1 /* $OpenBSD: if_iwm.c,v 1.167 2017/04/04 00:40:52 claudio Exp $ */ 2 3 /* 4 * Copyright (c) 2014 genua mbh <info@genua.de> 5 * Copyright (c) 2014 Fixup Software Ltd. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 /*- 20 * Based on BSD-licensed source modules in the Linux iwlwifi driver, 21 * which were used as the reference documentation for this implementation. 22 * 23 * Driver version we are currently based off of is 24 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 25 * 26 *********************************************************************** 27 * 28 * This file is provided under a dual BSD/GPLv2 license. When using or 29 * redistributing this file, you may do so under either license. 30 * 31 * GPL LICENSE SUMMARY 32 * 33 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 34 * 35 * This program is free software; you can redistribute it and/or modify 36 * it under the terms of version 2 of the GNU General Public License as 37 * published by the Free Software Foundation. 38 * 39 * This program is distributed in the hope that it will be useful, but 40 * WITHOUT ANY WARRANTY; without even the implied warranty of 41 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 42 * General Public License for more details. 43 * 44 * You should have received a copy of the GNU General Public License 45 * along with this program; if not, write to the Free Software 46 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 47 * USA 48 * 49 * The full GNU General Public License is included in this distribution 50 * in the file called COPYING. 51 * 52 * Contact Information: 53 * Intel Linux Wireless <ilw@linux.intel.com> 54 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 55 * 56 * 57 * BSD LICENSE 58 * 59 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 60 * All rights reserved. 61 * 62 * Redistribution and use in source and binary forms, with or without 63 * modification, are permitted provided that the following conditions 64 * are met: 65 * 66 * * Redistributions of source code must retain the above copyright 67 * notice, this list of conditions and the following disclaimer. 68 * * Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * * Neither the name Intel Corporation nor the names of its 73 * contributors may be used to endorse or promote products derived 74 * from this software without specific prior written permission. 75 * 76 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 77 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 78 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 79 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 80 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 81 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 82 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 83 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 84 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 85 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 86 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 87 */ 88 89 /*- 90 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 91 * 92 * Permission to use, copy, modify, and distribute this software for any 93 * purpose with or without fee is hereby granted, provided that the above 94 * copyright notice and this permission notice appear in all copies. 95 * 96 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 97 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 98 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 99 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 100 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 101 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 102 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 103 */ 104 /* 105 * DragonFly work 106 * 107 * NOTE: Relative to roughly August 8th sources, does not include FreeBSD 108 * changes to remove per-device network interface (DragonFly has not 109 * caught up to that yet on the WLAN side). 110 * 111 * Comprehensive list of adjustments for DragonFly not #ifdef'd: 112 * malloc -> kmalloc (in particular, changing improper M_NOWAIT 113 * specifications to M_INTWAIT. We still don't 114 * understand why FreeBSD uses M_NOWAIT for 115 * critical must-not-fail kmalloc()s). 116 * free -> kfree 117 * printf -> kprintf 118 * (bug fix) memset in iwm_reset_rx_ring. 119 * (debug) added several kprintf()s on error 120 * 121 * header file paths (DFly allows localized path specifications). 122 * minor header file differences. 123 * 124 * Comprehensive list of adjustments for DragonFly #ifdef'd: 125 * (safety) added register read-back serialization in iwm_reset_rx_ring(). 126 * packet counters 127 * msleep -> lksleep 128 * mtx -> lk (mtx functions -> lockmgr functions) 129 * callout differences 130 * taskqueue differences 131 * MSI differences 132 * bus_setup_intr() differences 133 * minor PCI config register naming differences 134 */ 135 #include <sys/param.h> 136 #include <sys/bus.h> 137 #include <sys/endian.h> 138 #include <sys/firmware.h> 139 #include <sys/kernel.h> 140 #include <sys/malloc.h> 141 #include <sys/mbuf.h> 142 #include <sys/module.h> 143 #include <sys/rman.h> 144 #include <sys/sysctl.h> 145 #include <sys/linker.h> 146 147 #include <machine/endian.h> 148 149 #include <bus/pci/pcivar.h> 150 #include <bus/pci/pcireg.h> 151 152 #include <net/bpf.h> 153 154 #include <net/if.h> 155 #include <net/if_var.h> 156 #include <net/if_arp.h> 157 #include <net/if_dl.h> 158 #include <net/if_media.h> 159 #include <net/if_types.h> 160 161 #include <netinet/in.h> 162 #include <netinet/in_systm.h> 163 #include <netinet/if_ether.h> 164 #include <netinet/ip.h> 165 166 #include <netproto/802_11/ieee80211_var.h> 167 #include <netproto/802_11/ieee80211_regdomain.h> 168 #include <netproto/802_11/ieee80211_ratectl.h> 169 #include <netproto/802_11/ieee80211_radiotap.h> 170 171 #include "if_iwmreg.h" 172 #include "if_iwmvar.h" 173 #include "if_iwm_config.h" 174 #include "if_iwm_debug.h" 175 #include "if_iwm_notif_wait.h" 176 #include "if_iwm_util.h" 177 #include "if_iwm_binding.h" 178 #include "if_iwm_phy_db.h" 179 #include "if_iwm_mac_ctxt.h" 180 #include "if_iwm_phy_ctxt.h" 181 #include "if_iwm_time_event.h" 182 #include "if_iwm_power.h" 183 #include "if_iwm_scan.h" 184 #include "if_iwm_sf.h" 185 #include "if_iwm_sta.h" 186 187 #include "if_iwm_pcie_trans.h" 188 #include "if_iwm_led.h" 189 #include "if_iwm_fw.h" 190 191 #if defined(__DragonFly__) 192 #define mtodo(m, off) mtodoff((m), void *, (off)) 193 #endif 194 195 const uint8_t iwm_nvm_channels[] = { 196 /* 2.4 GHz */ 197 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 198 /* 5 GHz */ 199 36, 40, 44, 48, 52, 56, 60, 64, 200 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 201 149, 153, 157, 161, 165 202 }; 203 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS, 204 "IWM_NUM_CHANNELS is too small"); 205 206 const uint8_t iwm_nvm_channels_8000[] = { 207 /* 2.4 GHz */ 208 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 209 /* 5 GHz */ 210 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 211 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 212 149, 153, 157, 161, 165, 169, 173, 177, 181 213 }; 214 _Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000, 215 "IWM_NUM_CHANNELS_8000 is too small"); 216 217 #define IWM_NUM_2GHZ_CHANNELS 14 218 #define IWM_N_HW_ADDR_MASK 0xF 219 220 /* 221 * XXX For now, there's simply a fixed set of rate table entries 222 * that are populated. 223 */ 224 const struct iwm_rate { 225 uint8_t rate; 226 uint8_t plcp; 227 } iwm_rates[] = { 228 { 2, IWM_RATE_1M_PLCP }, 229 { 4, IWM_RATE_2M_PLCP }, 230 { 11, IWM_RATE_5M_PLCP }, 231 { 22, IWM_RATE_11M_PLCP }, 232 { 12, IWM_RATE_6M_PLCP }, 233 { 18, IWM_RATE_9M_PLCP }, 234 { 24, IWM_RATE_12M_PLCP }, 235 { 36, IWM_RATE_18M_PLCP }, 236 { 48, IWM_RATE_24M_PLCP }, 237 { 72, IWM_RATE_36M_PLCP }, 238 { 96, IWM_RATE_48M_PLCP }, 239 { 108, IWM_RATE_54M_PLCP }, 240 }; 241 #define IWM_RIDX_CCK 0 242 #define IWM_RIDX_OFDM 4 243 #define IWM_RIDX_MAX (nitems(iwm_rates)-1) 244 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 245 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 246 247 struct iwm_nvm_section { 248 uint16_t length; 249 uint8_t *data; 250 }; 251 252 #define IWM_UCODE_ALIVE_TIMEOUT hz 253 #define IWM_UCODE_CALIB_TIMEOUT (2*hz) 254 255 struct iwm_alive_data { 256 int valid; 257 uint32_t scd_base_addr; 258 }; 259 260 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t); 261 static int iwm_firmware_store_section(struct iwm_softc *, 262 enum iwm_ucode_type, 263 const uint8_t *, size_t); 264 static int iwm_set_default_calib(struct iwm_softc *, const void *); 265 static void iwm_fw_info_free(struct iwm_fw_info *); 266 static int iwm_read_firmware(struct iwm_softc *); 267 static int iwm_alloc_fwmem(struct iwm_softc *); 268 static int iwm_alloc_sched(struct iwm_softc *); 269 static int iwm_alloc_kw(struct iwm_softc *); 270 static int iwm_alloc_ict(struct iwm_softc *); 271 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 272 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 273 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 274 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, 275 int); 276 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 277 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 278 static void iwm_enable_interrupts(struct iwm_softc *); 279 static void iwm_restore_interrupts(struct iwm_softc *); 280 static void iwm_disable_interrupts(struct iwm_softc *); 281 static void iwm_ict_reset(struct iwm_softc *); 282 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *); 283 static void iwm_stop_device(struct iwm_softc *); 284 static void iwm_nic_config(struct iwm_softc *); 285 static int iwm_nic_rx_init(struct iwm_softc *); 286 static int iwm_nic_tx_init(struct iwm_softc *); 287 static int iwm_nic_init(struct iwm_softc *); 288 static int iwm_trans_pcie_fw_alive(struct iwm_softc *, uint32_t); 289 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, 290 uint16_t, uint8_t *, uint16_t *); 291 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 292 uint16_t *, uint32_t); 293 static uint32_t iwm_eeprom_channel_flags(uint16_t); 294 static void iwm_add_channel_band(struct iwm_softc *, 295 struct ieee80211_channel[], int, int *, int, size_t, 296 const uint8_t[]); 297 static void iwm_init_channel_map(struct ieee80211com *, int, int *, 298 struct ieee80211_channel[]); 299 static struct iwm_nvm_data * 300 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 301 const uint16_t *, const uint16_t *, 302 const uint16_t *, const uint16_t *, 303 const uint16_t *); 304 static void iwm_free_nvm_data(struct iwm_nvm_data *); 305 static void iwm_set_hw_address_family_8000(struct iwm_softc *, 306 struct iwm_nvm_data *, 307 const uint16_t *, 308 const uint16_t *); 309 static int iwm_get_sku(const struct iwm_softc *, const uint16_t *, 310 const uint16_t *); 311 static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *); 312 static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *, 313 const uint16_t *); 314 static int iwm_get_n_hw_addrs(const struct iwm_softc *, 315 const uint16_t *); 316 static void iwm_set_radio_cfg(const struct iwm_softc *, 317 struct iwm_nvm_data *, uint32_t); 318 static struct iwm_nvm_data * 319 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *); 320 static int iwm_nvm_init(struct iwm_softc *); 321 static int iwm_pcie_load_section(struct iwm_softc *, uint8_t, 322 const struct iwm_fw_desc *); 323 static int iwm_pcie_load_firmware_chunk(struct iwm_softc *, uint32_t, 324 bus_addr_t, uint32_t); 325 static int iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc, 326 const struct iwm_fw_img *, 327 int, int *); 328 static int iwm_pcie_load_cpu_sections(struct iwm_softc *, 329 const struct iwm_fw_img *, 330 int, int *); 331 static int iwm_pcie_load_given_ucode_8000(struct iwm_softc *, 332 const struct iwm_fw_img *); 333 static int iwm_pcie_load_given_ucode(struct iwm_softc *, 334 const struct iwm_fw_img *); 335 static int iwm_start_fw(struct iwm_softc *, const struct iwm_fw_img *); 336 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 337 static int iwm_send_phy_cfg_cmd(struct iwm_softc *); 338 static int iwm_load_ucode_wait_alive(struct iwm_softc *, 339 enum iwm_ucode_type); 340 static int iwm_run_init_ucode(struct iwm_softc *, int); 341 static int iwm_config_ltr(struct iwm_softc *sc); 342 static int iwm_rx_addbuf(struct iwm_softc *, int, int); 343 static void iwm_rx_rx_phy_cmd(struct iwm_softc *, 344 struct iwm_rx_packet *); 345 static int iwm_get_noise(struct iwm_softc *, 346 const struct iwm_statistics_rx_non_phy *); 347 static void iwm_handle_rx_statistics(struct iwm_softc *, 348 struct iwm_rx_packet *); 349 static bool iwm_rx_mpdu(struct iwm_softc *, struct mbuf *, 350 uint32_t, bool); 351 static int iwm_rx_tx_cmd_single(struct iwm_softc *, 352 struct iwm_rx_packet *, 353 struct iwm_node *); 354 static void iwm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *); 355 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *); 356 #if 0 357 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, 358 uint16_t); 359 #endif 360 static const struct iwm_rate * 361 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 362 struct mbuf *, struct iwm_tx_cmd *); 363 static int iwm_tx(struct iwm_softc *, struct mbuf *, 364 struct ieee80211_node *, int); 365 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *, 366 const struct ieee80211_bpf_params *); 367 static int iwm_update_quotas(struct iwm_softc *, struct iwm_vap *); 368 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *); 369 static struct ieee80211_node * 370 iwm_node_alloc(struct ieee80211vap *, 371 const uint8_t[IEEE80211_ADDR_LEN]); 372 static uint8_t iwm_rate_from_ucode_rate(uint32_t); 373 static int iwm_rate2ridx(struct iwm_softc *, uint8_t); 374 static void iwm_setrates(struct iwm_softc *, struct iwm_node *, int); 375 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int); 376 static void iwm_endscan_cb(void *, int); 377 static int iwm_send_bt_init_conf(struct iwm_softc *); 378 static boolean_t iwm_is_lar_supported(struct iwm_softc *); 379 static boolean_t iwm_is_wifi_mcc_supported(struct iwm_softc *); 380 static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *); 381 static void iwm_tt_tx_backoff(struct iwm_softc *, uint32_t); 382 static int iwm_init_hw(struct iwm_softc *); 383 static void iwm_init(struct iwm_softc *); 384 static void iwm_start(struct iwm_softc *); 385 static void iwm_stop(struct iwm_softc *); 386 static void iwm_watchdog(void *); 387 static void iwm_parent(struct ieee80211com *); 388 #ifdef IWM_DEBUG 389 static const char * 390 iwm_desc_lookup(uint32_t); 391 static void iwm_nic_error(struct iwm_softc *); 392 static void iwm_nic_umac_error(struct iwm_softc *); 393 #endif 394 static void iwm_handle_rxb(struct iwm_softc *, struct mbuf *); 395 static void iwm_notif_intr(struct iwm_softc *); 396 static void iwm_intr(void *); 397 static int iwm_attach(device_t); 398 static int iwm_is_valid_ether_addr(uint8_t *); 399 static void iwm_preinit(void *); 400 static int iwm_detach_local(struct iwm_softc *sc, int); 401 static void iwm_init_task(void *); 402 static void iwm_radiotap_attach(struct iwm_softc *); 403 static struct ieee80211vap * 404 iwm_vap_create(struct ieee80211com *, 405 const char [IFNAMSIZ], int, 406 enum ieee80211_opmode, int, 407 const uint8_t [IEEE80211_ADDR_LEN], 408 const uint8_t [IEEE80211_ADDR_LEN]); 409 static void iwm_vap_delete(struct ieee80211vap *); 410 static void iwm_xmit_queue_drain(struct iwm_softc *); 411 static void iwm_scan_start(struct ieee80211com *); 412 static void iwm_scan_end(struct ieee80211com *); 413 static void iwm_update_mcast(struct ieee80211com *); 414 static void iwm_set_channel(struct ieee80211com *); 415 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long); 416 static void iwm_scan_mindwell(struct ieee80211_scan_state *); 417 static int iwm_detach(device_t); 418 419 #if defined(__DragonFly__) 420 static int iwm_msi_enable = 1; 421 422 TUNABLE_INT("hw.iwm.msi.enable", &iwm_msi_enable); 423 #endif 424 425 static int iwm_lar_disable = 0; 426 TUNABLE_INT("hw.iwm.lar.disable", &iwm_lar_disable); 427 428 /* 429 * Firmware parser. 430 */ 431 432 static int 433 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen) 434 { 435 const struct iwm_fw_cscheme_list *l = (const void *)data; 436 437 if (dlen < sizeof(*l) || 438 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 439 return EINVAL; 440 441 /* we don't actually store anything for now, always use s/w crypto */ 442 443 return 0; 444 } 445 446 static int 447 iwm_firmware_store_section(struct iwm_softc *sc, 448 enum iwm_ucode_type type, const uint8_t *data, size_t dlen) 449 { 450 struct iwm_fw_img *fws; 451 struct iwm_fw_desc *fwone; 452 453 if (type >= IWM_UCODE_TYPE_MAX) 454 return EINVAL; 455 if (dlen < sizeof(uint32_t)) 456 return EINVAL; 457 458 fws = &sc->sc_fw.img[type]; 459 if (fws->fw_count >= IWM_UCODE_SECTION_MAX) 460 return EINVAL; 461 462 fwone = &fws->sec[fws->fw_count]; 463 464 /* first 32bit are device load offset */ 465 memcpy(&fwone->offset, data, sizeof(uint32_t)); 466 467 /* rest is data */ 468 fwone->data = data + sizeof(uint32_t); 469 fwone->len = dlen - sizeof(uint32_t); 470 471 fws->fw_count++; 472 473 return 0; 474 } 475 476 #define IWM_DEFAULT_SCAN_CHANNELS 40 477 478 /* iwlwifi: iwl-drv.c */ 479 struct iwm_tlv_calib_data { 480 uint32_t ucode_type; 481 struct iwm_tlv_calib_ctrl calib; 482 } __packed; 483 484 static int 485 iwm_set_default_calib(struct iwm_softc *sc, const void *data) 486 { 487 const struct iwm_tlv_calib_data *def_calib = data; 488 uint32_t ucode_type = le32toh(def_calib->ucode_type); 489 490 if (ucode_type >= IWM_UCODE_TYPE_MAX) { 491 device_printf(sc->sc_dev, 492 "Wrong ucode_type %u for default " 493 "calibration.\n", ucode_type); 494 return EINVAL; 495 } 496 497 sc->sc_default_calib[ucode_type].flow_trigger = 498 def_calib->calib.flow_trigger; 499 sc->sc_default_calib[ucode_type].event_trigger = 500 def_calib->calib.event_trigger; 501 502 return 0; 503 } 504 505 static int 506 iwm_set_ucode_api_flags(struct iwm_softc *sc, const uint8_t *data, 507 struct iwm_ucode_capabilities *capa) 508 { 509 const struct iwm_ucode_api *ucode_api = (const void *)data; 510 uint32_t api_index = le32toh(ucode_api->api_index); 511 uint32_t api_flags = le32toh(ucode_api->api_flags); 512 int i; 513 514 if (api_index >= howmany(IWM_NUM_UCODE_TLV_API, 32)) { 515 device_printf(sc->sc_dev, 516 "api flags index %d larger than supported by driver\n", 517 api_index); 518 /* don't return an error so we can load FW that has more bits */ 519 return 0; 520 } 521 522 for (i = 0; i < 32; i++) { 523 if (api_flags & (1U << i)) 524 setbit(capa->enabled_api, i + 32 * api_index); 525 } 526 527 return 0; 528 } 529 530 static int 531 iwm_set_ucode_capabilities(struct iwm_softc *sc, const uint8_t *data, 532 struct iwm_ucode_capabilities *capa) 533 { 534 const struct iwm_ucode_capa *ucode_capa = (const void *)data; 535 uint32_t api_index = le32toh(ucode_capa->api_index); 536 uint32_t api_flags = le32toh(ucode_capa->api_capa); 537 int i; 538 539 if (api_index >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) { 540 device_printf(sc->sc_dev, 541 "capa flags index %d larger than supported by driver\n", 542 api_index); 543 /* don't return an error so we can load FW that has more bits */ 544 return 0; 545 } 546 547 for (i = 0; i < 32; i++) { 548 if (api_flags & (1U << i)) 549 setbit(capa->enabled_capa, i + 32 * api_index); 550 } 551 552 return 0; 553 } 554 555 static void 556 iwm_fw_info_free(struct iwm_fw_info *fw) 557 { 558 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD); 559 fw->fw_fp = NULL; 560 memset(fw->img, 0, sizeof(fw->img)); 561 } 562 563 static int 564 iwm_read_firmware(struct iwm_softc *sc) 565 { 566 struct iwm_fw_info *fw = &sc->sc_fw; 567 const struct iwm_tlv_ucode_header *uhdr; 568 const struct iwm_ucode_tlv *tlv; 569 struct iwm_ucode_capabilities *capa = &sc->sc_fw.ucode_capa; 570 enum iwm_ucode_tlv_type tlv_type; 571 const struct firmware *fwp; 572 const uint8_t *data; 573 uint32_t tlv_len; 574 uint32_t usniffer_img; 575 const uint8_t *tlv_data; 576 uint32_t paging_mem_size; 577 int num_of_cpus; 578 int error = 0; 579 size_t len; 580 581 /* 582 * Load firmware into driver memory. 583 * fw_fp will be set. 584 */ 585 fwp = firmware_get(sc->cfg->fw_name); 586 if (fwp == NULL) { 587 device_printf(sc->sc_dev, 588 "could not read firmware %s (error %d)\n", 589 sc->cfg->fw_name, error); 590 goto out; 591 } 592 fw->fw_fp = fwp; 593 594 /* (Re-)Initialize default values. */ 595 capa->flags = 0; 596 capa->max_probe_length = IWM_DEFAULT_MAX_PROBE_LENGTH; 597 capa->n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS; 598 memset(capa->enabled_capa, 0, sizeof(capa->enabled_capa)); 599 memset(capa->enabled_api, 0, sizeof(capa->enabled_api)); 600 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc)); 601 602 /* 603 * Parse firmware contents 604 */ 605 606 uhdr = (const void *)fw->fw_fp->data; 607 if (*(const uint32_t *)fw->fw_fp->data != 0 608 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 609 device_printf(sc->sc_dev, "invalid firmware %s\n", 610 sc->cfg->fw_name); 611 error = EINVAL; 612 goto out; 613 } 614 615 ksnprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%u.%u (API ver %u)", 616 IWM_UCODE_MAJOR(le32toh(uhdr->ver)), 617 IWM_UCODE_MINOR(le32toh(uhdr->ver)), 618 IWM_UCODE_API(le32toh(uhdr->ver))); 619 data = uhdr->data; 620 len = fw->fw_fp->datasize - sizeof(*uhdr); 621 622 while (len >= sizeof(*tlv)) { 623 len -= sizeof(*tlv); 624 tlv = (const void *)data; 625 626 tlv_len = le32toh(tlv->length); 627 tlv_type = le32toh(tlv->type); 628 tlv_data = tlv->data; 629 630 if (len < tlv_len) { 631 device_printf(sc->sc_dev, 632 "firmware too short: %zu bytes\n", 633 len); 634 error = EINVAL; 635 goto parse_out; 636 } 637 len -= roundup2(tlv_len, 4); 638 data += sizeof(*tlv) + roundup2(tlv_len, 4); 639 640 switch ((int)tlv_type) { 641 case IWM_UCODE_TLV_PROBE_MAX_LEN: 642 if (tlv_len != sizeof(uint32_t)) { 643 device_printf(sc->sc_dev, 644 "%s: PROBE_MAX_LEN (%u) != sizeof(uint32_t)\n", 645 __func__, tlv_len); 646 error = EINVAL; 647 goto parse_out; 648 } 649 capa->max_probe_length = 650 le32_to_cpup((const uint32_t *)tlv_data); 651 /* limit it to something sensible */ 652 if (capa->max_probe_length > 653 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) { 654 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 655 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN " 656 "ridiculous\n", __func__); 657 error = EINVAL; 658 goto parse_out; 659 } 660 break; 661 case IWM_UCODE_TLV_PAN: 662 if (tlv_len) { 663 device_printf(sc->sc_dev, 664 "%s: IWM_UCODE_TLV_PAN: tlv_len (%u) > 0\n", 665 __func__, tlv_len); 666 error = EINVAL; 667 goto parse_out; 668 } 669 capa->flags |= IWM_UCODE_TLV_FLAGS_PAN; 670 break; 671 case IWM_UCODE_TLV_FLAGS: 672 if (tlv_len < sizeof(uint32_t)) { 673 device_printf(sc->sc_dev, 674 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%u) < sizeof(uint32_t)\n", 675 __func__, tlv_len); 676 error = EINVAL; 677 goto parse_out; 678 } 679 if (tlv_len % sizeof(uint32_t)) { 680 device_printf(sc->sc_dev, 681 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%u) %% sizeof(uint32_t)\n", 682 __func__, tlv_len); 683 error = EINVAL; 684 goto parse_out; 685 } 686 /* 687 * Apparently there can be many flags, but Linux driver 688 * parses only the first one, and so do we. 689 * 690 * XXX: why does this override IWM_UCODE_TLV_PAN? 691 * Intentional or a bug? Observations from 692 * current firmware file: 693 * 1) TLV_PAN is parsed first 694 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 695 * ==> this resets TLV_PAN to itself... hnnnk 696 */ 697 capa->flags = le32_to_cpup((const uint32_t *)tlv_data); 698 break; 699 case IWM_UCODE_TLV_CSCHEME: 700 if ((error = iwm_store_cscheme(sc, 701 tlv_data, tlv_len)) != 0) { 702 device_printf(sc->sc_dev, 703 "%s: iwm_store_cscheme(): returned %d\n", 704 __func__, error); 705 goto parse_out; 706 } 707 break; 708 case IWM_UCODE_TLV_NUM_OF_CPU: 709 if (tlv_len != sizeof(uint32_t)) { 710 device_printf(sc->sc_dev, 711 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%u) != sizeof(uint32_t)\n", 712 __func__, tlv_len); 713 error = EINVAL; 714 goto parse_out; 715 } 716 num_of_cpus = le32_to_cpup((const uint32_t *)tlv_data); 717 if (num_of_cpus == 2) { 718 fw->img[IWM_UCODE_REGULAR].is_dual_cpus = 719 TRUE; 720 fw->img[IWM_UCODE_INIT].is_dual_cpus = 721 TRUE; 722 fw->img[IWM_UCODE_WOWLAN].is_dual_cpus = 723 TRUE; 724 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) { 725 device_printf(sc->sc_dev, 726 "%s: Driver supports only 1 or 2 CPUs\n", 727 __func__); 728 error = EINVAL; 729 goto parse_out; 730 } 731 break; 732 case IWM_UCODE_TLV_SEC_RT: 733 if ((error = iwm_firmware_store_section(sc, 734 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) { 735 device_printf(sc->sc_dev, 736 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n", 737 __func__, error); 738 goto parse_out; 739 } 740 break; 741 case IWM_UCODE_TLV_SEC_INIT: 742 if ((error = iwm_firmware_store_section(sc, 743 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) { 744 device_printf(sc->sc_dev, 745 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n", 746 __func__, error); 747 goto parse_out; 748 } 749 break; 750 case IWM_UCODE_TLV_SEC_WOWLAN: 751 if ((error = iwm_firmware_store_section(sc, 752 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) { 753 device_printf(sc->sc_dev, 754 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n", 755 __func__, error); 756 goto parse_out; 757 } 758 break; 759 case IWM_UCODE_TLV_DEF_CALIB: 760 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 761 device_printf(sc->sc_dev, 762 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%u) < sizeof(iwm_tlv_calib_data) (%zu)\n", 763 __func__, tlv_len, 764 sizeof(struct iwm_tlv_calib_data)); 765 error = EINVAL; 766 goto parse_out; 767 } 768 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) { 769 device_printf(sc->sc_dev, 770 "%s: iwm_set_default_calib() failed: %d\n", 771 __func__, error); 772 goto parse_out; 773 } 774 break; 775 case IWM_UCODE_TLV_PHY_SKU: 776 if (tlv_len != sizeof(uint32_t)) { 777 error = EINVAL; 778 device_printf(sc->sc_dev, 779 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%u) < sizeof(uint32_t)\n", 780 __func__, tlv_len); 781 goto parse_out; 782 } 783 sc->sc_fw.phy_config = 784 le32_to_cpup((const uint32_t *)tlv_data); 785 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config & 786 IWM_FW_PHY_CFG_TX_CHAIN) >> 787 IWM_FW_PHY_CFG_TX_CHAIN_POS; 788 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config & 789 IWM_FW_PHY_CFG_RX_CHAIN) >> 790 IWM_FW_PHY_CFG_RX_CHAIN_POS; 791 break; 792 793 case IWM_UCODE_TLV_API_CHANGES_SET: { 794 if (tlv_len != sizeof(struct iwm_ucode_api)) { 795 error = EINVAL; 796 goto parse_out; 797 } 798 if (iwm_set_ucode_api_flags(sc, tlv_data, capa)) { 799 error = EINVAL; 800 goto parse_out; 801 } 802 break; 803 } 804 805 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: { 806 if (tlv_len != sizeof(struct iwm_ucode_capa)) { 807 error = EINVAL; 808 goto parse_out; 809 } 810 if (iwm_set_ucode_capabilities(sc, tlv_data, capa)) { 811 error = EINVAL; 812 goto parse_out; 813 } 814 break; 815 } 816 817 case IWM_UCODE_TLV_CMD_VERSIONS: 818 case IWM_UCODE_TLV_SDIO_ADMA_ADDR: 819 case IWM_UCODE_TLV_FW_GSCAN_CAPA: 820 /* ignore, not used by current driver */ 821 break; 822 823 case IWM_UCODE_TLV_SEC_RT_USNIFFER: 824 if ((error = iwm_firmware_store_section(sc, 825 IWM_UCODE_REGULAR_USNIFFER, tlv_data, 826 tlv_len)) != 0) 827 goto parse_out; 828 break; 829 830 case IWM_UCODE_TLV_PAGING: 831 if (tlv_len != sizeof(uint32_t)) { 832 error = EINVAL; 833 goto parse_out; 834 } 835 paging_mem_size = le32_to_cpup((const uint32_t *)tlv_data); 836 837 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 838 "%s: Paging: paging enabled (size = %u bytes)\n", 839 __func__, paging_mem_size); 840 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) { 841 device_printf(sc->sc_dev, 842 "%s: Paging: driver supports up to %u bytes for paging image\n", 843 __func__, IWM_MAX_PAGING_IMAGE_SIZE); 844 error = EINVAL; 845 goto out; 846 } 847 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) { 848 device_printf(sc->sc_dev, 849 "%s: Paging: image isn't multiple %u\n", 850 __func__, IWM_FW_PAGING_SIZE); 851 error = EINVAL; 852 goto out; 853 } 854 855 sc->sc_fw.img[IWM_UCODE_REGULAR].paging_mem_size = 856 paging_mem_size; 857 usniffer_img = IWM_UCODE_REGULAR_USNIFFER; 858 sc->sc_fw.img[usniffer_img].paging_mem_size = 859 paging_mem_size; 860 break; 861 862 case IWM_UCODE_TLV_N_SCAN_CHANNELS: 863 if (tlv_len != sizeof(uint32_t)) { 864 error = EINVAL; 865 goto parse_out; 866 } 867 capa->n_scan_channels = 868 le32_to_cpup((const uint32_t *)tlv_data); 869 break; 870 871 case IWM_UCODE_TLV_FW_VERSION: 872 if (tlv_len != sizeof(uint32_t) * 3) { 873 error = EINVAL; 874 goto parse_out; 875 } 876 ksnprintf(sc->sc_fwver, sizeof(sc->sc_fwver), 877 "%u.