1 /*- 2 * Copyright (c) 2006,2007 3 * Damien Bergamini <damien.bergamini@free.fr> 4 * Benjamin Close <Benjamin.Close@clearchain.com> 5 * Copyright (c) 2015 Andriy Voskoboinyk <avos@FreeBSD.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /* 24 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 25 * 26 * The 3945ABG network adapter doesn't use traditional hardware as 27 * many other adaptors do. Instead at run time the eeprom is set into a known 28 * state and told to load boot firmware. The boot firmware loads an init and a 29 * main binary firmware image into SRAM on the card via DMA. 30 * Once the firmware is loaded, the driver/hw then 31 * communicate by way of circular dma rings via the SRAM to the firmware. 32 * 33 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings. 34 * The 4 tx data rings allow for prioritization QoS. 35 * 36 * The rx data ring consists of 32 dma buffers. Two registers are used to 37 * indicate where in the ring the driver and the firmware are up to. The 38 * driver sets the initial read index (reg1) and the initial write index (reg2), 39 * the firmware updates the read index (reg1) on rx of a packet and fires an 40 * interrupt. The driver then processes the buffers starting at reg1 indicating 41 * to the firmware which buffers have been accessed by updating reg2. At the 42 * same time allocating new memory for the processed buffer. 43 * 44 * A similar thing happens with the tx rings. The difference is the firmware 45 * stop processing buffers once the queue is full and until confirmation 46 * of a successful transmition (tx_done) has occurred. 47 * 48 * The command ring operates in the same manner as the tx queues. 49 * 50 * All communication direct to the card (ie eeprom) is classed as Stage1 51 * communication 52 * 53 * All communication via the firmware to the card is classed as State2. 54 * The firmware consists of 2 parts. A bootstrap firmware and a runtime 55 * firmware. The bootstrap firmware and runtime firmware are loaded 56 * from host memory via dma to the card then told to execute. From this point 57 * on the majority of communications between the driver and the card goes 58 * via the firmware. 59 */ 60 61 #include "opt_wlan.h" 62 #include "opt_wpi.h" 63 64 #include <sys/param.h> 65 #include <sys/sysctl.h> 66 #include <sys/sockio.h> 67 #include <sys/mbuf.h> 68 #include <sys/kernel.h> 69 #include <sys/socket.h> 70 #include <sys/systm.h> 71 #include <sys/malloc.h> 72 #include <sys/queue.h> 73 #include <sys/taskqueue.h> 74 #include <sys/module.h> 75 #include <sys/bus.h> 76 #include <sys/endian.h> 77 #include <sys/linker.h> 78 #include <sys/firmware.h> 79 80 #if defined(__DragonFly__) 81 /* empty */ 82 #else 83 #include <machine/bus.h> 84 #include <machine/resource.h> 85 #endif 86 #include <sys/rman.h> 87 88 #include <bus/pci/pcireg.h> 89 #include <bus/pci/pcivar.h> 90 91 #include <net/bpf.h> 92 #include <net/if.h> 93 #include <net/if_var.h> 94 #include <net/if_arp.h> 95 #include <net/ethernet.h> 96 #include <net/if_dl.h> 97 #include <net/if_media.h> 98 #include <net/if_types.h> 99 100 #include <netinet/in.h> 101 #include <netinet/in_systm.h> 102 #include <netinet/in_var.h> 103 #include <netinet/if_ether.h> 104 #include <netinet/ip.h> 105 106 #include <netproto/802_11/ieee80211_var.h> 107 #include <netproto/802_11/ieee80211_radiotap.h> 108 #include <netproto/802_11/ieee80211_regdomain.h> 109 #include <netproto/802_11/ieee80211_ratectl.h> 110 111 #include <dev/netif/wpi/if_wpireg.h> 112 #include <dev/netif/wpi/if_wpivar.h> 113 #include <dev/netif/wpi/if_wpi_debug.h> 114 115 struct wpi_ident { 116 uint16_t vendor; 117 uint16_t device; 118 uint16_t subdevice; 119 const char *name; 120 }; 121 122 static const struct wpi_ident wpi_ident_table[] = { 123 /* The below entries support ABG regardless of the subid */ 124 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 125 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 126 /* The below entries only support BG */ 127 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" }, 128 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" }, 129 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" }, 130 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" }, 131 { 0, 0, 0, NULL } 132 }; 133 134 static int wpi_probe(device_t); 135 static int wpi_attach(device_t); 136 static void wpi_radiotap_attach(struct wpi_softc *); 137 static void wpi_sysctlattach(struct wpi_softc *); 138 static void wpi_init_beacon(struct wpi_vap *); 139 static struct ieee80211vap *wpi_vap_create(struct ieee80211com *, 140 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 141 const uint8_t [IEEE80211_ADDR_LEN], 142 const uint8_t [IEEE80211_ADDR_LEN]); 143 static void wpi_vap_delete(struct ieee80211vap *); 144 static int wpi_detach(device_t); 145 static int wpi_shutdown(device_t); 146 static int wpi_suspend(device_t); 147 static int wpi_resume(device_t); 148 static int wpi_nic_lock(struct wpi_softc *); 149 static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 150 static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int); 151 static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *, 152 void **, bus_size_t, bus_size_t); 153 static void wpi_dma_contig_free(struct wpi_dma_info *); 154 static int wpi_alloc_shared(struct wpi_softc *); 155 static void wpi_free_shared(struct wpi_softc *); 156 static int wpi_alloc_fwmem(struct wpi_softc *); 157 static void wpi_free_fwmem(struct wpi_softc *); 158 static int wpi_alloc_rx_ring(struct wpi_softc *); 159 static void wpi_update_rx_ring(struct wpi_softc *); 160 static void wpi_update_rx_ring_ps(struct wpi_softc *); 161 static void wpi_reset_rx_ring(struct wpi_softc *); 162 static void wpi_free_rx_ring(struct wpi_softc *); 163 static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 164 uint8_t); 165 static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 166 static void wpi_update_tx_ring_ps(struct wpi_softc *, 167 struct wpi_tx_ring *); 168 static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 169 static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 170 static int wpi_read_eeprom(struct wpi_softc *, 171 uint8_t macaddr[IEEE80211_ADDR_LEN]); 172 static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *); 173 static void wpi_read_eeprom_band(struct wpi_softc *, uint8_t, int, int *, 174 struct ieee80211_channel[]); 175 static int wpi_read_eeprom_channels(struct wpi_softc *, uint8_t); 176 static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *, 177 struct ieee80211_channel *); 178 static void wpi_getradiocaps(struct ieee80211com *, int, int *, 179 struct ieee80211_channel[]); 180 static int wpi_setregdomain(struct ieee80211com *, 181 struct ieee80211_regdomain *, int, 182 struct ieee80211_channel[]); 183 static int wpi_read_eeprom_group(struct wpi_softc *, uint8_t); 184 static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *, 185 const uint8_t mac[IEEE80211_ADDR_LEN]); 186 static void wpi_node_free(struct ieee80211_node *); 187 static void wpi_ibss_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 188 const struct ieee80211_rx_stats *, 189 int, int); 190 static void wpi_restore_node(void *, struct ieee80211_node *); 191 static void wpi_restore_node_table(struct wpi_softc *, struct wpi_vap *); 192 static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int); 193 static void wpi_calib_timeout(void *); 194 static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 195 struct wpi_rx_data *); 196 static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *, 197 struct wpi_rx_data *); 198 static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 199 static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 200 static void wpi_notif_intr(struct wpi_softc *); 201 static void wpi_wakeup_intr(struct wpi_softc *); 202 #ifdef WPI_DEBUG 203 static void wpi_debug_registers(struct wpi_softc *); 204 #endif 205 static void wpi_fatal_intr(struct wpi_softc *); 206 static void wpi_intr(void *); 207 static void wpi_free_txfrags(struct wpi_softc *, uint16_t); 208 static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *); 209 static int wpi_tx_data(struct wpi_softc *, struct mbuf *, 210 struct ieee80211_node *); 211 static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *, 212 struct ieee80211_node *, 213 const struct ieee80211_bpf_params *); 214 static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *, 215 const struct ieee80211_bpf_params *); 216 static int wpi_transmit(struct ieee80211com *, struct mbuf *); 217 static void wpi_watchdog_rfkill(void *); 218 static void wpi_scan_timeout(void *); 219 static void wpi_tx_timeout(void *); 220 static void wpi_parent(struct ieee80211com *); 221 static int wpi_cmd(struct wpi_softc *, uint8_t, const void *, uint16_t, 222 int); 223 static int wpi_mrr_setup(struct wpi_softc *); 224 static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *); 225 static int wpi_add_broadcast_node(struct wpi_softc *, int); 226 static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *); 227 static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *); 228 static int wpi_updateedca(struct ieee80211com *); 229 static void wpi_set_promisc(struct wpi_softc *); 230 static void wpi_update_promisc(struct ieee80211com *); 231 static void wpi_update_mcast(struct ieee80211com *); 232 static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 233 static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 234 static void wpi_power_calibration(struct wpi_softc *); 235 static int wpi_set_txpower(struct wpi_softc *, int); 236 static int wpi_get_power_index(struct wpi_softc *, 237 struct wpi_power_group *, uint8_t, int, int); 238 static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int); 239 static int wpi_send_btcoex(struct wpi_softc *); 240 static int wpi_send_rxon(struct wpi_softc *, int, int); 241 static int wpi_config(struct wpi_softc *); 242 static uint16_t wpi_get_active_dwell_time(struct wpi_softc *, 243 struct ieee80211_channel *, uint8_t); 244 static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t); 245 static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *, 246 struct ieee80211_channel *); 247 static uint32_t wpi_get_scan_pause_time(uint32_t, uint16_t); 248 static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *); 249 static int wpi_auth(struct wpi_softc *, struct ieee80211vap *); 250 static int wpi_config_beacon(struct wpi_vap *); 251 static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *); 252 static void wpi_update_beacon(struct ieee80211vap *, int); 253 static void wpi_newassoc(struct ieee80211_node *, int); 254 static int wpi_run(struct wpi_softc *, struct ieee80211vap *); 255 static int wpi_load_key(struct ieee80211_node *, 256 const struct ieee80211_key *); 257 static void wpi_load_key_cb(void *, struct ieee80211_node *); 258 static int wpi_set_global_keys(struct ieee80211_node *); 259 static int wpi_del_key(struct ieee80211_node *, 260 const struct ieee80211_key *); 261 static void wpi_del_key_cb(void *, struct ieee80211_node *); 262 static int wpi_process_key(struct ieee80211vap *, 263 const struct ieee80211_key *, int); 264 static int wpi_key_set(struct ieee80211vap *, 265 const struct ieee80211_key *); 266 static int wpi_key_delete(struct ieee80211vap *, 267 const struct ieee80211_key *); 268 static int wpi_post_alive(struct wpi_softc *); 269 static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, 270 uint32_t); 271 static int wpi_load_firmware(struct wpi_softc *); 272 static int wpi_read_firmware(struct wpi_softc *); 273 static void wpi_unload_firmware(struct wpi_softc *); 274 static int wpi_clock_wait(struct wpi_softc *); 275 static int wpi_apm_init(struct wpi_softc *); 276 static void wpi_apm_stop_master(struct wpi_softc *); 277 static void wpi_apm_stop(struct wpi_softc *); 278 static void wpi_nic_config(struct wpi_softc *); 279 static int wpi_hw_init(struct wpi_softc *); 280 static void wpi_hw_stop(struct wpi_softc *); 281 static void wpi_radio_on(void *, int); 282 static void wpi_radio_off(void *, int); 283 static int wpi_init(struct wpi_softc *); 284 static void wpi_stop_locked(struct wpi_softc *); 285 static void wpi_stop(struct wpi_softc *); 286 static void wpi_scan_start(struct ieee80211com *); 287 static void wpi_scan_end(struct ieee80211com *); 288 static void wpi_set_channel(struct ieee80211com *); 289 static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long); 290 static void wpi_scan_mindwell(struct ieee80211_scan_state *); 291 292 static device_method_t wpi_methods[] = { 293 /* Device interface */ 294 DEVMETHOD(device_probe, wpi_probe), 295 DEVMETHOD(device_attach, wpi_attach), 296 DEVMETHOD(device_detach, wpi_detach), 297 DEVMETHOD(device_shutdown, wpi_shutdown), 298 DEVMETHOD(device_suspend, wpi_suspend), 299 DEVMETHOD(device_resume, wpi_resume), 300 301 DEVMETHOD_END 302 }; 303 304 static driver_t wpi_driver = { 305 "wpi", 306 wpi_methods, 307 sizeof (struct wpi_softc) 308 }; 309 static devclass_t wpi_devclass; 310 311 DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL); 312 313 MODULE_VERSION(wpi, 1); 314 315 MODULE_DEPEND(wpi, pci, 1, 1, 1); 316 MODULE_DEPEND(wpi, wlan, 1, 1, 1); 317 MODULE_DEPEND(wpi, firmware, 1, 1, 1); 318 319 static int 320 wpi_probe(device_t dev) 321 { 322 const struct wpi_ident *ident; 323 324 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 325 if (pci_get_vendor(dev) == ident->vendor && 326 pci_get_device(dev) == ident->device) { 327 device_set_desc(dev, ident->name); 328 return (BUS_PROBE_DEFAULT); 329 } 330 } 331 return ENXIO; 332 } 333 334 static int 335 wpi_attach(device_t dev) 336 { 337 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev); 338 struct ieee80211com *ic; 339 uint8_t i; 340 int error, rid; 341 #ifdef WPI_DEBUG 342 int supportsa = 1; 343 const struct wpi_ident *ident; 344 #endif 345 #if defined(__DragonFly__) 346 int irq_flags; 347 #endif 348 349 sc->sc_dev = dev; 350 351 #ifdef WPI_DEBUG 352 error = resource_int_value(device_get_name(sc->sc_dev), 353 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug)); 354 if (error != 0) 355 sc->sc_debug = 0; 356 #else 357 sc->sc_debug = 0; 358 #endif 359 360 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 361 362 /* 363 * Get the offset of the PCI Express Capability Structure in PCI 364 * Configuration Space. 365 */ 366 #if defined(__DragonFly__) 367 error = pci_find_extcap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 368 #else 369 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 370 #endif 371 if (error != 0) { 372 device_printf(dev, "PCIe capability structure not found!\n"); 373 return error; 374 } 375 376 /* 377 * Some card's only support 802.11b/g not a, check to see if 378 * this is one such card. A 0x0 in the subdevice table indicates 379 * the entire subdevice range is to be ignored. 380 */ 381 #ifdef WPI_DEBUG 382 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 383 if (ident->subdevice && 384 pci_get_subdevice(dev) == ident->subdevice) { 385 supportsa = 0; 386 break; 387 } 388 } 389 #endif 390 391 /* Clear device-specific "PCI retry timeout" register (41h). */ 392 pci_write_config(dev, 0x41, 0, 1); 393 394 /* Enable bus-mastering. */ 395 pci_enable_busmaster(dev); 396 397 rid = PCIR_BAR(0); 398 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 399 RF_ACTIVE); 400 if (sc->mem == NULL) { 401 device_printf(dev, "can't map mem space\n"); 402 return ENOMEM; 403 } 404 sc->sc_st = rman_get_bustag(sc->mem); 405 sc->sc_sh = rman_get_bushandle(sc->mem); 406 407 #if defined(__DragonFly__) 408 pci_alloc_1intr(dev, 1, &rid, &irq_flags); 409 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, irq_flags); 410 #else 411 rid = 1; 412 if (pci_alloc_msi(dev, &rid) == 0) 413 rid = 1; 414 else 415 rid = 0; 416 /* Install interrupt handler. */ 417 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 418 (rid != 0 ? 0 : RF_SHAREABLE)); 419 #endif 420 if (sc->irq == NULL) { 421 device_printf(dev, "can't map interrupt\n"); 422 error = ENOMEM; 423 goto fail; 424 } 425 426 WPI_LOCK_INIT(sc); 427 WPI_TX_LOCK_INIT(sc); 428 WPI_RXON_LOCK_INIT(sc); 429 WPI_NT_LOCK_INIT(sc); 430 WPI_TXQ_LOCK_INIT(sc); 431 WPI_TXQ_STATE_LOCK_INIT(sc); 432 433 /* Allocate DMA memory for firmware transfers. */ 434 if ((error = wpi_alloc_fwmem(sc)) != 0) { 435 device_printf(dev, 436 "could not allocate memory for firmware, error %d\n", 437 error); 438 goto fail; 439 } 440 441 /* Allocate shared page. */ 442 if ((error = wpi_alloc_shared(sc)) != 0) { 443 device_printf(dev, "could not allocate shared page\n"); 444 goto fail; 445 } 446 447 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */ 448 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) { 449 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 450 device_printf(dev, 451 "could not allocate TX ring %d, error %d\n", i, 452 error); 453 goto fail; 454 } 455 } 456 457 /* Allocate RX ring. */ 458 if ((error = wpi_alloc_rx_ring(sc)) != 0) { 459 device_printf(dev, "could not allocate RX ring, error %d\n", 460 error); 461 goto fail; 462 } 463 464 /* Clear pending interrupts. */ 465 WPI_WRITE(sc, WPI_INT, 0xffffffff); 466 467 ic = &sc->sc_ic; 468 ic->ic_softc = sc; 469 ic->ic_name = device_get_nameunit(dev); 470 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 471 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 472 473 /* Set device capabilities. */ 474 ic->ic_caps = 475 IEEE80211_C_STA /* station mode supported */ 476 | IEEE80211_C_IBSS /* IBSS mode supported */ 477 | IEEE80211_C_HOSTAP /* Host access point mode */ 478 | IEEE80211_C_MONITOR /* monitor mode supported */ 479 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 480 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 481 | IEEE80211_C_TXFRAG /* handle tx frags */ 482 | IEEE80211_C_TXPMGT /* tx power management */ 483 | IEEE80211_C_SHSLOT /* short slot time supported */ 484 | IEEE80211_C_WPA /* 802.11i */ 485 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 486 | IEEE80211_C_WME /* 802.11e */ 487 | IEEE80211_C_PMGT /* Station-side power mgmt */ 488 ; 489 490 ic->ic_cryptocaps = 491 IEEE80211_CRYPTO_AES_CCM; 492 493 /* 494 * Read in the eeprom and also setup the channels for 495 * net80211. We don't set the rates as net80211 does this for us 496 */ 497 if ((error = wpi_read_eeprom(sc, ic->ic_macaddr)) != 0) { 498 device_printf(dev, "could not read EEPROM, error %d\n", 499 error); 500 goto fail; 501 } 502 503 #ifdef WPI_DEBUG 504 if (bootverbose) { 505 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n", 506 sc->domain); 507 device_printf(sc->sc_dev, "Hardware Type: %c\n", 508 sc->type > 1 ? 'B': '?'); 509 device_printf(sc->sc_dev, "Hardware Revision: %c\n", 510 ((sc->rev & 0xf0) == 0xd0) ? 'D': '?'); 511 device_printf(sc->sc_dev, "SKU %s support 802.11a\n", 512 supportsa ? "does" : "does not"); 513 514 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must 515 check what sc->rev really represents - benjsc 20070615 */ 516 } 517 #endif 518 519 ieee80211_ifattach(ic); 520 ic->ic_vap_create = wpi_vap_create; 521 ic->ic_vap_delete = wpi_vap_delete; 522 ic->ic_parent = wpi_parent; 523 ic->ic_raw_xmit = wpi_raw_xmit; 524 ic->ic_transmit = wpi_transmit; 525 ic->ic_node_alloc = wpi_node_alloc; 526 sc->sc_node_free = ic->ic_node_free; 527 ic->ic_node_free = wpi_node_free; 528 ic->ic_wme.wme_update = wpi_updateedca; 529 ic->ic_update_promisc = wpi_update_promisc; 530 ic->ic_update_mcast = wpi_update_mcast; 531 ic->ic_newassoc = wpi_newassoc; 532 ic->ic_scan_start = wpi_scan_start; 533 ic->ic_scan_end = wpi_scan_end; 534 ic->ic_set_channel = wpi_set_channel; 535 ic->ic_scan_curchan = wpi_scan_curchan; 536 ic->ic_scan_mindwell = wpi_scan_mindwell; 537 ic->ic_getradiocaps = wpi_getradiocaps; 538 ic->ic_setregdomain = wpi_setregdomain; 539 540 sc->sc_update_rx_ring = wpi_update_rx_ring; 541 sc->sc_update_tx_ring = wpi_update_tx_ring; 542 543 wpi_radiotap_attach(sc); 544 545 callout_init_mtx(&sc->calib_to, &sc->rxon_mtx, 0); 546 callout_init_mtx(&sc->scan_timeout, &sc->rxon_mtx, 0); 547 callout_init_mtx(&sc->tx_timeout, &sc->txq_state_mtx, 0); 548 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0); 549 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc); 550 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc); 551 552 wpi_sysctlattach(sc); 553 554 /* 555 * Hook our interrupt after all initialization is complete. 556 */ 557 #if defined(__DragonFly__) 558 error = bus_setup_intr(dev, sc->irq, INTR_MPSAFE, 559 wpi_intr, sc, &sc->sc_ih, &wlan_global_serializer); 560 #else 561 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE, 562 NULL, wpi_intr, sc, &sc->sc_ih); 563 #endif 564 if (error != 0) { 565 device_printf(dev, "can't establish interrupt, error %d\n", 566 error); 567 goto fail; 568 } 569 570 if (bootverbose) 571 ieee80211_announce(ic); 572 573 #ifdef WPI_DEBUG 574 if (sc->sc_debug & WPI_DEBUG_HW) 575 ieee80211_announce_channels(ic); 576 #endif 577 578 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 579 return 0; 580 581 fail: wpi_detach(dev); 582 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 583 return error; 584 } 585 586 /* 587 * Attach the interface to 802.11 radiotap. 