1 /* $OpenBSD: if_wpi.c,v 1.110 2011/06/02 18:36:53 mk Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/kernel.h> 30 #include <sys/socket.h> 31 #include <sys/systm.h> 32 #include <sys/malloc.h> 33 #include <sys/conf.h> 34 #include <sys/device.h> 35 #include <sys/workq.h> 36 37 #include <machine/bus.h> 38 #include <machine/endian.h> 39 #include <machine/intr.h> 40 41 #include <dev/pci/pcireg.h> 42 #include <dev/pci/pcivar.h> 43 #include <dev/pci/pcidevs.h> 44 45 #if NBPFILTER > 0 46 #include <net/bpf.h> 47 #endif 48 #include <net/if.h> 49 #include <net/if_arp.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 #include <net/if_types.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/in_var.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip.h> 59 60 #include <net80211/ieee80211_var.h> 61 #include <net80211/ieee80211_amrr.h> 62 #include <net80211/ieee80211_radiotap.h> 63 64 #include <dev/pci/if_wpireg.h> 65 #include <dev/pci/if_wpivar.h> 66 67 static const struct pci_matchid wpi_devices[] = { 68 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 69 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 70 }; 71 72 int wpi_match(struct device *, void *, void *); 73 void wpi_attach(struct device *, struct device *, void *); 74 #if NBPFILTER > 0 75 void wpi_radiotap_attach(struct wpi_softc *); 76 #endif 77 int wpi_detach(struct device *, int); 78 int wpi_activate(struct device *, int); 79 void wpi_resume(void *, void *); 80 int wpi_nic_lock(struct wpi_softc *); 81 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 82 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 83 void **, bus_size_t, bus_size_t); 84 void wpi_dma_contig_free(struct wpi_dma_info *); 85 int wpi_alloc_shared(struct wpi_softc *); 86 void wpi_free_shared(struct wpi_softc *); 87 int wpi_alloc_fwmem(struct wpi_softc *); 88 void wpi_free_fwmem(struct wpi_softc *); 89 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 90 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 91 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 92 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 93 int); 94 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 95 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 96 int wpi_read_eeprom(struct wpi_softc *); 97 void wpi_read_eeprom_channels(struct wpi_softc *, int); 98 void wpi_read_eeprom_group(struct wpi_softc *, int); 99 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 100 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 101 int); 102 int wpi_media_change(struct ifnet *); 103 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 104 void wpi_iter_func(void *, struct ieee80211_node *); 105 void wpi_calib_timeout(void *); 106 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 107 struct ieee80211_key *); 108 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 109 struct wpi_rx_data *); 110 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 111 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 112 void wpi_notif_intr(struct wpi_softc *); 113 void wpi_fatal_intr(struct wpi_softc *); 114 int wpi_intr(void *); 115 int wpi_tx(struct wpi_softc *, struct mbuf *, 116 struct ieee80211_node *); 117 void wpi_start(struct ifnet *); 118 void wpi_watchdog(struct ifnet *); 119 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 120 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 121 int wpi_mrr_setup(struct wpi_softc *); 122 void wpi_updateedca(struct ieee80211com *); 123 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 124 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 125 void wpi_power_calibration(struct wpi_softc *); 126 int wpi_set_txpower(struct wpi_softc *, int); 127 int wpi_get_power_index(struct wpi_softc *, 128 struct wpi_power_group *, struct ieee80211_channel *, int); 129 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 130 int wpi_config(struct wpi_softc *); 131 int wpi_scan(struct wpi_softc *, uint16_t); 132 int wpi_auth(struct wpi_softc *); 133 int wpi_run(struct wpi_softc *); 134 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 135 struct ieee80211_key *); 136 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 137 struct ieee80211_key *); 138 int wpi_post_alive(struct wpi_softc *); 139 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 140 int wpi_load_firmware(struct wpi_softc *); 141 int wpi_read_firmware(struct wpi_softc *); 142 int wpi_clock_wait(struct wpi_softc *); 143 int wpi_apm_init(struct wpi_softc *); 144 void wpi_apm_stop_master(struct wpi_softc *); 145 void wpi_apm_stop(struct wpi_softc *); 146 void wpi_nic_config(struct wpi_softc *); 147 int wpi_hw_init(struct wpi_softc *); 148 void wpi_hw_stop(struct wpi_softc *); 149 int wpi_init(struct ifnet *); 150 void wpi_stop(struct ifnet *, int); 151 152 #ifdef WPI_DEBUG 153 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 154 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 155 int wpi_debug = 0; 156 #else 157 #define DPRINTF(x) 158 #define DPRINTFN(n, x) 159 #endif 160 161 struct cfdriver wpi_cd = { 162 NULL, "wpi", DV_IFNET 163 }; 164 165 struct cfattach wpi_ca = { 166 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach, 167 wpi_activate 168 }; 169 170 int 171 wpi_match(struct device *parent, void *match, void *aux) 172 { 173 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 174 nitems(wpi_devices)); 175 } 176 177 void 178 wpi_attach(struct device *parent, struct device *self, void *aux) 179 { 180 struct wpi_softc *sc = (struct wpi_softc *)self; 181 struct ieee80211com *ic = &sc->sc_ic; 182 struct ifnet *ifp = &ic->ic_if; 183 struct pci_attach_args *pa = aux; 184 const char *intrstr; 185 pci_intr_handle_t ih; 186 pcireg_t memtype, reg; 187 int i, error; 188 189 sc->sc_pct = pa->pa_pc; 190 sc->sc_pcitag = pa->pa_tag; 191 sc->sc_dmat = pa->pa_dmat; 192 193 /* 194 * Get the offset of the PCI Express Capability Structure in PCI 195 * Configuration Space (the vendor driver hard-codes it as E0h.) 196 */ 197 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 198 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 199 if (error == 0) { 200 printf(": PCIe capability structure not found!\n"); 201 return; 202 } 203 204 /* Clear device-specific "PCI retry timeout" register (41h). */ 205 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 206 reg &= ~0xff00; 207 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 208 209 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 210 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 211 &sc->sc_sh, NULL, &sc->sc_sz, 0); 212 if (error != 0) { 213 printf(": can't map mem space\n"); 214 return; 215 } 216 217 /* Install interrupt handler. */ 218 if (pci_intr_map_msi(pa, &ih) != 0 && pci_intr_map(pa, &ih) != 0) { 219 printf(": can't map interrupt\n"); 220 return; 221 } 222 intrstr = pci_intr_string(sc->sc_pct, ih); 223 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 224 sc->sc_dev.dv_xname); 225 if (sc->sc_ih == NULL) { 226 printf(": can't establish interrupt"); 227 if (intrstr != NULL) 228 printf(" at %s", intrstr); 229 printf("\n"); 230 return; 231 } 232 printf(": %s", intrstr); 233 234 /* Power ON adapter. */ 235 if ((error = wpi_apm_init(sc)) != 0) { 236 printf(": could not power ON adapter\n"); 237 return; 238 } 239 240 /* Read MAC address, channels, etc from EEPROM. */ 241 if ((error = wpi_read_eeprom(sc)) != 0) { 242 printf(": could not read EEPROM\n"); 243 return; 244 } 245 246 /* Allocate DMA memory for firmware transfers. */ 247 if ((error = wpi_alloc_fwmem(sc)) != 0) { 248 printf(": could not allocate memory for firmware\n"); 249 return; 250 } 251 252 /* Allocate shared area. */ 253 if ((error = wpi_alloc_shared(sc)) != 0) { 254 printf(": could not allocate shared area\n"); 255 goto fail1; 256 } 257 258 /* Allocate TX rings. */ 259 for (i = 0; i < WPI_NTXQUEUES; i++) { 260 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 261 printf(": could not allocate TX ring %d\n", i); 262 goto fail2; 263 } 264 } 265 266 /* Allocate RX ring. */ 267 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 268 printf(": could not allocate Rx ring\n"); 269 goto fail2; 270 } 271 272 /* Power OFF adapter. */ 273 wpi_apm_stop(sc); 274 /* Clear pending interrupts. */ 275 WPI_WRITE(sc, WPI_INT, 0xffffffff); 276 277 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 278 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 279 ic->ic_state = IEEE80211_S_INIT; 280 281 /* Set device capabilities. */ 282 ic->ic_caps = 283 IEEE80211_C_WEP | /* WEP */ 284 IEEE80211_C_RSN | /* WPA/RSN */ 285 IEEE80211_C_MONITOR | /* monitor mode supported */ 286 IEEE80211_C_SHSLOT | /* short slot time supported */ 287 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 288 IEEE80211_C_PMGT; /* power saving supported */ 289 290 /* Set supported rates. */ 291 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 292 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 293 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 294 ic->ic_sup_rates[IEEE80211_MODE_11A] = 295 ieee80211_std_rateset_11a; 296 } 297 298 /* IBSS channel undefined for now. */ 299 ic->ic_ibss_chan = &ic->ic_channels[0]; 300 301 ifp->if_softc = sc; 302 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 303 ifp->if_ioctl = wpi_ioctl; 304 ifp->if_start = wpi_start; 305 ifp->if_watchdog = wpi_watchdog; 306 IFQ_SET_READY(&ifp->if_snd); 307 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 308 309 if_attach(ifp); 310 ieee80211_ifattach(ifp); 311 ic->ic_node_alloc = wpi_node_alloc; 312 ic->ic_newassoc = wpi_newassoc; 313 ic->ic_updateedca = wpi_updateedca; 314 ic->ic_set_key = wpi_set_key; 315 ic->ic_delete_key = wpi_delete_key; 316 317 /* Override 802.11 state transition machine. */ 318 sc->sc_newstate = ic->ic_newstate; 319 ic->ic_newstate = wpi_newstate; 320 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 321 322 sc->amrr.amrr_min_success_threshold = 1; 323 sc->amrr.amrr_max_success_threshold = 15; 324 325 #if NBPFILTER > 0 326 wpi_radiotap_attach(sc); 327 #endif 328 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 329 return; 330 331 /* Free allocated memory if something failed during attachment. */ 332 fail2: while (--i >= 0) 333 wpi_free_tx_ring(sc, &sc->txq[i]); 334 wpi_free_shared(sc); 335 fail1: wpi_free_fwmem(sc); 336 } 337 338 #if NBPFILTER > 0 339 /* 340 * Attach the interface to 802.11 radiotap. 341 */ 342 void 343 wpi_radiotap_attach(struct wpi_softc *sc) 344 { 345 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 346 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 347 348 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 349 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 350 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 351 352 sc->sc_txtap_len = sizeof sc->sc_txtapu; 353 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 354 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 355 } 356 #endif 357 358 int 359 wpi_detach(struct device *self, int flags) 360 { 361 struct wpi_softc *sc = (struct wpi_softc *)self; 362 struct ifnet *ifp = &sc->sc_ic.ic_if; 363 int qid; 364 365 timeout_del(&sc->calib_to); 366 367 /* Uninstall interrupt handler. */ 368 if (sc->sc_ih != NULL) 369 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 370 371 /* Free DMA resources. */ 372 wpi_free_rx_ring(sc, &sc->rxq); 373 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 374 wpi_free_tx_ring(sc, &sc->txq[qid]); 375 wpi_free_shared(sc); 376 wpi_free_fwmem(sc); 377 378 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 379 380 ieee80211_ifdetach(ifp); 381 if_detach(ifp); 382 383 return 0; 384 } 385 386 int 387 wpi_activate(struct device *self, int act) 388 { 389 struct wpi_softc *sc = (struct wpi_softc *)self; 390 struct ifnet *ifp = &sc->sc_ic.ic_if; 391 392 switch (act) { 393 case DVACT_SUSPEND: 394 if (ifp->if_flags & IFF_RUNNING) 395 wpi_stop(ifp, 0); 396 break; 397 case DVACT_RESUME: 398 workq_queue_task(NULL, &sc->sc_resume_wqt, 0, 399 wpi_resume, sc, NULL); 400 break; 401 } 402 403 return 0; 404 } 405 406 void 407 wpi_resume(void *arg1, void *arg2) 408 { 409 struct wpi_softc *sc = arg1; 410 struct ifnet *ifp = &sc->sc_ic.ic_if; 411 pcireg_t reg; 412 int s; 413 414 /* Clear device-specific "PCI retry timeout" register (41h). */ 415 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 416 reg &= ~0xff00; 417 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 418 419 s = splnet(); 420 while (sc->sc_flags & WPI_FLAG_BUSY) 421 tsleep(&sc->sc_flags, 0, "wpipwr", 0); 422 sc->sc_flags |= WPI_FLAG_BUSY; 423 424 if (ifp->if_flags & IFF_UP) 425 wpi_init(ifp); 426 427 sc->sc_flags &= ~WPI_FLAG_BUSY; 428 wakeup(&sc->sc_flags); 429 splx(s); 430 } 431 432 int 433 wpi_nic_lock(struct