adapter configuration. */ 2624 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2625 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2626 sc->rxon.flags = htole32(WPI_RXON_TSF); 2627 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2628 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2629 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2630 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2631 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2632 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2633 switch (ic->ic_curmode) { 2634 case IEEE80211_MODE_11A: 2635 sc->rxon.cck_mask = 0; 2636 sc->rxon.ofdm_mask = 0x15; 2637 break; 2638 case IEEE80211_MODE_11B: 2639 sc->rxon.cck_mask = 0x03; 2640 sc->rxon.ofdm_mask = 0; 2641 break; 2642 default: /* Assume 802.11b/g. */ 2643 sc->rxon.cck_mask = 0x0f; 2644 sc->rxon.ofdm_mask = 0x15; 2645 } 2646 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2647 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2648 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2649 1); 2650 if (error != 0) { 2651 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2652 return error; 2653 } 2654 2655 /* Configuration has changed, set TX power accordingly. */ 2656 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2657 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2658 return error; 2659 } 2660 /* 2661 * Reconfiguring RXON clears the firmware nodes table so we must 2662 * add the broadcast node again. 2663 */ 2664 memset(&node, 0, sizeof node); 2665 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2666 node.id = WPI_ID_BROADCAST; 2667 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2668 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2669 node.action = htole32(WPI_ACTION_SET_RATE); 2670 node.antenna = WPI_ANTENNA_BOTH; 2671 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2672 if (error != 0) { 2673 printf("%s: could not add broadcast node\n", 2674 sc->sc_dev.dv_xname); 2675 return error; 2676 } 2677 return 0; 2678 } 2679 2680 int 2681 wpi_run(struct wpi_softc *sc) 2682 { 2683 struct ieee80211com *ic = &sc->sc_ic; 2684 struct ieee80211_node *ni = ic->ic_bss; 2685 struct wpi_node_info node; 2686 int error; 2687 2688 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2689 /* Link LED blinks while monitoring. */ 2690 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2691 return 0; 2692 } 2693 if ((error = wpi_set_timing(sc, ni)) != 0) { 2694 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2695 return error; 2696 } 2697 2698 /* Update adapter configuration. */ 2699 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2700 /* Short preamble and slot time are negotiated when associating. */ 2701 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2702 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2703 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2704 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2705 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2706 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2707 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2708 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2709 1); 2710 if (error != 0) { 2711 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2712 return error; 2713 } 2714 2715 /* Configuration has changed, set TX power accordingly. */ 2716 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2717 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2718 return error; 2719 } 2720 2721 /* Fake a join to init the TX rate. */ 2722 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2723 wpi_newassoc(ic, ni, 1); 2724 2725 /* Add BSS node. */ 2726 memset(&node, 0, sizeof node); 2727 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2728 node.id = WPI_ID_BSS; 2729 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2730 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2731 node.action = htole32(WPI_ACTION_SET_RATE); 2732 node.antenna = WPI_ANTENNA_BOTH; 2733 DPRINTF(("adding BSS node\n")); 2734 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2735 if (error != 0) { 2736 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2737 return error; 2738 } 2739 2740 /* Start periodic calibration timer. */ 2741 sc->calib_cnt = 0; 2742 timeout_add_msec(&sc->calib_to, 500); 2743 2744 /* Link LED always on while associated. */ 2745 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2746 2747 /* Enable power-saving mode if requested by user. */ 2748 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2749 (void)wpi_set_pslevel(sc, 0, 3, 1); 2750 2751 return 0; 2752 } 2753 2754 /* 2755 * We support CCMP hardware encryption/decryption of unicast frames only. 2756 * HW support for TKIP really sucks. We should let TKIP die anyway. 