1 /* $OpenBSD: if_wpi.c,v 1.158 2024/05/24 06:02:57 jsg Exp $ */
2
3 /*-
4 * Copyright (c) 2006-2008
5 * Damien Bergamini <damien.bergamini@free.fr>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /*
21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters.
22 */
23
24 #include "bpfilter.h"
25
26 #include <sys/param.h>
27 #include <sys/sockio.h>
28 #include <sys/mbuf.h>
29 #include <sys/rwlock.h>
30 #include <sys/systm.h>
31 #include <sys/malloc.h>
32 #include <sys/device.h>
33 #include <sys/task.h>
34 #include <sys/endian.h>
35
36 #include <machine/bus.h>
37 #include <machine/intr.h>
38
39 #include <dev/pci/pcireg.h>
40 #include <dev/pci/pcivar.h>
41 #include <dev/pci/pcidevs.h>
42
43 #if NBPFILTER > 0
44 #include <net/bpf.h>
45 #endif
46 #include <net/if.h>
47 #include <net/if_dl.h>
48 #include <net/if_media.h>
49
50 #include <netinet/in.h>
51 #include <netinet/if_ether.h>
52
53 #include <net80211/ieee80211_var.h>
54 #include <net80211/ieee80211_amrr.h>
55 #include <net80211/ieee80211_radiotap.h>
56
57 #include <dev/pci/if_wpireg.h>
58 #include <dev/pci/if_wpivar.h>
59
60 static const struct pci_matchid wpi_devices[] = {
61 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 },
62 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 }
63 };
64
65 int wpi_match(struct device *, void *, void *);
66 void wpi_attach(struct device *, struct device *, void *);
67 #if NBPFILTER > 0
68 void wpi_radiotap_attach(struct wpi_softc *);
69 #endif
70 int wpi_detach(struct device *, int);
71 int wpi_activate(struct device *, int);
72 void wpi_wakeup(struct wpi_softc *);
73 void wpi_init_task(void *);
74 int wpi_nic_lock(struct wpi_softc *);
75 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int);
76 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *,
77 void **, bus_size_t, bus_size_t);
78 void wpi_dma_contig_free(struct wpi_dma_info *);
79 int wpi_alloc_shared(struct wpi_softc *);
80 void wpi_free_shared(struct wpi_softc *);
81 int wpi_alloc_fwmem(struct wpi_softc *);
82 void wpi_free_fwmem(struct wpi_softc *);
83 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *);
84 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *);
85 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *);
86 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *,
87 int);
88 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *);
89 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *);
90 int wpi_read_eeprom(struct wpi_softc *);
91 void wpi_read_eeprom_channels(struct wpi_softc *, int);
92 void wpi_read_eeprom_group(struct wpi_softc *, int);
93 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *);
94 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *,
95 int);
96 int wpi_media_change(struct ifnet *);
97 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int);
98 void wpi_iter_func(void *, struct ieee80211_node *);
99 void wpi_calib_timeout(void *);
100 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *,
101 struct ieee80211_key *);
102 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *,
103 struct wpi_rx_data *, struct mbuf_list *);
104 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *);
105 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *);
106 void wpi_notif_intr(struct wpi_softc *);
107 void wpi_fatal_intr(struct wpi_softc *);
108 int wpi_intr(void *);
109 int wpi_tx(struct wpi_softc *, struct mbuf *,
110 struct ieee80211_node *);
111 void wpi_start(struct ifnet *);
112 void wpi_watchdog(struct ifnet *);
113 int wpi_ioctl(struct ifnet *, u_long, caddr_t);
114 int wpi_cmd(struct wpi_softc *, int, const void *, int, int);
115 int wpi_mrr_setup(struct wpi_softc *);
116 void wpi_updateedca(struct ieee80211com *);
117 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t);
118 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *);
119 void wpi_power_calibration(struct wpi_softc *);
120 int wpi_set_txpower(struct wpi_softc *, int);
121 int wpi_get_power_index(struct wpi_softc *,
122 struct wpi_power_group *, struct ieee80211_channel *, int);
123 int wpi_set_pslevel(struct wpi_softc *, int, int, int);
124 int wpi_config(struct wpi_softc *);
125 int wpi_scan(struct wpi_softc *, uint16_t);
126 int wpi_auth(struct wpi_softc *);
127 int wpi_run(struct wpi_softc *);
128 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *,
129 struct ieee80211_key *);
130 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *,
131 struct ieee80211_key *);
132 int wpi_post_alive(struct wpi_softc *);
133 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int);
134 int wpi_load_firmware(struct wpi_softc *);
135 int wpi_read_firmware(struct wpi_softc *);
136 int wpi_clock_wait(struct wpi_softc *);
137 int wpi_apm_init(struct wpi_softc *);
138 void wpi_apm_stop_master(struct wpi_softc *);
139 void wpi_apm_stop(struct wpi_softc *);
140 void wpi_nic_config(struct wpi_softc *);
141 int wpi_hw_init(struct wpi_softc *);
142 void wpi_hw_stop(struct wpi_softc *);
143 int wpi_init(struct ifnet *);
144 void wpi_stop(struct ifnet *, int);
145
146 #ifdef WPI_DEBUG
147 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0)
148 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0)
149 int wpi_debug = 0;
150 #else
151 #define DPRINTF(x)
152 #define DPRINTFN(n, x)
153 #endif
154
155 struct cfdriver wpi_cd = {
156 NULL, "wpi", DV_IFNET
157 };
158
159 const struct cfattach wpi_ca = {
160 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach,
161 wpi_activate
162 };
163
164 int
wpi_match(struct device * parent,void * match,void * aux)165 wpi_match(struct device *parent, void *match, void *aux)
166 {
167 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices,
168 nitems(wpi_devices));
169 }
170
171 void
wpi_attach(struct device * parent,struct device * self,void * aux)172 wpi_attach(struct device *parent, struct device *self, void *aux)
173 {
174 struct wpi_softc *sc = (struct wpi_softc *)self;
175 struct ieee80211com *ic = &sc->sc_ic;
176 struct ifnet *ifp = &ic->ic_if;
177 struct pci_attach_args *pa = aux;
178 const char *intrstr;
179 pci_intr_handle_t ih;
180 pcireg_t memtype, reg;
181 int i, error;
182
183 sc->sc_pct = pa->pa_pc;
184 sc->sc_pcitag = pa->pa_tag;
185 sc->sc_dmat = pa->pa_dmat;
186
187 /*
188 * Get the offset of the PCI Express Capability Structure in PCI
189 * Configuration Space (the vendor driver hard-codes it as E0h.)
190 */
191 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag,
192 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL);
193 if (error == 0) {
194 printf(": PCIe capability structure not found!\n");
195 return;
196 }
197
198 /* Clear device-specific "PCI retry timeout" register (41h). */
199 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40);
200 reg &= ~0xff00;
201 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg);
202
203 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0);
204 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st,
205 &sc->sc_sh, NULL, &sc->sc_sz, 0);
206 if (error != 0) {
207 printf(": can't map mem space\n");
208 return;
209 }
210
211 /* Install interrupt handler. */
212 if (pci_intr_map_msi(pa, &ih) != 0 && pci_intr_map(pa, &ih) != 0) {
213 printf(": can't map interrupt\n");
214 return;
215 }
216 intrstr = pci_intr_string(sc->sc_pct, ih);
217 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc,
218 sc->sc_dev.dv_xname);
219 if (sc->sc_ih == NULL) {
220 printf(": can't establish interrupt");
221 if (intrstr != NULL)
222 printf(" at %s", intrstr);
223 printf("\n");
224 return;
225 }
226 printf(": %s", intrstr);
227
228 /* Power ON adapter. */
229 if ((error = wpi_apm_init(sc)) != 0) {
230 printf(": could not power ON adapter\n");
231 return;
232 }
233
234 /* Read MAC address, channels, etc from EEPROM. */
235 if ((error = wpi_read_eeprom(sc)) != 0) {
236 printf(": could not read EEPROM\n");
237 return;
238 }
239
240 /* Allocate DMA memory for firmware transfers. */
241 if ((error = wpi_alloc_fwmem(sc)) != 0) {
242 printf(": could not allocate memory for firmware\n");
243 return;
244 }
245
246 /* Allocate shared area. */
247 if ((error = wpi_alloc_shared(sc)) != 0) {
248 printf(": could not allocate shared area\n");
249 goto fail1;
250 }
251
252 /* Allocate TX rings. */
253 for (i = 0; i < WPI_NTXQUEUES; i++) {
254 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) {
255 printf(": could not allocate TX ring %d\n", i);
256 goto fail2;
257 }
258 }
259
260 /* Allocate RX ring. */
261 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) {
262 printf(": could not allocate Rx ring\n");
263 goto fail2;
264 }
265
266 /* Power OFF adapter. */
267 wpi_apm_stop(sc);
268 /* Clear pending interrupts. */
269 WPI_WRITE(sc, WPI_INT, 0xffffffff);
270
271 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
272 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
273 ic->ic_state = IEEE80211_S_INIT;
274
275 /* Set device capabilities. */
276 ic->ic_caps =
277 IEEE80211_C_WEP | /* WEP */
278 IEEE80211_C_RSN | /* WPA/RSN */
279 IEEE80211_C_SCANALL | /* device scans all channels at once */
280 IEEE80211_C_SCANALLBAND | /* driver scans all bands at once */
281 IEEE80211_C_MONITOR | /* monitor mode supported */
282 IEEE80211_C_SHSLOT | /* short slot time supported */
283 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
284 IEEE80211_C_PMGT; /* power saving supported */
285
286 /* Set supported rates. */
287 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b;
288 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g;
289 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) {
290 ic->ic_sup_rates[IEEE80211_MODE_11A] =
291 ieee80211_std_rateset_11a;
292 }
293
294 /* IBSS channel undefined for now. */
295 ic->ic_ibss_chan = &ic->ic_channels[0];
296
297 ifp->if_softc = sc;
298 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
299 ifp->if_ioctl = wpi_ioctl;
300 ifp->if_start = wpi_start;
301 ifp->if_watchdog = wpi_watchdog;
302 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ);
303
304 if_attach(ifp);
305 ieee80211_ifattach(ifp);
306 ic->ic_node_alloc = wpi_node_alloc;
307 ic->ic_newassoc = wpi_newassoc;
308 ic->ic_updateedca = wpi_updateedca;
309 ic->ic_set_key = wpi_set_key;
310 ic->ic_delete_key = wpi_delete_key;
311
312 /* Override 802.11 state transition machine. */
313 sc->sc_newstate = ic->ic_newstate;
314 ic->ic_newstate = wpi_newstate;
315 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status);
316
317 sc->amrr.amrr_min_success_threshold = 1;
318 sc->amrr.amrr_max_success_threshold = 15;
319
320 #if NBPFILTER > 0
321 wpi_radiotap_attach(sc);
322 #endif
323 timeout_set(&sc->calib_to, wpi_calib_timeout, sc);
324 rw_init(&sc->sc_rwlock, "wpilock");
325 task_set(&sc->init_task, wpi_init_task, sc);
326 return;
327
328 /* Free allocated memory if something failed during attachment. */
329 fail2: while (--i >= 0)
330 wpi_free_tx_ring(sc, &sc->txq[i]);
331 wpi_free_shared(sc);
332 fail1: wpi_free_fwmem(sc);
333 }
334
335 #if NBPFILTER > 0
336 /*
337 * Attach the interface to 802.11 radiotap.