%u.%u", 878 le32toh(((const uint32_t *)tlv_data)[0]), 879 le32toh(((const uint32_t *)tlv_data)[1]), 880 le32toh(((const uint32_t *)tlv_data)[2])); 881 break; 882 883 case IWM_UCODE_TLV_FW_MEM_SEG: 884 break; 885 886 default: 887 device_printf(sc->sc_dev, 888 "%s: unknown firmware section %d, abort\n", 889 __func__, tlv_type); 890 error = EINVAL; 891 goto parse_out; 892 } 893 } 894 895 KASSERT(error == 0, ("unhandled error")); 896 897 parse_out: 898 if (error) { 899 device_printf(sc->sc_dev, "firmware parse error %d, " 900 "section type %d\n", error, tlv_type); 901 } 902 903 out: 904 if (error) { 905 if (fw->fw_fp != NULL) 906 iwm_fw_info_free(fw); 907 } 908 909 return error; 910 } 911 912 /* 913 * DMA resource routines 914 */ 915 916 /* fwmem is used to load firmware onto the card */ 917 static int 918 iwm_alloc_fwmem(struct iwm_softc *sc) 919 { 920 /* Must be aligned on a 16-byte boundary. */ 921 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 922 IWM_FH_MEM_TB_MAX_LENGTH, 16); 923 } 924 925 /* tx scheduler rings. not used? */ 926 static int 927 iwm_alloc_sched(struct iwm_softc *sc) 928 { 929 /* TX scheduler rings must be aligned on a 1KB boundary. */ 930 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 931 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 932 } 933 934 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */ 935 static int 936 iwm_alloc_kw(struct iwm_softc *sc) 937 { 938 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 939 } 940 941 /* interrupt cause table */ 942 static int 943 iwm_alloc_ict(struct iwm_softc *sc) 944 { 945 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 946 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 947 } 948 949 static int 950 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 951 { 952 bus_size_t size; 953 size_t descsz; 954 int count, i, error; 955 956 ring->cur = 0; 957 if (sc->cfg->mqrx_supported) { 958 count = IWM_RX_MQ_RING_COUNT; 959 descsz = sizeof(uint64_t); 960 } else { 961 count = IWM_RX_LEGACY_RING_COUNT; 962 descsz = sizeof(uint32_t); 963 } 964 965 /* Allocate RX descriptors (256-byte aligned). */ 966 size = count * descsz; 967 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->free_desc_dma, size, 968 256); 969 if (error != 0) { 970 device_printf(sc->sc_dev, 971 "could not allocate RX ring DMA memory\n"); 972 goto fail; 973 } 974 ring->desc = ring->free_desc_dma.vaddr; 975 976 /* Allocate RX status area (16-byte aligned). */ 977 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 978 sizeof(*ring->stat), 16); 979 if (error != 0) { 980 device_printf(sc->sc_dev, 981 "could not allocate RX status DMA memory\n"); 982 goto fail; 983 } 984 ring->stat = ring->stat_dma.vaddr; 985 986 if (sc->cfg->mqrx_supported) { 987 size = count * sizeof(uint32_t); 988 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->used_desc_dma, 989 size, 256); 990 if (error != 0) { 991 device_printf(sc->sc_dev, 992 "could not allocate RX ring DMA memory\n"); 993 goto fail; 994 } 995 } 996 997 /* Create RX buffer DMA tag. */ 998 #if defined(__DragonFly__) 999 error = bus_dma_tag_create(sc->sc_dmat, PAGE_SIZE, 1000 0, 1001 BUS_SPACE_MAXADDR_32BIT, 1002 BUS_SPACE_MAXADDR, 1003 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 1004 BUS_DMA_NOWAIT, &ring->data_dmat); 1005 #else 1006 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1007 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1008 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat); 1009 #endif 1010 if (error != 0) { 1011 device_printf(sc->sc_dev, 1012 "%s: could not create RX buf DMA tag, error %d\n", 1013 __func__, error); 1014 goto fail; 1015 } 1016 1017 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */ 1018 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map); 1019 if (error != 0) { 1020 device_printf(sc->sc_dev, 1021 "%s: could not create RX buf DMA map, error %d\n", 1022 __func__, error); 1023 goto fail; 1024 } 1025 1026 /* 1027 * Allocate and map RX buffers. 1028 */ 1029 for (i = 0; i < count; i++) { 1030 struct iwm_rx_data *data = &ring->data[i]; 1031 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1032 if (error != 0) { 1033 device_printf(sc->sc_dev, 1034 "%s: could not create RX buf DMA map, error %d\n", 1035 __func__, error); 1036 goto fail; 1037 } 1038 data->m = NULL; 1039 1040 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) { 1041 goto fail; 1042 } 1043 } 1044 return 0; 1045 1046 fail: iwm_free_rx_ring(sc, ring); 1047 return error; 1048 } 1049 1050 static void 1051 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1052 { 1053 /* Reset the ring state */ 1054 ring->cur = 0; 1055 1056 /* 1057 * The hw rx ring index in shared memory must also be cleared, 1058 * otherwise the discrepancy can cause reprocessing chaos. 1059 */ 1060 if (sc->rxq.stat) 1061 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1062 } 1063 1064 static void 1065 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1066 { 1067 int count, i; 1068 1069 iwm_dma_contig_free(&ring->free_desc_dma); 1070 iwm_dma_contig_free(&ring->stat_dma); 1071 iwm_dma_contig_free(&ring->used_desc_dma); 1072 1073 count = sc->cfg->mqrx_supported ? IWM_RX_MQ_RING_COUNT : 1074 IWM_RX_LEGACY_RING_COUNT; 1075 1076 for (i = 0; i < count; i++) { 1077 struct iwm_rx_data *data = &ring->data[i]; 1078 1079 if (data->m != NULL) { 1080 bus_dmamap_sync(ring->data_dmat, data->map, 1081 BUS_DMASYNC_POSTREAD); 1082 bus_dmamap_unload(ring->data_dmat, data->map); 1083 m_freem(data->m); 1084 data->m = NULL; 1085 } 1086 if (data->map != NULL) { 1087 bus_dmamap_destroy(ring->data_dmat, data->map); 1088 data->map = NULL; 1089 } 1090 } 1091 if (ring->spare_map != NULL) { 1092 bus_dmamap_destroy(ring->data_dmat, ring->spare_map); 1093 ring->spare_map = NULL; 1094 } 1095 if (ring->data_dmat != NULL) { 1096 bus_dma_tag_destroy(ring->data_dmat); 1097 ring->data_dmat = NULL; 1098 } 1099 } 1100 1101 static int 1102 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 1103 { 1104 bus_addr_t paddr; 1105 bus_size_t size; 1106 size_t maxsize; 1107 int nsegments; 1108 int i, error; 1109 1110 ring->qid = qid; 1111 ring->queued = 0; 1112 ring->cur = 0; 1113 1114 /* Allocate TX descriptors (256-byte aligned). */ 1115 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 1116 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1117 if (error != 0) { 1118 device_printf(sc->sc_dev, 1119 "could not allocate TX ring DMA memory\n"); 1120 goto fail; 1121 } 1122 ring->desc = ring->desc_dma.vaddr; 1123 1124 /* 1125 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need 1126 * to allocate commands space for other rings. 1127 */ 1128 if (qid > IWM_CMD_QUEUE) 1129 return 0; 1130 1131 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 1132 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 1133 if (error != 0) { 1134 device_printf(sc->sc_dev, 1135 "could not allocate TX cmd DMA memory\n"); 1136 goto fail; 1137 } 1138 ring->cmd = ring->cmd_dma.vaddr; 1139 1140 /* FW commands may require more mapped space than packets. */ 1141 if (qid == IWM_CMD_QUEUE) { 1142 maxsize = IWM_RBUF_SIZE; 1143 nsegments = 1; 1144 } else { 1145 maxsize = MCLBYTES; 1146 nsegments = IWM_MAX_SCATTER - 2; 1147 } 1148 1149 #if defined(__DragonFly__) 1150 error = bus_dma_tag_create(sc->sc_dmat, PAGE_SIZE, 1151 0, 1152 BUS_SPACE_MAXADDR_32BIT, 1153 BUS_SPACE_MAXADDR, 1154 maxsize, nsegments, maxsize, 1155 BUS_DMA_NOWAIT, &ring->data_dmat); 1156 #else 1157 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1158 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize, 1159 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat); 1160 #endif 1161 if (error != 0) { 1162 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n"); 1163 goto fail; 1164 } 1165 1166 paddr = ring->cmd_dma.paddr; 1167 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1168 struct iwm_tx_data *data = &ring->data[i]; 1169 1170 data->cmd_paddr = paddr; 1171 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 1172 + offsetof(struct iwm_tx_cmd, scratch); 1173 paddr += sizeof(struct iwm_device_cmd); 1174 1175 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1176 if (error != 0) { 1177 device_printf(sc->sc_dev, 1178 "could not create TX buf DMA map\n"); 1179 goto fail; 1180 } 1181 } 1182 KASSERT(paddr == ring->cmd_dma.paddr + size, 1183 ("invalid physical address")); 1184 return 0; 1185 1186 fail: iwm_free_tx_ring(sc, ring); 1187 return error; 1188 } 1189 1190 static void 1191 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1192 { 1193 int i; 1194 1195 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1196 struct iwm_tx_data *data = &ring->data[i]; 1197 1198 if (data->m != NULL) { 1199 bus_dmamap_sync(ring->data_dmat, data->map, 1200 BUS_DMASYNC_POSTWRITE); 1201 bus_dmamap_unload(ring->data_dmat, data->map); 1202 m_freem(data->m); 1203 data->m = NULL; 1204 } 1205 } 1206 /* Clear TX descriptors. */ 1207 memset(ring->desc, 0, ring->desc_dma.size); 1208 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1209 BUS_DMASYNC_PREWRITE); 1210 sc->qfullmsk &= ~(1 << ring->qid); 1211 ring->queued = 0; 1212 ring->cur = 0; 1213 1214 if (ring->qid == IWM_CMD_QUEUE && sc->cmd_hold_nic_awake) 1215 iwm_pcie_clear_cmd_in_flight(sc); 1216 } 1217 1218 static void 1219 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1220 { 1221 int i; 1222 1223 iwm_dma_contig_free(&ring->desc_dma); 1224 iwm_dma_contig_free(&ring->cmd_dma); 1225 1226 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1227 struct iwm_tx_data *data = &ring->data[i]; 1228 1229 if (data->m != NULL) { 1230 bus_dmamap_sync(ring->data_dmat, data->map, 1231 BUS_DMASYNC_POSTWRITE); 1232 bus_dmamap_unload(ring->data_dmat, data->map); 1233 m_freem(data->m); 1234 data->m = NULL; 1235 } 1236 if (data->map != NULL) { 1237 bus_dmamap_destroy(ring->data_dmat, data->map); 1238 data->map = NULL; 1239 } 1240 } 1241 if (ring->data_dmat != NULL) { 1242 bus_dma_tag_destroy(ring->data_dmat); 1243 ring->data_dmat = NULL; 1244 } 1245 } 1246 1247 /* 1248 * High-level hardware frobbing routines 1249 */ 1250 1251 static void 1252 iwm_enable_interrupts(struct iwm_softc *sc) 1253 { 1254 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1255 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1256 } 1257 1258 static void 1259 iwm_restore_interrupts(struct iwm_softc *sc) 1260 { 1261 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1262 } 1263 1264 static void 1265 iwm_disable_interrupts(struct iwm_softc *sc) 1266 { 1267 /* disable interrupts */ 1268 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1269 1270 /* acknowledge all interrupts */ 1271 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1272 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1273 } 1274 1275 static void 1276 iwm_ict_reset(struct iwm_softc *sc) 1277 { 1278 iwm_disable_interrupts(sc); 1279 1280 /* Reset ICT table. */ 1281 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1282 sc->ict_cur = 0; 1283 1284 /* Set physical address of ICT table (4KB aligned). */ 1285 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1286 IWM_CSR_DRAM_INT_TBL_ENABLE 1287 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER 1288 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1289 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1290 1291 /* Switch to ICT interrupt mode in driver. */ 1292 sc->sc_flags |= IWM_FLAG_USE_ICT; 1293 1294 /* Re-enable interrupts. */ 1295 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1296 iwm_enable_interrupts(sc); 1297 } 1298 1299 /* iwlwifi pcie/trans.c */ 1300 1301 /* 1302 * Since this .. hard-resets things, it's time to actually 1303 * mark the first vap (if any) as having no mac context. 1304 * It's annoying, but since the driver is potentially being 1305 * stop/start'ed whilst active (thanks openbsd port!) we 1306 * have to correctly track this. 1307 */ 1308 static void 1309 iwm_stop_device(struct iwm_softc *sc) 1310 { 1311 struct ieee80211com *ic = &sc->sc_ic; 1312 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1313 int chnl, qid; 1314 uint32_t mask = 0; 1315 1316 /* tell the device to stop sending interrupts */ 1317 iwm_disable_interrupts(sc); 1318 1319 /* 1320 * FreeBSD-local: mark the first vap as not-uploaded, 1321 * so the next transition through auth/assoc 1322 * will correctly populate the MAC context. 1323 */ 1324 if (vap) { 1325 struct iwm_vap *iv = IWM_VAP(vap); 1326 iv->phy_ctxt = NULL; 1327 iv->is_uploaded = 0; 1328 } 1329 sc->sc_firmware_state = 0; 1330 sc->sc_flags &= ~IWM_FLAG_TE_ACTIVE; 1331 1332 /* device going down, Stop using ICT table */ 1333 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 1334 1335 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */ 1336 1337 if (iwm_nic_lock(sc)) { 1338 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1339 1340 /* Stop each Tx DMA channel */ 1341 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1342 IWM_WRITE(sc, 1343 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 1344 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl); 1345 } 1346 1347 /* Wait for DMA channels to be idle */ 1348 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask, 1349 5000)) { 1350 device_printf(sc->sc_dev, 1351 "Failing on timeout while stopping DMA channel: [0x%08x]\n", 1352 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG)); 1353 } 1354 iwm_nic_unlock(sc); 1355 } 1356 iwm_pcie_rx_stop(sc); 1357 1358 /* Stop RX ring. */ 1359 iwm_reset_rx_ring(sc, &sc->rxq); 1360 1361 /* Reset all TX rings. */ 1362 for (qid = 0; qid < nitems(sc->txq); qid++) 1363 iwm_reset_tx_ring(sc, &sc->txq[qid]); 1364 1365 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1366 /* Power-down device's busmaster DMA clocks */ 1367 if (iwm_nic_lock(sc)) { 1368 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, 1369 IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1370 iwm_nic_unlock(sc); 1371 } 1372 DELAY(5); 1373 } 1374 1375 /* Make sure (redundant) we've released our request to stay awake */ 1376 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1377 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1378 1379 /* Stop the device, and put it in low power state */ 1380 iwm_apm_stop(sc); 1381 1382 /* stop and reset the on-board processor */ 1383 IWM_SETBITS(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 1384 DELAY(5000); 1385 1386 /* 1387 * Upon stop, the APM issues an interrupt if HW RF kill is set. 1388 */ 1389 iwm_disable_interrupts(sc); 1390 1391 /* 1392 * Even if we stop the HW, we still want the RF kill 1393 * interrupt 1394 */ 1395 iwm_enable_rfkill_int(sc); 1396 iwm_check_rfkill(sc); 1397 1398 iwm_prepare_card_hw(sc); 1399 } 1400 1401 /* iwlwifi: mvm/ops.c */ 1402 static void 1403 iwm_nic_config(struct iwm_softc *sc) 1404 { 1405 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 1406 uint32_t reg_val = 0; 1407 uint32_t phy_config = iwm_get_phy_config(sc); 1408 1409 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 1410 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 1411 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 1412 IWM_FW_PHY_CFG_RADIO_STEP_POS; 1413 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 1414 IWM_FW_PHY_CFG_RADIO_DASH_POS; 1415 1416 /* SKU control */ 1417 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 1418 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 1419 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 1420 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 1421 1422 /* radio configuration */ 1423 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 1424 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 1425 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 1426 1427 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, 1428 IWM_CSR_HW_IF_CONFIG_REG_MSK_MAC_DASH | 1429 IWM_CSR_HW_IF_CONFIG_REG_MSK_MAC_STEP | 1430 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_STEP | 1431 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_DASH | 1432 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_TYPE | 1433 IWM_CSR_HW_IF_CONFIG_REG_BIT_RADIO_SI | 1434 IWM_CSR_HW_IF_CONFIG_REG_BIT_MAC_SI | 1435 reg_val); 1436 1437 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1438 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 1439 radio_cfg_step, radio_cfg_dash); 1440 1441 /* 1442 * W/A : NIC is stuck in a reset state after Early PCIe power off 1443 * (PCIe power is lost before PERST# is asserted), causing ME FW 1444 * to lose ownership and not being able to obtain it back. 1445 */ 1446 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1447 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 1448 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 1449 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 1450 } 1451 } 1452 1453 static int 1454 iwm_nic_rx_mq_init(struct iwm_softc *sc) 1455 { 1456 int enabled; 1457 1458 if (!iwm_nic_lock(sc)) 1459 return EBUSY; 1460 1461 /* Stop RX DMA. */ 1462 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG, 0); 1463 /* Disable RX used and free queue operation. */ 1464 iwm_write_prph(sc, IWM_RFH_RXF_RXQ_ACTIVE, 0); 1465 1466 iwm_write_prph64(sc, IWM_RFH_Q0_FRBDCB_BA_LSB, 1467 sc->rxq.free_desc_dma.paddr); 1468 iwm_write_prph64(sc, IWM_RFH_Q0_URBDCB_BA_LSB, 1469 sc->rxq.used_desc_dma.paddr); 1470 iwm_write_prph64(sc, IWM_RFH_Q0_URBD_STTS_WPTR_LSB, 1471 sc->rxq.stat_dma.paddr); 1472 iwm_write_prph(sc, IWM_RFH_Q0_FRBDCB_WIDX, 0); 1473 iwm_write_prph(sc, IWM_RFH_Q0_FRBDCB_RIDX, 0); 1474 iwm_write_prph(sc, IWM_RFH_Q0_URBDCB_WIDX, 0); 1475 1476 /* We configure only queue 0 for now. */ 1477 enabled = ((1 << 0) << 16) | (1 << 0); 1478 1479 /* Enable RX DMA, 4KB buffer size. */ 1480 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG, 1481 IWM_RFH_DMA_EN_ENABLE_VAL | 1482 IWM_RFH_RXF_DMA_RB_SIZE_4K | 1483 IWM_RFH_RXF_DMA_MIN_RB_4_8 | 1484 IWM_RFH_RXF_DMA_DROP_TOO_LARGE_MASK | 1485 IWM_RFH_RXF_DMA_RBDCB_SIZE_512); 1486 1487 /* Enable RX DMA snooping. */ 1488 iwm_write_prph(sc, IWM_RFH_GEN_CFG, 1489 IWM_RFH_GEN_CFG_RFH_DMA_SNOOP | 1490 IWM_RFH_GEN_CFG_SERVICE_DMA_SNOOP | 1491 (sc->cfg->integrated ? IWM_RFH_GEN_CFG_RB_CHUNK_SIZE_64 : 1492 IWM_RFH_GEN_CFG_RB_CHUNK_SIZE_128)); 1493 1494 /* Enable the configured queue(s). */ 1495 iwm_write_prph(sc, IWM_RFH_RXF_RXQ_ACTIVE, enabled); 1496 1497 iwm_nic_unlock(sc); 1498 1499 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1500 1501 IWM_WRITE(sc, IWM_RFH_Q0_FRBDCB_WIDX_TRG, 8); 1502 1503 return (0); 1504 } 1505 1506 static int 1507 iwm_nic_rx_legacy_init(struct iwm_softc *sc) 1508 { 1509 1510 /* Stop Rx DMA */ 1511 iwm_pcie_rx_stop(sc); 1512 1513 if (!iwm_nic_lock(sc)) 1514 return EBUSY; 1515 1516 /* reset and flush pointers */ 1517 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 1518 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 1519 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 1520 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 1521 1522 /* Set physical address of RX ring (256-byte aligned). */ 1523 IWM_WRITE(sc, 1524 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, 1525 sc->rxq.free_desc_dma.paddr >> 8); 1526 1527 /* Set physical address of RX status (16-byte aligned). */ 1528 IWM_WRITE(sc, 1529 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 1530 1531 #if defined(__DragonFly__) 1532 /* Force serialization (probably not needed but don't trust the HW) */ 1533 IWM_READ(sc, IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG); 1534 #endif 1535 1536 1537 /* Enable Rx DMA 1538 * XXX 5000 HW isn't supported by the iwm(4) driver. 