2757 */ 2758 int 2759 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2760 struct ieee80211_key *k) 2761 { 2762 struct wpi_softc *sc = ic->ic_softc; 2763 struct wpi_node *wn = (void *)ni; 2764 struct wpi_node_info node; 2765 uint16_t kflags; 2766 2767 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2768 k->k_cipher != IEEE80211_CIPHER_CCMP) 2769 return ieee80211_set_key(ic, ni, k); 2770 2771 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2772 memset(&node, 0, sizeof node); 2773 node.id = wn->id; 2774 node.control = WPI_NODE_UPDATE; 2775 node.flags = WPI_FLAG_SET_KEY; 2776 node.kflags = htole16(kflags); 2777 memcpy(node.key, k->k_key, k->k_len); 2778 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2779 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2780 } 2781 2782 void 2783 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2784 struct ieee80211_key *k) 2785 { 2786 struct wpi_softc *sc = ic->ic_softc; 2787 struct wpi_node *wn = (void *)ni; 2788 struct wpi_node_info node; 2789 2790 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2791 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2792 /* See comment about other ciphers above. */ 2793 ieee80211_delete_key(ic, ni, k); 2794 return; 2795 } 2796 if (ic->ic_state != IEEE80211_S_RUN) 2797 return; /* Nothing to do. */ 2798 memset(&node, 0, sizeof node); 2799 node.id = wn->id; 2800 node.control = WPI_NODE_UPDATE; 2801 node.flags = WPI_FLAG_SET_KEY; 2802 node.kflags = 0; 2803 DPRINTF(("delete keys for node %d\n", node.id)); 2804 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2805 } 2806 2807 int 2808 wpi_post_alive(struct wpi_softc *sc) 2809 { 2810 int ntries, error; 2811 2812 /* Check (again) that the radio is not disabled. */ 2813 if ((error = wpi_nic_lock(sc)) != 0) 2814 return error; 2815 /* NB: Runtime firmware must be up and running. */ 2816 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2817 printf("%s: radio is disabled by hardware switch\n", 2818 sc->sc_dev.dv_xname); 2819 wpi_nic_unlock(sc); 2820 return EPERM; /* :-) */ 2821 } 2822 wpi_nic_unlock(sc); 2823 2824 /* Wait for thermal sensor to calibrate. */ 2825 for (ntries = 0; ntries < 1000; ntries++) { 2826 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2827 break; 2828 DELAY(10); 2829 } 2830 if (ntries == 1000) { 2831 printf("%s: timeout waiting for thermal sensor calibration\n", 2832 sc->sc_dev.dv_xname); 2833 return ETIMEDOUT; 2834 } 2835 DPRINTF(("temperature %d\n", sc->temp)); 2836 return 0; 2837 } 2838 2839 /* 2840 * The firmware boot code is small and is intended to be copied directly into 2841 * the NIC internal memory (no DMA transfer.) 2842 */ 2843 int 2844 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2845 { 2846 int error, ntries; 2847 2848 size /= sizeof (uint32_t); 2849 2850 if ((error = wpi_nic_lock(sc)) != 0) 2851 return error; 2852 2853 /* Copy microcode image into NIC memory. */ 2854 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2855 (const uint32_t *)ucode, size); 2856 2857 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2858 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2859 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2860 2861 /* Start boot load now. */ 2862 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2863 2864 /* Wait for transfer to complete. */ 2865 for (ntries = 0; ntries < 1000; ntries++) { 2866 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2867 WPI_BSM_WR_CTRL_START)) 2868 break; 2869 DELAY(10); 2870 } 2871 if (ntries == 1000) { 2872 printf("%s: could not load boot firmware\n", 2873 sc->sc_dev.dv_xname); 2874 wpi_nic_unlock(sc); 2875 return ETIMEDOUT; 2876 } 2877 2878 /* Enable boot after power up. */ 2879 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2880 2881 wpi_nic_unlock(sc); 2882 return 0; 2883 } 2884 2885 int 2886 wpi_load_firmware(struct wpi_softc *sc) 2887 { 2888 struct wpi_fw_info *fw = &sc->fw; 2889 struct wpi_dma_info *dma = &sc->fw_dma; 2890 int error; 2891 2892 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2893 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2894 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2895 BUS_DMASYNC_PREWRITE); 2896 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2897 fw->init.text, fw->init.textsz); 2898 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2899 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2900 2901 /* Tell adapter where to find initialization sections. */ 