wpi_softc *sc) 434 { 435 int ntries; 436 437 /* Request exclusive access to NIC. */ 438 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 439 440 /* Spin until we actually get the lock. */ 441 for (ntries = 0; ntries < 1000; ntries++) { 442 if ((WPI_READ(sc, WPI_GP_CNTRL) & 443 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 444 WPI_GP_CNTRL_MAC_ACCESS_ENA) 445 return 0; 446 DELAY(10); 447 } 448 return ETIMEDOUT; 449 } 450 451 static __inline void 452 wpi_nic_unlock(struct wpi_softc *sc) 453 { 454 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 455 } 456 457 static __inline uint32_t 458 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 459 { 460 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 461 WPI_BARRIER_READ_WRITE(sc); 462 return WPI_READ(sc, WPI_PRPH_RDATA); 463 } 464 465 static __inline void 466 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 467 { 468 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 469 WPI_BARRIER_WRITE(sc); 470 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 471 } 472 473 static __inline void 474 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 475 { 476 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 477 } 478 479 static __inline void 480 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 481 { 482 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 483 } 484 485 static __inline void 486 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 487 const uint32_t *data, int count) 488 { 489 for (; count > 0; count--, data++, addr += 4) 490 wpi_prph_write(sc, addr, *data); 491 } 492 493 static __inline uint32_t 494 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 495 { 496 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 497 WPI_BARRIER_READ_WRITE(sc); 498 return WPI_READ(sc, WPI_MEM_RDATA); 499 } 500 501 static __inline void 502 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 503 { 504 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 505 WPI_BARRIER_WRITE(sc); 506 WPI_WRITE(sc, WPI_MEM_WDATA, data); 507 } 508 509 static __inline void 510 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 511 int count) 512 { 513 for (; count > 0; count--, addr += 4) 514 *data++ = wpi_mem_read(sc, addr); 515 } 516 517 int 518 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 519 { 520 uint8_t *out = data; 521 uint32_t val; 522 int error, ntries; 523 524 if ((error = wpi_nic_lock(sc)) != 0) 525 return error; 526 527 for (; count > 0; count -= 2, addr++) { 528 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 529 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 530 531 for (ntries = 0; ntries < 10; ntries++) { 532 val = WPI_READ(sc, WPI_EEPROM); 533 if (val & WPI_EEPROM_READ_VALID) 534 break; 535 DELAY(5); 536 } 537 if (ntries == 10) { 538 printf("%s: could not read EEPROM\n", 539 sc->sc_dev.dv_xname); 540 return ETIMEDOUT; 541 } 542 *out++ = val >> 16; 543 if (count > 1) 544 *out++ = val >> 24; 545 } 546 547 wpi_nic_unlock(sc); 548 return 0; 549 } 550 551 int 552 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 553 bus_size_t size, bus_size_t alignment) 554 { 555 int nsegs, error; 556 557 dma->tag = tag; 558 dma->size = size; 559 560 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 561 &dma->map); 562 if (error != 0) 563 goto fail; 564 565 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 566 BUS_DMA_NOWAIT | BUS_DMA_ZERO); 567 if (error != 0) 568 goto fail; 569 570 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 571 BUS_DMA_NOWAIT | BUS_DMA_COHERENT); 572 if (error != 0) 573 goto fail; 574 575 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, 576 BUS_DMA_NOWAIT); 577 if (error != 0) 578 goto fail; 579 580 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 581 582 dma->paddr = dma->map->dm_segs[0].ds_addr; 583 if (kvap != NULL) 584 *kvap = dma->vaddr; 585 586 return 0; 587 588 fail: wpi_dma_contig_free(dma); 589 return error; 590 } 591 592 void 593 wpi_dma_contig_free(struct wpi_dma_info *dma) 594 { 595 if (dma->map != NULL) { 596 if (dma->vaddr != NULL) { 597 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 598 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 599 bus_dmamap_unload(dma->tag, dma->map); 600 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 601 bus_dmamem_free(dma->tag, &dma->seg, 1); 602 dma->vaddr = NULL; 603 } 604 bus_dmamap_destroy(dma->tag, dma->map); 605 dma->map = NULL; 606 } 607 } 608 609 int 610 wpi_alloc_shared(struct wpi_softc *sc) 611 { 612 /* Shared buffer must be aligned on a 4KB boundary. */ 613 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 614 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 615 } 616 617 void 618 wpi_free_shared(struct wpi_softc *sc) 619 { 620 wpi_dma_contig_free(&sc->shared_dma); 621 } 622 623 int 624 wpi_alloc_fwmem(struct wpi_softc *sc) 625 { 626 /* Allocate enough contiguous space to store text and data. */ 627 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 628 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 629 } 630 631 void 632 wpi_free_fwmem(struct wpi_softc *sc) 633 { 634 wpi_dma_contig_free(&sc->fw_dma); 635 } 636 637 int 638 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 639 { 640 bus_size_t size; 641 int i, error; 642 643 ring->cur = 0; 644 645 /* Allocate RX descriptors (16KB aligned.) */ 646 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 647 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 648 (void **)&ring->desc, size, 16 * 1024); 649 if (error != 0) { 650 printf("%s: could not allocate RX ring DMA memory\n", 651 sc->sc_dev.dv_xname); 652 goto fail; 653 } 654 655 /* 656 * Allocate and map RX buffers. 657 */ 658 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 659 struct wpi_rx_data *data = &ring->data[i]; 660 661 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1, 662 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map); 663 if (error != 0) { 664 printf("%s: could not create RX buf DMA map\n", 665 sc->sc_dev.dv_xname); 666 goto fail; 667 } 668 669 data->m = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 670 if (data->m == NULL) { 671 printf("%s: could not allocate RX mbuf\n", 672 sc->sc_dev.dv_xname); 673 error = ENOBUFS; 674 goto fail; 675 } 676 677 error = bus_dmamap_load(sc->sc_dmat, data->map, 678 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 679 BUS_DMA_NOWAIT | BUS_DMA_READ); 680 if (error != 0) { 681 printf("%s: can't map mbuf (error %d)\n", 682 sc->sc_dev.dv_xname, error); 683 goto fail; 684 } 685 686 /* Set physical address of RX buffer. */ 687 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr); 688 } 689 690 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 691 BUS_DMASYNC_PREWRITE); 692 693 return 0; 694 695 fail: wpi_free_rx_ring(sc, ring); 696 return error; 697 } 698 699 void 700 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 701 { 702 int ntries; 703 704 if (wpi_nic_lock(sc) == 0) { 705 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 706 for (ntries = 0; ntries < 100; ntries++) { 707 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 708 WPI_FH_RX_STATUS_IDLE) 709 break; 710 DELAY(10); 711 } 712 wpi_nic_unlock(sc); 713 } 714 ring->cur = 0; 715 } 716 717 void 718 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 719 { 720 int i; 721 722 wpi_dma_contig_free(&ring->desc_dma); 723 724 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 725 struct wpi_rx_data *data = &ring->data[i]; 726 727 if (data->m != NULL) { 728 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 729 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 730 bus_dmamap_unload(sc->sc_dmat, data->map); 731 m_freem(data->m); 732 } 733 if (data->map != NULL) 734 bus_dmamap_destroy(sc->sc_dmat, data->map); 735 } 736 } 737 738 int 739 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 740 { 741 bus_addr_t paddr; 742 bus_size_t size; 743 int i, error; 744 745 ring->qid = qid; 746 ring->queued = 0; 747 ring->cur = 0; 748 749 /* Allocate TX descriptors (16KB aligned.) */ 750 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 751 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 752 (void **)&ring->desc, size, 16 * 1024); 753 if (error != 0) { 754 printf("%s: could not allocate TX ring DMA memory\n", 755 sc->sc_dev.dv_xname); 756 goto fail; 757 } 758 759 /* Update shared area with ring physical address. */ 760 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 761 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 762 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 763 764 /* 765 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 766 * to allocate commands space for other rings. 767 * XXX Do we really need to allocate descriptors for other rings? 768 */ 769 if (qid > 4) 770 return 0; 771 772 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 773 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 774 (void **)&ring->cmd, size, 4); 775 if (error != 0) { 776 printf("%s: could not allocate TX cmd DMA memory\n", 777 sc->sc_dev.dv_xname); 778 goto fail; 779 } 780 781 paddr = ring->cmd_dma.paddr; 782 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 783 struct wpi_tx_data *data = &ring->data[i]; 784 785 data->cmd_paddr = paddr; 786 paddr += sizeof (struct wpi_tx_cmd); 787 788 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 789 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 790 &data->map); 791 if (error != 0) { 792 printf("%s: could not create TX buf DMA map\n", 793 sc->sc_dev.dv_xname); 794 goto fail; 795 } 796 } 797 return 0; 798 799 fail: wpi_free_tx_ring(sc, ring); 800 return error; 801 } 802 803 void 804 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 805 { 806 int i; 807 808 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 809 struct wpi_tx_data *data = &ring->data[i]; 810 811 if (data->m != NULL) { 812 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 813 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 814 bus_dmamap_unload(sc->sc_dmat, data->map); 815 m_freem(data->m); 816 data->m = NULL; 817 } 818 } 819 /* Clear TX descriptors. */ 820 memset(ring->desc, 0, ring->desc_dma.size); 821 sc->qfullmsk &= ~(1 << ring->qid); 822 ring->queued = 0; 823 ring->cur = 0; 824 } 825 826 void 827 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 828 { 829 int i; 830 831 wpi_dma_contig_free(&ring->desc_dma); 832 wpi_dma_contig_free(&ring->cmd_dma); 833 834 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 835 struct wpi_tx_data *data = &ring->data[i]; 836 837 if (data->m != NULL) { 838 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 839 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 840 bus_dmamap_unload(sc->sc_dmat, data->map); 841 m_freem(data->m); 842 } 843 if (data->map != NULL) 844 bus_dmamap_destroy(sc->sc_dmat, data->map); 845 } 846 } 847 848 int 849 wpi_read_eeprom(struct wpi_softc *sc) 850 { 851 struct ieee80211com *ic = &sc->sc_ic; 852 char domain[4]; 853 int i; 854 855 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 856 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 857 return EIO; 858 } 859 /* Clear HW ownership of EEPROM. */ 860 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 861 862 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 863 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 864 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 865 866 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 867 sc->type)); 868 869 /* Read and print regulatory domain (4 ASCII characters.) */ 870 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 871 printf(", %.4s", domain); 872 873 /* Read and print MAC address. */ 874 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 875 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 876 877 /* Read the list of authorized channels. */ 878 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 879 wpi_read_eeprom_channels(sc, i); 880 881 /* Read the list of TX power groups. */ 882 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 883 wpi_read_eeprom_group(sc, i); 884 885 return 0; 886 } 887 888 void 889 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 890 { 891 struct ieee80211com *ic = &sc->sc_ic; 892 const struct wpi_chan_band *band = &wpi_bands[n]; 893 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 894 int chan, i; 895 896 wpi_read_prom_data(sc, band->addr, channels, 897 band->nchan * sizeof (struct wpi_eeprom_chan)); 898 899 for (i = 0; i < band->nchan; i++) { 900 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 901 continue; 902 903 chan = band->chan[i]; 904 905 if (n == 0) { /* 2GHz band */ 906 ic->ic_channels[chan].ic_freq = 907 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 908 ic->ic_channels[chan].ic_flags = 909 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 910 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 911 912 } else { /* 5GHz band */ 913 /* 914 * Some adapters support channels 7, 8, 11 and 12 915 * both in the 2GHz and 4.9GHz bands. 