588 */ 589 static void 590 wpi_radiotap_attach(struct wpi_softc *sc) 591 { 592 struct wpi_rx_radiotap_header *rxtap = &sc->sc_rxtap; 593 struct wpi_tx_radiotap_header *txtap = &sc->sc_txtap; 594 595 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 596 ieee80211_radiotap_attach(&sc->sc_ic, 597 &txtap->wt_ihdr, sizeof(*txtap), WPI_TX_RADIOTAP_PRESENT, 598 &rxtap->wr_ihdr, sizeof(*rxtap), WPI_RX_RADIOTAP_PRESENT); 599 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 600 } 601 602 static void 603 wpi_sysctlattach(struct wpi_softc *sc) 604 { 605 #ifdef WPI_DEBUG 606 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 607 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 608 609 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 610 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug, 611 "control debugging printfs"); 612 #endif 613 } 614 615 static void 616 wpi_init_beacon(struct wpi_vap *wvp) 617 { 618 struct wpi_buf *bcn = &wvp->wv_bcbuf; 619 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 620 621 cmd->id = WPI_ID_BROADCAST; 622 cmd->ofdm_mask = 0xff; 623 cmd->cck_mask = 0x0f; 624 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE); 625 626 /* 627 * XXX WPI_TX_AUTO_SEQ seems to be ignored - workaround this issue 628 * XXX by using WPI_TX_NEED_ACK instead (with some side effects). 629 */ 630 cmd->flags = htole32(WPI_TX_NEED_ACK | WPI_TX_INSERT_TSTAMP); 631 632 bcn->code = WPI_CMD_SET_BEACON; 633 bcn->ac = WPI_CMD_QUEUE_NUM; 634 bcn->size = sizeof(struct wpi_cmd_beacon); 635 } 636 637 static struct ieee80211vap * 638 wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 639 enum ieee80211_opmode opmode, int flags, 640 const uint8_t bssid[IEEE80211_ADDR_LEN], 641 const uint8_t mac[IEEE80211_ADDR_LEN]) 642 { 643 struct wpi_vap *wvp; 644 struct ieee80211vap *vap; 645 646 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 647 return NULL; 648 649 wvp = kmalloc(sizeof(struct wpi_vap), M_80211_VAP, M_WAITOK | M_ZERO); 650 vap = &wvp->wv_vap; 651 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 652 653 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 654 WPI_VAP_LOCK_INIT(wvp); 655 wpi_init_beacon(wvp); 656 } 657 658 /* Override with driver methods. */ 659 vap->iv_key_set = wpi_key_set; 660 vap->iv_key_delete = wpi_key_delete; 661 if (opmode == IEEE80211_M_IBSS) { 662 wvp->wv_recv_mgmt = vap->iv_recv_mgmt; 663 vap->iv_recv_mgmt = wpi_ibss_recv_mgmt; 664 } 665 wvp->wv_newstate = vap->iv_newstate; 666 vap->iv_newstate = wpi_newstate; 667 vap->iv_update_beacon = wpi_update_beacon; 668 vap->iv_max_aid = WPI_ID_IBSS_MAX - WPI_ID_IBSS_MIN + 1; 669 670 ieee80211_ratectl_init(vap); 671 /* Complete setup. */ 672 ieee80211_vap_attach(vap, ieee80211_media_change, 673 ieee80211_media_status, mac); 674 ic->ic_opmode = opmode; 675 return vap; 676 } 677 678 static void 679 wpi_vap_delete(struct ieee80211vap *vap) 680 { 681 struct wpi_vap *wvp = WPI_VAP(vap); 682 struct wpi_buf *bcn = &wvp->wv_bcbuf; 683 enum ieee80211_opmode opmode = vap->iv_opmode; 684 685 ieee80211_ratectl_deinit(vap); 686 ieee80211_vap_detach(vap); 687 688 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 689 if (bcn->m != NULL) 690 m_freem(bcn->m); 691 692 WPI_VAP_LOCK_DESTROY(wvp); 693 } 694 695 kfree(wvp, M_80211_VAP); 696 } 697 698 static int 699 wpi_detach(device_t dev) 700 { 701 struct wpi_softc *sc = device_get_softc(dev); 702 struct ieee80211com *ic = &sc->sc_ic; 703 uint8_t qid; 704 705 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 706 707 if (ic->ic_vap_create == wpi_vap_create) { 708 ieee80211_draintask(ic, &sc->sc_radioon_task); 709 ieee80211_draintask(ic, &sc->sc_radiooff_task); 710 711 wpi_stop(sc); 712 713 callout_drain(&sc->watchdog_rfkill); 714 callout_drain(&sc->tx_timeout); 715 callout_drain(&sc->scan_timeout); 716 callout_drain(&sc->calib_to); 717 ieee80211_ifdetach(ic); 718 } 719 720 /* Uninstall interrupt handler. */ 721 if (sc->irq != NULL) { 722 bus_teardown_intr(dev, sc->irq, sc->sc_ih); 723 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq), 724 sc->irq); 725 pci_release_msi(dev); 726 } 727 728 if (sc->txq[0].data_dmat) { 729 /* Free DMA resources. */ 730 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) 731 wpi_free_tx_ring(sc, &sc->txq[qid]); 732 733 wpi_free_rx_ring(sc); 734 wpi_free_shared(sc); 735 } 736 737 if (sc->fw_dma.tag) 738 wpi_free_fwmem(sc); 739 740 if (sc->mem != NULL) 741 bus_release_resource(dev, SYS_RES_MEMORY, 742 rman_get_rid(sc->mem), sc->mem); 743 744 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 745 WPI_TXQ_STATE_LOCK_DESTROY(sc); 746 WPI_TXQ_LOCK_DESTROY(sc); 747 WPI_NT_LOCK_DESTROY(sc); 748 WPI_RXON_LOCK_DESTROY(sc); 749 WPI_TX_LOCK_DESTROY(sc); 750 WPI_LOCK_DESTROY(sc); 751 return 0; 752 } 753 754 static int 755 wpi_shutdown(device_t dev) 756 { 757 struct wpi_softc *sc = device_get_softc(dev); 758 759 wpi_stop(sc); 760 return 0; 761 } 762 763 static int 764 wpi_suspend(device_t dev) 765 { 766 struct wpi_softc *sc = device_get_softc(dev); 767 struct ieee80211com *ic = &sc->sc_ic; 768 769 ieee80211_suspend_all(ic); 770 return 0; 771 } 772 773 static int 774 wpi_resume(device_t dev) 775 { 776 struct wpi_softc *sc = device_get_softc(dev); 777 struct ieee80211com *ic = &sc->sc_ic; 778 779 /* Clear device-specific "PCI retry timeout" register (41h). */ 780 pci_write_config(dev, 0x41, 0, 1); 781 782 ieee80211_resume_all(ic); 783 return 0; 784 } 785 786 /* 787 * Grab exclusive access to NIC memory. 788 */ 789 static int 790 wpi_nic_lock(struct wpi_softc *sc) 791 { 792 int ntries; 793 794 /* Request exclusive access to NIC. */ 795 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 796 797 /* Spin until we actually get the lock. */ 798 for (ntries = 0; ntries < 1000; ntries++) { 799 if ((WPI_READ(sc, WPI_GP_CNTRL) & 800 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 801 WPI_GP_CNTRL_MAC_ACCESS_ENA) 802 return 0; 803 DELAY(10); 804 } 805 806 device_printf(sc->sc_dev, "could not lock memory\n"); 807 808 return ETIMEDOUT; 809 } 810 811 /* 812 * Release lock on NIC memory. 813 */ 814 static __inline void 815 wpi_nic_unlock(struct wpi_softc *sc) 816 { 817 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 818 } 819 820 static __inline uint32_t 821 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 822 { 823 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 824 WPI_BARRIER_READ_WRITE(sc); 825 return WPI_READ(sc, WPI_PRPH_RDATA); 826 } 827 828 static __inline void 829 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 830 { 831 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 832 WPI_BARRIER_WRITE(sc); 833 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 834 } 835 836 static __inline void 837 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 838 { 839 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 840 } 841 842 static __inline void 843 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 844 { 845 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 846 } 847 848 static __inline void 849 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 850 const uint32_t *data, uint32_t count) 851 { 852 for (; count != 0; count--, data++, addr += 4) 853 wpi_prph_write(sc, addr, *data); 854 } 855 856 static __inline uint32_t 857 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 858 { 859 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 860 WPI_BARRIER_READ_WRITE(sc); 861 return WPI_READ(sc, WPI_MEM_RDATA); 862 } 863 864 static __inline void 865 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 866 int count) 867 { 868 for (; count > 0; count--, addr += 4) 869 *data++ = wpi_mem_read(sc, addr); 870 } 871 872 static int 873 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 874 { 875 uint8_t *out = data; 876 uint32_t val; 877 int error, ntries; 878 879 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 880 881 if ((error = wpi_nic_lock(sc)) != 0) 882 return error; 883 884 for (; count > 0; count -= 2, addr++) { 885 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 886 for (ntries = 0; ntries < 10; ntries++) { 887 val = WPI_READ(sc, WPI_EEPROM); 888 if (val & WPI_EEPROM_READ_VALID) 889 break; 890 DELAY(5); 891 } 892 if (ntries == 10) { 893 device_printf(sc->sc_dev, 894 "timeout reading ROM at 0x%x\n", addr); 895 return ETIMEDOUT; 896 } 897 *out++= val >> 16; 898 if (count > 1) 899 *out ++= val >> 24; 900 } 901 902 wpi_nic_unlock(sc); 903 904 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 905 906 return 0; 907 } 908 909 static void 910 wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 911 { 912 if (error != 0) 913 return; 914 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 915 *(bus_addr_t *)arg = segs[0].ds_addr; 916 } 917 918 /* 919 * Allocates a contiguous block of dma memory of the requested size and 920 * alignment. 921 */ 922 static int 923 wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma, 924 void **kvap, bus_size_t size, bus_size_t alignment) 925 { 926 int error; 927 928 dma->tag = NULL; 929 dma->size = size; 930 931 #if defined(__DragonFly__) 932 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 933 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 934 1, size, 0, &dma->tag); 935 #else 936 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 937 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 938 1, size, 0, NULL, NULL, &dma->tag); 939 #endif 940 if (error != 0) 941 goto fail; 942 943 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 944 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 945 if (error != 0) 946 goto fail; 947 948 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 949 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 950 if (error != 0) 951 goto fail; 952 953 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 954 955 if (kvap != NULL) 956 *kvap = dma->vaddr; 957 958 return 0; 959 960 fail: wpi_dma_contig_free(dma); 961 return error; 962 } 963 964 static void 965 wpi_dma_contig_free(struct wpi_dma_info *dma) 966 { 967 if (dma->vaddr != NULL) { 968 bus_dmamap_sync(dma->tag, dma->map, 969 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 970 bus_dmamap_unload(dma->tag, dma->map); 971 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 972 dma->vaddr = NULL; 973 } 974 if (dma->tag != NULL) { 975 bus_dma_tag_destroy(dma->tag); 976 dma->tag = NULL; 977 } 978 } 979 980 /* 981 * Allocate a shared page between host and NIC. 982 */ 983 static int 984 wpi_alloc_shared(struct wpi_softc *sc) 985 { 986 /* Shared buffer must be aligned on a 4KB boundary. */ 987 return wpi_dma_contig_alloc(sc, &sc->shared_dma, 988 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 989 } 990 991 static void 992 wpi_free_shared(struct wpi_softc *sc) 993 { 994 wpi_dma_contig_free(&sc->shared_dma); 995 } 996 997 /* 998 * Allocate DMA-safe memory for firmware transfer. 999 */ 1000 static int 1001 wpi_alloc_fwmem(struct wpi_softc *sc) 1002 { 1003 /* Must be aligned on a 16-byte boundary. */ 1004 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL, 1005 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 1006 } 1007 1008 static void 1009 wpi_free_fwmem(struct wpi_softc *sc) 1010 { 1011 wpi_dma_contig_free(&sc->fw_dma); 1012 } 1013 1014 static int 1015 wpi_alloc_rx_ring(struct wpi_softc *sc) 1016 { 1017 struct wpi_rx_ring *ring = &sc->rxq; 1018 bus_size_t size; 1019 int i, error; 1020 1021 ring->cur = 0; 1022 ring->update = 0; 1023 1024 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1025 1026 /* Allocate RX descriptors (16KB aligned.) */ 1027 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 1028 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, 1029 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN); 1030 if (error != 0) { 1031 device_printf(sc->sc_dev, 1032 "%s: could not allocate RX ring DMA memory, error %d\n", 1033 __func__, error); 1034 goto fail; 1035 } 1036 1037 /* Create RX buffer DMA tag. */ 1038 #if defined(__DragonFly__) 1039 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1040 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1041 MJUMPAGESIZE, 1, MJUMPAGESIZE, 0, &ring->data_dmat); 1042 #else 1043 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1044 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1045 MJUMPAGESIZE, 1, MJUMPAGESIZE, 0, NULL, NULL, &ring->data_dmat); 1046 #endif 1047 if (error != 0) { 1048 device_printf(sc->sc_dev, 1049 "%s: could not create RX buf DMA tag, error %d\n", 1050 __func__, error); 1051 goto fail; 1052 } 1053 1054 /* 1055 * Allocate and map RX buffers. 1056 */ 1057 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1058 struct wpi_rx_data *data = &ring->data[i]; 1059 bus_addr_t paddr; 1060 1061 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1062 if (error != 0) { 1063 device_printf(sc->sc_dev, 1064 "%s: could not create RX buf DMA map, error %d\n", 1065 __func__, error); 1066 goto fail; 1067 } 1068 1069 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1070 if (data->m == NULL) { 1071 device_printf(sc->sc_dev, 1072 "%s: could not allocate RX mbuf\n", __func__); 1073 error = ENOBUFS; 1074 goto fail; 1075 } 1076 1077 error = bus_dmamap_load(ring->data_dmat, data->map, 1078 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1079 &paddr, BUS_DMA_NOWAIT); 1080 if (error != 0 && error != EFBIG) { 1081 device_printf(sc->sc_dev, 1082 "%s: can't map mbuf (error %d)\n", __func__, 1083 error); 1084 goto fail; 1085 } 1086 1087 /* Set physical address of RX buffer. */ 1088 ring->desc[i] = htole32(paddr); 1089 } 1090 1091 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1092 BUS_DMASYNC_PREWRITE); 1093 1094 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1095 1096 return 0; 1097 1098 fail: wpi_free_rx_ring(sc); 1099 1100 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1101 1102 return error; 1103 } 1104 1105 static void 1106 wpi_update_rx_ring(struct wpi_softc *sc) 1107 { 1108 WPI_WRITE(sc, WPI_FH_RX_WPTR, sc->rxq.cur & ~7); 1109 } 1110 1111 static void 1112 wpi_update_rx_ring_ps(struct wpi_softc *sc) 1113 { 1114 struct wpi_rx_ring *ring = &sc->rxq; 1115 1116 if (ring->update != 0) { 1117 /* Wait for INT_WAKEUP event. */ 1118 return; 1119 } 1120 1121 WPI_TXQ_LOCK(sc); 1122 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1123 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_SLEEP) { 1124 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n", 1125 __func__); 1126 ring->update = 1; 1127 } else { 1128 wpi_update_rx_ring(sc); 1129 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1130 } 1131 WPI_TXQ_UNLOCK(sc); 1132 } 1133 1134 static void 1135 wpi_reset_rx_ring(struct wpi_softc *sc) 1136 { 1137 struct wpi_rx_ring *ring = &sc->rxq; 1138 int ntries; 1139 1140 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1141 1142 if (wpi_nic_lock(sc) == 0) { 1143 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 1144 for (ntries = 0; ntries < 1000; ntries++) { 1145 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 1146 WPI_FH_RX_STATUS_IDLE) 1147 break; 1148 DELAY(10); 1149 } 1150 wpi_nic_unlock(sc); 1151 } 1152 1153 ring->cur = 0; 1154 ring->update = 0; 1155 } 1156 1157 static void 1158 wpi_free_rx_ring(struct wpi_softc *sc) 1159 { 1160 struct wpi_rx_ring *ring = &sc->rxq; 1161 int i; 1162 1163 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1164 1165 wpi_dma_contig_free(&ring->desc_dma); 1166 1167 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1168 struct wpi_rx_data *data = &ring->data[i]; 1169 1170 if (data->m != NULL) { 1171 bus_dmamap_sync(ring->data_dmat, data->map, 1172 BUS_DMASYNC_POSTREAD); 1173 bus_dmamap_unload(ring->data_dmat, data->map); 1174 m_freem(data->m); 1175 data->m = NULL; 1176 } 1177 if (data->map != NULL) 1178 bus_dmamap_destroy(ring->data_dmat, data->map); 1179 } 1180 if (ring->data_dmat != NULL) { 1181 bus_dma_tag_destroy(ring->data_dmat); 1182 ring->data_dmat = NULL; 1183 } 1184 } 1185 1186 static int 1187 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, uint8_t qid) 1188 { 1189 bus_addr_t paddr; 1190 bus_size_t size; 1191 int i, error; 1192 1193 ring->qid = qid; 1194 ring->queued = 0; 1195 ring->cur = 0; 1196 ring->pending = 0; 1197 ring->update = 0; 1198 1199 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1200 1201 /* Allocate TX descriptors (16KB aligned.) */ 1202 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 1203 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc, 1204 size, WPI_RING_DMA_ALIGN); 1205 if (error != 0) { 1206 device_printf(sc->sc_dev, 1207 "%s: could not allocate TX ring DMA memory, error %d\n", 1208 __func__, error); 1209 goto fail; 1210 } 1211 1212 /* Update shared area with ring physical address. */ 1213 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 1214 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1215 BUS_DMASYNC_PREWRITE); 1216 1217 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 1218 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd, 1219 size, 4); 1220 if (error != 0) { 1221 device_printf(sc->sc_dev, 1222 "%s: could not allocate TX cmd DMA memory, error %d\n", 1223 __func__, error); 1224 goto fail; 1225 } 1226 1227 #if defined(__DragonFly__) 1228 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1229 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1230 WPI_MAX_SCATTER - 1, MCLBYTES, 0, &ring->data_dmat); 1231 #else 1232 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1233 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1234 WPI_MAX_SCATTER - 1, MCLBYTES, 0, NULL, NULL, &ring->data_dmat); 1235 #endif 1236 if (error != 0) { 1237 device_printf(sc->sc_dev, 1238 "%s: could not create TX buf DMA tag, error %d\n", 1239 __func__, error); 1240 goto fail; 1241 } 1242 1243 paddr = ring->cmd_dma.paddr; 1244 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1245 struct wpi_tx_data *data = &ring->data[i]; 1246 1247 data->cmd_paddr = paddr; 1248 paddr += sizeof (struct wpi_tx_cmd); 1249 1250 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1251 if (error != 0) { 1252 device_printf(sc->sc_dev, 1253 "%s: could not create TX buf DMA map, error %d\n", 1254 __func__, error); 1255 goto fail; 1256 } 1257 } 1258 1259 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1260 1261 return 0; 1262 1263 fail: wpi_free_tx_ring(sc, ring); 1264 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1265 return error; 1266 } 1267 1268 static void 1269 wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1270 { 1271 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1272 } 1273 1274 static void 1275 wpi_update_tx_ring_ps(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1276 { 1277 1278 if (ring->update != 0) { 1279 /* Wait for INT_WAKEUP event. */ 1280 return; 1281 } 1282 1283 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1284 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_SLEEP) { 1285 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n", 1286 __func__, ring->qid); 1287 ring->update = 1; 1288 } else { 1289 wpi_update_tx_ring(sc, ring); 1290 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1291 } 1292 } 1293 1294 static void 1295 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1296 { 1297 int i; 1298 1299 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1300 1301 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1302 struct wpi_tx_data *data = &ring->data[i]; 1303 1304 if (data->m != NULL) { 1305 bus_dmamap_sync(ring->data_dmat, data->map, 1306 BUS_DMASYNC_POSTWRITE); 1307 bus_dmamap_unload(ring->data_dmat, data->map); 1308 m_freem(data->m); 1309 data->m = NULL; 1310 } 1311 if (data->ni != NULL) { 1312 ieee80211_free_node(data->ni); 1313 data->ni = NULL; 1314 } 1315 } 1316 /* Clear TX descriptors. */ 1317 memset(ring->desc, 0, ring->desc_dma.size); 1318 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1319 BUS_DMASYNC_PREWRITE); 1320 ring->queued = 0; 1321 ring->cur = 0; 1322 ring->pending = 0; 1323 ring->update = 0; 1324 } 1325 1326 static void 1327 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1328 { 1329 int i; 1330 1331 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1332 1333 wpi_dma_contig_free(&ring->desc_dma); 1334 wpi_dma_contig_free(&ring->cmd_dma); 1335 1336 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1337 struct wpi_tx_data *data = &ring->data[i]; 1338 1339 if (data->m != NULL) { 1340 bus_dmamap_sync(ring->data_dmat, data->map, 1341 BUS_DMASYNC_POSTWRITE); 1342 bus_dmamap_unload(ring->data_dmat, data->map); 1343 m_freem(data->m); 1344 } 1345 if (data->map != NULL) 1346 bus_dmamap_destroy(ring->data_dmat, data->map); 1347 } 1348 if (ring->data_dmat != NULL) { 1349 bus_dma_tag_destroy(ring->data_dmat); 1350 ring->data_dmat = NULL; 1351 } 1352 } 1353 1354 /* 1355 * Extract various information from EEPROM. 