2902 if ((error = wpi_nic_lock(sc)) != 0) 2903 return error; 2904 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2905 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2906 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2907 dma->paddr + WPI_FW_DATA_MAXSZ); 2908 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2909 wpi_nic_unlock(sc); 2910 2911 /* Load firmware boot code. */ 2912 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2913 if (error != 0) { 2914 printf("%s: could not load boot firmware\n", 2915 sc->sc_dev.dv_xname); 2916 return error; 2917 } 2918 /* Now press "execute". */ 2919 WPI_WRITE(sc, WPI_RESET, 0); 2920 2921 /* Wait at most one second for first alive notification. */ 2922 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 2923 printf("%s: timeout waiting for adapter to initialize\n", 2924 sc->sc_dev.dv_xname); 2925 return error; 2926 } 2927 2928 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2929 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2930 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2931 BUS_DMASYNC_PREWRITE); 2932 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2933 fw->main.text, fw->main.textsz); 2934 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2935 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2936 2937 /* Tell adapter where to find runtime sections. */ 2938 if ((error = wpi_nic_lock(sc)) != 0) 2939 return error; 2940 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2941 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2942 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2943 dma->paddr + WPI_FW_DATA_MAXSZ); 2944 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2945 WPI_FW_UPDATED | fw->main.textsz); 2946 wpi_nic_unlock(sc); 2947 2948 return 0; 2949 } 2950 2951 int 2952 wpi_read_firmware(struct wpi_softc *sc) 2953 { 2954 struct wpi_fw_info *fw = &sc->fw; 2955 const struct wpi_firmware_hdr *hdr; 2956 size_t size; 2957 int error; 2958 2959 /* Read firmware image from filesystem. */ 2960 if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { 2961 printf("%s: error, %d, could not read firmware %s\n", 2962 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 2963 return error; 2964 } 2965 if (size < sizeof (*hdr)) { 2966 printf("%s: truncated firmware header: %zu bytes\n", 2967 sc->sc_dev.dv_xname, size); 2968 free(fw->data, M_DEVBUF, size); 2969 return EINVAL; 2970 } 2971 /* Extract firmware header information. */ 2972 hdr = (struct wpi_firmware_hdr *)fw->data; 2973 fw->main.textsz = letoh32(hdr->main_textsz); 2974 fw->main.datasz = letoh32(hdr->main_datasz); 2975 fw->init.textsz = letoh32(hdr->init_textsz); 2976 fw->init.datasz = letoh32(hdr->init_datasz); 2977 fw->boot.textsz = letoh32(hdr->boot_textsz); 2978 fw->boot.datasz = 0; 2979 2980 /* Sanity-check firmware header. */ 2981 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 2982 fw->main.datasz > WPI_FW_DATA_MAXSZ || 2983 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 2984 fw->init.datasz > WPI_FW_DATA_MAXSZ || 2985 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 2986 (fw->boot.textsz & 3) != 0) { 2987 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 2988 free(fw->data, M_DEVBUF, size); 2989 return EINVAL; 2990 } 2991 2992 /* Check that all firmware sections fit. */ 2993 if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 2994 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 2995 printf("%s: firmware file too short: %zu bytes\n", 2996 sc->sc_dev.dv_xname, size); 2997 free(fw->data, M_DEVBUF, size); 2998 return EINVAL; 2999 } 3000 3001 /* Get pointers to firmware sections. */ 3002 fw->main.text = (const uint8_t *)(hdr + 1); 3003 fw->main.data = fw->main.text + fw->main.textsz; 3004 fw->init.text = fw->main.data + fw->main.datasz; 3005 fw->init.data = fw->init.text + fw->init.textsz; 3006 fw->boot.text = fw->init.data + fw->init.datasz; 3007 3008 return 0; 3009 } 3010 3011 int 3012 wpi_clock_wait(struct wpi_softc *sc) 3013 { 3014 int ntries; 3015 3016 /* Set "initialization complete" bit. */ 3017 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 3018 3019 /* Wait for clock stabilization. */ 3020 for (ntries = 0; ntries < 25000; ntries++) { 3021 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3022 return 0; 3023 DELAY(100); 3024 } 3025 printf("%s: timeout waiting for clock stabilization\n", 3026 sc->sc_dev.dv_xname); 3027 return ETIMEDOUT; 3028 } 3029 3030 int 3031 wpi_apm_init(struct wpi_softc *sc) 3032 { 3033 int error; 3034 3035 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3036 /* Disable L0s. */ 3037 