1 /* $OpenBSD: if_wpi.c,v 1.92 2009/09/20 20:04:07 damien Exp $ */ 2 3 /*- 4 * Copyright (c) 2006-2008 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/sysctl.h> 29 #include <sys/mbuf.h> 30 #include <sys/kernel.h> 31 #include <sys/socket.h> 32 #include <sys/systm.h> 33 #include <sys/malloc.h> 34 #include <sys/conf.h> 35 #include <sys/device.h> 36 #include <sys/sensors.h> 37 38 #include <machine/bus.h> 39 #include <machine/endian.h> 40 #include <machine/intr.h> 41 42 #include <dev/pci/pcireg.h> 43 #include <dev/pci/pcivar.h> 44 #include <dev/pci/pcidevs.h> 45 46 #if NBPFILTER > 0 47 #include <net/bpf.h> 48 #endif 49 #include <net/if.h> 50 #include <net/if_arp.h> 51 #include <net/if_dl.h> 52 #include <net/if_media.h> 53 #include <net/if_types.h> 54 55 #include <netinet/in.h> 56 #include <netinet/in_systm.h> 57 #include <netinet/in_var.h> 58 #include <netinet/if_ether.h> 59 #include <netinet/ip.h> 60 61 #include <net80211/ieee80211_var.h> 62 #include <net80211/ieee80211_amrr.h> 63 #include <net80211/ieee80211_radiotap.h> 64 65 #include <dev/pci/if_wpireg.h> 66 #include <dev/pci/if_wpivar.h> 67 68 static const struct pci_matchid wpi_devices[] = { 69 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1 }, 70 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2 } 71 }; 72 73 int wpi_match(struct device *, void *, void *); 74 void wpi_attach(struct device *, struct device *, void *); 75 #ifndef SMALL_KERNEL 76 void wpi_sensor_attach(struct wpi_softc *); 77 #endif 78 #if NBPFILTER > 0 79 void wpi_radiotap_attach(struct wpi_softc *); 80 #endif 81 int wpi_detach(struct device *, int); 82 void wpi_power(int, void *); 83 int wpi_nic_lock(struct wpi_softc *); 84 int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 85 int wpi_dma_contig_alloc(bus_dma_tag_t, struct wpi_dma_info *, 86 void **, bus_size_t, bus_size_t); 87 void wpi_dma_contig_free(struct wpi_dma_info *); 88 int wpi_alloc_shared(struct wpi_softc *); 89 void wpi_free_shared(struct wpi_softc *); 90 int wpi_alloc_fwmem(struct wpi_softc *); 91 void wpi_free_fwmem(struct wpi_softc *); 92 int wpi_alloc_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 93 void wpi_reset_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 94 void wpi_free_rx_ring(struct wpi_softc *, struct wpi_rx_ring *); 95 int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 96 int); 97 void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 98 void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 99 int wpi_read_eeprom(struct wpi_softc *); 100 void wpi_read_eeprom_channels(struct wpi_softc *, int); 101 void wpi_read_eeprom_group(struct wpi_softc *, int); 102 struct ieee80211_node *wpi_node_alloc(struct ieee80211com *); 103 void wpi_newassoc(struct ieee80211com *, struct ieee80211_node *, 104 int); 105 int wpi_media_change(struct ifnet *); 106 int wpi_newstate(struct ieee80211com *, enum ieee80211_state, int); 107 void wpi_iter_func(void *, struct ieee80211_node *); 108 void wpi_calib_timeout(void *); 109 int wpi_ccmp_decap(struct wpi_softc *, struct mbuf *, 110 struct ieee80211_key *); 111 void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 112 struct wpi_rx_data *); 113 void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 114 void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 115 void wpi_notif_intr(struct wpi_softc *); 116 void wpi_fatal_intr(struct wpi_softc *); 117 int wpi_intr(void *); 118 int wpi_tx(struct wpi_softc *, struct mbuf *, 119 struct ieee80211_node *); 120 void wpi_start(struct ifnet *); 121 void wpi_watchdog(struct ifnet *); 122 int wpi_ioctl(struct ifnet *, u_long, caddr_t); 123 int wpi_cmd(struct wpi_softc *, int, const void *, int, int); 124 int wpi_mrr_setup(struct wpi_softc *); 125 void wpi_updateedca(struct ieee80211com *); 126 void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 127 int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 128 void wpi_power_calibration(struct wpi_softc *, int); 129 int wpi_set_txpower(struct wpi_softc *, int); 130 int wpi_get_power_index(struct wpi_softc *, 131 struct wpi_power_group *, struct ieee80211_channel *, int); 132 int wpi_set_pslevel(struct wpi_softc *, int, int, int); 133 int wpi_config(struct wpi_softc *); 134 int wpi_scan(struct wpi_softc *, uint16_t); 135 int wpi_auth(struct wpi_softc *); 136 int wpi_run(struct wpi_softc *); 137 int wpi_set_key(struct ieee80211com *, struct ieee80211_node *, 138 struct ieee80211_key *); 139 void wpi_delete_key(struct ieee80211com *, struct ieee80211_node *, 140 struct ieee80211_key *); 141 int wpi_post_alive(struct wpi_softc *); 142 int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 143 int wpi_load_firmware(struct wpi_softc *); 144 int wpi_read_firmware(struct wpi_softc *); 145 int wpi_clock_wait(struct wpi_softc *); 146 int wpi_apm_init(struct wpi_softc *); 147 void wpi_apm_stop_master(struct wpi_softc *); 148 void wpi_apm_stop(struct wpi_softc *); 149 void wpi_nic_config(struct wpi_softc *); 150 int wpi_hw_init(struct wpi_softc *); 151 void wpi_hw_stop(struct wpi_softc *); 152 int wpi_init(struct ifnet *); 153 void wpi_stop(struct ifnet *, int); 154 155 #ifdef WPI_DEBUG 156 #define DPRINTF(x) do { if (wpi_debug > 0) printf x; } while (0) 157 #define DPRINTFN(n, x) do { if (wpi_debug >= (n)) printf x; } while (0) 158 int wpi_debug = 0; 159 #else 160 #define DPRINTF(x) 161 #define DPRINTFN(n, x) 162 #endif 163 164 struct cfdriver wpi_cd = { 165 NULL, "wpi", DV_IFNET 166 }; 167 168 struct cfattach wpi_ca = { 169 sizeof (struct wpi_softc), wpi_match, wpi_attach, wpi_detach 