338 */
339 void
wpi_radiotap_attach(struct wpi_softc * sc)340 wpi_radiotap_attach(struct wpi_softc *sc)
341 {
342 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO,
343 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN);
344
345 sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
346 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
347 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT);
348
349 sc->sc_txtap_len = sizeof sc->sc_txtapu;
350 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
351 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT);
352 }
353 #endif
354
355 int
wpi_detach(struct device * self,int flags)356 wpi_detach(struct device *self, int flags)
357 {
358 struct wpi_softc *sc = (struct wpi_softc *)self;
359 struct ifnet *ifp = &sc->sc_ic.ic_if;
360 int qid;
361
362 timeout_del(&sc->calib_to);
363 task_del(systq, &sc->init_task);
364
365 /* Uninstall interrupt handler. */
366 if (sc->sc_ih != NULL)
367 pci_intr_disestablish(sc->sc_pct, sc->sc_ih);
368
369 /* Free DMA resources. */
370 wpi_free_rx_ring(sc, &sc->rxq);
371 for (qid = 0; qid < WPI_NTXQUEUES; qid++)
372 wpi_free_tx_ring(sc, &sc->txq[qid]);
373 wpi_free_shared(sc);
374 wpi_free_fwmem(sc);
375
376 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz);
377
378 ieee80211_ifdetach(ifp);
379 if_detach(ifp);
380
381 return 0;
382 }
383
384 int
wpi_activate(struct device * self,int act)385 wpi_activate(struct device *self, int act)
386 {
387 struct wpi_softc *sc = (struct wpi_softc *)self;
388 struct ifnet *ifp = &sc->sc_ic.ic_if;
389
390 switch (act) {
391 case DVACT_SUSPEND:
392 if (ifp->if_flags & IFF_RUNNING)
393 wpi_stop(ifp, 0);
394 break;
395 case DVACT_WAKEUP:
396 wpi_wakeup(sc);
397 break;
398 }
399
400 return 0;
401 }
402
403 void
wpi_wakeup(struct wpi_softc * sc)404 wpi_wakeup(struct wpi_softc *sc)
405 {
406 pcireg_t reg;
407
408 /* Clear device-specific "PCI retry timeout" register (41h). */
409 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40);
410 reg &= ~0xff00;
411 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg);
412
413 wpi_init_task(sc);
414 }
415
416 void
wpi_init_task(void * arg1)417 wpi_init_task(void *arg1)
418 {
419 struct wpi_softc *sc = arg1;
420 struct ifnet *ifp = &sc->sc_ic.ic_if;
421 int s;
422
423 rw_enter_write(&sc->sc_rwlock);
424 s = splnet();
425
426 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP)
427 wpi_init(ifp);
428
429 splx(s);
430 rw_exit_write(&sc->sc_rwlock);
431 }
432
433 int
wpi_nic_lock(struct wpi_softc * sc)434 wpi_nic_lock(struct wpi_softc *sc)
435 {
436 int ntries;
437
438 /* Request exclusive access to NIC. */
439 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
440
441 /* Spin until we actually get the lock. */
442 for (ntries = 0; ntries < 1000; ntries++) {
443 if ((WPI_READ(sc, WPI_GP_CNTRL) &
444 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) ==
445 WPI_GP_CNTRL_MAC_ACCESS_ENA)
446 return 0;
447 DELAY(10);
448 }
449 return ETIMEDOUT;
450 }
451
452 static __inline void
wpi_nic_unlock(struct wpi_softc * sc)453 wpi_nic_unlock(struct wpi_softc *sc)
454 {
455 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
456 }
457
458 static __inline uint32_t
wpi_prph_read(struct wpi_softc * sc,uint32_t addr)459 wpi_prph_read(struct wpi_softc *sc, uint32_t addr)
460 {
461 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr);
462 WPI_BARRIER_READ_WRITE(sc);
463 return WPI_READ(sc, WPI_PRPH_RDATA);
464 }
465
466 static __inline void
wpi_prph_write(struct wpi_softc * sc,uint32_t addr,uint32_t data)467 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data)
468 {
469 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr);
470 WPI_BARRIER_WRITE(sc);
471 WPI_WRITE(sc, WPI_PRPH_WDATA, data);
472 }
473
474 static __inline void
wpi_prph_setbits(struct wpi_softc * sc,uint32_t addr,uint32_t mask)475 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask)
476 {
477 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask);
478 }
479
480 static __inline void
wpi_prph_clrbits(struct wpi_softc * sc,uint32_t addr,uint32_t mask)481 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask)
482 {
483 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask);
484 }
485
486 static __inline void
wpi_prph_write_region_4(struct wpi_softc * sc,uint32_t addr,const uint32_t * data,int count)487 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr,
488 const uint32_t *data, int count)
489 {
490 for (; count > 0; count--, data++, addr += 4)
491 wpi_prph_write(sc, addr, *data);
492 }
493
494 #ifdef WPI_DEBUG
495
496 static __inline uint32_t
wpi_mem_read(struct wpi_softc * sc,uint32_t addr)497 wpi_mem_read(struct wpi_softc *sc, uint32_t addr)
498 {
499 WPI_WRITE(sc, WPI_MEM_RADDR, addr);
500 WPI_BARRIER_READ_WRITE(sc);
501 return WPI_READ(sc, WPI_MEM_RDATA);
502 }
503
504 static __inline void
wpi_mem_write(struct wpi_softc * sc,uint32_t addr,uint32_t data)505 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data)
506 {
507 WPI_WRITE(sc, WPI_MEM_WADDR, addr);
508 WPI_BARRIER_WRITE(sc);
509 WPI_WRITE(sc, WPI_MEM_WDATA, data);
510 }
511
512 static __inline void
wpi_mem_read_region_4(struct wpi_softc * sc,uint32_t addr,uint32_t * data,int count)513 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data,
514 int count)
515 {
516 for (; count > 0; count--, addr += 4)
517 *data++ = wpi_mem_read(sc, addr);
518 }
519
520 #endif
521
522 int
wpi_read_prom_data(struct wpi_softc * sc,uint32_t addr,void * data,int count)523 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count)
524 {
525 uint8_t *out = data;
526 uint32_t val;
527 int error, ntries;
528
529 if ((error = wpi_nic_lock(sc)) != 0)
530 return error;
531
532 for (; count > 0; count -= 2, addr++) {
533 WPI_WRITE(sc, WPI_EEPROM, addr << 2);
534 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD);
535
536 for (ntries = 0; ntries < 10; ntries++) {
537 val = WPI_READ(sc, WPI_EEPROM);
538 if (val & WPI_EEPROM_READ_VALID)
539 break;
540 DELAY(5);
541 }
542 if (ntries == 10) {
543 printf("%s: could not read EEPROM\n",
544 sc->sc_dev.dv_xname);
545 return ETIMEDOUT;
546 }
547 *out++ = val >> 16;
548 if (count > 1)
549 *out++ = val >> 24;
550 }
551
552 wpi_nic_unlock(sc);
553 return 0;
554 }
555
556 int
wpi_dma_contig_alloc(bus_dma_tag_t tag,struct wpi_dma_info * dma,void ** kvap,bus_size_t size,bus_size_t alignment)557 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap,
558 bus_size_t size, bus_size_t alignment)
559 {
560 int nsegs, error;
561
562 dma->tag = tag;
563 dma->size = size;
564
565 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT,
566 &dma->map);
567 if (error != 0)
568 goto fail;
569
570 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs,
571 BUS_DMA_NOWAIT | BUS_DMA_ZERO);
572 if (error != 0)
573 goto fail;
574
575 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr,
576 BUS_DMA_NOWAIT | BUS_DMA_COHERENT);
577 if (error != 0)
578 goto fail;
579
580 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size,
581 BUS_DMA_NOWAIT);
582 if (error != 0)
583 goto fail;
584
585 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE);
586
587 dma->paddr = dma->map->dm_segs[0].ds_addr;
588 if (kvap != NULL)
589 *kvap = dma->vaddr;
590
591 return 0;
592
593 fail: wpi_dma_contig_free(dma);
594 return error;
595 }
596
597 void
wpi_dma_contig_free(struct wpi_dma_info * dma)598 wpi_dma_contig_free(struct wpi_dma_info *dma)
599 {
600 if (dma->map != NULL) {
601 if (dma->vaddr != NULL) {
602 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size,
603 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
604 bus_dmamap_unload(dma->tag, dma->map);
605 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size);
606 bus_dmamem_free(dma->tag, &dma->seg, 1);
607 dma->vaddr = NULL;
608 }
609 bus_dmamap_destroy(dma->tag, dma->map);
610 dma->map = NULL;
611 }
612 }
613
614 int
wpi_alloc_shared(struct wpi_softc * sc)615 wpi_alloc_shared(struct wpi_softc *sc)
616 {
617 /* Shared buffer must be aligned on a 4KB boundary. */
618 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma,
619 (void **)&sc->shared, sizeof (struct wpi_shared), 4096);
620 }
621
622 void
wpi_free_shared(struct wpi_softc * sc)623 wpi_free_shared(struct wpi_softc *sc)
624 {
625 wpi_dma_contig_free(&sc->shared_dma);
626 }
627
628 int
wpi_alloc_fwmem(struct wpi_softc * sc)629 wpi_alloc_fwmem(struct wpi_softc *sc)
630 {
631 /* Allocate enough contiguous space to store text and data. */
632 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL,
633 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16);
634 }
635
636 void
wpi_free_fwmem(struct wpi_softc * sc)637 wpi_free_fwmem(struct wpi_softc *sc)
638 {
639 wpi_dma_contig_free(&sc->fw_dma);
640 }
641
642 int
wpi_alloc_rx_ring(struct wpi_softc * sc,struct wpi_rx_ring * ring)643 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring)
644 {
645 bus_size_t size;
646 int i, error;
647
648 ring->cur = 0;
649
650 /* Allocate RX descriptors (16KB aligned.) */
651 size = WPI_RX_RING_COUNT * sizeof (uint32_t);
652 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma,
653 (void **)&ring->desc, size, 16 * 1024);
654 if (error != 0) {
655 printf("%s: could not allocate RX ring DMA memory\n",
656 sc->sc_dev.dv_xname);
657 goto fail;
658 }
659
660 /*
661 * Allocate and map RX buffers.
662 */
663 for (i = 0; i < WPI_RX_RING_COUNT; i++) {
664 struct wpi_rx_data *data = &ring->data[i];
665
666 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1,
667 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map);
668 if (error != 0) {
669 printf("%s: could not create RX buf DMA map\n",
670 sc->sc_dev.dv_xname);
671 goto fail;
672 }
673
674 data->m = MCLGETL(NULL, M_DONTWAIT, WPI_RBUF_SIZE);
675 if (data->m == NULL) {
676 printf("%s: could not allocate RX mbuf\n",
677 sc->sc_dev.dv_xname);
678 error = ENOBUFS;
679 goto fail;
680 }
681
682 error = bus_dmamap_load(sc->sc_dmat, data->map,
683 mtod(data->m, void *), WPI_RBUF_SIZE, NULL,
684 BUS_DMA_NOWAIT | BUS_DMA_READ);
685 if (error != 0) {
686 printf("%s: can't map mbuf (error %d)\n",
687 sc->sc_dev.dv_xname, error);
688 goto fail;
689 }
690
691 /* Set physical address of RX buffer. */
692 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr);
693 }
694
695 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size,
696 BUS_DMASYNC_PREWRITE);
697
698 return 0;
699
700 fail: wpi_free_rx_ring(sc, ring);
701 return error;
702 }
703
704 void
wpi_reset_rx_ring(struct wpi_softc * sc,struct wpi_rx_ring * ring)705 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring)
706 {
707 int ntries;
708
709 if (wpi_nic_lock(sc) == 0) {
710 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0);
711 for (ntries = 0; ntries < 100; ntries++) {
712 if (WPI_READ(sc, WPI_FH_RX_STATUS) &
713 WPI_FH_RX_STATUS_IDLE)
714 break;
715 DELAY(10);
716 }
717 wpi_nic_unlock(sc);
718 }
719 ring->cur = 0;
720 }
721
722 void
wpi_free_rx_ring(struct wpi_softc * sc,struct wpi_rx_ring * ring)723 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring)
724 {
725 int i;
726
727 wpi_dma_contig_free(&ring->desc_dma);
728
729 for (i = 0; i < WPI_RX_RING_COUNT; i++) {
730 struct wpi_rx_data *data = &ring->data[i];
731
732 if (data->m != NULL) {
733 bus_dmamap_sync(sc->sc_dmat, data->map, 0,
734 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD);
735 bus_dmamap_unload(sc->sc_dmat, data->map);
736 m_freem(data->m);
737 }
738 if (data->map != NULL)
739 bus_dmamap_destroy(sc->sc_dmat, data->map);
740 }
741 }
742
743 int
wpi_alloc_tx_ring(struct wpi_softc * sc,struct wpi_tx_ring * ring,int qid)744 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid)
745 {
746 bus_addr_t paddr;
747 bus_size_t size;
748 int i, error;
749
750 ring->qid = qid;
751 ring->queued = 0;
752 ring->cur = 0;
753
754 /* Allocate TX descriptors (16KB aligned.) */
755 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc);
756 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma,
757 (void **)&ring->desc, size, 16 * 1024);
758 if (error != 0) {
759 printf("%s: could not allocate TX ring DMA memory\n",
760 sc->sc_dev.dv_xname);
761 goto fail;
762 }
763
764 /* Update shared area with ring physical address. */
765 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr);
766 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0,
767 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE);
768
769 /*
770 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need
771 * to allocate commands space for other rings.
772 * XXX Do we really need to allocate descriptors for other rings?
773 */
774 if (qid > 4)
775 return 0;
776
777 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd);
778 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma,
779 (void **)&ring->cmd, size, 4);
780 if (error != 0) {
781 printf("%s: could not allocate TX cmd DMA memory\n",
782 sc->sc_dev.dv_xname);
783 goto fail;
784 }
785
786 paddr = ring->cmd_dma.paddr;
787 for (i = 0; i < WPI_TX_RING_COUNT; i++) {
788 struct wpi_tx_data *data = &ring->data[i];
789
790 data->cmd_paddr = paddr;
791 paddr += sizeof (struct wpi_tx_cmd);
792
793 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES,
794 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT,
795 &data->map);
796 if (error != 0) {
797 printf("%s: could not create TX buf DMA map\n",
798 sc->sc_dev.dv_xname);
799 goto fail;
800 }
801 }
802 return 0;
803
804 fail: wpi_free_tx_ring(sc, ring);
805 return error;
806 }
807
808 void
wpi_reset_tx_ring(struct wpi_softc * sc,struct wpi_tx_ring * ring)809 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring)
810 {
811 int i;
812
813 for (i = 0; i < WPI_TX_RING_COUNT; i++) {
814 struct wpi_tx_data *data = &ring->data[i];
815
816 if (data->m != NULL) {
817 bus_dmamap_sync(sc->sc_dmat, data->map, 0,
818 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
819 bus_dmamap_unload(sc->sc_dmat, data->map);
820 m_freem(data->m);
821 data->m = NULL;
822 }
823 }
824 /* Clear TX descriptors. */
825 memset(ring->desc, 0, ring->desc_dma.size);
826 sc->qfullmsk &= ~(1 << ring->qid);
827 ring->queued = 0;
828 ring->cur = 0;
829 }
830
831 void
wpi_free_tx_ring(struct wpi_softc * sc,struct wpi_tx_ring * ring)832 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring)
833 {
834 int i;
835
836 wpi_dma_contig_free(&ring->desc_dma);
837 wpi_dma_contig_free(&ring->cmd_dma);
838
839 for (i = 0; i < WPI_TX_RING_COUNT; i++) {
840 struct wpi_tx_data *data = &ring->data[i];
841
842 if (data->m != NULL) {
843 bus_dmamap_sync(sc->sc_dmat, data->map, 0,
844 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
845 bus_dmamap_unload(sc->sc_dmat, data->map);
846 m_freem(data->m);
847 }
848 if (data->map != NULL)
849 bus_dmamap_destroy(sc->sc_dmat, data->map);
850 }
851 }
852
853 int
wpi_read_eeprom(struct wpi_softc * sc)854 wpi_read_eeprom(struct wpi_softc *sc)
855 {
856 struct ieee80211com *ic = &sc->sc_ic;
857 char domain[4];
858 int i;
859
860 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) {
861 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname);
862 return EIO;
863 }
864 /* Clear HW ownership of EEPROM. */
865 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER);
866
867 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1);
868 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2);
869 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1);
870
871 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev),
872 sc->type));
873
874 /* Read and print regulatory domain (4 ASCII characters.) */
875 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4);
876 printf(", %.4s", domain);
877
878 /* Read and print MAC address. */
879 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6);
880 printf(", address %s\n", ether_sprintf(ic->ic_myaddr));
881
882 /* Read the list of authorized channels. */
883 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++)
884 wpi_read_eeprom_channels(sc, i);
885
886 /* Read the list of TX power groups. */
887 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++)
888 wpi_read_eeprom_group(sc, i);
889
890 return 0;
891 }
892
893 void
wpi_read_eeprom_channels(struct wpi_softc * sc,int n)894 wpi_read_eeprom_channels(struct wpi_softc *sc, int n)
895 {
896 struct ieee80211com *ic = &sc->sc_ic;
897 const struct wpi_chan_band *band = &wpi_bands[n];
898 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND];
899 int chan, i;
900
901 wpi_read_prom_data(sc, band->addr, channels,
902 band->nchan * sizeof (struct wpi_eeprom_chan));
903
904 for (i = 0; i < band->nchan; i++) {
905 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID))
906 continue;
907
908 chan = band->chan[i];
909
910 if (n == 0) { /* 2GHz band */
911 ic->ic_channels[chan].ic_freq =
912 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ);
913 ic->ic_channels[chan].ic_flags =
914 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
915 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
916
917 } else { /* 5GHz band */
918 /*
919 * Some adapters support channels 7, 8, 11 and 12
920 * both in the 2GHz and 4.9GHz bands.