916 * Because of limitations in our net80211 layer, 917 * we don't support them in the 4.9GHz band. 918 */ 919 if (chan <= 14) 920 continue; 921 922 ic->ic_channels[chan].ic_freq = 923 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 924 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 925 } 926 927 /* Is active scan allowed on this channel? */ 928 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 929 ic->ic_channels[chan].ic_flags |= 930 IEEE80211_CHAN_PASSIVE; 931 } 932 933 /* Save maximum allowed TX power for this channel. */ 934 sc->maxpwr[chan] = channels[i].maxpwr; 935 936 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 937 chan, channels[i].flags, sc->maxpwr[chan])); 938 } 939 } 940 941 void 942 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 943 { 944 struct wpi_power_group *group = &sc->groups[n]; 945 struct wpi_eeprom_group rgroup; 946 int i; 947 948 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 949 sizeof rgroup); 950 951 /* Save TX power group information. */ 952 group->chan = rgroup.chan; 953 group->maxpwr = rgroup.maxpwr; 954 /* Retrieve temperature at which the samples were taken. */ 955 group->temp = (int16_t)letoh16(rgroup.temp); 956 957 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 958 group->chan, group->maxpwr, group->temp)); 959 960 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 961 group->samples[i].index = rgroup.samples[i].index; 962 group->samples[i].power = rgroup.samples[i].power; 963 964 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 965 group->samples[i].index, group->samples[i].power)); 966 } 967 } 968 969 struct ieee80211_node * 970 wpi_node_alloc(struct ieee80211com *ic) 971 { 972 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 973 } 974 975 void 976 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 977 { 978 struct wpi_softc *sc = ic->ic_if.if_softc; 979 struct wpi_node *wn = (void *)ni; 980 uint8_t rate; 981 int ridx, i; 982 983 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 984 /* Start at lowest available bit-rate, AMRR will raise. */ 985 ni->ni_txrate = 0; 986 987 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 988 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 989 /* Map 802.11 rate to HW rate index. */ 990 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 991 if (wpi_rates[ridx].rate == rate) 992 break; 993 wn->ridx[i] = ridx; 994 } 995 } 996 997 int 998 wpi_media_change(struct ifnet *ifp) 999 { 1000 struct wpi_softc *sc = ifp->if_softc; 1001 struct ieee80211com *ic = &sc->sc_ic; 1002 uint8_t rate, ridx; 1003 int error; 1004 1005 error = ieee80211_media_change(ifp); 1006 if (error != ENETRESET) 1007 return error; 1008 1009 if (ic->ic_fixed_rate != -1) { 1010 rate = ic->ic_sup_rates[ic->ic_curmode]. 1011 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1012 /* Map 802.11 rate to HW rate index. */ 1013 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1014 if (wpi_rates[ridx].rate == rate) 1015 break; 1016 sc->fixed_ridx = ridx; 1017 } 1018 1019 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1020 (IFF_UP | IFF_RUNNING)) { 1021 wpi_stop(ifp, 0); 1022 error = wpi_init(ifp); 1023 } 1024 return error; 1025 } 1026 1027 int 1028 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1029 { 1030 struct ifnet *ifp = &ic->ic_if; 1031 struct wpi_softc *sc = ifp->if_softc; 1032 int error; 1033 1034 timeout_del(&sc->calib_to); 1035 1036 switch (nstate) { 1037 case IEEE80211_S_SCAN: 1038 /* Make the link LED blink while we're scanning. */ 1039 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1040 1041 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1042 printf("%s: could not initiate scan\n", 1043 sc->sc_dev.dv_xname); 1044 return error; 1045 } 1046 ic->ic_state = nstate; 1047 return 0; 1048 1049 case IEEE80211_S_ASSOC: 1050 if (ic->ic_state != IEEE80211_S_RUN) 1051 break; 1052 /* FALLTHROUGH */ 1053 case IEEE80211_S_AUTH: 1054 /* Reset state to handle reassociations correctly. */ 1055 sc->rxon.associd = 0; 1056 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1057 1058 if ((error = wpi_auth(sc)) != 0) { 1059 printf("%s: could not move to auth state\n", 1060 sc->sc_dev.dv_xname); 1061 return error; 1062 } 1063 break; 1064 1065 case IEEE80211_S_RUN: 1066 if ((error = wpi_run(sc)) != 0) { 1067 printf("%s: could not move to run state\n", 1068 sc->sc_dev.dv_xname); 1069 return error; 1070 } 1071 break; 1072 1073 case IEEE80211_S_INIT: 1074 break; 1075 } 1076 1077 return sc->sc_newstate(ic, nstate, arg); 1078 } 1079 1080 void 1081 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1082 { 1083 struct wpi_softc *sc = arg; 1084 struct wpi_node *wn = (struct wpi_node *)ni; 1085 1086 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1087 } 1088 1089 void 1090 wpi_calib_timeout(void *arg) 1091 { 1092 struct wpi_softc *sc = arg; 1093 struct ieee80211com *ic = &sc->sc_ic; 1094 int s; 1095 1096 s = splnet(); 1097 /* Automatic rate control triggered every 500ms. */ 1098 if (ic->ic_fixed_rate == -1) { 1099 if (ic->ic_opmode == IEEE80211_M_STA) 1100 wpi_iter_func(sc, ic->ic_bss); 1101 else 1102 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1103 } 1104 1105 /* Force automatic TX power calibration every 60 secs. */ 1106 if (++sc->calib_cnt >= 120) { 1107 wpi_power_calibration(sc); 1108 sc->calib_cnt = 0; 1109 } 1110 splx(s); 1111 1112 /* Automatic rate control triggered every 500ms. */ 1113 timeout_add_msec(&sc->calib_to, 500); 1114 } 1115 1116 int 1117 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1118 { 1119 struct ieee80211_frame *wh; 1120 uint64_t pn, *prsc; 1121 uint8_t *ivp; 1122 uint8_t tid; 1123 int hdrlen; 1124 1125 wh = mtod(m, struct ieee80211_frame *); 1126 hdrlen = ieee80211_get_hdrlen(wh); 1127 ivp = (uint8_t *)wh + hdrlen; 1128 1129 /* Check that ExtIV bit is be set. */ 1130 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1131 DPRINTF(("CCMP decap ExtIV not set\n")); 1132 return 1; 1133 } 1134 tid = ieee80211_has_qos(wh) ? 1135 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1136 prsc = &k->k_rsc[tid]; 1137 1138 /* Extract the 48-bit PN from the CCMP header. */ 1139 pn = (uint64_t)ivp[0] | 1140 (uint64_t)ivp[1] << 8 | 1141 (uint64_t)ivp[4] << 16 | 1142 (uint64_t)ivp[5] << 24 | 1143 (uint64_t)ivp[6] << 32 | 1144 (uint64_t)ivp[7] << 40; 1145 if (pn <= *prsc) { 1146 /* 1147 * Not necessarily a replayed frame since we did not check 1148 * the sequence number of the 802.11 header yet. 1149 */ 1150 DPRINTF(("CCMP replayed\n")); 1151 return 1; 1152 } 1153 /* Update last seen packet number. */ 1154 *prsc = pn; 1155 1156 /* Clear Protected bit and strip IV. */ 1157 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1158 ovbcopy(wh, mtod(m, caddr_t) + IEEE80211_CCMP_HDRLEN, hdrlen); 1159 m_adj(m, IEEE80211_CCMP_HDRLEN); 1160 /* Strip MIC. */ 1161 m_adj(m, -IEEE80211_CCMP_MICLEN); 1162 return 0; 1163 } 1164 1165 void 1166 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1167 struct wpi_rx_data *data) 1168 { 1169 struct ieee80211com *ic = &sc->sc_ic; 1170 struct ifnet *ifp = &ic->ic_if; 1171 struct wpi_rx_ring *ring = &sc->rxq; 1172 struct wpi_rx_stat *stat; 1173 struct wpi_rx_head *head; 1174 struct wpi_rx_tail *tail; 1175 struct ieee80211_frame *wh; 1176 struct ieee80211_rxinfo rxi; 1177 struct ieee80211_node *ni; 1178 struct mbuf *m, *m1; 1179 uint32_t flags; 1180 int error; 1181 1182 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE, 1183 BUS_DMASYNC_POSTREAD); 1184 stat = (struct wpi_rx_stat *)(desc + 1); 1185 1186 if (stat->len > WPI_STAT_MAXLEN) { 1187 printf("%s: invalid RX statistic header\n", 1188 sc->sc_dev.dv_xname); 1189 ifp->if_ierrors++; 1190 return; 1191 } 1192 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1193 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1194 flags = letoh32(tail->flags); 1195 1196 /* Discard frames with a bad FCS early. */ 1197 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1198 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1199 ifp->if_ierrors++; 1200 return; 1201 } 1202 /* Discard frames that are too short. */ 1203 if (letoh16(head->len) < sizeof (*wh)) { 1204 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1205 ic->ic_stats.is_rx_tooshort++; 1206 ifp->if_ierrors++; 1207 return; 1208 } 1209 1210 m1 = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 1211 if (m1 == NULL) { 1212 ic->ic_stats.is_rx_nombuf++; 1213 ifp->if_ierrors++; 1214 return; 1215 } 1216 bus_dmamap_unload(sc->sc_dmat, data->map); 1217 1218 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 1219 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 1220 if (error != 0) { 1221 m_freem(m1); 1222 1223 /* Try to reload the old mbuf. */ 1224 error = bus_dmamap_load(sc->sc_dmat, data->map, 1225 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 1226 BUS_DMA_NOWAIT | BUS_DMA_READ); 1227 if (error != 0) { 1228 panic("%s: could not load old RX mbuf", 1229 sc->sc_dev.dv_xname); 1230 } 1231 /* Physical address may have changed. */ 1232 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1233 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1234 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1235 BUS_DMASYNC_PREWRITE); 1236 ifp->if_ierrors++; 1237 return; 1238 } 1239 1240 m = data->m; 1241 data->m = m1; 1242 /* Update RX descriptor. */ 1243 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1244 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1245 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1246 BUS_DMASYNC_PREWRITE); 1247 1248 /* Finalize mbuf. */ 1249 m->m_pkthdr.rcvif = ifp; 1250 m->m_data = (caddr_t)(head + 1); 1251 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1252 1253 /* Grab a reference to the source node. */ 1254 wh = mtod(m, struct ieee80211_frame *); 1255 ni = ieee80211_find_rxnode(ic, wh); 1256 1257 rxi.rxi_flags = 0; 1258 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1259 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1260 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1261 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1262 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1263 ic->ic_stats.is_ccmp_dec_errs++; 1264 ifp->if_ierrors++; 1265 m_freem(m); 1266 return; 1267 } 1268 /* Check whether decryption was successful or not. */ 1269 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1270 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1271 ic->ic_stats.is_ccmp_dec_errs++; 1272 ifp->if_ierrors++; 1273 m_freem(m); 1274 return; 1275 } 1276 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1277 ifp->if_ierrors++; 1278 m_freem(m); 1279 return; 1280 } 1281 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1282 } 1283 1284 #if NBPFILTER > 0 1285 if (sc->sc_drvbpf != NULL) { 1286 struct mbuf mb; 1287 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1288 1289 tap->wr_flags = 0; 1290 if (letoh16(head->flags) & 0x4) 1291 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1292 tap->wr_chan_freq = 1293 htole16(ic->ic_channels[head->chan].ic_freq); 1294 tap->wr_chan_flags = 1295 htole16(ic->ic_channels[head->chan].ic_flags); 1296 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1297 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1298 tap->wr_tsft = tail->tstamp; 1299 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1300 switch (head->rate) { 1301 /* CCK rates. */ 1302 case 10: tap->wr_rate = 2; break; 1303 case 20: tap->wr_rate = 4; break; 1304 case 55: tap->wr_rate = 11; break; 1305 case 110: tap->wr_rate = 22; break; 1306 /* OFDM rates. */ 1307 case 0xd: tap->wr_rate = 12; break; 1308 case 0xf: tap->wr_rate = 18; break; 1309 case 0x5: tap->wr_rate = 24; break; 1310 case 0x7: tap->wr_rate = 36; break; 1311 case 0x9: tap->wr_rate = 48; break; 1312 case 0xb: tap->wr_rate = 72; break; 1313 case 0x1: tap->wr_rate = 96; break; 1314 case 0x3: tap->wr_rate = 108; break; 1315 /* Unknown rate: should not happen. */ 1316 default: tap->wr_rate = 0; 1317 } 1318 1319 mb.m_data = (caddr_t)tap; 1320 mb.m_len = sc->sc_rxtap_len; 1321 mb.m_next = m; 1322 mb.m_nextpkt = NULL; 1323 mb.m_type = 0; 1324 mb.m_flags = 0; 1325 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1326 } 1327 #endif 1328 1329 /* Send the frame to the 802.11 layer. */ 1330 rxi.rxi_rssi = stat->rssi; 1331 rxi.rxi_tstamp = 0; /* unused */ 1332 ieee80211_input(ifp, m, ni, &rxi); 1333 1334 /* Node is no longer needed. */ 1335 ieee80211_release_node(ic, ni); 1336 } 1337 1338 