1356 */ 1357 static int 1358 wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 1359 { 1360 #define WPI_CHK(res) do { \ 1361 if ((error = res) != 0) \ 1362 goto fail; \ 1363 } while (0) 1364 uint8_t i; 1365 int error; 1366 1367 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1368 1369 /* Adapter has to be powered on for EEPROM access to work. */ 1370 if ((error = wpi_apm_init(sc)) != 0) { 1371 device_printf(sc->sc_dev, 1372 "%s: could not power ON adapter, error %d\n", __func__, 1373 error); 1374 return error; 1375 } 1376 1377 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 1378 device_printf(sc->sc_dev, "bad EEPROM signature\n"); 1379 error = EIO; 1380 goto fail; 1381 } 1382 /* Clear HW ownership of EEPROM. */ 1383 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 1384 1385 /* Read the hardware capabilities, revision and SKU type. */ 1386 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap, 1387 sizeof(sc->cap))); 1388 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 1389 sizeof(sc->rev))); 1390 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1391 sizeof(sc->type))); 1392 1393 sc->rev = le16toh(sc->rev); 1394 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap, 1395 sc->rev, sc->type); 1396 1397 /* Read the regulatory domain (4 ASCII characters.) */ 1398 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain, 1399 sizeof(sc->domain))); 1400 1401 /* Read MAC address. */ 1402 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr, 1403 IEEE80211_ADDR_LEN)); 1404 1405 /* Read the list of authorized channels. */ 1406 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 1407 WPI_CHK(wpi_read_eeprom_channels(sc, i)); 1408 1409 /* Read the list of TX power groups. */ 1410 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 1411 WPI_CHK(wpi_read_eeprom_group(sc, i)); 1412 1413 fail: wpi_apm_stop(sc); /* Power OFF adapter. */ 1414 1415 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 1416 __func__); 1417 1418 return error; 1419 #undef WPI_CHK 1420 } 1421 1422 /* 1423 * Translate EEPROM flags to net80211. 1424 */ 1425 static uint32_t 1426 wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel) 1427 { 1428 uint32_t nflags; 1429 1430 nflags = 0; 1431 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0) 1432 nflags |= IEEE80211_CHAN_PASSIVE; 1433 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0) 1434 nflags |= IEEE80211_CHAN_NOADHOC; 1435 if (channel->flags & WPI_EEPROM_CHAN_RADAR) { 1436 nflags |= IEEE80211_CHAN_DFS; 1437 /* XXX apparently IBSS may still be marked */ 1438 nflags |= IEEE80211_CHAN_NOADHOC; 1439 } 1440 1441 /* XXX HOSTAP uses WPI_MODE_IBSS */ 1442 if (nflags & IEEE80211_CHAN_NOADHOC) 1443 nflags |= IEEE80211_CHAN_NOHOSTAP; 1444 1445 return nflags; 1446 } 1447 1448 static void 1449 wpi_read_eeprom_band(struct wpi_softc *sc, uint8_t n, int maxchans, 1450 int *nchans, struct ieee80211_channel chans[]) 1451 { 1452 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n]; 1453 const struct wpi_chan_band *band = &wpi_bands[n]; 1454 uint32_t nflags; 1455 uint8_t bands[IEEE80211_MODE_BYTES]; 1456 uint8_t chan, i; 1457 int error; 1458 1459 memset(bands, 0, sizeof(bands)); 1460 1461 if (n == 0) { 1462 setbit(bands, IEEE80211_MODE_11B); 1463 setbit(bands, IEEE80211_MODE_11G); 1464 } else 1465 setbit(bands, IEEE80211_MODE_11A); 1466 1467 for (i = 0; i < band->nchan; i++) { 1468 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) { 1469 DPRINTF(sc, WPI_DEBUG_EEPROM, 1470 "Channel Not Valid: %d, band %d\n", 1471 band->chan[i],n); 1472 continue; 1473 } 1474 1475 chan = band->chan[i]; 1476 nflags = wpi_eeprom_channel_flags(&channels[i]); 1477 error = ieee80211_add_channel(chans, maxchans, nchans, 1478 chan, 0, channels[i].maxpwr, nflags, bands); 1479 if (error != 0) 1480 break; 1481 1482 /* Save maximum allowed TX power for this channel. */ 1483 sc->maxpwr[chan] = channels[i].maxpwr; 1484 1485 DPRINTF(sc, WPI_DEBUG_EEPROM, 1486 "adding chan %d flags=0x%x maxpwr=%d, offset %d\n", 1487 chan, channels[i].flags, sc->maxpwr[chan], *nchans); 1488 } 1489 } 1490 1491 /** 1492 * Read the eeprom to find out what channels are valid for the given 1493 * band and update net80211 with what we find. 1494 */ 1495 static int 1496 wpi_read_eeprom_channels(struct wpi_softc *sc, uint8_t n) 1497 { 1498 struct ieee80211com *ic = &sc->sc_ic; 1499 const struct wpi_chan_band *band = &wpi_bands[n]; 1500 int error; 1501 1502 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1503 1504 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n], 1505 band->nchan * sizeof (struct wpi_eeprom_chan)); 1506 if (error != 0) { 1507 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1508 return error; 1509 } 1510 1511 wpi_read_eeprom_band(sc, n, IEEE80211_CHAN_MAX, &ic->ic_nchans, 1512 ic->ic_channels); 1513 1514 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans); 1515 1516 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1517 1518 return 0; 1519 } 1520 1521 static struct wpi_eeprom_chan * 1522 wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c) 1523 { 1524 int i, j; 1525 1526 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++) 1527 for (i = 0; i < wpi_bands[j].nchan; i++) 1528 if (wpi_bands[j].chan[i] == c->ic_ieee && 1529 ((j == 0) ^ IEEE80211_IS_CHAN_A(c)) == 1) 1530 return &sc->eeprom_channels[j][i]; 1531 1532 return NULL; 1533 } 1534 1535 static void 1536 wpi_getradiocaps(struct ieee80211com *ic, 1537 int maxchans, int *nchans, struct ieee80211_channel chans[]) 1538 { 1539 struct wpi_softc *sc = ic->ic_softc; 1540 int i; 1541 1542 /* Parse the list of authorized channels. */ 1543 for (i = 0; i < WPI_CHAN_BANDS_COUNT && *nchans < maxchans; i++) 1544 wpi_read_eeprom_band(sc, i, maxchans, nchans, chans); 1545 } 1546 1547 /* 1548 * Enforce flags read from EEPROM. 1549 */ 1550 static int 1551 wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 1552 int nchan, struct ieee80211_channel chans[]) 1553 { 1554 struct wpi_softc *sc = ic->ic_softc; 1555 int i; 1556 1557 for (i = 0; i < nchan; i++) { 1558 struct ieee80211_channel *c = &chans[i]; 1559 struct wpi_eeprom_chan *channel; 1560 1561 channel = wpi_find_eeprom_channel(sc, c); 1562 if (channel == NULL) { 1563 ic_printf(ic, "%s: invalid channel %u freq %u/0x%x\n", 1564 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 1565 return EINVAL; 1566 } 1567 c->ic_flags |= wpi_eeprom_channel_flags(channel); 1568 } 1569 1570 return 0; 1571 } 1572 1573 static int 1574 wpi_read_eeprom_group(struct wpi_softc *sc, uint8_t n) 1575 { 1576 struct wpi_power_group *group = &sc->groups[n]; 1577 struct wpi_eeprom_group rgroup; 1578 int i, error; 1579 1580 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1581 1582 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, 1583 &rgroup, sizeof rgroup)) != 0) { 1584 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1585 return error; 1586 } 1587 1588 /* Save TX power group information. */ 1589 group->chan = rgroup.chan; 1590 group->maxpwr = rgroup.maxpwr; 1591 /* Retrieve temperature at which the samples were taken. */ 1592 group->temp = (int16_t)le16toh(rgroup.temp); 1593 1594 DPRINTF(sc, WPI_DEBUG_EEPROM, 1595 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan, 1596 group->maxpwr, group->temp); 1597 1598 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1599 group->samples[i].index = rgroup.samples[i].index; 1600 group->samples[i].power = rgroup.samples[i].power; 1601 1602 DPRINTF(sc, WPI_DEBUG_EEPROM, 1603 "\tsample %d: index=%d power=%d\n", i, 1604 group->samples[i].index, group->samples[i].power); 1605 } 1606 1607 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1608 1609 return 0; 1610 } 1611 1612 static __inline uint8_t 1613 wpi_add_node_entry_adhoc(struct wpi_softc *sc) 1614 { 1615 uint8_t newid = WPI_ID_IBSS_MIN; 1616 1617 for (; newid <= WPI_ID_IBSS_MAX; newid++) { 1618 if ((sc->nodesmsk & (1 << newid)) == 0) { 1619 sc->nodesmsk |= 1 << newid; 1620 return newid; 1621 } 1622 } 1623 1624 return WPI_ID_UNDEFINED; 1625 } 1626 1627 static __inline uint8_t 1628 wpi_add_node_entry_sta(struct wpi_softc *sc) 1629 { 1630 sc->nodesmsk |= 1 << WPI_ID_BSS; 1631 1632 return WPI_ID_BSS; 1633 } 1634 1635 static __inline int 1636 wpi_check_node_entry(struct wpi_softc *sc, uint8_t id) 1637 { 1638 if (id == WPI_ID_UNDEFINED) 1639 return 0; 1640 1641 return (sc->nodesmsk >> id) & 1; 1642 } 1643 1644 static __inline void 1645 wpi_clear_node_table(struct wpi_softc *sc) 1646 { 1647 sc->nodesmsk = 0; 1648 } 1649 1650 static __inline void 1651 wpi_del_node_entry(struct wpi_softc *sc, uint8_t id) 1652 { 1653 sc->nodesmsk &= ~(1 << id); 1654 } 1655 1656 static struct ieee80211_node * 1657 wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1658 { 1659 struct wpi_node *wn; 1660 1661 wn = kmalloc(sizeof (struct wpi_node), M_80211_NODE, 1662 M_INTWAIT | M_ZERO); 1663 1664 if (wn == NULL) 1665 return NULL; 1666 1667 wn->id = WPI_ID_UNDEFINED; 1668 1669 return &wn->ni; 1670 } 1671 1672 static void 1673 wpi_node_free(struct ieee80211_node *ni) 1674 { 1675 struct wpi_softc *sc = ni->ni_ic->ic_softc; 1676 struct wpi_node *wn = WPI_NODE(ni); 1677 1678 if (wn->id != WPI_ID_UNDEFINED) { 1679 WPI_NT_LOCK(sc); 1680 if (wpi_check_node_entry(sc, wn->id)) { 1681 wpi_del_node_entry(sc, wn->id); 1682 wpi_del_node(sc, ni); 1683 } 1684 WPI_NT_UNLOCK(sc); 1685 } 1686 1687 sc->sc_node_free(ni); 1688 } 1689 1690 static __inline int 1691 wpi_check_bss_filter(struct wpi_softc *sc) 1692 { 1693 return (sc->rxon.filter & htole32(WPI_FILTER_BSS)) != 0; 1694 } 1695 1696 static void 1697 wpi_ibss_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 1698 const struct ieee80211_rx_stats *rxs, 1699 int rssi, int nf) 1700 { 1701 struct ieee80211vap *vap = ni->ni_vap; 1702 struct wpi_softc *sc = vap->iv_ic->ic_softc; 1703 struct wpi_vap *wvp = WPI_VAP(vap); 1704 uint64_t ni_tstamp, rx_tstamp; 1705 1706 wvp->wv_recv_mgmt(ni, m, subtype, rxs, rssi, nf); 1707 1708 if (vap->iv_state == IEEE80211_S_RUN && 1709 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 1710 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 1711 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 1712 rx_tstamp = le64toh(sc->rx_tstamp); 1713 1714 if (ni_tstamp >= rx_tstamp) { 1715 DPRINTF(sc, WPI_DEBUG_STATE, 1716 "ibss merge, tsf %ju tstamp %ju\n", 1717 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 1718 (void) ieee80211_ibss_merge(ni); 1719 } 1720 } 1721 } 1722 1723 static void 1724 wpi_restore_node(void *arg, struct ieee80211_node *ni) 1725 { 1726 struct wpi_softc *sc = arg; 1727 struct wpi_node *wn = WPI_NODE(ni); 1728 int error; 1729 1730 WPI_NT_LOCK(sc); 1731 if (wn->id != WPI_ID_UNDEFINED) { 1732 wn->id = WPI_ID_UNDEFINED; 1733 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 1734 device_printf(sc->sc_dev, 1735 "%s: could not add IBSS node, error %d\n", 1736 __func__, error); 1737 } 1738 } 1739 WPI_NT_UNLOCK(sc); 1740 } 1741 1742 static void 1743 wpi_restore_node_table(struct wpi_softc *sc, struct wpi_vap *wvp) 1744 { 1745 struct ieee80211com *ic = &sc->sc_ic; 1746 1747 /* Set group keys once. */ 1748 WPI_NT_LOCK(sc); 1749 wvp->wv_gtk = 0; 1750 WPI_NT_UNLOCK(sc); 1751 1752 ieee80211_iterate_nodes(&ic->ic_sta, wpi_restore_node, sc); 1753 ieee80211_crypto_reload_keys(ic); 1754 } 1755 1756 /** 1757 * Called by net80211 when ever there is a change to 80211 state machine 1758 */ 1759 static int 1760 wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1761 { 1762 struct wpi_vap *wvp = WPI_VAP(vap); 1763 struct ieee80211com *ic = vap->iv_ic; 1764 struct wpi_softc *sc = ic->ic_softc; 1765 int error = 0; 1766 1767 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1768 1769 WPI_TXQ_LOCK(sc); 1770 if (nstate > IEEE80211_S_INIT && sc->sc_running == 0) { 1771 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1772 WPI_TXQ_UNLOCK(sc); 1773 1774 return ENXIO; 1775 } 1776 WPI_TXQ_UNLOCK(sc); 1777 1778 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1779 ieee80211_state_name[vap->iv_state], 1780 ieee80211_state_name[nstate]); 1781 1782 if (vap->iv_state == IEEE80211_S_RUN && nstate < IEEE80211_S_RUN) { 1783 if ((error = wpi_set_pslevel(sc, 0, 0, 1)) != 0) { 1784 device_printf(sc->sc_dev, 1785 "%s: could not set power saving level\n", 1786 __func__); 1787 return error; 1788 } 1789 1790 wpi_set_led(sc, WPI_LED_LINK, 1, 0); 1791 } 1792 1793 switch (nstate) { 1794 case IEEE80211_S_SCAN: 1795 WPI_RXON_LOCK(sc); 1796 if (wpi_check_bss_filter(sc) != 0) { 1797 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1798 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1799 device_printf(sc->sc_dev, 1800 "%s: could not send RXON\n", __func__); 1801 } 1802 } 1803 WPI_RXON_UNLOCK(sc); 1804 break; 1805 1806 case IEEE80211_S_ASSOC: 1807 if (vap->iv_state != IEEE80211_S_RUN) 1808 break; 1809 /* FALLTHROUGH */ 1810 case IEEE80211_S_AUTH: 1811 /* 1812 * NB: do not optimize AUTH -> AUTH state transmission - 1813 * this will break powersave with non-QoS AP! 1814 */ 1815 1816 /* 1817 * The node must be registered in the firmware before auth. 1818 * Also the associd must be cleared on RUN -> ASSOC 1819 * transitions. 1820 */ 1821 if ((error = wpi_auth(sc, vap)) != 0) { 1822 device_printf(sc->sc_dev, 1823 "%s: could not move to AUTH state, error %d\n", 1824 __func__, error); 1825 } 1826 break; 1827 1828 case IEEE80211_S_RUN: 1829 /* 1830 * RUN -> RUN transition: 1831 * STA mode: Just restart the timers. 1832 * IBSS mode: Process IBSS merge. 1833 */ 1834 if (vap->iv_state == IEEE80211_S_RUN) { 1835 if (vap->iv_opmode != IEEE80211_M_IBSS) { 1836 WPI_RXON_LOCK(sc); 1837 wpi_calib_timeout(sc); 1838 WPI_RXON_UNLOCK(sc); 1839 break; 1840 } else { 1841 /* 1842 * Drop the BSS_FILTER bit 1843 * (there is no another way to change bssid). 1844 */ 1845 WPI_RXON_LOCK(sc); 1846 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1847 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1848 device_printf(sc->sc_dev, 1849 "%s: could not send RXON\n", 1850 __func__); 1851 } 1852 WPI_RXON_UNLOCK(sc); 1853 1854 /* Restore all what was lost. */ 1855 wpi_restore_node_table(sc, wvp); 1856 1857 /* XXX set conditionally? */ 1858 wpi_updateedca(ic); 1859 } 1860 } 1861 1862 /* 1863 * !RUN -> RUN requires setting the association id 1864 * which is done with a firmware cmd. We also defer 1865 * starting the timers until that work is done. 1866 */ 1867 if ((error = wpi_run(sc, vap)) != 0) { 1868 device_printf(sc->sc_dev, 1869 "%s: could not move to RUN state\n", __func__); 1870 } 1871 break; 1872 1873 default: 1874 break; 1875 } 1876 if (error != 0) { 1877 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1878 return error; 1879 } 1880 1881 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1882 1883 return wvp->wv_newstate(vap, nstate, arg); 1884 } 1885 1886 static void 1887 wpi_calib_timeout(void *arg) 1888 { 1889 struct wpi_softc *sc = arg; 1890 1891 if (wpi_check_bss_filter(sc) == 0) 1892 return; 1893 1894 wpi_power_calibration(sc); 1895 1896 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 1897 } 1898 1899 static __inline uint8_t 1900 rate2plcp(const uint8_t rate) 1901 { 1902 switch (rate) { 1903 case 12: return 0xd; 1904 case 18: return 0xf; 1905 case 24: return 0x5; 1906 case 36: return 0x7; 1907 case 48: return 0x9; 1908 case 72: return 0xb; 1909 case 96: return 0x1; 1910 case 108: return 0x3; 1911 case 2: return 10; 1912 case 4: return 20; 1913 case 11: return 55; 1914 case 22: return 110; 1915 default: return 0; 1916 } 1917 } 1918 1919 static __inline uint8_t 1920 plcp2rate(const uint8_t plcp) 1921 { 1922 switch (plcp) { 1923 case 0xd: return 12; 1924 case 0xf: return 18; 1925 case 0x5: return 24; 1926 case 0x7: return 36; 1927 case 0x9: return 48; 1928 case 0xb: return 72; 1929 case 0x1: return 96; 1930 case 0x3: return 108; 1931 case 10: return 2; 1932 case 20: return 4; 1933 case 55: return 11; 1934 case 110: return 22; 1935 default: return 0; 1936 } 1937 } 1938 1939 /* Quickly determine if a given rate is CCK or OFDM. */ 1940 #define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1941 1942 static void 1943 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1944 struct wpi_rx_data *data) 1945 { 1946 struct ieee80211com *ic = &sc->sc_ic; 1947 struct wpi_rx_ring *ring = &sc->rxq; 1948 struct wpi_rx_stat *stat; 1949 struct wpi_rx_head *head; 1950 struct wpi_rx_tail *tail; 1951 struct ieee80211_frame *wh; 1952 struct ieee80211_node *ni; 1953 struct mbuf *m, *m1; 1954 bus_addr_t paddr; 1955 uint32_t flags; 1956 uint16_t len; 1957 int error; 1958 1959 stat = (struct wpi_rx_stat *)(desc + 1); 1960 1961 if (__predict_false(stat->len > WPI_STAT_MAXLEN)) { 1962 device_printf(sc->sc_dev, "invalid RX statistic header\n"); 1963 goto fail1; 1964 } 1965 1966 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 1967 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1968 len = le16toh(head->len); 1969 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len); 1970 flags = le32toh(tail->flags); 1971 1972 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d" 1973 " rate %x chan %d tstamp %ju\n", __func__, ring->cur, 1974 le32toh(desc->len), len, (int8_t)stat->rssi, 1975 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp)); 1976 1977 /* Discard frames with a bad FCS early. */ 1978 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1979 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n", 1980 __func__, flags); 1981 goto fail1; 1982 } 1983 /* Discard frames that are too short. */ 1984 if (len < sizeof (struct ieee80211_frame_ack)) { 1985 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n", 1986 __func__, len); 1987 goto fail1; 1988 } 1989 1990 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1991 if (__predict_false(m1 == NULL)) { 1992 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n", 1993 __func__); 1994 goto fail1; 1995 } 1996 bus_dmamap_unload(ring->data_dmat, data->map); 1997 1998 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *), 1999 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 2000 if (__predict_false(error != 0 && error != EFBIG)) { 2001 device_printf(sc->sc_dev, 2002 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 2003 m_freem(m1); 2004 2005 /* Try to reload the old mbuf. */ 2006 error = bus_dmamap_load(ring->data_dmat, data->map, 2007 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 2008 &paddr, BUS_DMA_NOWAIT); 2009 if (error != 0 && error != EFBIG) { 2010 panic("%s: could not load old RX mbuf", __func__); 2011 } 2012 /* Physical address may have changed. */ 2013 ring->desc[ring->cur] = htole32(paddr); 2014 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map, 2015 BUS_DMASYNC_PREWRITE); 2016 goto fail1; 2017 } 2018 2019 m = data->m; 2020 data->m = m1; 2021 /* Update RX descriptor. */ 2022 ring->desc[ring->cur] = htole32(paddr); 2023 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2024 BUS_DMASYNC_PREWRITE); 2025 2026 /* Finalize mbuf. */ 2027 m->m_data = (caddr_t)(head + 1); 2028 m->m_pkthdr.len = m->m_len = len; 2029 2030 /* Grab a reference to the source node. */ 2031 wh = mtod(m, struct ieee80211_frame *); 2032 2033 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 2034 (flags & WPI_RX_CIPHER_MASK) == WPI_RX_CIPHER_CCMP) { 2035 /* Check whether decryption was successful or not. */ 2036 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 2037 DPRINTF(sc, WPI_DEBUG_RECV, 2038 "CCMP decryption failed 0x%x\n", flags); 2039 goto fail2; 2040 } 2041 m->m_flags |= M_WEP; 2042 } 2043 2044 if (len >= sizeof(struct ieee80211_frame_min)) 2045 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 2046 else 2047 ni = NULL; 2048 2049 sc->rx_tstamp = tail->tstamp; 2050 2051 if (ieee80211_radiotap_active(ic)) { 2052 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 2053 2054 tap->wr_flags = 0; 2055 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE)) 2056 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2057 tap->wr_dbm_antsignal = (int8_t)(stat->rssi + WPI_RSSI_OFFSET); 2058 tap->wr_dbm_antnoise = WPI_RSSI_OFFSET; 2059 tap->wr_tsft = tail->tstamp; 2060 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf; 2061 tap->wr_rate = plcp2rate(head->plcp); 2062 } 2063 2064 WPI_UNLOCK(sc); 2065 2066 /* Send the frame to the 802.11 layer. */ 2067 if (ni != NULL) { 2068 (void)ieee80211_input(ni, m, stat->rssi, WPI_RSSI_OFFSET); 2069 /* Node is no longer needed. */ 2070 ieee80211_free_node(ni); 2071 } else 2072 (void)ieee80211_input_all(ic, m, stat->rssi, WPI_RSSI_OFFSET); 2073 2074 WPI_LOCK(sc); 2075 2076 return; 2077 2078 fail2: m_freem(m); 2079 2080 #if defined(__DragonFly__) 2081 fail1: ; /* not implemented */ 2082 #else 2083 fail1: counter_u64_add(ic->ic_ierrors, 1); 2084 #endif 2085 } 2086 2087 static void 2088 wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc, 2089 struct wpi_rx_data *data) 2090 { 2091 /* Ignore */ 2092 } 2093 2094 static void 2095 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 2096 { 2097 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 2098 struct wpi_tx_data *data = &ring->data[desc->idx]; 2099 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 2100 struct mbuf *m; 2101 struct ieee80211_node *ni; 2102 struct ieee80211vap *vap; 2103 uint32_t status = le32toh(stat->status); 2104 int ackfailcnt = stat->ackfailcnt / WPI_NTRIES_DEFAULT; 2105 2106 KASSERT(data->ni != NULL, ("no node")); 2107 KASSERT(data->m != NULL, ("no mbuf")); 2108 2109 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2110 2111 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: " 2112 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d " 2113 "status %x\n", __func__, desc->qid, desc->idx, stat->ackfailcnt, 2114 stat->btkillcnt, stat->rate, le32toh(stat->duration), status); 2115 2116 /* Unmap and free mbuf. */ 2117 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE); 2118 bus_dmamap_unload(ring->data_dmat, data->map); 2119 m = data->m, data->m = NULL; 2120 ni = data->ni, data->ni = NULL; 2121 vap = ni->ni_vap; 2122 2123 /* 2124 * Update rate control statistics for the node. 2125 */ 2126 if (status & WPI_TX_STATUS_FAIL) { 2127 ieee80211_ratectl_tx_complete(vap, ni, 2128 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL); 2129 } else 2130 ieee80211_ratectl_tx_complete(vap, ni, 2131 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL); 2132 2133 ieee80211_tx_complete(ni, m, (status & WPI_TX_STATUS_FAIL) != 0); 2134 2135 WPI_TXQ_STATE_LOCK(sc); 2136 if (--ring->queued > 0) 2137 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 2138 else 2139 callout_stop(&sc->tx_timeout); 2140 WPI_TXQ_STATE_UNLOCK(sc); 2141 2142 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2143 } 2144 2145 /* 2146 * Process a "command done" firmware notification. This is where we wakeup 2147 * processes waiting for a synchronous command completion. 