1 /* $OpenBSD: if_wpi.c,v 1.133 2016/04/13 10:34:32 mpi Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/kernel.h> 30 #include <sys/socket.h> 31 #include <sys/systm.h> 32 #include <sys/malloc.h> 33 #include <sys/conf.h> 34 #include <sys/device.h> 35 #include <sys/task.h> 36 #include <sys/endian.h> 37 38 #include <machine/bus.h> 39 #include <machine/intr.h> 40 41 #include <dev/pci/pcireg.h> 42 #include <dev/pci/pcivar.h> 43 #include <dev/pci/pcidevs.h> 44 45 #if NBPFILTER > 0 46 #include <net/bpf.h> 47 #endif 48 #include <net/if.h> 49 #include <net/if_dl.h> 50 #include <net/if_media.h> 51 52 #include <netinet/in.h> 53 #include <netinet/if_ether.h> 54 55 #include <net80211/ieee80211_var.h> 56 #include <net80211/ieee80211_amrr.h> 57 #include <net80211/ieee80211_radiotap.h> 58 59 #include <dev/pci/if_wpireg.h> 60 #include <dev/pci/if_wpivar.h> 61 62 static const struct pci_matchid wpi_devices[] = { 63 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 64 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 65 }; 66 67 int wpi_match(struct device *, void *, void *); 68 void wpi_attach(struct device *, struct device *, void *); 69 #if NBPFILTER > 0 70 void wpi_radiotap_attach(struct wpi_softc *); 71 #endif 72 int wpi_detach(struct device *, int); 73 int wpi_activate(struct device *, int); 74 void wpi_wakeup(struct wpi_softc *); 75 void wpi_init_task(void *); 76 int wpi_nic_lock(struct wpi_softc *); 77 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 78 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 79 void **, bus_size_t, bus_size_t); 80 void wpi_dma_contig_free(struct wpi_dma_info *); 81 int wpi_alloc_shared(struct wpi_softc *); 82 void wpi_free_shared(struct wpi_softc *); 83 int wpi_alloc_fwmem(struct wpi_softc *); 84 void wpi_free_fwmem(struct wpi_softc *); 85 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 86 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 87 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 88 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 89 int); 90 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 91 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 92 int wpi_read_eeprom(struct wpi_softc *); 93 void wpi_read_eeprom_channels(struct wpi_softc *, int); 94 void wpi_read_eeprom_group(struct wpi_softc *, int); 95 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 96 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 97 int); 98 int wpi_media_change(struct ifnet *); 99 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 100 void wpi_iter_func(void *, struct ieee80211_node *); 101 void wpi_calib_timeout(void *); 102 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 103 struct ieee80211_key *); 104 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 105 struct wpi_rx_data *); 106 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 107 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 108 void wpi_notif_intr(struct wpi_softc *); 109 void wpi_fatal_intr(struct wpi_softc *); 110 int wpi_intr(void *); 111 int wpi_tx(struct wpi_softc *, struct mbuf *, 112 struct ieee80211_node *); 113 void wpi_start(struct ifnet *); 114 void wpi_watchdog(struct ifnet *); 115 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 116 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 117 int wpi_mrr_setup(struct wpi_softc *); 118 void wpi_updateedca(struct ieee80211com *); 119 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 120 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 121 void wpi_power_calibration(struct wpi_softc *); 122 int wpi_set_txpower(struct wpi_softc *, int); 123 int wpi_get_power_index(struct wpi_softc *, 124 struct wpi_power_group *, struct ieee80211_channel *, int); 125 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 126 int wpi_config(struct wpi_softc *); 127 int wpi_scan(struct wpi_softc *, uint16_t); 128 int wpi_auth(struct wpi_softc *); 129 int wpi_run(struct wpi_softc *); 130 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 131 struct ieee80211_key *); 132 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 133 struct ieee80211_key *); 134 int wpi_post_alive(struct wpi_softc *); 135 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 136 int wpi_load_firmware(struct wpi_softc *); 137 int wpi_read_firmware(struct wpi_softc *); 138 int wpi_clock_wait(struct wpi_softc *); 139 int wpi_apm_init(struct wpi_softc *); 140 void wpi_apm_stop_master(struct wpi_softc *); 141 void wpi_apm_stop(struct wpi_softc *); 142 void wpi_nic_config(struct wpi_softc *); 143 int wpi_hw_init(struct wpi_softc *); 144 void wpi_hw_stop(struct wpi_softc *); 145 int wpi_init(struct ifnet *); 146 void wpi_stop(struct ifnet *, int); 147 148 #ifdef WPI_DEBUG 149 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 150 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 151 int wpi_debug = 0; 152 #else 153 #define DPRINTF(x) 154 #define DPRINTFN(n, x) 155 #endif 156 157 struct cfdriver wpi_cd = { 158 NULL, "wpi", DV_IFNET 159 }; 160 161 struct cfattach wpi_ca = { 162 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach, 163 wpi_activate 164 }; 165 166 int 167 wpi_match(struct device *parent, void *match, void *aux) 168 { 169 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 170 nitems(wpi_devices)); 171 } 172 173 void 174 wpi_attach(struct device *parent, struct device *self, void *aux) 175 { 176 struct wpi_softc *sc = (struct wpi_softc *)self; 177 struct ieee80211com *ic = &sc->sc_ic; 178 struct ifnet *ifp = &ic->ic_if; 179 struct pci_attach_args *pa = aux; 180 const char *intrstr; 181 pci_intr_handle_t ih; 182 pcireg_t memtype, reg; 183 int i, error; 184 185 sc->sc_pct = pa->pa_pc; 186 sc->sc_pcitag = pa->pa_tag; 187 sc->sc_dmat = pa->pa_dmat; 188 189 /* 190 * Get the offset of the PCI Express Capability Structure in PCI 191 * Configuration Space (the vendor driver hard-codes it as E0h.) 192 */ 193 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 194 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 195 if (error == 0) { 196 printf(": PCIe capability structure not found!\n"); 197 return; 198 } 199 200 /* Clear device-specific "PCI retry timeout" register (41h). */ 201 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 202 reg &= ~0xff00; 203 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 204 205 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 206 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 207 &sc->sc_sh, NULL, &sc->sc_sz, 0); 208 if (error != 0) { 209 printf(": can't map mem space\n"); 210 return; 211 } 212 213 /* Install interrupt handler. */ 214 if (pci_intr_map_msi(pa, &ih) != 0 && pci_intr_map(pa, &ih) != 0) { 215 printf(": can't map interrupt\n"); 216 return; 217 } 218 intrstr = pci_intr_string(sc->sc_pct, ih); 219 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 220 sc->sc_dev.dv_xname); 221 if (sc->sc_ih == NULL) { 222 printf(": can't establish interrupt"); 223 if (intrstr != NULL) 224 printf(" at %s", intrstr); 225 printf("\n"); 226 return; 227 } 228 printf(": %s", intrstr); 229 230 /* Power ON adapter. */ 231 if ((error = wpi_apm_init(sc)) != 0) { 232 printf(": could not power ON adapter\n"); 233 return; 234 } 235 236 /* Read MAC address, channels, etc from EEPROM. */ 237 if ((error = wpi_read_eeprom(sc)) != 0) { 238 printf(": could not read EEPROM\n"); 239 return; 240 } 241 242 /* Allocate DMA memory for firmware transfers. */ 243 if ((error = wpi_alloc_fwmem(sc)) != 0) { 244 printf(": could not allocate memory for firmware\n"); 245 return; 246 } 247 248 /* Allocate shared area. */ 249 if ((error = wpi_alloc_shared(sc)) != 0) { 250 printf(": could not allocate shared area\n"); 251 goto fail1; 252 } 253 254 /* Allocate TX rings. */ 255 for (i = 0; i < WPI_NTXQUEUES; i++) { 256 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 257 printf(": could not allocate TX ring %d\n", i); 258 goto fail2; 259 } 260 } 261 262 /* Allocate RX ring. */ 263 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 264 printf(": could not allocate Rx ring\n"); 265 goto fail2; 266 } 267 268 /* Power OFF adapter. */ 269 wpi_apm_stop(sc); 270 /* Clear pending interrupts. */ 271 WPI_WRITE(sc, WPI_INT, 0xffffffff); 272 273 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 274 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 275 ic->ic_state = IEEE80211_S_INIT; 276 277 /* Set device capabilities. */ 278 ic->ic_caps = 279 IEEE80211_C_WEP | /* WEP */ 280 IEEE80211_C_RSN | /* WPA/RSN */ 281 IEEE80211_C_MONITOR | /* monitor mode supported */ 282 IEEE80211_C_SHSLOT | /* short slot time supported */ 283 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 284 IEEE80211_C_PMGT; /* power saving supported */ 285 286 /* Set supported rates. */ 287 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 288 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 289 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 290 ic->ic_sup_rates[IEEE80211_MODE_11A] = 291 ieee80211_std_rateset_11a; 292 } 293 294 /* IBSS channel undefined for now. */ 295 ic->ic_ibss_chan = &ic->ic_channels[0]; 296 297 ifp->if_softc = sc; 298 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 299 ifp->if_ioctl = wpi_ioctl; 300 ifp->if_start = wpi_start; 301 ifp->if_watchdog = wpi_watchdog; 302 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 303 304 if_attach(ifp); 305 ieee80211_ifattach(ifp); 306 ic->ic_node_alloc = wpi_node_alloc; 307 ic->ic_newassoc = wpi_newassoc; 308 ic->ic_updateedca = wpi_updateedca; 309 ic->ic_set_key = wpi_set_key; 310 ic->ic_delete_key = wpi_delete_key; 311 312 /* Override 802.11 state transition machine. */ 313 sc->sc_newstate = ic->ic_newstate; 314 ic->ic_newstate = wpi_newstate; 315 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 316 317 sc->amrr.amrr_min_success_threshold = 1; 318 sc->amrr.amrr_max_success_threshold = 15; 319 320 #if NBPFILTER > 0 321 wpi_radiotap_attach(sc); 322 #endif 323 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 324 task_set(&sc->init_task, wpi_init_task, sc); 325 return; 326 327 /* Free allocated memory if something failed during attachment. */ 328 fail2: while (--i >= 0) 329 wpi_free_tx_ring(sc, &sc->txq[i]); 330 wpi_free_shared(sc); 331 fail1: wpi_free_fwmem(sc); 332 } 333 334 #if NBPFILTER > 0 335 /* 336 * Attach the interface to 802.11 radiotap. 337 */ 338 void 339 wpi_radiotap_attach(struct wpi_softc *sc) 340 { 341 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 342 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 343 344 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 345 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 346 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 347 348 sc->sc_txtap_len = sizeof sc->sc_txtapu; 349 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 350 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 351 } 352 #endif 353 354 int 355 wpi_detach(struct device *self, int flags) 356 { 357 struct wpi_softc *sc = (struct wpi_softc *)self; 358 struct ifnet *ifp = &sc->sc_ic.ic_if; 359 int qid; 360 361 timeout_del(&sc->calib_to); 362 task_del(systq, &sc->init_task); 363 364 /* Uninstall interrupt handler. */ 365 if (sc->sc_ih != NULL) 366 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 367 368 /* Free DMA resources. */ 369 wpi_free_rx_ring(sc, &sc->rxq); 370 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 371 wpi_free_tx_ring(sc, &sc->txq[qid]); 372 wpi_free_shared(sc); 373 wpi_free_fwmem(sc); 374 375 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 376 377 ieee80211_ifdetach(ifp); 378 if_detach(ifp); 379 380 return 0; 381 } 382 383 int 384 wpi_activate(struct device *self, int act) 385 { 386 struct wpi_softc *sc = (struct wpi_softc *)self; 387 struct ifnet *ifp = &sc->sc_ic.ic_if; 388 389 switch (act) { 390 case DVACT_SUSPEND: 391 if (ifp->if_flags & IFF_RUNNING) 392 wpi_stop(ifp, 0); 393 break; 394 case DVACT_WAKEUP: 395 wpi_wakeup(sc); 396 break; 397 } 398 399 return 0; 400 } 401 402 void 403 wpi_wakeup(struct wpi_softc *sc) 404 { 405 pcireg_t reg; 406 407 /* Clear device-specific "PCI retry timeout" register (41h). */ 408 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 409 reg &= ~0xff00; 410 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 411 412 wpi_init_task(sc); 413 } 414 415 void 416 wpi_init_task(void *arg1) 417 { 418 struct wpi_softc *sc = arg1; 419 struct ifnet *ifp = &sc->sc_ic.ic_if; 420 int s; 421 422 s = splnet(); 423 while (sc->sc_flags & WPI_FLAG_BUSY) 424 tsleep(&sc->sc_flags, 0, "wpipwr", 0); 425 sc->sc_flags |= WPI_FLAG_BUSY; 426 427 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP) 428 wpi_init(ifp); 429 430 sc->sc_flags &= ~WPI_FLAG_BUSY; 