void 1339 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1340 { 1341 struct ieee80211com *ic = &sc->sc_ic; 1342 struct ifnet *ifp = &ic->ic_if; 1343 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1344 struct wpi_tx_data *data = &ring->data[desc->idx]; 1345 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1346 struct wpi_node *wn = (struct wpi_node *)data->ni; 1347 1348 /* Update rate control statistics. */ 1349 wn->amn.amn_txcnt++; 1350 if (stat->retrycnt > 0) 1351 wn->amn.amn_retrycnt++; 1352 1353 if ((letoh32(stat->status) & 0xff) != 1) 1354 ifp->if_oerrors++; 1355 else 1356 ifp->if_opackets++; 1357 1358 /* Unmap and free mbuf. */ 1359 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1360 BUS_DMASYNC_POSTWRITE); 1361 bus_dmamap_unload(sc->sc_dmat, data->map); 1362 m_freem(data->m); 1363 data->m = NULL; 1364 ieee80211_release_node(ic, data->ni); 1365 data->ni = NULL; 1366 1367 sc->sc_tx_timer = 0; 1368 if (--ring->queued < WPI_TX_RING_LOMARK) { 1369 sc->qfullmsk &= ~(1 << ring->qid); 1370 if (sc->qfullmsk == 0 && (ifp->if_flags & IFF_OACTIVE)) { 1371 ifp->if_flags &= ~IFF_OACTIVE; 1372 (*ifp->if_start)(ifp); 1373 } 1374 } 1375 } 1376 1377 void 1378 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1379 { 1380 struct wpi_tx_ring *ring = &sc->txq[4]; 1381 struct wpi_tx_data *data; 1382 1383 if ((desc->qid & 7) != 4) 1384 return; /* Not a command ack. */ 1385 1386 data = &ring->data[desc->idx]; 1387 1388 /* If the command was mapped in an mbuf, free it. */ 1389 if (data->m != NULL) { 1390 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1391 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1392 bus_dmamap_unload(sc->sc_dmat, data->map); 1393 m_freem(data->m); 1394 data->m = NULL; 1395 } 1396 wakeup(&ring->cmd[desc->idx]); 1397 } 1398 1399 void 1400 wpi_notif_intr(struct wpi_softc *sc) 1401 { 1402 struct ieee80211com *ic = &sc->sc_ic; 1403 struct ifnet *ifp = &ic->ic_if; 1404 uint32_t hw; 1405 1406 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1407 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1408 1409 hw = letoh32(sc->shared->next); 1410 while (sc->rxq.cur != hw) { 1411 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1412 struct wpi_rx_desc *desc; 1413 1414 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 1415 BUS_DMASYNC_POSTREAD); 1416 desc = mtod(data->m, struct wpi_rx_desc *); 1417 1418 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1419 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1420 letoh32(desc->len))); 1421 1422 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1423 wpi_cmd_done(sc, desc); 1424 1425 switch (desc->type) { 1426 case WPI_RX_DONE: 1427 /* An 802.11 frame has been received. */ 1428 wpi_rx_done(sc, desc, data); 1429 break; 1430 1431 case WPI_TX_DONE: 1432 /* An 802.11 frame has been transmitted. */ 1433 wpi_tx_done(sc, desc); 1434 break; 1435 1436 case WPI_UC_READY: 1437 { 1438 struct wpi_ucode_info *uc = 1439 (struct wpi_ucode_info *)(desc + 1); 1440 1441 /* The microcontroller is ready. */ 1442 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1443 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1444 DPRINTF(("microcode alive notification version %x " 1445 "alive %x\n", letoh32(uc->version), 1446 letoh32(uc->valid))); 1447 1448 if (letoh32(uc->valid) != 1) { 1449 printf("%s: microcontroller initialization " 1450 "failed\n", sc->sc_dev.dv_xname); 1451 } 1452 if (uc->subtype != WPI_UCODE_INIT) { 1453 /* Save the address of the error log. */ 1454 sc->errptr = letoh32(uc->errptr); 1455 } 1456 break; 1457 } 1458 case WPI_STATE_CHANGED: 1459 { 1460 uint32_t *status = (uint32_t *)(desc + 1); 1461 1462 /* Enabled/disabled notification. */ 1463 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1464 sizeof (*status), BUS_DMASYNC_POSTREAD); 1465 DPRINTF(("state changed to %x\n", letoh32(*status))); 1466 1467 if (letoh32(*status) & 1) { 1468 /* The radio button has to be pushed. */ 1469 printf("%s: Radio transmitter is off\n", 1470 sc->sc_dev.dv_xname); 1471 /* Turn the interface down. */ 1472 ifp->if_flags &= ~IFF_UP; 1473 wpi_stop(ifp, 1); 1474 return; /* No further processing. */ 1475 } 1476 break; 1477 } 1478 case WPI_START_SCAN: 1479 { 1480 struct wpi_start_scan *scan = 1481 (struct wpi_start_scan *)(desc + 1); 1482 1483 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1484 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1485 DPRINTFN(2, ("scanning channel %d status %x\n", 1486 scan->chan, letoh32(scan->status))); 1487 1488 /* Fix current channel. */ 1489 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1490 break; 1491 } 1492 case WPI_STOP_SCAN: 1493 { 1494 struct wpi_stop_scan *scan = 1495 (struct wpi_stop_scan *)(desc + 1); 1496 1497 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1498 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1499 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1500 scan->nchan, scan->status, scan->chan)); 1501 1502 if (scan->status == 1 && scan->chan <= 14 && 1503 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1504 /* 1505 * We just finished scanning 2GHz channels, 1506 * start scanning 5GHz ones. 1507 */ 1508 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1509 break; 1510 } 1511 ieee80211_end_scan(ifp); 1512 break; 1513 } 1514 } 1515 1516 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1517 } 1518 1519 /* Tell the firmware what we have processed. */ 1520 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1521 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1522 } 1523 1524 /* 1525 * Dump the error log of the firmware when a firmware panic occurs. Although 1526 * we can't debug the firmware because it is neither open source nor free, it 1527 * can help us to identify certain classes of problems. 1528 */ 1529 void 1530 wpi_fatal_intr(struct wpi_softc *sc) 1531 { 1532 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1533 struct wpi_fwdump dump; 1534 uint32_t i, offset, count; 1535 1536 /* Check that the error log address is valid. */ 1537 if (sc->errptr < WPI_FW_DATA_BASE || 1538 sc->errptr + sizeof (dump) > 1539 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1540 printf("%s: bad firmware error log address 0x%08x\n", 1541 sc->sc_dev.dv_xname, sc->errptr); 1542 return; 1543 } 1544 1545 if (wpi_nic_lock(sc) != 0) { 1546 printf("%s: could not read firmware error log\n", 1547 sc->sc_dev.dv_xname); 1548 return; 1549 } 1550 /* Read number of entries in the log. */ 1551 count = wpi_mem_read(sc, sc->errptr); 1552 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1553 printf("%s: invalid count field (count=%u)\n", 1554 sc->sc_dev.dv_xname, count); 1555 wpi_nic_unlock(sc); 1556 return; 1557 } 1558 /* Skip "count" field. */ 1559 offset = sc->errptr + sizeof (uint32_t); 1560 printf("firmware error log (count=%u):\n", count); 1561 for (i = 0; i < count; i++) { 1562 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1563 sizeof (dump) / sizeof (uint32_t)); 1564 1565 printf(" error type = \"%s\" (0x%08X)\n", 1566 (dump.desc < N(wpi_fw_errmsg)) ? 1567 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1568 dump.desc); 1569 printf(" error data = 0x%08X\n", 1570 dump.data); 1571 printf(" branch link = 0x%08X%08X\n", 1572 dump.blink[0], dump.blink[1]); 1573 printf(" interrupt link = 0x%08X%08X\n", 1574 dump.ilink[0], dump.ilink[1]); 1575 printf(" time = %u\n", dump.time); 1576 1577 offset += sizeof (dump); 1578 } 1579 wpi_nic_unlock(sc); 1580 /* Dump driver status (TX and RX rings) while we're here. */ 1581 printf("driver status:\n"); 1582 for (i = 0; i < 6; i++) { 1583 struct wpi_tx_ring *ring = &sc->txq[i]; 1584 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1585 i, ring->qid, ring->cur, ring->queued); 1586 } 1587 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1588 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1589 #undef N 1590 } 1591 1592 int 1593 wpi_intr(void *arg) 1594 { 1595 struct wpi_softc *sc = arg; 1596 struct ifnet *ifp = &sc->sc_ic.ic_if; 1597 uint32_t r1, r2; 1598 1599 /* Disable interrupts. */ 1600 WPI_WRITE(sc, WPI_MASK, 0); 1601 1602 r1 = WPI_READ(sc, WPI_INT); 1603 r2 = WPI_READ(sc, WPI_FH_INT); 1604 1605 if (r1 == 0 && r2 == 0) { 1606 if (ifp->if_flags & IFF_UP) 1607 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1608 return 0; /* Interrupt not for us. */ 1609 } 1610 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1611 return 0; /* Hardware gone! */ 1612 1613 /* Acknowledge interrupts. */ 1614 WPI_WRITE(sc, WPI_INT, r1); 1615 WPI_WRITE(sc, WPI_FH_INT, r2); 1616 1617 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1618 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1619 /* Dump firmware error log and stop. */ 1620 wpi_fatal_intr(sc); 1621 ifp->if_flags &= ~IFF_UP; 1622 wpi_stop(ifp, 1); 1623 return 1; 1624 } 1625 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1626 (r2 & WPI_FH_INT_RX)) 1627 wpi_notif_intr(sc); 1628 1629 if (r1 & WPI_INT_ALIVE) 1630 wakeup(sc); /* Firmware is alive. */ 1631 1632 /* Re-enable interrupts. */ 1633 if (ifp->if_flags & IFF_UP) 1634 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1635 1636 return 1; 1637 } 1638 1639 int 1640 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1641 { 1642 struct ieee80211com *ic = &sc->sc_ic; 1643 struct wpi_node *wn = (void *)ni; 1644 struct wpi_tx_ring *ring; 1645 struct wpi_tx_desc *desc; 1646 struct wpi_tx_data *data; 1647 struct wpi_tx_cmd *cmd; 1648 struct wpi_cmd_data *tx; 1649 const struct wpi_rate *rinfo; 1650 struct ieee80211_frame *wh; 1651 struct ieee80211_key *k = NULL; 1652 struct mbuf *m1; 1653 enum ieee80211_edca_ac ac; 1654 uint32_t flags; 1655 uint16_t qos; 1656 u_int hdrlen; 1657 uint8_t *ivp, tid, ridx, type; 1658 int i, totlen, hasqos, error; 1659 1660 wh = mtod(m, struct ieee80211_frame *); 1661 hdrlen = ieee80211_get_hdrlen(wh); 1662 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1663 1664 /* Select EDCA Access Category and TX ring for this frame. */ 1665 if ((hasqos = ieee80211_has_qos(wh))) { 1666 qos = ieee80211_get_qos(wh); 1667 tid = qos & IEEE80211_QOS_TID; 1668 ac = ieee80211_up_to_ac(ic, tid); 1669 } else { 1670 tid = 0; 1671 ac = EDCA_AC_BE; 1672 } 1673 1674 ring = &sc->txq[ac]; 1675 desc = &ring->desc[ring->cur]; 1676 data = &ring->data[ring->cur]; 1677 1678 /* Choose a TX rate index. */ 1679 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1680 type != IEEE80211_FC0_TYPE_DATA) { 1681 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1682 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1683 } else if (ic->ic_fixed_rate != -1) { 1684 ridx = sc->fixed_ridx; 1685 } else 1686 ridx = wn->ridx[ni->ni_txrate]; 1687 rinfo = &wpi_rates[ridx]; 1688 1689 #if NBPFILTER > 0 1690 if (sc->sc_drvbpf != NULL) { 1691 struct mbuf mb; 1692 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1693 1694 tap->wt_flags = 0; 1695 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1696 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1697 tap->wt_rate = rinfo->rate; 1698 tap->wt_hwqueue = ac; 1699 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1700 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1701 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1702 1703 mb.m_data = (caddr_t)tap; 1704 mb.m_len = sc->sc_txtap_len; 1705 mb.m_next = m; 1706 mb.m_nextpkt = NULL; 1707 mb.m_type = 0; 1708 mb.m_flags = 0; 1709 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1710 } 1711 #endif 1712 1713 totlen = m->m_pkthdr.len; 1714 1715 /* Encrypt the frame if need be. */ 1716 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1717 /* Retrieve key for TX. */ 1718 k = ieee80211_get_txkey(ic, wh, ni); 1719 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1720 /* Do software encryption. */ 1721 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1722 return ENOBUFS; 1723 /* 802.11 header may have moved. */ 1724 wh = mtod(m, struct ieee80211_frame *); 1725 totlen = m->m_pkthdr.len; 1726 1727 } else /* HW appends CCMP MIC. */ 1728 totlen += IEEE80211_CCMP_HDRLEN; 1729 } 1730 1731 /* Prepare TX firmware command. */ 1732 cmd = &ring->cmd[ring->cur]; 1733 cmd->code = WPI_CMD_TX_DATA; 1734 cmd->flags = 0; 1735 cmd->qid = ring->qid; 1736 cmd->idx = ring->cur; 1737 1738 tx = (struct wpi_cmd_data *)cmd->data; 1739 /* NB: No need to clear tx, all fields are reinitialized here. */ 1740 1741 flags = 0; 1742 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1743 /* Unicast frame, check if an ACK is expected. */ 1744 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1745 IEEE80211_QOS_ACK_POLICY_NOACK) 1746 flags |= WPI_TX_NEED_ACK; 1747 } 1748 1749 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1750 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1751 