2148 */ 2149 static void 2150 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 2151 { 2152 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 2153 struct wpi_tx_data *data; 2154 struct wpi_tx_cmd *cmd; 2155 2156 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid %x idx %d flags %x " 2157 "type %s len %d\n", desc->qid, desc->idx, 2158 desc->flags, wpi_cmd_str(desc->type), 2159 le32toh(desc->len)); 2160 2161 if ((desc->qid & WPI_RX_DESC_QID_MSK) != WPI_CMD_QUEUE_NUM) 2162 return; /* Not a command ack. */ 2163 2164 KASSERT(ring->queued == 0, ("ring->queued must be 0")); 2165 2166 data = &ring->data[desc->idx]; 2167 cmd = &ring->cmd[desc->idx]; 2168 2169 /* If the command was mapped in an mbuf, free it. */ 2170 if (data->m != NULL) { 2171 bus_dmamap_sync(ring->data_dmat, data->map, 2172 BUS_DMASYNC_POSTWRITE); 2173 bus_dmamap_unload(ring->data_dmat, data->map); 2174 m_freem(data->m); 2175 data->m = NULL; 2176 } 2177 2178 wakeup(cmd); 2179 2180 if (desc->type == WPI_CMD_SET_POWER_MODE) { 2181 struct wpi_pmgt_cmd *pcmd = (struct wpi_pmgt_cmd *)cmd->data; 2182 2183 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2184 BUS_DMASYNC_POSTREAD); 2185 2186 WPI_TXQ_LOCK(sc); 2187 if (le16toh(pcmd->flags) & WPI_PS_ALLOW_SLEEP) { 2188 sc->sc_update_rx_ring = wpi_update_rx_ring_ps; 2189 sc->sc_update_tx_ring = wpi_update_tx_ring_ps; 2190 } else { 2191 sc->sc_update_rx_ring = wpi_update_rx_ring; 2192 sc->sc_update_tx_ring = wpi_update_tx_ring; 2193 } 2194 WPI_TXQ_UNLOCK(sc); 2195 } 2196 } 2197 2198 static void 2199 wpi_notif_intr(struct wpi_softc *sc) 2200 { 2201 struct ieee80211com *ic = &sc->sc_ic; 2202 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2203 uint32_t hw; 2204 2205 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 2206 BUS_DMASYNC_POSTREAD); 2207 2208 hw = le32toh(sc->shared->next) & 0xfff; 2209 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 2210 2211 while (sc->rxq.cur != hw) { 2212 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 2213 2214 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2215 struct wpi_rx_desc *desc; 2216 2217 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2218 BUS_DMASYNC_POSTREAD); 2219 desc = mtod(data->m, struct wpi_rx_desc *); 2220 2221 DPRINTF(sc, WPI_DEBUG_NOTIFY, 2222 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n", 2223 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags, 2224 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len)); 2225 2226 if (!(desc->qid & WPI_UNSOLICITED_RX_NOTIF)) { 2227 /* Reply to a command. */ 2228 wpi_cmd_done(sc, desc); 2229 } 2230 2231 switch (desc->type) { 2232 case WPI_RX_DONE: 2233 /* An 802.11 frame has been received. */ 2234 wpi_rx_done(sc, desc, data); 2235 2236 if (__predict_false(sc->sc_running == 0)) { 2237 /* wpi_stop() was called. */ 2238 return; 2239 } 2240 2241 break; 2242 2243 case WPI_TX_DONE: 2244 /* An 802.11 frame has been transmitted. */ 2245 wpi_tx_done(sc, desc); 2246 break; 2247 2248 case WPI_RX_STATISTICS: 2249 case WPI_BEACON_STATISTICS: 2250 wpi_rx_statistics(sc, desc, data); 2251 break; 2252 2253 case WPI_BEACON_MISSED: 2254 { 2255 struct wpi_beacon_missed *miss = 2256 (struct wpi_beacon_missed *)(desc + 1); 2257 uint32_t expected, misses, received, threshold; 2258 2259 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2260 BUS_DMASYNC_POSTREAD); 2261 2262 misses = le32toh(miss->consecutive); 2263 expected = le32toh(miss->expected); 2264 received = le32toh(miss->received); 2265 threshold = MAX(2, vap->iv_bmissthreshold); 2266 2267 DPRINTF(sc, WPI_DEBUG_BMISS, 2268 "%s: beacons missed %u(%u) (received %u/%u)\n", 2269 __func__, misses, le32toh(miss->total), received, 2270 expected); 2271 2272 if (misses >= threshold || 2273 (received == 0 && expected >= threshold)) { 2274 WPI_RXON_LOCK(sc); 2275 if (callout_pending(&sc->scan_timeout)) { 2276 wpi_cmd(sc, WPI_CMD_SCAN_ABORT, NULL, 2277 0, 1); 2278 } 2279 WPI_RXON_UNLOCK(sc); 2280 if (vap->iv_state == IEEE80211_S_RUN && 2281 (ic->ic_flags & IEEE80211_F_SCAN) == 0) 2282 ieee80211_beacon_miss(ic); 2283 } 2284 2285 break; 2286 } 2287 #ifdef WPI_DEBUG 2288 case WPI_BEACON_SENT: 2289 { 2290 struct wpi_tx_stat *stat = 2291 (struct wpi_tx_stat *)(desc + 1); 2292 uint64_t *tsf = (uint64_t *)(stat + 1); 2293 uint32_t *mode = (uint32_t *)(tsf + 1); 2294 2295 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2296 BUS_DMASYNC_POSTREAD); 2297 2298 DPRINTF(sc, WPI_DEBUG_BEACON, 2299 "beacon sent: rts %u, ack %u, btkill %u, rate %u, " 2300 "duration %u, status %x, tsf %ju, mode %x\n", 2301 stat->rtsfailcnt, stat->ackfailcnt, 2302 stat->btkillcnt, stat->rate, le32toh(stat->duration), 2303 le32toh(stat->status), le64toh(*tsf), 2304 le32toh(*mode)); 2305 2306 break; 2307 } 2308 #endif 2309 case WPI_UC_READY: 2310 { 2311 struct wpi_ucode_info *uc = 2312 (struct wpi_ucode_info *)(desc + 1); 2313 2314 /* The microcontroller is ready. */ 2315 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2316 BUS_DMASYNC_POSTREAD); 2317 DPRINTF(sc, WPI_DEBUG_RESET, 2318 "microcode alive notification version=%d.%d " 2319 "subtype=%x alive=%x\n", uc->major, uc->minor, 2320 uc->subtype, le32toh(uc->valid)); 2321 2322 if (le32toh(uc->valid) != 1) { 2323 device_printf(sc->sc_dev, 2324 "microcontroller initialization failed\n"); 2325 wpi_stop_locked(sc); 2326 return; 2327 } 2328 /* Save the address of the error log in SRAM. */ 2329 sc->errptr = le32toh(uc->errptr); 2330 break; 2331 } 2332 case WPI_STATE_CHANGED: 2333 { 2334 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2335 BUS_DMASYNC_POSTREAD); 2336 2337 uint32_t *status = (uint32_t *)(desc + 1); 2338 2339 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n", 2340 le32toh(*status)); 2341 2342 if (le32toh(*status) & 1) { 2343 WPI_NT_LOCK(sc); 2344 wpi_clear_node_table(sc); 2345 WPI_NT_UNLOCK(sc); 2346 ieee80211_runtask(ic, 2347 &sc->sc_radiooff_task); 2348 return; 2349 } 2350 break; 2351 } 2352 #ifdef WPI_DEBUG 2353 case WPI_START_SCAN: 2354 { 2355 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2356 BUS_DMASYNC_POSTREAD); 2357 2358 struct wpi_start_scan *scan = 2359 (struct wpi_start_scan *)(desc + 1); 2360 DPRINTF(sc, WPI_DEBUG_SCAN, 2361 "%s: scanning channel %d status %x\n", 2362 __func__, scan->chan, le32toh(scan->status)); 2363 2364 break; 2365 } 2366 #endif 2367 case WPI_STOP_SCAN: 2368 { 2369 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2370 BUS_DMASYNC_POSTREAD); 2371 2372 struct wpi_stop_scan *scan = 2373 (struct wpi_stop_scan *)(desc + 1); 2374 2375 DPRINTF(sc, WPI_DEBUG_SCAN, 2376 "scan finished nchan=%d status=%d chan=%d\n", 2377 scan->nchan, scan->status, scan->chan); 2378 2379 WPI_RXON_LOCK(sc); 2380 callout_stop(&sc->scan_timeout); 2381 WPI_RXON_UNLOCK(sc); 2382 if (scan->status == WPI_SCAN_ABORTED) 2383 ieee80211_cancel_scan(vap); 2384 else 2385 ieee80211_scan_next(vap); 2386 break; 2387 } 2388 } 2389 2390 if (sc->rxq.cur % 8 == 0) { 2391 /* Tell the firmware what we have processed. */ 2392 sc->sc_update_rx_ring(sc); 2393 } 2394 } 2395 } 2396 2397 /* 2398 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2399 * from power-down sleep mode. 2400 */ 2401 static void 2402 wpi_wakeup_intr(struct wpi_softc *sc) 2403 { 2404 int qid; 2405 2406 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 2407 "%s: ucode wakeup from power-down sleep\n", __func__); 2408 2409 /* Wakeup RX and TX rings. */ 2410 if (sc->rxq.update) { 2411 sc->rxq.update = 0; 2412 wpi_update_rx_ring(sc); 2413 } 2414 WPI_TXQ_LOCK(sc); 2415 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) { 2416 struct wpi_tx_ring *ring = &sc->txq[qid]; 2417 2418 if (ring->update) { 2419 ring->update = 0; 2420 wpi_update_tx_ring(sc, ring); 2421 } 2422 } 2423 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 2424 WPI_TXQ_UNLOCK(sc); 2425 } 2426 2427 /* 2428 * This function prints firmware registers 2429 */ 2430 #ifdef WPI_DEBUG 2431 static void 2432 wpi_debug_registers(struct wpi_softc *sc) 2433 { 2434 size_t i; 2435 static const uint32_t csr_tbl[] = { 2436 WPI_HW_IF_CONFIG, 2437 WPI_INT, 2438 WPI_INT_MASK, 2439 WPI_FH_INT, 2440 WPI_GPIO_IN, 2441 WPI_RESET, 2442 WPI_GP_CNTRL, 2443 WPI_EEPROM, 2444 WPI_EEPROM_GP, 2445 WPI_GIO, 2446 WPI_UCODE_GP1, 2447 WPI_UCODE_GP2, 2448 WPI_GIO_CHICKEN, 2449 WPI_ANA_PLL, 2450 WPI_DBG_HPET_MEM, 2451 }; 2452 static const uint32_t prph_tbl[] = { 2453 WPI_APMG_CLK_CTRL, 2454 WPI_APMG_PS, 2455 WPI_APMG_PCI_STT, 2456 WPI_APMG_RFKILL, 2457 }; 2458 2459 DPRINTF(sc, WPI_DEBUG_REGISTER,"%s","\n"); 2460 2461 for (i = 0; i < nitems(csr_tbl); i++) { 2462 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2463 wpi_get_csr_string(csr_tbl[i]), WPI_READ(sc, csr_tbl[i])); 2464 2465 if ((i + 1) % 2 == 0) 2466 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2467 } 2468 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n\n"); 2469 2470 if (wpi_nic_lock(sc) == 0) { 2471 for (i = 0; i < nitems(prph_tbl); i++) { 2472 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2473 wpi_get_prph_string(prph_tbl[i]), 2474 wpi_prph_read(sc, prph_tbl[i])); 2475 2476 if ((i + 1) % 2 == 0) 2477 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2478 } 2479 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2480 wpi_nic_unlock(sc); 2481 } else { 2482 DPRINTF(sc, WPI_DEBUG_REGISTER, 2483 "Cannot access internal registers.\n"); 2484 } 2485 } 2486 #endif 2487 2488 /* 2489 * Dump the error log of the firmware when a firmware panic occurs. Although 2490 * we can't debug the firmware because it is neither open source nor free, it 2491 * can help us to identify certain classes of problems. 2492 */ 2493 static void 2494 wpi_fatal_intr(struct wpi_softc *sc) 2495 { 2496 struct wpi_fw_dump dump; 2497 uint32_t i, offset, count; 2498 2499 /* Check that the error log address is valid. */ 2500 if (sc->errptr < WPI_FW_DATA_BASE || 2501 sc->errptr + sizeof (dump) > 2502 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 2503 kprintf("%s: bad firmware error log address 0x%08x\n", __func__, 2504 sc->errptr); 2505 return; 2506 } 2507 if (wpi_nic_lock(sc) != 0) { 2508 kprintf("%s: could not read firmware error log\n", __func__); 2509 return; 2510 } 2511 /* Read number of entries in the log. */ 2512 count = wpi_mem_read(sc, sc->errptr); 2513 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 2514 kprintf("%s: invalid count field (count = %u)\n", __func__, 2515 count); 2516 wpi_nic_unlock(sc); 2517 return; 2518 } 2519 /* Skip "count" field. */ 2520 offset = sc->errptr + sizeof (uint32_t); 2521 kprintf("firmware error log (count = %u):\n", count); 2522 for (i = 0; i < count; i++) { 2523 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 2524 sizeof (dump) / sizeof (uint32_t)); 2525 2526 kprintf(" error type = \"%s\" (0x%08X)\n", 2527 (dump.desc < nitems(wpi_fw_errmsg)) ? 2528 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 2529 dump.desc); 2530 kprintf(" error data = 0x%08X\n", 2531 dump.data); 2532 kprintf(" branch link = 0x%08X%08X\n", 2533 dump.blink[0], dump.blink[1]); 2534 kprintf(" interrupt link = 0x%08X%08X\n", 2535 dump.ilink[0], dump.ilink[1]); 2536 kprintf(" time = %u\n", dump.time); 2537 2538 offset += sizeof (dump); 2539 } 2540 wpi_nic_unlock(sc); 2541 /* Dump driver status (TX and RX rings) while we're here. */ 2542 kprintf("driver status:\n"); 2543 WPI_TXQ_LOCK(sc); 2544 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) { 2545 struct wpi_tx_ring *ring = &sc->txq[i]; 2546 kprintf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2547 i, ring->qid, ring->cur, ring->queued); 2548 } 2549 WPI_TXQ_UNLOCK(sc); 2550 kprintf(" rx ring: cur=%d\n", sc->rxq.cur); 2551 } 2552 2553 static void 2554 wpi_intr(void *arg) 2555 { 2556 struct wpi_softc *sc = arg; 2557 uint32_t r1, r2; 2558 2559 WPI_LOCK(sc); 2560 2561 /* Disable interrupts. */ 2562 WPI_WRITE(sc, WPI_INT_MASK, 0); 2563 2564 r1 = WPI_READ(sc, WPI_INT); 2565 2566 if (__predict_false(r1 == 0xffffffff || 2567 (r1 & 0xfffffff0) == 0xa5a5a5a0)) 2568 goto end; /* Hardware gone! */ 2569 2570 r2 = WPI_READ(sc, WPI_FH_INT); 2571 2572 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__, 2573 r1, r2); 2574 2575 if (r1 == 0 && r2 == 0) 2576 goto done; /* Interrupt not for us. */ 2577 2578 /* Acknowledge interrupts. */ 2579 WPI_WRITE(sc, WPI_INT, r1); 2580 WPI_WRITE(sc, WPI_FH_INT, r2); 2581 2582 if (__predict_false(r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR))) { 2583 struct ieee80211com *ic = &sc->sc_ic; 2584 2585 device_printf(sc->sc_dev, "fatal firmware error\n"); 2586 #ifdef WPI_DEBUG 2587 wpi_debug_registers(sc); 2588 #endif 2589 wpi_fatal_intr(sc); 2590 DPRINTF(sc, WPI_DEBUG_HW, 2591 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" : 2592 "(Hardware Error)"); 2593 ieee80211_restart_all(ic); 2594 goto end; 2595 } 2596 2597 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 2598 (r2 & WPI_FH_INT_RX)) 2599 wpi_notif_intr(sc); 2600 2601 if (r1 & WPI_INT_ALIVE) 2602 wakeup(sc); /* Firmware is alive. */ 2603 2604 if (r1 & WPI_INT_WAKEUP) 2605 wpi_wakeup_intr(sc); 2606 2607 done: 2608 /* Re-enable interrupts. */ 2609 if (__predict_true(sc->sc_running)) 2610 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 2611 2612 end: WPI_UNLOCK(sc); 2613 } 2614 2615 static void 2616 wpi_free_txfrags(struct wpi_softc *sc, uint16_t ac) 2617 { 2618 struct wpi_tx_ring *ring; 2619 struct wpi_tx_data *data; 2620 uint8_t cur; 2621 2622 WPI_TXQ_LOCK(sc); 2623 ring = &sc->txq[ac]; 2624 2625 while (ring->pending != 0) { 2626 ring->pending--; 2627 cur = (ring->cur + ring->pending) % WPI_TX_RING_COUNT; 2628 data = &ring->data[cur]; 2629 2630 bus_dmamap_sync(ring->data_dmat, data->map, 2631 BUS_DMASYNC_POSTWRITE); 2632 bus_dmamap_unload(ring->data_dmat, data->map); 2633 m_freem(data->m); 2634 data->m = NULL; 2635 2636 ieee80211_node_decref(data->ni); 2637 data->ni = NULL; 2638 } 2639 2640 WPI_TXQ_UNLOCK(sc); 2641 } 2642 2643 static int 2644 wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf) 2645 { 2646 struct ieee80211_frame *wh; 2647 struct wpi_tx_cmd *cmd; 2648 struct wpi_tx_data *data; 2649 struct wpi_tx_desc *desc; 2650 struct wpi_tx_ring *ring; 2651 struct mbuf *m1; 2652 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER]; 2653 uint8_t cur, pad; 2654 uint16_t hdrlen; 2655 int error, i, nsegs, totlen, frag; 2656 2657 WPI_TXQ_LOCK(sc); 2658 2659 KASSERT(buf->size <= sizeof(buf->data), ("buffer overflow")); 2660 2661 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2662 2663 if (__predict_false(sc->sc_running == 0)) { 2664 /* wpi_stop() was called */ 2665 error = ENETDOWN; 2666 goto end; 2667 } 2668 2669 wh = mtod(buf->m, struct ieee80211_frame *); 2670 hdrlen = ieee80211_anyhdrsize(wh); 2671 totlen = buf->m->m_pkthdr.len; 2672 frag = ((buf->m->m_flags & (M_FRAG | M_LASTFRAG)) == M_FRAG); 2673 2674 if (__predict_false(totlen < sizeof(struct ieee80211_frame_min))) { 2675 error = EINVAL; 2676 goto end; 2677 } 2678 2679 if (hdrlen & 3) { 2680 /* First segment length must be a multiple of 4. */ 2681 pad = 4 - (hdrlen & 3); 2682 } else 2683 pad = 0; 2684 2685 ring = &sc->txq[buf->ac]; 2686 cur = (ring->cur + ring->pending) % WPI_TX_RING_COUNT; 2687 desc = &ring->desc[cur]; 2688 data = &ring->data[cur]; 2689 2690 /* Prepare TX firmware command. */ 2691 cmd = &ring->cmd[cur]; 2692 cmd->code = buf->code; 2693 cmd->flags = 0; 2694 cmd->qid = ring->qid; 2695 cmd->idx = cur; 2696 2697 memcpy(cmd->data, buf->data, buf->size); 2698 2699 /* Save and trim IEEE802.11 header. */ 2700 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen); 2701 m_adj(buf->m, hdrlen); 2702 2703 #if defined(__DragonFly__) 2704 error = bus_dmamap_load_mbuf_segment(ring->data_dmat, data->map, buf->m, 2705 segs, 1, &nsegs, BUS_DMA_NOWAIT); 2706 #else 2707 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m, 2708 segs, &nsegs, BUS_DMA_NOWAIT); 2709 #endif 2710 if (error != 0 && error != EFBIG) { 2711 device_printf(sc->sc_dev, 2712 "%s: can't map mbuf (error %d)\n", __func__, error); 2713 goto end; 2714 } 2715 if (error != 0) { 2716 /* Too many DMA segments, linearize mbuf. */ 2717 #if defined(__DragonFly__) 2718 m1 = m_defrag(buf->m, M_NOWAIT); 2719 #else 2720 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1); 2721 #endif 2722 if (m1 == NULL) { 2723 device_printf(sc->sc_dev, 2724 "%s: could not defrag mbuf\n", __func__); 2725 error = ENOBUFS; 2726 goto end; 2727 } 2728 buf->m = m1; 2729 2730 #if defined(__DragonFly__) 2731 error = bus_dmamap_load_mbuf_segment(ring->data_dmat, data->map, 2732 buf->m, segs, 1, &nsegs, BUS_DMA_NOWAIT); 2733 #else 2734 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, 2735 buf->m, segs, &nsegs, BUS_DMA_NOWAIT); 2736 #endif 2737 if (__predict_false(error != 0)) { 2738 /* XXX fix this (applicable to the iwn(4) too) */ 2739 /* 2740 * NB: Do not return error; 2741 * original mbuf does not exist anymore. 2742 */ 2743 device_printf(sc->sc_dev, 2744 "%s: can't map mbuf (error %d)\n", __func__, 2745 error); 2746 if (ring->qid < WPI_CMD_QUEUE_NUM) { 2747 if_inc_counter(buf->ni->ni_vap->iv_ifp, 2748 IFCOUNTER_OERRORS, 1); 2749 if (!frag) 2750 ieee80211_free_node(buf->ni); 2751 } 2752 m_freem(buf->m); 2753 error = 0; 2754 goto end; 2755 } 2756 } 2757 2758 KASSERT(nsegs < WPI_MAX_SCATTER, 2759 ("too many DMA segments, nsegs (%d) should be less than %d", 2760 nsegs, WPI_MAX_SCATTER)); 2761 2762 data->m = buf->m; 2763 data->ni = buf->ni; 2764 2765 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n", 2766 __func__, ring->qid, cur, totlen, nsegs); 2767 2768 /* Fill TX descriptor. */ 2769 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs); 2770 /* First DMA segment is used by the TX command. */ 2771 desc->segs[0].addr = htole32(data->cmd_paddr); 2772 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad); 2773 /* Other DMA segments are for data payload. */ 2774 seg = &segs[0]; 2775 for (i = 1; i <= nsegs; i++) { 2776 desc->segs[i].addr = htole32(seg->ds_addr); 2777 desc->segs[i].len = htole32(seg->ds_len); 2778 seg++; 2779 } 2780 2781 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE); 2782 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2783 BUS_DMASYNC_PREWRITE); 2784 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2785 BUS_DMASYNC_PREWRITE); 2786 2787 ring->pending += 1; 2788 2789 if (!frag) { 2790 if (ring->qid < WPI_CMD_QUEUE_NUM) { 2791 WPI_TXQ_STATE_LOCK(sc); 2792 ring->queued += ring->pending; 2793 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, 2794 sc); 2795 WPI_TXQ_STATE_UNLOCK(sc); 2796 } 2797 2798 /* Kick TX ring. */ 2799 ring->cur = (ring->cur + ring->pending) % WPI_TX_RING_COUNT; 2800 ring->pending = 0; 2801 sc->sc_update_tx_ring(sc, ring); 2802 } else 2803 ieee80211_node_incref(data->ni); 2804 2805 end: DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 2806 __func__); 2807 2808 WPI_TXQ_UNLOCK(sc); 2809 2810 return (error); 2811 } 2812 2813 /* 2814 * Construct the data packet for a transmit buffer. 2815 */ 2816 static int 2817 wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2818 { 2819 const struct ieee80211_txparam *tp; 2820 struct ieee80211vap *vap = ni->ni_vap; 2821 struct ieee80211com *ic = ni->ni_ic; 2822 struct wpi_node *wn = WPI_NODE(ni); 2823 struct ieee80211_channel *chan; 2824 struct ieee80211_frame *wh; 2825 struct ieee80211_key *k = NULL; 2826 struct wpi_buf tx_data; 2827 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2828 uint32_t flags; 2829 uint16_t ac, qos; 2830 uint8_t tid, type, rate; 2831 int swcrypt, ismcast, totlen; 2832 2833 wh = mtod(m, struct ieee80211_frame *); 2834 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2835 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2836 swcrypt = 1; 2837 2838 /* Select EDCA Access Category and TX ring for this frame. */ 2839 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2840 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2841 tid = qos & IEEE80211_QOS_TID; 2842 } else { 2843 qos = 0; 2844 tid = 0; 2845 } 2846 ac = M_WME_GETAC(m); 2847 2848 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ? 