170 }; 171 172 int 173 wpi_match(struct device *parent, void *match, void *aux) 174 { 175 return pci_matchbyid((struct pci_attach_args *)aux, wpi_devices, 176 nitems(wpi_devices)); 177 } 178 179 void 180 wpi_attach(struct device *parent, struct device *self, void *aux) 181 { 182 struct wpi_softc *sc = (struct wpi_softc *)self; 183 struct ieee80211com *ic = &sc->sc_ic; 184 struct ifnet *ifp = &ic->ic_if; 185 struct pci_attach_args *pa = aux; 186 const char *intrstr; 187 pci_intr_handle_t ih; 188 pcireg_t memtype, reg; 189 int i, error; 190 191 sc->sc_pct = pa->pa_pc; 192 sc->sc_pcitag = pa->pa_tag; 193 sc->sc_dmat = pa->pa_dmat; 194 195 /* 196 * Get the offset of the PCI Express Capability Structure in PCI 197 * Configuration Space (the vendor driver hard-codes it as E0h.) 198 */ 199 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 200 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 201 if (error == 0) { 202 printf(": PCIe capability structure not found!\n"); 203 return; 204 } 205 206 /* Clear device-specific "PCI retry timeout" register (41h). */ 207 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 208 reg &= ~0xff00; 209 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 210 211 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, WPI_PCI_BAR0); 212 error = pci_mapreg_map(pa, WPI_PCI_BAR0, memtype, 0, &sc->sc_st, 213 &sc->sc_sh, NULL, &sc->sc_sz, 0); 214 if (error != 0) { 215 printf(": can't map mem space\n"); 216 return; 217 } 218 219 /* Install interrupt handler. */ 220 if (pci_intr_map(pa, &ih) != 0) { 221 printf(": can't map interrupt\n"); 222 return; 223 } 224 intrstr = pci_intr_string(sc->sc_pct, ih); 225 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, wpi_intr, sc, 226 sc->sc_dev.dv_xname); 227 if (sc->sc_ih == NULL) { 228 printf(": can't establish interrupt"); 229 if (intrstr != NULL) 230 printf(" at %s", intrstr); 231 printf("\n"); 232 return; 233 } 234 printf(": %s", intrstr); 235 236 /* Power ON adapter. */ 237 if ((error = wpi_apm_init(sc)) != 0) { 238 printf(": could not power ON adapter\n"); 239 return; 240 } 241 242 /* Read MAC address, channels, etc from EEPROM. */ 243 if ((error = wpi_read_eeprom(sc)) != 0) { 244 printf(": could not read EEPROM\n"); 245 return; 246 } 247 248 /* Allocate DMA memory for firmware transfers. */ 249 if ((error = wpi_alloc_fwmem(sc)) != 0) { 250 printf(": could not allocate memory for firmware\n"); 251 return; 252 } 253 254 /* Allocate shared area. */ 255 if ((error = wpi_alloc_shared(sc)) != 0) { 256 printf(": could not allocate shared area\n"); 257 goto fail1; 258 } 259 260 /* Allocate TX rings. */ 261 for (i = 0; i < WPI_NTXQUEUES; i++) { 262 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 263 printf(": could not allocate TX ring %d\n", i); 264 goto fail2; 265 } 266 } 267 268 /* Allocate RX ring. */ 269 if ((error = wpi_alloc_rx_ring(sc, &sc->rxq)) != 0) { 270 printf(": could not allocate Rx ring\n"); 271 goto fail2; 272 } 273 274 /* Power OFF adapter. */ 275 wpi_apm_stop(sc); 276 /* Clear pending interrupts. */ 277 WPI_WRITE(sc, WPI_INT, 0xffffffff); 278 279 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 280 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 281 ic->ic_state = IEEE80211_S_INIT; 282 283 /* Set device capabilities. */ 284 ic->ic_caps = 285 IEEE80211_C_WEP | /* WEP */ 286 IEEE80211_C_RSN | /* WPA/RSN */ 287 IEEE80211_C_MONITOR | /* monitor mode supported */ 288 IEEE80211_C_SHSLOT | /* short slot time supported */ 289 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 290 IEEE80211_C_PMGT; /* power saving supported */ 291 292 /* Set supported rates. */ 293 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 294 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 295 if (sc->sc_flags & WPI_FLAG_HAS_5GHZ) { 296 ic->ic_sup_rates[IEEE80211_MODE_11A] = 297 ieee80211_std_rateset_11a; 298 } 299 300 /* IBSS channel undefined for now. */ 301 ic->ic_ibss_chan = &ic->ic_channels[0]; 302 303 ifp->if_softc = sc; 304 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 305 ifp->if_init = wpi_init; 306 ifp->if_ioctl = wpi_ioctl; 307 ifp->if_start = wpi_start; 308 ifp->if_watchdog = wpi_watchdog; 309 IFQ_SET_READY(&ifp->if_snd); 310 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 311 312 if_attach(ifp); 313 ieee80211_ifattach(ifp); 314 ic->ic_node_alloc = wpi_node_alloc; 315 ic->ic_newassoc = wpi_newassoc; 316 ic->ic_updateedca = wpi_updateedca; 317 ic->ic_set_key = wpi_set_key; 318 ic->ic_delete_key = wpi_delete_key; 319 320 /* Override 802.11 state transition machine. */ 321 sc->sc_newstate = ic->ic_newstate; 322 ic->ic_newstate = wpi_newstate; 323 ieee80211_media_init(ifp, wpi_media_change, ieee80211_media_status); 324 325 sc->amrr.amrr_min_success_threshold = 1; 326 sc->amrr.amrr_max_success_threshold = 15; 327 328 #ifndef SMALL_KERNEL 329 wpi_sensor_attach(sc); 330 #endif 331 #if NBPFILTER > 0 332 wpi_radiotap_attach(sc); 333 #endif 334 timeout_set(&sc->calib_to, wpi_calib_timeout, sc); 335 336 sc->powerhook = powerhook_establish(wpi_power, sc); 337 338 return; 339 340 /* Free allocated memory if something failed during attachment. */ 341 fail2: while (--i >= 0) 342 wpi_free_tx_ring(sc, &sc->txq[i]); 343 wpi_free_shared(sc); 344 fail1: wpi_free_fwmem(sc); 345 } 346 347 #ifndef SMALL_KERNEL 348 /* 349 * Attach the adapter's on-board thermal sensor to the sensors framework. 