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1752 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1753 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1754 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1755 ridx <= WPI_RIDX_OFDM54) { 1756 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1757 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1758 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1759 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1760 } 1761 } 1762 1763 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1764 type != IEEE80211_FC0_TYPE_DATA) 1765 tx->id = WPI_ID_BROADCAST; 1766 else 1767 tx->id = wn->id; 1768 1769 if (type == IEEE80211_FC0_TYPE_MGT) { 1770 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1771 1772 #ifndef IEEE80211_STA_ONLY 1773 /* Tell HW to set timestamp in probe responses. */ 1774 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1775 flags |= WPI_TX_INSERT_TSTAMP; 1776 #endif 1777 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1778 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1779 tx->timeout = htole16(3); 1780 else 1781 tx->timeout = htole16(2); 1782 } else 1783 tx->timeout = htole16(0); 1784 1785 tx->len = htole16(totlen); 1786 tx->tid = tid; 1787 tx->rts_ntries = 7; 1788 tx->data_ntries = 15; 1789 tx->ofdm_mask = 0xff; 1790 tx->cck_mask = 0x0f; 1791 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1792 tx->plcp = rinfo->plcp; 1793 1794 /* Copy 802.11 header in TX command. */ 1795 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1796 1797 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1798 /* Trim 802.11 header and prepend CCMP IV. */ 1799 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1800 ivp = mtod(m, uint8_t *); 1801 k->k_tsc++; 1802 ivp[0] = k->k_tsc; 1803 ivp[1] = k->k_tsc >> 8; 1804 ivp[2] = 0; 1805 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1806 ivp[4] = k->k_tsc >> 16; 1807 ivp[5] = k->k_tsc >> 24; 1808 ivp[6] = k->k_tsc >> 32; 1809 ivp[7] = k->k_tsc >> 40; 1810 1811 tx->security = WPI_CIPHER_CCMP; 1812 memcpy(tx->key, k->k_key, k->k_len); 1813 } else { 1814 /* Trim 802.11 header. */ 1815 m_adj(m, hdrlen); 1816 tx->security = 0; 1817 } 1818 tx->flags = htole32(flags); 1819 1820 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1821 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1822 if (error != 0 && error != EFBIG) { 1823 printf("%s: can't map mbuf (error %d)\n", 1824 sc->sc_dev.dv_xname, error); 1825 m_freem(m); 1826 return error; 1827 } 1828 if (error != 0) { 1829 /* Too many DMA segments, linearize mbuf. */ 1830 MGETHDR(m1, M_DONTWAIT, MT_DATA); 1831 if (m1 == NULL) { 1832 m_freem(m); 1833 return ENOBUFS; 1834 } 1835 if (m->m_pkthdr.len > MHLEN) { 1836 MCLGET(m1, M_DONTWAIT); 1837 if (!(m1->m_flags & M_EXT)) { 1838 m_freem(m); 1839 m_freem(m1); 1840 return ENOBUFS; 1841 } 1842 } 1843 m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, caddr_t)); 1844 m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len; 1845 m_freem(m); 1846 m = m1; 1847 1848 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1849 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 1850 if (error != 0) { 1851 printf("%s: can't map mbuf (error %d)\n", 1852 sc->sc_dev.dv_xname, error); 1853 m_freem(m); 1854 return error; 1855 } 1856 } 1857 1858 data->m = m; 1859 data->ni = ni; 1860 1861 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1862 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1863 1864 /* Fill TX descriptor. */ 1865 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1866 (1 + data->map->dm_nsegs) << 24); 1867 /* First DMA segment is used by the TX command. */ 1868 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1869 ring->cur * sizeof (struct wpi_tx_cmd)); 1870 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1871 ((hdrlen + 3) & ~3)); 1872 /* Other DMA segments are for data payload. */ 1873 for (i = 1; i <= data->map->dm_nsegs; i++) { 1874 desc->segs[i].addr = 1875 htole32(data->map->dm_segs[i - 1].ds_addr); 1876 desc->segs[i].len = 1877 htole32(data->map->dm_segs[i - 1].ds_len); 1878 } 1879 1880 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1881 BUS_DMASYNC_PREWRITE); 1882 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1883 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1884 BUS_DMASYNC_PREWRITE); 1885 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1886 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1887 BUS_DMASYNC_PREWRITE); 1888 1889 /* Kick TX ring. */ 1890 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1891 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1892 1893 /* Mark TX ring as full if we reach a certain threshold. */ 1894 if (++ring->queued > WPI_TX_RING_HIMARK) 1895 sc->qfullmsk |= 1 << ring->qid; 1896 1897 return 0; 1898 } 1899 1900 void 1901 wpi_start(struct ifnet *ifp) 1902 { 1903 struct wpi_softc *sc = ifp->if_softc; 1904 struct ieee80211com *ic = &sc->sc_ic; 1905 struct ieee80211_node *ni; 1906 struct mbuf *m; 1907 1908 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1909 return; 1910 1911 for (;;) { 1912 if (sc->qfullmsk != 0) { 1913 ifp->if_flags |= IFF_OACTIVE; 1914 break; 1915 } 1916 /* Send pending management frames first. */ 1917 IF_DEQUEUE(&ic->ic_mgtq, m); 1918 if (m != NULL) { 1919 ni = (void *)m->m_pkthdr.rcvif; 1920 goto sendit; 1921 } 1922 if (ic->ic_state != IEEE80211_S_RUN) 1923 break; 1924 1925 /* Encapsulate and send data frames. */ 1926 IFQ_DEQUEUE(&ifp->if_snd, m); 1927 if (m == NULL) 1928 break; 1929 #if NBPFILTER > 0 1930 if (ifp->if_bpf != NULL) 1931 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1932 #endif 1933 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1934 continue; 1935 sendit: 1936 #if NBPFILTER > 0 1937 if (ic->ic_rawbpf != NULL) 1938 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1939 #endif 1940 if (wpi_tx(sc, m, ni) != 0) { 1941 ieee80211_release_node(ic, ni); 1942 ifp->if_oerrors++; 1943 continue; 1944 } 1945 1946 sc->sc_tx_timer = 5; 1947 ifp->if_timer = 1; 1948 } 1949 } 1950 1951 void 1952 wpi_watchdog(struct ifnet *ifp) 1953 { 1954 struct wpi_softc *sc = ifp->if_softc; 1955 1956 ifp->if_timer = 0; 1957 1958 if (sc->sc_tx_timer > 0) { 1959 if (--sc->sc_tx_timer == 0) { 1960 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1961 ifp->if_flags &= ~IFF_UP; 1962 wpi_stop(ifp, 1); 1963 ifp->if_oerrors++; 1964 return; 1965 } 1966 ifp->if_timer = 1; 1967 } 1968 1969 ieee80211_watchdog(ifp); 1970 } 1971 1972 int 1973 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1974 { 1975 struct wpi_softc *sc = ifp->if_softc; 1976 struct ieee80211com *ic = &sc->sc_ic; 1977 struct ifaddr *ifa; 1978 struct ifreq *ifr; 1979 int s, error = 0; 1980 1981 s = splnet(); 1982 /* 1983 * Prevent processes from entering this function while another 1984 * process is tsleep'ing in it. 1985 */ 1986 while ((sc->sc_flags & WPI_FLAG_BUSY) && error == 0) 1987 error = tsleep(&sc->sc_flags, PCATCH, "wpiioc", 0); 1988 if (error != 0) { 1989 splx(s); 1990 return error; 1991 } 1992 sc->sc_flags |= WPI_FLAG_BUSY; 1993 1994 switch (cmd) { 1995 case SIOCSIFADDR: 1996 ifa = (struct ifaddr *)data; 1997 ifp->if_flags |= IFF_UP; 1998 #ifdef INET 1999 if (ifa->ifa_addr->sa_family == AF_INET) 2000 arp_ifinit(&ic->ic_ac, ifa); 2001 #endif 2002 /* FALLTHROUGH */ 2003 case SIOCSIFFLAGS: 2004 if (ifp->if_flags & IFF_UP) { 2005 if (!(ifp->if_flags & IFF_RUNNING)) 2006 error = wpi_init(ifp); 2007 } else { 2008 if (ifp->if_flags & IFF_RUNNING) 2009 wpi_stop(ifp, 1); 2010 } 2011 break; 2012 2013 case SIOCADDMULTI: 2014 case SIOCDELMULTI: 2015 ifr = (struct ifreq *)data; 2016 error = (cmd == SIOCADDMULTI) ? 2017 ether_addmulti(ifr, &ic->ic_ac) : 2018 ether_delmulti(ifr, &ic->ic_ac); 2019 2020 if (error == ENETRESET) 2021 error = 0; 2022 break; 2023 2024 case SIOCS80211POWER: 2025 error = ieee80211_ioctl(ifp, cmd, data); 2026 if (error != ENETRESET) 2027 break; 2028 if (ic->ic_state == IEEE80211_S_RUN) { 2029 if (ic->ic_flags & IEEE80211_F_PMGTON) 2030 error = wpi_set_pslevel(sc, 0, 3, 0); 2031 else /* back to CAM */ 2032 error = wpi_set_pslevel(sc, 0, 0, 0); 2033 } else { 2034 /* Defer until transition to IEEE80211_S_RUN. */ 2035 error = 0; 2036 } 2037 break; 2038 2039 default: 2040 error = ieee80211_ioctl(ifp, cmd, data); 2041 } 2042 2043 if (error == ENETRESET) { 2044 error = 0; 2045 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2046 (IFF_UP | IFF_RUNNING)) { 2047 wpi_stop(ifp, 0); 2048 error = wpi_init(ifp); 2049 } 2050 } 2051 2052 sc->sc_flags &= ~WPI_FLAG_BUSY; 2053 wakeup(&sc->sc_flags); 2054 splx(s); 2055 return error; 2056 } 2057 2058 /* 2059 * Send a command to the firmware. 2060 */ 2061 int 2062 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2063 { 2064 struct wpi_tx_ring *ring = &sc->txq[4]; 2065 struct wpi_tx_desc *desc; 2066 struct wpi_tx_data *data; 2067 struct wpi_tx_cmd *cmd; 2068 struct mbuf *m; 2069 bus_addr_t paddr; 2070 int totlen, error; 2071 2072 desc = &ring->desc[ring->cur]; 2073 data = &ring->data[ring->cur]; 2074 totlen = 4 + size; 2075 2076 if (size > sizeof cmd->data) { 2077 /* Command is too large to fit in a descriptor. */ 2078 if (totlen > MCLBYTES) 2079 return EINVAL; 2080 MGETHDR(m, M_DONTWAIT, MT_DATA); 2081 if (m == NULL) 2082 return ENOMEM; 2083 if (totlen > MHLEN) { 2084 MCLGET(m, M_DONTWAIT); 2085 if (!(m->m_flags & M_EXT)) { 2086 m_freem(m); 2087 return ENOMEM; 2088 } 2089 } 2090 cmd = mtod(m, struct wpi_tx_cmd *); 2091 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2092 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2093 if (error != 0) { 2094 m_freem(m); 2095 return error; 2096 } 2097 data->m = m; 2098 paddr = data->map->dm_segs[0].ds_addr; 2099 } else { 2100 cmd = &ring->cmd[ring->cur]; 2101 paddr = data->cmd_paddr; 2102 } 2103 2104 cmd->code = code; 2105 cmd->flags = 0; 2106 cmd->qid = ring->qid; 2107 cmd->idx = ring->cur; 2108 memcpy(cmd->data, buf, size); 2109 2110 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2111 desc->segs[0].addr = htole32(paddr); 2112 desc->segs[0].len = htole32(totlen); 2113 2114 if (size > sizeof cmd->data) { 2115 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2116 BUS_DMASYNC_PREWRITE); 2117 } else { 2118 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2119 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2120 BUS_DMASYNC_PREWRITE); 2121 } 2122 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2123 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2124 BUS_DMASYNC_PREWRITE); 2125 2126 /* Kick command ring. */ 2127 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2128 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2129 2130 return async ? 0 : tsleep(cmd, PCATCH, "wpicmd", hz); 2131 } 2132 2133 /* 2134 * Configure HW multi-rate retries. 2135 */ 2136 int 2137 wpi_mrr_setup(struct wpi_softc *sc) 2138 { 2139 struct ieee80211com *ic = &sc->sc_ic; 2140 struct wpi_mrr_setup mrr; 2141 int i, error; 2142 2143 /* CCK rates (not used with 802.11a). */ 2144 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2145 mrr.rates[i].flags = 0; 2146 mrr.rates[i].plcp = wpi_rates[i].plcp; 2147 /* Fallback to the immediate lower CCK rate (if any.) */ 2148 mrr.rates[i].next = 2149 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2150 /* Try one time at this rate before falling back to "next". */ 2151 mrr.rates[i].ntries = 1; 2152 } 2153 /* OFDM rates (not used with 802.11b). */ 2154 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2155 mrr.rates[i].flags = 0; 2156 mrr.rates[i].plcp = wpi_rates[i].plcp; 2157 /* Fallback to the immediate lower rate (if any.) */ 2158 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2159 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2160 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2161 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2162 i - 1; 2163 /* Try one time at this rate before falling back to "next". */ 2164 mrr.rates[i].ntries = 1; 2165 } 2166 /* Setup MRR for control frames. */ 2167 mrr.which = htole32(WPI_MRR_CTL); 2168 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2169 if (error != 0) { 2170 printf("%s: could not setup MRR for control frames\n", 2171 sc->sc_dev.dv_xname); 2172 return error; 2173 } 2174 /* Setup MRR for data frames. */ 2175 mrr.which = htole32(WPI_MRR_DATA); 2176 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2177 if (error != 0) { 2178 printf("%s: could not setup MRR for data frames\n", 2179 sc->sc_dev.dv_xname); 2180 return error; 2181 } 2182 return 0; 2183 } 2184 2185 void 2186 wpi_updateedca(struct ieee80211com *ic) 2187 { 2188 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2189 struct wpi_softc *sc = ic->ic_softc; 2190 struct wpi_edca_params cmd; 2191 int aci; 2192 2193 memset(&cmd, 0, sizeof cmd); 2194 cmd.flags = htole32(WPI_EDCA_UPDATE); 2195 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2196 const struct ieee80211_edca_ac_params *ac = 2197 &ic->ic_edca_ac[aci]; 2198 cmd.ac[aci].aifsn = ac->ac_aifsn; 2199 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2200 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2201 cmd.ac[aci].txoplimit = 2202 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2203 } 2204 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2205 #undef WPI_EXP2 2206 } 2207 2208 void 2209 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2210 { 2211 struct wpi_cmd_led led; 2212 2213 led.which = which; 2214 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2215 led.off = off; 2216 led.on = on; 2217 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2218 } 2219 2220 int 2221 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2222 { 2223 struct wpi_cmd_timing cmd; 2224 uint64_t val, mod; 2225 2226 memset(&cmd, 0, sizeof cmd); 2227 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2228 cmd.bintval = htole16(ni->ni_intval); 2229 cmd.lintval = htole16(10); 2230 2231 /* Compute remaining time until next beacon. */ 2232 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2233 mod = letoh64(cmd.tstamp) % val; 2234 cmd.binitval = htole32((uint32_t)(val - mod)); 2235 2236 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2237 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2238 2239 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2240 } 2241 2242 /* 2243 * This function is called periodically (every minute) to adjust TX power 2244 * based on temperature variation. 