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3038 3039 if ((error = wpi_clock_wait(sc)) != 0) 3040 return error; 3041 3042 if ((error = wpi_nic_lock(sc)) != 0) 3043 return error; 3044 /* Enable DMA. */ 3045 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3046 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3047 DELAY(20); 3048 /* Disable L1. */ 3049 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3050 wpi_nic_unlock(sc); 3051 3052 return 0; 3053 } 3054 3055 void 3056 wpi_apm_stop_master(struct wpi_softc *sc) 3057 { 3058 int ntries; 3059 3060 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3061 3062 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3063 WPI_GP_CNTRL_MAC_PS) 3064 return; /* Already asleep. */ 3065 3066 for (ntries = 0; ntries < 100; ntries++) { 3067 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3068 return; 3069 DELAY(10); 3070 } 3071 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3072 } 3073 3074 void 3075 wpi_apm_stop(struct wpi_softc *sc) 3076 { 3077 wpi_apm_stop_master(sc); 3078 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3079 } 3080 3081 void 3082 wpi_nic_config(struct wpi_softc *sc) 3083 { 3084 pcireg_t reg; 3085 uint8_t rev; 3086 3087 /* Voodoo from the reference driver. */ 3088 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3089 rev = PCI_REVISION(reg); 3090 if ((rev & 0xc0) == 0x40) 3091 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3092 else if (!(rev & 0x80)) 3093 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3094 3095 if (sc->cap == 0x80) 3096 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3097 3098 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3099 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3100 else 3101 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3102 3103 if (sc->type > 1) 3104 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3105 } 3106 3107 int 3108 wpi_hw_init(struct wpi_softc *sc) 3109 { 3110 int chnl, ntries, error; 3111 3112 /* Clear pending interrupts. */ 3113 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3114 3115 if ((error = wpi_apm_init(sc)) != 0) { 3116 printf("%s: could not power ON adapter\n", 3117 sc->sc_dev.dv_xname); 3118 return error; 3119 } 3120 3121 /* Select VMAIN power source. */ 3122 if ((error = wpi_nic_lock(sc)) != 0) 3123 return error; 3124 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3125 wpi_nic_unlock(sc); 3126 /* Spin until VMAIN gets selected. */ 3127 for (ntries = 0; ntries < 5000; ntries++) { 3128 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3129 break; 3130 DELAY(10); 3131 } 3132 if (ntries == 5000) { 3133 printf("%s: timeout selecting power source\n", 3134 sc->sc_dev.dv_xname); 3135 return ETIMEDOUT; 3136 } 3137 3138 /* Perform adapter initialization. */ 3139 (void)wpi_nic_config(sc); 3140 3141 /* Initialize RX ring. */ 3142 if ((error = wpi_nic_lock(sc)) != 0) 3143 return error; 3144 /* Set physical address of RX ring. */ 3145 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3146 /* Set physical address of RX read pointer. */ 3147 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3148 offsetof(struct wpi_shared, next)); 3149 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3150 /* Enable RX. */ 3151 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3152 WPI_FH_RX_CONFIG_DMA_ENA | 3153 WPI_FH_RX_CONFIG_RDRBD_ENA | 3154 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3155 WPI_FH_RX_CONFIG_MAXFRAG | 3156 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3157 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3158 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3159 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3160 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3161 wpi_nic_unlock(sc); 3162 3163 /* Initialize TX rings. */ 3164 if ((error = wpi_nic_lock(sc)) != 0) 3165 return error; 3166 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3167 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3168 /* Enable all 6 TX rings. */ 3169 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3170 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3171 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3172 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3173 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3174 /* Set physical address of TX rings. */ 3175 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3176 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3177 3178 /* Enable all DMA channels. */ 3179 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3180 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 3181 