431 wakeup(&sc->sc_flags); 432 splx(s); 433 } 434 435 int 436 wpi_nic_lock(struct wpi_softc *sc) 437 { 438 int ntries; 439 440 /* Request exclusive access to NIC. */ 441 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 442 443 /* Spin until we actually get the lock. */ 444 for (ntries = 0; ntries < 1000; ntries++) { 445 if ((WPI_READ(sc, WPI_GP_CNTRL) & 446 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 447 WPI_GP_CNTRL_MAC_ACCESS_ENA) 448 return 0; 449 DELAY(10); 450 } 451 return ETIMEDOUT; 452 } 453 454 static __inline void 455 wpi_nic_unlock(struct wpi_softc *sc) 456 { 457 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 458 } 459 460 static __inline uint32_t 461 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 462 { 463 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 464 WPI_BARRIER_READ_WRITE(sc); 465 return WPI_READ(sc, WPI_PRPH_RDATA); 466 } 467 468 static __inline void 469 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 470 { 471 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 472 WPI_BARRIER_WRITE(sc); 473 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 474 } 475 476 static __inline void 477 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 478 { 479 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 480 } 481 482 static __inline void 483 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 484 { 485 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 486 } 487 488 static __inline void 489 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 490 const uint32_t *data, int count) 491 { 492 for (; count > 0; count--, data++, addr += 4) 493 wpi_prph_write(sc, addr, *data); 494 } 495 496 static __inline uint32_t 497 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 498 { 499 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 500 WPI_BARRIER_READ_WRITE(sc); 501 return WPI_READ(sc, WPI_MEM_RDATA); 502 } 503 504 static __inline void 505 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 506 { 507 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 508 WPI_BARRIER_WRITE(sc); 509 WPI_WRITE(sc, WPI_MEM_WDATA, data); 510 } 511 512 static __inline void 513 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 514 int count) 515 { 516 for (; count > 0; count--, addr += 4) 517 *data++ = wpi_mem_read(sc, addr); 518 } 519 520 int 521 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 522 { 523 uint8_t *out = data; 524 uint32_t val; 525 int error, ntries; 526 527 if ((error = wpi_nic_lock(sc)) != 0) 528 return error; 529 530 for (; count > 0; count -= 2, addr++) { 531 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 532 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 533 534 for (ntries = 0; ntries < 10; ntries++) { 535 val = WPI_READ(sc, WPI_EEPROM); 536 if (val & WPI_EEPROM_READ_VALID) 537 break; 538 DELAY(5); 539 } 540 if (ntries == 10) { 541 printf("%s: could not read EEPROM\n", 542 sc->sc_dev.dv_xname); 543 return ETIMEDOUT; 544 } 545 *out++ = val >> 16; 546 if (count > 1) 547 *out++ = val >> 24; 548 } 549 550 wpi_nic_unlock(sc); 551 return 0; 552 } 553 554 int 555 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 556 bus_size_t size, bus_size_t alignment) 557 { 558 int nsegs, error; 559 560 dma->tag = tag; 561 dma->size = size; 562 563 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 564 &dma->map); 565 if (error != 0) 566 goto fail; 567 568 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 569 BUS_DMA_NOWAIT | BUS_DMA_ZERO); 570 if (error != 0) 571 goto fail; 572 573 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 574 BUS_DMA_NOWAIT | BUS_DMA_COHERENT); 575 if (error != 0) 576 goto fail; 577 578 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, 579 BUS_DMA_NOWAIT); 580 if (error != 0) 581 goto fail; 582 583 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 584 585 dma->paddr = dma->map->dm_segs[0].ds_addr; 586 if (kvap != NULL) 587 *kvap = dma->vaddr; 588 589 return 0; 590 591 fail: wpi_dma_contig_free(dma); 592 return error; 593 } 594 595 void 596 wpi_dma_contig_free(struct wpi_dma_info *dma) 597 { 598 if (dma->map != NULL) { 599 if (dma->vaddr != NULL) { 600 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 601 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 602 bus_dmamap_unload(dma->tag, dma->map); 603 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 604 bus_dmamem_free(dma->tag, &dma->seg, 1); 605 dma->vaddr = NULL; 606 } 607 bus_dmamap_destroy(dma->tag, dma->map); 608 dma->map = NULL; 609 } 610 } 611 612 int 613 wpi_alloc_shared(struct wpi_softc *sc) 614 { 615 /* Shared buffer must be aligned on a 4KB boundary. */ 616 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 617 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 618 } 619 620 void 621 wpi_free_shared(struct wpi_softc *sc) 622 { 623 wpi_dma_contig_free(&sc->shared_dma); 624 } 625 626 int 627 wpi_alloc_fwmem(struct wpi_softc *sc) 628 { 629 /* Allocate enough contiguous space to store text and data. */ 630 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 631 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 632 } 633 634 void 635 wpi_free_fwmem(struct wpi_softc *sc) 636 { 637 wpi_dma_contig_free(&sc->fw_dma); 638 } 639 640 int 641 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 642 { 643 bus_size_t size; 644 int i, error; 645 646 ring->cur = 0; 647 648 /* Allocate RX descriptors (16KB aligned.) */ 649 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 650 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 651 (void **)&ring->desc, size, 16 * 1024); 652 if (error != 0) { 653 printf("%s: could not allocate RX ring DMA memory\n", 654 sc->sc_dev.dv_xname); 655 goto fail; 656 } 657 658 /* 659 * Allocate and map RX buffers. 660 */ 661 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 662 struct wpi_rx_data *data = &ring->data[i]; 663 664 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1, 665 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map); 666 if (error != 0) { 667 printf("%s: could not create RX buf DMA map\n", 668 sc->sc_dev.dv_xname); 669 goto fail; 670 } 671 672 data->m = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 673 if (data->m == NULL) { 674 printf("%s: could not allocate RX mbuf\n", 675 sc->sc_dev.dv_xname); 676 error = ENOBUFS; 677 goto fail; 678 } 679 680 error = bus_dmamap_load(sc->sc_dmat, data->map, 681 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 682 BUS_DMA_NOWAIT | BUS_DMA_READ); 683 if (error != 0) { 684 printf("%s: can't map mbuf (error %d)\n", 685 sc->sc_dev.dv_xname, error); 686 goto fail; 687 } 688 689 /* Set physical address of RX buffer. */ 690 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr); 691 } 692 693 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 694 BUS_DMASYNC_PREWRITE); 695 696 return 0; 697 698 fail: wpi_free_rx_ring(sc, ring); 699 return error; 700 } 701 702 void 703 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 704 { 705 int ntries; 706 707 if (wpi_nic_lock(sc) == 0) { 708 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 709 for (ntries = 0; ntries < 100; ntries++) { 710 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 711 WPI_FH_RX_STATUS_IDLE) 712 break; 713 DELAY(10); 714 } 715 wpi_nic_unlock(sc); 716 } 717 ring->cur = 0; 718 } 719 720 void 721 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 722 { 723 int i; 724 725 wpi_dma_contig_free(&ring->desc_dma); 726 727 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 728 struct wpi_rx_data *data = &ring->data[i]; 729 730 if (data->m != NULL) { 731 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 732 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 733 bus_dmamap_unload(sc->sc_dmat, data->map); 734 m_freem(data->m); 735 } 736 if (data->map != NULL) 737 bus_dmamap_destroy(sc->sc_dmat, data->map); 738 } 739 } 740 741 int 742 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 743 { 744 bus_addr_t paddr; 745 bus_size_t size; 746 int i, error; 747 748 ring->qid = qid; 749 ring->queued = 0; 750 ring->cur = 0; 751 752 /* Allocate TX descriptors (16KB aligned.) */ 753 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 754 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 755 (void **)&ring->desc, size, 16 * 1024); 756 if (error != 0) { 757 printf("%s: could not allocate TX ring DMA memory\n", 758 sc->sc_dev.dv_xname); 759 goto fail; 760 } 761 762 /* Update shared area with ring physical address. */ 763 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 764 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 765 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 766 767 /* 768 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 769 * to allocate commands space for other rings. 770 * XXX Do we really need to allocate descriptors for other rings? 771 */ 772 if (qid > 4) 773 return 0; 774 775 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 776 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 777 (void **)&ring->cmd, size, 4); 778 if (error != 0) { 779 printf("%s: could not allocate TX cmd DMA memory\n", 780 sc->sc_dev.dv_xname); 781 goto fail; 782 } 783 784 paddr = ring->cmd_dma.paddr; 785 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 786 struct wpi_tx_data *data = &ring->data[i]; 787 788 data->cmd_paddr = paddr; 789 paddr += sizeof (struct wpi_tx_cmd); 790 791 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 792 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 793 &data->map); 794 if (error != 0) { 795 printf("%s: could not create TX buf DMA map\n", 796 sc->sc_dev.dv_xname); 797 goto fail; 798 } 799 } 800 return 0; 801 802 fail: wpi_free_tx_ring(sc, ring); 803 return error; 804 } 805 806 void 807 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 808 { 809 int i; 810 811 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 812 struct wpi_tx_data *data = &ring->data[i]; 813 814 if (data->m != NULL) { 815 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 816 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 817 bus_dmamap_unload(sc->sc_dmat, data->map); 818 m_freem(data->m); 819 data->m = NULL; 820 } 821 } 822 /* Clear TX descriptors. */ 823 memset(ring->desc, 0, ring->desc_dma.size); 824 sc->qfullmsk &= ~(1 << ring->qid); 825 ring->queued = 0; 826 ring->cur = 0; 827 } 828 829 void 830 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 831 { 832 int i; 833 834 wpi_dma_contig_free(&ring->desc_dma); 835 wpi_dma_contig_free(&ring->cmd_dma); 836 837 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 838 struct wpi_tx_data *data = &ring->data[i]; 839 840 if (data->m != NULL) { 841 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 842 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 843 bus_dmamap_unload(sc->sc_dmat, data->map); 844 m_freem(data->m); 845 } 846 if (data->map != NULL) 847 bus_dmamap_destroy(sc->sc_dmat, data->map); 848 } 849 } 850 851 int 852 wpi_read_eeprom(struct wpi_softc *sc) 853 { 854 struct ieee80211com *ic = &sc->sc_ic; 855 char domain[4]; 856 int i; 857 858 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 859 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 860 return EIO; 861 } 862 /* Clear HW ownership of EEPROM. */ 863 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 864 865 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 866 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 867 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 868 869 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 870 sc->type)); 871 872 /* Read and print regulatory domain (4 ASCII characters.) */ 873 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 874 printf(", %.4s", domain); 875 876 /* Read and print MAC address. */ 877 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 878 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 879 880 /* Read the list of authorized channels. */ 881 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 882 wpi_read_eeprom_channels(sc, i); 883 884 /* Read the list of TX power groups. */ 885 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 886 wpi_read_eeprom_group(sc, i); 887 888 return 0; 889 } 890 891 void 892 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 893 { 894 struct ieee80211com *ic = &sc->sc_ic; 895 const struct wpi_chan_band *band = &wpi_bands[n]; 896 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 897 int chan, i; 898 899 wpi_read_prom_data(sc, band->addr, channels, 900 band->nchan * sizeof (struct wpi_eeprom_chan)); 901 902 for (i = 0; i < band->nchan; i++) { 903 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 904 continue; 905 906 chan = band->chan[i]; 907 908 if (n == 0) { /* 2GHz band */ 909 ic->ic_channels[chan].ic_freq = 910 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 911 ic->ic_channels[chan].ic_flags = 912 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 913 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 914 915 } else { /* 5GHz band */ 916 /* 917 * Some adapters support channels 7, 8, 11 and 12 918 * both in the 2GHz and 4.9GHz bands. 