1539 * IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY is set because of HW bug in 1540 * the credit mechanism in 5000 HW RX FIFO 1541 * Direct rx interrupts to hosts 1542 * Rx buffer size 4 or 8k or 12k 1543 * RB timeout 0x10 1544 * 256 RBDs 1545 */ 1546 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 1547 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 1548 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 1549 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 1550 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 1551 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 1552 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 1553 1554 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1555 1556 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 1557 if (sc->cfg->host_interrupt_operation_mode) 1558 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 1559 1560 iwm_nic_unlock(sc); 1561 1562 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 1563 1564 return 0; 1565 } 1566 1567 static int 1568 iwm_nic_rx_init(struct iwm_softc *sc) 1569 { 1570 if (sc->cfg->mqrx_supported) 1571 return iwm_nic_rx_mq_init(sc); 1572 else 1573 return iwm_nic_rx_legacy_init(sc); 1574 } 1575 1576 static int 1577 iwm_nic_tx_init(struct iwm_softc *sc) 1578 { 1579 int qid; 1580 1581 if (!iwm_nic_lock(sc)) 1582 return EBUSY; 1583 1584 /* Deactivate TX scheduler. */ 1585 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1586 1587 /* Set physical address of "keep warm" page (16-byte aligned). */ 1588 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 1589 1590 /* Initialize TX rings. */ 1591 for (qid = 0; qid < nitems(sc->txq); qid++) { 1592 struct iwm_tx_ring *txq = &sc->txq[qid]; 1593 1594 /* Set physical address of TX ring (256-byte aligned). */ 1595 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 1596 txq->desc_dma.paddr >> 8); 1597 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1598 "%s: loading ring %d descriptors (%p) at %lx\n", 1599 __func__, 1600 qid, txq->desc, 1601 (unsigned long) (txq->desc_dma.paddr >> 8)); 1602 } 1603 1604 iwm_set_bits_prph(sc, IWM_SCD_GP_CTRL, 1605 IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE | 1606 IWM_SCD_GP_CTRL_ENABLE_31_QUEUES); 1607 1608 iwm_nic_unlock(sc); 1609 1610 return 0; 1611 } 1612 1613 static int 1614 iwm_nic_init(struct iwm_softc *sc) 1615 { 1616 int error; 1617 1618 iwm_apm_init(sc); 1619 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 1620 iwm_set_pwr(sc); 1621 1622 iwm_nic_config(sc); 1623 1624 if ((error = iwm_nic_rx_init(sc)) != 0) 1625 return error; 1626 1627 /* 1628 * Ditto for TX, from iwn 1629 */ 1630 if ((error = iwm_nic_tx_init(sc)) != 0) 1631 return error; 1632 1633 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1634 "%s: shadow registers enabled\n", __func__); 1635 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 1636 1637 return 0; 1638 } 1639 1640 int 1641 iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo) 1642 { 1643 int qmsk; 1644 1645 qmsk = 1 << qid; 1646 1647 if (!iwm_nic_lock(sc)) { 1648 device_printf(sc->sc_dev, "%s: cannot enable txq %d\n", 1649 __func__, qid); 1650 return EBUSY; 1651 } 1652 1653 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 1654 1655 if (qid == IWM_CMD_QUEUE) { 1656 /* Disable the scheduler. */ 1657 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 0); 1658 1659 /* Stop the TX queue prior to configuration. */ 1660 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1661 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1662 (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 1663 1664 iwm_nic_unlock(sc); 1665 1666 /* Disable aggregations for this queue. */ 1667 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, qmsk); 1668 1669 if (!iwm_nic_lock(sc)) { 1670 device_printf(sc->sc_dev, 1671 "%s: cannot enable txq %d\n", __func__, qid); 1672 return EBUSY; 1673 } 1674 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 1675 iwm_nic_unlock(sc); 1676 1677 iwm_write_mem32(sc, 1678 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 1679 /* Set scheduler window size and frame limit. */ 1680 iwm_write_mem32(sc, 1681 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 1682 sizeof(uint32_t), 1683 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 1684 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 1685 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 1686 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 1687 1688 if (!iwm_nic_lock(sc)) { 1689 device_printf(sc->sc_dev, 1690 "%s: cannot enable txq %d\n", __func__, qid); 1691 return EBUSY; 1692 } 1693 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1694 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1695 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 1696 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 1697 IWM_SCD_QUEUE_STTS_REG_MSK); 1698 1699 /* Enable the scheduler for this queue. */ 1700 iwm_write_prph(sc, IWM_SCD_EN_CTRL, qmsk); 1701 } else { 1702 struct iwm_scd_txq_cfg_cmd cmd; 1703 int error; 1704 1705 iwm_nic_unlock(sc); 1706 1707 memset(&cmd, 0, sizeof(cmd)); 1708 cmd.scd_queue = qid; 1709 cmd.enable = 1; 1710 cmd.sta_id = sta_id; 1711 cmd.tx_fifo = fifo; 1712 cmd.aggregate = 0; 1713 cmd.window = IWM_FRAME_LIMIT; 1714 1715 error = iwm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC, 1716 sizeof(cmd), &cmd); 1717 if (error) { 1718 device_printf(sc->sc_dev, 1719 "cannot enable txq %d\n", qid); 1720 return error; 1721 } 1722 1723 if (!iwm_nic_lock(sc)) 1724 return EBUSY; 1725 } 1726 1727 iwm_nic_unlock(sc); 1728 1729 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n", 1730 __func__, qid, fifo); 1731 1732 return 0; 1733 } 1734 1735 static int 1736 iwm_trans_pcie_fw_alive(struct iwm_softc *sc, uint32_t scd_base_addr) 1737 { 1738 int error, chnl; 1739 1740 int clear_dwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 1741 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t); 1742 1743 if (!iwm_nic_lock(sc)) 1744 return EBUSY; 1745 1746 iwm_ict_reset(sc); 1747 1748 sc->scd_base_addr = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR); 1749 if (scd_base_addr != 0 && 1750 scd_base_addr != sc->scd_base_addr) { 1751 device_printf(sc->sc_dev, 1752 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n", 1753 __func__, sc->scd_base_addr, scd_base_addr); 1754 } 1755 1756 iwm_nic_unlock(sc); 1757 1758 /* reset context data, TX status and translation data */ 1759 error = iwm_write_mem(sc, 1760 sc->scd_base_addr + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 1761 NULL, clear_dwords); 1762 if (error) 1763 return EBUSY; 1764 1765 if (!iwm_nic_lock(sc)) 1766 return EBUSY; 1767 1768 /* Set physical address of TX scheduler rings (1KB aligned). */ 1769 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 1770 1771 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 1772 1773 iwm_nic_unlock(sc); 1774 1775 /* enable command channel */ 1776 error = iwm_enable_txq(sc, 0 /* unused */, IWM_CMD_QUEUE, 7); 1777 if (error) 1778 return error; 1779 1780 if (!iwm_nic_lock(sc)) 1781 return EBUSY; 1782 1783 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 1784 1785 /* Enable DMA channels. */ 1786 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1787 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 1788 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1789 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 1790 } 1791 1792 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 1793 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 1794 1795 iwm_nic_unlock(sc); 1796 1797 /* Enable L1-Active */ 1798 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) { 1799 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1800 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1801 } 1802 1803 return error; 1804 } 1805 1806 /* 1807 * NVM read access and content parsing. We do not support 1808 * external NVM or writing NVM. 1809 * iwlwifi/mvm/nvm.c 1810 */ 1811 1812 /* Default NVM size to read */ 1813 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 1814 1815 #define IWM_NVM_WRITE_OPCODE 1 1816 #define IWM_NVM_READ_OPCODE 0 1817 1818 /* load nvm chunk response */ 1819 enum { 1820 IWM_READ_NVM_CHUNK_SUCCEED = 0, 1821 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1 1822 }; 1823 1824 static int 1825 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, 1826 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len) 1827 { 1828 struct iwm_nvm_access_cmd nvm_access_cmd = { 1829 .offset = htole16(offset), 1830 .length = htole16(length), 1831 .type = htole16(section), 1832 .op_code = IWM_NVM_READ_OPCODE, 1833 }; 1834 struct iwm_nvm_access_resp *nvm_resp; 1835 struct iwm_rx_packet *pkt; 1836 struct iwm_host_cmd cmd = { 1837 .id = IWM_NVM_ACCESS_CMD, 1838 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL, 1839 .data = { &nvm_access_cmd, }, 1840 }; 1841 int ret, bytes_read, offset_read; 1842 uint8_t *resp_data; 1843 1844 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 1845 1846 ret = iwm_send_cmd(sc, &cmd); 1847 if (ret) { 1848 device_printf(sc->sc_dev, 1849 "Could not send NVM_ACCESS command (error=%d)\n", ret); 1850 return ret; 1851 } 1852 1853 pkt = cmd.resp_pkt; 1854 1855 /* Extract NVM response */ 1856 nvm_resp = (void *)pkt->data; 1857 ret = le16toh(nvm_resp->status); 1858 bytes_read = le16toh(nvm_resp->length); 1859 offset_read = le16toh(nvm_resp->offset); 1860 resp_data = nvm_resp->data; 1861 if (ret) { 1862 if ((offset != 0) && 1863 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) { 1864 /* 1865 * meaning of NOT_VALID_ADDRESS: 1866 * driver try to read chunk from address that is 1867 * multiple of 2K and got an error since addr is empty. 1868 * meaning of (offset != 0): driver already 1869 * read valid data from another chunk so this case 1870 * is not an error. 1871 */ 1872 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1873 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n", 1874 offset); 1875 *len = 0; 1876 ret = 0; 1877 } else { 1878 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1879 "NVM access command failed with status %d\n", ret); 1880 ret = EIO; 1881 } 1882 goto exit; 1883 } 1884 1885 if (offset_read != offset) { 1886 device_printf(sc->sc_dev, 1887 "NVM ACCESS response with invalid offset %d\n", 1888 offset_read); 1889 ret = EINVAL; 1890 goto exit; 1891 } 1892 1893 if (bytes_read > length) { 1894 device_printf(sc->sc_dev, 1895 "NVM ACCESS response with too much data " 1896 "(%d bytes requested, %d bytes received)\n", 1897 length, bytes_read); 1898 ret = EINVAL; 1899 goto exit; 1900 } 1901 1902 /* Write data to NVM */ 1903 memcpy(data + offset, resp_data, bytes_read); 1904 *len = bytes_read; 1905 1906 exit: 1907 iwm_free_resp(sc, &cmd); 1908 return ret; 1909 } 1910 1911 /* 1912 * Reads an NVM section completely. 1913 * NICs prior to 7000 family don't have a real NVM, but just read 1914 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 1915 * by uCode, we need to manually check in this case that we don't 1916 * overflow and try to read more than the EEPROM size. 1917 * For 7000 family NICs, we supply the maximal size we can read, and 1918 * the uCode fills the response with as much data as we can, 1919 * without overflowing, so no check is needed. 1920 */ 1921 static int 1922 iwm_nvm_read_section(struct iwm_softc *sc, 1923 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read) 1924 { 1925 uint16_t seglen, length, offset = 0; 1926 int ret; 1927 1928 /* Set nvm section read length */ 1929 length = IWM_NVM_DEFAULT_CHUNK_SIZE; 1930 1931 seglen = length; 1932 1933 /* Read the NVM until exhausted (reading less than requested) */ 1934 while (seglen == length) { 1935 /* Check no memory assumptions fail and cause an overflow */ 1936 if ((size_read + offset + length) > 1937 sc->cfg->eeprom_size) { 1938 device_printf(sc->sc_dev, 1939 "EEPROM size is too small for NVM\n"); 1940 return ENOBUFS; 1941 } 1942 1943 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen); 1944 if (ret) { 1945 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1946 "Cannot read NVM from section %d offset %d, length %d\n", 1947 section, offset, length); 1948 return ret; 1949 } 1950 offset += seglen; 1951 } 1952 1953 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1954 "NVM section %d read completed\n", section); 1955 *len = offset; 1956 return 0; 1957 } 1958 1959 /* 1960 * BEGIN IWM_NVM_PARSE 1961 */ 1962 1963 /* iwlwifi/iwl-nvm-parse.c */ 1964 1965 /* 1966 * Translate EEPROM flags to net80211. 1967 */ 1968 static uint32_t 1969 iwm_eeprom_channel_flags(uint16_t ch_flags) 1970 { 1971 uint32_t nflags; 1972 1973 nflags = 0; 1974 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0) 1975 nflags |= IEEE80211_CHAN_PASSIVE; 1976 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0) 1977 nflags |= IEEE80211_CHAN_NOADHOC; 1978 if (ch_flags & IWM_NVM_CHANNEL_RADAR) { 1979 nflags |= IEEE80211_CHAN_DFS; 1980 /* Just in case. */ 1981 nflags |= IEEE80211_CHAN_NOADHOC; 1982 } 1983 1984 return (nflags); 1985 } 1986 1987 static void 1988 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[], 1989 int maxchans, int *nchans, int ch_idx, size_t ch_num, 1990 const uint8_t bands[]) 1991 { 1992 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags; 1993 uint32_t nflags; 1994 uint16_t ch_flags; 1995 uint8_t ieee; 1996 int error; 1997 1998 for (; ch_idx < ch_num; ch_idx++) { 1999 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 2000 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 2001 ieee = iwm_nvm_channels[ch_idx]; 2002 else 2003 ieee = iwm_nvm_channels_8000[ch_idx]; 2004 2005 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) { 2006 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 2007 "Ch. %d Flags %x [%sGHz] - No traffic\n", 2008 ieee, ch_flags, 2009 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 2010 "5.2" : "2.4"); 2011 continue; 2012 } 2013 2014 nflags = iwm_eeprom_channel_flags(ch_flags); 2015 error = ieee80211_add_channel(chans, maxchans, nchans, 2016 ieee, 0, 0, nflags, bands); 2017 if (error != 0) 2018 break; 2019 2020 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 2021 "Ch. %d Flags %x [%sGHz] - Added\n", 2022 ieee, ch_flags, 2023 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 2024 "5.2" : "2.4"); 2025 } 2026 } 2027 2028 static void 2029 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans, 2030 struct ieee80211_channel chans[]) 2031 { 2032 struct iwm_softc *sc = ic->ic_softc; 2033 struct iwm_nvm_data *data = sc->nvm_data; 2034 uint8_t bands[IEEE80211_MODE_BYTES]; 2035 size_t ch_num; 2036 2037 memset(bands, 0, sizeof(bands)); 2038 /* 1-13: 11b/g channels. */ 2039 setbit(bands, IEEE80211_MODE_11B); 2040 setbit(bands, IEEE80211_MODE_11G); 2041 iwm_add_channel_band(sc, chans, maxchans, nchans, 0, 2042 IWM_NUM_2GHZ_CHANNELS - 1, bands); 2043 2044 /* 14: 11b channel only. */ 2045 clrbit(bands, IEEE80211_MODE_11G); 2046 iwm_add_channel_band(sc, chans, maxchans, nchans, 2047 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands); 2048 2049 if (data->sku_cap_band_52GHz_enable) { 2050 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 2051 ch_num = nitems(iwm_nvm_channels); 2052 else 2053 ch_num = nitems(iwm_nvm_channels_8000); 2054 memset(bands, 0, sizeof(bands)); 2055 setbit(bands, IEEE80211_MODE_11A); 2056 iwm_add_channel_band(sc, chans, maxchans, nchans, 2057 IWM_NUM_2GHZ_CHANNELS, ch_num, bands); 2058 } 2059 } 2060 2061 static void 2062 iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data, 2063 const uint16_t *mac_override, const uint16_t *nvm_hw) 2064 { 2065 const uint8_t *hw_addr; 2066 2067 if (mac_override) { 2068 static const uint8_t reserved_mac[] = { 2069 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00 2070 }; 2071 2072 hw_addr = (const uint8_t *)(mac_override + 2073 IWM_MAC_ADDRESS_OVERRIDE_8000); 2074 2075 /* 2076 * Store the MAC address from MAO section. 2077 * No byte swapping is required in MAO section 2078 */ 2079 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr); 2080 2081 /* 2082 * Force the use of the OTP MAC address in case of reserved MAC 2083 * address in the NVM, or if address is given but invalid. 2084 */ 2085 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) && 2086 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) && 2087 iwm_is_valid_ether_addr(data->hw_addr) && 2088 !IEEE80211_IS_MULTICAST(data->hw_addr)) 2089 return; 2090 2091 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2092 "%s: mac address from nvm override section invalid\n", 2093 __func__); 2094 } 2095 2096 if (nvm_hw) { 2097 /* read the mac address from WFMP registers */ 2098 uint32_t mac_addr0 = 2099 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0)); 2100 uint32_t mac_addr1 = 2101 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1)); 2102 2103 hw_addr = (const uint8_t *)&mac_addr0; 2104 data->hw_addr[0] = hw_addr[3]; 2105 data->hw_addr[1] = hw_addr[2]; 2106 data->hw_addr[2] = hw_addr[1]; 2107 data->hw_addr[3] = hw_addr[0]; 2108 2109 hw_addr = (const uint8_t *)&mac_addr1; 2110 data->hw_addr[4] = hw_addr[1]; 2111 data->hw_addr[5] = hw_addr[0]; 2112 2113 return; 2114 } 2115 2116 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__); 2117 memset(data->hw_addr, 0, sizeof(data->hw_addr)); 2118 } 2119 2120 static int 2121 iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2122 const uint16_t *phy_sku) 2123 { 2124 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) 2125 return le16_to_cpup(nvm_sw + IWM_SKU); 2126 2127 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000)); 2128 } 2129 2130 static int 2131 iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2132 { 2133 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) 2134 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 2135 else 2136 return le32_to_cpup((const uint32_t *)(nvm_sw + 2137 IWM_NVM_VERSION_8000)); 2138 } 2139 2140 static int 2141 iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2142 const uint16_t *phy_sku) 2143 { 2144 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) 2145 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 2146 2147 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000)); 2148 } 2149 2150 static int 2151 iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2152 { 2153 int n_hw_addr; 2154 2155 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) 2156 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 2157 2158 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000)); 2159 2160 return n_hw_addr & IWM_N_HW_ADDR_MASK; 2161 } 2162 2163 static void 2164 iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data, 2165 uint32_t radio_cfg) 2166 { 2167 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) { 2168 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 2169 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 2170 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 2171 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 2172 return; 2173 } 2174 2175 /* set the radio configuration for family 8000 */ 2176 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg); 2177 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg); 2178 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg); 2179 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK_8000(radio_cfg); 2180 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg); 2181 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg); 2182 } 2183 2184 static int 2185 iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data, 2186 const uint16_t *nvm_hw, const uint16_t *mac_override) 2187 { 2188 #ifdef notyet /* for FAMILY 9000 */ 2189 if (cfg->mac_addr_from_csr) { 2190 iwm_set_hw_address_from_csr(sc, data); 2191 } else 2192 #endif 2193 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) { 2194 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR); 2195 2196 /* The byte order is little endian 16 bit, meaning 214365 */ 2197 data->hw_addr[0] = hw_addr[1]; 2198 data->hw_addr[1] = hw_addr[0]; 2199 data->hw_addr[2] = hw_addr[3]; 2200 data->hw_addr[3] = hw_addr[2]; 2201 data->hw_addr[4] = hw_addr[5]; 2202 data->hw_addr[5] = hw_addr[4]; 2203 } else { 2204 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw); 2205 } 2206 2207 if (!iwm_is_valid_ether_addr(data->hw_addr)) { 2208 device_printf(sc->sc_dev, "no valid mac address was found\n"); 2209 return EINVAL; 2210 } 2211 2212 return 0; 2213 } 2214 2215 static struct iwm_nvm_data * 2216 iwm_parse_nvm_data(struct iwm_softc *sc, 2217 const uint16_t *nvm_hw, const uint16_t *nvm_sw, 2218 const uint16_t *nvm_calib, const uint16_t *mac_override, 2219 const uint16_t *phy_sku, const uint16_t *regulatory) 2220 { 2221 struct iwm_nvm_data *data; 2222 uint32_t sku, radio_cfg; 2223 uint16_t lar_config; 2224 2225 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) { 2226 data = kmalloc(sizeof(*data) + 2227 IWM_NUM_CHANNELS * sizeof(uint16_t), 2228 M_DEVBUF, M_WAITOK | M_ZERO); 2229 } else { 2230 data = kmalloc(sizeof(*data) + 2231 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t), 2232 M_DEVBUF, M_WAITOK | M_ZERO); 2233 } 2234 if (!data) 2235 return NULL; 2236 2237 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw); 2238 2239 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku); 2240 iwm_set_radio_cfg(sc, data, radio_cfg); 2241 2242 sku = iwm_get_sku(sc, nvm_sw, phy_sku); 2243 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 2244 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 2245 data->sku_cap_11n_enable = 0; 2246 2247 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw); 2248 2249 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) { 2250 /* TODO: use IWL_NVM_EXT */ 2251 uint16_t lar_offset = data->nvm_version < 0xE39 ? 2252 IWM_NVM_LAR_OFFSET_8000_OLD : 2253 IWM_NVM_LAR_OFFSET_8000; 2254 2255 lar_config = le16_to_cpup(regulatory + lar_offset); 2256 data->lar_enabled = !!(lar_config & 2257 IWM_NVM_LAR_ENABLED_8000); 2258 } 2259 2260 /* If no valid mac address was found - bail out */ 2261 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) { 2262 kfree(data, M_DEVBUF); 2263 return NULL; 2264 } 2265 2266 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2267 memcpy(data->nvm_ch_flags, sc->cfg->nvm_type == IWM_NVM_SDP ? 2268 ®ulatory[0] : &nvm_sw[IWM_NVM_CHANNELS], 2269 IWM_NUM_CHANNELS * sizeof(uint16_t)); 2270 } else { 2271 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000], 2272 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t)); 2273 } 2274 2275 return data; 2276 } 2277 2278 static void 2279 iwm_free_nvm_data(struct iwm_nvm_data *data) 2280 { 2281 if (data != NULL) 2282 kfree(data, M_DEVBUF); 2283 } 2284 2285 static struct iwm_nvm_data * 2286 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 2287 { 2288 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku; 2289 2290 /* Checking for required sections */ 2291 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2292 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2293 !sections[sc->cfg->nvm_hw_section_num].data) { 2294 device_printf(sc->sc_dev, 2295 "Can't parse empty OTP/NVM sections\n"); 2296 return NULL; 2297 } 2298 } else if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) { 2299 /* SW and REGULATORY sections are mandatory */ 2300 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2301 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) { 2302 device_printf(sc->sc_dev, 2303 "Can't parse empty OTP/NVM sections\n"); 2304 return NULL; 2305 } 2306 /* MAC_OVERRIDE or at least HW section must exist */ 2307 if (!sections[sc->cfg->nvm_hw_section_num].data && 2308 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) { 2309 device_printf(sc->sc_dev, 2310 "Can't parse mac_address, empty sections\n"); 2311 return NULL; 2312 } 2313 2314 /* PHY_SKU section is mandatory in B0 */ 2315 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) { 2316 device_printf(sc->sc_dev, 2317 "Can't parse phy_sku in B0, empty sections\n"); 2318 return NULL; 2319 } 2320 } else { 2321 panic("unknown device family %d\n", sc->cfg->device_family); 2322 } 2323 2324 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data; 2325 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 2326 calib = (const uint16_t *) 2327 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 2328 regulatory = sc->cfg->nvm_type == IWM_NVM_SDP ? 2329 (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_REGULATORY_SDP].data : 2330 (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_REGULATORY].data; 2331 mac_override = (const uint16_t *) 2332 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data; 2333 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data; 2334 2335 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override, 2336 phy_sku, regulatory); 2337 } 2338 2339 static int 2340 iwm_nvm_init(struct iwm_softc *sc) 2341 { 2342 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS]; 2343 int i, ret, section; 2344 uint32_t size_read = 0; 2345 uint8_t *nvm_buffer, *temp; 2346 uint16_t len; 2347 2348 memset(nvm_sections, 0, sizeof(nvm_sections)); 2349 2350 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_NUM_OF_SECTIONS) 2351 return EINVAL; 2352 2353 /* load NVM values from nic */ 2354 /* Read From FW NVM */ 2355 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n"); 2356 2357 nvm_buffer = kmalloc(sc->cfg->eeprom_size, M_DEVBUF, M_WAITOK | M_ZERO); 2358 if (!nvm_buffer) 2359 return ENOMEM; 2360 for (section = 0; section < IWM_NVM_NUM_OF_SECTIONS; section++) { 2361 /* we override the constness for initial read */ 2362 ret = iwm_nvm_read_section(sc, section, nvm_buffer, 2363 &len, size_read); 2364 if (ret) 2365 continue; 2366 size_read += len; 2367 temp = kmalloc(len, M_DEVBUF, M_WAITOK); 2368 if (!temp) { 2369 ret = ENOMEM; 2370 break; 2371 } 2372 memcpy(temp, nvm_buffer, len); 2373 2374 nvm_sections[section].data = temp; 2375 nvm_sections[section].length = len; 2376 } 2377 if (!size_read) 2378 device_printf(sc->sc_dev, "OTP is blank\n"); 2379 kfree(nvm_buffer, M_DEVBUF); 2380 2381 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections); 2382 if (!sc->nvm_data) 2383 return EINVAL; 2384 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 2385 "nvm version = %x\n", sc->nvm_data->nvm_version); 2386 2387 for (i = 0; i < IWM_NVM_NUM_OF_SECTIONS; i++) { 2388 if (nvm_sections[i].data != NULL) 2389 kfree(nvm_sections[i].data, M_DEVBUF); 2390 } 2391 2392 return 0; 2393 } 2394 2395 static int 2396 iwm_pcie_load_section(struct iwm_softc *sc, uint8_t section_num, 2397 const struct iwm_fw_desc *section) 2398 { 2399 struct iwm_dma_info *dma = &sc->fw_dma; 2400 uint8_t *v_addr; 2401 bus_addr_t p_addr; 2402 uint32_t offset, chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, section->len); 2403 int ret = 0; 2404 2405 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2406 "%s: [%d] uCode section being loaded...