921 * Because of limitations in our net80211 layer,
922 * we don't support them in the 4.9GHz band.
923 */
924 if (chan <= 14)
925 continue;
926
927 ic->ic_channels[chan].ic_freq =
928 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ);
929 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A;
930 /* We have at least one valid 5GHz channel. */
931 sc->sc_flags |= WPI_FLAG_HAS_5GHZ;
932 }
933
934 /* Is active scan allowed on this channel? */
935 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) {
936 ic->ic_channels[chan].ic_flags |=
937 IEEE80211_CHAN_PASSIVE;
938 }
939
940 /* Save maximum allowed TX power for this channel. */
941 sc->maxpwr[chan] = channels[i].maxpwr;
942
943 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n",
944 chan, channels[i].flags, sc->maxpwr[chan]));
945 }
946 }
947
948 void
wpi_read_eeprom_group(struct wpi_softc * sc,int n)949 wpi_read_eeprom_group(struct wpi_softc *sc, int n)
950 {
951 struct wpi_power_group *group = &sc->groups[n];
952 struct wpi_eeprom_group rgroup;
953 int i;
954
955 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup,
956 sizeof rgroup);
957
958 /* Save TX power group information. */
959 group->chan = rgroup.chan;
960 group->maxpwr = rgroup.maxpwr;
961 /* Retrieve temperature at which the samples were taken. */
962 group->temp = (int16_t)letoh16(rgroup.temp);
963
964 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n,
965 group->chan, group->maxpwr, group->temp));
966
967 for (i = 0; i < WPI_SAMPLES_COUNT; i++) {
968 group->samples[i].index = rgroup.samples[i].index;
969 group->samples[i].power = rgroup.samples[i].power;
970
971 DPRINTF(("\tsample %d: index=%d power=%d\n", i,
972 group->samples[i].index, group->samples[i].power));
973 }
974 }
975
976 struct ieee80211_node *
wpi_node_alloc(struct ieee80211com * ic)977 wpi_node_alloc(struct ieee80211com *ic)
978 {
979 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO);
980 }
981
982 void
wpi_newassoc(struct ieee80211com * ic,struct ieee80211_node * ni,int isnew)983 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew)
984 {
985 struct wpi_softc *sc = ic->ic_if.if_softc;
986 struct wpi_node *wn = (void *)ni;
987 uint8_t rate;
988 int ridx, i;
989
990 ieee80211_amrr_node_init(&sc->amrr, &wn->amn);
991 /* Start at lowest available bit-rate, AMRR will raise. */
992 ni->ni_txrate = 0;
993
994 for (i = 0; i < ni->ni_rates.rs_nrates; i++) {
995 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL;
996 /* Map 802.11 rate to HW rate index. */
997 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++)
998 if (wpi_rates[ridx].rate == rate)
999 break;
1000 wn->ridx[i] = ridx;
1001 }
1002 }
1003
1004 int
wpi_media_change(struct ifnet * ifp)1005 wpi_media_change(struct ifnet *ifp)
1006 {
1007 struct wpi_softc *sc = ifp->if_softc;
1008 struct ieee80211com *ic = &sc->sc_ic;
1009 uint8_t rate, ridx;
1010 int error;
1011
1012 error = ieee80211_media_change(ifp);
1013 if (error != ENETRESET)
1014 return error;
1015
1016 if (ic->ic_fixed_rate != -1) {
1017 rate = ic->ic_sup_rates[ic->ic_curmode].
1018 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL;
1019 /* Map 802.11 rate to HW rate index. */
1020 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++)
1021 if (wpi_rates[ridx].rate == rate)
1022 break;
1023 sc->fixed_ridx = ridx;
1024 }
1025
1026 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1027 (IFF_UP | IFF_RUNNING)) {
1028 wpi_stop(ifp, 0);
1029 error = wpi_init(ifp);
1030 }
1031 return error;
1032 }
1033
1034 int
wpi_newstate(struct ieee80211com * ic,enum ieee80211_state nstate,int arg)1035 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1036 {
1037 struct ifnet *ifp = &ic->ic_if;
1038 struct wpi_softc *sc = ifp->if_softc;
1039 int error;
1040
1041 timeout_del(&sc->calib_to);
1042
1043 switch (nstate) {
1044 case IEEE80211_S_SCAN:
1045 /* Make the link LED blink while we're scanning. */
1046 wpi_set_led(sc, WPI_LED_LINK, 20, 2);
1047
1048 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) {
1049 printf("%s: could not initiate scan\n",
1050 sc->sc_dev.dv_xname);
1051 return error;
1052 }
1053 if (ifp->if_flags & IFF_DEBUG)
1054 printf("%s: %s -> %s\n", ifp->if_xname,
1055 ieee80211_state_name[ic->ic_state],
1056 ieee80211_state_name[nstate]);
1057 ieee80211_set_link_state(ic, LINK_STATE_DOWN);
1058 ieee80211_node_cleanup(ic, ic->ic_bss);
1059 ic->ic_state = nstate;
1060 return 0;
1061
1062 case IEEE80211_S_ASSOC:
1063 if (ic->ic_state != IEEE80211_S_RUN)
1064 break;
1065 /* FALLTHROUGH */
1066 case IEEE80211_S_AUTH:
1067 /* Reset state to handle reassociations correctly. */
1068 sc->rxon.associd = 0;
1069 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS);
1070
1071 if ((error = wpi_auth(sc)) != 0) {
1072 printf("%s: could not move to auth state\n",
1073 sc->sc_dev.dv_xname);
1074 return error;
1075 }
1076 break;
1077
1078 case IEEE80211_S_RUN:
1079 if ((error = wpi_run(sc)) != 0) {
1080 printf("%s: could not move to run state\n",
1081 sc->sc_dev.dv_xname);
1082 return error;
1083 }
1084 break;
1085
1086 case IEEE80211_S_INIT:
1087 break;
1088 }
1089
1090 return sc->sc_newstate(ic, nstate, arg);
1091 }
1092
1093 void
wpi_iter_func(void * arg,struct ieee80211_node * ni)1094 wpi_iter_func(void *arg, struct ieee80211_node *ni)
1095 {
1096 struct wpi_softc *sc = arg;
1097 struct wpi_node *wn = (struct wpi_node *)ni;
1098
1099 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn);
1100 }
1101
1102 void
wpi_calib_timeout(void * arg)1103 wpi_calib_timeout(void *arg)
1104 {
1105 struct wpi_softc *sc = arg;
1106 struct ieee80211com *ic = &sc->sc_ic;
1107 int s;
1108
1109 s = splnet();
1110 /* Automatic rate control triggered every 500ms. */
1111 if (ic->ic_fixed_rate == -1) {
1112 if (ic->ic_opmode == IEEE80211_M_STA)
1113 wpi_iter_func(sc, ic->ic_bss);
1114 else
1115 ieee80211_iterate_nodes(ic, wpi_iter_func, sc);
1116 }
1117
1118 /* Force automatic TX power calibration every 60 secs. */
1119 if (++sc->calib_cnt >= 120) {
1120 wpi_power_calibration(sc);
1121 sc->calib_cnt = 0;
1122 }
1123 splx(s);
1124
1125 /* Automatic rate control triggered every 500ms. */
1126 timeout_add_msec(&sc->calib_to, 500);
1127 }
1128
1129 int
wpi_ccmp_decap(struct wpi_softc * sc,struct mbuf * m,struct ieee80211_key * k)1130 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k)
1131 {
1132 struct ieee80211com *ic = &sc->sc_ic;
1133 struct ieee80211_frame *wh;
1134 uint64_t pn, *prsc;
1135 uint8_t *ivp;
1136 uint8_t tid;
1137 int hdrlen;
1138
1139 wh = mtod(m, struct ieee80211_frame *);
1140 hdrlen = ieee80211_get_hdrlen(wh);
1141 ivp = (uint8_t *)wh + hdrlen;
1142
1143 /* Check that ExtIV bit is set. */
1144 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) {
1145 DPRINTF(("CCMP decap ExtIV not set\n"));
1146 return 1;
1147 }
1148 tid = ieee80211_has_qos(wh) ?
1149 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0;
1150 prsc = &k->k_rsc[tid];
1151
1152 /* Extract the 48-bit PN from the CCMP header. */
1153 pn = (uint64_t)ivp[0] |
1154 (uint64_t)ivp[1] << 8 |
1155 (uint64_t)ivp[4] << 16 |
1156 (uint64_t)ivp[5] << 24 |
1157 (uint64_t)ivp[6] << 32 |
1158 (uint64_t)ivp[7] << 40;
1159 if (pn <= *prsc) {
1160 DPRINTF(("CCMP replayed\n"));
1161 ic->ic_stats.is_ccmp_replays++;
1162 return 1;
1163 }
1164 /* Last seen packet number is updated in ieee80211_inputm(). */
1165
1166 /* Strip MIC. IV will be stripped by ieee80211_inputm(). */
1167 m_adj(m, -IEEE80211_CCMP_MICLEN);
1168 return 0;
1169 }
1170
1171 void
wpi_rx_done(struct wpi_softc * sc,struct wpi_rx_desc * desc,struct wpi_rx_data * data,struct mbuf_list * ml)1172 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc,
1173 struct wpi_rx_data *data, struct mbuf_list *ml)
1174 {
1175 struct ieee80211com *ic = &sc->sc_ic;
1176 struct ifnet *ifp = &ic->ic_if;
1177 struct wpi_rx_ring *ring = &sc->rxq;
1178 struct wpi_rx_stat *stat;
1179 struct wpi_rx_head *head;
1180 struct wpi_rx_tail *tail;
1181 struct ieee80211_frame *wh;
1182 struct ieee80211_rxinfo rxi;
1183 struct ieee80211_node *ni;
1184 struct mbuf *m, *m1;
1185 uint32_t flags;
1186 int error;
1187
1188 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE,
1189 BUS_DMASYNC_POSTREAD);
1190 stat = (struct wpi_rx_stat *)(desc + 1);
1191
1192 if (stat->len > WPI_STAT_MAXLEN) {
1193 printf("%s: invalid RX statistic header\n",
1194 sc->sc_dev.dv_xname);
1195 ifp->if_ierrors++;
1196 return;
1197 }
1198 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len);
1199 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len));
1200 flags = letoh32(tail->flags);
1201
1202 /* Discard frames with a bad FCS early. */
1203 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) {
1204 DPRINTFN(2, ("rx tail flags error %x\n", flags));
1205 ifp->if_ierrors++;
1206 return;
1207 }
1208 /* Discard frames that are too short. */
1209 if (letoh16(head->len) < sizeof (*wh)) {
1210 DPRINTF(("frame too short: %d\n", letoh16(head->len)));
1211 ic->ic_stats.is_rx_tooshort++;
1212 ifp->if_ierrors++;
1213 return;
1214 }
1215
1216 m1 = MCLGETL(NULL, M_DONTWAIT, WPI_RBUF_SIZE);
1217 if (m1 == NULL) {
1218 ic->ic_stats.is_rx_nombuf++;
1219 ifp->if_ierrors++;
1220 return;
1221 }
1222 bus_dmamap_unload(sc->sc_dmat, data->map);
1223
1224 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *),
1225 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ);
1226 if (error != 0) {
1227 m_freem(m1);
1228
1229 /* Try to reload the old mbuf. */
1230 error = bus_dmamap_load(sc->sc_dmat, data->map,
1231 mtod(data->m, void *), WPI_RBUF_SIZE, NULL,
1232 BUS_DMA_NOWAIT | BUS_DMA_READ);
1233 if (error != 0) {
1234 panic("%s: could not load old RX mbuf",
1235 sc->sc_dev.dv_xname);
1236 }
1237 /* Physical address may have changed. */
1238 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr);
1239 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map,
1240 ring->cur * sizeof (uint32_t), sizeof (uint32_t),
1241 BUS_DMASYNC_PREWRITE);
1242 ifp->if_ierrors++;
1243 return;
1244 }
1245
1246 m = data->m;
1247 data->m = m1;
1248 /* Update RX descriptor. */
1249 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr);
1250 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map,
1251 ring->cur * sizeof (uint32_t), sizeof (uint32_t),