2245 */ 2246 void 2247 wpi_power_calibration(struct wpi_softc *sc) 2248 { 2249 int temp; 2250 2251 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 2252 /* Sanity-check temperature. */ 2253 if (temp < -260 || temp > 25) { 2254 /* This can't be correct, ignore. */ 2255 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2256 return; 2257 } 2258 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2259 /* Adjust TX power if need be (delta > 6). */ 2260 if (abs(temp - sc->temp) > 6) { 2261 /* Record temperature of last calibration. */ 2262 sc->temp = temp; 2263 (void)wpi_set_txpower(sc, 1); 2264 } 2265 } 2266 2267 /* 2268 * Set TX power for current channel (each rate has its own power settings). 2269 */ 2270 int 2271 wpi_set_txpower(struct wpi_softc *sc, int async) 2272 { 2273 struct ieee80211com *ic = &sc->sc_ic; 2274 struct ieee80211_channel *ch; 2275 struct wpi_power_group *group; 2276 struct wpi_cmd_txpower cmd; 2277 u_int chan; 2278 int idx, i; 2279 2280 /* Retrieve current channel from last RXON. */ 2281 chan = sc->rxon.chan; 2282 DPRINTF(("setting TX power for channel %d\n", chan)); 2283 ch = &ic->ic_channels[chan]; 2284 2285 /* Find the TX power group to which this channel belongs. */ 2286 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2287 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2288 if (chan <= group->chan) 2289 break; 2290 } else 2291 group = &sc->groups[0]; 2292 2293 memset(&cmd, 0, sizeof cmd); 2294 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2295 cmd.chan = htole16(chan); 2296 2297 /* Set TX power for all OFDM and CCK rates. */ 2298 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2299 /* Retrieve TX power for this channel/rate. */ 2300 idx = wpi_get_power_index(sc, group, ch, i); 2301 2302 cmd.rates[i].plcp = wpi_rates[i].plcp; 2303 2304 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2305 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2306 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2307 } else { 2308 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2309 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2310 } 2311 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2312 wpi_rates[i].rate, idx)); 2313 } 2314 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2315 } 2316 2317 /* 2318 * Determine TX power index for a given channel/rate combination. 2319 * This takes into account the regulatory information from EEPROM and the 2320 * current temperature. 2321 */ 2322 int 2323 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2324 struct ieee80211_channel *c, int ridx) 2325 { 2326 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2327 #define fdivround(a, b, n) \ 2328 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2329 2330 /* Linear interpolation. */ 2331 #define interpolate(x, x1, y1, x2, y2, n) \ 2332 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2333 2334 struct ieee80211com *ic = &sc->sc_ic; 2335 struct wpi_power_sample *sample; 2336 int pwr, idx; 2337 u_int chan; 2338 2339 /* Get channel number. */ 2340 chan = ieee80211_chan2ieee(ic, c); 2341 2342 /* Default TX power is group maximum TX power minus 3dB. */ 2343 pwr = group->maxpwr / 2; 2344 2345 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2346 switch (ridx) { 2347 case WPI_RIDX_OFDM36: 2348 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2349 break; 2350 case WPI_RIDX_OFDM48: 2351 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2352 break; 2353 case WPI_RIDX_OFDM54: 2354 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2355 break; 2356 } 2357 2358 /* Never exceed the channel maximum allowed TX power. */ 2359 pwr = MIN(pwr, sc->maxpwr[chan]); 2360 2361 /* Retrieve TX power index into gain tables from samples. */ 2362 for (sample = group->samples; sample < &group->samples[3]; sample++) 2363 if (pwr > sample[1].power) 2364 break; 2365 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2366 idx = interpolate(pwr, sample[0].power, sample[0].index, 2367 sample[1].power, sample[1].index, 19); 2368 2369 /*- 2370 * Adjust power index based on current temperature: 2371 * - if cooler than factory-calibrated: decrease output power 2372 * - if warmer than factory-calibrated: increase output power 2373 */ 2374 idx -= (sc->temp - group->temp) * 11 / 100; 2375 2376 /* Decrease TX power for CCK rates (-5dB). */ 2377 if (ridx >= WPI_RIDX_CCK1) 2378 idx += 10; 2379 2380 /* Make sure idx stays in a valid range. */ 2381 if (idx < 0) 2382 idx = 0; 2383 else if (idx > WPI_MAX_PWR_INDEX) 2384 idx = WPI_MAX_PWR_INDEX; 2385 return idx; 2386 2387 #undef interpolate 2388 #undef fdivround 2389 } 2390 2391 /* 2392 * Set STA mode power saving level (between 0 and 5). 2393 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2394 */ 2395 int 2396 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2397 { 2398 struct wpi_pmgt_cmd cmd; 2399 const struct wpi_pmgt *pmgt; 2400 uint32_t max, skip_dtim; 2401 pcireg_t reg; 2402 int i; 2403 2404 /* Select which PS parameters to use. */ 2405 if (dtim <= 10) 2406 pmgt = &wpi_pmgt[0][level]; 2407 else 2408 pmgt = &wpi_pmgt[1][level]; 2409 2410 memset(&cmd, 0, sizeof cmd); 2411 if (level != 0) /* not CAM */ 2412 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2413 /* Retrieve PCIe Active State Power Management (ASPM). */ 2414 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2415 sc->sc_cap_off + PCI_PCIE_LCSR); 2416 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2417 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2418 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2419 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2420 2421 if (dtim == 0) { 2422 dtim = 1; 2423 skip_dtim = 0; 2424 } else 2425 skip_dtim = pmgt->skip_dtim; 2426 if (skip_dtim != 0) { 2427 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2428 max = pmgt->intval[4]; 2429 if (max == (uint32_t)-1) 2430 max = dtim * (skip_dtim + 1); 2431 else if (max > dtim) 2432 max = (max / dtim) * dtim; 2433 } else 2434 max = dtim; 2435 for (i = 0; i < 5; i++) 2436 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2437 2438 DPRINTF(("setting power saving level to %d\n", level)); 2439 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2440 } 2441 2442 int 2443 wpi_config(struct wpi_softc *sc) 2444 { 2445 struct ieee80211com *ic = &sc->sc_ic; 2446 struct ifnet *ifp = &ic->ic_if; 2447 struct wpi_bluetooth bluetooth; 2448 struct wpi_node_info node; 2449 int error; 2450 2451 /* Set power saving level to CAM during initialization. */ 2452 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2453 printf("%s: could not set power saving level\n", 2454 sc->sc_dev.dv_xname); 2455 return error; 2456 } 2457 2458 /* Configure bluetooth coexistence. */ 2459 memset(&bluetooth, 0, sizeof bluetooth); 2460 bluetooth.flags = WPI_BT_COEX_MODE_4WIRE; 2461 bluetooth.lead_time = WPI_BT_LEAD_TIME_DEF; 2462 bluetooth.max_kill = WPI_BT_MAX_KILL_DEF; 2463 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2464 if (error != 0) { 2465 printf("%s: could not configure bluetooth coexistence\n", 2466 sc->sc_dev.dv_xname); 2467 return error; 2468 } 2469 2470 /* Configure adapter. */ 2471 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2472 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2473 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2474 /* Set default channel. */ 2475 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2476 sc->rxon.flags = htole32(WPI_RXON_TSF); 2477 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2478 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2479 switch (ic->ic_opmode) { 2480 case IEEE80211_M_STA: 2481 sc->rxon.mode = WPI_MODE_STA; 2482 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2483 break; 2484 case IEEE80211_M_MONITOR: 2485 sc->rxon.mode = WPI_MODE_MONITOR; 2486 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2487 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2488 break; 2489 default: 2490 /* Should not get there. */ 2491 break; 2492 } 2493 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2494 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2495 DPRINTF(("setting configuration\n")); 2496 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2497 0); 2498 if (error != 0) { 2499 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2500 return error; 2501 } 2502 2503 /* Configuration has changed, set TX power accordingly. */ 2504 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2505 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2506 return error; 2507 } 2508 2509 /* Add broadcast node. */ 2510 memset(&node, 0, sizeof node); 2511 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2512 node.id = WPI_ID_BROADCAST; 2513 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2514 node.action = htole32(WPI_ACTION_SET_RATE); 2515 node.antenna = WPI_ANTENNA_BOTH; 2516 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2517 if (error != 0) { 2518 printf("%s: could not add broadcast node\n", 2519 sc->sc_dev.dv_xname); 2520 return error; 2521 } 2522 2523 if ((error = wpi_mrr_setup(sc)) != 0) { 2524 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2525 return error; 2526 } 2527 return 0; 2528 } 2529 2530 int 2531 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2532 { 2533 struct ieee80211com *ic = &sc->sc_ic; 2534 struct wpi_scan_hdr *hdr; 2535 struct wpi_cmd_data *tx; 2536 struct wpi_scan_essid *essid; 2537 struct wpi_scan_chan *chan; 2538 struct ieee80211_frame *wh; 2539 struct ieee80211_rateset *rs; 2540 struct ieee80211_channel *c; 2541 uint8_t *buf, *frm; 2542 int buflen, error; 2543 2544 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2545 if (buf == NULL) { 2546 printf("%s: could not allocate buffer for scan command\n", 2547 sc->sc_dev.dv_xname); 2548 return ENOMEM; 2549 } 2550 hdr = (struct wpi_scan_hdr *)buf; 2551 /* 2552 * Move to the next channel if no frames are received within 10ms 2553 * after sending the probe request. 2554 */ 2555 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2556 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2557 2558 tx = (struct wpi_cmd_data *)(hdr + 1); 2559 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2560 tx->id = WPI_ID_BROADCAST; 2561 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2562 2563 if (flags & IEEE80211_CHAN_5GHZ) { 2564 hdr->crc_threshold = htole16(1); 2565 /* Send probe requests at 6Mbps. */ 2566 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2567 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2568 } else { 2569 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2570 /* Send probe requests at 1Mbps. */ 2571 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2572 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2573 } 2574 2575 essid = (struct wpi_scan_essid *)(tx + 1); 2576 if (ic->ic_des_esslen != 0) { 2577 essid[0].id = IEEE80211_ELEMID_SSID; 2578 essid[0].len = ic->ic_des_esslen; 2579 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2580 } 2581 /* 2582 * Build a probe request frame. Most of the following code is a 2583 * copy & paste of what is done in net80211. 