2849 ni->ni_chan : ic->ic_curchan; 2850 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2851 2852 /* Choose a TX rate index. */ 2853 if (type == IEEE80211_FC0_TYPE_MGT) 2854 rate = tp->mgmtrate; 2855 else if (ismcast) 2856 rate = tp->mcastrate; 2857 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2858 rate = tp->ucastrate; 2859 else if (m->m_flags & M_EAPOL) 2860 rate = tp->mgmtrate; 2861 else { 2862 /* XXX pass pktlen */ 2863 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2864 rate = ni->ni_txrate; 2865 } 2866 2867 /* Encrypt the frame if need be. */ 2868 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2869 /* Retrieve key for TX. */ 2870 k = ieee80211_crypto_encap(ni, m); 2871 if (k == NULL) 2872 return (ENOBUFS); 2873 2874 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2875 2876 /* 802.11 header may have moved. */ 2877 wh = mtod(m, struct ieee80211_frame *); 2878 } 2879 totlen = m->m_pkthdr.len; 2880 2881 if (ieee80211_radiotap_active_vap(vap)) { 2882 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2883 2884 tap->wt_flags = 0; 2885 tap->wt_rate = rate; 2886 if (k != NULL) 2887 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2888 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2889 tap->wt_flags |= IEEE80211_RADIOTAP_F_FRAG; 2890 2891 ieee80211_radiotap_tx(vap, m); 2892 } 2893 2894 flags = 0; 2895 if (!ismcast) { 2896 /* Unicast frame, check if an ACK is expected. */ 2897 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2898 IEEE80211_QOS_ACKPOLICY_NOACK) 2899 flags |= WPI_TX_NEED_ACK; 2900 } 2901 2902 if (!IEEE80211_QOS_HAS_SEQ(wh)) 2903 flags |= WPI_TX_AUTO_SEQ; 2904 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2905 flags |= WPI_TX_MORE_FRAG; 2906 2907 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2908 if (!ismcast) { 2909 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2910 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) { 2911 flags |= WPI_TX_NEED_RTS; 2912 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2913 WPI_RATE_IS_OFDM(rate)) { 2914 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2915 flags |= WPI_TX_NEED_CTS; 2916 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2917 flags |= WPI_TX_NEED_RTS; 2918 } 2919 2920 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2921 flags |= WPI_TX_FULL_TXOP; 2922 } 2923 2924 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2925 if (type == IEEE80211_FC0_TYPE_MGT) { 2926 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2927 2928 /* Tell HW to set timestamp in probe responses. */ 2929 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2930 flags |= WPI_TX_INSERT_TSTAMP; 2931 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2932 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2933 tx->timeout = htole16(3); 2934 else 2935 tx->timeout = htole16(2); 2936 } 2937 2938 if (ismcast || type != IEEE80211_FC0_TYPE_DATA) 2939 tx->id = WPI_ID_BROADCAST; 2940 else { 2941 if (wn->id == WPI_ID_UNDEFINED) { 2942 device_printf(sc->sc_dev, 2943 "%s: undefined node id\n", __func__); 2944 return (EINVAL); 2945 } 2946 2947 tx->id = wn->id; 2948 } 2949 2950 if (!swcrypt) { 2951 switch (k->wk_cipher->ic_cipher) { 2952 case IEEE80211_CIPHER_AES_CCM: 2953 tx->security = WPI_CIPHER_CCMP; 2954 break; 2955 2956 default: 2957 break; 2958 } 2959 2960 memcpy(tx->key, k->wk_key, k->wk_keylen); 2961 } 2962 2963 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) { 2964 struct mbuf *next = m->m_nextpkt; 2965 2966 tx->lnext = htole16(next->m_pkthdr.len); 2967 tx->fnext = htole32(tx->security | 2968 (flags & WPI_TX_NEED_ACK) | 2969 WPI_NEXT_STA_ID(tx->id)); 2970 } 2971 2972 tx->len = htole16(totlen); 2973 tx->flags = htole32(flags); 2974 tx->plcp = rate2plcp(rate); 2975 tx->tid = tid; 2976 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2977 tx->ofdm_mask = 0xff; 2978 tx->cck_mask = 0x0f; 2979 tx->rts_ntries = 7; 2980 tx->data_ntries = tp->maxretry; 2981 2982 tx_data.ni = ni; 2983 tx_data.m = m; 2984 tx_data.size = sizeof(struct wpi_cmd_data); 2985 tx_data.code = WPI_CMD_TX_DATA; 2986 tx_data.ac = ac; 2987 2988 return wpi_cmd2(sc, &tx_data); 2989 } 2990 2991 static int 2992 wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m, 2993 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) 2994 { 2995 struct ieee80211vap *vap = ni->ni_vap; 2996 struct ieee80211_key *k = NULL; 2997 struct ieee80211_frame *wh; 2998 struct wpi_buf tx_data; 2999 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 3000 uint32_t flags; 3001 uint8_t ac, type, rate; 3002 int swcrypt, totlen; 3003 3004 wh = mtod(m, struct ieee80211_frame *); 3005 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3006 swcrypt = 1; 3007 3008 ac = params->ibp_pri & 3; 3009 3010 /* Choose a TX rate index. */ 3011 rate = params->ibp_rate0; 3012 3013 flags = 0; 3014 if (!IEEE80211_QOS_HAS_SEQ(wh)) 3015 flags |= WPI_TX_AUTO_SEQ; 3016 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3017 flags |= WPI_TX_NEED_ACK; 3018 if (params->ibp_flags & IEEE80211_BPF_RTS) 3019 flags |= WPI_TX_NEED_RTS; 3020 if (params->ibp_flags & IEEE80211_BPF_CTS) 3021 flags |= WPI_TX_NEED_CTS; 3022 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 3023 flags |= WPI_TX_FULL_TXOP; 3024 3025 /* Encrypt the frame if need be. */ 3026 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 3027 /* Retrieve key for TX. */ 3028 k = ieee80211_crypto_encap(ni, m); 3029 if (k == NULL) 3030 return (ENOBUFS); 3031 3032 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 3033 3034 /* 802.11 header may have moved. */ 3035 wh = mtod(m, struct ieee80211_frame *); 3036 } 3037 totlen = m->m_pkthdr.len; 3038 3039 if (ieee80211_radiotap_active_vap(vap)) { 3040 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 3041 3042 tap->wt_flags = 0; 3043 tap->wt_rate = rate; 3044 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) 3045 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3046 3047 ieee80211_radiotap_tx(vap, m); 3048 } 3049 3050 memset(tx, 0, sizeof (struct wpi_cmd_data)); 3051 if (type == IEEE80211_FC0_TYPE_MGT) { 3052 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3053 3054 /* Tell HW to set timestamp in probe responses. */ 3055 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 3056 flags |= WPI_TX_INSERT_TSTAMP; 3057 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3058 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 3059 tx->timeout = htole16(3); 3060 else 3061 tx->timeout = htole16(2); 3062 } 3063 3064 if (!swcrypt) { 3065 switch (k->wk_cipher->ic_cipher) { 3066 case IEEE80211_CIPHER_AES_CCM: 3067 tx->security = WPI_CIPHER_CCMP; 3068 break; 3069 3070 default: 3071 break; 3072 } 3073 3074 memcpy(tx->key, k->wk_key, k->wk_keylen); 3075 } 3076 3077 tx->len = htole16(totlen); 3078 tx->flags = htole32(flags); 3079 tx->plcp = rate2plcp(rate); 3080 tx->id = WPI_ID_BROADCAST; 3081 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 3082 tx->rts_ntries = params->ibp_try1; 3083 tx->data_ntries = params->ibp_try0; 3084 3085 tx_data.ni = ni; 3086 tx_data.m = m; 3087 tx_data.size = sizeof(struct wpi_cmd_data); 3088 tx_data.code = WPI_CMD_TX_DATA; 3089 tx_data.ac = ac; 3090 3091 return wpi_cmd2(sc, &tx_data); 3092 } 3093 3094 static __inline int 3095 wpi_tx_ring_free_space(struct wpi_softc *sc, uint16_t ac) 3096 { 3097 struct wpi_tx_ring *ring = &sc->txq[ac]; 3098 int retval; 3099 3100 WPI_TXQ_STATE_LOCK(sc); 3101 retval = WPI_TX_RING_HIMARK - ring->queued; 3102 WPI_TXQ_STATE_UNLOCK(sc); 3103 3104 return retval; 3105 } 3106 3107 static int 3108 wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3109 const struct ieee80211_bpf_params *params) 3110 { 3111 struct ieee80211com *ic = ni->ni_ic; 3112 struct wpi_softc *sc = ic->ic_softc; 3113 uint16_t ac; 3114 int error = 0; 3115 3116 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3117 3118 ac = M_WME_GETAC(m); 3119 3120 WPI_TX_LOCK(sc); 3121 3122 /* NB: no fragments here */ 3123 if (sc->sc_running == 0 || wpi_tx_ring_free_space(sc, ac) < 1) { 3124 error = sc->sc_running ? ENOBUFS : ENETDOWN; 3125 goto unlock; 3126 } 3127 3128 if (params == NULL) { 3129 /* 3130 * Legacy path; interpret frame contents to decide 3131 * precisely how to send the frame. 3132 */ 3133 error = wpi_tx_data(sc, m, ni); 3134 } else { 3135 /* 3136 * Caller supplied explicit parameters to use in 3137 * sending the frame. 3138 */ 3139 error = wpi_tx_data_raw(sc, m, ni, params); 3140 } 3141 3142 unlock: WPI_TX_UNLOCK(sc); 3143 3144 if (error != 0) { 3145 m_freem(m); 3146 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3147 3148 return error; 3149 } 3150 3151 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3152 3153 return 0; 3154 } 3155 3156 static int 3157 wpi_transmit(struct ieee80211com *ic, struct mbuf *m) 3158 { 3159 struct wpi_softc *sc = ic->ic_softc; 3160 struct ieee80211_node *ni; 3161 struct mbuf *mnext; 3162 uint16_t ac; 3163 int error, nmbufs; 3164 3165 WPI_TX_LOCK(sc); 3166 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__); 3167 3168 /* Check if interface is up & running. */ 3169 if (__predict_false(sc->sc_running == 0)) { 3170 error = ENXIO; 3171 goto unlock; 3172 } 3173 3174 nmbufs = 1; 3175 for (mnext = m->m_nextpkt; mnext != NULL; mnext = mnext->m_nextpkt) 3176 nmbufs++; 3177 3178 /* Check for available space. */ 3179 ac = M_WME_GETAC(m); 3180 if (wpi_tx_ring_free_space(sc, ac) < nmbufs) { 3181 error = ENOBUFS; 3182 goto unlock; 3183 } 3184 3185 error = 0; 3186 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3187 do { 3188 mnext = m->m_nextpkt; 3189 if (wpi_tx_data(sc, m, ni) != 0) { 3190 /* 3191 * Breakout if error, but we will return 0 (no error) 3192 * for this case so we are responsible for freeing 3193 * the mbuf and the node. 3194 */ 3195 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 3196 nmbufs); 3197 wpi_free_txfrags(sc, ac); 3198 ieee80211_free_mbuf(m); 3199 ieee80211_free_node(ni); 3200 break; 3201 } 3202 } while((m = mnext) != NULL); 3203 3204 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__); 3205 3206 unlock: WPI_TX_UNLOCK(sc); 3207 3208 return (error); 3209 } 3210 3211 static void 3212 wpi_watchdog_rfkill(void *arg) 3213 { 3214 struct wpi_softc *sc = arg; 3215 struct ieee80211com *ic = &sc->sc_ic; 3216 3217 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n"); 3218 3219 /* No need to lock firmware memory. */ 3220 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) { 3221 /* Radio kill switch is still off. */ 3222 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 3223 sc); 3224 } else 3225 ieee80211_runtask(ic, &sc->sc_radioon_task); 3226 } 3227 3228 static void 3229 wpi_scan_timeout(void *arg) 3230 { 3231 struct wpi_softc *sc = arg; 3232 struct ieee80211com *ic = &sc->sc_ic; 3233 3234 ic_printf(ic, "scan timeout\n"); 3235 ieee80211_restart_all(ic); 3236 } 3237 3238 static void 3239 wpi_tx_timeout(void *arg) 3240 { 3241 struct wpi_softc *sc = arg; 3242 struct ieee80211com *ic = &sc->sc_ic; 3243 3244 ic_printf(ic, "device timeout\n"); 3245 ieee80211_restart_all(ic); 3246 } 3247 3248 static void 3249 wpi_parent(struct ieee80211com *ic) 3250 { 3251 struct wpi_softc *sc = ic->ic_softc; 3252 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3253 3254 if (ic->ic_nrunning > 0) { 3255 if (wpi_init(sc) == 0) { 3256 ieee80211_notify_radio(ic, 1); 3257 ieee80211_start_all(ic); 3258 } else { 3259 ieee80211_notify_radio(ic, 0); 3260 ieee80211_stop(vap); 3261 } 3262 } else { 3263 ieee80211_notify_radio(ic, 0); 3264 wpi_stop(sc); 3265 } 3266 } 3267 3268 /* 3269 * Send a command to the firmware. 3270 */ 3271 static int 3272 wpi_cmd(struct wpi_softc *sc, uint8_t code, const void *buf, uint16_t size, 3273 int async) 3274 { 3275 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 3276 struct wpi_tx_desc *desc; 3277 struct wpi_tx_data *data; 3278 struct wpi_tx_cmd *cmd; 3279 struct mbuf *m; 3280 bus_addr_t paddr; 3281 uint16_t totlen; 3282 int error; 3283 3284 WPI_TXQ_LOCK(sc); 3285 3286 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3287 3288 if (__predict_false(sc->sc_running == 0)) { 3289 /* wpi_stop() was called */ 3290 if (code == WPI_CMD_SCAN) 3291 error = ENETDOWN; 3292 else 3293 error = 0; 3294 3295 goto fail; 3296 } 3297 3298 if (async == 0) 3299 WPI_LOCK_ASSERT(sc); 3300 3301 DPRINTF(sc, WPI_DEBUG_CMD, "%s: cmd %s size %u async %d\n", 3302 __func__, wpi_cmd_str(code), size, async); 3303 3304 desc = &ring->desc[ring->cur]; 3305 data = &ring->data[ring->cur]; 3306 totlen = 4 + size; 3307 3308 if (size > sizeof cmd->data) { 3309 /* Command is too large to fit in a descriptor. */ 3310 if (totlen > MCLBYTES) { 3311 error = EINVAL; 3312 goto fail; 3313 } 3314 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 3315 if (m == NULL) { 3316 error = ENOMEM; 3317 goto fail; 3318 } 3319 cmd = mtod(m, struct wpi_tx_cmd *); 3320 error = bus_dmamap_load(ring->data_dmat, data->map, cmd, 3321 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 3322 if (error != 0) { 3323 m_freem(m); 3324 goto fail; 3325 } 3326 data->m = m; 3327 } else { 3328 cmd = &ring->cmd[ring->cur]; 3329 paddr = data->cmd_paddr; 3330 } 3331 3332 cmd->code = code; 3333 cmd->flags = 0; 3334 cmd->qid = ring->qid; 3335 cmd->idx = ring->cur; 3336 memcpy(cmd->data, buf, size); 3337 3338 desc->nsegs = 1 + (WPI_PAD32(size) << 4); 3339 desc->segs[0].addr = htole32(paddr); 3340 desc->segs[0].len = htole32(totlen); 3341 3342 if (size > sizeof cmd->data) { 3343 bus_dmamap_sync(ring->data_dmat, data->map, 3344 BUS_DMASYNC_PREWRITE); 3345 } else { 3346 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 3347 BUS_DMASYNC_PREWRITE); 3348 } 3349 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3350 BUS_DMASYNC_PREWRITE); 3351 3352 /* Kick command ring. */ 3353 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 3354 sc->sc_update_tx_ring(sc, ring); 3355 3356 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3357 3358 WPI_TXQ_UNLOCK(sc); 3359 3360 #if defined(__DragonFly__) 3361 return async ? 0 : lksleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 3362 #else 3363 return async ? 0 : mtx_sleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 3364 #endif 3365 3366 fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3367 3368 WPI_TXQ_UNLOCK(sc); 3369 3370 return error; 3371 } 3372 3373 /* 3374 * Configure HW multi-rate retries. 3375 */ 3376 static int 3377 wpi_mrr_setup(struct wpi_softc *sc) 3378 { 3379 struct ieee80211com *ic = &sc->sc_ic; 3380 struct wpi_mrr_setup mrr; 3381 uint8_t i; 3382 int error; 3383 3384 /* CCK rates (not used with 802.11a). */ 3385 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 3386 mrr.rates[i].flags = 0; 3387 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3388 /* Fallback to the immediate lower CCK rate (if any.) */ 3389 mrr.rates[i].next = 3390 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 3391 /* Try twice at this rate before falling back to "next". */ 3392 mrr.rates[i].ntries = WPI_NTRIES_DEFAULT; 3393 } 3394 /* OFDM rates (not used with 802.11b). */ 3395 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 3396 mrr.rates[i].flags = 0; 3397 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3398 /* Fallback to the immediate lower rate (if any.) */ 3399 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 3400 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 3401 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 3402 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 3403 i - 1; 3404 /* Try twice at this rate before falling back to "next". */ 3405 mrr.rates[i].ntries = WPI_NTRIES_DEFAULT; 3406 } 3407 /* Setup MRR for control frames. */ 3408 mrr.which = htole32(WPI_MRR_CTL); 3409 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3410 if (error != 0) { 3411 device_printf(sc->sc_dev, 3412 "could not setup MRR for control frames\n"); 3413 return error; 3414 } 3415 /* Setup MRR for data frames. */ 3416 mrr.which = htole32(WPI_MRR_DATA); 3417 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3418 if (error != 0) { 3419 device_printf(sc->sc_dev, 3420 "could not setup MRR for data frames\n"); 3421 return error; 3422 } 3423 return 0; 3424 } 3425 3426 static int 3427 wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3428 { 3429 struct ieee80211com *ic = ni->ni_ic; 3430 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 3431 struct wpi_node *wn = WPI_NODE(ni); 3432 struct wpi_node_info node; 3433 int error; 3434 3435 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3436 3437 if (wn->id == WPI_ID_UNDEFINED) 3438 return EINVAL; 3439 3440 memset(&node, 0, sizeof node); 3441 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3442 node.id = wn->id; 3443 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3444 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3445 node.action = htole32(WPI_ACTION_SET_RATE); 3446 node.antenna = WPI_ANTENNA_BOTH; 3447 3448 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding node %d (%s)\n", __func__, 3449 wn->id, ether_sprintf(ni->ni_macaddr)); 3450 3451 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 3452 if (error != 0) { 3453 device_printf(sc->sc_dev, 3454 "%s: wpi_cmd() call failed with error code %d\n", __func__, 3455 error); 3456 return error; 3457 } 3458 3459 if (wvp->wv_gtk != 0) { 3460 error = wpi_set_global_keys(ni); 3461 if (error != 0) { 3462 device_printf(sc->sc_dev, 3463 "%s: error while setting global keys\n", __func__); 3464 return ENXIO; 3465 } 3466 } 3467 3468 return 0; 3469 } 3470 3471 /* 3472 * Broadcast node is used to send group-addressed and management frames. 3473 */ 3474 static int 3475 wpi_add_broadcast_node(struct wpi_softc *sc, int async) 3476 { 3477 struct ieee80211com *ic = &sc->sc_ic; 3478 struct wpi_node_info node; 3479 3480 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3481 3482 memset(&node, 0, sizeof node); 3483 IEEE80211_ADDR_COPY(node.macaddr, ieee80211broadcastaddr); 3484 node.id = WPI_ID_BROADCAST; 3485 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3486 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3487 node.action = htole32(WPI_ACTION_SET_RATE); 3488 node.antenna = WPI_ANTENNA_BOTH; 3489 3490 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding broadcast node\n", __func__); 3491 3492 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async); 3493 } 3494 3495 static int 3496 wpi_add_sta_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3497 { 3498 struct wpi_node *wn = WPI_NODE(ni); 3499 int error; 3500 3501 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3502 3503 wn->id = wpi_add_node_entry_sta(sc); 3504 3505 if ((error = wpi_add_node(sc, ni)) != 0) { 3506 wpi_del_node_entry(sc, wn->id); 3507 wn->id = WPI_ID_UNDEFINED; 3508 return error; 3509 } 3510 3511 return 0; 3512 } 3513 3514 static int 3515 wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3516 { 3517 struct wpi_node *wn = WPI_NODE(ni); 3518 int error; 3519 3520 KASSERT(wn->id == WPI_ID_UNDEFINED, 3521 ("the node %d was added before", wn->id)); 3522 3523 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3524 3525 if ((wn->id = wpi_add_node_entry_adhoc(sc)) == WPI_ID_UNDEFINED) { 3526 device_printf(sc->sc_dev, "%s: h/w table is full\n", __func__); 3527 return ENOMEM; 3528 } 3529 3530 if ((error = wpi_add_node(sc, ni)) != 0) { 3531 wpi_del_node_entry(sc, wn->id); 3532 wn->id = WPI_ID_UNDEFINED; 3533 return error; 3534 } 3535 3536 return 0; 3537 } 3538 3539 static void 3540 wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3541 { 3542 struct wpi_node *wn = WPI_NODE(ni); 3543 struct wpi_cmd_del_node node; 3544 int error; 3545 3546 KASSERT(wn->id != WPI_ID_UNDEFINED, ("undefined node id passed")); 3547 3548 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3549 3550 memset(&node, 0, sizeof node); 3551 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3552 node.count = 1; 3553 3554 DPRINTF(sc, WPI_DEBUG_NODE, "%s: deleting node %d (%s)\n", __func__, 3555 wn->id, ether_sprintf(ni->ni_macaddr)); 3556 3557 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1); 3558 if (error != 0) { 3559 device_printf(sc->sc_dev, 3560 "%s: could not delete node %u, error %d\n", __func__, 3561 wn->id, error); 3562 } 3563 } 3564 3565 static int 3566 wpi_updateedca(struct ieee80211com *ic) 3567 { 3568 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 3569 struct wpi_softc *sc = ic->ic_softc; 3570 struct wpi_edca_params cmd; 3571 int aci, error; 3572 3573 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3574 3575 memset(&cmd, 0, sizeof cmd); 3576 cmd.flags = htole32(WPI_EDCA_UPDATE); 3577 for (aci = 0; aci < WME_NUM_AC; aci++) { 3578 const struct wmeParams *ac = 3579 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 3580 cmd.ac[aci].aifsn = ac->wmep_aifsn; 3581 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin)); 3582 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax)); 3583 cmd.ac[aci].txoplimit = 3584 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit)); 3585 3586 DPRINTF(sc, WPI_DEBUG_EDCA, 3587 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 3588 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn, 3589 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax, 3590 cmd.ac[aci].txoplimit); 3591 } 3592 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 3593 3594 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3595 3596 return error; 3597 #undef WPI_EXP2 3598 } 3599 3600 static void 3601 wpi_set_promisc(struct wpi_softc *sc) 3602 { 3603 struct ieee80211com *ic = &sc->sc_ic; 3604 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3605 uint32_t promisc_filter; 3606 3607 promisc_filter = WPI_FILTER_CTL; 3608 if (vap != NULL && vap->iv_opmode != IEEE80211_M_HOSTAP) 3609 promisc_filter |= WPI_FILTER_PROMISC; 3610 3611 if (ic->ic_promisc > 0) 3612 sc->rxon.filter |= htole32(promisc_filter); 3613 else 3614 sc->rxon.filter &= ~htole32(promisc_filter); 3615 } 3616 3617 static void 3618 wpi_update_promisc(struct ieee80211com *ic) 3619 { 3620 struct wpi_softc *sc = ic->ic_softc; 3621 3622 WPI_LOCK(sc); 3623 if (sc->sc_running == 0) { 3624 WPI_UNLOCK(sc); 3625 return; 3626 } 3627 WPI_UNLOCK(sc); 3628 3629 WPI_RXON_LOCK(sc); 3630 wpi_set_promisc(sc); 3631 3632 if (wpi_send_rxon(sc, 1, 1) != 0) { 3633 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3634 __func__); 3635 } 3636 WPI_RXON_UNLOCK(sc); 3637 } 3638 3639 static void 3640 wpi_update_mcast(struct ieee80211com *ic) 3641 { 3642 /* Ignore */ 3643 } 3644 3645 static void 3646 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3647 { 3648 struct wpi_cmd_led led; 3649 3650 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3651 3652 led.which = which; 3653 led.unit = htole32(100000); /* on/off in unit of 100ms */ 3654 led.off = off; 3655 led.on = on; 3656 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 3657 } 3658 3659 static int 3660 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 3661 { 3662 struct wpi_cmd_timing cmd; 3663 uint64_t val, mod; 3664 3665 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3666 3667 memset(&cmd, 0, sizeof cmd); 3668 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3669 cmd.bintval = htole16(ni->ni_intval); 3670 cmd.lintval = htole16(10); 3671 3672 /* Compute remaining time until next beacon. */ 3673 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU; 3674 mod = le64toh(cmd.tstamp) % val; 3675 cmd.binitval = htole32((uint32_t)(val - mod)); 3676 3677 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n", 3678 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod)); 3679 3680 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 3681 } 3682 3683 /* 3684 * This function is called periodically (every 60 seconds) to adjust output 3685 * power to temperature changes. 