1252 BUS_DMASYNC_PREWRITE);
1253
1254 /* Finalize mbuf. */
1255 m->m_data = (caddr_t)(head + 1);
1256 m->m_pkthdr.len = m->m_len = letoh16(head->len);
1257
1258 /* Grab a reference to the source node. */
1259 wh = mtod(m, struct ieee80211_frame *);
1260 ni = ieee80211_find_rxnode(ic, wh);
1261
1262 memset(&rxi, 0, sizeof(rxi));
1263 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) &&
1264 !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1265 (ni->ni_flags & IEEE80211_NODE_RXPROT) &&
1266 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) {
1267 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) {
1268 ic->ic_stats.is_ccmp_dec_errs++;
1269 ifp->if_ierrors++;
1270 m_freem(m);
1271 ieee80211_release_node(ic, ni);
1272 return;
1273 }
1274 /* Check whether decryption was successful or not. */
1275 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) {
1276 DPRINTF(("CCMP decryption failed 0x%x\n", flags));
1277 ic->ic_stats.is_ccmp_dec_errs++;
1278 ifp->if_ierrors++;
1279 m_freem(m);
1280 ieee80211_release_node(ic, ni);
1281 return;
1282 }
1283 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) {
1284 ifp->if_ierrors++;
1285 m_freem(m);
1286 ieee80211_release_node(ic, ni);
1287 return;
1288 }
1289 rxi.rxi_flags |= IEEE80211_RXI_HWDEC;
1290 }
1291
1292 #if NBPFILTER > 0
1293 if (sc->sc_drvbpf != NULL) {
1294 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap;
1295
1296 tap->wr_flags = 0;
1297 if (letoh16(head->flags) & 0x4)
1298 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
1299 tap->wr_chan_freq =
1300 htole16(ic->ic_channels[head->chan].ic_freq);
1301 tap->wr_chan_flags =
1302 htole16(ic->ic_channels[head->chan].ic_flags);
1303 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET);
1304 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise);
1305 tap->wr_tsft = tail->tstamp;
1306 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf;
1307 switch (head->rate) {
1308 /* CCK rates. */
1309 case 10: tap->wr_rate = 2; break;
1310 case 20: tap->wr_rate = 4; break;
1311 case 55: tap->wr_rate = 11; break;
1312 case 110: tap->wr_rate = 22; break;
1313 /* OFDM rates. */
1314 case 0xd: tap->wr_rate = 12; break;
1315 case 0xf: tap->wr_rate = 18; break;
1316 case 0x5: tap->wr_rate = 24; break;
1317 case 0x7: tap->wr_rate = 36; break;
1318 case 0x9: tap->wr_rate = 48; break;
1319 case 0xb: tap->wr_rate = 72; break;
1320 case 0x1: tap->wr_rate = 96; break;
1321 case 0x3: tap->wr_rate = 108; break;
1322 /* Unknown rate: should not happen. */
1323 default: tap->wr_rate = 0;
1324 }
1325
1326 bpf_mtap_hdr(sc->sc_drvbpf, tap, sc->sc_rxtap_len,
1327 m, BPF_DIRECTION_IN);
1328 }
1329 #endif
1330
1331 /* Send the frame to the 802.11 layer. */
1332 rxi.rxi_rssi = stat->rssi;
1333 ieee80211_inputm(ifp, m, ni, &rxi, ml);
1334
1335 /* Node is no longer needed. */
1336 ieee80211_release_node(ic, ni);
1337 }
1338
1339 void
wpi_tx_done(struct wpi_softc * sc,struct wpi_rx_desc * desc)1340 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc)
1341 {
1342 struct ieee80211com *ic = &sc->sc_ic;
1343 struct ifnet *ifp = &ic->ic_if;
1344 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3];
1345 struct wpi_tx_data *data = &ring->data[desc->idx];
1346 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1);
1347 struct wpi_node *wn = (struct wpi_node *)data->ni;
1348
1349 /* Update rate control statistics. */
1350 wn->amn.amn_txcnt++;
1351 if (stat->retrycnt > 0)
1352 wn->amn.amn_retrycnt++;
1353
1354 if ((letoh32(stat->status) & 0xff) != 1)
1355 ifp->if_oerrors++;
1356
1357 /* Unmap and free mbuf. */
1358 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize,
1359 BUS_DMASYNC_POSTWRITE);
1360 bus_dmamap_unload(sc->sc_dmat, data->map);
1361 m_freem(data->m);
1362 data->m = NULL;
1363 ieee80211_release_node(ic, data->ni);
1364 data->ni = NULL;
1365
1366 sc->sc_tx_timer = 0;
1367 if (--ring->queued < WPI_TX_RING_LOMARK) {
1368 sc->qfullmsk &= ~(1 << ring->qid);
1369 if (sc->qfullmsk == 0 && ifq_is_oactive(&ifp->if_snd)) {
1370 ifq_clr_oactive(&ifp->if_snd);
1371 (*ifp->if_start)(ifp);
1372 }
1373 }
1374 }
1375
1376 void
wpi_cmd_done(struct wpi_softc * sc,struct wpi_rx_desc * desc)1377 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc)
1378 {
1379 struct wpi_tx_ring *ring = &sc->txq[4];
1380 struct wpi_tx_data *data;
1381
1382 if ((desc->qid & 7) != 4)
1383 return; /* Not a command ack. */
1384
1385 data = &ring->data[desc->idx];
1386
1387 /* If the command was mapped in an mbuf, free it. */
1388 if (data->m != NULL) {
1389 bus_dmamap_sync(sc->sc_dmat, data->map, 0,
1390 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
1391 bus_dmamap_unload(sc->sc_dmat, data->map);
1392 m_freem(data->m);
1393 data->m = NULL;
1394 }
1395 wakeup(&ring->cmd[desc->idx]);
1396 }
1397
1398 void
wpi_notif_intr(struct wpi_softc * sc)1399 wpi_notif_intr(struct wpi_softc *sc)
1400 {
1401 struct mbuf_list ml = MBUF_LIST_INITIALIZER();
1402 struct ieee80211com *ic = &sc->sc_ic;
1403 struct ifnet *ifp = &ic->ic_if;
1404 uint32_t hw;
1405
1406 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0,
1407 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD);
1408
1409 hw = letoh32(sc->shared->next);
1410 while (sc->rxq.cur != hw) {
1411 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur];
1412 struct wpi_rx_desc *desc;
1413
1414 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc),
1415 BUS_DMASYNC_POSTREAD);
1416 desc = mtod(data->m, struct wpi_rx_desc *);
1417
1418 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d "
1419 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type,
1420 letoh32(desc->len)));
1421
1422 if (!(desc->qid & 0x80)) /* Reply to a command. */
1423 wpi_cmd_done(sc, desc);
1424
1425 switch (desc->type) {
1426 case WPI_RX_DONE:
1427 /* An 802.11 frame has been received. */
1428 wpi_rx_done(sc, desc, data, &ml);
1429 break;
1430
1431 case WPI_TX_DONE:
1432 /* An 802.11 frame has been transmitted. */
1433 wpi_tx_done(sc, desc);
1434 break;
1435
1436 case WPI_UC_READY:
1437 {
1438 struct wpi_ucode_info *uc =
1439 (struct wpi_ucode_info *)(desc + 1);
1440
1441 /* The microcontroller is ready. */
1442 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc),
1443 sizeof (*uc), BUS_DMASYNC_POSTREAD);
1444 DPRINTF(("microcode alive notification version %x "
1445 "alive %x\n", letoh32(uc->version),
1446 letoh32(uc->valid)));
1447
1448 if (letoh32(uc->valid) != 1) {
1449 printf("%s: microcontroller initialization "
1450 "failed\n", sc->sc_dev.dv_xname);
1451 }
1452 if (uc->subtype != WPI_UCODE_INIT) {
1453 /* Save the address of the error log. */
1454 sc->errptr = letoh32(uc->errptr);
1455 }
1456 break;
1457 }
1458 case WPI_STATE_CHANGED:
1459 {
1460 uint32_t *status = (uint32_t *)(desc + 1);
1461
1462 /* Enabled/disabled notification. */
1463 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc),
1464 sizeof (*status), BUS_DMASYNC_POSTREAD);
1465 DPRINTF(("state changed to %x\n", letoh32(*status)));
1466
1467 if (letoh32(*status) & 1) {
1468 /* The radio button has to be pushed. */
1469 printf("%s: Radio transmitter is off\n",
1470 sc->sc_dev.dv_xname);
1471 /* Turn the interface down. */
1472 wpi_stop(ifp, 1);
1473 return; /* No further processing. */
1474 }
1475 break;
1476 }
1477 case WPI_START_SCAN:
1478 {
1479 struct wpi_start_scan *scan =
1480 (struct wpi_start_scan *)(desc + 1);
1481
1482 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc),
1483 sizeof (*scan), BUS_DMASYNC_POSTREAD);
1484 DPRINTFN(2, ("scanning channel %d status %x\n",
1485 scan->chan, letoh32(scan->status)));
1486
1487 /* Fix current channel. */
1488 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan];
1489 break;
1490 }
1491 case WPI_STOP_SCAN:
1492 {
1493 struct wpi_stop_scan *scan =
1494 (struct wpi_stop_scan *)(desc + 1);
1495
1496 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc),
1497 sizeof (*scan), BUS_DMASYNC_POSTREAD);
1498 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n",
1499 scan->nchan, scan->status, scan->chan));
1500
1501 if (scan->status == 1 && scan->chan <= 14 &&
1502 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) {
1503 /*
1504 * We just finished scanning 2GHz channels,
1505 * start scanning 5GHz ones.
1506 */
1507 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0)
1508 break;
1509 }
1510 ieee80211_end_scan(ifp);
1511 break;
1512 }
1513 }
1514
1515 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT;
1516 }
1517 if_input(&ic->ic_if, &ml);
1518
1519 /* Tell the firmware what we have processed. */
1520 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1;
1521 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7);
1522 }
1523
1524 #ifdef WPI_DEBUG
1525 /*
1526 * Dump the error log of the firmware when a firmware panic occurs. Although
1527 * we can't debug the firmware because it is neither open source nor free, it
1528 * can help us to identify certain classes of problems.
1529 */
1530 void
wpi_fatal_intr(struct wpi_softc * sc)1531 wpi_fatal_intr(struct wpi_softc *sc)
1532 {
1533 #define N(a) (sizeof (a) / sizeof ((a)[0]))
1534 struct wpi_fwdump dump;
1535 uint32_t i, offset, count;
1536
1537 /* Check that the error log address is valid. */
1538 if (sc->errptr < WPI_FW_DATA_BASE ||
1539 sc->errptr + sizeof (dump) >
1540 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) {
1541 printf("%s: bad firmware error log address 0x%08x\n",
1542 sc->sc_dev.dv_xname, sc->errptr);
1543 return;
1544 }
1545
1546 if (wpi_nic_lock(sc) != 0) {
1547 printf("%s: could not read firmware error log\n",
1548 sc->sc_dev.dv_xname);
1549 return;
1550 }
1551 /* Read number of entries in the log. */
1552 count = wpi_mem_read(sc, sc->errptr);
1553 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) {
1554 printf("%s: invalid count field (count=%u)\n",
1555 sc->sc_dev.dv_xname, count);
1556 wpi_nic_unlock(sc);
1557 return;
1558 }
1559 /* Skip "count" field. */
1560 offset = sc->errptr + sizeof (uint32_t);
1561 printf("firmware error log (count=%u):\n", count);
1562 for (i = 0; i < count; i++) {
1563 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump,
1564 sizeof (dump) / sizeof (uint32_t));
1565
1566 printf(" error type = \"%s\" (0x%08X)\n",
1567 (dump.desc < N(wpi_fw_errmsg)) ?