2584 */ 2585 wh = (struct ieee80211_frame *)(essid + 4); 2586 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2587 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2588 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2589 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2590 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2591 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2592 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2593 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2594 2595 frm = (uint8_t *)(wh + 1); 2596 frm = ieee80211_add_ssid(frm, NULL, 0); 2597 frm = ieee80211_add_rates(frm, rs); 2598 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2599 frm = ieee80211_add_xrates(frm, rs); 2600 2601 /* Set length of probe request. */ 2602 tx->len = htole16(frm - (uint8_t *)wh); 2603 2604 chan = (struct wpi_scan_chan *)frm; 2605 for (c = &ic->ic_channels[1]; 2606 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2607 if ((c->ic_flags & flags) != flags) 2608 continue; 2609 2610 chan->chan = ieee80211_chan2ieee(ic, c); 2611 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2612 chan->flags = 0; 2613 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2614 chan->flags |= WPI_CHAN_ACTIVE; 2615 if (ic->ic_des_esslen != 0) 2616 chan->flags |= WPI_CHAN_NPBREQS(1); 2617 chan->dsp_gain = 0x6e; 2618 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2619 chan->rf_gain = 0x3b; 2620 chan->active = htole16(24); 2621 chan->passive = htole16(110); 2622 } else { 2623 chan->rf_gain = 0x28; 2624 chan->active = htole16(36); 2625 chan->passive = htole16(120); 2626 } 2627 hdr->nchan++; 2628 chan++; 2629 } 2630 2631 buflen = (uint8_t *)chan - buf; 2632 hdr->len = htole16(buflen); 2633 2634 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2635 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2636 free(buf, M_DEVBUF); 2637 return error; 2638 } 2639 2640 int 2641 wpi_auth(struct wpi_softc *sc) 2642 { 2643 struct ieee80211com *ic = &sc->sc_ic; 2644 struct ieee80211_node *ni = ic->ic_bss; 2645 struct wpi_node_info node; 2646 int error; 2647 2648 /* Update adapter configuration. */ 2649 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2650 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2651 sc->rxon.flags = htole32(WPI_RXON_TSF); 2652 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2653 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2654 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2655 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2656 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2657 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2658 switch (ic->ic_curmode) { 2659 case IEEE80211_MODE_11A: 2660 sc->rxon.cck_mask = 0; 2661 sc->rxon.ofdm_mask = 0x15; 2662 break; 2663 case IEEE80211_MODE_11B: 2664 sc->rxon.cck_mask = 0x03; 2665 sc->rxon.ofdm_mask = 0; 2666 break; 2667 default: /* Assume 802.11b/g. */ 2668 sc->rxon.cck_mask = 0x0f; 2669 sc->rxon.ofdm_mask = 0x15; 2670 } 2671 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2672 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2673 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2674 1); 2675 if (error != 0) { 2676 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2677 return error; 2678 } 2679 2680 /* Configuration has changed, set TX power accordingly. */ 2681 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2682 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2683 return error; 2684 } 2685 /* 2686 * Reconfiguring RXON clears the firmware nodes table so we must 2687 * add the broadcast node again. 2688 */ 2689 memset(&node, 0, sizeof node); 2690 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2691 node.id = WPI_ID_BROADCAST; 2692 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2693 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2694 node.action = htole32(WPI_ACTION_SET_RATE); 2695 node.antenna = WPI_ANTENNA_BOTH; 2696 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2697 if (error != 0) { 2698 printf("%s: could not add broadcast node\n", 2699 sc->sc_dev.dv_xname); 2700 return error; 2701 } 2702 return 0; 2703 } 2704 2705 int 2706 wpi_run(struct wpi_softc *sc) 2707 { 2708 struct ieee80211com *ic = &sc->sc_ic; 2709 struct ieee80211_node *ni = ic->ic_bss; 2710 struct wpi_node_info node; 2711 int error; 2712 2713 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2714 /* Link LED blinks while monitoring. */ 2715 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2716 return 0; 2717 } 2718 if ((error = wpi_set_timing(sc, ni)) != 0) { 2719 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2720 return error; 2721 } 2722 2723 /* Update adapter configuration. */ 2724 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2725 /* Short preamble and slot time are negotiated when associating. */ 2726 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2727 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2728 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2729 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2730 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2731 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2732 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2733 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, sizeof (struct wpi_rxon), 2734 1); 2735 if (error != 0) { 2736 printf("%s: RXON command failed\n", sc->sc_dev.dv_xname); 2737 return error; 2738 } 2739 2740 /* Configuration has changed, set TX power accordingly. */ 2741 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2742 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2743 return error; 2744 } 2745 2746 /* Fake a join to init the TX rate. */ 2747 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2748 wpi_newassoc(ic, ni, 1); 2749 2750 /* Add BSS node. */ 2751 memset(&node, 0, sizeof node); 2752 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2753 node.id = WPI_ID_BSS; 2754 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2755 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2756 node.action = htole32(WPI_ACTION_SET_RATE); 2757 node.antenna = WPI_ANTENNA_BOTH; 2758 DPRINTF(("adding BSS node\n")); 2759 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2760 if (error != 0) { 2761 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2762 return error; 2763 } 2764 2765 /* Start periodic calibration timer. */ 2766 sc->calib_cnt = 0; 2767 timeout_add(&sc->calib_to, hz / 2); 2768 2769 /* Link LED always on while associated. */ 2770 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2771 2772 /* Enable power-saving mode if requested by user. */ 2773 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2774 (void)wpi_set_pslevel(sc, 0, 3, 1); 2775 2776 return 0; 2777 } 2778 2779 /* 2780 * We support CCMP hardware encryption/decryption of unicast frames only. 2781 * HW support for TKIP really sucks. We should let TKIP die anyway. 2782 */ 2783 int 2784 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2785 struct ieee80211_key *k) 2786 { 2787 struct wpi_softc *sc = ic->ic_softc; 2788 struct wpi_node *wn = (void *)ni; 2789 struct wpi_node_info node; 2790 uint16_t kflags; 2791 2792 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2793 k->k_cipher != IEEE80211_CIPHER_CCMP) 2794 return ieee80211_set_key(ic, ni, k); 2795 2796 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2797 memset(&node, 0, sizeof node); 2798 node.id = wn->id; 2799 node.control = WPI_NODE_UPDATE; 2800 node.flags = WPI_FLAG_SET_KEY; 2801 node.kflags = htole16(kflags); 2802 memcpy(node.key, k->k_key, k->k_len); 2803 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2804 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2805 } 2806 2807 void 2808 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2809 struct ieee80211_key *k) 2810 { 2811 struct wpi_softc *sc = ic->ic_softc; 2812 struct wpi_node *wn = (void *)ni; 2813 struct wpi_node_info node; 2814 2815 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2816 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2817 /* See comment about other ciphers above. */ 2818 ieee80211_delete_key(ic, ni, k); 2819 return; 2820 } 2821 if (ic->ic_state != IEEE80211_S_RUN) 2822 return; /* Nothing to do. */ 2823 memset(&node, 0, sizeof node); 2824 node.id = wn->id; 2825 node.control = WPI_NODE_UPDATE; 2826 node.flags = WPI_FLAG_SET_KEY; 2827 node.kflags = 0; 2828 DPRINTF(("delete keys for node %d\n", node.id)); 2829 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2830 } 2831 2832 int 2833 wpi_post_alive(struct wpi_softc *sc) 2834 { 2835 int ntries, error; 2836 2837 /* Check (again) that the radio is not disabled. */ 2838 if ((error = wpi_nic_lock(sc)) != 0) 2839 return error; 2840 /* NB: Runtime firmware must be up and running. */ 2841 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2842 printf("%s: radio is disabled by hardware switch\n", 2843 sc->sc_dev.dv_xname); 2844 wpi_nic_unlock(sc); 2845 return EPERM; /* :-) */ 2846 } 2847 wpi_nic_unlock(sc); 2848 2849 /* Wait for thermal sensor to calibrate. */ 2850 for (ntries = 0; ntries < 1000; ntries++) { 2851 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2852 break; 2853 DELAY(10); 2854 } 2855 if (ntries == 1000) { 2856 printf("%s: timeout waiting for thermal sensor calibration\n", 2857 sc->sc_dev.dv_xname); 2858 return ETIMEDOUT; 2859 } 2860 DPRINTF(("temperature %d\n", sc->temp)); 2861 return 0; 2862 } 2863 2864 /* 2865 * The firmware boot code is small and is intended to be copied directly into 2866 * the NIC internal memory (no DMA transfer.) 2867 */ 2868 int 2869 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2870 { 2871 int error, ntries; 2872 2873 size /= sizeof (uint32_t); 2874 2875 if ((error = wpi_nic_lock(sc)) != 0) 2876 return error; 2877 2878 /* Copy microcode image into NIC memory. */ 2879 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2880 (const uint32_t *)ucode, size); 2881 2882 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2883 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2884 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2885 2886 /* Start boot load now. */ 2887 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2888 2889 /* Wait for transfer to complete. */ 2890 for (ntries = 0; ntries < 1000; ntries++) { 2891 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2892 WPI_BSM_WR_CTRL_START)) 2893 break; 2894 DELAY(10); 2895 } 2896 if (ntries == 1000) { 2897 printf("%s: could not load boot firmware\n", 2898 sc->sc_dev.dv_xname); 2899 wpi_nic_unlock(sc); 2900 return ETIMEDOUT; 2901 } 2902 2903 /* Enable boot after power up. */ 2904 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2905 2906 wpi_nic_unlock(sc); 2907 return 0; 2908 } 2909 2910 int 2911 wpi_load_firmware(struct wpi_softc *sc) 2912 { 2913 struct wpi_fw_info *fw = &sc->fw; 2914 struct wpi_dma_info *dma = &sc->fw_dma; 2915 int error; 2916 2917 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2918 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2919 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2920 BUS_DMASYNC_PREWRITE); 2921 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2922 fw->init.text, fw->init.textsz); 2923 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2924 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2925 2926 /* Tell adapter where to find initialization sections. */ 2927 if ((error = wpi_nic_lock(sc)) != 0) 2928 return error; 2929 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2930 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2931 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2932 dma->paddr + WPI_FW_DATA_MAXSZ); 2933 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2934 wpi_nic_unlock(sc); 2935 2936 /* Load firmware boot code. */ 2937 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2938 if (error != 0) { 2939 printf("%s: could not load boot firmware\n", 2940 sc->sc_dev.dv_xname); 2941 return error; 2942 } 2943 /* Now press "execute". */ 2944 WPI_WRITE(sc, WPI_RESET, 0); 2945 2946 /* Wait at most one second for first alive notification. */ 2947 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 2948 printf("%s: timeout waiting for adapter to initialize\n", 2949 sc->sc_dev.dv_xname); 2950 return error; 2951 } 2952 2953 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2954 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2955 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2956 BUS_DMASYNC_PREWRITE); 2957 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2958 