\n", 2407 __func__, section_num); 2408 2409 v_addr = dma->vaddr; 2410 p_addr = dma->paddr; 2411 2412 for (offset = 0; offset < section->len; offset += chunk_sz) { 2413 uint32_t copy_size, dst_addr; 2414 int extended_addr = FALSE; 2415 2416 copy_size = MIN(chunk_sz, section->len - offset); 2417 dst_addr = section->offset + offset; 2418 2419 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2420 dst_addr <= IWM_FW_MEM_EXTENDED_END) 2421 extended_addr = TRUE; 2422 2423 if (extended_addr) 2424 iwm_set_bits_prph(sc, IWM_LMPM_CHICK, 2425 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2426 2427 memcpy(v_addr, (const uint8_t *)section->data + offset, 2428 copy_size); 2429 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 2430 ret = iwm_pcie_load_firmware_chunk(sc, dst_addr, p_addr, 2431 copy_size); 2432 2433 if (extended_addr) 2434 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK, 2435 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2436 2437 if (ret) { 2438 device_printf(sc->sc_dev, 2439 "%s: Could not load the [%d] uCode section\n", 2440 __func__, section_num); 2441 break; 2442 } 2443 } 2444 2445 return ret; 2446 } 2447 2448 /* 2449 * ucode 2450 */ 2451 static int 2452 iwm_pcie_load_firmware_chunk(struct iwm_softc *sc, uint32_t dst_addr, 2453 bus_addr_t phy_addr, uint32_t byte_cnt) 2454 { 2455 sc->sc_fw_chunk_done = 0; 2456 2457 if (!iwm_nic_lock(sc)) 2458 return EBUSY; 2459 2460 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2461 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 2462 2463 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 2464 dst_addr); 2465 2466 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 2467 phy_addr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 2468 2469 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 2470 (iwm_get_dma_hi_addr(phy_addr) 2471 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 2472 2473 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 2474 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 2475 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 2476 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 2477 2478 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2479 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 2480 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 2481 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 2482 2483 iwm_nic_unlock(sc); 2484 2485 /* wait up to 5s for this segment to load */ 2486 lksleep(&sc->sc_fw, &sc->sc_lk, 0, "iwmfw", hz * 5); 2487 2488 if (!sc->sc_fw_chunk_done) { 2489 device_printf(sc->sc_dev, 2490 "fw chunk addr 0x%x len %d failed to load\n", 2491 dst_addr, byte_cnt); 2492 return ETIMEDOUT; 2493 } 2494 2495 return 0; 2496 } 2497 2498 static int 2499 iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc, 2500 const struct iwm_fw_img *image, int cpu, int *first_ucode_section) 2501 { 2502 int shift_param; 2503 int i, ret = 0, sec_num = 0x1; 2504 uint32_t val, last_read_idx = 0; 2505 2506 if (cpu == 1) { 2507 shift_param = 0; 2508 *first_ucode_section = 0; 2509 } else { 2510 shift_param = 16; 2511 (*first_ucode_section)++; 2512 } 2513 2514 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) { 2515 last_read_idx = i; 2516 2517 /* 2518 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2519 * CPU1 to CPU2. 2520 * PAGING_SEPARATOR_SECTION delimiter - separate between 2521 * CPU2 non paged to CPU2 paging sec. 2522 */ 2523 if (!image->sec[i].data || 2524 image->sec[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2525 image->sec[i].offset == IWM_PAGING_SEPARATOR_SECTION) { 2526 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2527 "Break since Data not valid or Empty section, sec = %d\n", 2528 i); 2529 break; 2530 } 2531 ret = iwm_pcie_load_section(sc, i, &image->sec[i]); 2532 if (ret) 2533 return ret; 2534 2535 /* Notify the ucode of the loaded section number and status */ 2536 if (iwm_nic_lock(sc)) { 2537 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS); 2538 val = val | (sec_num << shift_param); 2539 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val); 2540 sec_num = (sec_num << 1) | 0x1; 2541 iwm_nic_unlock(sc); 2542 } 2543 } 2544 2545 *first_ucode_section = last_read_idx; 2546 2547 iwm_enable_interrupts(sc); 2548 2549 if (iwm_nic_lock(sc)) { 2550 if (cpu == 1) 2551 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF); 2552 else 2553 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF); 2554 iwm_nic_unlock(sc); 2555 } 2556 2557 return 0; 2558 } 2559 2560 static int 2561 iwm_pcie_load_cpu_sections(struct iwm_softc *sc, 2562 const struct iwm_fw_img *image, int cpu, int *first_ucode_section) 2563 { 2564 int i, ret = 0; 2565 uint32_t last_read_idx = 0; 2566 2567 if (cpu == 1) { 2568 *first_ucode_section = 0; 2569 } else { 2570 (*first_ucode_section)++; 2571 } 2572 2573 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) { 2574 last_read_idx = i; 2575 2576 /* 2577 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2578 * CPU1 to CPU2. 2579 * PAGING_SEPARATOR_SECTION delimiter - separate between 2580 * CPU2 non paged to CPU2 paging sec. 2581 */ 2582 if (!image->sec[i].data || 2583 image->sec[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2584 image->sec[i].offset == IWM_PAGING_SEPARATOR_SECTION) { 2585 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2586 "Break since Data not valid or Empty section, sec = %d\n", 2587 i); 2588 break; 2589 } 2590 2591 ret = iwm_pcie_load_section(sc, i, &image->sec[i]); 2592 if (ret) 2593 return ret; 2594 } 2595 2596 *first_ucode_section = last_read_idx; 2597 2598 return 0; 2599 2600 } 2601 2602 static int 2603 iwm_pcie_load_given_ucode(struct iwm_softc *sc, const struct iwm_fw_img *image) 2604 { 2605 int ret = 0; 2606 int first_ucode_section; 2607 2608 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n", 2609 image->is_dual_cpus ? "Dual" : "Single"); 2610 2611 /* load to FW the binary non secured sections of CPU1 */ 2612 ret = iwm_pcie_load_cpu_sections(sc, image, 1, &first_ucode_section); 2613 if (ret) 2614 return ret; 2615 2616 if (image->is_dual_cpus) { 2617 /* set CPU2 header address */ 2618 if (iwm_nic_lock(sc)) { 2619 iwm_write_prph(sc, 2620 IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR, 2621 IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE); 2622 iwm_nic_unlock(sc); 2623 } 2624 2625 /* load to FW the binary sections of CPU2 */ 2626 ret = iwm_pcie_load_cpu_sections(sc, image, 2, 2627 &first_ucode_section); 2628 if (ret) 2629 return ret; 2630 } 2631 2632 iwm_enable_interrupts(sc); 2633 2634 /* release CPU reset */ 2635 IWM_WRITE(sc, IWM_CSR_RESET, 0); 2636 2637 return 0; 2638 } 2639 2640 int 2641 iwm_pcie_load_given_ucode_8000(struct iwm_softc *sc, 2642 const struct iwm_fw_img *image) 2643 { 2644 int ret = 0; 2645 int first_ucode_section; 2646 2647 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n", 2648 image->is_dual_cpus ? "Dual" : "Single"); 2649 2650 /* configure the ucode to be ready to get the secured image */ 2651 /* release CPU reset */ 2652 if (iwm_nic_lock(sc)) { 2653 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, 2654 IWM_RELEASE_CPU_RESET_BIT); 2655 iwm_nic_unlock(sc); 2656 } 2657 2658 /* load to FW the binary Secured sections of CPU1 */ 2659 ret = iwm_pcie_load_cpu_sections_8000(sc, image, 1, 2660 &first_ucode_section); 2661 if (ret) 2662 return ret; 2663 2664 /* load to FW the binary sections of CPU2 */ 2665 return iwm_pcie_load_cpu_sections_8000(sc, image, 2, 2666 &first_ucode_section); 2667 } 2668 2669 /* XXX Get rid of this definition */ 2670 static inline void 2671 iwm_enable_fw_load_int(struct iwm_softc *sc) 2672 { 2673 IWM_DPRINTF(sc, IWM_DEBUG_INTR, "Enabling FW load interrupt\n"); 2674 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX; 2675 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 2676 } 2677 2678 /* XXX Add proper rfkill support code */ 2679 static int 2680 iwm_start_fw(struct iwm_softc *sc, const struct iwm_fw_img *fw) 2681 { 2682 int ret; 2683 2684 /* This may fail if AMT took ownership of the device */ 2685 if (iwm_prepare_card_hw(sc)) { 2686 device_printf(sc->sc_dev, 2687 "%s: Exit HW not ready\n", __func__); 2688 ret = EIO; 2689 goto out; 2690 } 2691 2692 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF); 2693 2694 iwm_disable_interrupts(sc); 2695 2696 /* make sure rfkill handshake bits are cleared */ 2697 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2698 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 2699 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 2700 2701 /* clear (again), then enable host interrupts */ 2702 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF); 2703 2704 ret = iwm_nic_init(sc); 2705 if (ret) { 2706 device_printf(sc->sc_dev, "%s: Unable to init nic\n", __func__); 2707 goto out; 2708 } 2709 2710 /* 2711 * Now, we load the firmware and don't want to be interrupted, even 2712 * by the RF-Kill interrupt (hence mask all the interrupt besides the 2713 * FH_TX interrupt which is needed to load the firmware). If the 2714 * RF-Kill switch is toggled, we will find out after having loaded 2715 * the firmware and return the proper value to the caller. 2716 */ 2717 iwm_enable_fw_load_int(sc); 2718 2719 /* really make sure rfkill handshake bits are cleared */ 2720 /* maybe we should write a few times more? just to make sure */ 2721 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2722 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2723 2724 /* Load the given image to the HW */ 2725 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) 2726 ret = iwm_pcie_load_given_ucode_8000(sc, fw); 2727 else 2728 ret = iwm_pcie_load_given_ucode(sc, fw); 2729 2730 /* XXX re-check RF-Kill state */ 2731 2732 out: 2733 return ret; 2734 } 2735 2736 static int 2737 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 2738 { 2739 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 2740 .valid = htole32(valid_tx_ant), 2741 }; 2742 2743 return iwm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 2744 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd); 2745 } 2746 2747 /* iwlwifi: mvm/fw.c */ 2748 static int 2749 iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 2750 { 2751 struct iwm_phy_cfg_cmd phy_cfg_cmd; 2752 enum iwm_ucode_type ucode_type = sc->cur_ucode; 2753 2754 /* Set parameters */ 2755 phy_cfg_cmd.phy_cfg = htole32(iwm_get_phy_config(sc)); 2756 phy_cfg_cmd.calib_control.event_trigger = 2757 sc->sc_default_calib[ucode_type].event_trigger; 2758 phy_cfg_cmd.calib_control.flow_trigger = 2759 sc->sc_default_calib[ucode_type].flow_trigger; 2760 2761 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET, 2762 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg); 2763 return iwm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC, 2764 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 2765 } 2766 2767 static int 2768 iwm_alive_fn(struct iwm_softc *sc, struct iwm_rx_packet *pkt, void *data) 2769 { 2770 struct iwm_alive_data *alive_data = data; 2771 struct iwm_alive_resp_v3 *palive3; 2772 struct iwm_alive_resp *palive; 2773 struct iwm_umac_alive *umac; 2774 struct iwm_lmac_alive *lmac1; 2775 struct iwm_lmac_alive *lmac2 = NULL; 2776 uint16_t status; 2777 2778 if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive)) { 2779 palive = (void *)pkt->data; 2780 umac = &palive->umac_data; 2781 lmac1 = &palive->lmac_data[0]; 2782 lmac2 = &palive->lmac_data[1]; 2783 status = le16toh(palive->status); 2784 } else { 2785 palive3 = (void *)pkt->data; 2786 umac = &palive3->umac_data; 2787 lmac1 = &palive3->lmac_data; 2788 status = le16toh(palive3->status); 2789 } 2790 2791 sc->error_event_table[0] = le32toh(lmac1->error_event_table_ptr); 2792 if (lmac2) 2793 sc->error_event_table[1] = 2794 le32toh(lmac2->error_event_table_ptr); 2795 sc->log_event_table = le32toh(lmac1->log_event_table_ptr); 2796 sc->umac_error_event_table = le32toh(umac->error_info_addr); 2797 alive_data->scd_base_addr = le32toh(lmac1->scd_base_ptr); 2798 alive_data->valid = status == IWM_ALIVE_STATUS_OK; 2799 if (sc->umac_error_event_table) 2800 sc->support_umac_log = TRUE; 2801 2802 IWM_DPRINTF(sc, IWM_DEBUG_FW, 2803 "Alive ucode status 0x%04x revision 0x%01X 0x%01X\n", 2804 status, lmac1->ver_type, lmac1->ver_subtype); 2805 2806 if (lmac2) 2807 IWM_DPRINTF(sc, IWM_DEBUG_FW, "Alive ucode CDB\n"); 2808 2809 IWM_DPRINTF(sc, IWM_DEBUG_FW, 2810 "UMAC version: Major - 0x%x, Minor - 0x%x\n", 2811 le32toh(umac->umac_major), 2812 le32toh(umac->umac_minor)); 2813 2814 return TRUE; 2815 } 2816 2817 static int 2818 iwm_wait_phy_db_entry(struct iwm_softc *sc, 2819 struct iwm_rx_packet *pkt, void *data) 2820 { 2821 struct iwm_phy_db *phy_db = data; 2822 2823 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) { 2824 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) { 2825 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n", 2826 __func__, pkt->hdr.code); 2827 } 2828 return TRUE; 2829 } 2830 2831 if (iwm_phy_db_set_section(phy_db, pkt)) { 2832 device_printf(sc->sc_dev, 2833 "%s: iwm_phy_db_set_section failed\n", __func__); 2834 } 2835 2836 return FALSE; 2837 } 2838 2839 static int 2840 iwm_load_ucode_wait_alive(struct iwm_softc *sc, 2841 enum iwm_ucode_type ucode_type) 2842 { 2843 struct iwm_notification_wait alive_wait; 2844 struct iwm_alive_data alive_data; 2845 const struct iwm_fw_img *fw; 2846 enum iwm_ucode_type old_type = sc->cur_ucode; 2847 int error; 2848 static const uint16_t alive_cmd[] = { IWM_ALIVE }; 2849 2850 fw = &sc->sc_fw.img[ucode_type]; 2851 sc->cur_ucode = ucode_type; 2852 sc->ucode_loaded = FALSE; 2853 2854 memset(&alive_data, 0, sizeof(alive_data)); 2855 iwm_init_notification_wait(sc->sc_notif_wait, &alive_wait, 2856 alive_cmd, nitems(alive_cmd), 2857 iwm_alive_fn, &alive_data); 2858 2859 error = iwm_start_fw(sc, fw); 2860 if (error) { 2861 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error); 2862 sc->cur_ucode = old_type; 2863 iwm_remove_notification(sc->sc_notif_wait, &alive_wait); 2864 return error; 2865 } 2866 2867 /* 2868 * Some things may run in the background now, but we 2869 * just wait for the ALIVE notification here. 2870 */ 2871 IWM_UNLOCK(sc); 2872 error = iwm_wait_notification(sc->sc_notif_wait, &alive_wait, 2873 IWM_UCODE_ALIVE_TIMEOUT); 2874 IWM_LOCK(sc); 2875 if (error) { 2876 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) { 2877 uint32_t a = 0x5a5a5a5a, b = 0x5a5a5a5a; 2878 if (iwm_nic_lock(sc)) { 2879 a = iwm_read_prph(sc, IWM_SB_CPU_1_STATUS); 2880 b = iwm_read_prph(sc, IWM_SB_CPU_2_STATUS); 2881 iwm_nic_unlock(sc); 2882 } 2883 device_printf(sc->sc_dev, 2884 "SecBoot CPU1 Status: 0x%x, CPU2 Status: 0x%x\n", 2885 a, b); 2886 } 2887 sc->cur_ucode = old_type; 2888 return error; 2889 } 2890 2891 if (!alive_data.valid) { 2892 device_printf(sc->sc_dev, "%s: Loaded ucode is not valid\n", 2893 __func__); 2894 sc->cur_ucode = old_type; 2895 return EIO; 2896 } 2897 2898 iwm_trans_pcie_fw_alive(sc, alive_data.scd_base_addr); 2899 2900 /* 2901 * configure and operate fw paging mechanism. 2902 * driver configures the paging flow only once, CPU2 paging image 2903 * included in the IWM_UCODE_INIT image. 2904 */ 2905 if (fw->paging_mem_size) { 2906 error = iwm_save_fw_paging(sc, fw); 2907 if (error) { 2908 device_printf(sc->sc_dev, 2909 "%s: failed to save the FW paging image\n", 2910 __func__); 2911 return error; 2912 } 2913 2914 error = iwm_send_paging_cmd(sc, fw); 2915 if (error) { 2916 device_printf(sc->sc_dev, 2917 "%s: failed to send the paging cmd\n", __func__); 2918 iwm_free_fw_paging(sc); 2919 return error; 2920 } 2921 } 2922 2923 if (!error) 2924 sc->ucode_loaded = TRUE; 2925 return error; 2926 } 2927 2928 /* 2929 * mvm misc bits 2930 */ 2931 2932 /* 2933 * follows iwlwifi/fw.c 2934 */ 2935 static int 2936 iwm_run_init_ucode(struct iwm_softc *sc, int justnvm) 2937 { 2938 struct iwm_notification_wait calib_wait; 2939 static const uint16_t init_complete[] = { 2940 IWM_INIT_COMPLETE_NOTIF, 2941 IWM_CALIB_RES_NOTIF_PHY_DB 2942 }; 2943 int ret; 2944 2945 /* do not operate with rfkill switch turned on */ 2946 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 2947 device_printf(sc->sc_dev, 2948 "radio is disabled by hardware switch\n"); 2949 return EPERM; 2950 } 2951 2952 iwm_init_notification_wait(sc->sc_notif_wait, 2953 &calib_wait, 2954 init_complete, 2955 nitems(init_complete), 2956 iwm_wait_phy_db_entry, 2957 sc->sc_phy_db); 2958 2959 /* Will also start the device */ 2960 ret = iwm_load_ucode_wait_alive(sc, IWM_UCODE_INIT); 2961 if (ret) { 2962 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n", 2963 ret); 2964 goto error; 2965 } 2966 2967 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) { 2968 ret = iwm_send_bt_init_conf(sc); 2969 if (ret) { 2970 device_printf(sc->sc_dev, 2971 "failed to send bt coex configuration: %d\n", ret); 2972 goto error; 2973 } 2974 } 2975 2976 if (justnvm) { 2977 /* Read nvm */ 2978 ret = iwm_nvm_init(sc); 2979 if (ret) { 2980 device_printf(sc->sc_dev, "failed to read nvm\n"); 2981 goto error; 2982 } 2983 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr); 2984 goto error; 2985 } 2986 2987 /* Send TX valid antennas before triggering calibrations */ 2988 ret = iwm_send_tx_ant_cfg(sc, iwm_get_valid_tx_ant(sc)); 2989 if (ret) { 2990 device_printf(sc->sc_dev, 2991 "failed to send antennas before calibration: %d\n", ret); 2992 goto error; 2993 } 2994 2995 /* 2996 * Send phy configurations command to init uCode 2997 * to start the 16.0 uCode init image internal calibrations. 2998 */ 2999 ret = iwm_send_phy_cfg_cmd(sc); 3000 if (ret) { 3001 device_printf(sc->sc_dev, 3002 "%s: Failed to run INIT calibrations: %d\n", 3003 __func__, ret); 3004 goto error; 3005 } 3006 3007 /* 3008 * Nothing to do but wait for the init complete notification 3009 * from the firmware. 3010 */ 3011 IWM_UNLOCK(sc); 3012 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait, 3013 IWM_UCODE_CALIB_TIMEOUT); 3014 IWM_LOCK(sc); 3015 3016 3017 goto out; 3018 3019 error: 3020 iwm_remove_notification(sc->sc_notif_wait, &calib_wait); 3021 out: 3022 return ret; 3023 } 3024 3025 static int 3026 iwm_config_ltr(struct iwm_softc *sc) 3027 { 3028 struct iwm_ltr_config_cmd cmd = { 3029 .flags = htole32(IWM_LTR_CFG_FLAG_FEATURE_ENABLE), 3030 }; 3031 3032 if (!sc->sc_ltr_enabled) 3033 return 0; 3034 3035 return iwm_send_cmd_pdu(sc, IWM_LTR_CONFIG, 0, sizeof(cmd), &cmd); 3036 } 3037 3038 /* 3039 * receive side 3040 */ 3041 3042 /* (re)stock rx ring, called at init-time and at runtime */ 3043 static int 3044 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 3045 { 3046 struct iwm_rx_ring *ring = &sc->rxq; 3047 struct iwm_rx_data *data = &ring->data[idx]; 3048 struct mbuf *m; 3049 bus_dmamap_t dmamap; 3050 bus_dma_segment_t seg; 3051 int nsegs, error; 3052 3053 m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE); 3054 if (m == NULL) 3055 return ENOBUFS; 3056 3057 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 3058 #if defined(__DragonFly__) 3059 error = bus_dmamap_load_mbuf_segment(ring->data_dmat, ring->spare_map, 3060 m, &seg, 1, &nsegs, BUS_DMA_NOWAIT); 3061 #else 3062 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m, 3063 &seg, &nsegs, BUS_DMA_NOWAIT); 3064 #endif 3065 if (error != 0) { 3066 device_printf(sc->sc_dev, 3067 "%s: can't map mbuf, error %d\n", __func__, error); 3068 m_freem(m); 3069 return error; 3070 } 3071 3072 if (data->m != NULL) 3073 bus_dmamap_unload(ring->data_dmat, data->map); 3074 3075 /* Swap ring->spare_map with data->map */ 3076 dmamap = data->map; 3077 data->map = ring->spare_map; 3078 ring->spare_map = dmamap; 3079 3080 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD); 3081 data->m = m; 3082 3083 /* Update RX descriptor. */ 3084 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned")); 3085 if (sc->cfg->mqrx_supported) 3086 ((uint64_t *)ring->desc)[idx] = htole64(seg.ds_addr); 3087 else 3088 ((uint32_t *)ring->desc)[idx] = htole32(seg.ds_addr >> 8); 3089 bus_dmamap_sync(ring->free_desc_dma.tag, ring->free_desc_dma.map, 3090 BUS_DMASYNC_PREWRITE); 3091 3092 return 0; 3093 } 3094 3095 static void 3096 iwm_rx_rx_phy_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3097 { 3098 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 3099 3100 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n"); 3101 3102 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 3103 } 3104 3105 /* 3106 * Retrieve the average noise (in dBm) among receivers. 3107 */ 3108 static int 3109 iwm_get_noise(struct iwm_softc *sc, 3110 const struct iwm_statistics_rx_non_phy *stats) 3111 { 3112 int i, noise; 3113 #ifdef IWM_DEBUG 3114 int nbant, total; 3115 #else 3116 int nbant __unused, total __unused; 3117 #endif 3118 3119 total = nbant = noise = 0; 3120 for (i = 0; i < 3; i++) { 3121 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff; 3122 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n", 3123 __func__, 3124 i, 3125 noise); 3126 3127 if (noise) { 3128 total += noise; 3129 nbant++; 3130 } 3131 } 3132 3133 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n", 3134 __func__, nbant, total); 3135 #if 0 3136 /* There should be at least one antenna but check anyway. */ 3137 return (nbant == 0) ? -127 : (total / nbant) - 107; 3138 #else 3139 /* For now, just hard-code it to -96 to be safe */ 3140 return (-96); 3141 #endif 3142 } 3143 3144 static void 3145 iwm_handle_rx_statistics(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3146 { 3147 struct iwm_notif_statistics *stats = (void *)&pkt->data; 3148 3149 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 3150 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general); 3151 } 3152 3153 /* iwlwifi: mvm/rx.c */ 3154 /* 3155 * iwm_get_signal_strength - use new rx PHY INFO API 3156 * values are reported by the fw as positive values - need to negate 3157 * to obtain their dBM. Account for missing antennas by replacing 0 3158 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 3159 */ 3160 static int 3161 iwm_rx_get_signal_strength(struct iwm_softc *sc, 3162 struct iwm_rx_phy_info *phy_info) 3163 { 3164 int energy_a, energy_b, energy_c, max_energy; 3165 uint32_t val; 3166 3167 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 3168 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 3169 IWM_RX_INFO_ENERGY_ANT_A_POS; 3170 energy_a = energy_a ? -energy_a : -256; 3171 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 3172 IWM_RX_INFO_ENERGY_ANT_B_POS; 3173 energy_b = energy_b ? -energy_b : -256; 3174 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 3175 IWM_RX_INFO_ENERGY_ANT_C_POS; 3176 energy_c = energy_c ? -energy_c : -256; 3177 max_energy = MAX(energy_a, energy_b); 3178 max_energy = MAX(max_energy, energy_c); 3179 3180 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3181 "energy In A %d B %d C %d , and max %d\n", 3182 energy_a, energy_b, energy_c, max_energy); 3183 3184 return max_energy; 3185 } 3186 3187 static int 3188 iwm_rxmq_get_signal_strength(struct iwm_softc *sc, 3189 struct iwm_rx_mpdu_desc *desc) 3190 { 3191 int energy_a, energy_b; 3192 3193 energy_a = desc->v1.energy_a; 3194 energy_b = desc->v1.energy_b; 3195 energy_a = energy_a ? -energy_a : -256; 3196 energy_b = energy_b ? -energy_b : -256; 3197 return MAX(energy_a, energy_b); 3198 } 3199 3200 /* 3201 * iwm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler 3202 * 3203 * Handles the actual data of the Rx packet from the fw 3204 */ 3205 static bool 3206 iwm_rx_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset, 3207 bool stolen) 3208 { 3209 struct ieee80211com *ic = &sc->sc_ic; 3210 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3211 struct ieee80211_rx_stats rxs; 3212 struct iwm_rx_phy_info *phy_info; 3213 struct iwm_rx_mpdu_res_start *rx_res; 3214 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, offset); 3215 uint32_t len; 3216 uint32_t rx_pkt_status; 3217 int rssi; 3218 3219 phy_info = &sc->sc_last_phy_info; 3220 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data; 3221 len = le16toh(rx_res->byte_count); 3222 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len)); 3223 3224 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 3225 device_printf(sc->sc_dev, 3226 "dsp size out of range [0,20]: %d\n", 3227 phy_info->cfg_phy_cnt); 3228 return false; 3229 } 3230 3231 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 3232 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 3233 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3234 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 3235 return false; 3236 } 3237 3238 rssi = iwm_rx_get_signal_strength(sc, phy_info); 3239 3240 /* Map it to relative value */ 3241 rssi = rssi - sc->sc_noise; 3242 3243 /* replenish ring for the buffer we're going to feed to the sharks */ 3244 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 3245 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 3246 __func__); 3247 return false; 3248 } 3249 3250 m->m_data = pkt->data + sizeof(*rx_res); 3251 m->m_pkthdr.len = m->m_len = len; 3252 3253 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3254 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise); 3255 3256 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3257 "%s: phy_info: channel=%d, flags=0x%08x\n", 3258 __func__, 3259 le16toh(phy_info->channel), 3260 le16toh(phy_info->phy_flags)); 3261 3262 /* 3263 * Populate an RX state struct with the provided information. 3264 */ 3265 bzero(&rxs, sizeof(rxs)); 3266 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 3267 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 3268 rxs.c_ieee = le16toh(phy_info->channel); 3269 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) { 3270 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 3271 } else { 3272 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ); 3273 } 3274 3275 /* rssi is in 1/2db units */ 3276 rxs.c_rssi = rssi * 2; 3277 rxs.c_nf = sc->sc_noise; 3278 if (ieee80211_add_rx_params(m, &rxs) == 0) 3279 return false; 3280 3281 if (ieee80211_radiotap_active_vap(vap)) { 3282 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 3283 3284 tap->wr_flags = 0; 3285 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE)) 3286 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3287 tap->wr_chan_freq = htole16(rxs.c_freq); 3288 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 3289 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 3290 tap->wr_dbm_antsignal = (int8_t)rssi; 3291 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 3292 tap->wr_tsft = phy_info->system_timestamp; 3293 switch (phy_info->rate) { 3294 /* CCK rates. */ 3295 case 10: tap->wr_rate = 2; break; 3296 case 20: tap->wr_rate = 4; break; 3297 case 55: tap->wr_rate = 11; break; 3298 case 110: tap->wr_rate = 22; break; 3299 /* OFDM rates. */ 3300 case 0xd: tap->wr_rate = 12; break; 3301 case 0xf: tap->wr_rate = 18; break; 3302 case 0x5: tap->wr_rate = 24; break; 3303 case 0x7: tap->wr_rate = 36; break; 3304 case 0x9: tap->wr_rate = 48; break; 3305 case 0xb: tap->wr_rate = 72; break; 3306 case 0x1: tap->wr_rate = 96; break; 3307 case 0x3: tap->wr_rate = 108; break; 3308 /* Unknown rate: should not happen. */ 3309 default: tap->wr_rate = 0; 3310 } 3311 } 3312 3313 return true; 3314 } 3315 3316 static bool 3317 iwm_rx_mpdu_mq(struct iwm_softc *sc, struct mbuf *m, uint32_t offset, 3318 bool stolen) 3319 { 3320 struct ieee80211com *ic = &sc->sc_ic; 3321 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3322 struct ieee80211_frame *wh; 3323 struct ieee80211_rx_stats rxs; 3324 struct iwm_rx_mpdu_desc *desc; 3325 struct iwm_rx_packet *pkt; 3326 int rssi; 3327 uint32_t hdrlen, len, rate_n_flags; 3328 uint16_t phy_info; 3329 uint8_t channel; 3330 3331 pkt = mtodo(m, offset); 3332 desc = (void *)pkt->data; 3333 3334 if (!