1568 wpi_fw_errmsg[dump.desc] : "UNKNOWN",
1569 dump.desc);
1570 printf(" error data = 0x%08X\n",
1571 dump.data);
1572 printf(" branch link = 0x%08X%08X\n",
1573 dump.blink[0], dump.blink[1]);
1574 printf(" interrupt link = 0x%08X%08X\n",
1575 dump.ilink[0], dump.ilink[1]);
1576 printf(" time = %u\n", dump.time);
1577
1578 offset += sizeof (dump);
1579 }
1580 wpi_nic_unlock(sc);
1581 /* Dump driver status (TX and RX rings) while we're here. */
1582 printf("driver status:\n");
1583 for (i = 0; i < 6; i++) {
1584 struct wpi_tx_ring *ring = &sc->txq[i];
1585 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n",
1586 i, ring->qid, ring->cur, ring->queued);
1587 }
1588 printf(" rx ring: cur=%d\n", sc->rxq.cur);
1589 printf(" 802.11 state %d\n", sc->sc_ic.ic_state);
1590 #undef N
1591 }
1592 #endif
1593
1594 int
wpi_intr(void * arg)1595 wpi_intr(void *arg)
1596 {
1597 struct wpi_softc *sc = arg;
1598 struct ifnet *ifp = &sc->sc_ic.ic_if;
1599 uint32_t r1, r2;
1600
1601 /* Disable interrupts. */
1602 WPI_WRITE(sc, WPI_MASK, 0);
1603
1604 r1 = WPI_READ(sc, WPI_INT);
1605 r2 = WPI_READ(sc, WPI_FH_INT);
1606
1607 if (r1 == 0 && r2 == 0) {
1608 if (ifp->if_flags & IFF_UP)
1609 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK);
1610 return 0; /* Interrupt not for us. */
1611 }
1612 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
1613 return 0; /* Hardware gone! */
1614
1615 /* Acknowledge interrupts. */
1616 WPI_WRITE(sc, WPI_INT, r1);
1617 WPI_WRITE(sc, WPI_FH_INT, r2);
1618
1619 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) {
1620 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname);
1621 /* Dump firmware error log and stop. */
1622 #ifdef WPI_DEBUG
1623 wpi_fatal_intr(sc);
1624 #endif
1625 wpi_stop(ifp, 1);
1626 task_add(systq, &sc->init_task);
1627 return 1;
1628 }
1629 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) ||
1630 (r2 & WPI_FH_INT_RX))
1631 wpi_notif_intr(sc);
1632
1633 if (r1 & WPI_INT_ALIVE)
1634 wakeup(sc); /* Firmware is alive. */
1635
1636 /* Re-enable interrupts. */
1637 if (ifp->if_flags & IFF_UP)
1638 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK);
1639
1640 return 1;
1641 }
1642
1643 int
wpi_tx(struct wpi_softc * sc,struct mbuf * m,struct ieee80211_node * ni)1644 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
1645 {
1646 struct ieee80211com *ic = &sc->sc_ic;
1647 struct wpi_node *wn = (void *)ni;
1648 struct wpi_tx_ring *ring;
1649 struct wpi_tx_desc *desc;
1650 struct wpi_tx_data *data;
1651 struct wpi_tx_cmd *cmd;
1652 struct wpi_cmd_data *tx;
1653 const struct wpi_rate *rinfo;
1654 struct ieee80211_frame *wh;
1655 struct ieee80211_key *k = NULL;
1656 enum ieee80211_edca_ac ac;
1657 uint32_t flags;
1658 uint16_t qos;
1659 u_int hdrlen;
1660 uint8_t *ivp, tid, ridx, type;
1661 int i, totlen, hasqos, error;
1662
1663 wh = mtod(m, struct ieee80211_frame *);
1664 hdrlen = ieee80211_get_hdrlen(wh);
1665 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1666
1667 /* Select EDCA Access Category and TX ring for this frame. */
1668 if ((hasqos = ieee80211_has_qos(wh))) {
1669 qos = ieee80211_get_qos(wh);
1670 tid = qos & IEEE80211_QOS_TID;
1671 ac = ieee80211_up_to_ac(ic, tid);
1672 } else {
1673 tid = 0;
1674 ac = EDCA_AC_BE;
1675 }
1676
1677 ring = &sc->txq[ac];
1678 desc = &ring->desc[ring->cur];
1679 data = &ring->data[ring->cur];
1680
1681 /* Choose a TX rate index. */
1682 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
1683 type != IEEE80211_FC0_TYPE_DATA) {
1684 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
1685 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1;
1686 } else if (ic->ic_fixed_rate != -1) {
1687 ridx = sc->fixed_ridx;
1688 } else
1689 ridx = wn->ridx[ni->ni_txrate];
1690 rinfo = &wpi_rates[ridx];
1691
1692 #if NBPFILTER > 0
1693 if (sc->sc_drvbpf != NULL) {
1694 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap;
1695
1696 tap->wt_flags = 0;
1697 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
1698 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
1699 tap->wt_rate = rinfo->rate;
1700 if ((ic->ic_flags & IEEE80211_F_WEPON) &&
1701 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED))
1702 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
1703
1704 bpf_mtap_hdr(sc->sc_drvbpf, tap, sc->sc_txtap_len,
1705 m, BPF_DIRECTION_OUT);
1706 }
1707 #endif
1708
1709 totlen = m->m_pkthdr.len;
1710
1711 /* Encrypt the frame if need be. */
1712 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
1713 /* Retrieve key for TX. */
1714 k = ieee80211_get_txkey(ic, wh, ni);
1715 if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
1716 /* Do software encryption. */
1717 if ((m = ieee80211_encrypt(ic, m, k)) == NULL)
1718 return ENOBUFS;
1719 /* 802.11 header may have moved. */
1720 wh = mtod(m, struct ieee80211_frame *);
1721 totlen = m->m_pkthdr.len;
1722
1723 } else /* HW appends CCMP MIC. */
1724 totlen += IEEE80211_CCMP_HDRLEN;
1725 }
1726
1727 /* Prepare TX firmware command. */
1728 cmd = &ring->cmd[ring->cur];
1729 cmd->code = WPI_CMD_TX_DATA;
1730 cmd->flags = 0;
1731 cmd->qid = ring->qid;
1732 cmd->idx = ring->cur;
1733
1734 tx = (struct wpi_cmd_data *)cmd->data;
1735 /* NB: No need to clear tx, all fields are reinitialized here. */
1736
1737 flags = 0;
1738 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1739 /* Unicast frame, check if an ACK is expected. */
1740 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) !=
1741 IEEE80211_QOS_ACK_POLICY_NOACK)
1742 flags |= WPI_TX_NEED_ACK;
1743 }
1744
1745 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */
1746 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1747 /* NB: Group frames are sent using CCK in 802.11b/g. */
1748 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) {
1749 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP;
1750 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) &&
1751 ridx <= WPI_RIDX_OFDM54) {
1752 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
1753 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP;
1754 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
1755 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP;
1756 }
1757 }
1758
1759 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
1760 type != IEEE80211_FC0_TYPE_DATA)
1761 tx->id = WPI_ID_BROADCAST;
1762 else
1763 tx->id = wn->id;
1764
1765 if (type == IEEE80211_FC0_TYPE_MGT) {
1766 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
1767
1768 #ifndef IEEE80211_STA_ONLY
1769 /* Tell HW to set timestamp in probe responses. */
1770 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
1771 flags |= WPI_TX_INSERT_TSTAMP;
1772 #endif
1773 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
1774 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
1775 tx->timeout = htole16(3);
1776 else
1777 tx->timeout = htole16(2);
1778 } else
1779 tx->timeout = htole16(0);
1780
1781 tx->len = htole16(totlen);
1782 tx->tid = tid;
1783 tx->rts_ntries = 7;
1784 tx->data_ntries = 15;
1785 tx->ofdm_mask = 0xff;
1786 tx->cck_mask = 0x0f;
1787 tx->lifetime = htole32(WPI_LIFETIME_INFINITE);
1788 tx->plcp = rinfo->plcp;
1789
1790 /* Copy 802.11 header in TX command. */
1791 memcpy((uint8_t *)(tx + 1), wh, hdrlen);
1792
1793 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) {
1794 /* Trim 802.11 header and prepend CCMP IV. */
1795 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN);
1796 ivp = mtod(m, uint8_t *);
1797 k->k_tsc++;
1798 ivp[0] = k->k_tsc;
1799 ivp[1] = k->k_tsc >> 8;
1800 ivp[2] = 0;
1801 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV;
1802 ivp[4] = k->k_tsc >> 16;
1803 ivp[5] = k->k_tsc >> 24;
1804 ivp[6] = k->k_tsc >> 32;
1805 ivp[7] = k->k_tsc >> 40;
1806
1807 tx->security = WPI_CIPHER_CCMP;
1808 memcpy(tx->key, k->k_key, k->k_len);
1809 } else {
1810 /* Trim 802.11 header. */
1811 m_adj(m, hdrlen);
1812 tx->security = 0;
1813 }
1814 tx->flags = htole32(flags);
1815
1816 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m,
1817 BUS_DMA_NOWAIT | BUS_DMA_WRITE);
1818 if (error != 0 && error != EFBIG) {
1819 printf("%s: can't map mbuf (error %d)\n",
1820 sc->sc_dev.dv_xname, error);
1821 m_freem(m);
1822 return error;
1823 }
1824 if (error != 0) {
1825 /* Too many DMA segments, linearize mbuf. */
1826 if (m_defrag(m, M_DONTWAIT)) {
1827 m_freem(m);
1828 return ENOBUFS;
1829 }
1830 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m,
1831 BUS_DMA_NOWAIT | BUS_DMA_WRITE);
1832 if (error != 0) {
1833 printf("%s: can't map mbuf (error %d)\n",
1834 sc->sc_dev.dv_xname, error);
1835 m_freem(m);
1836 return error;
1837 }
1838 }
1839
1840 data->m = m;
1841 data->ni = ni;
1842
1843 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n",
1844 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs));
1845
1846 /* Fill TX descriptor. */
1847 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 |
1848 (1 + data->map->dm_nsegs) << 24);
1849 /* First DMA segment is used by the TX command. */
1850 desc->segs[0].addr = htole32(ring->cmd_dma.paddr +
1851 ring->cur * sizeof (struct wpi_tx_cmd));
1852 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) +
1853 ((hdrlen + 3) & ~3));
1854 /* Other DMA segments are for data payload. */
1855 for (i = 1; i <= data->map->dm_nsegs; i++) {
1856 desc->segs[i].addr =
1857 htole32(data->map->dm_segs[i - 1].ds_addr);
1858 desc->segs[i].len =
1859 htole32(data->map->dm_segs[i - 1].ds_len);
1860 }
1861
1862 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize,
1863 BUS_DMASYNC_PREWRITE);
1864 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map,
1865 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd),
1866 BUS_DMASYNC_PREWRITE);
1867 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map,
1868 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc),
1869 BUS_DMASYNC_PREWRITE);
1870
1871 /* Kick TX ring. */
1872 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT;
1873 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
1874
1875 /* Mark TX ring as full if we reach a certain threshold. */
1876 if (++ring->queued > WPI_TX_RING_HIMARK)
1877 sc->qfullmsk |= 1 << ring->qid;
1878
1879 return 0;
1880 }
1881
1882 void
wpi_start(struct ifnet * ifp)1883 wpi_start(struct ifnet *ifp)
1884 {
1885 struct wpi_softc *sc = ifp->if_softc;
1886 struct ieee80211com *ic = &sc->sc_ic;
1887 struct ieee80211_node *ni;
1888 struct mbuf *m;
1889
1890 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd))
1891 return;
1892
1893 for (;;) {
1894 if (sc->qfullmsk != 0) {
1895 ifq_set_oactive(&ifp->if_snd);
1896 break;
1897 }
1898 /* Send pending management frames first. */
1899 m = mq_dequeue(&ic->ic_mgtq);
1900 if (m != NULL) {
1901 ni = m->m_pkthdr.ph_cookie;
1902 goto sendit;
1903 }
1904 if (ic->ic_state != IEEE80211_S_RUN)
1905 break;
1906
1907 /* Encapsulate and send data frames. */
1908 m = ifq_dequeue(&ifp->if_snd);
1909 if (m == NULL)
1910 break;
1911 #if NBPFILTER > 0
1912 if (ifp->if_bpf != NULL)
1913 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT);
1914 #endif
1915 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL)
1916 continue;
1917 sendit:
1918 #if NBPFILTER > 0
1919 if (ic->ic_rawbpf != NULL)
1920 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT);
1921 #endif
1922 if (wpi_tx(sc, m, ni) != 0) {
1923 ieee80211_release_node(ic, ni);
1924 ifp->if_oerrors++;
1925 continue;
1926 }
1927
1928 sc->sc_tx_timer = 5;
1929 ifp->if_timer = 1;
1930 }
1931 }
1932
1933 void
wpi_watchdog(struct ifnet * ifp)1934 wpi_watchdog(struct ifnet *ifp)
1935 {
1936 struct wpi_softc *sc = ifp->if_softc;
1937
1938 ifp->if_timer = 0;
1939
1940 if (sc->sc_tx_timer > 0) {
1941 if (--sc->sc_tx_timer == 0) {
1942 printf("%s: device timeout\n", sc->sc_dev.dv_xname);
1943 wpi_stop(ifp, 1);
1944 ifp->if_oerrors++;
1945 return;
1946 }
1947 ifp->if_timer = 1;
1948 }
1949
1950 ieee80211_watchdog(ifp);
1951 }
1952
1953 int
wpi_ioctl(struct ifnet * ifp,u_long cmd,caddr_t data)1954 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1955 {
1956 struct wpi_softc *sc = ifp->if_softc;
1957 struct ieee80211com *ic = &sc->sc_ic;
1958 int s, error = 0;
1959
1960 error = rw_enter(&sc->sc_rwlock, RW_WRITE | RW_INTR);
1961 if (error)
1962 return error;
1963 s = splnet();
1964
1965 switch (cmd) {
1966 case SIOCSIFADDR:
1967 ifp->if_flags |= IFF_UP;
1968 /* FALLTHROUGH */
1969 case SIOCSIFFLAGS:
1970 if (ifp->if_flags & IFF_UP) {
1971 if (!(ifp->if_flags & IFF_RUNNING))
1972 error = wpi_init(ifp);
1973 } else {
1974 if (ifp->if_flags & IFF_RUNNING)
1975 wpi_stop(ifp, 1);
1976 }
1977 break;
1978
1979 case SIOCS80211POWER:
1980 error = ieee80211_ioctl(ifp, cmd, data);
1981 if (error != ENETRESET)
1982 break;
1983 if (ic->ic_state == IEEE80211_S_RUN) {
1984 if (ic->ic_flags & IEEE80211_F_PMGTON)
1985 error = wpi_set_pslevel(sc, 0, 3, 0);
1986 else /* back to CAM */
1987 error = wpi_set_pslevel(sc, 0, 0, 0);
1988 } else {
1989 /* Defer until transition to IEEE80211_S_RUN. */
1990 error = 0;
1991 }
1992 break;
1993
1994 default:
1995 error = ieee80211_ioctl(ifp, cmd, data);
1996 }
1997
1998 if (error == ENETRESET) {
1999 error = 0;
2000 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
2001 (IFF_UP | IFF_RUNNING)) {
2002 wpi_stop(ifp, 0);
2003 error = wpi_init(ifp);
2004 }
2005 }
2006
2007 splx(s);
2008 rw_exit_write(&sc->sc_rwlock);
2009 return error;
2010 }
2011
2012 /*
2013 * Send a command to the firmware.
2014 */
2015 int
wpi_cmd(struct wpi_softc * sc,int code,const void * buf,int size,int async)2016 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async)
2017 {
2018 struct wpi_tx_ring *ring = &sc->txq[4];
2019 struct wpi_tx_desc *desc;
2020 struct wpi_tx_data *data;
2021 struct wpi_tx_cmd *cmd;
2022 struct mbuf *m;
2023 bus_addr_t paddr;
2024 int totlen, error;
2025
2026 desc = &ring->desc[ring->cur];
2027 data = &ring->data[ring->cur];
2028 totlen = 4 + size;
2029
2030 if (size > sizeof cmd->data) {
2031 /* Command is too large to fit in a descriptor. */
2032 if (totlen > MCLBYTES)
2033 return EINVAL;
2034 MGETHDR(m, M_DONTWAIT, MT_DATA);
2035 if (m == NULL)
2036 return ENOMEM;
2037 if (totlen > MHLEN) {
2038 MCLGET(m, M_DONTWAIT);
2039 if (!(m->m_flags & M_EXT)) {
2040 m_freem(m);
2041 return ENOMEM;
2042 }
2043 }
2044 cmd = mtod(m, struct wpi_tx_cmd *);
2045 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen,
2046 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE);
2047 if (error != 0) {
2048 m_freem(m);
2049 return error;
2050 }
2051 data->m = m;
2052 paddr = data->map->dm_segs[0].ds_addr;
2053 } else {
2054 cmd = &ring->cmd[ring->cur];
2055 paddr = data->cmd_paddr;
2056 }
2057
2058 cmd->code = code;
2059 cmd->flags = 0;
2060 cmd->qid = ring->qid;
2061 cmd->idx = ring->cur;
2062 memcpy(cmd->data, buf, size);
2063
2064 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24);
2065 desc->segs[0].addr = htole32(paddr);
2066 desc->segs[0].len = htole32(totlen);
2067
2068 if (size > sizeof cmd->data) {
2069 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen,
2070 BUS_DMASYNC_PREWRITE);
2071 } else {
2072 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map,
2073 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen,
2074 BUS_DMASYNC_PREWRITE);
2075 }
2076 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map,
2077 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc),
2078 BUS_DMASYNC_PREWRITE);
2079
2080 /* Kick command ring. */
2081 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT;
2082 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
2083
2084 return async ? 0 : tsleep_nsec(cmd, PCATCH, "wpicmd", SEC_TO_NSEC(1));
2085 }
2086
2087 /*
2088 * Configure HW multi-rate retries.