350 */ 351 void 352 wpi_sensor_attach(struct wpi_softc *sc) 353 { 354 strlcpy(sc->sensordev.xname, sc->sc_dev.dv_xname, 355 sizeof sc->sensordev.xname); 356 strlcpy(sc->sensor.desc, "temperature 0 - 285", 357 sizeof sc->sensor.desc); 358 sc->sensor.type = SENSOR_INTEGER; /* not in muK! */ 359 /* Temperature is not valid unless interface is up. */ 360 sc->sensor.flags = SENSOR_FINVALID; 361 sensor_attach(&sc->sensordev, &sc->sensor); 362 sensordev_install(&sc->sensordev); 363 } 364 #endif 365 366 #if NBPFILTER > 0 367 /* 368 * Attach the interface to 802.11 radiotap. 369 */ 370 void 371 wpi_radiotap_attach(struct wpi_softc *sc) 372 { 373 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 374 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 375 376 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 377 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 378 sc->sc_rxtap.wr_ihdr.it_present = htole32(WPI_RX_RADIOTAP_PRESENT); 379 380 sc->sc_txtap_len = sizeof sc->sc_txtapu; 381 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 382 sc->sc_txtap.wt_ihdr.it_present = htole32(WPI_TX_RADIOTAP_PRESENT); 383 } 384 #endif 385 386 int 387 wpi_detach(struct device *self, int flags) 388 { 389 struct wpi_softc *sc = (struct wpi_softc *)self; 390 struct ifnet *ifp = &sc->sc_ic.ic_if; 391 int s, qid; 392 393 s = splnet(); 394 timeout_del(&sc->calib_to); 395 396 /* Uninstall interrupt handler. */ 397 if (sc->sc_ih != NULL) 398 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 399 400 ieee80211_ifdetach(ifp); 401 if_detach(ifp); 402 splx(s); 403 404 /* Free DMA resources. */ 405 wpi_free_rx_ring(sc, &sc->rxq); 406 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 407 wpi_free_tx_ring(sc, &sc->txq[qid]); 408 wpi_free_shared(sc); 409 wpi_free_fwmem(sc); 410 411 #ifndef SMALL_KERNEL 412 /* Detach the thermal sensor. */ 413 sensor_detach(&sc->sensordev, &sc->sensor); 414 sensordev_deinstall(&sc->sensordev); 415 #endif 416 417 if (sc->powerhook != NULL) 418 powerhook_disestablish(sc->powerhook); 419 420 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 421 422 return 0; 423 } 424 425 void 426 wpi_power(int why, void *arg) 427 { 428 struct wpi_softc *sc = arg; 429 struct ifnet *ifp; 430 pcireg_t reg; 431 int s; 432 433 if (why != PWR_RESUME) 434 return; 435 436 /* Clear device-specific "PCI retry timeout" register (41h). */ 437 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 438 reg &= ~0xff00; 439 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 440 441 s = splnet(); 442 ifp = &sc->sc_ic.ic_if; 443 if (ifp->if_flags & IFF_UP) { 444 ifp->if_init(ifp); 445 if (ifp->if_flags & IFF_RUNNING) 446 ifp->if_start(ifp); 447 } 448 splx(s); 449 } 450 451 int 452 wpi_nic_lock(struct wpi_softc *sc) 453 { 454 int ntries; 455 456 /* Request exclusive access to NIC. */ 457 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 458 459 /* Spin until we actually get the lock. */ 460 for (ntries = 0; ntries < 1000; ntries++) { 461 if ((WPI_READ(sc, WPI_GP_CNTRL) & 462 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 463 WPI_GP_CNTRL_MAC_ACCESS_ENA) 464 return 0; 465 DELAY(10); 466 } 467 return ETIMEDOUT; 468 } 469 470 static __inline void 471 wpi_nic_unlock(struct wpi_softc *sc) 472 { 473 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 474 } 475 476 static __inline uint32_t 477 wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 478 { 479 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 480 return WPI_READ(sc, WPI_PRPH_RDATA); 481 } 482 483 static __inline void 484 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 485 { 486 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 487 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 488 } 489 490 static __inline void 491 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 492 { 493 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 494 } 495 496 static __inline void 497 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 498 { 499 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 500 } 501 502 static __inline void 503 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 504 const uint32_t *data, int count) 505 { 506 for (; count > 0; count--, data++, addr += 4) 507 wpi_prph_write(sc, addr, *data); 508 } 509 510 static __inline uint32_t 511 wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 512 { 513 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 514 return WPI_READ(sc, WPI_MEM_RDATA); 515 } 516 517 static __inline void 518 wpi_mem_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 519 { 520 WPI_WRITE(sc, WPI_MEM_WADDR, addr); 521 WPI_WRITE(sc, WPI_MEM_WDATA, data); 522 } 523 524 static __inline void 525 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 526 int count) 527 { 528 for (; count > 0; count--, addr += 4) 529 *data++ = wpi_mem_read(sc, addr); 530 } 531 532 int 533 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 534 { 535 uint8_t *out = data; 536 uint32_t val; 537 int error, ntries; 538 539 if ((error = wpi_nic_lock(sc)) != 0) 540 return error; 541 542 for (; count > 0; count -= 2, addr++) { 543 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 544 WPI_CLRBITS(sc, WPI_EEPROM, WPI_EEPROM_CMD); 545 546 for (ntries = 0; ntries < 10; ntries++) { 547 val = WPI_READ(sc, WPI_EEPROM); 548 if (val & WPI_EEPROM_READ_VALID) 549 break; 550 DELAY(5); 551 } 552 if (ntries == 10) { 553 printf("%s: could not read EEPROM\n", 554 sc->sc_dev.dv_xname); 555 return ETIMEDOUT; 556 } 557 *out++ = val >> 16; 558 if (count > 1) 559 *out++ = val >> 24; 560 } 561 562 wpi_nic_unlock(sc); 563 return 0; 564 } 565 566 int 567 wpi_dma_contig_alloc(bus_dma_tag_t tag, struct wpi_dma_info *dma, void **kvap, 