919 * Because of limitations in our net80211 layer, 920 * we don't support them in the 4.9GHz band. 921 */ 922 if (chan <= 14) 923 continue; 924 925 ic->ic_channels[chan].ic_freq = 926 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 927 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 928 /* We have at least one valid 5GHz channel. */ 929 sc->sc_flags |= WPI_FLAG_HAS_5GHZ; 930 } 931 932 /* Is active scan allowed on this channel? */ 933 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 934 ic->ic_channels[chan].ic_flags |= 935 IEEE80211_CHAN_PASSIVE; 936 } 937 938 /* Save maximum allowed TX power for this channel. */ 939 sc->maxpwr[chan] = channels[i].maxpwr; 940 941 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 942 chan, channels[i].flags, sc->maxpwr[chan])); 943 } 944 } 945 946 void 947 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 948 { 949 struct wpi_power_group *group = &sc->groups[n]; 950 struct wpi_eeprom_group rgroup; 951 int i; 952 953 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 954 sizeof rgroup); 955 956 /* Save TX power group information. */ 957 group->chan = rgroup.chan; 958 group->maxpwr = rgroup.maxpwr; 959 /* Retrieve temperature at which the samples were taken. */ 960 group->temp = (int16_t)letoh16(rgroup.temp); 961 962 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 963 group->chan, group->maxpwr, group->temp)); 964 965 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 966 group->samples[i].index = rgroup.samples[i].index; 967 group->samples[i].power = rgroup.samples[i].power; 968 969 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 970 group->samples[i].index, group->samples[i].power)); 971 } 972 } 973 974 struct ieee80211_node * 975 wpi_node_alloc(struct ieee80211com *ic) 976 { 977 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 978 } 979 980 void 981 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 982 { 983 struct wpi_softc *sc = ic->ic_if.if_softc; 984 struct wpi_node *wn = (void *)ni; 985 uint8_t rate; 986 int ridx, i; 987 988 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 989 /* Start at lowest available bit-rate, AMRR will raise. */ 990 ni->ni_txrate = 0; 991 992 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 993 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 994 /* Map 802.11 rate to HW rate index. */ 995 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 996 if (wpi_rates[ridx].rate == rate) 997 break; 998 wn->ridx[i] = ridx; 999 } 1000 } 1001 1002 int 1003 wpi_media_change(struct ifnet *ifp) 1004 { 1005 struct wpi_softc *sc = ifp->if_softc; 1006 struct ieee80211com *ic = &sc->sc_ic; 1007 uint8_t rate, ridx; 1008 int error; 1009 1010 error = ieee80211_media_change(ifp); 1011 if (error != ENETRESET) 1012 return error; 1013 1014 if (ic->ic_fixed_rate != -1) { 1015 rate = ic->ic_sup_rates[ic->ic_curmode]. 1016 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1017 /* Map 802.11 rate to HW rate index. */ 1018 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1019 if (wpi_rates[ridx].rate == rate) 1020 break; 1021 sc->fixed_ridx = ridx; 1022 } 1023 1024 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1025 (IFF_UP | IFF_RUNNING)) { 1026 wpi_stop(ifp, 0); 1027 error = wpi_init(ifp); 1028 } 1029 return error; 1030 } 1031 1032 int 1033 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1034 { 1035 struct ifnet *ifp = &ic->ic_if; 1036 struct wpi_softc *sc = ifp->if_softc; 1037 int error; 1038 1039 timeout_del(&sc->calib_to); 1040 1041 switch (nstate) { 1042 case IEEE80211_S_SCAN: 1043 /* Make the link LED blink while we're scanning. */ 1044 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1045 1046 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1047 printf("%s: could not initiate scan\n", 1048 sc->sc_dev.dv_xname); 1049 return error; 1050 } 1051 ic->ic_state = nstate; 1052 return 0; 1053 1054 case IEEE80211_S_ASSOC: 1055 if (ic->ic_state != IEEE80211_S_RUN) 1056 break; 1057 /* FALLTHROUGH */ 1058 case IEEE80211_S_AUTH: 1059 /* Reset state to handle reassociations correctly. */ 1060 sc->rxon.associd = 0; 1061 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1062 1063 if ((error = wpi_auth(sc)) != 0) { 1064 printf("%s: could not move to auth state\n", 1065 sc->sc_dev.dv_xname); 1066 return error; 1067 } 1068 break; 1069 1070 case IEEE80211_S_RUN: 1071 if ((error = wpi_run(sc)) != 0) { 1072 printf("%s: could not move to run state\n", 1073 sc->sc_dev.dv_xname); 1074 return error; 1075 } 1076 break; 1077 1078 case IEEE80211_S_INIT: 1079 break; 1080 } 1081 1082 return sc->sc_newstate(ic, nstate, arg); 1083 } 1084 1085 void 1086 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1087 { 1088 struct wpi_softc *sc = arg; 1089 struct wpi_node *wn = (struct wpi_node *)ni; 1090 1091 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1092 } 1093 1094 void 1095 wpi_calib_timeout(void *arg) 1096 { 1097 struct wpi_softc *sc = arg; 1098 struct ieee80211com *ic = &sc->sc_ic; 1099 int s; 1100 1101 s = splnet(); 1102 /* Automatic rate control triggered every 500ms. */ 1103 if (ic->ic_fixed_rate == -1) { 1104 if (ic->ic_opmode == IEEE80211_M_STA) 1105 wpi_iter_func(sc, ic->ic_bss); 1106 else 1107 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1108 } 1109 1110 /* Force automatic TX power calibration every 60 secs. */ 1111 if (++sc->calib_cnt >= 120) { 1112 wpi_power_calibration(sc); 1113 sc->calib_cnt = 0; 1114 } 1115 splx(s); 1116 1117 /* Automatic rate control triggered every 500ms. */ 1118 timeout_add_msec(&sc->calib_to, 500); 1119 } 1120 1121 int 1122 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1123 { 1124 struct ieee80211_frame *wh; 1125 uint64_t pn, *prsc; 1126 uint8_t *ivp; 1127 uint8_t tid; 1128 int hdrlen; 1129 1130 wh = mtod(m, struct ieee80211_frame *); 1131 hdrlen = ieee80211_get_hdrlen(wh); 1132 ivp = (uint8_t *)wh + hdrlen; 1133 1134 /* Check that ExtIV bit is be set. */ 1135 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1136 DPRINTF(("CCMP decap ExtIV not set\n")); 1137 return 1; 1138 } 1139 tid = ieee80211_has_qos(wh) ? 1140 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1141 prsc = &k->k_rsc[tid]; 1142 1143 /* Extract the 48-bit PN from the CCMP header. */ 1144 pn = (uint64_t)ivp[0] | 1145 (uint64_t)ivp[1] << 8 | 1146 (uint64_t)ivp[4] << 16 | 1147 (uint64_t)ivp[5] << 24 | 1148 (uint64_t)ivp[6] << 32 | 1149 (uint64_t)ivp[7] << 40; 1150 if (pn <= *prsc) { 1151 /* 1152 * Not necessarily a replayed frame since we did not check 1153 * the sequence number of the 802.11 header yet. 1154 */ 1155 DPRINTF(("CCMP replayed\n")); 1156 return 1; 1157 } 1158 /* Update last seen packet number. */ 1159 *prsc = pn; 1160 1161 /* Clear Protected bit and strip IV. */ 1162 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1163 memmove(mtod(m, caddr_t) + IEEE80211_CCMP_HDRLEN, wh, hdrlen); 1164 m_adj(m, IEEE80211_CCMP_HDRLEN); 1165 /* Strip MIC. */ 1166 m_adj(m, -IEEE80211_CCMP_MICLEN); 1167 return 0; 1168 } 1169 1170 void 1171 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1172 struct wpi_rx_data *data) 1173 { 1174 struct ieee80211com *ic = &sc->sc_ic; 1175 struct ifnet *ifp = &ic->ic_if; 1176 struct wpi_rx_ring *ring = &sc->rxq; 1177 struct wpi_rx_stat *stat; 1178 struct wpi_rx_head *head; 1179 struct wpi_rx_tail *tail; 1180 struct ieee80211_frame *wh; 1181 struct ieee80211_rxinfo rxi; 1182 struct ieee80211_node *ni; 1183 struct mbuf *m, *m1; 1184 uint32_t flags; 1185 int error; 1186 1187 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE, 1188 BUS_DMASYNC_POSTREAD); 1189 stat = (struct wpi_rx_stat *)(desc + 1); 1190 1191 if (stat->len > WPI_STAT_MAXLEN) { 1192 printf("%s: invalid RX statistic header\n", 1193 sc->sc_dev.dv_xname); 1194 ifp->if_ierrors++; 1195 return; 1196 } 1197 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1198 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1199 flags = letoh32(tail->flags); 1200 1201 /* Discard frames with a bad FCS early. */ 1202 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1203 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1204 ifp->if_ierrors++; 1205 return; 1206 } 1207 /* Discard frames that are too short. */ 1208 if (letoh16(head->len) < sizeof (*wh)) { 1209 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1210 ic->ic_stats.is_rx_tooshort++; 1211 ifp->if_ierrors++; 1212 return; 1213 } 1214 1215 m1 = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 1216 if (m1 == NULL) { 1217 ic->ic_stats.is_rx_nombuf++; 1218 ifp->if_ierrors++; 1219 return; 1220 } 1221 bus_dmamap_unload(sc->sc_dmat, data->map); 1222 1223 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 1224 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 1225 if (error != 0) { 1226 m_freem(m1); 1227 1228 /* Try to reload the old mbuf. */ 1229 error = bus_dmamap_load(sc->sc_dmat, data->map, 1230 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 1231 BUS_DMA_NOWAIT | BUS_DMA_READ); 1232 if (error != 0) { 1233 panic("%s: could not load old RX mbuf", 1234 sc->sc_dev.dv_xname); 1235 } 1236 /* Physical address may have changed. */ 1237 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1238 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1239 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1240 BUS_DMASYNC_PREWRITE); 1241 ifp->if_ierrors++; 1242 return; 1243 } 1244 1245 m = data->m; 1246 data->m = m1; 1247 /* Update RX descriptor. */ 1248 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1249 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1250 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1251 BUS_DMASYNC_PREWRITE); 1252 1253 /* Finalize mbuf. */ 1254 m->m_data = (caddr_t)(head + 1); 1255 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1256 1257 /* Grab a reference to the source node. */ 1258 wh = mtod(m, struct ieee80211_frame *); 1259 ni = ieee80211_find_rxnode(ic, wh); 1260 1261 rxi.rxi_flags = 0; 1262 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1263 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1264 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1265 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1266 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1267 ic->ic_stats.is_ccmp_dec_errs++; 1268 ifp->if_ierrors++; 1269 m_freem(m); 1270 return; 1271 } 1272 /* Check whether decryption was successful or not. */ 1273 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1274 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1275 ic->ic_stats.is_ccmp_dec_errs++; 1276 ifp->if_ierrors++; 1277 m_freem(m); 1278 return; 1279 } 1280 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1281 ifp->if_ierrors++; 1282 m_freem(m); 1283 return; 1284 } 1285 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1286 } 1287 1288 #if NBPFILTER > 0 1289 if (sc->sc_drvbpf != NULL) { 1290 struct mbuf mb; 1291 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1292 1293 tap->wr_flags = 0; 1294 if (letoh16(head->flags) & 0x4) 1295 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1296 tap->wr_chan_freq = 1297 htole16(ic->ic_channels[head->chan].ic_freq); 1298 tap->wr_chan_flags = 1299 htole16(ic->ic_channels[head->chan].ic_flags); 1300 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1301 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1302 tap->wr_tsft = tail->tstamp; 1303 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1304 switch (head->rate) { 1305 /* CCK rates. */ 1306 case 10: tap->wr_rate = 2; break; 1307 case 20: tap->wr_rate = 4; break; 1308 case 55: tap->wr_rate = 11; break; 1309 case 110: tap->wr_rate = 22; break; 1310 /* OFDM rates. */ 1311 case 0xd: tap->wr_rate = 12; break; 1312 case 0xf: tap->wr_rate = 18; break; 1313 case 0x5: tap->wr_rate = 24; break; 1314 case 0x7: tap->wr_rate = 36; break; 1315 case 0x9: tap->wr_rate = 48; break; 1316 case 0xb: tap->wr_rate = 72; break; 1317 case 0x1: tap->wr_rate = 96; break; 1318 case 0x3: tap->wr_rate = 108; break; 1319 /* Unknown rate: should not happen. */ 1320 default: tap->wr_rate = 0; 1321 } 1322 1323 mb.m_data = (caddr_t)tap; 1324 mb.m_len = sc->sc_rxtap_len; 1325 mb.m_next = m; 1326 mb.m_nextpkt = NULL; 1327 mb.m_type = 0; 1328 mb.m_flags = 0; 1329 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1330 } 1331 #endif 