2089 */
2090 int
wpi_mrr_setup(struct wpi_softc * sc)2091 wpi_mrr_setup(struct wpi_softc *sc)
2092 {
2093 struct ieee80211com *ic = &sc->sc_ic;
2094 struct wpi_mrr_setup mrr;
2095 int i, error;
2096
2097 /* CCK rates (not used with 802.11a). */
2098 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) {
2099 mrr.rates[i].flags = 0;
2100 mrr.rates[i].plcp = wpi_rates[i].plcp;
2101 /* Fallback to the immediate lower CCK rate (if any.) */
2102 mrr.rates[i].next =
2103 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1;
2104 /* Try one time at this rate before falling back to "next". */
2105 mrr.rates[i].ntries = 1;
2106 }
2107 /* OFDM rates (not used with 802.11b). */
2108 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) {
2109 mrr.rates[i].flags = 0;
2110 mrr.rates[i].plcp = wpi_rates[i].plcp;
2111 /* Fallback to the immediate lower rate (if any.) */
2112 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */
2113 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ?
2114 ((ic->ic_curmode == IEEE80211_MODE_11A) ?
2115 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) :
2116 i - 1;
2117 /* Try one time at this rate before falling back to "next". */
2118 mrr.rates[i].ntries = 1;
2119 }
2120 /* Setup MRR for control frames. */
2121 mrr.which = htole32(WPI_MRR_CTL);
2122 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0);
2123 if (error != 0) {
2124 printf("%s: could not setup MRR for control frames\n",
2125 sc->sc_dev.dv_xname);
2126 return error;
2127 }
2128 /* Setup MRR for data frames. */
2129 mrr.which = htole32(WPI_MRR_DATA);
2130 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0);
2131 if (error != 0) {
2132 printf("%s: could not setup MRR for data frames\n",
2133 sc->sc_dev.dv_xname);
2134 return error;
2135 }
2136 return 0;
2137 }
2138
2139 void
wpi_updateedca(struct ieee80211com * ic)2140 wpi_updateedca(struct ieee80211com *ic)
2141 {
2142 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */
2143 struct wpi_softc *sc = ic->ic_softc;
2144 struct wpi_edca_params cmd;
2145 int aci;
2146
2147 memset(&cmd, 0, sizeof cmd);
2148 cmd.flags = htole32(WPI_EDCA_UPDATE);
2149 for (aci = 0; aci < EDCA_NUM_AC; aci++) {
2150 const struct ieee80211_edca_ac_params *ac =
2151 &ic->ic_edca_ac[aci];
2152 cmd.ac[aci].aifsn = ac->ac_aifsn;
2153 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin));
2154 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax));
2155 cmd.ac[aci].txoplimit =
2156 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit));
2157 }
2158 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1);
2159 #undef WPI_EXP2
2160 }
2161
2162 void
wpi_set_led(struct wpi_softc * sc,uint8_t which,uint8_t off,uint8_t on)2163 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on)
2164 {
2165 struct wpi_cmd_led led;
2166
2167 led.which = which;
2168 led.unit = htole32(100000); /* on/off in unit of 100ms */
2169 led.off = off;
2170 led.on = on;
2171 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1);
2172 }
2173
2174 int
wpi_set_timing(struct wpi_softc * sc,struct ieee80211_node * ni)2175 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni)
2176 {
2177 struct wpi_cmd_timing cmd;
2178 uint64_t val, mod;
2179
2180 memset(&cmd, 0, sizeof cmd);
2181 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t));
2182 cmd.bintval = htole16(ni->ni_intval);
2183 cmd.lintval = htole16(10);
2184
2185 /* Compute remaining time until next beacon. */
2186 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */
2187 mod = letoh64(cmd.tstamp) % val;
2188 cmd.binitval = htole32((uint32_t)(val - mod));
2189
2190 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n",
2191 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod)));
2192
2193 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1);
2194 }
2195
2196 /*
2197 * This function is called periodically (every minute) to adjust TX power
2198 * based on temperature variation.
2199 */
2200 void
wpi_power_calibration(struct wpi_softc * sc)2201 wpi_power_calibration(struct wpi_softc *sc)
2202 {
2203 int temp;
2204
2205 temp = (int)WPI_READ(sc, WPI_UCODE_GP2);
2206 /* Sanity-check temperature. */
2207 if (temp < -260 || temp > 25) {
2208 /* This can't be correct, ignore. */
2209 DPRINTF(("out-of-range temperature reported: %d\n", temp));
2210 return;
2211 }
2212 DPRINTF(("temperature %d->%d\n", sc->temp, temp));
2213 /* Adjust TX power if need be (delta > 6). */
2214 if (abs(temp - sc->temp) > 6) {
2215 /* Record temperature of last calibration. */
2216 sc->temp = temp;
2217 (void)wpi_set_txpower(sc, 1);
2218 }
2219 }
2220
2221 /*
2222 * Set TX power for current channel (each rate has its own power settings).
2223 */
2224 int
wpi_set_txpower(struct wpi_softc * sc,int async)2225 wpi_set_txpower(struct wpi_softc *sc, int async)
2226 {
2227 struct ieee80211com *ic = &sc->sc_ic;
2228 struct ieee80211_channel *ch;
2229 struct wpi_power_group *group;
2230 struct wpi_cmd_txpower cmd;
2231 u_int chan;
2232 int idx, i;
2233
2234 /* Retrieve current channel from last RXON. */
2235 chan = sc->rxon.chan;
2236 DPRINTF(("setting TX power for channel %d\n", chan));
2237 ch = &ic->ic_channels[chan];
2238
2239 /* Find the TX power group to which this channel belongs. */
2240 if (IEEE80211_IS_CHAN_5GHZ(ch)) {
2241 for (group = &sc->groups[1]; group < &sc->groups[4]; group++)
2242 if (chan <= group->chan)
2243 break;
2244 } else
2245 group = &sc->groups[0];
2246
2247 memset(&cmd, 0, sizeof cmd);
2248 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1;
2249 cmd.chan = htole16(chan);
2250
2251 /* Set TX power for all OFDM and CCK rates. */
2252 for (i = 0; i <= WPI_RIDX_MAX ; i++) {
2253 /* Retrieve TX power for this channel/rate. */
2254 idx = wpi_get_power_index(sc, group, ch, i);
2255
2256 cmd.rates[i].plcp = wpi_rates[i].plcp;
2257
2258 if (IEEE80211_IS_CHAN_5GHZ(ch)) {
2259 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx];
2260 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx];
2261 } else {
2262 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx];
2263 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx];
2264 }
2265 DPRINTF(("chan %d/rate %d: power index %d\n", chan,
2266 wpi_rates[i].rate, idx));
2267 }
2268 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async);
2269 }
2270
2271 /*
2272 * Determine TX power index for a given channel/rate combination.
2273 * This takes into account the regulatory information from EEPROM and the
2274 * current temperature.
2275 */
2276 int
wpi_get_power_index(struct wpi_softc * sc,struct wpi_power_group * group,struct ieee80211_channel * c,int ridx)2277 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group,
2278 struct ieee80211_channel *c, int ridx)
2279 {
2280 /* Fixed-point arithmetic division using a n-bit fractional part. */
2281 #define fdivround(a, b, n) \
2282 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n))
2283
2284 /* Linear interpolation. */
2285 #define interpolate(x, x1, y1, x2, y2, n) \
2286 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n))
2287
2288 struct ieee80211com *ic = &sc->sc_ic;
2289 struct wpi_power_sample *sample;
2290 int pwr, idx;
2291 u_int chan;
2292
2293 /* Get channel number. */
2294 chan = ieee80211_chan2ieee(ic, c);
2295
2296 /* Default TX power is group maximum TX power minus 3dB. */
2297 pwr = group->maxpwr / 2;
2298
2299 /* Decrease TX power for highest OFDM rates to reduce distortion. */
2300 switch (ridx) {
2301 case WPI_RIDX_OFDM36:
2302 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5;
2303 break;
2304 case WPI_RIDX_OFDM48:
2305 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10;
2306 break;
2307 case WPI_RIDX_OFDM54:
2308 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12;
2309 break;
2310 }
2311
2312 /* Never exceed the channel maximum allowed TX power. */
2313 pwr = MIN(pwr, sc->maxpwr[chan]);
2314
2315 /* Retrieve TX power index into gain tables from samples. */
2316 for (sample = group->samples; sample < &group->samples[3]; sample++)
2317 if (pwr > sample[1].power)
2318 break;
2319 /* Fixed-point linear interpolation using a 19-bit fractional part. */
2320 idx = interpolate(pwr, sample[0].power, sample[0].index,
2321 sample[1].power, sample[1].index, 19);
2322
2323 /*-
2324 * Adjust power index based on current temperature:
2325 * - if cooler than factory-calibrated: decrease output power
2326 * - if warmer than factory-calibrated: increase output power
2327 */
2328 idx -= (sc->temp - group->temp) * 11 / 100;
2329
2330 /* Decrease TX power for CCK rates (-5dB). */
2331 if (ridx >= WPI_RIDX_CCK1)
2332 idx += 10;
2333
2334 /* Make sure idx stays in a valid range. */
2335 if (idx < 0)
2336 idx = 0;
2337 else if (idx > WPI_MAX_PWR_INDEX)
2338 idx = WPI_MAX_PWR_INDEX;
2339 return idx;
2340
2341 #undef interpolate
2342 #undef fdivround
2343 }
2344
2345 /*
2346 * Set STA mode power saving level (between 0 and 5).
2347 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving.
2348 */
2349 int
wpi_set_pslevel(struct wpi_softc * sc,int dtim,int level,int async)2350 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async)
2351 {
2352 struct wpi_pmgt_cmd cmd;
2353 const struct wpi_pmgt *pmgt;
2354 uint32_t max, skip_dtim;
2355 pcireg_t reg;
2356 int i;
2357
2358 /* Select which PS parameters to use. */
2359 if (dtim <= 10)
2360 pmgt = &wpi_pmgt[0][level];
2361 else
2362 pmgt = &wpi_pmgt[1][level];
2363
2364 memset(&cmd, 0, sizeof cmd);
2365 if (level != 0) /* not CAM */
2366 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP);
2367 /* Retrieve PCIe Active State Power Management (ASPM). */
2368 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag,
2369 sc->sc_cap_off + PCI_PCIE_LCSR);
2370 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */
2371 cmd.flags |= htole16(WPI_PS_PCI_PMGT);
2372 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024);
2373 cmd.txtimeout = htole32(pmgt->txtimeout * 1024);
2374
2375 if (dtim == 0) {
2376 dtim = 1;
2377 skip_dtim = 0;
2378 } else
2379 skip_dtim = pmgt->skip_dtim;
2380 if (skip_dtim != 0) {
2381 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM);
2382 max = pmgt->intval[4];
2383 if (max == (uint32_t)-1)
2384 max = dtim * (skip_dtim + 1);
2385 else if (max > dtim)
2386 max = (max / dtim) * dtim;
2387 } else
2388 max = dtim;
2389 for (i = 0; i < 5; i++)
2390 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i]));
2391
2392 DPRINTF(("setting power saving level to %d\n", level));
2393 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async);
2394 }
2395
2396 int
wpi_config(struct wpi_softc * sc)2397 wpi_config(struct wpi_softc *sc)
2398 {
2399 struct ieee80211com *ic = &sc->sc_ic;
2400 struct ifnet *ifp = &ic->ic_if;
2401 struct wpi_bluetooth bluetooth;
2402 struct wpi_node_info node;
2403 int error;
2404
2405 /* Set power saving level to CAM during initialization. */
2406 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) {
2407 printf("%s: could not set power saving level\n",
2408 sc->sc_dev.dv_xname);
2409 return error;
2410 }
2411
2412 /* Configure bluetooth coexistence. */
2413 memset(&bluetooth, 0, sizeof bluetooth);
2414 bluetooth.flags = WPI_BT_COEX_MODE_4WIRE;
2415 bluetooth.lead_time = WPI_BT_LEAD_TIME_DEF;
2416 bluetooth.max_kill = WPI_BT_MAX_KILL_DEF;
2417 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0);
2418 if (error != 0) {
2419 printf("%s: could not configure bluetooth coexistence\n",
2420 sc->sc_dev.dv_xname);
2421 return error;
2422 }
2423
2424 /* Configure adapter. */
2425 memset(&sc->rxon, 0, sizeof (struct wpi_rxon));
2426 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl));
2427 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr);
2428 /* Set default channel. */
2429 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan);
2430 sc->rxon.flags = htole32(WPI_RXON_TSF);
2431 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan))
2432 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ);
2433 switch (ic->ic_opmode) {
2434 case IEEE80211_M_STA:
2435 sc->rxon.mode = WPI_MODE_STA;
2436 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST);
2437 break;
2438 case IEEE80211_M_MONITOR:
2439 sc->rxon.mode = WPI_MODE_MONITOR;
2440 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST |
2441 WPI_FILTER_CTL | WPI_FILTER_PROMISC);
2442 break;
2443 default:
2444 /* Should not get there. */
2445 break;
2446 }
2447 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */
2448 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */
2449 DPRINTF(("setting configuration\n"));
2450 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon),
2451 0);
2452 if (error != 0) {
2453 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname);
2454 return error;
2455 }
2456
2457 /* Configuration has changed, set TX power accordingly. */
2458 if ((error = wpi_set_txpower(sc, 0)) != 0) {
2459 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname);
2460 return error;
2461 }
2462
2463 /* Add broadcast node. */
2464 memset(&node, 0, sizeof node);
2465 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr);
2466 node.id = WPI_ID_BROADCAST;
2467 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp;
2468 node.action = htole32(WPI_ACTION_SET_RATE);
2469 node.antenna = WPI_ANTENNA_BOTH;
2470 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0);
2471 if (error != 0) {
2472 printf("%s: could not add broadcast node\n",
2473 sc->sc_dev.dv_xname);
2474 return error;
2475 }
2476
2477 if ((error = wpi_mrr_setup(sc)) != 0) {
2478 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname);
2479 return error;
2480 }
2481 return 0;
2482 }
2483
2484 int
wpi_scan(struct wpi_softc * sc,uint16_t flags)2485 wpi_scan(struct wpi_softc *sc, uint16_t flags)
2486 {
2487 struct ieee80211com *ic = &sc->sc_ic;
2488 struct wpi_scan_hdr *hdr;
2489 struct wpi_cmd_data *tx;
2490 struct wpi_scan_essid *essid;
2491 struct wpi_scan_chan *chan;
2492 struct ieee80211_frame *wh;
2493 struct ieee80211_rateset *rs;
2494 struct ieee80211_channel *c;
2495 uint8_t *buf, *frm;
2496 int buflen, error;
2497
2498 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO);
2499 if (buf == NULL) {
2500 printf("%s: could not allocate buffer for scan command\n",
2501 sc->sc_dev.dv_xname);
2502 return ENOMEM;
2503 }
2504 hdr = (struct wpi_scan_hdr *)buf;
2505 /*
2506 * Move to the next channel if no frames are received within 10ms
2507 * after sending the probe request.