(desc->status & htole16(IWM_RX_MPDU_RES_STATUS_CRC_OK)) || 3335 !(desc->status & htole16(IWM_RX_MPDU_RES_STATUS_OVERRUN_OK))) { 3336 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3337 "Bad CRC or FIFO: 0x%08X.\n", desc->status); 3338 return false; 3339 } 3340 3341 channel = desc->v1.channel; 3342 len = le16toh(desc->mpdu_len); 3343 phy_info = le16toh(desc->phy_info); 3344 rate_n_flags = desc->v1.rate_n_flags; 3345 3346 wh = mtodo(m, sizeof(*desc)); 3347 m->m_data = pkt->data + sizeof(*desc); 3348 m->m_pkthdr.len = m->m_len = len; 3349 m->m_len = len; 3350 3351 /* Account for padding following the frame header. */ 3352 if ((desc->mac_flags2 & IWM_RX_MPDU_MFLG2_PAD)) { 3353 hdrlen = ieee80211_anyhdrsize(wh); 3354 memmove(mtodo(m, 2), mtodo(m, 0), hdrlen); 3355 m->m_data = mtodo(m, 2); 3356 wh = mtod(m, struct ieee80211_frame *); 3357 } 3358 3359 /* Map it to relative value */ 3360 rssi = iwm_rxmq_get_signal_strength(sc, desc); 3361 rssi = rssi - sc->sc_noise; 3362 3363 /* replenish ring for the buffer we're going to feed to the sharks */ 3364 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 3365 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 3366 __func__); 3367 return false; 3368 } 3369 3370 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3371 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise); 3372 3373 /* 3374 * Populate an RX state struct with the provided information. 3375 */ 3376 bzero(&rxs, sizeof(rxs)); 3377 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 3378 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 3379 rxs.c_ieee = channel; 3380 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, 3381 channel <= 14 ? IEEE80211_CHAN_2GHZ : IEEE80211_CHAN_5GHZ); 3382 3383 /* rssi is in 1/2db units */ 3384 rxs.c_rssi = rssi * 2; 3385 rxs.c_nf = sc->sc_noise; 3386 if (ieee80211_add_rx_params(m, &rxs) == 0) 3387 return false; 3388 3389 if (ieee80211_radiotap_active_vap(vap)) { 3390 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 3391 3392 tap->wr_flags = 0; 3393 if ((phy_info & IWM_RX_MPDU_PHY_SHORT_PREAMBLE) != 0) 3394 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3395 tap->wr_chan_freq = htole16(rxs.c_freq); 3396 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 3397 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 3398 tap->wr_dbm_antsignal = (int8_t)rssi; 3399 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 3400 tap->wr_tsft = desc->v1.gp2_on_air_rise; 3401 switch ((rate_n_flags & 0xff)) { 3402 /* CCK rates. */ 3403 case 10: tap->wr_rate = 2; break; 3404 case 20: tap->wr_rate = 4; break; 3405 case 55: tap->wr_rate = 11; break; 3406 case 110: tap->wr_rate = 22; break; 3407 /* OFDM rates. */ 3408 case 0xd: tap->wr_rate = 12; break; 3409 case 0xf: tap->wr_rate = 18; break; 3410 case 0x5: tap->wr_rate = 24; break; 3411 case 0x7: tap->wr_rate = 36; break; 3412 case 0x9: tap->wr_rate = 48; break; 3413 case 0xb: tap->wr_rate = 72; break; 3414 case 0x1: tap->wr_rate = 96; break; 3415 case 0x3: tap->wr_rate = 108; break; 3416 /* Unknown rate: should not happen. */ 3417 default: tap->wr_rate = 0; 3418 } 3419 } 3420 3421 return true; 3422 } 3423 3424 static bool 3425 iwm_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset, 3426 bool stolen) 3427 { 3428 struct ieee80211com *ic; 3429 struct ieee80211_frame *wh; 3430 struct ieee80211_node *ni; 3431 bool ret; 3432 3433 ic = &sc->sc_ic; 3434 3435 ret = sc->cfg->mqrx_supported ? 3436 iwm_rx_mpdu_mq(sc, m, offset, stolen) : 3437 iwm_rx_rx_mpdu(sc, m, offset, stolen); 3438 if (!ret) { 3439 #if !defined(__DragonFly__) 3440 counter_u64_add(ic->ic_ierrors, 1); 3441 #else 3442 ++sc->sc_ic.ic_ierrors; 3443 #endif 3444 return (ret); 3445 } 3446 3447 wh = mtod(m, struct ieee80211_frame *); 3448 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 3449 3450 IWM_UNLOCK(sc); 3451 if (ni != NULL) { 3452 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m); 3453 #if !defined(__DragonFly__) 3454 ieee80211_input_mimo(ni, m); 3455 #else 3456 ieee80211_input_mimo(ni, m, NULL); 3457 #endif 3458 ieee80211_free_node(ni); 3459 } else { 3460 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m); 3461 #if !defined(__DragonFly__) 3462 ieee80211_input_mimo_all(ic, m); 3463 #else 3464 ieee80211_input_mimo_all(ic, m, NULL); 3465 #endif 3466 } 3467 IWM_LOCK(sc); 3468 3469 return true; 3470 } 3471 3472 static int 3473 iwm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 3474 struct iwm_node *in) 3475 { 3476 struct iwm_tx_resp *tx_resp = (void *)pkt->data; 3477 #if !defined(__DragonFly__) 3478 struct ieee80211_ratectl_tx_status *txs = &sc->sc_txs; 3479 #endif 3480 struct ieee80211_node *ni = &in->in_ni; 3481 struct ieee80211vap *vap = ni->ni_vap; 3482 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 3483 int new_rate, cur_rate = vap->iv_bss->ni_txrate; 3484 boolean_t rate_matched; 3485 uint8_t tx_resp_rate; 3486 3487 KASSERT(tx_resp->frame_count == 1, ("too many frames")); 3488 3489 /* Update rate control statistics. */ 3490 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n", 3491 __func__, 3492 (int) le16toh(tx_resp->status.status), 3493 (int) le16toh(tx_resp->status.sequence), 3494 tx_resp->frame_count, 3495 tx_resp->bt_kill_count, 3496 tx_resp->failure_rts, 3497 tx_resp->failure_frame, 3498 le32toh(tx_resp->initial_rate), 3499 (int) le16toh(tx_resp->wireless_media_time)); 3500 3501 tx_resp_rate = iwm_rate_from_ucode_rate(le32toh(tx_resp->initial_rate)); 3502 3503 /* For rate control, ignore frames sent at different initial rate */ 3504 rate_matched = (tx_resp_rate != 0 && tx_resp_rate == cur_rate); 3505 3506 if (tx_resp_rate != 0 && cur_rate != 0 && !rate_matched) { 3507 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3508 "tx_resp_rate doesn't match ni_txrate (tx_resp_rate=%u " 3509 "ni_txrate=%d)\n", tx_resp_rate, cur_rate); 3510 } 3511 3512 #if !defined(__DragonFly__) 3513 txs->flags = IEEE80211_RATECTL_STATUS_SHORT_RETRY | 3514 IEEE80211_RATECTL_STATUS_LONG_RETRY; 3515 txs->short_retries = tx_resp->failure_rts; 3516 txs->long_retries = tx_resp->failure_frame; 3517 if (status != IWM_TX_STATUS_SUCCESS && 3518 status != IWM_TX_STATUS_DIRECT_DONE) { 3519 switch (status) { 3520 case IWM_TX_STATUS_FAIL_SHORT_LIMIT: 3521 txs->status = IEEE80211_RATECTL_TX_FAIL_SHORT; 3522 break; 3523 case IWM_TX_STATUS_FAIL_LONG_LIMIT: 3524 txs->status = IEEE80211_RATECTL_TX_FAIL_LONG; 3525 break; 3526 case IWM_TX_STATUS_FAIL_LIFE_EXPIRE: 3527 txs->status = IEEE80211_RATECTL_TX_FAIL_EXPIRED; 3528 break; 3529 default: 3530 txs->status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED; 3531 break; 3532 } 3533 } else { 3534 txs->status = IEEE80211_RATECTL_TX_SUCCESS; 3535 } 3536 3537 if (rate_matched) { 3538 ieee80211_ratectl_tx_complete(ni, txs); 3539 3540 int rix = ieee80211_ratectl_rate(vap->iv_bss, NULL, 0); 3541 new_rate = vap->iv_bss->ni_txrate; 3542 if (new_rate != 0 && new_rate != cur_rate) { 3543 struct iwm_node *in = IWM_NODE(vap->iv_bss); 3544 iwm_setrates(sc, in, rix); 3545 iwm_send_lq_cmd(sc, &in->in_lq, FALSE); 3546 } 3547 } 3548 3549 return (txs->status != IEEE80211_RATECTL_TX_SUCCESS); 3550 #else 3551 /* 3552 * XXX try to use old ieee80211 ABI, the new one isn't incorporated 3553 * into our ieee80211 yet. 3554 */ 3555 int failack = tx_resp->failure_frame; 3556 int ret; 3557 3558 if (status != IWM_TX_STATUS_SUCCESS && 3559 status != IWM_TX_STATUS_DIRECT_DONE) { 3560 if (rate_matched) { 3561 ieee80211_ratectl_tx_complete(vap, ni, 3562 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL); 3563 } 3564 ret = 1; 3565 } else { 3566 if (rate_matched) { 3567 ieee80211_ratectl_tx_complete(vap, ni, 3568 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL); 3569 } 3570 ret = 0; 3571 } 3572 3573 if (rate_matched) { 3574 int rix = ieee80211_ratectl_rate(vap->iv_bss, NULL, 0); 3575 new_rate = vap->iv_bss->ni_txrate; 3576 if (new_rate != 0 && new_rate != cur_rate) { 3577 struct iwm_node *in = IWM_NODE(vap->iv_bss); 3578 iwm_setrates(sc, in, rix); 3579 } 3580 } 3581 3582 return ret; 3583 3584 #endif 3585 } 3586 3587 static void 3588 iwm_rx_tx_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3589 { 3590 struct iwm_cmd_header *cmd_hdr; 3591 struct iwm_tx_ring *ring; 3592 struct iwm_tx_data *txd; 3593 struct iwm_node *in; 3594 struct mbuf *m; 3595 int idx, qid, qmsk, status; 3596 3597 cmd_hdr = &pkt->hdr; 3598 idx = cmd_hdr->idx; 3599 qid = cmd_hdr->qid; 3600 3601 ring = &sc->txq[qid]; 3602 txd = &ring->data[idx]; 3603 in = txd->in; 3604 m = txd->m; 3605 3606 KASSERT(txd->done == 0, ("txd not done")); 3607 KASSERT(txd->in != NULL, ("txd without node")); 3608 KASSERT(txd->m != NULL, ("txd without mbuf")); 3609 3610 sc->sc_tx_timer = 0; 3611 3612 status = iwm_rx_tx_cmd_single(sc, pkt, in); 3613 3614 /* Unmap and free mbuf. */ 3615 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE); 3616 bus_dmamap_unload(ring->data_dmat, txd->map); 3617 3618 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3619 "free txd %p, in %p\n", txd, txd->in); 3620 txd->done = 1; 3621 txd->m = NULL; 3622 txd->in = NULL; 3623 3624 ieee80211_tx_complete(&in->in_ni, m, status); 3625 3626 qmsk = 1 << qid; 3627 if (--ring->queued < IWM_TX_RING_LOMARK && (sc->qfullmsk & qmsk) != 0) { 3628 sc->qfullmsk &= ~qmsk; 3629 if (sc->qfullmsk == 0) 3630 iwm_start(sc); 3631 } 3632 } 3633 3634 /* 3635 * transmit side 3636 */ 3637 3638 /* 3639 * Process a "command done" firmware notification. This is where we wakeup 3640 * processes waiting for a synchronous command completion. 3641 * from if_iwn 3642 */ 3643 static void 3644 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3645 { 3646 struct iwm_tx_ring *ring = &sc->txq[IWM_CMD_QUEUE]; 3647 struct iwm_tx_data *data; 3648 3649 if (pkt->hdr.qid != IWM_CMD_QUEUE) { 3650 return; /* Not a command ack. */ 3651 } 3652 3653 /* XXX wide commands? */ 3654 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 3655 "cmd notification type 0x%x qid %d idx %d\n", 3656 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx); 3657 3658 data = &ring->data[pkt->hdr.idx]; 3659 3660 /* If the command was mapped in an mbuf, free it. */ 3661 if (data->m != NULL) { 3662 bus_dmamap_sync(ring->data_dmat, data->map, 3663 BUS_DMASYNC_POSTWRITE); 3664 bus_dmamap_unload(ring->data_dmat, data->map); 3665 m_freem(data->m); 3666 data->m = NULL; 3667 } 3668 wakeup(&ring->desc[pkt->hdr.idx]); 3669 3670 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) { 3671 device_printf(sc->sc_dev, 3672 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n", 3673 __func__, pkt->hdr.idx, ring->queued, ring->cur); 3674 /* XXX call iwm_force_nmi() */ 3675 } 3676 3677 KASSERT(ring->queued > 0, ("ring->queued is empty?")); 3678 ring->queued--; 3679 if (ring->queued == 0) 3680 iwm_pcie_clear_cmd_in_flight(sc); 3681 } 3682 3683 #if 0 3684 /* 3685 * necessary only for block ack mode 3686 */ 3687 void 3688 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 3689 uint16_t len) 3690 { 3691 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 3692 uint16_t w_val; 3693 3694 scd_bc_tbl = sc->sched_dma.vaddr; 3695 3696 len += 8; /* magic numbers came naturally from paris */ 3697 len = roundup(len, 4) / 4; 3698 3699 w_val = htole16(sta_id << 12 | len); 3700 3701 /* Update TX scheduler. */ 3702 scd_bc_tbl[qid].tfd_offset[idx] = w_val; 3703 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3704 BUS_DMASYNC_PREWRITE); 3705 3706 /* I really wonder what this is ?!? */ 3707 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) { 3708 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val; 3709 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3710 BUS_DMASYNC_PREWRITE); 3711 } 3712 } 3713 #endif 3714 3715 static int 3716 iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate) 3717 { 3718 int i; 3719 3720 for (i = 0; i < nitems(iwm_rates); i++) { 3721 if (iwm_rates[i].rate == rate) 3722 return (i); 3723 } 3724 /* XXX error? */ 3725 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3726 "%s: couldn't find an entry for rate=%d\n", 3727 __func__, 3728 rate); 3729 return (0); 3730 } 3731 3732 /* 3733 * Fill in the rate related information for a transmit command. 3734 */ 3735 static const struct iwm_rate * 3736 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 3737 struct mbuf *m, struct iwm_tx_cmd *tx) 3738 { 3739 struct ieee80211_node *ni = &in->in_ni; 3740 struct ieee80211_frame *wh; 3741 const struct ieee80211_txparam *tp = ni->ni_txparms; 3742 const struct iwm_rate *rinfo; 3743 int type; 3744 int ridx, rate_flags; 3745 3746 wh = mtod(m, struct ieee80211_frame *); 3747 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3748 3749 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 3750 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY; 3751 3752 if (type == IEEE80211_FC0_TYPE_MGT || 3753 type == IEEE80211_FC0_TYPE_CTL || 3754 (m->m_flags & M_EAPOL) != 0) { 3755 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3756 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3757 "%s: MGT (%d)\n", __func__, tp->mgmtrate); 3758 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3759 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate); 3760 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3761 "%s: MCAST (%d)\n", __func__, tp->mcastrate); 3762 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 3763 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate); 3764 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3765 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate); 3766 } else { 3767 /* for data frames, use RS table */ 3768 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__); 3769 ridx = iwm_rate2ridx(sc, ni->ni_txrate); 3770 if (ridx == -1) 3771 ridx = 0; 3772 3773 /* This is the index into the programmed table */ 3774 tx->initial_rate_index = 0; 3775 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 3776 } 3777 3778 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3779 "%s: frame type=%d txrate %d\n", 3780 __func__, type, iwm_rates[ridx].rate); 3781 3782 rinfo = &iwm_rates[ridx]; 3783 3784 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n", 3785 __func__, ridx, 3786 rinfo->rate, 3787 !! (IWM_RIDX_IS_CCK(ridx)) 3788 ); 3789 3790 /* XXX TODO: hard-coded TX antenna? */ 3791 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_9000) 3792 rate_flags = IWM_RATE_MCS_ANT_B_MSK; 3793 else 3794 rate_flags = IWM_RATE_MCS_ANT_A_MSK; 3795 if (IWM_RIDX_IS_CCK(ridx)) 3796 rate_flags |= IWM_RATE_MCS_CCK_MSK; 3797 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 3798 3799 return rinfo; 3800 } 3801 3802 #define TB0_SIZE 16 3803 static int 3804 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 3805 { 3806 struct ieee80211com *ic = &sc->sc_ic; 3807 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3808 struct iwm_node *in = IWM_NODE(ni); 3809 struct iwm_tx_ring *ring; 3810 struct iwm_tx_data *data; 3811 struct iwm_tfd *desc; 3812 struct iwm_device_cmd *cmd; 3813 struct iwm_tx_cmd *tx; 3814 struct ieee80211_frame *wh; 3815 struct ieee80211_key *k = NULL; 3816 struct mbuf *m1; 3817 const struct iwm_rate *rinfo; 3818 uint32_t flags; 3819 u_int hdrlen; 3820 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER]; 3821 int nsegs; 3822 uint8_t tid, type; 3823 int i, totlen, error, pad; 3824 3825 wh = mtod(m, struct ieee80211_frame *); 3826 hdrlen = ieee80211_anyhdrsize(wh); 3827 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3828 tid = 0; 3829 ring = &sc->txq[ac]; 3830 desc = &ring->desc[ring->cur]; 3831 data = &ring->data[ring->cur]; 3832 3833 /* Fill out iwm_tx_cmd to send to the firmware */ 3834 cmd = &ring->cmd[ring->cur]; 3835 cmd->hdr.code = IWM_TX_CMD; 3836 cmd->hdr.flags = 0; 3837 cmd->hdr.qid = ring->qid; 3838 cmd->hdr.idx = ring->cur; 3839 3840 tx = (void *)cmd->data; 3841 memset(tx, 0, sizeof(*tx)); 3842 3843 rinfo = iwm_tx_fill_cmd(sc, in, m, tx); 3844 3845 /* Encrypt the frame if need be. */ 3846 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 3847 /* Retrieve key for TX && do software encryption. */ 3848 k = ieee80211_crypto_encap(ni, m); 3849 if (k == NULL) { 3850 m_freem(m); 3851 return (ENOBUFS); 3852 } 3853 /* 802.11 header may have moved. */ 3854 wh = mtod(m, struct ieee80211_frame *); 3855 } 3856 3857 if (ieee80211_radiotap_active_vap(vap)) { 3858 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 3859 3860 tap->wt_flags = 0; 3861 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 3862 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 3863 tap->wt_rate = rinfo->rate; 3864 if (k != NULL) 3865 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3866 ieee80211_radiotap_tx(vap, m); 3867 } 3868 3869 flags = 0; 3870 totlen = m->m_pkthdr.len; 3871 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3872 flags |= IWM_TX_CMD_FLG_ACK; 3873 } 3874 3875 if (type == IEEE80211_FC0_TYPE_DATA && 3876 totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold && 3877 !IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3878 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 3879 } 3880 3881 tx->sta_id = IWM_STATION_ID; 3882 3883 if (type == IEEE80211_FC0_TYPE_MGT) { 3884 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3885 3886 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3887 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 3888 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC); 3889 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) { 3890 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3891 } else { 3892 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT); 3893 } 3894 } else { 3895 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3896 } 3897 3898 if (hdrlen & 3) { 3899 /* First segment length must be a multiple of 4. */ 3900 flags |= IWM_TX_CMD_FLG_MH_PAD; 3901 tx->offload_assist |= htole16(IWM_TX_CMD_OFFLD_PAD); 3902 pad = 4 - (hdrlen & 3); 3903 } else { 3904 tx->offload_assist = 0; 3905 pad = 0; 3906 } 3907 3908 tx->len = htole16(totlen); 3909 tx->tid_tspec = tid; 3910 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 3911 3912 /* Set physical address of "scratch area". */ 3913 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 3914 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 3915 3916 /* Copy 802.11 header in TX command. */ 3917 memcpy((uint8_t *)tx + sizeof(*tx), wh, hdrlen); 3918 3919 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL; 3920 3921 tx->sec_ctl = 0; 3922 tx->tx_flags |= htole32(flags); 3923 3924 /* Trim 802.11 header. */ 3925 m_adj(m, hdrlen); 3926 #if !defined(__DragonFly__) 3927 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3928 segs, &nsegs, BUS_DMA_NOWAIT); 3929 #else 3930 error = bus_dmamap_load_mbuf_defrag(ring->data_dmat, data->map, &m, 3931 segs, IWM_MAX_SCATTER - 2, 3932 &nsegs, BUS_DMA_NOWAIT); 3933 #endif 3934 if (error != 0) { 3935 if (error != EFBIG) { 3936 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3937 error); 3938 m_freem(m); 3939 return error; 3940 } 3941 /* Too many DMA segments, linearize mbuf. */ 3942 #if !defined(__DragonFly__) 3943 m1 = m_collapse(m, M_WAITOK, IWM_MAX_SCATTER - 2); 3944 #else 3945 m1 = m_defrag(m, M_NOWAIT); 3946 #endif 3947 if (m1 == NULL) { 3948 device_printf(sc->sc_dev, 3949 "%s: could not defrag mbuf\n", __func__); 3950 m_freem(m); 3951 return (ENOBUFS); 3952 } 3953 m = m1; 3954 3955 #if !defined(__DragonFly__) 3956 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3957 segs, &nsegs, BUS_DMA_NOWAIT); 3958 #else 3959 error = bus_dmamap_load_mbuf_defrag(ring->data_dmat, data->map, 3960 &m, segs, IWM_MAX_SCATTER - 2, &nsegs, BUS_DMA_NOWAIT); 3961 #endif 3962 if (error != 0) { 3963 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3964 error); 3965 m_freem(m); 3966 return error; 3967 } 3968 } 3969 data->m = m; 3970 data->in = in; 3971 data->done = 0; 3972 3973 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3974 "sending txd %p, in %p\n", data, data->in); 3975 KASSERT(data->in != NULL, ("node is NULL")); 3976 3977 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3978 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n", 3979 ring->qid, ring->cur, totlen, nsegs, 3980 le32toh(tx->tx_flags), 3981 le32toh(tx->rate_n_flags), 3982 tx->initial_rate_index 3983 ); 3984 3985 /* Fill TX descriptor. */ 3986 memset(desc, 0, sizeof(*desc)); 3987 desc->num_tbs = 2 + nsegs; 3988 3989 desc->tbs[0].lo = htole32(data->cmd_paddr); 3990 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr) | 3991 (TB0_SIZE << 4)); 3992 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 3993 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr) | 3994 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) + 3995 hdrlen + pad - TB0_SIZE) << 4)); 3996 3997 /* Other DMA segments are for data payload. */ 3998 for (i = 0; i < nsegs; i++) { 3999 seg = &segs[i]; 4000 desc->tbs[i + 2].lo = htole32(seg->ds_addr); 4001 desc->tbs[i + 2].hi_n_len = 4002 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) | 4003 (seg->ds_len << 4); 4004 } 4005 4006 bus_dmamap_sync(ring->data_dmat, data->map, 4007 BUS_DMASYNC_PREWRITE); 4008 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map, 4009 BUS_DMASYNC_PREWRITE); 4010 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 4011 BUS_DMASYNC_PREWRITE); 4012 4013 #if 0 4014 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len)); 4015 #endif 4016 4017 /* Kick TX ring. */ 4018 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 4019 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 4020 4021 /* Mark TX ring as full if we reach a certain threshold. */ 4022 if (++ring->queued > IWM_TX_RING_HIMARK) { 4023 sc->qfullmsk |= 1 << ring->qid; 4024 } 4025 4026 return 0; 4027 } 4028 4029 static int 4030 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 4031 const struct ieee80211_bpf_params *params) 4032 { 4033 struct ieee80211com *ic = ni->ni_ic; 4034 struct iwm_softc *sc = ic->ic_softc; 4035 int error = 0; 4036 4037 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 4038 "->%s begin\n", __func__); 4039 4040 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 4041 m_freem(m); 4042 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 4043 "<-%s not RUNNING\n", __func__); 4044 return (ENETDOWN); 4045 } 4046 4047 IWM_LOCK(sc); 4048 /* XXX fix this */ 4049 if (params == NULL) { 4050 error = iwm_tx(sc, m, ni, 0); 4051 } else { 4052 error = iwm_tx(sc, m, ni, 0); 4053 } 4054 if (sc->sc_tx_timer == 0) 4055 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4056 sc->sc_tx_timer = 5; 4057 IWM_UNLOCK(sc); 4058 4059 return (error); 4060 } 4061 4062 /* 4063 * mvm/tx.c 4064 */ 4065 4066 /* 4067 * Note that there are transports that buffer frames before they reach 4068 * the firmware. This means that after flush_tx_path is called, the 4069 * queue might not be empty. The race-free way to handle this is to: 4070 * 1) set the station as draining 4071 * 2) flush the Tx path 4072 * 3) wait for the transport queues to be empty 4073 */ 4074 int 4075 iwm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags) 4076 { 4077 int ret; 4078 struct iwm_tx_path_flush_cmd_v1 flush_cmd = { 4079 .queues_ctl = htole32(tfd_msk), 4080 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH), 4081 }; 4082 4083 ret = iwm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags, 4084 sizeof(flush_cmd), &flush_cmd); 4085 if (ret) 4086 device_printf(sc->sc_dev, 4087 "Flushing tx queue failed: %d\n", ret); 4088 return ret; 4089 } 4090 4091 /* 4092 * BEGIN mvm/quota.c 4093 */ 4094 4095 static int 4096 iwm_update_quotas(struct iwm_softc *sc, struct iwm_vap *ivp) 4097 { 4098 struct iwm_time_quota_cmd_v1 cmd; 4099 int i, idx, ret, num_active_macs, quota, quota_rem; 4100 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 4101 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 4102 uint16_t id; 4103 4104 memset(&cmd, 0, sizeof(cmd)); 4105 4106 /* currently, PHY ID == binding ID */ 4107 if (ivp) { 4108 id = ivp->phy_ctxt->id; 4109 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id")); 4110 colors[id] = ivp->phy_ctxt->color; 4111 4112 if (1) 4113 n_ifs[id] = 1; 4114 } 4115 4116 /* 4117 * The FW's scheduling session consists of 4118 * IWM_MAX_QUOTA fragments. Divide these fragments 4119 * equally between all the bindings that require quota 4120 */ 4121 num_active_macs = 0; 4122 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 4123 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 4124 num_active_macs += n_ifs[i]; 4125 } 4126 4127 quota = 0; 4128 quota_rem = 0; 4129 if (num_active_macs) { 4130 quota = IWM_MAX_QUOTA / num_active_macs; 4131 quota_rem = IWM_MAX_QUOTA % num_active_macs; 4132 } 4133 4134 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 4135 if (colors[i] < 0) 4136 continue; 4137 4138 cmd.quotas[idx].id_and_color = 4139 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 4140 4141 if (n_ifs[i] <= 0) { 4142 cmd.quotas[idx].quota = htole32(0); 4143 cmd.quotas[idx].max_duration = htole32(0); 4144 } else { 4145 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 4146 cmd.quotas[idx].max_duration = htole32(0); 4147 } 4148 idx++; 4149 } 4150 4151 /* Give the remainder of the session to the first binding */ 4152 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 4153 4154 ret = iwm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC, 4155 sizeof(cmd), &cmd); 4156 if (ret) 4157 device_printf(sc->sc_dev, 4158 "%s: Failed to send quota: %d\n", __func__, ret); 4159 return ret; 4160 } 4161 4162 /* 4163 * END mvm/quota.c 4164 */ 4165 4166 /* 4167 * ieee80211 routines 4168 */ 4169 4170 /* 4171 * Change to AUTH state in 80211 state machine. Roughly matches what 4172 * Linux does in bss_info_changed(). 