568 bus_size_t size, bus_size_t alignment) 569 { 570 int nsegs, error; 571 572 dma->tag = tag; 573 dma->size = size; 574 575 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 576 &dma->map); 577 if (error != 0) 578 goto fail; 579 580 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 581 BUS_DMA_NOWAIT | BUS_DMA_ZERO); 582 if (error != 0) 583 goto fail; 584 585 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 586 BUS_DMA_NOWAIT); 587 if (error != 0) 588 goto fail; 589 590 error = bus_dmamap_load_raw(tag, dma->map, &dma->seg, 1, size, 591 BUS_DMA_NOWAIT); 592 if (error != 0) 593 goto fail; 594 595 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 596 597 dma->paddr = dma->map->dm_segs[0].ds_addr; 598 if (kvap != NULL) 599 *kvap = dma->vaddr; 600 601 return 0; 602 603 fail: wpi_dma_contig_free(dma); 604 return error; 605 } 606 607 void 608 wpi_dma_contig_free(struct wpi_dma_info *dma) 609 { 610 if (dma->map != NULL) { 611 if (dma->vaddr != NULL) { 612 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 613 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 614 bus_dmamap_unload(dma->tag, dma->map); 615 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 616 bus_dmamem_free(dma->tag, &dma->seg, 1); 617 dma->vaddr = NULL; 618 } 619 bus_dmamap_destroy(dma->tag, dma->map); 620 dma->map = NULL; 621 } 622 } 623 624 int 625 wpi_alloc_shared(struct wpi_softc *sc) 626 { 627 /* Shared buffer must be aligned on a 4KB boundary. */ 628 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 629 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 630 } 631 632 void 633 wpi_free_shared(struct wpi_softc *sc) 634 { 635 wpi_dma_contig_free(&sc->shared_dma); 636 } 637 638 int 639 wpi_alloc_fwmem(struct wpi_softc *sc) 640 { 641 /* Allocate enough contiguous space to store text and data. */ 642 return wpi_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 643 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 644 } 645 646 void 647 wpi_free_fwmem(struct wpi_softc *sc) 648 { 649 wpi_dma_contig_free(&sc->fw_dma); 650 } 651 652 int 653 wpi_alloc_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 654 { 655 bus_size_t size; 656 int i, error; 657 658 ring->cur = 0; 659 660 /* Allocate RX descriptors (16KB aligned.) */ 661 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 662 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 663 (void **)&ring->desc, size, 16 * 1024); 664 if (error != 0) { 665 printf("%s: could not allocate RX ring DMA memory\n", 666 sc->sc_dev.dv_xname); 667 goto fail; 668 } 669 670 /* 671 * Allocate and map RX buffers. 672 */ 673 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 674 struct wpi_rx_data *data = &ring->data[i]; 675 676 error = bus_dmamap_create(sc->sc_dmat, WPI_RBUF_SIZE, 1, 677 WPI_RBUF_SIZE, 0, BUS_DMA_NOWAIT, &data->map); 678 if (error != 0) { 679 printf("%s: could not create RX buf DMA map\n", 680 sc->sc_dev.dv_xname); 681 goto fail; 682 } 683 684 data->m = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 685 if (data->m == NULL) { 686 printf("%s: could not allocate RX mbuf\n", 687 sc->sc_dev.dv_xname); 688 error = ENOBUFS; 689 goto fail; 690 } 691 692 error = bus_dmamap_load(sc->sc_dmat, data->map, 693 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 694 BUS_DMA_NOWAIT); 695 if (error != 0) { 696 printf("%s: can't map mbuf (error %d)\n", 697 sc->sc_dev.dv_xname, error); 698 goto fail; 699 } 700 701 /* Set physical address of RX buffer. */ 702 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr); 703 } 704 705 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 706 BUS_DMASYNC_PREWRITE); 707 708 return 0; 709 710 fail: wpi_free_rx_ring(sc, ring); 711 return error; 712 } 713 714 void 715 wpi_reset_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 716 { 717 int ntries; 718 719 if (wpi_nic_lock(sc) == 0) { 720 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 721 for (ntries = 0; ntries < 100; ntries++) { 722 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 723 WPI_FH_RX_STATUS_IDLE) 724 break; 725 DELAY(10); 726 } 727 wpi_nic_unlock(sc); 728 } 729 ring->cur = 0; 730 } 731 732 void 733 wpi_free_rx_ring(struct wpi_softc *sc, struct wpi_rx_ring *ring) 734 { 735 int i; 736 737 wpi_dma_contig_free(&ring->desc_dma); 738 739 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 740 struct wpi_rx_data *data = &ring->data[i]; 741 742 if (data->m != NULL) { 743 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 744 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 745 bus_dmamap_unload(sc->sc_dmat, data->map); 746 m_freem(data->m); 747 } 748 if (data->map != NULL) 749 bus_dmamap_destroy(sc->sc_dmat, data->map); 750 } 751 } 752 753 int 754 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 755 { 756 bus_addr_t paddr; 757 bus_size_t size; 758 int i, error; 759 760 ring->qid = qid; 761 ring->queued = 0; 762 ring->cur = 0; 763 764 /* Allocate TX descriptors (16KB aligned.) */ 765 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 766 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 767 (void **)&ring->desc, size, 16 * 1024); 768 if (error != 0) { 769 printf("%s: could not allocate TX ring DMA memory\n", 770 sc->sc_dev.dv_xname); 771 goto fail; 772 } 773 774 /* Update shared area with ring's physical address. */ 775 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 776 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 777 sizeof (struct wpi_shared), BUS_DMASYNC_PREWRITE); 778 779 /* 780 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 781 * to allocate commands space for other rings. 