1332 1333 /* Send the frame to the 802.11 layer. */ 1334 rxi.rxi_rssi = stat->rssi; 1335 rxi.rxi_tstamp = 0; /* unused */ 1336 ieee80211_input(ifp, m, ni, &rxi); 1337 1338 /* Node is no longer needed. */ 1339 ieee80211_release_node(ic, ni); 1340 } 1341 1342 void 1343 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1344 { 1345 struct ieee80211com *ic = &sc->sc_ic; 1346 struct ifnet *ifp = &ic->ic_if; 1347 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1348 struct wpi_tx_data *data = &ring->data[desc->idx]; 1349 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1350 struct wpi_node *wn = (struct wpi_node *)data->ni; 1351 1352 /* Update rate control statistics. */ 1353 wn->amn.amn_txcnt++; 1354 if (stat->retrycnt > 0) 1355 wn->amn.amn_retrycnt++; 1356 1357 if ((letoh32(stat->status) & 0xff) != 1) 1358 ifp->if_oerrors++; 1359 else 1360 ifp->if_opackets++; 1361 1362 /* Unmap and free mbuf. */ 1363 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1364 BUS_DMASYNC_POSTWRITE); 1365 bus_dmamap_unload(sc->sc_dmat, data->map); 1366 m_freem(data->m); 1367 data->m = NULL; 1368 ieee80211_release_node(ic, data->ni); 1369 data->ni = NULL; 1370 1371 sc->sc_tx_timer = 0; 1372 if (--ring->queued < WPI_TX_RING_LOMARK) { 1373 sc->qfullmsk &= ~(1 << ring->qid); 1374 if (sc->qfullmsk == 0 && ifq_is_oactive(&ifp->if_snd)) { 1375 ifq_clr_oactive(&ifp->if_snd); 1376 (*ifp->if_start)(ifp); 1377 } 1378 } 1379 } 1380 1381 void 1382 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1383 { 1384 struct wpi_tx_ring *ring = &sc->txq[4]; 1385 struct wpi_tx_data *data; 1386 1387 if ((desc->qid & 7) != 4) 1388 return; /* Not a command ack. */ 1389 1390 data = &ring->data[desc->idx]; 1391 1392 /* If the command was mapped in an mbuf, free it. */ 1393 if (data->m != NULL) { 1394 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1395 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1396 bus_dmamap_unload(sc->sc_dmat, data->map); 1397 m_freem(data->m); 1398 data->m = NULL; 1399 } 1400 wakeup(&ring->cmd[desc->idx]); 1401 } 1402 1403 void 1404 wpi_notif_intr(struct wpi_softc *sc) 1405 { 1406 struct ieee80211com *ic = &sc->sc_ic; 1407 struct ifnet *ifp = &ic->ic_if; 1408 uint32_t hw; 1409 1410 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1411 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1412 1413 hw = letoh32(sc->shared->next); 1414 while (sc->rxq.cur != hw) { 1415 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1416 struct wpi_rx_desc *desc; 1417 1418 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 1419 BUS_DMASYNC_POSTREAD); 1420 desc = mtod(data->m, struct wpi_rx_desc *); 1421 1422 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1423 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1424 letoh32(desc->len))); 1425 1426 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1427 wpi_cmd_done(sc, desc); 1428 1429 switch (desc->type) { 1430 case WPI_RX_DONE: 1431 /* An 802.11 frame has been received. */ 1432 wpi_rx_done(sc, desc, data); 1433 break; 1434 1435 case WPI_TX_DONE: 1436 /* An 802.11 frame has been transmitted. */ 1437 wpi_tx_done(sc, desc); 1438 break; 1439 1440 case WPI_UC_READY: 1441 { 1442 struct wpi_ucode_info *uc = 1443 (struct wpi_ucode_info *)(desc + 1); 1444 1445 /* The microcontroller is ready. */ 1446 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1447 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1448 DPRINTF(("microcode alive notification version %x " 1449 "alive %x\n", letoh32(uc->version), 1450 letoh32(uc->valid))); 1451 1452 if (letoh32(uc->valid) != 1) { 1453 printf("%s: microcontroller initialization " 1454 "failed\n", sc->sc_dev.dv_xname); 1455 } 1456 if (uc->subtype != WPI_UCODE_INIT) { 1457 /* Save the address of the error log. */ 1458 sc->errptr = letoh32(uc->errptr); 1459 } 1460 break; 1461 } 1462 case WPI_STATE_CHANGED: 1463 { 1464 uint32_t *status = (uint32_t *)(desc + 1); 1465 1466 /* Enabled/disabled notification. */ 1467 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1468 sizeof (*status), BUS_DMASYNC_POSTREAD); 1469 DPRINTF(("state changed to %x\n", letoh32(*status))); 1470 1471 if (letoh32(*status) & 1) { 1472 /* The radio button has to be pushed. */ 1473 printf("%s: Radio transmitter is off\n", 1474 sc->sc_dev.dv_xname); 1475 /* Turn the interface down. */ 1476 ifp->if_flags &= ~IFF_UP; 1477 wpi_stop(ifp, 1); 1478 return; /* No further processing. */ 1479 } 1480 break; 1481 } 1482 case WPI_START_SCAN: 1483 { 1484 struct wpi_start_scan *scan = 1485 (struct wpi_start_scan *)(desc + 1); 1486 1487 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1488 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1489 DPRINTFN(2, ("scanning channel %d status %x\n", 1490 scan->chan, letoh32(scan->status))); 1491 1492 /* Fix current channel. */ 1493 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1494 break; 1495 } 1496 case WPI_STOP_SCAN: 1497 { 1498 struct wpi_stop_scan *scan = 1499 (struct wpi_stop_scan *)(desc + 1); 1500 1501 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1502 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1503 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1504 scan->nchan, scan->status, scan->chan)); 1505 1506 if (scan->status == 1 && scan->chan <= 14 && 1507 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1508 /* 1509 * We just finished scanning 2GHz channels, 1510 * start scanning 5GHz ones. 1511 */ 1512 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1513 break; 1514 } 1515 ieee80211_end_scan(ifp); 1516 break; 1517 } 1518 } 1519 1520 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1521 } 1522 1523 /* Tell the firmware what we have processed. */ 1524 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1525 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1526 } 1527 1528 /* 1529 * Dump the error log of the firmware when a firmware panic occurs. Although 1530 * we can't debug the firmware because it is neither open source nor free, it 1531 * can help us to identify certain classes of problems. 1532 */ 1533 void 1534 wpi_fatal_intr(struct wpi_softc *sc) 1535 { 1536 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1537 struct wpi_fwdump dump; 1538 uint32_t i, offset, count; 1539 1540 /* Check that the error log address is valid. */ 1541 if (sc->errptr < WPI_FW_DATA_BASE || 1542 sc->errptr + sizeof (dump) > 1543 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1544 printf("%s: bad firmware error log address 0x%08x\n", 1545 sc->sc_dev.dv_xname, sc->errptr); 1546 return; 1547 } 1548 1549 if (wpi_nic_lock(sc) != 0) { 1550 printf("%s: could not read firmware error log\n", 1551 sc->sc_dev.dv_xname); 1552 return; 1553 } 1554 /* Read number of entries in the log. */ 1555 count = wpi_mem_read(sc, sc->errptr); 1556 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1557 printf("%s: invalid count field (count=%u)\n", 1558 sc->sc_dev.dv_xname, count); 1559 wpi_nic_unlock(sc); 1560 return; 1561 } 1562 /* Skip "count" field. */ 1563 offset = sc->errptr + sizeof (uint32_t); 1564 printf("firmware error log (count=%u):\n", count); 1565 for (i = 0; i < count; i++) { 1566 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1567 sizeof (dump) / sizeof (uint32_t)); 1568 1569 printf(" error type = \"%s\" (0x%08X)\n", 1570 (dump.desc < N(wpi_fw_errmsg)) ? 1571 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1572 dump.desc); 1573 printf(" error data = 0x%08X\n", 1574 dump.data); 1575 printf(" branch link = 0x%08X%08X\n", 1576 dump.blink[0], dump.blink[1]); 1577 printf(" interrupt link = 0x%08X%08X\n", 1578 dump.ilink[0], dump.ilink[1]); 1579 printf(" time = %u\n", dump.time); 1580 1581 offset += sizeof (dump); 1582 } 1583 wpi_nic_unlock(sc); 1584 /* Dump driver status (TX and RX rings) while we're here. */ 1585 printf("driver status:\n"); 1586 for (i = 0; i < 6; i++) { 1587 struct wpi_tx_ring *ring = &sc->txq[i]; 1588 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1589 i, ring->qid, ring->cur, ring->queued); 1590 } 1591 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1592 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1593 #undef N 1594 } 1595 1596 int 1597 wpi_intr(void *arg) 1598 { 1599 struct wpi_softc *sc = arg; 1600 struct ifnet *ifp = &sc->sc_ic.ic_if; 1601 uint32_t r1, r2; 1602 1603 /* Disable interrupts. */ 1604 WPI_WRITE(sc, WPI_MASK, 0); 1605 1606 r1 = WPI_READ(sc, WPI_INT); 1607 r2 = WPI_READ(sc, WPI_FH_INT); 1608 1609 if (r1 == 0 && r2 == 0) { 1610 if (ifp->if_flags & IFF_UP) 1611 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1612 return 0; /* Interrupt not for us. */ 1613 } 1614 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1615 return 0; /* Hardware gone! */ 1616 1617 /* Acknowledge interrupts. */ 1618 WPI_WRITE(sc, WPI_INT, r1); 1619 WPI_WRITE(sc, WPI_FH_INT, r2); 1620 1621 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1622 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1623 /* Dump firmware error log and stop. */ 1624 wpi_fatal_intr(sc); 1625 wpi_stop(ifp, 1); 1626 task_add(systq, &sc->init_task); 1627 return 1; 1628 } 1629 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1630 (r2 & WPI_FH_INT_RX)) 1631 wpi_notif_intr(sc); 1632 1633 if (r1 & WPI_INT_ALIVE) 1634 wakeup(sc); /* Firmware is alive. */ 1635 1636 /* Re-enable interrupts. */ 1637 if (ifp->if_flags & IFF_UP) 1638 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1639 1640 return 1; 1641 } 1642 1643 int 1644 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1645 { 1646 struct ieee80211com *ic = &sc->sc_ic; 1647 struct wpi_node *wn = (void *)ni; 1648 struct wpi_tx_ring *ring; 1649 struct wpi_tx_desc *desc; 1650 struct wpi_tx_data *data; 1651 struct wpi_tx_cmd *cmd; 1652 struct wpi_cmd_data *tx; 1653 const struct wpi_rate *rinfo; 1654 struct ieee80211_frame *wh; 1655 struct ieee80211_key *k = NULL; 1656 enum ieee80211_edca_ac ac; 1657 uint32_t flags; 1658 uint16_t qos; 1659 u_int hdrlen; 1660 uint8_t *ivp, tid, ridx, type; 1661 int i, totlen, hasqos, error; 1662 1663 wh = mtod(m, struct ieee80211_frame *); 1664 hdrlen = ieee80211_get_hdrlen(wh); 1665 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1666 1667 /* Select EDCA Access Category and TX ring for this frame. */ 1668 if ((hasqos = ieee80211_has_qos(wh))) { 1669 qos = ieee80211_get_qos(wh); 1670 tid = qos & IEEE80211_QOS_TID; 1671 ac = ieee80211_up_to_ac(ic, tid); 1672 } else { 1673 tid = 0; 1674 ac = EDCA_AC_BE; 1675 } 1676 1677 ring = &sc->txq[ac]; 1678 desc = &ring->desc[ring->cur]; 1679 data = &ring->data[ring->cur]; 1680 1681 /* Choose a TX rate index. */ 1682 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1683 type != IEEE80211_FC0_TYPE_DATA) { 1684 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1685 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1686 } else if (ic->ic_fixed_rate != -1) { 1687 ridx = sc->fixed_ridx; 1688 } else 1689 ridx = wn->ridx[ni->ni_txrate]; 1690 rinfo = &wpi_rates[ridx]; 1691 1692 #if NBPFILTER > 0 1693 if (sc->sc_drvbpf != NULL) { 1694 struct mbuf mb; 1695 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1696 1697 tap->wt_flags = 0; 1698 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1699 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1700 tap->wt_rate = rinfo->rate; 1701 tap->wt_hwqueue = ac; 1702 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1703 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1704 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1705 1706 mb.m_data = (caddr_t)tap; 1707 mb.m_len = sc->sc_txtap_len; 1708 mb.m_next = m; 1709 mb.m_nextpkt = NULL; 1710 mb.m_type = 0; 1711 mb.m_flags = 0; 1712 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1713 } 1714 #endif 1715 1716 totlen = m->m_pkthdr.len; 1717 1718 /* Encrypt the frame if need be. */ 1719 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1720 /* Retrieve key for TX. */ 1721 k = ieee80211_get_txkey(ic, wh, ni); 1722 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1723 /* Do software encryption. */ 1724 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1725 return ENOBUFS; 1726 /* 802.11 header may have moved. */ 1727 wh = mtod(m, struct ieee80211_frame *); 1728 totlen = m->m_pkthdr.len; 1729 1730 } else /* HW appends CCMP MIC. */ 1731 totlen += IEEE80211_CCMP_HDRLEN; 1732 } 1733 1734 /* Prepare TX firmware command. */ 1735 cmd = &ring->cmd[ring->cur]; 1736 cmd->code = WPI_CMD_TX_DATA; 1737 cmd->flags = 0; 1738 cmd->qid = ring->qid; 1739 cmd->idx = ring->cur; 1740 1741 tx = (struct wpi_cmd_data *)cmd->data; 1742 /* NB: No need to clear tx, all fields are reinitialized here. */ 1743 1744 flags = 0; 1745 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1746 /* Unicast frame, check if an ACK is expected. */ 1747 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1748 IEEE80211_QOS_ACK_POLICY_NOACK) 1749 flags |= WPI_TX_NEED_ACK; 1750 } 1751 1752 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1753 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1754 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1755 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1756 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1757 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1758 ridx <= WPI_RIDX_OFDM54) { 1759 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1760 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1761 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1762 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1763 } 1764 } 1765 1766 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1767 type != IEEE80211_FC0_TYPE_DATA) 1768 tx->id = WPI_ID_BROADCAST; 1769 else 1770 tx->id = wn->id; 1771 1772 if (type == IEEE80211_FC0_TYPE_MGT) { 1773 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1774 1775 #ifndef IEEE80211_STA_ONLY 1776 /* Tell HW to set timestamp in probe responses. */ 1777 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1778 flags |= WPI_TX_INSERT_TSTAMP; 1779 #endif 1780 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1781 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1782 tx->timeout = htole16(3); 1783 else 1784 tx->timeout = htole16(2); 1785 } else 1786 tx->timeout = htole16(0); 1787 1788 tx->len = htole16(totlen); 1789 tx->tid = tid; 1790 tx->rts_ntries = 7; 1791 tx->data_ntries = 15; 1792 tx->ofdm_mask = 0xff; 1793 tx->cck_mask = 0x0f; 1794 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1795 tx->plcp = rinfo->plcp; 1796 1797 /* Copy 802.11 header in TX command. */ 1798 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1799 1800 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1801 /* Trim 802.11 header and prepend CCMP IV. */ 1802 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1803 ivp = mtod(m, uint8_t *); 1804 k->k_tsc++; 1805 ivp[0] = k->k_tsc; 1806 ivp[1] = k->k_tsc >> 8; 1807 ivp[2] = 0; 1808 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1809 ivp[4] = k->k_tsc >> 16; 1810 ivp[5] = k->k_tsc >> 24; 1811 ivp[6] = k->k_tsc >> 32; 1812 ivp[7] = k->k_tsc >> 40; 1813 1814 tx->security = WPI_CIPHER_CCMP; 1815 memcpy(tx->key, k->k_key, k->k_len); 1816 } else { 1817 /* Trim 802.11 header. */ 1818 m_adj(m, hdrlen); 1819 tx->security = 0; 1820 } 1821 tx->flags = htole32(flags); 1822 1823 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1824 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1825 if (error != 0 && error != EFBIG) { 1826 printf("%s: can't map mbuf (error %d)\n", 1827 sc->sc_dev.dv_xname, error); 1828 m_freem(m); 1829 return error; 1830 } 1831 if (error != 0) { 1832 /* Too many DMA segments, linearize mbuf. */ 1833 if (m_defrag(m, M_DONTWAIT)) { 1834 m_freem(m); 1835 return ENOBUFS; 1836 } 1837 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1838 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1839 if (error != 0) { 1840 printf("%s: can't map mbuf (error %d)\n", 1841 sc->sc_dev.dv_xname, error); 1842 m_freem(m); 1843 return error; 1844 } 1845 } 1846 1847 data->m = m; 1848 data->ni = ni; 1849 1850 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1851 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1852 1853 /* Fill TX descriptor. */ 1854 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1855 (1 + data->map->dm_nsegs) << 24); 1856 /* First DMA segment is used by the TX command. */ 1857 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1858 ring->cur * sizeof (struct wpi_tx_cmd)); 1859 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1860 ((hdrlen + 3) & ~3)); 1861 /* Other DMA segments are for data payload. */ 1862 for (i = 1; i <= data->map->dm_nsegs; i++) { 1863 desc->segs[i].addr = 1864 htole32(data->map->dm_segs[i - 1].ds_addr); 1865 desc->segs[i].len = 1866 htole32(data->map->dm_segs[i - 1].ds_len); 1867 } 1868 1869 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1870 BUS_DMASYNC_PREWRITE); 1871 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1872 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1873 BUS_DMASYNC_PREWRITE); 1874 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1875 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1876 BUS_DMASYNC_PREWRITE); 1877 1878 /* Kick TX ring. */ 1879 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1880 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1881 1882 /* Mark TX ring as full if we reach a certain threshold. */ 1883 if (++ring->queued > WPI_TX_RING_HIMARK) 1884 sc->qfullmsk |= 1 << ring->qid; 1885 1886 return 0; 1887 } 1888 1889 void 1890 wpi_start(struct ifnet *ifp) 1891 { 1892 struct wpi_softc *sc = ifp->if_softc; 1893 struct ieee80211com *ic = &sc->sc_ic; 1894 struct ieee80211_node *ni; 1895 struct mbuf *m; 1896 1897 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 1898 return; 1899 1900 for (;;) { 1901 if (sc->qfullmsk != 0) { 1902 ifq_set_oactive(&ifp->if_snd); 1903 break; 1904 } 1905 /* Send pending management frames first. */ 1906 m = mq_dequeue(&ic->ic_mgtq); 1907 if (m != NULL) { 1908 ni = m->m_pkthdr.ph_cookie; 1909 goto sendit; 1910 } 1911 if (ic->ic_state != IEEE80211_S_RUN) 1912 break; 1913 1914 /* Encapsulate and send data frames. */ 1915 IFQ_DEQUEUE(&ifp->if_snd, m); 1916 if (m == NULL) 1917 break; 1918 #if NBPFILTER > 0 1919 if (ifp->if_bpf != NULL) 1920 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1921 #endif 1922 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1923 continue; 1924 sendit: 1925 #if NBPFILTER > 0 1926 if (ic->ic_rawbpf != NULL) 1927 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1928 #endif 1929 if (wpi_tx(sc, m, ni) != 0) { 1930 ieee80211_release_node(ic, ni); 1931 ifp->if_oerrors++; 1932 continue; 1933 } 1934 1935 sc->sc_tx_timer = 5; 1936 ifp->if_timer = 1; 1937 } 1938 } 1939 1940 void 1941 wpi_watchdog(struct ifnet *ifp) 1942 { 1943 struct wpi_softc *sc = ifp->if_softc; 1944 1945 ifp->if_timer = 0; 1946 1947 if (sc->sc_tx_timer > 0) { 1948 if (--sc->sc_tx_timer == 0) { 1949 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1950 ifp->if_flags &= ~IFF_UP; 1951 wpi_stop(ifp, 1); 1952 ifp->if_oerrors++; 1953 return; 1954 } 1955 ifp->if_timer = 1; 1956 } 1957 1958 ieee80211_watchdog(ifp); 1959 } 1960 1961 int 1962 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1963 { 1964 struct wpi_softc *sc = ifp->if_softc; 1965 struct ieee80211com *ic = &sc->sc_ic; 1966 struct ifreq *ifr; 1967 int s, error = 0; 1968 1969 s = splnet(); 1970 /* 1971 * Prevent processes from entering this function while another 1972 * process is tsleep'ing in it. 1973 */ 1974 while ((sc->sc_flags & WPI_FLAG_BUSY) && error == 0) 1975 error = tsleep(&sc->sc_flags, PCATCH, "wpiioc", 0); 1976 if (error != 0) { 1977 splx(s); 1978 return error; 1979 } 1980 sc->sc_flags |= WPI_FLAG_BUSY; 1981 1982 switch (cmd) { 1983 case SIOCSIFADDR: 1984 ifp->if_flags |= IFF_UP; 1985 /* FALLTHROUGH */ 1986 case SIOCSIFFLAGS: 1987 if (ifp->if_flags & IFF_UP) { 1988 if (!(ifp->if_flags & IFF_RUNNING)) 1989 error = wpi_init(ifp); 1990 } else { 1991 if (ifp->if_flags & IFF_RUNNING) 1992 wpi_stop(ifp, 1); 1993 } 1994 break; 1995 1996 case SIOCADDMULTI: 1997 case SIOCDELMULTI: 1998 ifr = (struct ifreq *)data; 1999 error = (cmd == SIOCADDMULTI) ? 2000 ether_addmulti(ifr, &ic->ic_ac) : 2001 ether_delmulti(ifr, &ic->ic_ac); 2002 2003 if (error == ENETRESET) 2004 error = 0; 2005 break; 2006 2007 case SIOCS80211POWER: 2008 error = ieee80211_ioctl(ifp, cmd, data); 2009 if (error != ENETRESET) 2010 break; 2011 if (ic->ic_state == IEEE80211_S_RUN) { 2012 if (ic->ic_flags & IEEE80211_F_PMGTON) 2013 error = wpi_set_pslevel(sc, 0, 3, 0); 2014 else /* back to CAM */ 2015 error = wpi_set_pslevel(sc, 0, 0, 0); 2016 } else { 2017 /* Defer until transition to IEEE80211_S_RUN. */ 2018 error = 0; 2019 } 2020 break; 2021 2022 default: 2023 error = ieee80211_ioctl(ifp, cmd, data); 2024 } 2025 2026 if (error == ENETRESET) { 2027 error = 0; 2028 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2029 (IFF_UP | IFF_RUNNING)) { 2030 wpi_stop(ifp, 0); 2031 error = wpi_init(ifp); 2032 } 2033 } 2034 2035 sc->sc_flags &= ~WPI_FLAG_BUSY; 2036 wakeup(&sc->sc_flags); 2037 splx(s); 2038 return error; 2039 } 2040 2041 /* 2042 * Send a command to the firmware. 2043 */ 2044 int 2045 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2046 { 2047 struct wpi_tx_ring *ring = &sc->txq[4]; 2048 struct wpi_tx_desc *desc; 2049 struct wpi_tx_data *data; 2050 struct wpi_tx_cmd *cmd; 2051 struct mbuf *m; 2052 bus_addr_t paddr; 2053 int totlen, error; 2054 2055 desc = &ring->desc[ring->cur]; 2056 data = &ring->data[ring->cur]; 2057 totlen = 4 + size; 2058 2059 if (size > sizeof cmd->data) { 2060 /* Command is too large to fit in a descriptor. */ 2061 if (totlen > MCLBYTES) 2062 return EINVAL; 2063 MGETHDR(m, M_DONTWAIT, MT_DATA); 2064 if (m == NULL) 2065 return ENOMEM; 2066 if (totlen > MHLEN) { 2067 MCLGET(m, M_DONTWAIT); 2068 if (!(m->m_flags & M_EXT)) { 2069 m_freem(m); 2070 return ENOMEM; 2071 } 2072 } 2073 cmd = mtod(m, struct wpi_tx_cmd *); 2074 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2075 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2076 if (error != 0) { 2077 m_freem(m); 2078 return error; 2079 } 2080 data->m = m; 2081 paddr = data->map->dm_segs[0].ds_addr; 2082 } else { 2083 cmd = &ring->cmd[ring->cur]; 2084 paddr = data->cmd_paddr; 2085 } 2086 2087 cmd->code = code; 2088 cmd->flags = 0; 2089 cmd->qid = ring->qid; 2090 cmd->idx = ring->cur; 2091 memcpy(cmd->data, buf, size); 2092 2093 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2094 desc->segs[0].addr = htole32(paddr); 2095 desc->segs[0].len = htole32(totlen); 2096 2097 if (size > sizeof cmd->data) { 2098 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2099 BUS_DMASYNC_PREWRITE); 2100 } else { 2101 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2102 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2103 BUS_DMASYNC_PREWRITE); 2104 } 2105 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2106 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2107 BUS_DMASYNC_PREWRITE); 2108 2109 /* Kick command ring. */ 2110 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2111 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2112 2113 return async ? 0 : tsleep(cmd, PCATCH, "wpicmd", hz); 2114 } 2115 2116 /* 2117 * Configure HW multi-rate retries. 2118 */ 2119 int 2120 wpi_mrr_setup(struct wpi_softc *sc) 2121 { 2122 struct ieee80211com *ic = &sc->sc_ic; 2123 struct wpi_mrr_setup mrr; 2124 int i, error; 2125 2126 /* CCK rates (not used with 802.11a). */ 2127 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2128 mrr.rates[i].flags = 0; 2129 mrr.rates[i].plcp = wpi_rates[i].plcp; 2130 /* Fallback to the immediate lower CCK rate (if any.) */ 2131 mrr.rates[i].next = 2132 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2133 /* Try one time at this rate before falling back to "next". */ 2134 mrr.rates[i].ntries = 1; 2135 } 2136 /* OFDM rates (not used with 802.11b). */ 2137 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2138 mrr.rates[i].flags = 0; 2139 mrr.rates[i].plcp = wpi_rates[i].plcp; 2140 /* Fallback to the immediate lower rate (if any.) */ 2141 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2142 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2143 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2144 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2145 i - 1; 2146 /* Try one time at this rate before falling back to "next". */ 2147 mrr.rates[i].ntries = 1; 2148 } 2149 /* Setup MRR for control frames. */ 2150 mrr.which = htole32(WPI_MRR_CTL); 2151 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2152 if (error != 0) { 2153 printf("%s: could not setup MRR for control frames\n", 2154 sc->sc_dev.dv_xname); 2155 return error; 2156 } 2157 /* Setup MRR for data frames. */ 2158 mrr.which = htole32(WPI_MRR_DATA); 2159 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2160 if (error != 0) { 2161 printf("%s: could not setup MRR for data frames\n", 2162 sc->sc_dev.dv_xname); 2163 return error; 2164 } 2165 return 0; 2166 } 2167 2168 void 2169 wpi_updateedca(struct ieee80211com *ic) 2170 { 2171 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2172 struct wpi_softc *sc = ic->ic_softc; 2173 struct wpi_edca_params cmd; 2174 int aci; 2175 2176 memset(&cmd, 0, sizeof cmd); 2177 cmd.flags = htole32(WPI_EDCA_UPDATE); 2178 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2179 const struct ieee80211_edca_ac_params *ac = 2180 &ic->ic_edca_ac[aci]; 2181 cmd.ac[aci].aifsn = ac->ac_aifsn; 2182 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2183 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2184 cmd.ac[aci].txoplimit = 2185 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2186 } 2187 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2188 #undef WPI_EXP2 2189 } 2190 2191 void 2192 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2193 { 2194 struct wpi_cmd_led led; 2195 2196 led.which = which; 2197 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2198 led.off = off; 2199 led.on = on; 2200 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2201 } 2202 2203 int 2204 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2205 { 2206 struct wpi_cmd_timing cmd; 2207 uint64_t val, mod; 2208 2209 memset(&cmd, 0, sizeof cmd); 2210 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2211 cmd.bintval = htole16(ni->ni_intval); 2212 cmd.lintval = htole16(10); 2213 2214 /* Compute remaining time until next beacon. */ 2215 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2216 mod = letoh64(cmd.tstamp) % val; 2217 cmd.binitval = htole32((uint32_t)(val - mod)); 2218 2219 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2220 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2221 2222 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2223 } 2224 2225 /* 2226 * This function is called periodically (every minute) to adjust TX power 2227 * based on temperature variation. 