4173 */ 4174 static int 4175 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc) 4176 { 4177 struct ieee80211_node *ni; 4178 struct iwm_node *in; 4179 struct iwm_vap *iv = IWM_VAP(vap); 4180 uint32_t duration; 4181 int error; 4182 4183 /* 4184 * XXX i have a feeling that the vap node is being 4185 * freed from underneath us. Grr. 4186 */ 4187 ni = ieee80211_ref_node(vap->iv_bss); 4188 in = IWM_NODE(ni); 4189 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE, 4190 "%s: called; vap=%p, bss ni=%p\n", 4191 __func__, 4192 vap, 4193 ni); 4194 IWM_DPRINTF(sc, IWM_DEBUG_STATE, "%s: Current node bssid: %s\n", 4195 __func__, ether_sprintf(ni->ni_bssid)); 4196 4197 in->in_assoc = 0; 4198 iv->iv_auth = 1; 4199 4200 /* 4201 * Firmware bug - it'll crash if the beacon interval is less 4202 * than 16. We can't avoid connecting at all, so refuse the 4203 * station state change, this will cause net80211 to abandon 4204 * attempts to connect to this AP, and eventually wpa_s will 4205 * blacklist the AP... 4206 */ 4207 if (ni->ni_intval < 16) { 4208 device_printf(sc->sc_dev, 4209 "AP %s beacon interval is %d, refusing due to firmware bug!\n", 4210 ether_sprintf(ni->ni_bssid), ni->ni_intval); 4211 error = EINVAL; 4212 goto out; 4213 } 4214 4215 error = iwm_allow_mcast(vap, sc); 4216 if (error) { 4217 device_printf(sc->sc_dev, 4218 "%s: failed to set multicast\n", __func__); 4219 goto out; 4220 } 4221 4222 /* 4223 * This is where it deviates from what Linux does. 4224 * 4225 * Linux iwlwifi doesn't reset the nic each time, nor does it 4226 * call ctxt_add() here. Instead, it adds it during vap creation, 4227 * and always does a mac_ctx_changed(). 4228 * 4229 * The openbsd port doesn't attempt to do that - it reset things 4230 * at odd states and does the add here. 4231 * 4232 * So, until the state handling is fixed (ie, we never reset 4233 * the NIC except for a firmware failure, which should drag 4234 * the NIC back to IDLE, re-setup and re-add all the mac/phy 4235 * contexts that are required), let's do a dirty hack here. 4236 */ 4237 if (iv->is_uploaded) { 4238 if ((error = iwm_mac_ctxt_changed(sc, vap)) != 0) { 4239 device_printf(sc->sc_dev, 4240 "%s: failed to update MAC\n", __func__); 4241 goto out; 4242 } 4243 } else { 4244 if ((error = iwm_mac_ctxt_add(sc, vap)) != 0) { 4245 device_printf(sc->sc_dev, 4246 "%s: failed to add MAC\n", __func__); 4247 goto out; 4248 } 4249 } 4250 sc->sc_firmware_state = 1; 4251 4252 if ((error = iwm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4253 in->in_ni.ni_chan, 1, 1)) != 0) { 4254 device_printf(sc->sc_dev, 4255 "%s: failed update phy ctxt\n", __func__); 4256 goto out; 4257 } 4258 iv->phy_ctxt = &sc->sc_phyctxt[0]; 4259 4260 if ((error = iwm_binding_add_vif(sc, iv)) != 0) { 4261 device_printf(sc->sc_dev, 4262 "%s: binding update cmd\n", __func__); 4263 goto out; 4264 } 4265 sc->sc_firmware_state = 2; 4266 /* 4267 * Authentication becomes unreliable when powersaving is left enabled 4268 * here. Powersaving will be activated again when association has 4269 * finished or is aborted. 4270 */ 4271 iv->ps_disabled = TRUE; 4272 error = iwm_power_update_mac(sc); 4273 iv->ps_disabled = FALSE; 4274 if (error != 0) { 4275 device_printf(sc->sc_dev, 4276 "%s: failed to update power management\n", 4277 __func__); 4278 goto out; 4279 } 4280 if ((error = iwm_add_sta(sc, in)) != 0) { 4281 device_printf(sc->sc_dev, 4282 "%s: failed to add sta\n", __func__); 4283 goto out; 4284 } 4285 sc->sc_firmware_state = 3; 4286 4287 /* 4288 * Prevent the FW from wandering off channel during association 4289 * by "protecting" the session with a time event. 4290 */ 4291 /* XXX duration is in units of TU, not MS */ 4292 duration = IWM_TE_SESSION_PROTECTION_MAX_TIME_MS; 4293 iwm_protect_session(sc, iv, duration, 500 /* XXX magic number */, TRUE); 4294 4295 error = 0; 4296 out: 4297 if (error != 0) 4298 iv->iv_auth = 0; 4299 ieee80211_free_node(ni); 4300 return (error); 4301 } 4302 4303 static struct ieee80211_node * 4304 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 4305 { 4306 return kmalloc(sizeof (struct iwm_node), M_80211_NODE, 4307 M_WAITOK | M_ZERO); 4308 } 4309 4310 static uint8_t 4311 iwm_rate_from_ucode_rate(uint32_t rate_n_flags) 4312 { 4313 uint8_t plcp = rate_n_flags & 0xff; 4314 int i; 4315 4316 for (i = 0; i <= IWM_RIDX_MAX; i++) { 4317 if (iwm_rates[i].plcp == plcp) 4318 return iwm_rates[i].rate; 4319 } 4320 return 0; 4321 } 4322 4323 uint8_t 4324 iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx) 4325 { 4326 int i; 4327 uint8_t rval; 4328 4329 for (i = 0; i < rs->rs_nrates; i++) { 4330 rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL); 4331 if (rval == iwm_rates[ridx].rate) 4332 return rs->rs_rates[i]; 4333 } 4334 4335 return 0; 4336 } 4337 4338 static int 4339 iwm_rate2ridx(struct iwm_softc *sc, uint8_t rate) 4340 { 4341 int i; 4342 4343 for (i = 0; i <= IWM_RIDX_MAX; i++) { 4344 if (iwm_rates[i].rate == rate) 4345 return i; 4346 } 4347 4348 device_printf(sc->sc_dev, 4349 "%s: WARNING: device rate for %u not found!\n", 4350 __func__, rate); 4351 4352 return -1; 4353 } 4354 4355 4356 static void 4357 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in, int rix) 4358 { 4359 struct ieee80211_node *ni = &in->in_ni; 4360 struct iwm_lq_cmd *lq = &in->in_lq; 4361 struct ieee80211_rateset *rs = &ni->ni_rates; 4362 int nrates = rs->rs_nrates; 4363 int i, ridx, tab = 0; 4364 // int txant = 0; 4365 4366 KASSERT(rix >= 0 && rix < nrates, ("invalid rix")); 4367 4368 if (nrates > nitems(lq->rs_table)) { 4369 device_printf(sc->sc_dev, 4370 "%s: node supports %d rates, driver handles " 4371 "only %zu\n", __func__, nrates, nitems(lq->rs_table)); 4372 return; 4373 } 4374 if (nrates == 0) { 4375 device_printf(sc->sc_dev, 4376 "%s: node supports 0 rates, odd!\n", __func__); 4377 return; 4378 } 4379 nrates = imin(rix + 1, nrates); 4380 4381 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4382 "%s: nrates=%d\n", __func__, nrates); 4383 4384 /* then construct a lq_cmd based on those */ 4385 memset(lq, 0, sizeof(*lq)); 4386 lq->sta_id = IWM_STATION_ID; 4387 4388 /* For HT, always enable RTS/CTS to avoid excessive retries. */ 4389 if (ni->ni_flags & IEEE80211_NODE_HT) 4390 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK; 4391 4392 /* 4393 * are these used? (we don't do SISO or MIMO) 4394 * need to set them to non-zero, though, or we get an error. 4395 */ 4396 lq->single_stream_ant_msk = 1; 4397 lq->dual_stream_ant_msk = 1; 4398 4399 /* 4400 * Build the actual rate selection table. 4401 * The lowest bits are the rates. Additionally, 4402 * CCK needs bit 9 to be set. The rest of the bits 4403 * we add to the table select the tx antenna 4404 * Note that we add the rates in the highest rate first 4405 * (opposite of ni_rates). 4406 */ 4407 for (i = 0; i < nrates; i++) { 4408 int rate = rs->rs_rates[rix - i] & IEEE80211_RATE_VAL; 4409 int nextant; 4410 4411 /* Map 802.11 rate to HW rate index. */ 4412 ridx = iwm_rate2ridx(sc, rate); 4413 if (ridx == -1) 4414 continue; 4415 4416 #if 0 4417 if (txant == 0) 4418 txant = iwm_get_valid_tx_ant(sc); 4419 nextant = 1<<(ffs(txant)-1); 4420 txant &= ~nextant; 4421 #else 4422 nextant = iwm_get_valid_tx_ant(sc); 4423 #endif 4424 tab = iwm_rates[ridx].plcp; 4425 tab |= nextant << IWM_RATE_MCS_ANT_POS; 4426 if (IWM_RIDX_IS_CCK(ridx)) 4427 tab |= IWM_RATE_MCS_CCK_MSK; 4428 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4429 "station rate i=%d, rate=%d, hw=%x\n", 4430 i, iwm_rates[ridx].rate, tab); 4431 lq->rs_table[i] = htole32(tab); 4432 } 4433 /* then fill the rest with the lowest possible rate */ 4434 for (i = nrates; i < nitems(lq->rs_table); i++) { 4435 KASSERT(tab != 0, ("invalid tab")); 4436 lq->rs_table[i] = htole32(tab); 4437 } 4438 } 4439 4440 static void 4441 iwm_bring_down_firmware(struct iwm_softc *sc, struct ieee80211vap *vap) 4442 { 4443 struct iwm_vap *ivp = IWM_VAP(vap); 4444 int error; 4445 4446 /* Avoid Tx watchdog triggering, when transfers get dropped here. */ 4447 sc->sc_tx_timer = 0; 4448 4449 ivp->iv_auth = 0; 4450 if (sc->sc_firmware_state == 3) { 4451 iwm_xmit_queue_drain(sc); 4452 // iwm_flush_tx_path(sc, 0xf, IWM_CMD_SYNC); 4453 error = iwm_rm_sta(sc, vap, TRUE); 4454 if (error) { 4455 device_printf(sc->sc_dev, 4456 "%s: Failed to remove station: %d\n", 4457 __func__, error); 4458 } 4459 } 4460 if (sc->sc_firmware_state == 3) { 4461 error = iwm_mac_ctxt_changed(sc, vap); 4462 if (error) { 4463 device_printf(sc->sc_dev, 4464 "%s: Failed to change mac context: %d\n", 4465 __func__, error); 4466 } 4467 } 4468 if (sc->sc_firmware_state == 3) { 4469 error = iwm_sf_update(sc, vap, FALSE); 4470 if (error) { 4471 device_printf(sc->sc_dev, 4472 "%s: Failed to update smart FIFO: %d\n", 4473 __func__, error); 4474 } 4475 } 4476 if (sc->sc_firmware_state == 3) { 4477 error = iwm_rm_sta_id(sc, vap); 4478 if (error) { 4479 device_printf(sc->sc_dev, 4480 "%s: Failed to remove station id: %d\n", 4481 __func__, error); 4482 } 4483 } 4484 if (sc->sc_firmware_state == 3) { 4485 error = iwm_update_quotas(sc, NULL); 4486 if (error) { 4487 device_printf(sc->sc_dev, 4488 "%s: Failed to update PHY quota: %d\n", 4489 __func__, error); 4490 } 4491 } 4492 if (sc->sc_firmware_state == 3) { 4493 /* XXX Might need to specify bssid correctly. */ 4494 error = iwm_mac_ctxt_changed(sc, vap); 4495 if (error) { 4496 device_printf(sc->sc_dev, 4497 "%s: Failed to change mac context: %d\n", 4498 __func__, error); 4499 } 4500 } 4501 if (sc->sc_firmware_state == 3) { 4502 sc->sc_firmware_state = 2; 4503 } 4504 if (sc->sc_firmware_state > 1) { 4505 error = iwm_binding_remove_vif(sc, ivp); 4506 if (error) { 4507 device_printf(sc->sc_dev, 4508 "%s: Failed to remove channel ctx: %d\n", 4509 __func__, error); 4510 } 4511 } 4512 if (sc->sc_firmware_state > 1) { 4513 sc->sc_firmware_state = 1; 4514 } 4515 ivp->phy_ctxt = NULL; 4516 if (sc->sc_firmware_state > 0) { 4517 error = iwm_mac_ctxt_changed(sc, vap); 4518 if (error) { 4519 device_printf(sc->sc_dev, 4520 "%s: Failed to change mac context: %d\n", 4521 __func__, error); 4522 } 4523 } 4524 if (sc->sc_firmware_state > 0) { 4525 error = iwm_power_update_mac(sc); 4526 if (error != 0) { 4527 device_printf(sc->sc_dev, 4528 "%s: failed to update power management\n", 4529 __func__); 4530 } 4531 } 4532 sc->sc_firmware_state = 0; 4533 } 4534 4535 static int 4536 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 4537 { 4538 struct iwm_vap *ivp = IWM_VAP(vap); 4539 struct ieee80211com *ic = vap->iv_ic; 4540 struct iwm_softc *sc = ic->ic_softc; 4541 struct iwm_node *in; 4542 int error; 4543 4544 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4545 "switching state %s -> %s arg=0x%x\n", 4546 ieee80211_state_name[vap->iv_state], 4547 ieee80211_state_name[nstate], 4548 arg); 4549 4550 IEEE80211_UNLOCK(ic); 4551 IWM_LOCK(sc); 4552 4553 if ((sc->sc_flags & IWM_FLAG_SCAN_RUNNING) && 4554 (nstate == IEEE80211_S_AUTH || 4555 nstate == IEEE80211_S_ASSOC || 4556 nstate == IEEE80211_S_RUN)) { 4557 /* Stop blinking for a scan, when authenticating. */ 4558 iwm_led_blink_stop(sc); 4559 } 4560 4561 if (vap->iv_state == IEEE80211_S_RUN && nstate != IEEE80211_S_RUN) { 4562 iwm_led_disable(sc); 4563 /* disable beacon filtering if we're hopping out of RUN */ 4564 iwm_disable_beacon_filter(sc); 4565 if (((in = IWM_NODE(vap->iv_bss)) != NULL)) 4566 in->in_assoc = 0; 4567 } 4568 4569 if ((vap->iv_state == IEEE80211_S_AUTH || 4570 vap->iv_state == IEEE80211_S_ASSOC || 4571 vap->iv_state == IEEE80211_S_RUN) && 4572 (nstate == IEEE80211_S_INIT || 4573 nstate == IEEE80211_S_SCAN || 4574 nstate == IEEE80211_S_AUTH)) { 4575 iwm_stop_session_protection(sc, ivp); 4576 } 4577 4578 if ((vap->iv_state == IEEE80211_S_RUN || 4579 vap->iv_state == IEEE80211_S_ASSOC) && 4580 nstate == IEEE80211_S_INIT) { 4581 /* 4582 * In this case, iv_newstate() wants to send an 80211 frame on 4583 * the network that we are leaving. So we need to call it, 4584 * before tearing down all the firmware state. 4585 */ 4586 IWM_UNLOCK(sc); 4587 IEEE80211_LOCK(ic); 4588 ivp->iv_newstate(vap, nstate, arg); 4589 IEEE80211_UNLOCK(ic); 4590 IWM_LOCK(sc); 4591 iwm_bring_down_firmware(sc, vap); 4592 IWM_UNLOCK(sc); 4593 IEEE80211_LOCK(ic); 4594 return 0; 4595 } 4596 4597 switch (nstate) { 4598 case IEEE80211_S_INIT: 4599 case IEEE80211_S_SCAN: 4600 break; 4601 4602 case IEEE80211_S_AUTH: 4603 iwm_bring_down_firmware(sc, vap); 4604 if ((error = iwm_auth(vap, sc)) != 0) { 4605 device_printf(sc->sc_dev, 4606 "%s: could not move to auth state: %d\n", 4607 __func__, error); 4608 iwm_bring_down_firmware(sc, vap); 4609 IWM_UNLOCK(sc); 4610 IEEE80211_LOCK(ic); 4611 return 1; 4612 } 4613 break; 4614 4615 case IEEE80211_S_ASSOC: 4616 /* 4617 * EBS may be disabled due to previous failures reported by FW. 4618 * Reset EBS status here assuming environment has been changed. 4619 */ 4620 sc->last_ebs_successful = TRUE; 4621 break; 4622 4623 case IEEE80211_S_RUN: 4624 in = IWM_NODE(vap->iv_bss); 4625 /* Update the association state, now we have it all */ 4626 /* (eg associd comes in at this point */ 4627 error = iwm_update_sta(sc, in); 4628 if (error != 0) { 4629 device_printf(sc->sc_dev, 4630 "%s: failed to update STA\n", __func__); 4631 IWM_UNLOCK(sc); 4632 IEEE80211_LOCK(ic); 4633 return error; 4634 } 4635 in->in_assoc = 1; 4636 error = iwm_mac_ctxt_changed(sc, vap); 4637 if (error != 0) { 4638 device_printf(sc->sc_dev, 4639 "%s: failed to update MAC: %d\n", __func__, error); 4640 } 4641 4642 iwm_sf_update(sc, vap, FALSE); 4643 iwm_enable_beacon_filter(sc, ivp); 4644 iwm_power_update_mac(sc); 4645 iwm_update_quotas(sc, ivp); 4646 int rix = ieee80211_ratectl_rate(&in->in_ni, NULL, 0); 4647 iwm_setrates(sc, in, rix); 4648 4649 if ((error = iwm_send_lq_cmd(sc, &in->in_lq, TRUE)) != 0) { 4650 device_printf(sc->sc_dev, 4651 "%s: IWM_LQ_CMD failed: %d\n", __func__, error); 4652 } 4653 4654 iwm_led_enable(sc); 4655 break; 4656 4657 default: 4658 break; 4659 } 4660 IWM_UNLOCK(sc); 4661 IEEE80211_LOCK(ic); 4662 4663 return (ivp->iv_newstate(vap, nstate, arg)); 4664 } 4665 4666 void 4667 iwm_endscan_cb(void *arg, int pending) 4668 { 4669 struct iwm_softc *sc = arg; 4670 struct ieee80211com *ic = &sc->sc_ic; 4671 4672 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE, 4673 "%s: scan ended\n", 4674 __func__); 4675 4676 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps)); 4677 } 4678 4679 static int 4680 iwm_send_bt_init_conf(struct iwm_softc *sc) 4681 { 4682 struct iwm_bt_coex_cmd bt_cmd; 4683 4684 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI); 4685 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET); 4686 4687 return iwm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), 4688 &bt_cmd); 4689 } 4690 4691 static boolean_t 4692 iwm_is_lar_supported(struct iwm_softc *sc) 4693 { 4694 boolean_t nvm_lar = sc->nvm_data->lar_enabled; 4695 boolean_t tlv_lar = iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_SUPPORT); 4696 4697 if (iwm_lar_disable) 4698 return FALSE; 4699 4700 /* 4701 * Enable LAR only if it is supported by the FW (TLV) && 4702 * enabled in the NVM 4703 */ 4704 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) 4705 return nvm_lar && tlv_lar; 4706 else 4707 return tlv_lar; 4708 } 4709 4710 static boolean_t 4711 iwm_is_wifi_mcc_supported(struct iwm_softc *sc) 4712 { 4713 return iwm_fw_has_api(sc, IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) || 4714 iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC); 4715 } 4716 4717 static int 4718 iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2) 4719 { 4720 struct iwm_mcc_update_cmd mcc_cmd; 4721 struct iwm_host_cmd hcmd = { 4722 .id = IWM_MCC_UPDATE_CMD, 4723 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB), 4724 .data = { &mcc_cmd }, 4725 }; 4726 int ret; 4727 #ifdef IWM_DEBUG 4728 struct iwm_rx_packet *pkt; 4729 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL; 4730 struct iwm_mcc_update_resp_v2 *mcc_resp; 4731 int n_channels; 4732 uint16_t mcc; 4733 #endif 4734 int resp_v2 = iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2); 4735 4736 if (!iwm_is_lar_supported(sc)) { 4737 IWM_DPRINTF(sc, IWM_DEBUG_LAR, "%s: no LAR support\n", 4738 __func__); 4739 return 0; 4740 } 4741 4742 memset(&mcc_cmd, 0, sizeof(mcc_cmd)); 4743 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]); 4744 if (iwm_is_wifi_mcc_supported(sc)) 4745 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT; 4746 else 4747 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW; 4748 4749 if (resp_v2) 4750 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd); 4751 else 4752 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1); 4753 4754 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 4755 "send MCC update to FW with '%c%c' src = %d\n", 4756 alpha2[0], alpha2[1], mcc_cmd.source_id); 4757 4758 ret = iwm_send_cmd(sc, &hcmd); 4759 if (ret) 4760 return ret; 4761 4762 #ifdef IWM_DEBUG 4763 pkt = hcmd.resp_pkt; 4764 4765 /* Extract MCC response */ 4766 if (resp_v2) { 4767 mcc_resp = (void *)pkt->data; 4768 mcc = mcc_resp->mcc; 4769 n_channels = le32toh(mcc_resp->n_channels); 4770 } else { 4771 mcc_resp_v1 = (void *)pkt->data; 4772 mcc = mcc_resp_v1->mcc; 4773 n_channels = le32toh(mcc_resp_v1->n_channels); 4774 } 4775 4776 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */ 4777 if (mcc == 0) 4778 mcc = 0x3030; /* "00" - world */ 4779 4780 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 4781 "regulatory domain '%c%c' (%d channels available)\n", 4782 mcc >> 8, mcc & 0xff, n_channels); 4783 #endif 4784 iwm_free_resp(sc, &hcmd); 4785 4786 return 0; 4787 } 4788 4789 static void 4790 iwm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff) 4791 { 4792 struct iwm_host_cmd cmd = { 4793 .id = IWM_REPLY_THERMAL_MNG_BACKOFF, 4794 .len = { sizeof(uint32_t), }, 4795 .data = { &backoff, }, 4796 }; 4797 4798 if (iwm_send_cmd(sc, &cmd) != 0) { 4799 device_printf(sc->sc_dev, 4800 "failed to change thermal tx backoff\n"); 4801 } 4802 } 4803 4804 static int 4805 iwm_init_hw(struct iwm_softc *sc) 4806 { 4807 struct ieee80211com *ic = &sc->sc_ic; 4808 int error, i, ac; 4809 4810 sc->sf_state = IWM_SF_UNINIT; 4811 4812 if ((error = iwm_start_hw(sc)) != 0) { 4813 kprintf("iwm_start_hw: failed %d\n", error); 4814 return error; 4815 } 4816 4817 if ((error = iwm_run_init_ucode(sc, 0)) != 0) { 4818 kprintf("iwm_run_init_ucode: failed %d\n", error); 4819 return error; 4820 } 4821 4822 /* 4823 * should stop and start HW since that INIT 4824 * image just loaded 4825 */ 4826 iwm_stop_device(sc); 4827 sc->sc_ps_disabled = FALSE; 4828 if ((error = iwm_start_hw(sc)) != 0) { 4829 device_printf(sc->sc_dev, "could not initialize hardware\n"); 4830 return error; 4831 } 4832 4833 /* omstart, this time with the regular firmware */ 4834 error = iwm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR); 4835 if (error) { 4836 device_printf(sc->sc_dev, "could not load firmware\n"); 4837 goto error; 4838 } 4839 4840 error = iwm_sf_update(sc, NULL, FALSE); 4841 if (error) 4842 device_printf(sc->sc_dev, "Failed to initialize Smart Fifo\n"); 4843 4844 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 4845 device_printf(sc->sc_dev, "bt init conf failed\n"); 4846 goto error; 4847 } 4848 4849 error = iwm_send_tx_ant_cfg(sc, iwm_get_valid_tx_ant(sc)); 4850 if (error != 0) { 4851 device_printf(sc->sc_dev, "antenna config failed\n"); 4852 goto error; 4853 } 4854 4855 /* Send phy db control command and then phy db calibration */ 4856 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0) 4857 goto error; 4858 4859 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) { 4860 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n"); 4861 goto error; 4862 } 4863 4864 /* Add auxiliary station for scanning */ 4865 if ((error = iwm_add_aux_sta(sc)) != 0) { 4866 device_printf(sc->sc_dev, "add_aux_sta failed\n"); 4867 goto error; 4868 } 4869 4870 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 4871 /* 4872 * The channel used here isn't relevant as it's 4873 * going to be overwritten in the other flows. 4874 * For now use the first channel we have. 4875 */ 4876 if ((error = iwm_phy_ctxt_add(sc, 4877 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0) 4878 goto error; 4879 } 4880 4881 /* Initialize tx backoffs to the minimum. */ 4882 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 4883 iwm_tt_tx_backoff(sc, 0); 4884 4885 if (iwm_config_ltr(sc) != 0) 4886 device_printf(sc->sc_dev, "PCIe LTR configuration failed\n"); 4887 4888 error = iwm_power_update_device(sc); 4889 if (error) 4890 goto error; 4891 4892 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0) 4893 goto error; 4894 4895 if (iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 4896 if ((error = iwm_config_umac_scan(sc)) != 0) 4897 goto error; 4898 } 4899 4900 /* Enable Tx queues. */ 4901 for (ac = 0; ac < WME_NUM_AC; ac++) { 4902 error = iwm_enable_txq(sc, IWM_STATION_ID, ac, 4903 iwm_ac_to_tx_fifo[ac]); 4904 if (error) 4905 goto error; 4906 } 4907 4908 if ((error = iwm_disable_beacon_filter(sc)) != 0) { 4909 device_printf(sc->sc_dev, "failed to disable beacon filter\n"); 4910 goto error; 4911 } 4912 4913 return 0; 4914 4915 error: 4916 iwm_stop_device(sc); 4917 return error; 4918 } 4919 4920 /* Allow multicast from our BSSID. */ 4921 static int 4922 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc) 4923 { 4924 struct ieee80211_node *ni = vap->iv_bss; 4925 struct iwm_mcast_filter_cmd *cmd; 4926 size_t size; 4927 int error; 4928 4929 size = roundup(sizeof(*cmd), 4); 4930 cmd = kmalloc(size, M_DEVBUF, M_WAITOK | M_ZERO); 4931 if (cmd == NULL) 4932 return ENOMEM; 4933 cmd->filter_own = 1; 4934 cmd->port_id = 0; 4935 cmd->count = 0; 4936 cmd->pass_all = 1; 4937 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid); 4938 4939 error = iwm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 4940 IWM_CMD_SYNC, size, cmd); 4941 kfree(cmd, M_DEVBUF); 4942 4943 return (error); 4944 } 4945 4946 /* 4947 * ifnet interfaces 4948 */ 4949 4950 static void 4951 iwm_init(struct iwm_softc *sc) 4952 { 4953 int error; 4954 4955 if (sc->sc_flags & IWM_FLAG_HW_INITED) { 4956 return; 4957 } 4958 sc->sc_generation++; 4959 sc->sc_flags &= ~IWM_FLAG_STOPPED; 4960 4961 if ((error = iwm_init_hw(sc)) != 0) { 4962 kprintf("iwm_init_hw failed %d\n", error); 4963 iwm_stop(sc); 4964 return; 4965 } 4966 4967 /* 4968 * Ok, firmware loaded and we are jogging 4969 */ 4970 sc->sc_flags |= IWM_FLAG_HW_INITED; 4971 } 4972 4973 static int 4974 iwm_transmit(struct ieee80211com *ic, struct mbuf *m) 4975 { 4976 struct iwm_softc *sc; 4977 int error; 4978 4979 sc = ic->ic_softc; 4980 4981 IWM_LOCK(sc); 4982 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 4983 IWM_UNLOCK(sc); 4984 return (ENXIO); 4985 } 4986 error = mbufq_enqueue(&sc->sc_snd, m); 4987 if (error) { 4988 IWM_UNLOCK(sc); 4989 return (error); 4990 } 4991 iwm_start(sc); 4992 IWM_UNLOCK(sc); 4993 return (0); 4994 } 4995 4996 /* 4997 * Dequeue packets from sendq and call send. 4998 */ 4999 static void 5000 iwm_start(struct iwm_softc *sc) 5001 { 5002 struct ieee80211_node *ni; 5003 struct mbuf *m; 5004 int ac = 0; 5005 5006 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__); 5007 while (sc->qfullmsk == 0 && 5008 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 5009 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 5010 if (iwm_tx(sc, m, ni, ac) != 0) { 5011 if_inc_counter(ni->ni_vap->iv_ifp, 5012 IFCOUNTER_OERRORS, 1); 5013 ieee80211_free_node(ni); 5014 continue; 5015 } 5016 if (sc->sc_tx_timer == 0) { 5017 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, 5018 sc); 5019 } 5020 sc->sc_tx_timer = 15; 5021 } 5022 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__); 5023 } 5024 5025 static void 5026 iwm_stop(struct iwm_softc *sc) 5027 { 5028 5029 sc->sc_flags &= ~IWM_FLAG_HW_INITED; 5030 sc->sc_flags |= IWM_FLAG_STOPPED; 5031 sc->sc_generation++; 5032 iwm_led_blink_stop(sc); 5033 sc->sc_tx_timer = 0; 5034 iwm_stop_device(sc); 5035 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5036 } 5037 5038 static void 5039 iwm_watchdog(void *arg) 5040 { 5041 struct iwm_softc *sc = arg; 5042 struct ieee80211com *ic = &sc->sc_ic; 5043 5044 if (sc->sc_attached == 0) 5045 return; 5046 5047 if (sc->sc_tx_timer > 0) { 5048 if (--sc->sc_tx_timer == 0) { 5049 device_printf(sc->sc_dev, "device timeout\n"); 5050 #ifdef IWM_DEBUG 5051 iwm_nic_error(sc); 5052 #endif 5053 ieee80211_restart_all(ic); 5054 #if defined(__DragonFly__) 5055 ++sc->sc_ic.ic_oerrors; 5056 #else 5057 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 5058 #endif 5059 return; 5060 } 5061 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 5062 } 5063 } 5064 5065 static void 5066 iwm_parent(struct ieee80211com *ic) 5067 { 5068 struct iwm_softc *sc = ic->ic_softc; 5069 int startall = 0; 5070 int rfkill = 0; 5071 5072 IWM_LOCK(sc); 5073 if (ic->ic_nrunning > 0) { 5074 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) { 5075 iwm_init(sc); 5076 rfkill = iwm_check_rfkill(sc); 5077 if (!rfkill) 5078 startall = 1; 5079 } 5080 } else if (sc->sc_flags & IWM_FLAG_HW_INITED) 5081 iwm_stop(sc); 5082 IWM_UNLOCK(sc); 5083 if (startall) 5084 ieee80211_start_all(ic); 5085 else if (rfkill) 5086 taskqueue_enqueue(sc->sc_tq, &sc->sc_rftoggle_task); 5087 } 5088 5089 static void 5090 iwm_rftoggle_task(void *arg, int npending __unused) 5091 { 5092 struct iwm_softc *sc = arg; 5093 struct ieee80211com *ic = &sc->sc_ic; 5094 int rfkill; 5095 5096 IWM_LOCK(sc); 5097 rfkill = iwm_check_rfkill(sc); 5098 IWM_UNLOCK(sc); 5099 if (rfkill) { 5100 device_printf(sc->sc_dev, 5101 "%s: rfkill switch, disabling interface\n", __func__); 5102 ieee80211_suspend_all(ic); 5103 ieee80211_notify_radio(ic, 0); 5104 } else { 5105 device_printf(sc->sc_dev, 5106 "%s: rfkill cleared, re-enabling interface\n", __func__); 5107 ieee80211_resume_all(ic); 5108 ieee80211_notify_radio(ic, 1); 5109 } 5110 } 5111 5112 /* 5113 * The interrupt side of things 5114 */ 5115 5116 /* 5117 * error dumping routines are from iwlwifi/mvm/utils.c 5118 */ 5119 5120 /* 5121 * Note: This structure is read from the device with IO accesses, 5122 * and the reading already does the endian conversion. As it is 5123 * read with uint32_t-sized accesses, any members with a different size 5124 * need to be ordered correctly though! 