782 * XXX Do we really need to allocate descriptors for other rings? 783 */ 784 if (qid > 4) 785 return 0; 786 787 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 788 error = wpi_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 789 (void **)&ring->cmd, size, 4); 790 if (error != 0) { 791 printf("%s: could not allocate TX cmd DMA memory\n", 792 sc->sc_dev.dv_xname); 793 goto fail; 794 } 795 796 paddr = ring->cmd_dma.paddr; 797 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 798 struct wpi_tx_data *data = &ring->data[i]; 799 800 data->cmd_paddr = paddr; 801 paddr += sizeof (struct wpi_tx_cmd); 802 803 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 804 WPI_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 805 &data->map); 806 if (error != 0) { 807 printf("%s: could not create TX buf DMA map\n", 808 sc->sc_dev.dv_xname); 809 goto fail; 810 } 811 } 812 return 0; 813 814 fail: wpi_free_tx_ring(sc, ring); 815 return error; 816 } 817 818 void 819 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 820 { 821 int i; 822 823 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 824 struct wpi_tx_data *data = &ring->data[i]; 825 826 if (data->m != NULL) { 827 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 828 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 829 bus_dmamap_unload(sc->sc_dmat, data->map); 830 m_freem(data->m); 831 data->m = NULL; 832 } 833 } 834 /* Clear TX descriptors. */ 835 memset(ring->desc, 0, ring->desc_dma.size); 836 sc->qfullmsk &= ~(1 << ring->qid); 837 ring->queued = 0; 838 ring->cur = 0; 839 } 840 841 void 842 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 843 { 844 int i; 845 846 wpi_dma_contig_free(&ring->desc_dma); 847 wpi_dma_contig_free(&ring->cmd_dma); 848 849 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 850 struct wpi_tx_data *data = &ring->data[i]; 851 852 if (data->m != NULL) { 853 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 854 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 855 bus_dmamap_unload(sc->sc_dmat, data->map); 856 m_freem(data->m); 857 } 858 if (data->map != NULL) 859 bus_dmamap_destroy(sc->sc_dmat, data->map); 860 } 861 } 862 863 int 864 wpi_read_eeprom(struct wpi_softc *sc) 865 { 866 struct ieee80211com *ic = &sc->sc_ic; 867 char domain[4]; 868 int i; 869 870 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 871 printf("%s: bad EEPROM signature\n", sc->sc_dev.dv_xname); 872 return EIO; 873 } 874 /* Clear HW ownership of EEPROM. */ 875 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 876 877 wpi_read_prom_data(sc, WPI_EEPROM_CAPABILITIES, &sc->cap, 1); 878 wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 2); 879 wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1); 880 881 DPRINTF(("cap=%x rev=%x type=%x\n", sc->cap, letoh16(sc->rev), 882 sc->type)); 883 884 /* Read and print regulatory domain (4 ASCII characters.) */ 885 wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, domain, 4); 886 printf(", %.4s", domain); 887 888 /* Read and print MAC address. */ 889 wpi_read_prom_data(sc, WPI_EEPROM_MAC, ic->ic_myaddr, 6); 890 printf(", address %s\n", ether_sprintf(ic->ic_myaddr)); 891 892 /* Read the list of authorized channels. */ 893 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 894 wpi_read_eeprom_channels(sc, i); 895 896 /* Read the list of TX power groups. */ 897 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 898 wpi_read_eeprom_group(sc, i); 899 900 return 0; 901 } 902 903 void 904 wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 905 { 906 struct ieee80211com *ic = &sc->sc_ic; 907 const struct wpi_chan_band *band = &wpi_bands[n]; 908 struct wpi_eeprom_chan channels[WPI_MAX_CHAN_PER_BAND]; 909 int chan, i; 910 911 wpi_read_prom_data(sc, band->addr, channels, 912 band->nchan * sizeof (struct wpi_eeprom_chan)); 913 914 for (i = 0; i < band->nchan; i++) { 915 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) 916 continue; 917 918 chan = band->chan[i]; 919 920 if (n == 0) { /* 2GHz band */ 921 ic->ic_channels[chan].ic_freq = 922 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 923 ic->ic_channels[chan].ic_flags = 924 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 925 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 926 927 } else { /* 5GHz band */ 928 /* 929 * Some adapters support channels 7, 8, 11 and 12 930 * both in the 2GHz and 4.9GHz bands. 931 * Because of limitations in our net80211 layer, 932 * we don't support them in the 4.9GHz band. 933 */ 934 if (chan <= 14) 935 continue; 936 937 ic->ic_channels[chan].ic_freq = 938 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 939 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 940 } 941 942 /* Is active scan allowed on this channel? */ 943 if (!