2508 */
2509 hdr->quiet_time = htole16(10); /* timeout in milliseconds */
2510 hdr->quiet_threshold = htole16(1); /* min # of packets */
2511
2512 tx = (struct wpi_cmd_data *)(hdr + 1);
2513 tx->flags = htole32(WPI_TX_AUTO_SEQ);
2514 tx->id = WPI_ID_BROADCAST;
2515 tx->lifetime = htole32(WPI_LIFETIME_INFINITE);
2516
2517 if (flags & IEEE80211_CHAN_5GHZ) {
2518 hdr->crc_threshold = htole16(1);
2519 /* Send probe requests at 6Mbps. */
2520 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp;
2521 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A];
2522 } else {
2523 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO);
2524 /* Send probe requests at 1Mbps. */
2525 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp;
2526 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G];
2527 }
2528
2529 essid = (struct wpi_scan_essid *)(tx + 1);
2530 if (ic->ic_des_esslen != 0) {
2531 essid[0].id = IEEE80211_ELEMID_SSID;
2532 essid[0].len = ic->ic_des_esslen;
2533 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen);
2534 }
2535 /*
2536 * Build a probe request frame. Most of the following code is a
2537 * copy & paste of what is done in net80211.
2538 */
2539 wh = (struct ieee80211_frame *)(essid + 4);
2540 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
2541 IEEE80211_FC0_SUBTYPE_PROBE_REQ;
2542 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2543 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr);
2544 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr);
2545 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr);
2546 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */
2547 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */
2548
2549 frm = (uint8_t *)(wh + 1);
2550 frm = ieee80211_add_ssid(frm, NULL, 0);
2551 frm = ieee80211_add_rates(frm, rs);
2552 if (rs->rs_nrates > IEEE80211_RATE_SIZE)
2553 frm = ieee80211_add_xrates(frm, rs);
2554
2555 /* Set length of probe request. */
2556 tx->len = htole16(frm - (uint8_t *)wh);
2557
2558 chan = (struct wpi_scan_chan *)frm;
2559 for (c = &ic->ic_channels[1];
2560 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) {
2561 if ((c->ic_flags & flags) != flags)
2562 continue;
2563
2564 chan->chan = ieee80211_chan2ieee(ic, c);
2565 DPRINTFN(2, ("adding channel %d\n", chan->chan));
2566 chan->flags = 0;
2567 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE))
2568 chan->flags |= WPI_CHAN_ACTIVE;
2569 if (ic->ic_des_esslen != 0)
2570 chan->flags |= WPI_CHAN_NPBREQS(1);
2571 chan->dsp_gain = 0x6e;
2572 if (IEEE80211_IS_CHAN_5GHZ(c)) {
2573 chan->rf_gain = 0x3b;
2574 chan->active = htole16(24);
2575 chan->passive = htole16(110);
2576 } else {
2577 chan->rf_gain = 0x28;
2578 chan->active = htole16(36);
2579 chan->passive = htole16(120);
2580 }
2581 hdr->nchan++;
2582 chan++;
2583 }
2584
2585 buflen = (uint8_t *)chan - buf;
2586 hdr->len = htole16(buflen);
2587
2588 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan));
2589 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1);
2590 free(buf, M_DEVBUF, WPI_SCAN_MAXSZ);
2591 return error;
2592 }
2593
2594 int
wpi_auth(struct wpi_softc * sc)2595 wpi_auth(struct wpi_softc *sc)
2596 {
2597 struct ieee80211com *ic = &sc->sc_ic;
2598 struct ieee80211_node *ni = ic->ic_bss;
2599 struct wpi_node_info node;
2600 int error;
2601
2602 /* Update adapter configuration. */
2603 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid);
2604 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan);
2605 sc->rxon.flags = htole32(WPI_RXON_TSF);
2606 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
2607 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ);
2608 if (ic->ic_flags & IEEE80211_F_SHSLOT)
2609 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT);
2610 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
2611 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE);
2612 switch (ic->ic_curmode) {
2613 case IEEE80211_MODE_11A:
2614 sc->rxon.cck_mask = 0;
2615 sc->rxon.ofdm_mask = 0x15;
2616 break;
2617 case IEEE80211_MODE_11B:
2618 sc->rxon.cck_mask = 0x03;
2619 sc->rxon.ofdm_mask = 0;
2620 break;
2621 default: /* Assume 802.11b/g. */
2622 sc->rxon.cck_mask = 0x0f;
2623 sc->rxon.ofdm_mask = 0x15;
2624 }
2625 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan,
2626 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask));
2627 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon),
2628 1);
2629 if (error != 0) {
2630 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname);
2631 return error;
2632 }
2633
2634 /* Configuration has changed, set TX power accordingly. */
2635 if ((error = wpi_set_txpower(sc, 1)) != 0) {
2636 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname);
2637 return error;
2638 }
2639 /*
2640 * Reconfiguring RXON clears the firmware nodes table so we must
2641 * add the broadcast node again.
2642 */
2643 memset(&node, 0, sizeof node);
2644 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr);
2645 node.id = WPI_ID_BROADCAST;
2646 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ?
2647 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp;
2648 node.action = htole32(WPI_ACTION_SET_RATE);
2649 node.antenna = WPI_ANTENNA_BOTH;
2650 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1);
2651 if (error != 0) {
2652 printf("%s: could not add broadcast node\n",
2653 sc->sc_dev.dv_xname);
2654 return error;
2655 }
2656 return 0;
2657 }
2658
2659 int
wpi_run(struct wpi_softc * sc)2660 wpi_run(struct wpi_softc *sc)
2661 {
2662 struct ieee80211com *ic = &sc->sc_ic;
2663 struct ieee80211_node *ni = ic->ic_bss;
2664 struct wpi_node_info node;
2665 int error;
2666
2667 if (ic->ic_opmode == IEEE80211_M_MONITOR) {
2668 /* Link LED blinks while monitoring. */
2669 wpi_set_led(sc, WPI_LED_LINK, 5, 5);
2670 return 0;
2671 }
2672 if ((error = wpi_set_timing(sc, ni)) != 0) {
2673 printf("%s: could not set timing\n", sc->sc_dev.dv_xname);
2674 return error;
2675 }
2676
2677 /* Update adapter configuration. */
2678 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd));
2679 /* Short preamble and slot time are negotiated when associating. */
2680 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT);
2681 if (ic->ic_flags & IEEE80211_F_SHSLOT)
2682 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT);
2683 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
2684 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE);
2685 sc->rxon.filter |= htole32(WPI_FILTER_BSS);
2686 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags));
2687 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon),
2688 1);
2689 if (error != 0) {
2690 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname);
2691 return error;
2692 }
2693
2694 /* Configuration has changed, set TX power accordingly. */
2695 if ((error = wpi_set_txpower(sc, 1)) != 0) {
2696 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname);
2697 return error;
2698 }
2699
2700 /* Fake a join to init the TX rate. */
2701 ((struct wpi_node *)ni)->id = WPI_ID_BSS;
2702 wpi_newassoc(ic, ni, 1);
2703
2704 /* Add BSS node. */
2705 memset(&node, 0, sizeof node);
2706 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid);
2707 node.id = WPI_ID_BSS;
2708 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ?
2709 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp;
2710 node.action = htole32(WPI_ACTION_SET_RATE);
2711 node.antenna = WPI_ANTENNA_BOTH;
2712 DPRINTF(("adding BSS node\n"));
2713 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1);
2714 if (error != 0) {
2715 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname);
2716 return error;
2717 }
2718
2719 /* Start periodic calibration timer. */
2720 sc->calib_cnt = 0;
2721 timeout_add_msec(&sc->calib_to, 500);
2722
2723 /* Link LED always on while associated. */
2724 wpi_set_led(sc, WPI_LED_LINK, 0, 1);
2725
2726 /* Enable power-saving mode if requested by user. */
2727 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON)
2728 (void)wpi_set_pslevel(sc, 0, 3, 1);
2729
2730 return 0;
2731 }
2732
2733 /*
2734 * We support CCMP hardware encryption/decryption of unicast frames only.
2735 * HW support for TKIP really sucks. We should let TKIP die anyway.
2736 */
2737 int
wpi_set_key(struct ieee80211com * ic,struct ieee80211_node * ni,struct ieee80211_key * k)2738 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
2739 struct ieee80211_key *k)
2740 {
2741 struct wpi_softc *sc = ic->ic_softc;
2742 struct wpi_node *wn = (void *)ni;
2743 struct wpi_node_info node;
2744 uint16_t kflags;
2745
2746 if ((k->k_flags & IEEE80211_KEY_GROUP) ||
2747 k->k_cipher != IEEE80211_CIPHER_CCMP)
2748 return ieee80211_set_key(ic, ni, k);
2749
2750 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id);
2751 memset(&node, 0, sizeof node);
2752 node.id = wn->id;
2753 node.control = WPI_NODE_UPDATE;
2754 node.flags = WPI_FLAG_SET_KEY;
2755 node.kflags = htole16(kflags);
2756 memcpy(node.key, k->k_key, k->k_len);
2757 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id));
2758 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1);
2759 }
2760
2761 void
wpi_delete_key(struct ieee80211com * ic,struct ieee80211_node * ni,struct ieee80211_key * k)2762 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
2763 struct ieee80211_key *k)
2764 {
2765 struct wpi_softc *sc = ic->ic_softc;
2766 struct wpi_node *wn = (void *)ni;
2767 struct wpi_node_info node;
2768
2769 if ((k->k_flags & IEEE80211_KEY_GROUP) ||
2770 k->k_cipher != IEEE80211_CIPHER_CCMP) {
2771 /* See comment about other ciphers above. */
2772 ieee80211_delete_key(ic, ni, k);
2773 return;
2774 }
2775 if (ic->ic_state != IEEE80211_S_RUN)
2776 return; /* Nothing to do. */
2777 memset(&node, 0, sizeof node);
2778 node.id = wn->id;
2779 node.control = WPI_NODE_UPDATE;
2780 node.flags = WPI_FLAG_SET_KEY;
2781 node.kflags = 0;
2782 DPRINTF(("delete keys for node %d\n", node.id));
2783 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1);
2784 }
2785
2786 int
wpi_post_alive(struct wpi_softc * sc)2787 wpi_post_alive(struct wpi_softc *sc)
2788 {
2789 int ntries, error;
2790
2791 /* Check (again) that the radio is not disabled. */
2792 if ((error = wpi_nic_lock(sc)) != 0)
2793 return error;
2794 /* NB: Runtime firmware must be up and running. */
2795 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) {
2796 printf("%s: radio is disabled by hardware switch\n",
2797 sc->sc_dev.dv_xname);
2798 wpi_nic_unlock(sc);
2799 return EPERM; /* :-) */
2800 }
2801 wpi_nic_unlock(sc);
2802
2803 /* Wait for thermal sensor to calibrate. */
2804 for (ntries = 0; ntries < 1000; ntries++) {
2805 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0)
2806 break;
2807 DELAY(10);
2808 }
2809 if (ntries == 1000) {
2810 printf("%s: timeout waiting for thermal sensor calibration\n",
2811 sc->sc_dev.dv_xname);
2812 return ETIMEDOUT;
2813 }
2814 DPRINTF(("temperature %d\n", sc->temp));
2815 return 0;
2816 }
2817
2818 /*
2819 * The firmware boot code is small and is intended to be copied directly into
2820 * the NIC internal memory (no DMA transfer.)