2228 */ 2229 void 2230 wpi_power_calibration(struct wpi_softc *sc) 2231 { 2232 int temp; 2233 2234 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 2235 /* Sanity-check temperature. */ 2236 if (temp < -260 || temp > 25) { 2237 /* This can't be correct, ignore. */ 2238 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2239 return; 2240 } 2241 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2242 /* Adjust TX power if need be (delta > 6). */ 2243 if (abs(temp - sc->temp) > 6) { 2244 /* Record temperature of last calibration. */ 2245 sc->temp = temp; 2246 (void)wpi_set_txpower(sc, 1); 2247 } 2248 } 2249 2250 /* 2251 * Set TX power for current channel (each rate has its own power settings). 2252 */ 2253 int 2254 wpi_set_txpower(struct wpi_softc *sc, int async) 2255 { 2256 struct ieee80211com *ic = &sc->sc_ic; 2257 struct ieee80211_channel *ch; 2258 struct wpi_power_group *group; 2259 struct wpi_cmd_txpower cmd; 2260 u_int chan; 2261 int idx, i; 2262 2263 /* Retrieve current channel from last RXON. */ 2264 chan = sc->rxon.chan; 2265 DPRINTF(("setting TX power for channel %d\n", chan)); 2266 ch = &ic->ic_channels[chan]; 2267 2268 /* Find the TX power group to which this channel belongs. */ 2269 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2270 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2271 if (chan <= group->chan) 2272 break; 2273 } else 2274 group = &sc->groups[0]; 2275 2276 memset(&cmd, 0, sizeof cmd); 2277 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2278 cmd.chan = htole16(chan); 2279 2280 /* Set TX power for all OFDM and CCK rates. */ 2281 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2282 /* Retrieve TX power for this channel/rate. */ 2283 idx = wpi_get_power_index(sc, group, ch, i); 2284 2285 cmd.rates[i].plcp = wpi_rates[i].plcp; 2286 2287 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2288 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2289 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2290 } else { 2291 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2292 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2293 } 2294 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2295 wpi_rates[i].rate, idx)); 2296 } 2297 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2298 } 2299 2300 /* 2301 * Determine TX power index for a given channel/rate combination. 2302 * This takes into account the regulatory information from EEPROM and the 2303 * current temperature. 2304 */ 2305 int 2306 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2307 struct ieee80211_channel *c, int ridx) 2308 { 2309 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2310 #define fdivround(a, b, n) \ 2311 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2312 2313 /* Linear interpolation. */ 2314 #define interpolate(x, x1, y1, x2, y2, n) \ 2315 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2316 2317 struct ieee80211com *ic = &sc->sc_ic; 2318 struct wpi_power_sample *sample; 2319 int pwr, idx; 2320 u_int chan; 2321 2322 /* Get channel number. */ 2323 chan = ieee80211_chan2ieee(ic, c); 2324 2325 /* Default TX power is group maximum TX power minus 3dB. */ 2326 pwr = group->maxpwr / 2; 2327 2328 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2329 switch (ridx) { 2330 case WPI_RIDX_OFDM36: 2331 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2332 break; 2333 case WPI_RIDX_OFDM48: 2334 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2335 break; 2336 case WPI_RIDX_OFDM54: 2337 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2338 break; 2339 } 2340 2341 /* Never exceed the channel maximum allowed TX power. */ 2342 pwr = MIN(pwr, sc->maxpwr[chan]); 2343 2344 /* Retrieve TX power index into gain tables from samples. */ 2345 for (sample = group->samples; sample < &group->samples[3]; sample++) 2346 if (pwr > sample[1].power) 2347 break; 2348 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2349 idx = interpolate(pwr, sample[0].power, sample[0].index, 2350 sample[1].power, sample[1].index, 19); 2351 2352 /*- 2353 * Adjust power index based on current temperature: 2354 * - if cooler than factory-calibrated: decrease output power 2355 * - if warmer than factory-calibrated: increase output power 2356 */ 2357 idx -= (sc->temp - group->temp) * 11 / 100; 2358 2359 /* Decrease TX power for CCK rates (-5dB). */ 2360 if (ridx >= WPI_RIDX_CCK1) 2361 idx += 10; 2362 2363 /* Make sure idx stays in a valid range. */ 2364 if (idx < 0) 2365 idx = 0; 2366 else if (idx > WPI_MAX_PWR_INDEX) 2367 idx = WPI_MAX_PWR_INDEX; 2368 return idx; 2369 2370 #undef interpolate 2371 #undef fdivround 2372 } 2373 2374 /* 2375 * Set STA mode power saving level (between 0 and 5). 2376 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2377 */ 2378 int 2379 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2380 { 2381 struct wpi_pmgt_cmd cmd; 2382 const struct wpi_pmgt *pmgt; 2383 uint32_t max, skip_dtim; 2384 pcireg_t reg; 2385 int i; 2386 2387 /* Select which PS parameters to use. */ 2388 if (dtim <= 10) 2389 pmgt = &wpi_pmgt[0][level]; 2390 else 2391 pmgt = &wpi_pmgt[1][level]; 2392 2393 memset(&cmd, 0, sizeof cmd); 2394 if (level != 0) /* not CAM */ 2395 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2396 /* Retrieve PCIe Active State Power Management (ASPM). */ 2397 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2398 sc->sc_cap_off + PCI_PCIE_LCSR); 2399 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2400 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2401 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2402 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2403 2404 if (dtim == 0) { 2405 dtim = 1; 2406 skip_dtim = 0; 2407 } else 2408 skip_dtim = pmgt->skip_dtim; 2409 if (skip_dtim != 0) { 2410 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2411 max = pmgt->intval[4]; 2412 if (max == (uint32_t)-1) 2413 max = dtim * (skip_dtim + 1); 2414 else if (max > dtim) 2415 max = (max / dtim) * dtim; 2416 } else 2417 max = dtim; 2418 for (i = 0; i < 5; i++) 2419 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2420 2421 DPRINTF(("setting power saving level to %d\n", level)); 2422 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2423 } 2424 2425 int 2426 wpi_config(struct wpi_softc *sc) 2427 { 2428 struct ieee80211com *ic = &sc->sc_ic; 2429 struct ifnet *ifp = &ic->ic_if; 2430 struct wpi_bluetooth bluetooth; 2431 struct wpi_node_info node; 2432 int error; 2433 2434 /* Set power saving level to CAM during initialization. */ 2435 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2436 printf("%s: could not set power saving level\n", 2437 sc->sc_dev.dv_xname); 2438 return error; 2439 } 2440 2441 /* Configure bluetooth coexistence. */ 2442 memset(&bluetooth, 0, sizeof bluetooth); 2443 bluetooth.flags = WPI_BT_COEX_MODE_4WIRE; 2444 bluetooth.lead_time = WPI_BT_LEAD_TIME_DEF; 2445 bluetooth.max_kill = WPI_BT_MAX_KILL_DEF; 2446 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2447 if (error != 0) { 2448 printf("%s: could not configure bluetooth coexistence\n", 2449 sc->sc_dev.dv_xname); 2450 return error; 2451 } 2452 2453 /* Configure adapter. */ 2454 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2455 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2456 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2457 /* Set default channel. */ 2458 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2459 sc->rxon.flags = htole32(WPI_RXON_TSF); 2460 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2461 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2462 switch (ic->ic_opmode) { 2463 case IEEE80211_M_STA: 2464 sc->rxon.mode = WPI_MODE_STA; 2465 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2466 break; 2467 case IEEE80211_M_MONITOR: 2468 sc->rxon.mode = WPI_MODE_MONITOR; 2469 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2470 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2471 break; 2472 default: 2473 /* Should not get there. */ 2474 break; 2475 } 2476 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2477 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2478 DPRINTF(("setting configuration\n")); 2479 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2480 0); 2481 if (error != 0) { 2482 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2483 return error; 2484 } 2485 2486 /* Configuration has changed, set TX power accordingly. */ 2487 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2488 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2489 return error; 2490 } 2491 2492 /* Add broadcast node. */ 2493 memset(&node, 0, sizeof node); 2494 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2495 node.id = WPI_ID_BROADCAST; 2496 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2497 node.action = htole32(WPI_ACTION_SET_RATE); 2498 node.antenna = WPI_ANTENNA_BOTH; 2499 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2500 if (error != 0) { 2501 printf("%s: could not add broadcast node\n", 2502 sc->sc_dev.dv_xname); 2503 return error; 2504 } 2505 2506 if ((error = wpi_mrr_setup(sc)) != 0) { 2507 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2508 return error; 2509 } 2510 return 0; 2511 } 2512 2513 int 2514 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2515 { 2516 struct ieee80211com *ic = &sc->sc_ic; 2517 struct wpi_scan_hdr *hdr; 2518 struct wpi_cmd_data *tx; 2519 struct wpi_scan_essid *essid; 2520 struct wpi_scan_chan *chan; 2521 struct ieee80211_frame *wh; 2522 struct ieee80211_rateset *rs; 2523 struct ieee80211_channel *c; 2524 uint8_t *buf, *frm; 2525 int buflen, error; 2526 2527 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2528 if (buf == NULL) { 2529 printf("%s: could not allocate buffer for scan command\n", 2530 sc->sc_dev.dv_xname); 2531 return ENOMEM; 2532 } 2533 hdr = (struct wpi_scan_hdr *)buf; 2534 /* 2535 * Move to the next channel if no frames are received within 10ms 2536 * after sending the probe request. 2537 */ 2538 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2539 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2540 2541 tx = (struct wpi_cmd_data *)(hdr + 1); 2542 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2543 tx->id = WPI_ID_BROADCAST; 2544 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2545 2546 if (flags & IEEE80211_CHAN_5GHZ) { 2547 hdr->crc_threshold = htole16(1); 2548 /* Send probe requests at 6Mbps. */ 2549 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2550 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2551 } else { 2552 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2553 /* Send probe requests at 1Mbps. */ 2554 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2555 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2556 } 2557 2558 essid = (struct wpi_scan_essid *)(tx + 1); 2559 if (ic->ic_des_esslen != 0) { 2560 essid[0].id = IEEE80211_ELEMID_SSID; 2561 essid[0].len = ic->ic_des_esslen; 2562 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2563 } 2564 /* 2565 * Build a probe request frame. Most of the following code is a 2566 * copy & paste of what is done in net80211. 