5125 */ 5126 struct iwm_error_event_table { 5127 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5128 uint32_t error_id; /* type of error */ 5129 uint32_t trm_hw_status0; /* TRM HW status */ 5130 uint32_t trm_hw_status1; /* TRM HW status */ 5131 uint32_t blink2; /* branch link */ 5132 uint32_t ilink1; /* interrupt link */ 5133 uint32_t ilink2; /* interrupt link */ 5134 uint32_t data1; /* error-specific data */ 5135 uint32_t data2; /* error-specific data */ 5136 uint32_t data3; /* error-specific data */ 5137 uint32_t bcon_time; /* beacon timer */ 5138 uint32_t tsf_low; /* network timestamp function timer */ 5139 uint32_t tsf_hi; /* network timestamp function timer */ 5140 uint32_t gp1; /* GP1 timer register */ 5141 uint32_t gp2; /* GP2 timer register */ 5142 uint32_t fw_rev_type; /* firmware revision type */ 5143 uint32_t major; /* uCode version major */ 5144 uint32_t minor; /* uCode version minor */ 5145 uint32_t hw_ver; /* HW Silicon version */ 5146 uint32_t brd_ver; /* HW board version */ 5147 uint32_t log_pc; /* log program counter */ 5148 uint32_t frame_ptr; /* frame pointer */ 5149 uint32_t stack_ptr; /* stack pointer */ 5150 uint32_t hcmd; /* last host command header */ 5151 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 5152 * rxtx_flag */ 5153 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 5154 * host_flag */ 5155 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 5156 * enc_flag */ 5157 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 5158 * time_flag */ 5159 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 5160 * wico interrupt */ 5161 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */ 5162 uint32_t wait_event; /* wait event() caller address */ 5163 uint32_t l2p_control; /* L2pControlField */ 5164 uint32_t l2p_duration; /* L2pDurationField */ 5165 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 5166 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 5167 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 5168 * (LMPM_PMG_SEL) */ 5169 uint32_t u_timestamp; /* indicate when the date and time of the 5170 * compilation */ 5171 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 5172 } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */; 5173 5174 /* 5175 * UMAC error struct - relevant starting from family 8000 chip. 5176 * Note: This structure is read from the device with IO accesses, 5177 * and the reading already does the endian conversion. As it is 5178 * read with u32-sized accesses, any members with a different size 5179 * need to be ordered correctly though! 5180 */ 5181 struct iwm_umac_error_event_table { 5182 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5183 uint32_t error_id; /* type of error */ 5184 uint32_t blink1; /* branch link */ 5185 uint32_t blink2; /* branch link */ 5186 uint32_t ilink1; /* interrupt link */ 5187 uint32_t ilink2; /* interrupt link */ 5188 uint32_t data1; /* error-specific data */ 5189 uint32_t data2; /* error-specific data */ 5190 uint32_t data3; /* error-specific data */ 5191 uint32_t umac_major; 5192 uint32_t umac_minor; 5193 uint32_t frame_pointer; /* core register 27*/ 5194 uint32_t stack_pointer; /* core register 28 */ 5195 uint32_t cmd_header; /* latest host cmd sent to UMAC */ 5196 uint32_t nic_isr_pref; /* ISR status register */ 5197 } __packed; 5198 5199 #define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 5200 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 5201 5202 #ifdef IWM_DEBUG 5203 struct { 5204 const char *name; 5205 uint8_t num; 5206 } advanced_lookup[] = { 5207 { "NMI_INTERRUPT_WDG", 0x34 }, 5208 { "SYSASSERT", 0x35 }, 5209 { "UCODE_VERSION_MISMATCH", 0x37 }, 5210 { "BAD_COMMAND", 0x38 }, 5211 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 5212 { "FATAL_ERROR", 0x3D }, 5213 { "NMI_TRM_HW_ERR", 0x46 }, 5214 { "NMI_INTERRUPT_TRM", 0x4C }, 5215 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 5216 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 5217 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 5218 { "NMI_INTERRUPT_HOST", 0x66 }, 5219 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 5220 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 5221 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 5222 { "ADVANCED_SYSASSERT", 0 }, 5223 }; 5224 5225 static const char * 5226 iwm_desc_lookup(uint32_t num) 5227 { 5228 int i; 5229 5230 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 5231 if (advanced_lookup[i].num == num) 5232 return advanced_lookup[i].name; 5233 5234 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 5235 return advanced_lookup[i].name; 5236 } 5237 5238 static void 5239 iwm_nic_umac_error(struct iwm_softc *sc) 5240 { 5241 struct iwm_umac_error_event_table table; 5242 uint32_t base; 5243 5244 base = sc->umac_error_event_table; 5245 5246 if (base < 0x800000) { 5247 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n", 5248 base); 5249 return; 5250 } 5251 5252 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5253 device_printf(sc->sc_dev, "reading errlog failed\n"); 5254 return; 5255 } 5256 5257 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5258 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n"); 5259 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5260 sc->sc_flags, table.valid); 5261 } 5262 5263 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id, 5264 iwm_desc_lookup(table.error_id)); 5265 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1); 5266 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2); 5267 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n", 5268 table.ilink1); 5269 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n", 5270 table.ilink2); 5271 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1); 5272 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2); 5273 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3); 5274 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major); 5275 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor); 5276 device_printf(sc->sc_dev, "0x%08X | frame pointer\n", 5277 table.frame_pointer); 5278 device_printf(sc->sc_dev, "0x%08X | stack pointer\n", 5279 table.stack_pointer); 5280 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header); 5281 device_printf(sc->sc_dev, "0x%08X | isr status reg\n", 5282 table.nic_isr_pref); 5283 } 5284 5285 /* 5286 * Support for dumping the error log seemed like a good idea ... 5287 * but it's mostly hex junk and the only sensible thing is the 5288 * hw/ucode revision (which we know anyway). Since it's here, 5289 * I'll just leave it in, just in case e.g. the Intel guys want to 5290 * help us decipher some "ADVANCED_SYSASSERT" later. 5291 */ 5292 static void 5293 iwm_nic_error(struct iwm_softc *sc) 5294 { 5295 struct iwm_error_event_table table; 5296 uint32_t base; 5297 5298 device_printf(sc->sc_dev, "dumping device error log\n"); 5299 base = sc->error_event_table[0]; 5300 if (base < 0x800000) { 5301 device_printf(sc->sc_dev, 5302 "Invalid error log pointer 0x%08x\n", base); 5303 return; 5304 } 5305 5306 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5307 device_printf(sc->sc_dev, "reading errlog failed\n"); 5308 return; 5309 } 5310 5311 if (!table.valid) { 5312 device_printf(sc->sc_dev, "errlog not found, skipping\n"); 5313 return; 5314 } 5315 5316 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5317 device_printf(sc->sc_dev, "Start Error Log Dump:\n"); 5318 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5319 sc->sc_flags, table.valid); 5320 } 5321 5322 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id, 5323 iwm_desc_lookup(table.error_id)); 5324 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n", 5325 table.trm_hw_status0); 5326 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n", 5327 table.trm_hw_status1); 5328 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2); 5329 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1); 5330 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2); 5331 device_printf(sc->sc_dev, "%08X | data1\n", table.data1); 5332 device_printf(sc->sc_dev, "%08X | data2\n", table.data2); 5333 device_printf(sc->sc_dev, "%08X | data3\n", table.data3); 5334 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time); 5335 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low); 5336 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi); 5337 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1); 5338 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2); 5339 device_printf(sc->sc_dev, "%08X | uCode revision type\n", 5340 table.fw_rev_type); 5341 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major); 5342 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor); 5343 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver); 5344 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver); 5345 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd); 5346 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0); 5347 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1); 5348 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2); 5349 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3); 5350 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4); 5351 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id); 5352 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event); 5353 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control); 5354 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration); 5355 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid); 5356 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match); 5357 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel); 5358 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp); 5359 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler); 5360 5361 if (sc->umac_error_event_table) 5362 iwm_nic_umac_error(sc); 5363 } 5364 #endif 5365 5366 static void 5367 iwm_handle_rxb(struct iwm_softc *sc, struct mbuf *m) 5368 { 5369 struct ieee80211com *ic = &sc->sc_ic; 5370 struct iwm_cmd_response *cresp; 5371 struct mbuf *m1; 5372 uint32_t offset = 0; 5373 uint32_t maxoff = IWM_RBUF_SIZE; 5374 uint32_t nextoff; 5375 boolean_t stolen = FALSE; 5376 5377 #define HAVEROOM(a) \ 5378 ((a) + sizeof(uint32_t) + sizeof(struct iwm_cmd_header) < maxoff) 5379 5380 while (HAVEROOM(offset)) { 5381 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, 5382 offset); 5383 int qid, idx, code, len; 5384 5385 qid = pkt->hdr.qid; 5386 idx = pkt->hdr.idx; 5387 5388 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 5389 5390 /* 5391 * randomly get these from the firmware, no idea why. 5392 * they at least seem harmless, so just ignore them for now 5393 */ 5394 if ((pkt->hdr.code == 0 && (qid & ~0x80) == 0 && idx == 0) || 5395 pkt->len_n_flags == htole32(IWM_FH_RSCSR_FRAME_INVALID)) { 5396 break; 5397 } 5398 5399 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5400 "rx packet qid=%d idx=%d type=%x\n", 5401 qid & ~0x80, pkt->hdr.idx, code); 5402 5403 len = iwm_rx_packet_len(pkt); 5404 len += sizeof(uint32_t); /* account for status word */ 5405 nextoff = offset + roundup2(len, IWM_FH_RSCSR_FRAME_ALIGN); 5406 5407 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt); 5408 5409 switch (code) { 5410 case IWM_REPLY_RX_PHY_CMD: 5411 iwm_rx_rx_phy_cmd(sc, pkt); 5412 break; 5413 5414 case IWM_REPLY_RX_MPDU_CMD: { 5415 /* 5416 * If this is the last frame in the RX buffer, we 5417 * can directly feed the mbuf to the sharks here. 5418 */ 5419 struct iwm_rx_packet *nextpkt = mtodoff(m, 5420 struct iwm_rx_packet *, nextoff); 5421 if (!HAVEROOM(nextoff) || 5422 (nextpkt->hdr.code == 0 && 5423 (nextpkt->hdr.qid & ~0x80) == 0 && 5424 nextpkt->hdr.idx == 0) || 5425 (nextpkt->len_n_flags == 5426 htole32(IWM_FH_RSCSR_FRAME_INVALID))) { 5427 if (iwm_rx_mpdu(sc, m, offset, stolen)) { 5428 stolen = FALSE; 5429 /* Make sure we abort the loop */ 5430 nextoff = maxoff; 5431 } 5432 break; 5433 } 5434 5435 /* 5436 * Use m_copym instead of m_split, because that 5437 * makes it easier to keep a valid rx buffer in 5438 * the ring, when iwm_rx_mpdu() fails. 5439 * 5440 * We need to start m_copym() at offset 0, to get the 5441 * M_PKTHDR flag preserved. 5442 */ 5443 m1 = m_copym(m, 0, M_COPYALL, M_WAITOK); 5444 if (m1) { 5445 if (iwm_rx_mpdu(sc, m1, offset, stolen)) 5446 stolen = TRUE; 5447 else 5448 m_freem(m1); 5449 } 5450 break; 5451 } 5452 5453 case IWM_TX_CMD: 5454 iwm_rx_tx_cmd(sc, pkt); 5455 break; 5456 5457 case IWM_MISSED_BEACONS_NOTIFICATION: { 5458 struct iwm_missed_beacons_notif *resp; 5459 int missed; 5460 5461 /* XXX look at mac_id to determine interface ID */ 5462 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5463 5464 resp = (void *)pkt->data; 5465 missed = le32toh(resp->consec_missed_beacons); 5466 5467 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE, 5468 "%s: MISSED_BEACON: mac_id=%d, " 5469 "consec_since_last_rx=%d, consec=%d, num_expect=%d " 5470 "num_rx=%d\n", 5471 __func__, 5472 le32toh(resp->mac_id), 5473 le32toh(resp->consec_missed_beacons_since_last_rx), 5474 le32toh(resp->consec_missed_beacons), 5475 le32toh(resp->num_expected_beacons), 5476 le32toh(resp->num_recvd_beacons)); 5477 5478 /* Be paranoid */ 5479 if (vap == NULL) 5480 break; 5481 5482 /* XXX no net80211 locking? */ 5483 if (vap->iv_state == IEEE80211_S_RUN && 5484 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 5485 if (missed > vap->iv_bmissthreshold) { 5486 /* XXX bad locking; turn into task */ 5487 IWM_UNLOCK(sc); 5488 ieee80211_beacon_miss(ic); 5489 IWM_LOCK(sc); 5490 } 5491 } 5492 5493 break; 5494 } 5495 5496 case IWM_MFUART_LOAD_NOTIFICATION: 5497 break; 5498 5499 case IWM_ALIVE: 5500 break; 5501 5502 case IWM_CALIB_RES_NOTIF_PHY_DB: 5503 break; 5504 5505 case IWM_STATISTICS_NOTIFICATION: 5506 iwm_handle_rx_statistics(sc, pkt); 5507 break; 5508 5509 case IWM_NVM_ACCESS_CMD: 5510 case IWM_MCC_UPDATE_CMD: 5511 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) { 5512 memcpy(sc->sc_cmd_resp, 5513 pkt, sizeof(sc->sc_cmd_resp)); 5514 } 5515 break; 5516 5517 case IWM_MCC_CHUB_UPDATE_CMD: { 5518 struct iwm_mcc_chub_notif *notif; 5519 notif = (void *)pkt->data; 5520 5521 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8; 5522 sc->sc_fw_mcc[1] = notif->mcc & 0xff; 5523 sc->sc_fw_mcc[2] = '\0'; 5524 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 5525 "fw source %d sent CC '%s'\n", 5526 notif->source_id, sc->sc_fw_mcc); 5527 break; 5528 } 5529 5530 case IWM_DTS_MEASUREMENT_NOTIFICATION: 5531 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP, 5532 IWM_DTS_MEASUREMENT_NOTIF_WIDE): { 5533 struct iwm_dts_measurement_notif_v1 *notif; 5534 5535 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) { 5536 device_printf(sc->sc_dev, 5537 "Invalid DTS_MEASUREMENT_NOTIFICATION\n"); 5538 break; 5539 } 5540 notif = (void *)pkt->data; 5541 IWM_DPRINTF(sc, IWM_DEBUG_TEMP, 5542 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n", 5543 notif->temp); 5544 break; 5545 } 5546 5547 case IWM_PHY_CONFIGURATION_CMD: 5548 case IWM_TX_ANT_CONFIGURATION_CMD: 5549 case IWM_ADD_STA: 5550 case IWM_MAC_CONTEXT_CMD: 5551 case IWM_REPLY_SF_CFG_CMD: 5552 case IWM_POWER_TABLE_CMD: 5553 case IWM_LTR_CONFIG: 5554 case IWM_PHY_CONTEXT_CMD: 5555 case IWM_BINDING_CONTEXT_CMD: 5556 case IWM_TIME_EVENT_CMD: 5557 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD): 5558 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC): 5559 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_ABORT_UMAC): 5560 case IWM_SCAN_OFFLOAD_REQUEST_CMD: 5561 case IWM_SCAN_OFFLOAD_ABORT_CMD: 5562 case IWM_REPLY_BEACON_FILTERING_CMD: 5563 case IWM_MAC_PM_POWER_TABLE: 5564 case IWM_TIME_QUOTA_CMD: 5565 case IWM_REMOVE_STA: 5566 case IWM_TXPATH_FLUSH: 5567 case IWM_LQ_CMD: 5568 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, 5569 IWM_FW_PAGING_BLOCK_CMD): 5570 case IWM_BT_CONFIG: 5571 case IWM_REPLY_THERMAL_MNG_BACKOFF: 5572 cresp = (void *)pkt->data; 5573 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) { 5574 memcpy(sc->sc_cmd_resp, 5575 pkt, sizeof(*pkt)+sizeof(*cresp)); 5576 } 5577 break; 5578 5579 /* ignore */ 5580 case IWM_PHY_DB_CMD: 5581 break; 5582 5583 case IWM_INIT_COMPLETE_NOTIF: 5584 break; 5585 5586 case IWM_SCAN_OFFLOAD_COMPLETE: 5587 iwm_rx_lmac_scan_complete_notif(sc, pkt); 5588 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 5589 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5590 ieee80211_runtask(ic, &sc->sc_es_task); 5591 } 5592 break; 5593 5594 case IWM_SCAN_ITERATION_COMPLETE: { 5595 break; 5596 } 5597 5598 case IWM_SCAN_COMPLETE_UMAC: 5599 iwm_rx_umac_scan_complete_notif(sc, pkt); 5600 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 5601 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5602 ieee80211_runtask(ic, &sc->sc_es_task); 5603 } 5604 break; 5605 5606 case IWM_SCAN_ITERATION_COMPLETE_UMAC: { 5607 #ifdef IWM_DEBUG 5608 struct iwm_umac_scan_iter_complete_notif *notif; 5609 notif = (void *)pkt->data; 5610 5611 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration " 5612 "complete, status=0x%x, %d channels scanned\n", 5613 notif->status, notif->scanned_channels); 5614 #endif 5615 break; 5616 } 5617 5618 case IWM_REPLY_ERROR: { 5619 struct iwm_error_resp *resp; 5620 resp = (void *)pkt->data; 5621 5622 device_printf(sc->sc_dev, 5623 "firmware error 0x%x, cmd 0x%x\n", 5624 le32toh(resp->error_type), 5625 resp->cmd_id); 5626 break; 5627 } 5628 5629 case IWM_TIME_EVENT_NOTIFICATION: 5630 iwm_rx_time_event_notif(sc, pkt); 5631 break; 5632 5633 /* 5634 * Firmware versions 21 and 22 generate some DEBUG_LOG_MSG 5635 * messages. Just ignore them for now. 5636 */ 5637 case IWM_DEBUG_LOG_MSG: 5638 break; 5639 5640 case IWM_MCAST_FILTER_CMD: 5641 break; 5642 5643 case IWM_SCD_QUEUE_CFG: { 5644 #ifdef IWM_DEBUG 5645 struct iwm_scd_txq_cfg_rsp *rsp; 5646 rsp = (void *)pkt->data; 5647 5648 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 5649 "queue cfg token=0x%x sta_id=%d " 5650 "tid=%d scd_queue=%d\n", 5651 rsp->token, rsp->sta_id, rsp->tid, 5652 rsp->scd_queue); 5653 #endif 5654 break; 5655 } 5656 5657 default: 5658 device_printf(sc->sc_dev, 5659 "code %x, frame %d/%d %x unhandled\n", 5660 code, qid & ~0x80, idx, pkt->len_n_flags); 5661 break; 5662 } 5663 5664 /* 5665 * Why test bit 0x80? The Linux driver: 5666 * 5667 * There is one exception: uCode sets bit 15 when it 5668 * originates the response/notification, i.e. when the 5669 * response/notification is not a direct response to a 5670 * command sent by the driver. For example, uCode issues 5671 * IWM_REPLY_RX when it sends a received frame to the driver; 5672 * it is not a direct response to any driver command. 5673 * 5674 * Ok, so since when is 7 == 15? Well, the Linux driver 5675 * uses a slightly different format for pkt->hdr, and "qid" 5676 * is actually the upper byte of a two-byte field. 5677 */ 5678 if (!(qid & (1 << 7))) 5679 iwm_cmd_done(sc, pkt); 5680 5681 offset = nextoff; 5682 } 5683 if (stolen) 5684 m_freem(m); 5685 #undef HAVEROOM 5686 } 5687 5688 /* 5689 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt. 5690 * Basic structure from if_iwn 5691 */ 5692 static void 5693 iwm_notif_intr(struct iwm_softc *sc) 5694 { 5695 int count; 5696 uint32_t wreg; 5697 uint16_t hw; 5698 5699 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map, 5700 BUS_DMASYNC_POSTREAD); 5701 5702 if (sc->cfg->mqrx_supported) { 5703 count = IWM_RX_MQ_RING_COUNT; 5704 wreg = IWM_RFH_Q0_FRBDCB_WIDX_TRG; 5705 } else { 5706 count = IWM_RX_LEGACY_RING_COUNT; 5707 wreg = IWM_FH_RSCSR_CHNL0_WPTR; 5708 } 5709 5710 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 5711 5712 /* 5713 * Process responses 5714 */ 5715 while (sc->rxq.cur != hw) { 5716 struct iwm_rx_ring *ring = &sc->rxq; 5717 struct iwm_rx_data *data = &ring->data[ring->cur]; 5718 5719 bus_dmamap_sync(ring->data_dmat, data->map, 5720 BUS_DMASYNC_POSTREAD); 5721 5722 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5723 "%s: hw = %d cur = %d\n", __func__, hw, ring->cur); 5724 iwm_handle_rxb(sc, data->m); 5725 5726 ring->cur = (ring->cur + 1) % count; 5727 } 5728 5729 /* 5730 * Tell the firmware that it can reuse the ring entries that 5731 * we have just processed. 5732 * Seems like the hardware gets upset unless we align 5733 * the write by 8?? 5734 */ 5735 hw = (hw == 0) ? count - 1 : hw - 1; 5736 IWM_WRITE(sc, wreg, rounddown2(hw, 8)); 5737 } 5738 5739 static void 5740 iwm_intr(void *arg) 5741 { 5742 struct iwm_softc *sc = arg; 5743 int handled = 0; 5744 int r1, r2; 5745 int isperiodic = 0; 5746 5747 #if defined(__DragonFly__) 5748 if (sc->sc_mem == NULL) { 5749 kprintf("iwm_intr: detached\n"); 5750 return; 5751 } 5752 #endif 5753 5754 IWM_LOCK(sc); 5755 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 5756 5757 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 5758 uint32_t *ict = sc->ict_dma.vaddr; 5759 int tmp; 5760 5761 tmp = htole32(ict[sc->ict_cur]); 5762 if (!tmp) 5763 goto out_ena; 5764 5765 /* 5766 * ok, there was something. keep plowing until we have all. 5767 */ 5768 r1 = r2 = 0; 5769 while (tmp) { 5770 r1 |= tmp; 5771 ict[sc->ict_cur] = 0; 5772 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 5773 tmp = htole32(ict[sc->ict_cur]); 5774 } 5775 5776 /* this is where the fun begins. don't ask */ 5777 if (r1 == 0xffffffff) 5778 r1 = 0; 5779 5780 /* i am not expected to understand this */ 5781 if (r1 & 0xc0000) 5782 r1 |= 0x8000; 5783 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 5784 } else { 5785 r1 = IWM_READ(sc, IWM_CSR_INT); 5786 /* "hardware gone" (where, fishing?) */ 5787 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 5788 goto out; 5789 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 5790 } 5791 if (r1 == 0 && r2 == 0) { 5792 goto out_ena; 5793 } 5794 5795 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 5796 5797 /* Safely ignore these bits for debug checks below */ 5798 r1 &= ~(IWM_CSR_INT_BIT_ALIVE | IWM_CSR_INT_BIT_SCD); 5799 5800 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 5801 int i; 5802 struct ieee80211com *ic = &sc->sc_ic; 5803 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5804 5805 #ifdef IWM_DEBUG 5806 iwm_nic_error(sc); 5807 #endif 5808 /* Dump driver status (TX and RX rings) while we're here. */ 5809 device_printf(sc->sc_dev, "driver status:\n"); 5810 for (i = 0; i < IWM_MAX_QUEUES; i++) { 5811 struct iwm_tx_ring *ring = &sc->txq[i]; 5812 device_printf(sc->sc_dev, 5813 " tx ring %2d: qid=%-2d cur=%-3d " 5814 "queued=%-3d\n", 5815 i, ring->qid, ring->cur, ring->queued); 5816 } 5817 device_printf(sc->sc_dev, 5818 " rx ring: cur=%d\n", sc->rxq.cur); 5819 device_printf(sc->sc_dev, 5820 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state); 5821 5822 /* Reset our firmware state tracking. */ 5823 sc->sc_firmware_state = 0; 5824 /* Don't stop the device; just do a VAP restart */ 5825 IWM_UNLOCK(sc); 5826 5827 if (vap == NULL) { 5828 kprintf("%s: null vap\n", __func__); 5829 return; 5830 } 5831 5832 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; " 5833 "restarting\n", __func__, vap->iv_state); 5834 5835 ieee80211_restart_all(ic); 5836 return; 5837 } 5838 5839 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 5840 handled |= IWM_CSR_INT_BIT_HW_ERR; 5841 device_printf(sc->sc_dev, "hardware error, stopping device\n"); 5842 iwm_stop(sc); 5843 goto out; 5844 } 5845 5846 /* firmware chunk loaded */ 5847 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 5848 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 5849 handled |= IWM_CSR_INT_BIT_FH_TX; 5850 sc->sc_fw_chunk_done = 1; 5851 wakeup(&sc->sc_fw); 5852 } 5853 5854 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 5855 handled |= IWM_CSR_INT_BIT_RF_KILL; 5856 taskqueue_enqueue(sc->sc_tq, &sc->sc_rftoggle_task); 5857 } 5858 5859 /* 5860 * The Linux driver uses periodic interrupts to avoid races. 5861 * We cargo-cult like it's going out of fashion. 