3686 */ 3687 static void 3688 wpi_power_calibration(struct wpi_softc *sc) 3689 { 3690 int temp; 3691 3692 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3693 3694 /* Update sensor data. */ 3695 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 3696 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp); 3697 3698 /* Sanity-check read value. */ 3699 if (temp < -260 || temp > 25) { 3700 /* This can't be correct, ignore. */ 3701 DPRINTF(sc, WPI_DEBUG_TEMP, 3702 "out-of-range temperature reported: %d\n", temp); 3703 return; 3704 } 3705 3706 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp); 3707 3708 /* Adjust Tx power if need be. */ 3709 if (abs(temp - sc->temp) <= 6) 3710 return; 3711 3712 sc->temp = temp; 3713 3714 if (wpi_set_txpower(sc, 1) != 0) { 3715 /* just warn, too bad for the automatic calibration... */ 3716 device_printf(sc->sc_dev,"could not adjust Tx power\n"); 3717 } 3718 } 3719 3720 /* 3721 * Set TX power for current channel. 3722 */ 3723 static int 3724 wpi_set_txpower(struct wpi_softc *sc, int async) 3725 { 3726 struct wpi_power_group *group; 3727 struct wpi_cmd_txpower cmd; 3728 uint8_t chan; 3729 int idx, is_chan_5ghz, i; 3730 3731 /* Retrieve current channel from last RXON. */ 3732 chan = sc->rxon.chan; 3733 is_chan_5ghz = (sc->rxon.flags & htole32(WPI_RXON_24GHZ)) == 0; 3734 3735 /* Find the TX power group to which this channel belongs. */ 3736 if (is_chan_5ghz) { 3737 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 3738 if (chan <= group->chan) 3739 break; 3740 } else 3741 group = &sc->groups[0]; 3742 3743 memset(&cmd, 0, sizeof cmd); 3744 cmd.band = is_chan_5ghz ? WPI_BAND_5GHZ : WPI_BAND_2GHZ; 3745 cmd.chan = htole16(chan); 3746 3747 /* Set TX power for all OFDM and CCK rates. */ 3748 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 3749 /* Retrieve TX power for this channel/rate. */ 3750 idx = wpi_get_power_index(sc, group, chan, is_chan_5ghz, i); 3751 3752 cmd.rates[i].plcp = wpi_ridx_to_plcp[i]; 3753 3754 if (is_chan_5ghz) { 3755 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 3756 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 3757 } else { 3758 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 3759 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 3760 } 3761 DPRINTF(sc, WPI_DEBUG_TEMP, 3762 "chan %d/ridx %d: power index %d\n", chan, i, idx); 3763 } 3764 3765 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 3766 } 3767 3768 /* 3769 * Determine Tx power index for a given channel/rate combination. 3770 * This takes into account the regulatory information from EEPROM and the 3771 * current temperature. 3772 */ 3773 static int 3774 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 3775 uint8_t chan, int is_chan_5ghz, int ridx) 3776 { 3777 /* Fixed-point arithmetic division using a n-bit fractional part. */ 3778 #define fdivround(a, b, n) \ 3779 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3780 3781 /* Linear interpolation. */ 3782 #define interpolate(x, x1, y1, x2, y2, n) \ 3783 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3784 3785 struct wpi_power_sample *sample; 3786 int pwr, idx; 3787 3788 /* Default TX power is group maximum TX power minus 3dB. */ 3789 pwr = group->maxpwr / 2; 3790 3791 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 3792 switch (ridx) { 3793 case WPI_RIDX_OFDM36: 3794 pwr -= is_chan_5ghz ? 5 : 0; 3795 break; 3796 case WPI_RIDX_OFDM48: 3797 pwr -= is_chan_5ghz ? 10 : 7; 3798 break; 3799 case WPI_RIDX_OFDM54: 3800 pwr -= is_chan_5ghz ? 12 : 9; 3801 break; 3802 } 3803 3804 /* Never exceed the channel maximum allowed TX power. */ 3805 pwr = min(pwr, sc->maxpwr[chan]); 3806 3807 /* Retrieve TX power index into gain tables from samples. */ 3808 for (sample = group->samples; sample < &group->samples[3]; sample++) 3809 if (pwr > sample[1].power) 3810 break; 3811 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 3812 idx = interpolate(pwr, sample[0].power, sample[0].index, 3813 sample[1].power, sample[1].index, 19); 3814 3815 /*- 3816 * Adjust power index based on current temperature: 3817 * - if cooler than factory-calibrated: decrease output power 3818 * - if warmer than factory-calibrated: increase output power 3819 */ 3820 idx -= (sc->temp - group->temp) * 11 / 100; 3821 3822 /* Decrease TX power for CCK rates (-5dB). */ 3823 if (ridx >= WPI_RIDX_CCK1) 3824 idx += 10; 3825 3826 /* Make sure idx stays in a valid range. */ 3827 if (idx < 0) 3828 return 0; 3829 if (idx > WPI_MAX_PWR_INDEX) 3830 return WPI_MAX_PWR_INDEX; 3831 return idx; 3832 3833 #undef interpolate 3834 #undef fdivround 3835 } 3836 3837 /* 3838 * Set STA mode power saving level (between 0 and 5). 3839 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 3840 */ 3841 static int 3842 wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async) 3843 { 3844 struct wpi_pmgt_cmd cmd; 3845 const struct wpi_pmgt *pmgt; 3846 uint32_t max, reg; 3847 uint8_t skip_dtim; 3848 int i; 3849 3850 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 3851 "%s: dtim=%d, level=%d, async=%d\n", 3852 __func__, dtim, level, async); 3853 3854 /* Select which PS parameters to use. */ 3855 if (dtim <= 10) 3856 pmgt = &wpi_pmgt[0][level]; 3857 else 3858 pmgt = &wpi_pmgt[1][level]; 3859 3860 memset(&cmd, 0, sizeof cmd); 3861 if (level != 0) /* not CAM */ 3862 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 3863 /* Retrieve PCIe Active State Power Management (ASPM). */ 3864 #if defined(__DragonFly__) 3865 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + PCIER_LINKCTRL, 1); 3866 if (!(reg & PCIEM_LNKCTL_ASPM_L0S)) /* L0s Entry disabled. */ 3867 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3868 #else 3869 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + PCIER_LINK_CTL, 1); 3870 if (!(reg & PCIEM_LINK_CTL_ASPMC_L0S)) /* L0s Entry disabled. */ 3871 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3872 #endif 3873 3874 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU); 3875 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU); 3876 3877 if (dtim == 0) { 3878 dtim = 1; 3879 skip_dtim = 0; 3880 } else 3881 skip_dtim = pmgt->skip_dtim; 3882 3883 if (skip_dtim != 0) { 3884 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 3885 max = pmgt->intval[4]; 3886 if (max == (uint32_t)-1) 3887 max = dtim * (skip_dtim + 1); 3888 else if (max > dtim) 3889 max = rounddown(max, dtim); 3890 } else 3891 max = dtim; 3892 3893 for (i = 0; i < 5; i++) 3894 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 3895 3896 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 3897 } 3898 3899 static int 3900 wpi_send_btcoex(struct wpi_softc *sc) 3901 { 3902 struct wpi_bluetooth cmd; 3903 3904 memset(&cmd, 0, sizeof cmd); 3905 cmd.flags = WPI_BT_COEX_MODE_4WIRE; 3906 cmd.lead_time = WPI_BT_LEAD_TIME_DEF; 3907 cmd.max_kill = WPI_BT_MAX_KILL_DEF; 3908 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n", 3909 __func__); 3910 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0); 3911 } 3912 3913 static int 3914 wpi_send_rxon(struct wpi_softc *sc, int assoc, int async) 3915 { 3916 int error; 3917 3918 if (async) 3919 WPI_RXON_LOCK_ASSERT(sc); 3920 3921 if (assoc && wpi_check_bss_filter(sc) != 0) { 3922 struct wpi_assoc rxon_assoc; 3923 3924 rxon_assoc.flags = sc->rxon.flags; 3925 rxon_assoc.filter = sc->rxon.filter; 3926 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask; 3927 rxon_assoc.cck_mask = sc->rxon.cck_mask; 3928 rxon_assoc.reserved = 0; 3929 3930 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc, 3931 sizeof (struct wpi_assoc), async); 3932 if (error != 0) { 3933 device_printf(sc->sc_dev, 3934 "RXON_ASSOC command failed, error %d\n", error); 3935 return error; 3936 } 3937 } else { 3938 if (async) { 3939 WPI_NT_LOCK(sc); 3940 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3941 sizeof (struct wpi_rxon), async); 3942 if (error == 0) 3943 wpi_clear_node_table(sc); 3944 WPI_NT_UNLOCK(sc); 3945 } else { 3946 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3947 sizeof (struct wpi_rxon), async); 3948 if (error == 0) 3949 wpi_clear_node_table(sc); 3950 } 3951 3952 if (error != 0) { 3953 device_printf(sc->sc_dev, 3954 "RXON command failed, error %d\n", error); 3955 return error; 3956 } 3957 3958 /* Add broadcast node. */ 3959 error = wpi_add_broadcast_node(sc, async); 3960 if (error != 0) { 3961 device_printf(sc->sc_dev, 3962 "could not add broadcast node, error %d\n", error); 3963 return error; 3964 } 3965 } 3966 3967 /* Configuration has changed, set Tx power accordingly. */ 3968 if ((error = wpi_set_txpower(sc, async)) != 0) { 3969 device_printf(sc->sc_dev, 3970 "%s: could not set TX power, error %d\n", __func__, error); 3971 return error; 3972 } 3973 3974 return 0; 3975 } 3976 3977 /** 3978 * Configure the card to listen to a particular channel, this transisions the 3979 * card in to being able to receive frames from remote devices. 3980 */ 3981 static int 3982 wpi_config(struct wpi_softc *sc) 3983 { 3984 struct ieee80211com *ic = &sc->sc_ic; 3985 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3986 struct ieee80211_channel *c = ic->ic_curchan; 3987 int error; 3988 3989 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3990 3991 /* Set power saving level to CAM during initialization. */ 3992 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 3993 device_printf(sc->sc_dev, 3994 "%s: could not set power saving level\n", __func__); 3995 return error; 3996 } 3997 3998 /* Configure bluetooth coexistence. */ 3999 if ((error = wpi_send_btcoex(sc)) != 0) { 4000 device_printf(sc->sc_dev, 4001 "could not configure bluetooth coexistence\n"); 4002 return error; 4003 } 4004 4005 /* Configure adapter. */ 4006 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 4007 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr); 4008 4009 /* Set default channel. */ 4010 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 4011 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4012 if (IEEE80211_IS_CHAN_2GHZ(c)) 4013 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4014 4015 sc->rxon.filter = WPI_FILTER_MULTICAST; 4016 switch (ic->ic_opmode) { 4017 case IEEE80211_M_STA: 4018 sc->rxon.mode = WPI_MODE_STA; 4019 break; 4020 case IEEE80211_M_IBSS: 4021 sc->rxon.mode = WPI_MODE_IBSS; 4022 sc->rxon.filter |= WPI_FILTER_BEACON; 4023 break; 4024 case IEEE80211_M_HOSTAP: 4025 /* XXX workaround for beaconing */ 4026 sc->rxon.mode = WPI_MODE_IBSS; 4027 sc->rxon.filter |= WPI_FILTER_ASSOC | WPI_FILTER_PROMISC; 4028 break; 4029 case IEEE80211_M_AHDEMO: 4030 sc->rxon.mode = WPI_MODE_HOSTAP; 4031 break; 4032 case IEEE80211_M_MONITOR: 4033 sc->rxon.mode = WPI_MODE_MONITOR; 4034 break; 4035 default: 4036 device_printf(sc->sc_dev, "unknown opmode %d\n", 4037 ic->ic_opmode); 4038 return EINVAL; 4039 } 4040 sc->rxon.filter = htole32(sc->rxon.filter); 4041 wpi_set_promisc(sc); 4042 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 4043 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 4044 4045 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) { 4046 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4047 __func__); 4048 return error; 4049 } 4050 4051 /* Setup rate scalling. */ 4052 if ((error = wpi_mrr_setup(sc)) != 0) { 4053 device_printf(sc->sc_dev, "could not setup MRR, error %d\n", 4054 error); 4055 return error; 4056 } 4057 4058 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4059 4060 return 0; 4061 } 4062 4063 static uint16_t 4064 wpi_get_active_dwell_time(struct wpi_softc *sc, 4065 struct ieee80211_channel *c, uint8_t n_probes) 4066 { 4067 /* No channel? Default to 2GHz settings. */ 4068 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) { 4069 return (WPI_ACTIVE_DWELL_TIME_2GHZ + 4070 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1)); 4071 } 4072 4073 /* 5GHz dwell time. */ 4074 return (WPI_ACTIVE_DWELL_TIME_5GHZ + 4075 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1)); 4076 } 4077 4078 /* 4079 * Limit the total dwell time. 4080 * 4081 * Returns the dwell time in milliseconds. 4082 */ 4083 static uint16_t 4084 wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time) 4085 { 4086 struct ieee80211com *ic = &sc->sc_ic; 4087 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4088 uint16_t bintval = 0; 4089 4090 /* bintval is in TU (1.024mS) */ 4091 if (vap != NULL) 4092 bintval = vap->iv_bss->ni_intval; 4093 4094 /* 4095 * If it's non-zero, we should calculate the minimum of 4096 * it and the DWELL_BASE. 4097 * 4098 * XXX Yes, the math should take into account that bintval 4099 * is 1.024mS, not 1mS.. 4100 */ 4101 if (bintval > 0) { 4102 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__, 4103 bintval); 4104 return (MIN(dwell_time, bintval - WPI_CHANNEL_TUNE_TIME * 2)); 4105 } 4106 4107 /* No association context? Default. */ 4108 return dwell_time; 4109 } 4110 4111 static uint16_t 4112 wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c) 4113 { 4114 uint16_t passive; 4115 4116 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) 4117 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ; 4118 else 4119 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ; 4120 4121 /* Clamp to the beacon interval if we're associated. */ 4122 return (wpi_limit_dwell(sc, passive)); 4123 } 4124 4125 static uint32_t 4126 wpi_get_scan_pause_time(uint32_t time, uint16_t bintval) 4127 { 4128 uint32_t mod = (time % bintval) * IEEE80211_DUR_TU; 4129 uint32_t nbeacons = time / bintval; 4130 4131 if (mod > WPI_PAUSE_MAX_TIME) 4132 mod = WPI_PAUSE_MAX_TIME; 4133 4134 return WPI_PAUSE_SCAN(nbeacons, mod); 4135 } 4136 4137 /* 4138 * Send a scan request to the firmware. 4139 */ 4140 static int 4141 wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c) 4142 { 4143 struct ieee80211com *ic = &sc->sc_ic; 4144 struct ieee80211_scan_state *ss = ic->ic_scan; 4145 struct ieee80211vap *vap = ss->ss_vap; 4146 struct wpi_scan_hdr *hdr; 4147 struct wpi_cmd_data *tx; 4148 struct wpi_scan_essid *essids; 4149 struct wpi_scan_chan *chan; 4150 struct ieee80211_frame *wh; 4151 struct ieee80211_rateset *rs; 4152 uint16_t bintval, buflen, dwell_active, dwell_passive; 4153 uint8_t *buf, *frm, i, nssid; 4154 int bgscan, error; 4155 4156 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4157 4158 /* 4159 * We are absolutely not allowed to send a scan command when another 4160 * scan command is pending. 4161 */ 4162 if (callout_pending(&sc->scan_timeout)) { 4163 device_printf(sc->sc_dev, "%s: called whilst scanning!\n", 4164 __func__); 4165 error = EAGAIN; 4166 goto fail; 4167 } 4168 4169 bgscan = wpi_check_bss_filter(sc); 4170 bintval = vap->iv_bss->ni_intval; 4171 if (bgscan != 0 && 4172 bintval < WPI_QUIET_TIME_DEFAULT + WPI_CHANNEL_TUNE_TIME * 2) { 4173 error = EOPNOTSUPP; 4174 goto fail; 4175 } 4176 4177 buf = kmalloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_INTWAIT | M_ZERO); 4178 if (buf == NULL) { 4179 device_printf(sc->sc_dev, 4180 "%s: could not allocate buffer for scan command\n", 4181 __func__); 4182 error = ENOMEM; 4183 goto fail; 4184 } 4185 hdr = (struct wpi_scan_hdr *)buf; 4186 4187 /* 4188 * Move to the next channel if no packets are received within 10 msecs 4189 * after sending the probe request. 4190 */ 4191 hdr->quiet_time = htole16(WPI_QUIET_TIME_DEFAULT); 4192 hdr->quiet_threshold = htole16(1); 4193 4194 if (bgscan != 0) { 4195 /* 4196 * Max needs to be greater than active and passive and quiet! 4197 * It's also in microseconds! 4198 */ 4199 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU); 4200 hdr->pause_svc = htole32(wpi_get_scan_pause_time(100, 4201 bintval)); 4202 } 4203 4204 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON); 4205 4206 tx = (struct wpi_cmd_data *)(hdr + 1); 4207 tx->flags = htole32(WPI_TX_AUTO_SEQ); 4208 tx->id = WPI_ID_BROADCAST; 4209 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 4210 4211 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4212 /* Send probe requests at 6Mbps. */ 4213 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6]; 4214 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 4215 } else { 4216 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 4217 /* Send probe requests at 1Mbps. */ 4218 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 4219 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 4220 } 4221 4222 essids = (struct wpi_scan_essid *)(tx + 1); 4223 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS); 4224 for (i = 0; i < nssid; i++) { 4225 essids[i].id = IEEE80211_ELEMID_SSID; 4226 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN); 4227 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len); 4228 #ifdef WPI_DEBUG 4229 if (sc->sc_debug & WPI_DEBUG_SCAN) { 4230 kprintf("Scanning Essid: "); 4231 ieee80211_print_essid(essids[i].data, essids[i].len); 4232 kprintf("\n"); 4233 } 4234 #endif 4235 } 4236 4237 /* 4238 * Build a probe request frame. Most of the following code is a 4239 * copy & paste of what is done in net80211. 4240 */ 4241 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS); 4242 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 4243 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 4244 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 4245 IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr); 4246 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 4247 IEEE80211_ADDR_COPY(wh->i_addr3, ieee80211broadcastaddr); 4248 4249 frm = (uint8_t *)(wh + 1); 4250 frm = ieee80211_add_ssid(frm, NULL, 0); 4251 frm = ieee80211_add_rates(frm, rs); 4252 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 4253 frm = ieee80211_add_xrates(frm, rs); 4254 4255 /* Set length of probe request. */ 4256 tx->len = htole16(frm - (uint8_t *)wh); 4257 4258 /* 4259 * Construct information about the channel that we 4260 * want to scan. The firmware expects this to be directly 4261 * after the scan probe request 4262 */ 4263 chan = (struct wpi_scan_chan *)frm; 4264 chan->chan = ieee80211_chan2ieee(ic, c); 4265 chan->flags = 0; 4266 if (nssid) { 4267 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT; 4268 chan->flags |= WPI_CHAN_NPBREQS(nssid); 4269 } else 4270 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER; 4271 4272 if (!IEEE80211_IS_CHAN_PASSIVE(c)) 4273 chan->flags |= WPI_CHAN_ACTIVE; 4274 4275 /* 4276 * Calculate the active/passive dwell times. 