fw->main.text, fw->main.textsz); 2959 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2960 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2961 2962 /* Tell adapter where to find runtime sections. */ 2963 if ((error = wpi_nic_lock(sc)) != 0) 2964 return error; 2965 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2966 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2967 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2968 dma->paddr + WPI_FW_DATA_MAXSZ); 2969 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2970 WPI_FW_UPDATED | fw->main.textsz); 2971 wpi_nic_unlock(sc); 2972 2973 return 0; 2974 } 2975 2976 int 2977 wpi_read_firmware(struct wpi_softc *sc) 2978 { 2979 struct wpi_fw_info *fw = &sc->fw; 2980 const struct wpi_firmware_hdr *hdr; 2981 size_t size; 2982 int error; 2983 2984 /* Read firmware image from filesystem. */ 2985 if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { 2986 printf("%s: error, %d, could not read firmware %s\n", 2987 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 2988 return error; 2989 } 2990 if (size < sizeof (*hdr)) { 2991 printf("%s: truncated firmware header: %d bytes\n", 2992 sc->sc_dev.dv_xname, size); 2993 free(fw->data, M_DEVBUF); 2994 return EINVAL; 2995 } 2996 /* Extract firmware header information. */ 2997 hdr = (struct wpi_firmware_hdr *)fw->data; 2998 fw->main.textsz = letoh32(hdr->main_textsz); 2999 fw->main.datasz = letoh32(hdr->main_datasz); 3000 fw->init.textsz = letoh32(hdr->init_textsz); 3001 fw->init.datasz = letoh32(hdr->init_datasz); 3002 fw->boot.textsz = letoh32(hdr->boot_textsz); 3003 fw->boot.datasz = 0; 3004 3005 /* Sanity-check firmware header. */ 3006 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 3007 fw->main.datasz > WPI_FW_DATA_MAXSZ || 3008 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 3009 fw->init.datasz > WPI_FW_DATA_MAXSZ || 3010 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 3011 (fw->boot.textsz & 3) != 0) { 3012 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 3013 free(fw->data, M_DEVBUF); 3014 return EINVAL; 3015 } 3016 3017 /* Check that all firmware sections fit. */ 3018 if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 3019 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 3020 printf("%s: firmware file too short: %d bytes\n", 3021 sc->sc_dev.dv_xname, size); 3022 free(fw->data, M_DEVBUF); 3023 return EINVAL; 3024 } 3025 3026 /* Get pointers to firmware sections. */ 3027 fw->main.text = (const uint8_t *)(hdr + 1); 3028 fw->main.data = fw->main.text + fw->main.textsz; 3029 fw->init.text = fw->main.data + fw->main.datasz; 3030 fw->init.data = fw->init.text + fw->init.textsz; 3031 fw->boot.text = fw->init.data + fw->init.datasz; 3032 3033 return 0; 3034 } 3035 3036 int 3037 wpi_clock_wait(struct wpi_softc *sc) 3038 { 3039 int ntries; 3040 3041 /* Set "initialization complete" bit. */ 3042 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 3043 3044 /* Wait for clock stabilization. */ 3045 for (ntries = 0; ntries < 25000; ntries++) { 3046 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3047 return 0; 3048 DELAY(100); 3049 } 3050 printf("%s: timeout waiting for clock stabilization\n", 3051 sc->sc_dev.dv_xname); 3052 return ETIMEDOUT; 3053 } 3054 3055 int 3056 wpi_apm_init(struct wpi_softc *sc) 3057 { 3058 int error; 3059 3060 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3061 /* Disable L0s. */ 3062 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3063 3064 if ((error = wpi_clock_wait(sc)) != 0) 3065 return error; 3066 3067 if ((error = wpi_nic_lock(sc)) != 0) 3068 return error; 3069 /* Enable DMA. */ 3070 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3071 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3072 DELAY(20); 3073 /* Disable L1. */ 3074 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3075 wpi_nic_unlock(sc); 3076 3077 return 0; 3078 } 3079 3080 void 3081 wpi_apm_stop_master(struct wpi_softc *sc) 3082 { 3083 int ntries; 3084 3085 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3086 3087 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3088 WPI_GP_CNTRL_MAC_PS) 3089 return; /* Already asleep. */ 3090 3091 for (ntries = 0; ntries < 100; ntries++) { 3092 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3093 return; 3094 DELAY(10); 3095 } 3096 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3097 } 3098 3099 void 3100 wpi_apm_stop(struct wpi_softc *sc) 3101 { 3102 wpi_apm_stop_master(sc); 3103 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3104 } 3105 3106 void 3107 wpi_nic_config(struct wpi_softc *sc) 3108 { 3109 pcireg_t reg; 3110 uint8_t rev; 3111 3112 /* Voodoo from the reference driver. */ 3113 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3114 rev = PCI_REVISION(reg); 3115 if ((rev & 0xc0) == 0x40) 3116 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3117 else if (!(rev & 0x80)) 3118 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3119 3120 if (sc->cap == 0x80) 3121 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3122 3123 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3124 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3125 else 3126 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3127 3128 if (sc->type > 1) 3129 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3130 } 3131 3132 int 3133 wpi_hw_init(struct wpi_softc *sc) 3134 { 3135 int chnl, ntries, error; 3136 3137 /* Clear pending interrupts. */ 3138 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3139 3140 if ((error = wpi_apm_init(sc)) != 0) { 3141 printf("%s: could not power ON adapter\n", 3142 sc->sc_dev.dv_xname); 3143 return error; 3144 } 3145 3146 /* Select VMAIN power source. */ 3147 if ((error = wpi_nic_lock(sc)) != 0) 3148 return error; 3149 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3150 wpi_nic_unlock(sc); 3151 /* Spin until VMAIN gets selected. */ 3152 for (ntries = 0; ntries < 5000; ntries++) { 3153 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3154 break; 3155 DELAY(10); 3156 } 3157 if (ntries == 5000) { 3158 printf("%s: timeout selecting power source\n", 3159 sc->sc_dev.dv_xname); 3160 return ETIMEDOUT; 3161 } 3162 3163 /* Perform adapter initialization. */ 3164 (void)wpi_nic_config(sc); 3165 3166 /* Initialize RX ring. */ 3167 if ((error = wpi_nic_lock(sc)) != 0) 3168 return error; 3169 /* Set physical address of RX ring. */ 3170 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3171 /* Set physical address of RX read pointer. */ 3172 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3173 offsetof(struct wpi_shared, next)); 3174 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3175 /* Enable RX. */ 3176 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3177 WPI_FH_RX_CONFIG_DMA_ENA | 3178 WPI_FH_RX_CONFIG_RDRBD_ENA | 3179 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3180 WPI_FH_RX_CONFIG_MAXFRAG | 3181 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3182 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3183 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3184 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3185 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3186 wpi_nic_unlock(sc); 3187 3188 /* Initialize TX rings. */ 3189 if ((error = wpi_nic_lock(sc)) != 0) 3190 return error; 3191 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3192 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3193 /* Enable all 6 TX rings. */ 3194 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3195 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3196 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3197 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3198 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3199 /* Set physical address of TX rings. */ 3200 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3201 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3202 3203 /* Enable all DMA channels. */ 3204 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3205 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 3206 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 3207 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 3208 } 3209 wpi_nic_unlock(sc); 3210 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3211 3212 /* Clear "radio off" and "commands blocked" bits. */ 3213 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3214 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3215 3216 /* Clear pending interrupts. */ 3217 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3218 /* Enable interrupts. */ 3219 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3220 3221 /* _Really_ make sure "radio off" bit is cleared! */ 3222 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3223 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3224 3225 if ((error = wpi_load_firmware(sc)) != 0) { 3226 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3227 return error; 3228 } 3229 /* Wait at most one second for firmware alive notification. */ 3230 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 3231 printf("%s: timeout waiting for adapter to initialize\n", 3232 sc->sc_dev.dv_xname); 3233 return error; 3234 } 3235 /* Do post-firmware initialization. */ 3236 return wpi_post_alive(sc); 3237 } 3238 3239 void 3240 wpi_hw_stop(struct wpi_softc *sc) 3241 { 3242 int chnl, qid, ntries; 3243 uint32_t tmp; 3244 3245 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3246 3247 /* Disable interrupts. */ 3248 WPI_WRITE(sc, WPI_MASK, 0); 3249 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3250 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3251 3252 /* Make sure we no longer hold the NIC lock. */ 3253 wpi_nic_unlock(sc); 3254 3255 if (wpi_nic_lock(sc) == 0) { 3256 /* Stop TX scheduler. */ 3257 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3258 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 3259 3260 /* Stop all DMA channels. */ 3261 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3262 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 3263 for (ntries = 0; ntries < 100; ntries++) { 3264 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 3265 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) == 3266 WPI_FH_TX_STATUS_IDLE(chnl)) 3267 break; 3268 DELAY(10); 3269 } 3270 } 3271 wpi_nic_unlock(sc); 3272 } 3273 3274 /* Stop RX ring. */ 3275 wpi_reset_rx_ring(sc, &sc->rxq); 3276 3277 /* Reset all TX rings. */ 3278 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3279 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3280 3281 if (wpi_nic_lock(sc) == 0) { 3282 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3283 wpi_nic_unlock(sc); 3284 } 3285 DELAY(5); 3286 /* Power OFF adapter. */ 3287 wpi_apm_stop(sc); 3288 } 3289 3290 int 3291 wpi_init(struct ifnet *ifp) 3292 { 3293 struct wpi_softc *sc = ifp->if_softc; 3294 struct ieee80211com *ic = &sc->sc_ic; 3295 int error; 3296 3297 #ifdef notyet 3298 /* Check that the radio is not disabled by hardware switch. */ 3299 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3300 printf("%s: radio is disabled by hardware switch\n", 3301 sc->sc_dev.dv_xname); 3302 error = EPERM; /* :-) */ 3303 goto fail; 3304 } 3305 #endif 3306 /* Read firmware images from the filesystem. */ 3307 if ((error = wpi_read_firmware(sc)) != 0) { 3308 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3309 goto fail; 3310 } 3311 3312 /* Initialize hardware and upload firmware. */ 3313 error = wpi_hw_init(sc); 3314 free(sc->fw.data, M_DEVBUF); 3315 if (error != 0) { 3316 printf("%s: could not initialize hardware\n", 3317 sc->sc_dev.dv_xname); 3318 goto fail; 3319 } 3320 3321 /* Configure adapter now that it is ready. */ 3322 if ((error = wpi_config(sc)) != 0) { 3323 printf("%s: could not configure device\n", 3324 sc->sc_dev.dv_xname); 3325 goto fail; 3326 } 3327 3328 ifp->if_flags &= ~IFF_OACTIVE; 3329 ifp->if_flags |= IFF_RUNNING; 3330 3331 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3332 ieee80211_begin_scan(ifp); 3333 else 3334 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3335 3336 return 0; 3337 3338 fail: wpi_stop(ifp, 1); 3339 return error; 3340 } 3341 3342 void 3343 wpi_stop(struct ifnet *ifp, int disable) 3344 { 3345 struct wpi_softc *sc = ifp->if_softc; 3346 struct ieee80211com *ic = &sc->sc_ic; 3347 3348 ifp->if_timer = sc->sc_tx_timer = 0; 3349 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3350 3351 /* In case we were scanning, release the scan "lock". */ 3352 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 3353 3354 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3355 3356 /* Power OFF hardware. */ 3357 wpi_hw_stop(sc); 3358 } 3359