5862 */ 5863 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 5864 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 5865 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 5866 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0) 5867 IWM_WRITE_1(sc, 5868 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 5869 isperiodic = 1; 5870 } 5871 5872 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) { 5873 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 5874 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 5875 5876 iwm_notif_intr(sc); 5877 5878 /* enable periodic interrupt, see above */ 5879 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic) 5880 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 5881 IWM_CSR_INT_PERIODIC_ENA); 5882 } 5883 5884 if (__predict_false(r1 & ~handled)) 5885 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5886 "%s: unhandled interrupts: %x\n", __func__, r1); 5887 out_ena: 5888 iwm_restore_interrupts(sc); 5889 out: 5890 IWM_UNLOCK(sc); 5891 return; 5892 } 5893 5894 /* 5895 * Autoconf glue-sniffing 5896 */ 5897 #define PCI_VENDOR_INTEL 0x8086 5898 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 5899 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 5900 #define PCI_PRODUCT_INTEL_WL_3165_1 0x3165 5901 #define PCI_PRODUCT_INTEL_WL_3165_2 0x3166 5902 #define PCI_PRODUCT_INTEL_WL_3168_1 0x24fb 5903 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 5904 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 5905 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 5906 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 5907 #define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3 5908 #define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4 5909 #define PCI_PRODUCT_INTEL_WL_8265_1 0x24fd 5910 #define PCI_PRODUCT_INTEL_WL_9560_1 0x9df0 5911 #define PCI_PRODUCT_INTEL_WL_9560_2 0xa370 5912 #define PCI_PRODUCT_INTEL_WL_9560_3 0x31dc 5913 #define PCI_PRODUCT_INTEL_WL_9260_1 0x2526 5914 5915 static const struct iwm_devices { 5916 uint16_t device; 5917 const struct iwm_cfg *cfg; 5918 } iwm_devices[] = { 5919 { PCI_PRODUCT_INTEL_WL_3160_1, &iwm3160_cfg }, 5920 { PCI_PRODUCT_INTEL_WL_3160_2, &iwm3160_cfg }, 5921 { PCI_PRODUCT_INTEL_WL_3165_1, &iwm3165_cfg }, 5922 { PCI_PRODUCT_INTEL_WL_3165_2, &iwm3165_cfg }, 5923 { PCI_PRODUCT_INTEL_WL_3168_1, &iwm3168_cfg }, 5924 { PCI_PRODUCT_INTEL_WL_7260_1, &iwm7260_cfg }, 5925 { PCI_PRODUCT_INTEL_WL_7260_2, &iwm7260_cfg }, 5926 { PCI_PRODUCT_INTEL_WL_7265_1, &iwm7265_cfg }, 5927 { PCI_PRODUCT_INTEL_WL_7265_2, &iwm7265_cfg }, 5928 { PCI_PRODUCT_INTEL_WL_8260_1, &iwm8260_cfg }, 5929 { PCI_PRODUCT_INTEL_WL_8260_2, &iwm8260_cfg }, 5930 { PCI_PRODUCT_INTEL_WL_8265_1, &iwm8265_cfg }, 5931 { PCI_PRODUCT_INTEL_WL_9560_1, &iwm9560_cfg }, 5932 { PCI_PRODUCT_INTEL_WL_9560_2, &iwm9560_cfg }, 5933 { PCI_PRODUCT_INTEL_WL_9560_3, &iwm9560_cfg }, 5934 { PCI_PRODUCT_INTEL_WL_9260_1, &iwm9260_cfg }, 5935 }; 5936 5937 static int 5938 iwm_probe(device_t dev) 5939 { 5940 int i; 5941 5942 for (i = 0; i < nitems(iwm_devices); i++) { 5943 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL && 5944 pci_get_device(dev) == iwm_devices[i].device) { 5945 device_set_desc(dev, iwm_devices[i].cfg->name); 5946 return (BUS_PROBE_DEFAULT); 5947 } 5948 } 5949 5950 return (ENXIO); 5951 } 5952 5953 static int 5954 iwm_dev_check(device_t dev) 5955 { 5956 struct iwm_softc *sc; 5957 uint16_t devid; 5958 int i; 5959 5960 sc = device_get_softc(dev); 5961 5962 devid = pci_get_device(dev); 5963 for (i = 0; i < nitems(iwm_devices); i++) { 5964 if (iwm_devices[i].device == devid) { 5965 sc->cfg = iwm_devices[i].cfg; 5966 return (0); 5967 } 5968 } 5969 device_printf(dev, "unknown adapter type\n"); 5970 return ENXIO; 5971 } 5972 5973 /* PCI registers */ 5974 #define PCI_CFG_RETRY_TIMEOUT 0x041 5975 5976 static int 5977 iwm_pci_attach(device_t dev) 5978 { 5979 struct iwm_softc *sc; 5980 int count, error, rid; 5981 uint16_t reg; 5982 #if defined(__DragonFly__) 5983 int irq_flags; 5984 #endif 5985 5986 sc = device_get_softc(dev); 5987 5988 /* We disable the RETRY_TIMEOUT register (0x41) to keep 5989 * PCI Tx retries from interfering with C3 CPU state */ 5990 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 5991 5992 /* Enable bus-mastering and hardware bug workaround. */ 5993 pci_enable_busmaster(dev); 5994 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg)); 5995 /* if !MSI */ 5996 if (reg & PCIM_STATUS_INTxSTATE) { 5997 reg &= ~PCIM_STATUS_INTxSTATE; 5998 } 5999 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg)); 6000 6001 rid = PCIR_BAR(0); 6002 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 6003 RF_ACTIVE); 6004 if (sc->sc_mem == NULL) { 6005 device_printf(sc->sc_dev, "can't map mem space\n"); 6006 return (ENXIO); 6007 } 6008 sc->sc_st = rman_get_bustag(sc->sc_mem); 6009 sc->sc_sh = rman_get_bushandle(sc->sc_mem); 6010 6011 /* Install interrupt handler. */ 6012 count = 1; 6013 rid = 0; 6014 #if defined(__DragonFly__) 6015 pci_alloc_1intr(dev, iwm_msi_enable, &rid, &irq_flags); 6016 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, irq_flags); 6017 #else 6018 if (pci_alloc_msi(dev, &count) == 0) 6019 rid = 1; 6020 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 6021 (rid != 0 ? 0 : RF_SHAREABLE)); 6022 #endif 6023 if (sc->sc_irq == NULL) { 6024 device_printf(dev, "can't map interrupt\n"); 6025 return (ENXIO); 6026 } 6027 #if defined(__DragonFly__) 6028 error = bus_setup_intr(dev, sc->sc_irq, INTR_MPSAFE, 6029 iwm_intr, sc, &sc->sc_ih, 6030 &wlan_global_serializer); 6031 #else 6032 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE, 6033 NULL, iwm_intr, sc, &sc->sc_ih); 6034 #endif 6035 if (error != 0) { 6036 device_printf(dev, "can't establish interrupt"); 6037 #if defined(__DragonFly__) 6038 pci_release_msi(dev); 6039 #endif 6040 return (error); 6041 } 6042 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 6043 6044 return (0); 6045 } 6046 6047 static void 6048 iwm_pci_detach(device_t dev) 6049 { 6050 struct iwm_softc *sc = device_get_softc(dev); 6051 6052 if (sc->sc_irq != NULL) { 6053 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih); 6054 bus_release_resource(dev, SYS_RES_IRQ, 6055 rman_get_rid(sc->sc_irq), sc->sc_irq); 6056 pci_release_msi(dev); 6057 #if defined(__DragonFly__) 6058 sc->sc_irq = NULL; 6059 #endif 6060 } 6061 if (sc->sc_mem != NULL) { 6062 bus_release_resource(dev, SYS_RES_MEMORY, 6063 rman_get_rid(sc->sc_mem), sc->sc_mem); 6064 #if defined(__DragonFly__) 6065 sc->sc_mem = NULL; 6066 #endif 6067 } 6068 } 6069 6070 static int 6071 iwm_attach(device_t dev) 6072 { 6073 struct iwm_softc *sc = device_get_softc(dev); 6074 struct ieee80211com *ic = &sc->sc_ic; 6075 int error; 6076 int txq_i, i; 6077 6078 sc->sc_dev = dev; 6079 sc->sc_attached = 1; 6080 IWM_LOCK_INIT(sc); 6081 mbufq_init(&sc->sc_snd, ifqmaxlen); 6082 callout_init_lk(&sc->sc_watchdog_to, &sc->sc_lk); 6083 callout_init_lk(&sc->sc_led_blink_to, &sc->sc_lk); 6084 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc); 6085 TASK_INIT(&sc->sc_rftoggle_task, 0, iwm_rftoggle_task, sc); 6086 6087 sc->sc_tq = taskqueue_create("iwm_taskq", M_WAITOK, 6088 taskqueue_thread_enqueue, &sc->sc_tq); 6089 error = taskqueue_start_threads(&sc->sc_tq, 1, TDPRI_KERN_DAEMON, -1, "iwm_taskq"); 6090 if (error != 0) { 6091 device_printf(dev, "can't start taskq thread, error %d\n", 6092 error); 6093 goto fail; 6094 } 6095 6096 error = iwm_dev_check(dev); 6097 if (error != 0) 6098 goto fail; 6099 6100 sc->sc_notif_wait = iwm_notification_wait_init(sc); 6101 if (sc->sc_notif_wait == NULL) { 6102 device_printf(dev, "failed to init notification wait struct\n"); 6103 goto fail; 6104 } 6105 6106 sc->sf_state = IWM_SF_UNINIT; 6107 6108 /* Init phy db */ 6109 sc->sc_phy_db = iwm_phy_db_init(sc); 6110 if (!sc->sc_phy_db) { 6111 device_printf(dev, "Cannot init phy_db\n"); 6112 goto fail; 6113 } 6114 6115 /* Set EBS as successful as long as not stated otherwise by the FW. */ 6116 sc->last_ebs_successful = TRUE; 6117 6118 /* PCI attach */ 6119 error = iwm_pci_attach(dev); 6120 if (error != 0) 6121 goto fail; 6122 6123 sc->sc_wantresp = -1; 6124 6125 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 6126 /* 6127 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have 6128 * changed, and now the revision step also includes bit 0-1 (no more 6129 * "dash" value). To keep hw_rev backwards compatible - we'll store it 6130 * in the old format. 6131 */ 6132 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) { 6133 int ret; 6134 uint32_t hw_step; 6135 6136 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) | 6137 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2); 6138 6139 if (iwm_prepare_card_hw(sc) != 0) { 6140 device_printf(dev, "could not initialize hardware\n"); 6141 goto fail; 6142 } 6143 6144 /* 6145 * In order to recognize C step the driver should read the 6146 * chip version id located at the AUX bus MISC address. 6147 */ 6148 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 6149 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 6150 DELAY(2); 6151 6152 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 6153 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 6154 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 6155 25000); 6156 if (!ret) { 6157 device_printf(sc->sc_dev, 6158 "Failed to wake up the nic\n"); 6159 goto fail; 6160 } 6161 6162 if (iwm_nic_lock(sc)) { 6163 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG); 6164 hw_step |= IWM_ENABLE_WFPM; 6165 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step); 6166 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG); 6167 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF; 6168 if (hw_step == 0x3) 6169 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) | 6170 (IWM_SILICON_C_STEP << 2); 6171 iwm_nic_unlock(sc); 6172 } else { 6173 device_printf(sc->sc_dev, "Failed to lock the nic\n"); 6174 goto fail; 6175 } 6176 } 6177 6178 /* special-case 7265D, it has the same PCI IDs. */ 6179 if (sc->cfg == &iwm7265_cfg && 6180 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) { 6181 sc->cfg = &iwm7265d_cfg; 6182 } 6183 6184 /* Allocate DMA memory for firmware transfers. */ 6185 if ((error = iwm_alloc_fwmem(sc)) != 0) { 6186 device_printf(dev, "could not allocate memory for firmware\n"); 6187 goto fail; 6188 } 6189 6190 /* Allocate "Keep Warm" page. */ 6191 if ((error = iwm_alloc_kw(sc)) != 0) { 6192 device_printf(dev, "could not allocate keep warm page\n"); 6193 goto fail; 6194 } 6195 6196 /* We use ICT interrupts */ 6197 if ((error = iwm_alloc_ict(sc)) != 0) { 6198 device_printf(dev, "could not allocate ICT table\n"); 6199 goto fail; 6200 } 6201 6202 /* Allocate TX scheduler "rings". */ 6203 if ((error = iwm_alloc_sched(sc)) != 0) { 6204 device_printf(dev, "could not allocate TX scheduler rings\n"); 6205 goto fail; 6206 } 6207 6208 /* Allocate TX rings */ 6209 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 6210 if ((error = iwm_alloc_tx_ring(sc, 6211 &sc->txq[txq_i], txq_i)) != 0) { 6212 device_printf(dev, 6213 "could not allocate TX ring %d\n", 6214 txq_i); 6215 goto fail; 6216 } 6217 } 6218 6219 /* Allocate RX ring. */ 6220 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) { 6221 device_printf(dev, "could not allocate RX ring\n"); 6222 goto fail; 6223 } 6224 6225 /* Clear pending interrupts. */ 6226 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 6227 6228 ic->ic_softc = sc; 6229 ic->ic_name = device_get_nameunit(sc->sc_dev); 6230 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 6231 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 6232 6233 /* Set device capabilities. */ 6234 ic->ic_caps = 6235 IEEE80211_C_STA | 6236 IEEE80211_C_WPA | /* WPA/RSN */ 6237 IEEE80211_C_WME | 6238 IEEE80211_C_PMGT | 6239 IEEE80211_C_SHSLOT | /* short slot time supported */ 6240 IEEE80211_C_SHPREAMBLE /* short preamble supported */ 6241 // IEEE80211_C_BGSCAN /* capable of bg scanning */ 6242 ; 6243 /* Advertise full-offload scanning */ 6244 ic->ic_flags_ext = IEEE80211_FEXT_SCAN_OFFLOAD; 6245 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 6246 sc->sc_phyctxt[i].id = i; 6247 sc->sc_phyctxt[i].color = 0; 6248 sc->sc_phyctxt[i].ref = 0; 6249 sc->sc_phyctxt[i].channel = NULL; 6250 } 6251 6252 /* Default noise floor */ 6253 sc->sc_noise = -96; 6254 6255 /* Max RSSI */ 6256 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 6257 6258 #ifdef IWM_DEBUG 6259 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 6260 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug", 6261 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging"); 6262 #endif 6263 6264 error = iwm_read_firmware(sc); 6265 if (error) { 6266 goto fail; 6267 } else if (sc->sc_fw.fw_fp == NULL) { 6268 /* 6269 * XXX Add a solution for properly deferring firmware load 6270 * during bootup. 6271 */ 6272 goto fail; 6273 } else { 6274 sc->sc_preinit_hook.ich_func = iwm_preinit; 6275 sc->sc_preinit_hook.ich_arg = sc; 6276 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) { 6277 device_printf(dev, 6278 "config_intrhook_establish failed\n"); 6279 goto fail; 6280 } 6281 } 6282 6283 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6284 "<-%s\n", __func__); 6285 6286 return 0; 6287 6288 /* Free allocated memory if something failed during attachment. */ 6289 fail: 6290 iwm_detach_local(sc, 0); 6291 6292 return ENXIO; 6293 } 6294 6295 static int 6296 iwm_is_valid_ether_addr(uint8_t *addr) 6297 { 6298 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 }; 6299 6300 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr)) 6301 return (FALSE); 6302 6303 return (TRUE); 6304 } 6305 6306 static int 6307 iwm_wme_update(struct ieee80211com *ic) 6308 { 6309 #define IWM_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 6310 struct iwm_softc *sc = ic->ic_softc; 6311 #if !defined(__DragonFly__) 6312 struct chanAccParams chp; 6313 #endif 6314 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6315 struct iwm_vap *ivp = IWM_VAP(vap); 6316 struct iwm_node *in; 6317 struct wmeParams tmp[WME_NUM_AC]; 6318 int aci, error; 6319 6320 if (vap == NULL) 6321 return (0); 6322 6323 #if !defined(__DragonFly__) 6324 ieee80211_wme_ic_getparams(ic, &chp); 6325 6326 IEEE80211_LOCK(ic); 6327 for (aci = 0; aci < WME_NUM_AC; aci++) 6328 tmp[aci] = chp.cap_wmeParams[aci]; 6329 IEEE80211_UNLOCK(ic); 6330 #else 6331 IEEE80211_LOCK(ic); 6332 for (aci = 0; aci < WME_NUM_AC; aci++) 6333 tmp[aci] = ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 6334 IEEE80211_UNLOCK(ic); 6335 #endif 6336 6337 IWM_LOCK(sc); 6338 for (aci = 0; aci < WME_NUM_AC; aci++) { 6339 const struct wmeParams *ac = &tmp[aci]; 6340 ivp->queue_params[aci].aifsn = ac->wmep_aifsn; 6341 ivp->queue_params[aci].cw_min = IWM_EXP2(ac->wmep_logcwmin); 6342 ivp->queue_params[aci].cw_max = IWM_EXP2(ac->wmep_logcwmax); 6343 ivp->queue_params[aci].edca_txop = 6344 IEEE80211_TXOP_TO_US(ac->wmep_txopLimit); 6345 } 6346 ivp->have_wme = TRUE; 6347 if (ivp->is_uploaded && vap->iv_bss != NULL) { 6348 in = IWM_NODE(vap->iv_bss); 6349 if (in->in_assoc) { 6350 if ((error = iwm_mac_ctxt_changed(sc, vap)) != 0) { 6351 device_printf(sc->sc_dev, 6352 "%s: failed to update MAC\n", __func__); 6353 } 6354 } 6355 } 6356 IWM_UNLOCK(sc); 6357 6358 return (0); 6359 #undef IWM_EXP2 6360 } 6361 6362 static void 6363 iwm_preinit(void *arg) 6364 { 6365 struct iwm_softc *sc = arg; 6366 device_t dev = sc->sc_dev; 6367 struct ieee80211com *ic = &sc->sc_ic; 6368 int error; 6369 6370 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6371 "->%s\n", __func__); 6372 6373 IWM_LOCK(sc); 6374 if ((error = iwm_start_hw(sc)) != 0) { 6375 device_printf(dev, "could not initialize hardware\n"); 6376 IWM_UNLOCK(sc); 6377 goto fail; 6378 } 6379 6380 error = iwm_run_init_ucode(sc, 1); 6381 iwm_stop_device(sc); 6382 if (error) { 6383 IWM_UNLOCK(sc); 6384 goto fail; 6385 } 6386 device_printf(dev, 6387 "hw rev 0x%x, fw ver %s, address %s\n", 6388 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 6389 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr)); 6390 6391 /* not all hardware can do 5GHz band */ 6392 if (!sc->nvm_data->sku_cap_band_52GHz_enable) 6393 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 6394 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 6395 IWM_UNLOCK(sc); 6396 6397 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 6398 ic->ic_channels); 6399 6400 /* 6401 * At this point we've committed - if we fail to do setup, 6402 * we now also have to tear down the net80211 state. 6403 */ 6404 ieee80211_ifattach(ic); 6405 ic->ic_vap_create = iwm_vap_create; 6406 ic->ic_vap_delete = iwm_vap_delete; 6407 ic->ic_raw_xmit = iwm_raw_xmit; 6408 ic->ic_node_alloc = iwm_node_alloc; 6409 ic->ic_scan_start = iwm_scan_start; 6410 ic->ic_scan_end = iwm_scan_end; 6411 ic->ic_update_mcast = iwm_update_mcast; 6412 ic->ic_getradiocaps = iwm_init_channel_map; 6413 ic->ic_set_channel = iwm_set_channel; 6414 ic->ic_scan_curchan = iwm_scan_curchan; 6415 ic->ic_scan_mindwell = iwm_scan_mindwell; 6416 ic->ic_wme.wme_update = iwm_wme_update; 6417 ic->ic_parent = iwm_parent; 6418 ic->ic_transmit = iwm_transmit; 6419 iwm_radiotap_attach(sc); 6420 if (bootverbose) 6421 ieee80211_announce(ic); 6422 6423 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6424 "<-%s\n", __func__); 6425 config_intrhook_disestablish(&sc->sc_preinit_hook); 6426 6427 return; 6428 fail: 6429 config_intrhook_disestablish(&sc->sc_preinit_hook); 6430 iwm_detach_local(sc, 0); 6431 } 6432 6433 /* 6434 * Attach the interface to 802.11 radiotap. 6435 */ 6436 static void 6437 iwm_radiotap_attach(struct iwm_softc *sc) 6438 { 6439 struct ieee80211com *ic = &sc->sc_ic; 6440 6441 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6442 "->%s begin\n", __func__); 6443 ieee80211_radiotap_attach(ic, 6444 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 6445 IWM_TX_RADIOTAP_PRESENT, 6446 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 6447 IWM_RX_RADIOTAP_PRESENT); 6448 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6449 "->%s end\n", __func__); 6450 } 6451 6452 static struct ieee80211vap * 6453 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 6454 enum ieee80211_opmode opmode, int flags, 6455 const uint8_t bssid[IEEE80211_ADDR_LEN], 6456 const uint8_t mac[IEEE80211_ADDR_LEN]) 6457 { 6458 struct iwm_vap *ivp; 6459 struct ieee80211vap *vap; 6460 6461 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 6462 return NULL; 6463 ivp = kmalloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO); 6464 vap = &ivp->iv_vap; 6465 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 6466 vap->iv_bmissthreshold = 10; /* override default */ 6467 /* Override with driver methods. */ 6468 ivp->iv_newstate = vap->iv_newstate; 6469 vap->iv_newstate = iwm_newstate; 6470 6471 ivp->id = IWM_DEFAULT_MACID; 6472 ivp->color = IWM_DEFAULT_COLOR; 6473 6474 ivp->have_wme = FALSE; 6475 ivp->ps_disabled = FALSE; 6476 6477 ieee80211_ratectl_init(vap); 6478 /* Complete setup. */ 6479 ieee80211_vap_attach(vap, ieee80211_media_change, 6480 ieee80211_media_status, mac); 6481 ic->ic_opmode = opmode; 6482 6483 return vap; 6484 } 6485 6486 static void 6487 iwm_vap_delete(struct ieee80211vap *vap) 6488 { 6489 struct iwm_vap *ivp = IWM_VAP(vap); 6490 6491 ieee80211_ratectl_deinit(vap); 6492 ieee80211_vap_detach(vap); 6493 kfree(ivp, M_80211_VAP); 6494 } 6495 6496 static void 6497 iwm_xmit_queue_drain(struct iwm_softc *sc) 6498 { 6499 struct mbuf *m; 6500 struct ieee80211_node *ni; 6501 6502 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 6503 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 6504 ieee80211_free_node(ni); 6505 m_freem(m); 6506 } 6507 } 6508 6509 static void 6510 iwm_scan_start(struct ieee80211com *ic) 6511 { 6512 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6513 struct iwm_softc *sc = ic->ic_softc; 6514 int error; 6515 6516 IWM_LOCK(sc); 6517 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 6518 /* This should not be possible */ 6519 device_printf(sc->sc_dev, 6520 "%s: Previous scan not completed yet\n", __func__); 6521 } 6522 if (iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 6523 error = iwm_umac_scan(sc); 6524 else 6525 error = iwm_lmac_scan(sc); 6526 if (error != 0) { 6527 device_printf(sc->sc_dev, "could not initiate scan\n"); 6528 IWM_UNLOCK(sc); 6529 ieee80211_cancel_scan(vap); 6530 } else { 6531 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING; 6532 iwm_led_blink_start(sc); 6533 IWM_UNLOCK(sc); 6534 } 6535 } 6536 6537 static void 6538 iwm_scan_end(struct ieee80211com *ic) 6539 { 6540 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6541 struct iwm_softc *sc = ic->ic_softc; 6542 6543 IWM_LOCK(sc); 6544 iwm_led_blink_stop(sc); 6545 if (vap->iv_state == IEEE80211_S_RUN) 6546 iwm_led_enable(sc); 6547 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 6548 /* 6549 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because 6550 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq 6551 * taskqueue. 6552 */ 6553 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 6554 iwm_scan_stop_wait(sc); 6555 } 6556 IWM_UNLOCK(sc); 6557 6558 /* 6559 * Make sure we don't race, if sc_es_task is still enqueued here. 6560 * This is to make sure that it won't call ieee80211_scan_done 6561 * when we have already started the next scan. 6562 */ 6563 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL); 6564 } 6565 6566 static void 6567 iwm_update_mcast(struct ieee80211com *ic) 6568 { 6569 } 6570 6571 static void 6572 iwm_set_channel(struct ieee80211com *ic) 6573 { 6574 } 6575 6576 static void 6577 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 6578 { 6579 } 6580 6581 static void 6582 iwm_scan_mindwell(struct ieee80211_scan_state *ss) 6583 { 6584 } 6585 6586 void 6587 iwm_init_task(void *arg1) 6588 { 6589 struct iwm_softc *sc = arg1; 6590 6591 IWM_LOCK(sc); 6592 while (sc->sc_flags & IWM_FLAG_BUSY) 6593 lksleep(&sc->sc_flags, &sc->sc_lk, 0, "iwmpwr", 0); 6594 sc->sc_flags |= IWM_FLAG_BUSY; 6595 iwm_stop(sc); 6596 if (sc->sc_ic.ic_nrunning > 0) 6597 iwm_init(sc); 6598 sc->sc_flags &= ~IWM_FLAG_BUSY; 6599 wakeup(&sc->sc_flags); 6600 IWM_UNLOCK(sc); 6601 } 6602 6603 static int 6604 iwm_resume(device_t dev) 6605 { 6606 struct iwm_softc *sc = device_get_softc(dev); 6607 int do_reinit = 0; 6608 6609 /* 6610 * We disable the RETRY_TIMEOUT register (0x41) to keep 6611 * PCI Tx retries from interfering with C3 CPU state. 6612 */ 6613 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 6614 6615 if (!sc->sc_attached) 6616 return 0; 6617 6618 iwm_init_task(device_get_softc(dev)); 6619 6620 IWM_LOCK(sc); 6621 if (sc->sc_flags & IWM_FLAG_SCANNING) { 6622 sc->sc_flags &= ~IWM_FLAG_SCANNING; 6623 do_reinit = 1; 6624 } 6625 IWM_UNLOCK(sc); 6626 6627 if (do_reinit) 6628 ieee80211_resume_all(&sc->sc_ic); 6629 6630 return 0; 6631 } 6632 6633 static int 6634 iwm_suspend(device_t dev) 6635 { 6636 int do_stop = 0; 6637 struct iwm_softc *sc = device_get_softc(dev); 6638 6639 do_stop = !! (sc->sc_ic.ic_nrunning > 0); 6640 6641 if (!sc->sc_attached) 6642 return (0); 6643 6644 ieee80211_suspend_all(&sc->sc_ic); 6645 6646 if (do_stop) { 6647 IWM_LOCK(sc); 6648 iwm_stop(sc); 6649 sc->sc_flags |= IWM_FLAG_SCANNING; 6650 IWM_UNLOCK(sc); 6651 } 6652 6653 return (0); 6654 } 6655 6656 static int 6657 iwm_detach_local(struct iwm_softc *sc, int do_net80211) 6658 { 6659 struct iwm_fw_info *fw = &sc->sc_fw; 6660 device_t dev = sc->sc_dev; 6661 int i; 6662 6663 if (!sc->sc_attached) 6664 return 0; 6665 sc->sc_attached = 0; 6666 if (do_net80211) { 6667 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task); 6668 } 6669 iwm_stop_device(sc); 6670 #if defined(__DragonFly__) 6671 /* doesn't exist for DFly, DFly drains tasks on free */ 6672 #else 6673 taskqueue_drain_all(sc->sc_tq); 6674 #endif 6675 taskqueue_free(sc->sc_tq); 6676 if (do_net80211) { 6677 IWM_LOCK(sc); 6678 iwm_xmit_queue_drain(sc); 6679 IWM_UNLOCK(sc); 6680 ieee80211_ifdetach(&sc->sc_ic); 6681 } 6682 callout_drain(&sc->sc_led_blink_to); 6683 callout_drain(&sc->sc_watchdog_to); 6684 6685 iwm_phy_db_free(sc->sc_phy_db); 6686 sc->sc_phy_db = NULL; 6687 6688 iwm_free_nvm_data(sc->nvm_data); 6689 6690 /* Free descriptor rings */ 6691 iwm_free_rx_ring(sc, &sc->rxq); 6692 for (i = 0; i < nitems(sc->txq); i++) 6693 iwm_free_tx_ring(sc, &sc->txq[i]); 6694 6695 /* Free firmware */ 6696 if (fw->fw_fp != NULL) 6697 iwm_fw_info_free(fw); 6698 6699 /* Free scheduler */ 6700 iwm_dma_contig_free(&sc->sched_dma); 6701 iwm_dma_contig_free(&sc->ict_dma); 6702 iwm_dma_contig_free(&sc->kw_dma); 6703 iwm_dma_contig_free(&sc->fw_dma); 6704 6705 iwm_free_fw_paging(sc); 6706 6707 /* Finished with the hardware - detach things */ 6708 iwm_pci_detach(dev); 6709 6710 if (sc->sc_notif_wait != NULL) { 6711 iwm_notification_wait_free(sc->sc_notif_wait); 6712 sc->sc_notif_wait = NULL; 6713 } 6714 6715 IWM_LOCK_DESTROY(sc); 6716 6717 return (0); 6718 } 6719 6720 static int 6721 iwm_detach(device_t dev) 6722 { 6723 struct iwm_softc *sc = device_get_softc(dev); 6724 6725 return (iwm_detach_local(sc, 1)); 6726 } 6727 6728 static device_method_t iwm_pci_methods[] = { 6729 /* Device interface */ 6730 DEVMETHOD(device_probe, iwm_probe), 6731 DEVMETHOD(device_attach, iwm_attach), 6732 DEVMETHOD(device_detach, iwm_detach), 6733 DEVMETHOD(device_suspend, iwm_suspend), 6734 DEVMETHOD(device_resume, iwm_resume), 6735 6736 DEVMETHOD_END 6737 }; 6738 6739 static driver_t iwm_pci_driver = { 6740 "iwm", 6741 iwm_pci_methods, 6742 sizeof (struct iwm_softc) 6743 }; 6744 6745 static devclass_t iwm_devclass; 6746 6747 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 6748 #if !defined(__DragonFly__) 6749 MODULE_PNP_INFO("U16:device;P:#;T:vendor=0x8086", pci, iwm_pci_driver, 6750 iwm_devices, nitems(iwm_devices)); 6751 #endif 6752 MODULE_DEPEND(iwm, firmware, 1, 1, 1); 6753 MODULE_DEPEND(iwm, pci, 1, 1, 1); 6754 MODULE_DEPEND(iwm, wlan, 1, 1, 1); 6755