(channels[i].flags & WPI_EEPROM_CHAN_ACTIVE)) { 944 ic->ic_channels[chan].ic_flags |= 945 IEEE80211_CHAN_PASSIVE; 946 } 947 948 /* Save maximum allowed TX power for this channel. */ 949 sc->maxpwr[chan] = channels[i].maxpwr; 950 951 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 952 chan, channels[i].flags, sc->maxpwr[chan])); 953 } 954 } 955 956 void 957 wpi_read_eeprom_group(struct wpi_softc *sc, int n) 958 { 959 struct wpi_power_group *group = &sc->groups[n]; 960 struct wpi_eeprom_group rgroup; 961 int i; 962 963 wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, &rgroup, 964 sizeof rgroup); 965 966 /* Save TX power group information. */ 967 group->chan = rgroup.chan; 968 group->maxpwr = rgroup.maxpwr; 969 /* Retrieve temperature at which the samples were taken. */ 970 group->temp = (int16_t)letoh16(rgroup.temp); 971 972 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n, 973 group->chan, group->maxpwr, group->temp)); 974 975 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 976 group->samples[i].index = rgroup.samples[i].index; 977 group->samples[i].power = rgroup.samples[i].power; 978 979 DPRINTF(("\tsample %d: index=%d power=%d\n", i, 980 group->samples[i].index, group->samples[i].power)); 981 } 982 } 983 984 struct ieee80211_node * 985 wpi_node_alloc(struct ieee80211com *ic) 986 { 987 return malloc(sizeof (struct wpi_node), M_DEVBUF, M_NOWAIT | M_ZERO); 988 } 989 990 void 991 wpi_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 992 { 993 struct wpi_softc *sc = ic->ic_if.if_softc; 994 struct wpi_node *wn = (void *)ni; 995 uint8_t rate; 996 int ridx, i; 997 998 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 999 1000 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 1001 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 1002 /* Map 802.11 rate to HW rate index. */ 1003 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1004 if (wpi_rates[ridx].rate == rate) 1005 break; 1006 wn->ridx[i] = ridx; 1007 /* Initial TX rate <= 24Mbps. */ 1008 if (rate <= 48) 1009 ni->ni_txrate = i; 1010 } 1011 } 1012 1013 int 1014 wpi_media_change(struct ifnet *ifp) 1015 { 1016 struct wpi_softc *sc = ifp->if_softc; 1017 struct ieee80211com *ic = &sc->sc_ic; 1018 uint8_t rate, ridx; 1019 int error; 1020 1021 error = ieee80211_media_change(ifp); 1022 if (error != ENETRESET) 1023 return error; 1024 1025 if (ic->ic_fixed_rate != -1) { 1026 rate = ic->ic_sup_rates[ic->ic_curmode]. 1027 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1028 /* Map 802.11 rate to HW rate index. */ 1029 for (ridx = 0; ridx <= WPI_RIDX_MAX; ridx++) 1030 if (wpi_rates[ridx].rate == rate) 1031 break; 1032 sc->fixed_ridx = ridx; 1033 } 1034 1035 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1036 (IFF_UP | IFF_RUNNING)) { 1037 wpi_stop(ifp, 0); 1038 error = wpi_init(ifp); 1039 } 1040 return error; 1041 } 1042 1043 int 1044 wpi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1045 { 1046 struct ifnet *ifp = &ic->ic_if; 1047 struct wpi_softc *sc = ifp->if_softc; 1048 int error; 1049 1050 timeout_del(&sc->calib_to); 1051 1052 switch (nstate) { 1053 case IEEE80211_S_SCAN: 1054 /* Make the link LED blink while we're scanning. */ 1055 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1056 1057 if ((error = wpi_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1058 printf("%s: could not initiate scan\n", 1059 sc->sc_dev.dv_xname); 1060 return error; 1061 } 1062 ic->ic_state = nstate; 1063 return 0; 1064 1065 case IEEE80211_S_ASSOC: 1066 if (ic->ic_state != IEEE80211_S_RUN) 1067 break; 1068 /* FALLTHROUGH */ 1069 case IEEE80211_S_AUTH: 1070 /* Reset state to handle reassociations correctly. */ 1071 sc->rxon.associd = 0; 1072 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1073 1074 if ((error = wpi_auth(sc)) != 0) { 1075 printf("%s: could not move to auth state\n", 1076 sc->sc_dev.dv_xname); 1077 return error; 1078 } 1079 break; 1080 1081 case IEEE80211_S_RUN: 1082 if ((error = wpi_run(sc)) != 0) { 1083 printf("%s: could not move to run state\n", 1084 sc->sc_dev.dv_xname); 1085 return error; 1086 } 1087 break; 1088 1089 case IEEE80211_S_INIT: 1090 break; 1091 } 1092 1093 return sc->sc_newstate(ic, nstate, arg); 1094 } 1095 1096 void 1097 wpi_iter_func(void *arg, struct ieee80211_node *ni) 1098 { 1099 struct wpi_softc *sc = arg; 1100 struct wpi_node *wn = (struct wpi_node *)ni; 1101 1102 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1103 } 1104 1105 void 1106 wpi_calib_timeout(void *arg) 1107 { 1108 struct wpi_softc *sc = arg; 1109 struct ieee80211com *ic = &sc->sc_ic; 1110 int temp, s; 1111 1112 /* Automatic rate control triggered every 500ms. */ 1113 if (ic->ic_fixed_rate == -1) { 1114 s = splnet(); 1115 if (ic->ic_opmode == IEEE80211_M_STA) 1116 wpi_iter_func(sc, ic->ic_bss); 1117 else 1118 ieee80211_iterate_nodes(ic, wpi_iter_func, sc); 1119 splx(s); 1120 } 1121 /* Update sensor. */ 1122 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 1123 sc->sensor.value = temp + 260; 1124 1125 /* Force automatic TX power calibration every 60 secs. */ 1126 if (++sc->calib_cnt >= 120) { 1127 wpi_power_calibration(sc, temp); 1128 sc->calib_cnt = 0; 1129 } 1130 /* Automatic rate control triggered every 500ms. */ 1131 timeout_add_msec(&sc->calib_to, 500); 1132 } 1133 1134 int 1135 wpi_ccmp_decap(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_key *k) 1136 { 1137 struct ieee80211_frame *wh; 1138 uint64_t pn, *prsc; 1139 uint8_t *ivp; 1140 uint8_t tid; 1141 int hdrlen; 1142 1143 wh = mtod(m, struct ieee80211_frame *); 1144 hdrlen = ieee80211_get_hdrlen(wh); 1145 ivp = (uint8_t *)wh + hdrlen; 1146 1147 /* Check that ExtIV bit is be set. */ 1148 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) { 1149 DPRINTF(("CCMP decap ExtIV not set\n")); 1150 return 1; 1151 } 1152 tid = ieee80211_has_qos(wh) ? 