2567 */ 2568 wh = (struct ieee80211_frame *)(essid + 4); 2569 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2570 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2571 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2572 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2573 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2574 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2575 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2576 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2577 2578 frm = (uint8_t *)(wh + 1); 2579 frm = ieee80211_add_ssid(frm, NULL, 0); 2580 frm = ieee80211_add_rates(frm, rs); 2581 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2582 frm = ieee80211_add_xrates(frm, rs); 2583 2584 /* Set length of probe request. */ 2585 tx->len = htole16(frm - (uint8_t *)wh); 2586 2587 chan = (struct wpi_scan_chan *)frm; 2588 for (c = &ic->ic_channels[1]; 2589 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2590 if ((c->ic_flags & flags) != flags) 2591 continue; 2592 2593 chan->chan = ieee80211_chan2ieee(ic, c); 2594 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2595 chan->flags = 0; 2596 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2597 chan->flags |= WPI_CHAN_ACTIVE; 2598 if (ic->ic_des_esslen != 0) 2599 chan->flags |= WPI_CHAN_NPBREQS(1); 2600 chan->dsp_gain = 0x6e; 2601 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2602 chan->rf_gain = 0x3b; 2603 chan->active = htole16(24); 2604 chan->passive = htole16(110); 2605 } else { 2606 chan->rf_gain = 0x28; 2607 chan->active = htole16(36); 2608 chan->passive = htole16(120); 2609 } 2610 hdr->nchan++; 2611 chan++; 2612 } 2613 2614 buflen = (uint8_t *)chan - buf; 2615 hdr->len = htole16(buflen); 2616 2617 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2618 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2619 free(buf, M_DEVBUF, WPI_SCAN_MAXSZ); 2620 return error; 2621 } 2622 2623 int 2624 wpi_auth(struct wpi_softc *sc) 2625 { 2626 struct ieee80211com *ic = &sc->sc_ic; 2627 struct ieee80211_node *ni = ic->ic_bss; 2628 struct wpi_node_info node; 2629 int error; 2630 2631 /* Update adapter configuration. */ 2632 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2633 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2634 sc->rxon.flags = htole32(WPI_RXON_TSF); 2635 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2636 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2637 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2638 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2639 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2640 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2641 switch (ic->ic_curmode) { 2642 case IEEE80211_MODE_11A: 2643 sc->rxon.cck_mask = 0; 2644 sc->rxon.ofdm_mask = 0x15; 2645 break; 2646 case IEEE80211_MODE_11B: 2647 sc->rxon.cck_mask = 0x03; 2648 sc->rxon.ofdm_mask = 0; 2649 break; 2650 default: /* Assume 802.11b/g. */ 2651 sc->rxon.cck_mask = 0x0f; 2652 sc->rxon.ofdm_mask = 0x15; 2653 } 2654 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2655 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2656 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2657 1); 2658 if (error != 0) { 2659 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2660 return error; 2661 } 2662 2663 /* Configuration has changed, set TX power accordingly. */ 2664 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2665 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2666 return error; 2667 } 2668 /* 2669 * Reconfiguring RXON clears the firmware nodes table so we must 2670 * add the broadcast node again. 2671 */ 2672 memset(&node, 0, sizeof node); 2673 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2674 node.id = WPI_ID_BROADCAST; 2675 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2676 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2677 node.action = htole32(WPI_ACTION_SET_RATE); 2678 node.antenna = WPI_ANTENNA_BOTH; 2679 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2680 if (error != 0) { 2681 printf("%s: could not add broadcast node\n", 2682 sc->sc_dev.dv_xname); 2683 return error; 2684 } 2685 return 0; 2686 } 2687 2688 int 2689 wpi_run(struct wpi_softc *sc) 2690 { 2691 struct ieee80211com *ic = &sc->sc_ic; 2692 struct ieee80211_node *ni = ic->ic_bss; 2693 struct wpi_node_info node; 2694 int error; 2695 2696 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2697 /* Link LED blinks while monitoring. */ 2698 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2699 return 0; 2700 } 2701 if ((error = wpi_set_timing(sc, ni)) != 0) { 2702 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2703 return error; 2704 } 2705 2706 /* Update adapter configuration. */ 2707 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2708 /* Short preamble and slot time are negotiated when associating. */ 2709 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2710 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2711 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2712 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2713 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2714 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2715 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2716 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2717 1); 2718 if (error != 0) { 2719 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2720 return error; 2721 } 2722 2723 /* Configuration has changed, set TX power accordingly. */ 2724 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2725 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2726 return error; 2727 } 2728 2729 /* Fake a join to init the TX rate. */ 2730 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2731 wpi_newassoc(ic, ni, 1); 2732 2733 /* Add BSS node. */ 2734 memset(&node, 0, sizeof node); 2735 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2736 node.id = WPI_ID_BSS; 2737 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2738 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2739 node.action = htole32(WPI_ACTION_SET_RATE); 2740 node.antenna = WPI_ANTENNA_BOTH; 2741 DPRINTF(("adding BSS node\n")); 2742 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2743 if (error != 0) { 2744 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2745 return error; 2746 } 2747 2748 /* Start periodic calibration timer. */ 2749 sc->calib_cnt = 0; 2750 timeout_add_msec(&sc->calib_to, 500); 2751 2752 /* Link LED always on while associated. */ 2753 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2754 2755 /* Enable power-saving mode if requested by user. */ 2756 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2757 (void)wpi_set_pslevel(sc, 0, 3, 1); 2758 2759 return 0; 2760 } 2761 2762 /* 2763 * We support CCMP hardware encryption/decryption of unicast frames only. 2764 * HW support for TKIP really sucks. We should let TKIP die anyway. 2765 */ 2766 int 2767 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2768 struct ieee80211_key *k) 2769 { 2770 struct wpi_softc *sc = ic->ic_softc; 2771 struct wpi_node *wn = (void *)ni; 2772 struct wpi_node_info node; 2773 uint16_t kflags; 2774 2775 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2776 k->k_cipher != IEEE80211_CIPHER_CCMP) 2777 return ieee80211_set_key(ic, ni, k); 2778 2779 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2780 memset(&node, 0, sizeof node); 2781 node.id = wn->id; 2782 node.control = WPI_NODE_UPDATE; 2783 node.flags = WPI_FLAG_SET_KEY; 2784 node.kflags = htole16(kflags); 2785 memcpy(node.key, k->k_key, k->k_len); 2786 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2787 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2788 } 2789 2790 void 2791 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2792 struct ieee80211_key *k) 2793 { 2794 struct wpi_softc *sc = ic->ic_softc; 2795 struct wpi_node *wn = (void *)ni; 2796 struct wpi_node_info node; 2797 2798 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2799 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2800 /* See comment about other ciphers above. */ 2801 ieee80211_delete_key(ic, ni, k); 2802 return; 2803 } 2804 if (ic->ic_state != IEEE80211_S_RUN) 2805 return; /* Nothing to do. */ 2806 memset(&node, 0, sizeof node); 2807 node.id = wn->id; 2808 node.control = WPI_NODE_UPDATE; 2809 node.flags = WPI_FLAG_SET_KEY; 2810 node.kflags = 0; 2811 DPRINTF(("delete keys for node %d\n", node.id)); 2812 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2813 } 2814 2815 int 2816 wpi_post_alive(struct wpi_softc *sc) 2817 { 2818 int ntries, error; 2819 2820 /* Check (again) that the radio is not disabled. */ 2821 if ((error = wpi_nic_lock(sc)) != 0) 2822 return error; 2823 /* NB: Runtime firmware must be up and running. */ 2824 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2825 printf("%s: radio is disabled by hardware switch\n", 2826 sc->sc_dev.dv_xname); 2827 wpi_nic_unlock(sc); 2828 return EPERM; /* :-) */ 2829 } 2830 wpi_nic_unlock(sc); 2831 2832 /* Wait for thermal sensor to calibrate. */ 2833 for (ntries = 0; ntries < 1000; ntries++) { 2834 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2835 break; 2836 DELAY(10); 2837 } 2838 if (ntries == 1000) { 2839 printf("%s: timeout waiting for thermal sensor calibration\n", 2840 sc->sc_dev.dv_xname); 2841 return ETIMEDOUT; 2842 } 2843 DPRINTF(("temperature %d\n", sc->temp)); 2844 return 0; 2845 } 2846 2847 /* 2848 * The firmware boot code is small and is intended to be copied directly into 2849 * the NIC internal memory (no DMA transfer.) 2850 */ 2851 int 2852 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2853 { 2854 int error, ntries; 2855 2856 size /= sizeof (uint32_t); 2857 2858 if ((error = wpi_nic_lock(sc)) != 0) 2859 return error; 2860 2861 /* Copy microcode image into NIC memory. */ 2862 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2863 (const uint32_t *)ucode, size); 2864 2865 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2866 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2867 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2868 2869 /* Start boot load now. */ 2870 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2871 2872 /* Wait for transfer to complete. */ 2873 for (ntries = 0; ntries < 1000; ntries++) { 2874 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2875 WPI_BSM_WR_CTRL_START)) 2876 break; 2877 DELAY(10); 2878 } 2879 if (ntries == 1000) { 2880 printf("%s: could not load boot firmware\n", 2881 sc->sc_dev.dv_xname); 2882 wpi_nic_unlock(sc); 2883 return ETIMEDOUT; 2884 } 2885 2886 /* Enable boot after power up. */ 2887 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2888 2889 wpi_nic_unlock(sc); 2890 return 0; 2891 } 2892 2893 int 2894 wpi_load_firmware(struct wpi_softc *sc) 2895 { 2896 struct wpi_fw_info *fw = &sc->fw; 2897 struct wpi_dma_info *dma = &sc->fw_dma; 2898 int error; 2899 2900 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2901 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2902 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2903 BUS_DMASYNC_PREWRITE); 2904 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2905 fw->init.text, fw->init.textsz); 2906 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2907 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2908 2909 /* Tell adapter where to find initialization sections. */ 2910 if ((error = wpi_nic_lock(sc)) != 0) 2911 return error; 2912 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2913 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2914 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2915 dma->paddr + WPI_FW_DATA_MAXSZ); 2916 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2917 wpi_nic_unlock(sc); 2918 2919 /* Load firmware boot code. */ 2920 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2921 if (error != 0) { 2922 printf("%s: could not load boot firmware\n", 2923 sc->sc_dev.dv_xname); 2924 return error; 2925 } 2926 /* Now press "execute". */ 2927 WPI_WRITE(sc, WPI_RESET, 0); 2928 2929 /* Wait at most one second for first alive notification. */ 2930 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 2931 printf("%s: timeout waiting for adapter to initialize\n", 2932 sc->sc_dev.dv_xname); 2933 return error; 2934 } 2935 2936 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2937 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2938 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2939 BUS_DMASYNC_PREWRITE); 2940 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2941 fw->main.text, fw->main.textsz); 2942 