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 3182 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 3183 } 3184 wpi_nic_unlock(sc); 3185 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3186 3187 /* Clear "radio off" and "commands blocked" bits. */ 3188 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3189 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3190 3191 /* Clear pending interrupts. */ 3192 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3193 /* Enable interrupts. */ 3194 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3195 3196 /* _Really_ make sure "radio off" bit is cleared! */ 3197 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3198 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3199 3200 if ((error = wpi_load_firmware(sc)) != 0) { 3201 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3202 return error; 3203 } 3204 /* Wait at most one second for firmware alive notification. */ 3205 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 3206 printf("%s: timeout waiting for adapter to initialize\n", 3207 sc->sc_dev.dv_xname); 3208 return error; 3209 } 3210 /* Do post-firmware initialization. */ 3211 return wpi_post_alive(sc); 3212 } 3213 3214 void 3215 wpi_hw_stop(struct wpi_softc *sc) 3216 { 3217 int chnl, qid, ntries; 3218 uint32_t tmp; 3219 3220 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3221 3222 /* Disable interrupts. */ 3223 WPI_WRITE(sc, WPI_MASK, 0); 3224 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3225 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3226 3227 /* Make sure we no longer hold the NIC lock. */ 3228 wpi_nic_unlock(sc); 3229 3230 if (wpi_nic_lock(sc) == 0) { 3231 /* Stop TX scheduler. */ 3232 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3233 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 3234 3235 /* Stop all DMA channels. */ 3236 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3237 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 3238 for (ntries = 0; ntries < 100; ntries++) { 3239 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 3240 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) == 3241 WPI_FH_TX_STATUS_IDLE(chnl)) 3242 break; 3243 DELAY(10); 3244 } 3245 } 3246 wpi_nic_unlock(sc); 3247 } 3248 3249 /* Stop RX ring. */ 3250 wpi_reset_rx_ring(sc, &sc->rxq); 3251 3252 /* Reset all TX rings. */ 3253 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3254 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3255 3256 if (wpi_nic_lock(sc) == 0) { 3257 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3258 wpi_nic_unlock(sc); 3259 } 3260 DELAY(5); 3261 /* Power OFF adapter. */ 3262 wpi_apm_stop(sc); 3263 } 3264 3265 int 3266 wpi_init(struct ifnet *ifp) 3267 { 3268 struct wpi_softc *sc = ifp->if_softc; 3269 struct ieee80211com *ic = &sc->sc_ic; 3270 int error; 3271 3272 #ifdef notyet 3273 /* Check that the radio is not disabled by hardware switch. */ 3274 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3275 printf("%s: radio is disabled by hardware switch\n", 3276 sc->sc_dev.dv_xname); 3277 error = EPERM; /* :-) */ 3278 goto fail; 3279 } 3280 #endif 3281 /* Read firmware images from the filesystem. */ 3282 if ((error = wpi_read_firmware(sc)) != 0) { 3283 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3284 goto fail; 3285 } 3286 3287 /* Initialize hardware and upload firmware. */ 3288 error = wpi_hw_init(sc); 3289 free(sc->fw.data, M_DEVBUF, 0); 3290 if (error != 0) { 3291 printf("%s: could not initialize hardware\n", 3292 sc->sc_dev.dv_xname); 3293 goto fail; 3294 } 3295 3296 /* Configure adapter now that it is ready. */ 3297 if ((error = wpi_config(sc)) != 0) { 3298 printf("%s: could not configure device\n", 3299 sc->sc_dev.dv_xname); 3300 goto fail; 3301 } 3302 3303 ifq_clr_oactive(&ifp->if_snd); 3304 ifp->if_flags |= IFF_RUNNING; 3305 3306 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3307 ieee80211_begin_scan(ifp); 3308 else 3309 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3310 3311 return 0; 3312 3313 fail: wpi_stop(ifp, 1); 3314 return error; 3315 } 3316 3317 void 3318 wpi_stop(struct ifnet *ifp, int disable) 3319 { 3320 struct wpi_softc *sc = ifp->if_softc; 3321 struct ieee80211com *ic = &sc->sc_ic; 3322 3323 ifp->if_timer = sc->sc_tx_timer = 0; 3324 ifp->if_flags &= ~IFF_RUNNING; 3325 ifq_clr_oactive(&ifp->if_snd); 3326 3327 /* In case we were scanning, release the scan "lock". */ 3328 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 3329 3330 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3331 3332 /* Power OFF hardware. */ 3333 wpi_hw_stop(sc); 3334 } 3335