1153 ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 1154 prsc = &k->k_rsc[tid]; 1155 1156 /* Extract the 48-bit PN from the CCMP header. */ 1157 pn = (uint64_t)ivp[0] | 1158 (uint64_t)ivp[1] << 8 | 1159 (uint64_t)ivp[4] << 16 | 1160 (uint64_t)ivp[5] << 24 | 1161 (uint64_t)ivp[6] << 32 | 1162 (uint64_t)ivp[7] << 40; 1163 if (pn <= *prsc) { 1164 /* 1165 * Not necessarily a replayed frame since we did not check 1166 * the sequence number of the 802.11 header yet. 1167 */ 1168 DPRINTF(("CCMP replayed\n")); 1169 return 1; 1170 } 1171 /* Update last seen packet number. */ 1172 *prsc = pn; 1173 1174 /* Clear Protected bit and strip IV. */ 1175 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1176 ovbcopy(wh, mtod(m, caddr_t) + IEEE80211_CCMP_HDRLEN, hdrlen); 1177 m_adj(m, IEEE80211_CCMP_HDRLEN); 1178 /* Strip MIC. */ 1179 m_adj(m, -IEEE80211_CCMP_MICLEN); 1180 return 0; 1181 } 1182 1183 void 1184 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1185 struct wpi_rx_data *data) 1186 { 1187 struct ieee80211com *ic = &sc->sc_ic; 1188 struct ifnet *ifp = &ic->ic_if; 1189 struct wpi_rx_ring *ring = &sc->rxq; 1190 struct wpi_rx_stat *stat; 1191 struct wpi_rx_head *head; 1192 struct wpi_rx_tail *tail; 1193 struct ieee80211_frame *wh; 1194 struct ieee80211_rxinfo rxi; 1195 struct ieee80211_node *ni; 1196 struct mbuf *m, *m1; 1197 uint32_t flags; 1198 int error; 1199 1200 bus_dmamap_sync(sc->sc_dmat, data->map, 0, WPI_RBUF_SIZE, 1201 BUS_DMASYNC_POSTREAD); 1202 stat = (struct wpi_rx_stat *)(desc + 1); 1203 1204 if (stat->len > WPI_STAT_MAXLEN) { 1205 printf("%s: invalid RX statistic header\n", 1206 sc->sc_dev.dv_xname); 1207 ifp->if_ierrors++; 1208 return; 1209 } 1210 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1211 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + letoh16(head->len)); 1212 flags = letoh32(tail->flags); 1213 1214 /* Discard frames with a bad FCS early. */ 1215 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1216 DPRINTFN(2, ("rx tail flags error %x\n", flags)); 1217 ifp->if_ierrors++; 1218 return; 1219 } 1220 /* Discard frames that are too short. */ 1221 if (letoh16(head->len) < sizeof (*wh)) { 1222 DPRINTF(("frame too short: %d\n", letoh16(head->len))); 1223 ic->ic_stats.is_rx_tooshort++; 1224 ifp->if_ierrors++; 1225 return; 1226 } 1227 1228 m1 = MCLGETI(NULL, M_DONTWAIT, NULL, WPI_RBUF_SIZE); 1229 if (m1 == NULL) { 1230 ic->ic_stats.is_rx_nombuf++; 1231 ifp->if_ierrors++; 1232 return; 1233 } 1234 bus_dmamap_unload(sc->sc_dmat, data->map); 1235 1236 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 1237 WPI_RBUF_SIZE, NULL, BUS_DMA_NOWAIT); 1238 if (error != 0) { 1239 m_freem(m1); 1240 1241 /* Try to reload the old mbuf. */ 1242 error = bus_dmamap_load(sc->sc_dmat, data->map, 1243 mtod(data->m, void *), WPI_RBUF_SIZE, NULL, 1244 BUS_DMA_NOWAIT); 1245 if (error != 0) { 1246 panic("%s: could not load old RX mbuf", 1247 sc->sc_dev.dv_xname); 1248 } 1249 /* Physical address may have changed. */ 1250 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1251 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1252 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1253 BUS_DMASYNC_PREWRITE); 1254 ifp->if_ierrors++; 1255 return; 1256 } 1257 1258 m = data->m; 1259 data->m = m1; 1260 /* Update RX descriptor. */ 1261 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr); 1262 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1263 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 1264 BUS_DMASYNC_PREWRITE); 1265 1266 /* Finalize mbuf. */ 1267 m->m_pkthdr.rcvif = ifp; 1268 m->m_data = (caddr_t)(head + 1); 1269 m->m_pkthdr.len = m->m_len = letoh16(head->len); 1270 1271 /* Grab a reference to the source node. */ 1272 wh = mtod(m, struct ieee80211_frame *); 1273 ni = ieee80211_find_rxnode(ic, wh); 1274 1275 rxi.rxi_flags = 0; 1276 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1277 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1278 (ni->ni_flags & IEEE80211_NODE_RXPROT) && 1279 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 1280 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) { 1281 ic->ic_stats.is_ccmp_dec_errs++; 1282 ifp->if_ierrors++; 1283 m_freem(m); 1284 return; 1285 } 1286 /* Check whether decryption was successful or not. */ 1287 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1288 DPRINTF(("CCMP decryption failed 0x%x\n", flags)); 1289 ic->ic_stats.is_ccmp_dec_errs++; 1290 ifp->if_ierrors++; 1291 m_freem(m); 1292 return; 1293 } 1294 if (wpi_ccmp_decap(sc, m, &ni->ni_pairwise_key) != 0) { 1295 ifp->if_ierrors++; 1296 m_freem(m); 1297 return; 1298 } 1299 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1300 } 1301 1302 #if NBPFILTER > 0 1303 if (sc->sc_drvbpf != NULL) { 1304 struct mbuf mb; 1305 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1306 1307 tap->wr_flags = 0; 1308 if (letoh16(head->flags) & 0x4) 1309 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1310 tap->wr_chan_freq = 1311 htole16(ic->ic_channels[head->chan].ic_freq); 1312 tap->wr_chan_flags = 1313 htole16(ic->ic_channels[head->chan].ic_flags); 1314 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1315 tap->wr_dbm_antnoise = (int8_t)letoh16(stat->noise); 1316 tap->wr_tsft = tail->tstamp; 1317 tap->wr_antenna = (letoh16(head->flags) >> 4) & 0xf; 1318 switch (head->rate) { 1319 /* CCK rates. */ 1320 case 10: tap->wr_rate = 2; break; 1321 case 20: tap->wr_rate = 4; break; 1322 case 55: tap->wr_rate = 11; break; 1323 case 110: tap->wr_rate = 22; break; 1324 /* OFDM rates. */ 1325 case 0xd: tap->wr_rate = 12; break; 1326 case 0xf: tap->wr_rate = 18; break; 1327 case 0x5: tap->wr_rate = 24; break; 1328 case 0x7: tap->wr_rate = 36; break; 1329 case 0x9: tap->wr_rate = 48; break; 1330 case 0xb: tap->wr_rate = 72; break; 1331 case 0x1: tap->wr_rate = 96; break; 1332 case 0x3: tap->wr_rate = 108; break; 1333 /* Unknown rate: should not happen. */ 1334 default: tap->wr_rate = 0; 1335 } 1336 1337 mb.m_data = (caddr_t)tap; 1338 mb.m_len = sc->sc_rxtap_len; 