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2943 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2944 2945 /* Tell adapter where to find runtime sections. */ 2946 if ((error = wpi_nic_lock(sc)) != 0) 2947 return error; 2948 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2949 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2950 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2951 dma->paddr + WPI_FW_DATA_MAXSZ); 2952 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2953 WPI_FW_UPDATED | fw->main.textsz); 2954 wpi_nic_unlock(sc); 2955 2956 return 0; 2957 } 2958 2959 int 2960 wpi_read_firmware(struct wpi_softc *sc) 2961 { 2962 struct wpi_fw_info *fw = &sc->fw; 2963 const struct wpi_firmware_hdr *hdr; 2964 size_t size; 2965 int error; 2966 2967 /* Read firmware image from filesystem. */ 2968 if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { 2969 printf("%s: error, %d, could not read firmware %s\n", 2970 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 2971 return error; 2972 } 2973 if (size < sizeof (*hdr)) { 2974 printf("%s: truncated firmware header: %zu bytes\n", 2975 sc->sc_dev.dv_xname, size); 2976 free(fw->data, M_DEVBUF, size); 2977 return EINVAL; 2978 } 2979 /* Extract firmware header information. */ 2980 hdr = (struct wpi_firmware_hdr *)fw->data; 2981 fw->main.textsz = letoh32(hdr->main_textsz); 2982 fw->main.datasz = letoh32(hdr->main_datasz); 2983 fw->init.textsz = letoh32(hdr->init_textsz); 2984 fw->init.datasz = letoh32(hdr->init_datasz); 2985 fw->boot.textsz = letoh32(hdr->boot_textsz); 2986 fw->boot.datasz = 0; 2987 2988 /* Sanity-check firmware header. */ 2989 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 2990 fw->main.datasz > WPI_FW_DATA_MAXSZ || 2991 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 2992 fw->init.datasz > WPI_FW_DATA_MAXSZ || 2993 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 2994 (fw->boot.textsz & 3) != 0) { 2995 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 2996 free(fw->data, M_DEVBUF, size); 2997 return EINVAL; 2998 } 2999 3000 /* Check that all firmware sections fit. */ 3001 if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 3002 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 3003 printf("%s: firmware file too short: %zu bytes\n", 3004 sc->sc_dev.dv_xname, size); 3005 free(fw->data, M_DEVBUF, size); 3006 return EINVAL; 3007 } 3008 3009 /* Get pointers to firmware sections. */ 3010 fw->main.text = (const uint8_t *)(hdr + 1); 3011 fw->main.data = fw->main.text + fw->main.textsz; 3012 fw->init.text = fw->main.data + fw->main.datasz; 3013 fw->init.data = fw->init.text + fw->init.textsz; 3014 fw->boot.text = fw->init.data + fw->init.datasz; 3015 3016 return 0; 3017 } 3018 3019 int 3020 wpi_clock_wait(struct wpi_softc *sc) 3021 { 3022 int ntries; 3023 3024 /* Set "initialization complete" bit. */ 3025 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 3026 3027 /* Wait for clock stabilization. */ 3028 for (ntries = 0; ntries < 25000; ntries++) { 3029 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3030 return 0; 3031 DELAY(100); 3032 } 3033 printf("%s: timeout waiting for clock stabilization\n", 3034 sc->sc_dev.dv_xname); 3035 return ETIMEDOUT; 3036 } 3037 3038 int 3039 wpi_apm_init(struct wpi_softc *sc) 3040 { 3041 int error; 3042 3043 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3044 /* Disable L0s. */ 3045 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3046 3047 if ((error = wpi_clock_wait(sc)) != 0) 3048 return error; 3049 3050 if ((error = wpi_nic_lock(sc)) != 0) 3051 return error; 3052 /* Enable DMA. */ 3053 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3054 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3055 DELAY(20); 3056 /* Disable L1. */ 3057 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3058 wpi_nic_unlock(sc); 3059 3060 return 0; 3061 } 3062 3063 void 3064 wpi_apm_stop_master(struct wpi_softc *sc) 3065 { 3066 int ntries; 3067 3068 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3069 3070 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3071 WPI_GP_CNTRL_MAC_PS) 3072 return; /* Already asleep. */ 3073 3074 for (ntries = 0; ntries < 100; ntries++) { 3075 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3076 return; 3077 DELAY(10); 3078 } 3079 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3080 } 3081 3082 void 3083 wpi_apm_stop(struct wpi_softc *sc) 3084 { 3085 wpi_apm_stop_master(sc); 3086 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3087 } 3088 3089 void 3090 wpi_nic_config(struct wpi_softc *sc) 3091 { 3092 pcireg_t reg; 3093 uint8_t rev; 3094 3095 /* Voodoo from the reference driver. */ 3096 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3097 rev = PCI_REVISION(reg); 3098 if ((rev & 0xc0) == 0x40) 3099 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3100 else if (!(rev & 0x80)) 3101 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3102 3103 if (sc->cap == 0x80) 3104 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3105 3106 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3107 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3108 else 3109 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3110 3111 if (sc->type > 1) 3112 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3113 } 3114 3115 int 3116 wpi_hw_init(struct wpi_softc *sc) 3117 { 3118 int chnl, ntries, error; 3119 3120 /* Clear pending interrupts. */ 3121 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3122 3123 if ((error = wpi_apm_init(sc)) != 0) { 3124 printf("%s: could not power ON adapter\n", 3125 sc->sc_dev.dv_xname); 3126 return error; 3127 } 3128 3129 /* Select VMAIN power source. */ 3130 if ((error = wpi_nic_lock(sc)) != 0) 3131 return error; 3132 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3133 wpi_nic_unlock(sc); 3134 /* Spin until VMAIN gets selected. */ 3135 for (ntries = 0; ntries < 5000; ntries++) { 3136 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3137 break; 3138 DELAY(10); 3139 } 3140 if (ntries == 5000) { 3141 printf("%s: timeout selecting power source\n", 3142 sc->sc_dev.dv_xname); 3143 return ETIMEDOUT; 3144 } 3145 3146 /* Perform adapter initialization. */ 3147 (void)wpi_nic_config(sc); 3148 3149 /* Initialize RX ring. */ 3150 if ((error = wpi_nic_lock(sc)) != 0) 3151 return error; 3152 /* Set physical address of RX ring. */ 3153 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3154 /* Set physical address of RX read pointer. */ 3155 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3156 offsetof(struct wpi_shared, next)); 3157 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3158 /* Enable RX. */ 3159 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3160 WPI_FH_RX_CONFIG_DMA_ENA | 3161 WPI_FH_RX_CONFIG_RDRBD_ENA | 3162 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3163 WPI_FH_RX_CONFIG_MAXFRAG | 3164 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3165 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3166 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3167 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3168 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3169 wpi_nic_unlock(sc); 3170 3171 /* Initialize TX rings. */ 3172 if ((error = wpi_nic_lock(sc)) != 0) 3173 return error; 3174 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3175 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3176 /* Enable all 6 TX rings. */ 3177 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3178 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3179 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3180 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3181 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3182 /* Set physical address of TX rings. */ 3183 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3184 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3185 3186 /* Enable all DMA channels. */ 3187 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3188 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 3189 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 3190 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 3191 } 3192 wpi_nic_unlock(sc); 3193 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3194 3195 /* Clear "radio off" and "commands blocked" bits. */ 3196 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3197 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3198 3199 /* Clear pending interrupts. */ 3200 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3201 /* Enable interrupts. */ 3202 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3203 3204 /* _Really_ make sure "radio off" bit is cleared! */ 3205 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3206 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3207 3208 if ((error = wpi_load_firmware(sc)) != 0) { 3209 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3210 return error; 3211 } 3212 /* Wait at most one second for firmware alive notification. */ 3213 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 3214 printf("%s: timeout waiting for adapter to initialize\n", 3215 sc->sc_dev.dv_xname); 3216 return error; 3217 } 3218 /* Do post-firmware initialization. */ 3219 return wpi_post_alive(sc); 3220 } 3221 3222 void 3223 wpi_hw_stop(struct wpi_softc *sc) 3224 { 3225 int chnl, qid, ntries; 3226 uint32_t tmp; 3227 3228 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3229 3230 /* Disable interrupts. */ 3231 WPI_WRITE(sc, WPI_MASK, 0); 3232 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3233 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3234 3235 /* Make sure we no longer hold the NIC lock. */ 3236 wpi_nic_unlock(sc); 3237 3238 if (wpi_nic_lock(sc) == 0) { 3239 /* Stop TX scheduler. */ 3240 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3241 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 3242 3243 /* Stop all DMA channels. */ 3244 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3245 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 3246 for (ntries = 0; ntries < 100; ntries++) { 3247 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 3248 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) == 3249 WPI_FH_TX_STATUS_IDLE(chnl)) 3250 break; 3251 DELAY(10); 3252 } 3253 } 3254 wpi_nic_unlock(sc); 3255 } 3256 3257 /* Stop RX ring. */ 3258 wpi_reset_rx_ring(sc, &sc->rxq); 3259 3260 /* Reset all TX rings. */ 3261 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3262 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3263 3264 if (wpi_nic_lock(sc) == 0) { 3265 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3266 wpi_nic_unlock(sc); 3267 } 3268 DELAY(5); 3269 /* Power OFF adapter. */ 3270 wpi_apm_stop(sc); 3271 } 3272 3273 int 3274 wpi_init(struct ifnet *ifp) 3275 { 3276 struct wpi_softc *sc = ifp->if_softc; 3277 struct ieee80211com *ic = &sc->sc_ic; 3278 int error; 3279 3280 #ifdef notyet 3281 /* Check that the radio is not disabled by hardware switch. */ 3282 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3283 printf("%s: radio is disabled by hardware switch\n", 3284 sc->sc_dev.dv_xname); 3285 error = EPERM; /* :-) */ 3286 goto fail; 3287 } 3288 #endif 3289 /* Read firmware images from the filesystem. */ 3290 if ((error = wpi_read_firmware(sc)) != 0) { 3291 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3292 goto fail; 3293 } 3294 3295 /* Initialize hardware and upload firmware. */ 3296 error = wpi_hw_init(sc); 3297 free(sc->fw.data, M_DEVBUF, 0); 3298 if (error != 0) { 3299 printf("%s: could not initialize hardware\n", 3300 sc->sc_dev.dv_xname); 3301 goto fail; 3302 } 3303 3304 /* Configure adapter now that it is ready. */ 3305 if ((error = wpi_config(sc)) != 0) { 3306 printf("%s: could not configure device\n", 3307 sc->sc_dev.dv_xname); 3308 goto fail; 3309 } 3310 3311 ifq_clr_oactive(&ifp->if_snd); 3312 ifp->if_flags |= IFF_RUNNING; 3313 3314 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3315 ieee80211_begin_scan(ifp); 3316 else 3317 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3318 3319 return 0; 3320 3321 fail: wpi_stop(ifp, 1); 3322 return error; 3323 } 3324 3325 void 3326 wpi_stop(struct ifnet *ifp, int disable) 3327 { 3328 struct wpi_softc *sc = ifp->if_softc; 3329 struct ieee80211com *ic = &sc->sc_ic; 3330 3331 ifp->if_timer = sc->sc_tx_timer = 0; 3332 ifp->if_flags &= ~IFF_RUNNING; 3333 ifq_clr_oactive(&ifp->if_snd); 3334 3335 /* In case we were scanning, release the scan "lock". */ 3336 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 3337 3338 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3339 3340 /* Power OFF hardware. */ 3341 wpi_hw_stop(sc); 3342 } 3343