4277 */ 4278 dwell_active = wpi_get_active_dwell_time(sc, c, nssid); 4279 dwell_passive = wpi_get_passive_dwell_time(sc, c); 4280 4281 /* Make sure they're valid. */ 4282 if (dwell_active > dwell_passive) 4283 dwell_active = dwell_passive; 4284 4285 chan->active = htole16(dwell_active); 4286 chan->passive = htole16(dwell_passive); 4287 4288 chan->dsp_gain = 0x6e; /* Default level */ 4289 4290 if (IEEE80211_IS_CHAN_5GHZ(c)) 4291 chan->rf_gain = 0x3b; 4292 else 4293 chan->rf_gain = 0x28; 4294 4295 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n", 4296 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c)); 4297 4298 hdr->nchan++; 4299 4300 if (hdr->nchan == 1 && sc->rxon.chan == chan->chan) { 4301 /* XXX Force probe request transmission. */ 4302 memcpy(chan + 1, chan, sizeof (struct wpi_scan_chan)); 4303 4304 chan++; 4305 4306 /* Reduce unnecessary delay. */ 4307 chan->flags = 0; 4308 chan->passive = chan->active = hdr->quiet_time; 4309 4310 hdr->nchan++; 4311 } 4312 4313 chan++; 4314 4315 buflen = (uint8_t *)chan - buf; 4316 hdr->len = htole16(buflen); 4317 4318 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n", 4319 hdr->nchan); 4320 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 4321 kfree(buf, M_DEVBUF); 4322 4323 if (error != 0) 4324 goto fail; 4325 4326 callout_reset(&sc->scan_timeout, 5*hz, wpi_scan_timeout, sc); 4327 4328 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4329 4330 return 0; 4331 4332 fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 4333 4334 return error; 4335 } 4336 4337 static int 4338 wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap) 4339 { 4340 struct ieee80211com *ic = vap->iv_ic; 4341 struct ieee80211_node *ni = vap->iv_bss; 4342 struct ieee80211_channel *c = ni->ni_chan; 4343 int error; 4344 4345 WPI_RXON_LOCK(sc); 4346 4347 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4348 4349 /* Update adapter configuration. */ 4350 sc->rxon.associd = 0; 4351 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 4352 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4353 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 4354 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4355 if (IEEE80211_IS_CHAN_2GHZ(c)) 4356 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4357 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4358 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4359 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4360 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4361 if (IEEE80211_IS_CHAN_A(c)) { 4362 sc->rxon.cck_mask = 0; 4363 sc->rxon.ofdm_mask = 0x15; 4364 } else if (IEEE80211_IS_CHAN_B(c)) { 4365 sc->rxon.cck_mask = 0x03; 4366 sc->rxon.ofdm_mask = 0; 4367 } else { 4368 /* Assume 802.11b/g. */ 4369 sc->rxon.cck_mask = 0x0f; 4370 sc->rxon.ofdm_mask = 0x15; 4371 } 4372 4373 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n", 4374 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask, 4375 sc->rxon.ofdm_mask); 4376 4377 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4378 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4379 __func__); 4380 } 4381 4382 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4383 4384 WPI_RXON_UNLOCK(sc); 4385 4386 return error; 4387 } 4388 4389 static int 4390 wpi_config_beacon(struct wpi_vap *wvp) 4391 { 4392 struct ieee80211vap *vap = &wvp->wv_vap; 4393 struct ieee80211com *ic = vap->iv_ic; 4394 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4395 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4396 struct wpi_softc *sc = ic->ic_softc; 4397 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 4398 struct ieee80211_tim_ie *tie; 4399 struct mbuf *m; 4400 uint8_t *ptr; 4401 int error; 4402 4403 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4404 4405 WPI_VAP_LOCK_ASSERT(wvp); 4406 4407 cmd->len = htole16(bcn->m->m_pkthdr.len); 4408 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4409 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 4410 4411 /* XXX seems to be unused */ 4412 if (*(bo->bo_tim) == IEEE80211_ELEMID_TIM) { 4413 tie = (struct ieee80211_tim_ie *) bo->bo_tim; 4414 ptr = mtod(bcn->m, uint8_t *); 4415 4416 cmd->tim = htole16(bo->bo_tim - ptr); 4417 cmd->timsz = tie->tim_len; 4418 } 4419 4420 /* Necessary for recursion in ieee80211_beacon_update(). */ 4421 m = bcn->m; 4422 bcn->m = m_dup(m, M_NOWAIT); 4423 if (bcn->m == NULL) { 4424 device_printf(sc->sc_dev, 4425 "%s: could not copy beacon frame\n", __func__); 4426 error = ENOMEM; 4427 goto end; 4428 } 4429 4430 if ((error = wpi_cmd2(sc, bcn)) != 0) { 4431 device_printf(sc->sc_dev, 4432 "%s: could not update beacon frame, error %d", __func__, 4433 error); 4434 m_freem(bcn->m); 4435 } 4436 4437 /* Restore mbuf. */ 4438 end: bcn->m = m; 4439 4440 return error; 4441 } 4442 4443 static int 4444 wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni) 4445 { 4446 struct ieee80211vap *vap = ni->ni_vap; 4447 struct wpi_vap *wvp = WPI_VAP(vap); 4448 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4449 struct mbuf *m; 4450 int error; 4451 4452 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4453 4454 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4455 return EINVAL; 4456 4457 m = ieee80211_beacon_alloc(ni); 4458 if (m == NULL) { 4459 device_printf(sc->sc_dev, 4460 "%s: could not allocate beacon frame\n", __func__); 4461 return ENOMEM; 4462 } 4463 4464 WPI_VAP_LOCK(wvp); 4465 if (bcn->m != NULL) 4466 m_freem(bcn->m); 4467 4468 bcn->m = m; 4469 4470 error = wpi_config_beacon(wvp); 4471 WPI_VAP_UNLOCK(wvp); 4472 4473 return error; 4474 } 4475 4476 static void 4477 wpi_update_beacon(struct ieee80211vap *vap, int item) 4478 { 4479 struct wpi_softc *sc = vap->iv_ic->ic_softc; 4480 struct wpi_vap *wvp = WPI_VAP(vap); 4481 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4482 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4483 struct ieee80211_node *ni = vap->iv_bss; 4484 int mcast = 0; 4485 4486 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4487 4488 WPI_VAP_LOCK(wvp); 4489 if (bcn->m == NULL) { 4490 bcn->m = ieee80211_beacon_alloc(ni); 4491 if (bcn->m == NULL) { 4492 device_printf(sc->sc_dev, 4493 "%s: could not allocate beacon frame\n", __func__); 4494 4495 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, 4496 __func__); 4497 4498 WPI_VAP_UNLOCK(wvp); 4499 return; 4500 } 4501 } 4502 WPI_VAP_UNLOCK(wvp); 4503 4504 if (item == IEEE80211_BEACON_TIM) 4505 mcast = 1; /* TODO */ 4506 4507 setbit(bo->bo_flags, item); 4508 ieee80211_beacon_update(ni, bcn->m, mcast); 4509 4510 WPI_VAP_LOCK(wvp); 4511 wpi_config_beacon(wvp); 4512 WPI_VAP_UNLOCK(wvp); 4513 4514 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4515 } 4516 4517 static void 4518 wpi_newassoc(struct ieee80211_node *ni, int isnew) 4519 { 4520 struct ieee80211vap *vap = ni->ni_vap; 4521 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4522 struct wpi_node *wn = WPI_NODE(ni); 4523 int error; 4524 4525 WPI_NT_LOCK(sc); 4526 4527 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4528 4529 if (vap->iv_opmode != IEEE80211_M_STA && wn->id == WPI_ID_UNDEFINED) { 4530 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 4531 device_printf(sc->sc_dev, 4532 "%s: could not add IBSS node, error %d\n", 4533 __func__, error); 4534 } 4535 } 4536 WPI_NT_UNLOCK(sc); 4537 } 4538 4539 static int 4540 wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap) 4541 { 4542 struct ieee80211com *ic = vap->iv_ic; 4543 struct ieee80211_node *ni = vap->iv_bss; 4544 struct ieee80211_channel *c = ni->ni_chan; 4545 int error; 4546 4547 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4548 4549 if (vap->iv_opmode == IEEE80211_M_MONITOR) { 4550 /* Link LED blinks while monitoring. */ 4551 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 4552 return 0; 4553 } 4554 4555 /* XXX kernel panic workaround */ 4556 if (c == IEEE80211_CHAN_ANYC) { 4557 device_printf(sc->sc_dev, "%s: incomplete configuration\n", 4558 __func__); 4559 return EINVAL; 4560 } 4561 4562 if ((error = wpi_set_timing(sc, ni)) != 0) { 4563 device_printf(sc->sc_dev, 4564 "%s: could not set timing, error %d\n", __func__, error); 4565 return error; 4566 } 4567 4568 /* Update adapter configuration. */ 4569 WPI_RXON_LOCK(sc); 4570 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4571 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni)); 4572 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 4573 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4574 if (IEEE80211_IS_CHAN_2GHZ(c)) 4575 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4576 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4577 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4578 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4579 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4580 if (IEEE80211_IS_CHAN_A(c)) { 4581 sc->rxon.cck_mask = 0; 4582 sc->rxon.ofdm_mask = 0x15; 4583 } else if (IEEE80211_IS_CHAN_B(c)) { 4584 sc->rxon.cck_mask = 0x03; 4585 sc->rxon.ofdm_mask = 0; 4586 } else { 4587 /* Assume 802.11b/g. */ 4588 sc->rxon.cck_mask = 0x0f; 4589 sc->rxon.ofdm_mask = 0x15; 4590 } 4591 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 4592 4593 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n", 4594 sc->rxon.chan, sc->rxon.flags); 4595 4596 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4597 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4598 __func__); 4599 return error; 4600 } 4601 4602 /* Start periodic calibration timer. */ 4603 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 4604 4605 WPI_RXON_UNLOCK(sc); 4606 4607 if (vap->iv_opmode == IEEE80211_M_IBSS || 4608 vap->iv_opmode == IEEE80211_M_HOSTAP) { 4609 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 4610 device_printf(sc->sc_dev, 4611 "%s: could not setup beacon, error %d\n", __func__, 4612 error); 4613 return error; 4614 } 4615 } 4616 4617 if (vap->iv_opmode == IEEE80211_M_STA) { 4618 /* Add BSS node. */ 4619 WPI_NT_LOCK(sc); 4620 error = wpi_add_sta_node(sc, ni); 4621 WPI_NT_UNLOCK(sc); 4622 if (error != 0) { 4623 device_printf(sc->sc_dev, 4624 "%s: could not add BSS node, error %d\n", __func__, 4625 error); 4626 return error; 4627 } 4628 } 4629 4630 /* Link LED always on while associated. */ 4631 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 4632 4633 /* Enable power-saving mode if requested by user. */ 4634 if ((vap->iv_flags & IEEE80211_F_PMGTON) && 4635 vap->iv_opmode != IEEE80211_M_IBSS) 4636 (void)wpi_set_pslevel(sc, 0, 3, 1); 4637 4638 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4639 4640 return 0; 4641 } 4642 4643 static int 4644 wpi_load_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4645 { 4646 const struct ieee80211_cipher *cip = k->wk_cipher; 4647 struct ieee80211vap *vap = ni->ni_vap; 4648 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4649 struct wpi_node *wn = WPI_NODE(ni); 4650 struct wpi_node_info node; 4651 uint16_t kflags; 4652 int error; 4653 4654 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4655 4656 if (wpi_check_node_entry(sc, wn->id) == 0) { 4657 device_printf(sc->sc_dev, "%s: node does not exist\n", 4658 __func__); 4659 return 0; 4660 } 4661 4662 switch (cip->ic_cipher) { 4663 case IEEE80211_CIPHER_AES_CCM: 4664 kflags = WPI_KFLAG_CCMP; 4665 break; 4666 4667 default: 4668 device_printf(sc->sc_dev, "%s: unknown cipher %d\n", __func__, 4669 cip->ic_cipher); 4670 return 0; 4671 } 4672 4673 kflags |= WPI_KFLAG_KID(k->wk_keyix); 4674 if (k->wk_flags & IEEE80211_KEY_GROUP) 4675 kflags |= WPI_KFLAG_MULTICAST; 4676 4677 memset(&node, 0, sizeof node); 4678 node.id = wn->id; 4679 node.control = WPI_NODE_UPDATE; 4680 node.flags = WPI_FLAG_KEY_SET; 4681 node.kflags = htole16(kflags); 4682 memcpy(node.key, k->wk_key, k->wk_keylen); 4683 again: 4684 DPRINTF(sc, WPI_DEBUG_KEY, 4685 "%s: setting %s key id %d for node %d (%s)\n", __func__, 4686 (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", k->wk_keyix, 4687 node.id, ether_sprintf(ni->ni_macaddr)); 4688 4689 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4690 if (error != 0) { 4691 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4692 error); 4693 return !error; 4694 } 4695 4696 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4697 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4698 kflags |= WPI_KFLAG_MULTICAST; 4699 node.kflags = htole16(kflags); 4700 4701 goto again; 4702 } 4703 4704 return 1; 4705 } 4706 4707 static void 4708 wpi_load_key_cb(void *arg, struct ieee80211_node *ni) 4709 { 4710 const struct ieee80211_key *k = arg; 4711 struct ieee80211vap *vap = ni->ni_vap; 4712 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4713 struct wpi_node *wn = WPI_NODE(ni); 4714 int error; 4715 4716 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4717 return; 4718 4719 WPI_NT_LOCK(sc); 4720 error = wpi_load_key(ni, k); 4721 WPI_NT_UNLOCK(sc); 4722 4723 if (error == 0) { 4724 device_printf(sc->sc_dev, "%s: error while setting key\n", 4725 __func__); 4726 } 4727 } 4728 4729 static int 4730 wpi_set_global_keys(struct ieee80211_node *ni) 4731 { 4732 struct ieee80211vap *vap = ni->ni_vap; 4733 struct ieee80211_key *wk = &vap->iv_nw_keys[0]; 4734 int error = 1; 4735 4736 for (; wk < &vap->iv_nw_keys[IEEE80211_WEP_NKID] && error; wk++) 4737 if (wk->wk_keyix != IEEE80211_KEYIX_NONE) 4738 error = wpi_load_key(ni, wk); 4739 4740 return !error; 4741 } 4742 4743 static int 4744 wpi_del_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4745 { 4746 struct ieee80211vap *vap = ni->ni_vap; 4747 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4748 struct wpi_node *wn = WPI_NODE(ni); 4749 struct wpi_node_info node; 4750 uint16_t kflags; 4751 int error; 4752 4753 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4754 4755 if (wpi_check_node_entry(sc, wn->id) == 0) { 4756 DPRINTF(sc, WPI_DEBUG_KEY, "%s: node was removed\n", __func__); 4757 return 1; /* Nothing to do. */ 4758 } 4759 4760 kflags = WPI_KFLAG_KID(k->wk_keyix); 4761 if (k->wk_flags & IEEE80211_KEY_GROUP) 4762 kflags |= WPI_KFLAG_MULTICAST; 4763 4764 memset(&node, 0, sizeof node); 4765 node.id = wn->id; 4766 node.control = WPI_NODE_UPDATE; 4767 node.flags = WPI_FLAG_KEY_SET; 4768 node.kflags = htole16(kflags); 4769 again: 4770 DPRINTF(sc, WPI_DEBUG_KEY, "%s: deleting %s key %d for node %d (%s)\n", 4771 __func__, (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", 4772 k->wk_keyix, node.id, ether_sprintf(ni->ni_macaddr)); 4773 4774 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4775 if (error != 0) { 4776 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4777 error); 4778 return !error; 4779 } 4780 4781 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4782 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4783 kflags |= WPI_KFLAG_MULTICAST; 4784 node.kflags = htole16(kflags); 4785 4786 goto again; 4787 } 4788 4789 return 1; 4790 } 4791 4792 static void 4793 wpi_del_key_cb(void *arg, struct ieee80211_node *ni) 4794 { 4795 const struct ieee80211_key *k = arg; 4796 struct ieee80211vap *vap = ni->ni_vap; 4797 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4798 struct wpi_node *wn = WPI_NODE(ni); 4799 int error; 4800 4801 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4802 return; 4803 4804 WPI_NT_LOCK(sc); 4805 error = wpi_del_key(ni, k); 4806 WPI_NT_UNLOCK(sc); 4807 4808 if (error == 0) { 4809 device_printf(sc->sc_dev, "%s: error while deleting key\n", 4810 __func__); 4811 } 4812 } 4813 4814 static int 4815 wpi_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, 4816 int set) 4817 { 4818 struct ieee80211com *ic = vap->iv_ic; 4819 struct wpi_softc *sc = ic->ic_softc; 4820 struct wpi_vap *wvp = WPI_VAP(vap); 4821 struct ieee80211_node *ni; 4822 int error, ni_ref = 0; 4823 4824 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4825 4826 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { 4827 /* Not for us. */ 4828 return 1; 4829 } 4830 4831 if (!(k->wk_flags & IEEE80211_KEY_RECV)) { 4832 /* XMIT keys are handled in wpi_tx_data(). */ 4833 return 1; 4834 } 4835 4836 /* Handle group keys. */ 4837 if (&vap->iv_nw_keys[0] <= k && 4838 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4839 WPI_NT_LOCK(sc); 4840 if (set) 4841 wvp->wv_gtk |= WPI_VAP_KEY(k->wk_keyix); 4842 else 4843 wvp->wv_gtk &= ~WPI_VAP_KEY(k->wk_keyix); 4844 WPI_NT_UNLOCK(sc); 4845 4846 if (vap->iv_state == IEEE80211_S_RUN) { 4847 ieee80211_iterate_nodes(&ic->ic_sta, 4848 set ? wpi_load_key_cb : wpi_del_key_cb, 4849 __DECONST(void *, k)); 4850 } 4851 4852 return 1; 4853 } 4854 4855 switch (vap->iv_opmode) { 4856 case IEEE80211_M_STA: 4857 ni = vap->iv_bss; 4858 break; 4859 4860 case IEEE80211_M_IBSS: 4861 case IEEE80211_M_AHDEMO: 4862 case IEEE80211_M_HOSTAP: 4863 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, k->wk_macaddr); 4864 if (ni == NULL) 4865 return 0; /* should not happen */ 4866 4867 ni_ref = 1; 4868 break; 4869 4870 default: 4871 device_printf(sc->sc_dev, "%s: unknown opmode %d\n", __func__, 4872 vap->iv_opmode); 4873 return 0; 4874 } 4875 4876 WPI_NT_LOCK(sc); 4877 if (set) 4878 error = wpi_load_key(ni, k); 4879 else 4880 error = wpi_del_key(ni, k); 4881 WPI_NT_UNLOCK(sc); 4882 4883 if (ni_ref) 4884 ieee80211_node_decref(ni); 4885 4886 return error; 4887 } 4888 4889 static int 4890 wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) 4891 { 4892 return wpi_process_key(vap, k, 1); 4893 } 4894 4895 static int 4896 wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 4897 { 4898 return wpi_process_key(vap, k, 0); 4899 } 4900 4901 /* 4902 * This function is called after the runtime firmware notifies us of its 4903 * readiness (called in a process context). 4904 */ 4905 static int 4906 wpi_post_alive(struct wpi_softc *sc) 4907 { 4908 int ntries, error; 4909 4910 /* Check (again) that the radio is not disabled. */ 4911 if ((error = wpi_nic_lock(sc)) != 0) 4912 return error; 4913 4914 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4915 4916 /* NB: Runtime firmware must be up and running. */ 4917 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 4918 device_printf(sc->sc_dev, 4919 "RF switch: radio disabled (%s)\n", __func__); 4920 wpi_nic_unlock(sc); 4921 return EPERM; /* :-) */ 4922 } 4923 wpi_nic_unlock(sc); 4924 4925 /* Wait for thermal sensor to calibrate. */ 4926 for (ntries = 0; ntries < 1000; ntries++) { 4927 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 4928 break; 4929 DELAY(10); 4930 } 4931 4932 if (ntries == 1000) { 4933 device_printf(sc->sc_dev, 4934 "timeout waiting for thermal sensor calibration\n"); 4935 return ETIMEDOUT; 4936 } 4937 4938 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp); 4939 return 0; 4940 } 4941 4942 /* 4943 * The firmware boot code is small and is intended to be copied directly into 4944 * the NIC internal memory (no DMA transfer). 