2821 */
2822 int
wpi_load_bootcode(struct wpi_softc * sc,const uint8_t * ucode,int size)2823 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size)
2824 {
2825 int error, ntries;
2826
2827 size /= sizeof (uint32_t);
2828
2829 if ((error = wpi_nic_lock(sc)) != 0)
2830 return error;
2831
2832 /* Copy microcode image into NIC memory. */
2833 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE,
2834 (const uint32_t *)ucode, size);
2835
2836 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0);
2837 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE);
2838 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size);
2839
2840 /* Start boot load now. */
2841 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START);
2842
2843 /* Wait for transfer to complete. */
2844 for (ntries = 0; ntries < 1000; ntries++) {
2845 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) &
2846 WPI_BSM_WR_CTRL_START))
2847 break;
2848 DELAY(10);
2849 }
2850 if (ntries == 1000) {
2851 printf("%s: could not load boot firmware\n",
2852 sc->sc_dev.dv_xname);
2853 wpi_nic_unlock(sc);
2854 return ETIMEDOUT;
2855 }
2856
2857 /* Enable boot after power up. */
2858 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN);
2859
2860 wpi_nic_unlock(sc);
2861 return 0;
2862 }
2863
2864 int
wpi_load_firmware(struct wpi_softc * sc)2865 wpi_load_firmware(struct wpi_softc *sc)
2866 {
2867 struct wpi_fw_info *fw = &sc->fw;
2868 struct wpi_dma_info *dma = &sc->fw_dma;
2869 int error;
2870
2871 /* Copy initialization sections into pre-allocated DMA-safe memory. */
2872 memcpy(dma->vaddr, fw->init.data, fw->init.datasz);
2873 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz,
2874 BUS_DMASYNC_PREWRITE);
2875 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ,
2876 fw->init.text, fw->init.textsz);
2877 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ,
2878 fw->init.textsz, BUS_DMASYNC_PREWRITE);
2879
2880 /* Tell adapter where to find initialization sections. */
2881 if ((error = wpi_nic_lock(sc)) != 0)
2882 return error;
2883 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr);
2884 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz);
2885 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR,
2886 dma->paddr + WPI_FW_DATA_MAXSZ);
2887 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz);
2888 wpi_nic_unlock(sc);
2889
2890 /* Load firmware boot code. */
2891 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz);
2892 if (error != 0) {
2893 printf("%s: could not load boot firmware\n",
2894 sc->sc_dev.dv_xname);
2895 return error;
2896 }
2897 /* Now press "execute". */
2898 WPI_WRITE(sc, WPI_RESET, 0);
2899
2900 /* Wait at most one second for first alive notification. */
2901 if ((error = tsleep_nsec(sc, PCATCH, "wpiinit", SEC_TO_NSEC(1))) != 0) {
2902 printf("%s: timeout waiting for adapter to initialize\n",
2903 sc->sc_dev.dv_xname);
2904 return error;
2905 }
2906
2907 /* Copy runtime sections into pre-allocated DMA-safe memory. */
2908 memcpy(dma->vaddr, fw->main.data, fw->main.datasz);
2909 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz,
2910 BUS_DMASYNC_PREWRITE);
2911 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ,
2912 fw->main.text, fw->main.textsz);
2913 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ,
2914 fw->main.textsz, BUS_DMASYNC_PREWRITE);
2915
2916 /* Tell adapter where to find runtime sections. */
2917 if ((error = wpi_nic_lock(sc)) != 0)
2918 return error;
2919 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr);
2920 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz);
2921 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR,
2922 dma->paddr + WPI_FW_DATA_MAXSZ);
2923 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE,
2924 WPI_FW_UPDATED | fw->main.textsz);
2925 wpi_nic_unlock(sc);
2926
2927 return 0;
2928 }
2929
2930 int
wpi_read_firmware(struct wpi_softc * sc)2931 wpi_read_firmware(struct wpi_softc *sc)
2932 {
2933 struct wpi_fw_info *fw = &sc->fw;
2934 const struct wpi_firmware_hdr *hdr;
2935 int error;
2936
2937 /* Read firmware image from filesystem. */
2938 if ((error = loadfirmware("wpi-3945abg", &fw->data, &fw->datalen)) != 0) {
2939 printf("%s: error, %d, could not read firmware %s\n",
2940 sc->sc_dev.dv_xname, error, "wpi-3945abg");
2941 return error;
2942 }
2943 if (fw->datalen < sizeof (*hdr)) {
2944 printf("%s: truncated firmware header: %zu bytes\n",
2945 sc->sc_dev.dv_xname, fw->datalen);
2946 free(fw->data, M_DEVBUF, fw->datalen);
2947 return EINVAL;
2948 }
2949 /* Extract firmware header information. */
2950 hdr = (struct wpi_firmware_hdr *)fw->data;
2951 fw->main.textsz = letoh32(hdr->main_textsz);
2952 fw->main.datasz = letoh32(hdr->main_datasz);
2953 fw->init.textsz = letoh32(hdr->init_textsz);
2954 fw->init.datasz = letoh32(hdr->init_datasz);
2955 fw->boot.textsz = letoh32(hdr->boot_textsz);
2956 fw->boot.datasz = 0;
2957
2958 /* Sanity-check firmware header. */
2959 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ ||
2960 fw->main.datasz > WPI_FW_DATA_MAXSZ ||
2961 fw->init.textsz > WPI_FW_TEXT_MAXSZ ||
2962 fw->init.datasz > WPI_FW_DATA_MAXSZ ||
2963 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ ||
2964 (fw->boot.textsz & 3) != 0) {
2965 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname);
2966 free(fw->data, M_DEVBUF, fw->datalen);
2967 return EINVAL;
2968 }
2969
2970 /* Check that all firmware sections fit. */
2971 if (fw->datalen < sizeof (*hdr) + fw->main.textsz + fw->main.datasz +
2972 fw->init.textsz + fw->init.datasz + fw->boot.textsz) {
2973 printf("%s: firmware file too short: %zu bytes\n",
2974 sc->sc_dev.dv_xname, fw->datalen);
2975 free(fw->data, M_DEVBUF, fw->datalen);
2976 return EINVAL;
2977 }
2978
2979 /* Get pointers to firmware sections. */
2980 fw->main.text = (const uint8_t *)(hdr + 1);
2981 fw->main.data = fw->main.text + fw->main.textsz;
2982 fw->init.text = fw->main.data + fw->main.datasz;
2983 fw->init.data = fw->init.text + fw->init.textsz;
2984 fw->boot.text = fw->init.data + fw->init.datasz;
2985
2986 return 0;
2987 }
2988
2989 int
wpi_clock_wait(struct wpi_softc * sc)2990 wpi_clock_wait(struct wpi_softc *sc)
2991 {
2992 int ntries;
2993
2994 /* Set "initialization complete" bit. */
2995 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE);
2996
2997 /* Wait for clock stabilization. */
2998 for (ntries = 0; ntries < 25000; ntries++) {
2999 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY)
3000 return 0;
3001 DELAY(100);
3002 }
3003 printf("%s: timeout waiting for clock stabilization\n",
3004 sc->sc_dev.dv_xname);
3005 return ETIMEDOUT;
3006 }
3007
3008 int
wpi_apm_init(struct wpi_softc * sc)3009 wpi_apm_init(struct wpi_softc *sc)
3010 {
3011 int error;
3012
3013 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT);
3014 /* Disable L0s. */
3015 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX);
3016
3017 if ((error = wpi_clock_wait(sc)) != 0)
3018 return error;
3019
3020 if ((error = wpi_nic_lock(sc)) != 0)
3021 return error;
3022 /* Enable DMA. */
3023 wpi_prph_write(sc, WPI_APMG_CLK_ENA,
3024 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT);
3025 DELAY(20);
3026 /* Disable L1. */
3027 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS);
3028 wpi_nic_unlock(sc);
3029
3030 return 0;
3031 }
3032
3033 void
wpi_apm_stop_master(struct wpi_softc * sc)3034 wpi_apm_stop_master(struct wpi_softc *sc)
3035 {
3036 int ntries;
3037
3038 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER);
3039
3040 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) ==
3041 WPI_GP_CNTRL_MAC_PS)
3042 return; /* Already asleep. */
3043
3044 for (ntries = 0; ntries < 100; ntries++) {
3045 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED)
3046 return;
3047 DELAY(10);
3048 }
3049 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname);
3050 }
3051
3052 void
wpi_apm_stop(struct wpi_softc * sc)3053 wpi_apm_stop(struct wpi_softc *sc)
3054 {
3055 wpi_apm_stop_master(sc);
3056 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW);
3057 }
3058
3059 void
wpi_nic_config(struct wpi_softc * sc)3060 wpi_nic_config(struct wpi_softc *sc)
3061 {
3062 pcireg_t reg;
3063 uint8_t rev;
3064
3065 /* Voodoo from the reference driver. */
3066 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG);
3067 rev = PCI_REVISION(reg);
3068 if ((rev & 0xc0) == 0x40)
3069 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB);
3070 else if (!(rev & 0x80))
3071 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM);
3072
3073 if (sc->cap == 0x80)
3074 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC);
3075
3076 if ((letoh16(sc->rev) & 0xf0) == 0xd0)
3077 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D);
3078 else
3079 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D);
3080
3081 if (sc->type > 1)
3082 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B);
3083 }
3084
3085 int
wpi_hw_init(struct wpi_softc * sc)3086 wpi_hw_init(struct wpi_softc *sc)
3087 {
3088 int chnl, ntries, error;
3089
3090 /* Clear pending interrupts. */
3091 WPI_WRITE(sc, WPI_INT, 0xffffffff);
3092
3093 if ((error = wpi_apm_init(sc)) != 0) {
3094 printf("%s: could not power ON adapter\n",
3095 sc->sc_dev.dv_xname);
3096 return error;
3097 }
3098
3099 /* Select VMAIN power source. */
3100 if ((error = wpi_nic_lock(sc)) != 0)
3101 return error;
3102 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK);
3103 wpi_nic_unlock(sc);
3104 /* Spin until VMAIN gets selected. */
3105 for (ntries = 0; ntries < 5000; ntries++) {
3106 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN)
3107 break;
3108 DELAY(10);
3109 }
3110 if (ntries == 5000) {
3111 printf("%s: timeout selecting power source\n",
3112 sc->sc_dev.dv_xname);
3113 return ETIMEDOUT;
3114 }
3115
3116 /* Perform adapter initialization. */
3117 (void)wpi_nic_config(sc);
3118
3119 /* Initialize RX ring. */
3120 if ((error = wpi_nic_lock(sc)) != 0)
3121 return error;
3122 /* Set physical address of RX ring. */
3123 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr);
3124 /* Set physical address of RX read pointer. */
3125 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr +
3126 offsetof(struct wpi_shared, next));
3127 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0);
3128 /* Enable RX. */
3129 WPI_WRITE(sc, WPI_FH_RX_CONFIG,
3130 WPI_FH_RX_CONFIG_DMA_ENA |
3131 WPI_FH_RX_CONFIG_RDRBD_ENA |
3132 WPI_FH_RX_CONFIG_WRSTATUS_ENA |
3133 WPI_FH_RX_CONFIG_MAXFRAG |
3134 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) |
3135 WPI_FH_RX_CONFIG_IRQ_DST_HOST |
3136 WPI_FH_RX_CONFIG_IRQ_RBTH(1));
3137 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */
3138 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7);
3139 wpi_nic_unlock(sc);
3140
3141 /* Initialize TX rings. */
3142 if ((error = wpi_nic_lock(sc)) != 0)
3143 return error;
3144 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */
3145 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */
3146 /* Enable all 6 TX rings. */
3147 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f);
3148 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000);
3149 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002);
3150 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4);
3151 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5);
3152 /* Set physical address of TX rings. */
3153 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr);
3154 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5);
3155
3156 /* Enable all DMA channels. */
3157 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) {
3158 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0);
3159 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0);
3160 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008);
3161 }
3162 wpi_nic_unlock(sc);
3163 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */
3164
3165 /* Clear "radio off" and "commands blocked" bits. */
3166 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL);
3167 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED);
3168
3169 /* Clear pending interrupts. */
3170 WPI_WRITE(sc, WPI_INT, 0xffffffff);
3171 /* Enable interrupts. */
3172 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK);
3173
3174 /* _Really_ make sure "radio off" bit is cleared! */
3175 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL);
3176 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL);
3177
3178 if ((error = wpi_load_firmware(sc)) != 0) {
3179 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname);
3180 return error;
3181 }
3182 /* Wait at most one second for firmware alive notification. */
3183 if ((error = tsleep_nsec(sc, PCATCH, "wpiinit", SEC_TO_NSEC(1))) != 0) {
3184 printf("%s: timeout waiting for adapter to initialize\n",
3185 sc->sc_dev.dv_xname);
3186 return error;
3187 }
3188 /* Do post-firmware initialization. */
3189 return wpi_post_alive(sc);
3190 }
3191
3192 void
wpi_hw_stop(struct wpi_softc * sc)3193 wpi_hw_stop(struct wpi_softc *sc)
3194 {
3195 int chnl, qid, ntries;
3196 uint32_t tmp;
3197
3198 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO);
3199
3200 /* Disable interrupts. */
3201 WPI_WRITE(sc, WPI_MASK, 0);
3202 WPI_WRITE(sc, WPI_INT, 0xffffffff);
3203 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff);
3204
3205 /* Make sure we no longer hold the NIC lock. */
3206 wpi_nic_unlock(sc);
3207
3208 if (wpi_nic_lock(sc) == 0) {
3209 /* Stop TX scheduler. */
3210 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0);
3211 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0);
3212
3213 /* Stop all DMA channels. */
3214 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) {
3215 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0);
3216 for (ntries = 0; ntries < 100; ntries++) {
3217 tmp = WPI_READ(sc, WPI_FH_TX_STATUS);
3218 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) ==
3219 WPI_FH_TX_STATUS_IDLE(chnl))
3220 break;
3221 DELAY(10);
3222 }
3223 }
3224 wpi_nic_unlock(sc);
3225 }
3226
3227 /* Stop RX ring. */
3228 wpi_reset_rx_ring(sc, &sc->rxq);
3229
3230 /* Reset all TX rings. */
3231 for (qid = 0; qid < WPI_NTXQUEUES; qid++)
3232 wpi_reset_tx_ring(sc, &sc->txq[qid]);
3233
3234 if (wpi_nic_lock(sc) == 0) {
3235 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT);
3236 wpi_nic_unlock(sc);
3237 }
3238 DELAY(5);
3239 /* Power OFF adapter. */
3240 wpi_apm_stop(sc);
3241 }
3242
3243 int
wpi_init(struct ifnet * ifp)3244 wpi_init(struct ifnet *ifp)
3245 {
3246 struct wpi_softc *sc = ifp->if_softc;
3247 struct ieee80211com *ic = &sc->sc_ic;
3248 int error;
3249
3250 #ifdef notyet
3251 /* Check that the radio is not disabled by hardware switch. */
3252 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) {
3253 printf("%s: radio is disabled by hardware switch\n",
3254 sc->sc_dev.dv_xname);
3255 error = EPERM; /* :-) */
3256 goto fail;
3257 }
3258 #endif
3259 /* Read firmware images from the filesystem. */
3260 if ((error = wpi_read_firmware(sc)) != 0) {
3261 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname);
3262 goto fail;
3263 }
3264
3265 /* Initialize hardware and upload firmware. */
3266 error = wpi_hw_init(sc);
3267 free(sc->fw.data, M_DEVBUF, sc->fw.datalen);
3268 if (error != 0) {
3269 printf("%s: could not initialize hardware\n",
3270 sc->sc_dev.dv_xname);
3271 goto fail;
3272 }
3273
3274 /* Configure adapter now that it is ready. */
3275 if ((error = wpi_config(sc)) != 0) {
3276 printf("%s: could not configure device\n",
3277 sc->sc_dev.dv_xname);
3278 goto fail;
3279 }
3280
3281 ifq_clr_oactive(&ifp->if_snd);
3282 ifp->if_flags |= IFF_RUNNING;
3283
3284 if (ic->ic_opmode != IEEE80211_M_MONITOR)
3285 ieee80211_begin_scan(ifp);
3286 else
3287 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
3288
3289 return 0;
3290
3291 fail: wpi_stop(ifp, 1);
3292 return error;
3293 }
3294
3295 void
wpi_stop(struct ifnet * ifp,int disable)3296 wpi_stop(struct ifnet *ifp, int disable)
3297 {
3298 struct wpi_softc *sc = ifp->if_softc;
3299 struct ieee80211com *ic = &sc->sc_ic;
3300
3301 ifp->if_timer = sc->sc_tx_timer = 0;
3302 ifp->if_flags &= ~IFF_RUNNING;
3303 ifq_clr_oactive(&ifp->if_snd);
3304
3305 ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
3306
3307 /* Power OFF hardware. */
3308 wpi_hw_stop(sc);
3309 }
3310