4945 */ 4946 static int 4947 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, uint32_t size) 4948 { 4949 int error, ntries; 4950 4951 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size); 4952 4953 size /= sizeof (uint32_t); 4954 4955 if ((error = wpi_nic_lock(sc)) != 0) 4956 return error; 4957 4958 /* Copy microcode image into NIC memory. */ 4959 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 4960 (const uint32_t *)ucode, size); 4961 4962 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 4963 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 4964 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 4965 4966 /* Start boot load now. */ 4967 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 4968 4969 /* Wait for transfer to complete. */ 4970 for (ntries = 0; ntries < 1000; ntries++) { 4971 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS); 4972 DPRINTF(sc, WPI_DEBUG_HW, 4973 "firmware status=0x%x, val=0x%x, result=0x%x\n", status, 4974 WPI_FH_TX_STATUS_IDLE(6), 4975 status & WPI_FH_TX_STATUS_IDLE(6)); 4976 if (status & WPI_FH_TX_STATUS_IDLE(6)) { 4977 DPRINTF(sc, WPI_DEBUG_HW, 4978 "Status Match! - ntries = %d\n", ntries); 4979 break; 4980 } 4981 DELAY(10); 4982 } 4983 if (ntries == 1000) { 4984 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4985 __func__); 4986 wpi_nic_unlock(sc); 4987 return ETIMEDOUT; 4988 } 4989 4990 /* Enable boot after power up. */ 4991 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 4992 4993 wpi_nic_unlock(sc); 4994 return 0; 4995 } 4996 4997 static int 4998 wpi_load_firmware(struct wpi_softc *sc) 4999 { 5000 struct wpi_fw_info *fw = &sc->fw; 5001 struct wpi_dma_info *dma = &sc->fw_dma; 5002 int error; 5003 5004 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5005 5006 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 5007 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 5008 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 5009 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz); 5010 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 5011 5012 /* Tell adapter where to find initialization sections. */ 5013 if ((error = wpi_nic_lock(sc)) != 0) 5014 return error; 5015 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 5016 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 5017 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 5018 dma->paddr + WPI_FW_DATA_MAXSZ); 5019 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 5020 wpi_nic_unlock(sc); 5021 5022 /* Load firmware boot code. */ 5023 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 5024 if (error != 0) { 5025 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 5026 __func__); 5027 return error; 5028 } 5029 5030 /* Now press "execute". */ 5031 WPI_WRITE(sc, WPI_RESET, 0); 5032 5033 /* Wait at most one second for first alive notification. */ 5034 #if defined(__DragonFly__) 5035 if ((error = lksleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5036 #else 5037 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5038 #endif 5039 device_printf(sc->sc_dev, 5040 "%s: timeout waiting for adapter to initialize, error %d\n", 5041 __func__, error); 5042 return error; 5043 } 5044 5045 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 5046 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 5047 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 5048 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz); 5049 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 5050 5051 /* Tell adapter where to find runtime sections. */ 5052 if ((error = wpi_nic_lock(sc)) != 0) 5053 return error; 5054 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 5055 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 5056 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 5057 dma->paddr + WPI_FW_DATA_MAXSZ); 5058 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 5059 WPI_FW_UPDATED | fw->main.textsz); 5060 wpi_nic_unlock(sc); 5061 5062 return 0; 5063 } 5064 5065 static int 5066 wpi_read_firmware(struct wpi_softc *sc) 5067 { 5068 const struct firmware *fp; 5069 struct wpi_fw_info *fw = &sc->fw; 5070 const struct wpi_firmware_hdr *hdr; 5071 int error; 5072 5073 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5074 5075 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 5076 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME); 5077 5078 WPI_UNLOCK(sc); 5079 fp = firmware_get(WPI_FW_NAME); 5080 WPI_LOCK(sc); 5081 5082 if (fp == NULL) { 5083 device_printf(sc->sc_dev, 5084 "could not load firmware image '%s'\n", WPI_FW_NAME); 5085 return EINVAL; 5086 } 5087 5088 sc->fw_fp = fp; 5089 5090 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) { 5091 device_printf(sc->sc_dev, 5092 "firmware file too short: %zu bytes\n", fp->datasize); 5093 error = EINVAL; 5094 goto fail; 5095 } 5096 5097 fw->size = fp->datasize; 5098 fw->data = (const uint8_t *)fp->data; 5099 5100 /* Extract firmware header information. */ 5101 hdr = (const struct wpi_firmware_hdr *)fw->data; 5102 5103 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW | 5104 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */ 5105 5106 fw->main.textsz = le32toh(hdr->rtextsz); 5107 fw->main.datasz = le32toh(hdr->rdatasz); 5108 fw->init.textsz = le32toh(hdr->itextsz); 5109 fw->init.datasz = le32toh(hdr->idatasz); 5110 fw->boot.textsz = le32toh(hdr->btextsz); 5111 fw->boot.datasz = 0; 5112 5113 /* Sanity-check firmware header. */ 5114 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 5115 fw->main.datasz > WPI_FW_DATA_MAXSZ || 5116 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 5117 fw->init.datasz > WPI_FW_DATA_MAXSZ || 5118 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 5119 (fw->boot.textsz & 3) != 0) { 5120 device_printf(sc->sc_dev, "invalid firmware header\n"); 5121 error = EINVAL; 5122 goto fail; 5123 } 5124 5125 /* Check that all firmware sections fit. */ 5126 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 5127 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 5128 device_printf(sc->sc_dev, 5129 "firmware file too short: %zu bytes\n", fw->size); 5130 error = EINVAL; 5131 goto fail; 5132 } 5133 5134 /* Get pointers to firmware sections. */ 5135 fw->main.text = (const uint8_t *)(hdr + 1); 5136 fw->main.data = fw->main.text + fw->main.textsz; 5137 fw->init.text = fw->main.data + fw->main.datasz; 5138 fw->init.data = fw->init.text + fw->init.textsz; 5139 fw->boot.text = fw->init.data + fw->init.datasz; 5140 5141 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 5142 "Firmware Version: Major %d, Minor %d, Driver %d, \n" 5143 "runtime (text: %u, data: %u) init (text: %u, data %u) " 5144 "boot (text %u)\n", hdr->major, hdr->minor, le32toh(hdr->driver), 5145 fw->main.textsz, fw->main.datasz, 5146 fw->init.textsz, fw->init.datasz, fw->boot.textsz); 5147 5148 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text); 5149 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data); 5150 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text); 5151 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data); 5152 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text); 5153 5154 return 0; 5155 5156 fail: wpi_unload_firmware(sc); 5157 return error; 5158 } 5159 5160 /** 5161 * Free the referenced firmware image 5162 */ 5163 static void 5164 wpi_unload_firmware(struct wpi_softc *sc) 5165 { 5166 if (sc->fw_fp != NULL) { 5167 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD); 5168 sc->fw_fp = NULL; 5169 } 5170 } 5171 5172 static int 5173 wpi_clock_wait(struct wpi_softc *sc) 5174 { 5175 int ntries; 5176 5177 /* Set "initialization complete" bit. */ 5178 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 5179 5180 /* Wait for clock stabilization. */ 5181 for (ntries = 0; ntries < 2500; ntries++) { 5182 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 5183 return 0; 5184 DELAY(100); 5185 } 5186 device_printf(sc->sc_dev, 5187 "%s: timeout waiting for clock stabilization\n", __func__); 5188 5189 return ETIMEDOUT; 5190 } 5191 5192 static int 5193 wpi_apm_init(struct wpi_softc *sc) 5194 { 5195 uint32_t reg; 5196 int error; 5197 5198 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5199 5200 /* Disable L0s exit timer (NMI bug workaround). */ 5201 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER); 5202 /* Don't wait for ICH L0s (ICH bug workaround). */ 5203 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 5204 5205 /* Set FH wait threshold to max (HW bug under stress workaround). */ 5206 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000); 5207 5208 /* Retrieve PCIe Active State Power Management (ASPM). */ 5209 #if defined(__DragonFly__) 5210 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + PCIER_LINKCTRL, 1); 5211 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 5212 if (reg & PCIEM_LNKCTL_ASPM_L1) /* L1 Entry enabled. */ 5213 #else 5214 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + PCIER_LINK_CTL, 1); 5215 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 5216 if (reg & PCIEM_LINK_CTL_ASPMC_L1) /* L1 Entry enabled. */ 5217 #endif 5218 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 5219 else 5220 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 5221 5222 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 5223 5224 /* Wait for clock stabilization before accessing prph. */ 5225 if ((error = wpi_clock_wait(sc)) != 0) 5226 return error; 5227 5228 if ((error = wpi_nic_lock(sc)) != 0) 5229 return error; 5230 /* Cleanup. */ 5231 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 0x00000400); 5232 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000200); 5233 5234 /* Enable DMA and BSM (Bootstrap State Machine). */ 5235 wpi_prph_write(sc, WPI_APMG_CLK_EN, 5236 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT); 5237 DELAY(20); 5238 /* Disable L1-Active. */ 5239 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 5240 wpi_nic_unlock(sc); 5241 5242 return 0; 5243 } 5244 5245 static void 5246 wpi_apm_stop_master(struct wpi_softc *sc) 5247 { 5248 int ntries; 5249 5250 /* Stop busmaster DMA activity. */ 5251 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 5252 5253 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 5254 WPI_GP_CNTRL_MAC_PS) 5255 return; /* Already asleep. */ 5256 5257 for (ntries = 0; ntries < 100; ntries++) { 5258 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 5259 return; 5260 DELAY(10); 5261 } 5262 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", 5263 __func__); 5264 } 5265 5266 static void 5267 wpi_apm_stop(struct wpi_softc *sc) 5268 { 5269 wpi_apm_stop_master(sc); 5270 5271 /* Reset the entire device. */ 5272 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 5273 DELAY(10); 5274 /* Clear "initialization complete" bit. */ 5275 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 5276 } 5277 5278 static void 5279 wpi_nic_config(struct wpi_softc *sc) 5280 { 5281 uint32_t rev; 5282 5283 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5284 5285 /* voodoo from the Linux "driver".. */ 5286 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1); 5287 if ((rev & 0xc0) == 0x40) 5288 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 5289 else if (!(rev & 0x80)) 5290 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 5291 5292 if (sc->cap == 0x80) 5293 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 5294 5295 if ((sc->rev & 0xf0) == 0xd0) 5296 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 5297 else 5298 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 5299 5300 if (sc->type > 1) 5301 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 5302 } 5303 5304 static int 5305 wpi_hw_init(struct wpi_softc *sc) 5306 { 5307 uint8_t chnl; 5308 int ntries, error; 5309 5310 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5311 5312 /* Clear pending interrupts. */ 5313 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5314 5315 if ((error = wpi_apm_init(sc)) != 0) { 5316 device_printf(sc->sc_dev, 5317 "%s: could not power ON adapter, error %d\n", __func__, 5318 error); 5319 return error; 5320 } 5321 5322 /* Select VMAIN power source. */ 5323 if ((error = wpi_nic_lock(sc)) != 0) 5324 return error; 5325 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 5326 wpi_nic_unlock(sc); 5327 /* Spin until VMAIN gets selected. */ 5328 for (ntries = 0; ntries < 5000; ntries++) { 5329 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 5330 break; 5331 DELAY(10); 5332 } 5333 if (ntries == 5000) { 5334 device_printf(sc->sc_dev, "timeout selecting power source\n"); 5335 return ETIMEDOUT; 5336 } 5337 5338 /* Perform adapter initialization. */ 5339 wpi_nic_config(sc); 5340 5341 /* Initialize RX ring. */ 5342 if ((error = wpi_nic_lock(sc)) != 0) 5343 return error; 5344 /* Set physical address of RX ring. */ 5345 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 5346 /* Set physical address of RX read pointer. */ 5347 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 5348 offsetof(struct wpi_shared, next)); 5349 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 5350 /* Enable RX. */ 5351 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 5352 WPI_FH_RX_CONFIG_DMA_ENA | 5353 WPI_FH_RX_CONFIG_RDRBD_ENA | 5354 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 5355 WPI_FH_RX_CONFIG_MAXFRAG | 5356 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 5357 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 5358 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1)); 5359 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 5360 wpi_nic_unlock(sc); 5361 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 5362 5363 /* Initialize TX rings. */ 5364 if ((error = wpi_nic_lock(sc)) != 0) 5365 return error; 5366 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 5367 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 5368 /* Enable all 6 TX rings. */ 5369 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 5370 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 5371 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 5372 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 5373 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 5374 /* Set physical address of TX rings. */ 5375 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 5376 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 5377 5378 /* Enable all DMA channels. */ 5379 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5380 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 5381 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 5382 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 5383 } 5384 wpi_nic_unlock(sc); 5385 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 5386 5387 /* Clear "radio off" and "commands blocked" bits. */ 5388 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5389 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 5390 5391 /* Clear pending interrupts. */ 5392 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5393 /* Enable interrupts. */ 5394 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 5395 5396 /* _Really_ make sure "radio off" bit is cleared! */ 5397 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5398 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5399 5400 if ((error = wpi_load_firmware(sc)) != 0) { 5401 device_printf(sc->sc_dev, 5402 "%s: could not load firmware, error %d\n", __func__, 5403 error); 5404 return error; 5405 } 5406 /* Wait at most one second for firmware alive notification. */ 5407 #if defined(__DragonFly__) 5408 if ((error = lksleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5409 #else 5410 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5411 #endif 5412 device_printf(sc->sc_dev, 5413 "%s: timeout waiting for adapter to initialize, error %d\n", 5414 __func__, error); 5415 return error; 5416 } 5417 5418 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5419 5420 /* Do post-firmware initialization. */ 5421 return wpi_post_alive(sc); 5422 } 5423 5424 static void 5425 wpi_hw_stop(struct wpi_softc *sc) 5426 { 5427 uint8_t chnl, qid; 5428 int ntries; 5429 5430 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5431 5432 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) 5433 wpi_nic_lock(sc); 5434 5435 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 5436 5437 /* Disable interrupts. */ 5438 WPI_WRITE(sc, WPI_INT_MASK, 0); 5439 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5440 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 5441 5442 /* Make sure we no longer hold the NIC lock. */ 5443 wpi_nic_unlock(sc); 5444 5445 if (wpi_nic_lock(sc) == 0) { 5446 /* Stop TX scheduler. */ 5447 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 5448 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 5449 5450 /* Stop all DMA channels. */ 5451 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5452 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 5453 for (ntries = 0; ntries < 200; ntries++) { 5454 if (WPI_READ(sc, WPI_FH_TX_STATUS) & 5455 WPI_FH_TX_STATUS_IDLE(chnl)) 5456 break; 5457 DELAY(10); 5458 } 5459 } 5460 wpi_nic_unlock(sc); 5461 } 5462 5463 /* Stop RX ring. */ 5464 wpi_reset_rx_ring(sc); 5465 5466 /* Reset all TX rings. */ 5467 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) 5468 wpi_reset_tx_ring(sc, &sc->txq[qid]); 5469 5470 if (wpi_nic_lock(sc) == 0) { 5471 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 5472 WPI_APMG_CLK_CTRL_DMA_CLK_RQT); 5473 wpi_nic_unlock(sc); 5474 } 5475 DELAY(5); 5476 /* Power OFF adapter. */ 5477 wpi_apm_stop(sc); 5478 } 5479 5480 static void 5481 wpi_radio_on(void *arg0, int pending) 5482 { 5483 struct wpi_softc *sc = arg0; 5484 struct ieee80211com *ic = &sc->sc_ic; 5485 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5486 5487 device_printf(sc->sc_dev, "RF switch: radio enabled\n"); 5488 5489 WPI_LOCK(sc); 5490 callout_stop(&sc->watchdog_rfkill); 5491 WPI_UNLOCK(sc); 5492 5493 if (vap != NULL) 5494 ieee80211_init(vap); 5495 } 5496 5497 static void 5498 wpi_radio_off(void *arg0, int pending) 5499 { 5500 struct wpi_softc *sc = arg0; 5501 struct ieee80211com *ic = &sc->sc_ic; 5502 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5503 5504 device_printf(sc->sc_dev, "RF switch: radio disabled\n"); 5505 5506 ieee80211_notify_radio(ic, 0); 5507 wpi_stop(sc); 5508 if (vap != NULL) 5509 ieee80211_stop(vap); 5510 5511 WPI_LOCK(sc); 5512 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc); 5513 WPI_UNLOCK(sc); 5514 } 5515 5516 static int 5517 wpi_init(struct wpi_softc *sc) 5518 { 5519 int error = 0; 5520 5521 WPI_LOCK(sc); 5522 5523 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5524 5525 if (sc->sc_running != 0) 5526 goto end; 5527 5528 /* Check that the radio is not disabled by hardware switch. */ 5529 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 5530 device_printf(sc->sc_dev, 5531 "RF switch: radio disabled (%s)\n", __func__); 5532 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 5533 sc); 5534 error = EINPROGRESS; 5535 goto end; 5536 } 5537 5538 /* Read firmware images from the filesystem. */ 5539 if ((error = wpi_read_firmware(sc)) != 0) { 5540 device_printf(sc->sc_dev, 5541 "%s: could not read firmware, error %d\n", __func__, 5542 error); 5543 goto end; 5544 } 5545 5546 sc->sc_running = 1; 5547 5548 /* Initialize hardware and upload firmware. */ 5549 error = wpi_hw_init(sc); 5550 wpi_unload_firmware(sc); 5551 if (error != 0) { 5552 device_printf(sc->sc_dev, 5553 "%s: could not initialize hardware, error %d\n", __func__, 5554 error); 5555 goto fail; 5556 } 5557 5558 /* Configure adapter now that it is ready. */ 5559 if ((error = wpi_config(sc)) != 0) { 5560 device_printf(sc->sc_dev, 5561 "%s: could not configure device, error %d\n", __func__, 5562 error); 5563 goto fail; 5564 } 5565 5566 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5567 5568 WPI_UNLOCK(sc); 5569 5570 return 0; 5571 5572 fail: wpi_stop_locked(sc); 5573 5574 end: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 5575 WPI_UNLOCK(sc); 5576 5577 return error; 5578 } 5579 5580 static void 5581 wpi_stop_locked(struct wpi_softc *sc) 5582 { 5583 5584 WPI_LOCK_ASSERT(sc); 5585 5586 if (sc->sc_running == 0) 5587 return; 5588 5589 WPI_TX_LOCK(sc); 5590 WPI_TXQ_LOCK(sc); 5591 sc->sc_running = 0; 5592 WPI_TXQ_UNLOCK(sc); 5593 WPI_TX_UNLOCK(sc); 5594 5595 WPI_TXQ_STATE_LOCK(sc); 5596 callout_stop(&sc->tx_timeout); 5597 WPI_TXQ_STATE_UNLOCK(sc); 5598 5599 WPI_RXON_LOCK(sc); 5600 callout_stop(&sc->scan_timeout); 5601 callout_stop(&sc->calib_to); 5602 WPI_RXON_UNLOCK(sc); 5603 5604 /* Power OFF hardware. */ 5605 wpi_hw_stop(sc); 5606 } 5607 5608 static void 5609 wpi_stop(struct wpi_softc *sc) 5610 { 5611 WPI_LOCK(sc); 5612 wpi_stop_locked(sc); 5613 WPI_UNLOCK(sc); 5614 } 5615 5616 /* 5617 * Callback from net80211 to start a scan. 5618 */ 5619 static void 5620 wpi_scan_start(struct ieee80211com *ic) 5621 { 5622 struct wpi_softc *sc = ic->ic_softc; 5623 5624 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 5625 } 5626 5627 /* 5628 * Callback from net80211 to terminate a scan. 5629 */ 5630 static void 5631 wpi_scan_end(struct ieee80211com *ic) 5632 { 5633 struct wpi_softc *sc = ic->ic_softc; 5634 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5635 5636 if (vap->iv_state == IEEE80211_S_RUN) 5637 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 5638 } 5639 5640 /** 5641 * Called by the net80211 framework to indicate to the driver 5642 * that the channel should be changed 5643 */ 5644 static void 5645 wpi_set_channel(struct ieee80211com *ic) 5646 { 5647 const struct ieee80211_channel *c = ic->ic_curchan; 5648 struct wpi_softc *sc = ic->ic_softc; 5649 int error; 5650 5651 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5652 5653 WPI_LOCK(sc); 5654 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq); 5655 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags); 5656 WPI_UNLOCK(sc); 5657 WPI_TX_LOCK(sc); 5658 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq); 5659 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags); 5660 WPI_TX_UNLOCK(sc); 5661 5662 /* 5663 * Only need to set the channel in Monitor mode. AP scanning and auth 5664 * are already taken care of by their respective firmware commands. 5665 */ 5666 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 5667 WPI_RXON_LOCK(sc); 5668 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 5669 if (IEEE80211_IS_CHAN_2GHZ(c)) { 5670 sc->rxon.flags |= htole32(WPI_RXON_AUTO | 5671 WPI_RXON_24GHZ); 5672 } else { 5673 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO | 5674 WPI_RXON_24GHZ); 5675 } 5676 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) 5677 device_printf(sc->sc_dev, 5678 "%s: error %d setting channel\n", __func__, 5679 error); 5680 WPI_RXON_UNLOCK(sc); 5681 } 5682 } 5683 5684 /** 5685 * Called by net80211 to indicate that we need to scan the current 5686 * channel. The channel is previously be set via the wpi_set_channel 5687 * callback. 5688 */ 5689 static void 5690 wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 5691 { 5692 struct ieee80211vap *vap = ss->ss_vap; 5693 struct ieee80211com *ic = vap->iv_ic; 5694 struct wpi_softc *sc = ic->ic_softc; 5695 int error; 5696 5697 WPI_RXON_LOCK(sc); 5698 error = wpi_scan(sc, ic->ic_curchan); 5699 WPI_RXON_UNLOCK(sc); 5700 if (error != 0) 5701 ieee80211_cancel_scan(vap); 5702 } 5703 5704 /** 5705 * Called by the net80211 framework to indicate 5706 * the minimum dwell time has been met, terminate the scan. 5707 * We don't actually terminate the scan as the firmware will notify 5708 * us when it's finished and we have no way to interrupt it. 5709 */ 5710 static void 5711 wpi_scan_mindwell(struct ieee80211_scan_state *ss) 5712 { 5713 /* NB: don't try to abort scan; wait for firmware to finish */ 5714 } 5715