1339 mb.m_next = m; 1340 mb.m_nextpkt = NULL; 1341 mb.m_type = 0; 1342 mb.m_flags = 0; 1343 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1344 } 1345 #endif 1346 1347 /* Send the frame to the 802.11 layer. */ 1348 rxi.rxi_rssi = stat->rssi; 1349 rxi.rxi_tstamp = 0; /* unused */ 1350 ieee80211_input(ifp, m, ni, &rxi); 1351 1352 /* Node is no longer needed. */ 1353 ieee80211_release_node(ic, ni); 1354 } 1355 1356 void 1357 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1358 { 1359 struct ieee80211com *ic = &sc->sc_ic; 1360 struct ifnet *ifp = &ic->ic_if; 1361 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1362 struct wpi_tx_data *data = &ring->data[desc->idx]; 1363 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1364 struct wpi_node *wn = (struct wpi_node *)data->ni; 1365 1366 /* Update rate control statistics. */ 1367 wn->amn.amn_txcnt++; 1368 if (stat->retrycnt > 0) 1369 wn->amn.amn_retrycnt++; 1370 1371 if ((letoh32(stat->status) & 0xff) != 1) 1372 ifp->if_oerrors++; 1373 else 1374 ifp->if_opackets++; 1375 1376 /* Unmap and free mbuf. */ 1377 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1378 BUS_DMASYNC_POSTWRITE); 1379 bus_dmamap_unload(sc->sc_dmat, data->map); 1380 m_freem(data->m); 1381 data->m = NULL; 1382 ieee80211_release_node(ic, data->ni); 1383 data->ni = NULL; 1384 1385 sc->sc_tx_timer = 0; 1386 if (--ring->queued < WPI_TX_RING_LOMARK) { 1387 sc->qfullmsk &= ~(1 << ring->qid); 1388 if (sc->qfullmsk == 0 && (ifp->if_flags & IFF_OACTIVE)) { 1389 ifp->if_flags &= ~IFF_OACTIVE; 1390 (*ifp->if_start)(ifp); 1391 } 1392 } 1393 } 1394 1395 void 1396 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1397 { 1398 struct wpi_tx_ring *ring = &sc->txq[4]; 1399 struct wpi_tx_data *data; 1400 1401 if ((desc->qid & 7) != 4) 1402 return; /* Not a command ack. */ 1403 1404 data = &ring->data[desc->idx]; 1405 1406 /* If the command was mapped in an mbuf, free it. */ 1407 if (data->m != NULL) { 1408 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1409 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1410 bus_dmamap_unload(sc->sc_dmat, data->map); 1411 m_freem(data->m); 1412 data->m = NULL; 1413 } 1414 wakeup(&ring->cmd[desc->idx]); 1415 } 1416 1417 void 1418 wpi_notif_intr(struct wpi_softc *sc) 1419 { 1420 struct ieee80211com *ic = &sc->sc_ic; 1421 struct ifnet *ifp = &ic->ic_if; 1422 uint32_t hw; 1423 1424 bus_dmamap_sync(sc->sc_dmat, sc->shared_dma.map, 0, 1425 sizeof (struct wpi_shared), BUS_DMASYNC_POSTREAD); 1426 1427 hw = letoh32(sc->shared->next); 1428 while (sc->rxq.cur != hw) { 1429 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1430 struct wpi_rx_desc *desc; 1431 1432 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 1433 BUS_DMASYNC_POSTREAD); 1434 desc = mtod(data->m, struct wpi_rx_desc *); 1435 1436 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d " 1437 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1438 letoh32(desc->len))); 1439 1440 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1441 wpi_cmd_done(sc, desc); 1442 1443 switch (desc->type) { 1444 case WPI_RX_DONE: 1445 /* An 802.11 frame has been received. */ 1446 wpi_rx_done(sc, desc, data); 1447 break; 1448 1449 case WPI_TX_DONE: 1450 /* An 802.11 frame has been transmitted. */ 1451 wpi_tx_done(sc, desc); 1452 break; 1453 1454 case WPI_UC_READY: 1455 { 1456 struct wpi_ucode_info *uc = 1457 (struct wpi_ucode_info *)(desc + 1); 1458 1459 /* The microcontroller is ready. */ 1460 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1461 sizeof (*uc), BUS_DMASYNC_POSTREAD); 1462 DPRINTF(("microcode alive notification version %x " 1463 "alive %x\n", letoh32(uc->version), 1464 letoh32(uc->valid))); 1465 1466 if (letoh32(uc->valid) != 1) { 1467 printf("%s: microcontroller initialization " 1468 "failed\n", sc->sc_dev.dv_xname); 1469 } 1470 if (uc->subtype != WPI_UCODE_INIT) { 1471 /* Save the address of the error log. */ 1472 sc->errptr = letoh32(uc->errptr); 1473 } 1474 break; 1475 } 1476 case WPI_STATE_CHANGED: 1477 { 1478 uint32_t *status = (uint32_t *)(desc + 1); 1479 1480 /* Enabled/disabled notification. */ 1481 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1482 sizeof (*status), BUS_DMASYNC_POSTREAD); 1483 DPRINTF(("state changed to %x\n", letoh32(*status))); 1484 1485 if (letoh32(*status) & 1) { 1486 /* The radio button has to be pushed. */ 1487 printf("%s: Radio transmitter is off\n", 1488 sc->sc_dev.dv_xname); 1489 /* Turn the interface down. */ 1490 ifp->if_flags &= ~IFF_UP; 1491 wpi_stop(ifp, 1); 1492 return; /* No further processing. */ 1493 } 1494 break; 1495 } 1496 case WPI_START_SCAN: 1497 { 1498 struct wpi_start_scan *scan = 1499 (struct wpi_start_scan *)(desc + 1); 1500 1501 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1502 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1503 DPRINTFN(2, ("scanning channel %d status %x\n", 1504 scan->chan, letoh32(scan->status))); 1505 1506 /* Fix current channel. */ 1507 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1508 break; 1509 } 1510 case WPI_STOP_SCAN: 1511 { 1512 struct wpi_stop_scan *scan = 1513 (struct wpi_stop_scan *)(desc + 1); 1514 1515 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1516 sizeof (*scan), BUS_DMASYNC_POSTREAD); 1517 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1518 scan->nchan, scan->status, scan->chan)); 1519 1520 if (scan->status == 1 && scan->chan <= 14 && 1521 (sc->sc_flags & WPI_FLAG_HAS_5GHZ)) { 1522 /* 1523 * We just finished scanning 2GHz channels, 1524 * start scanning 5GHz ones. 1525 */ 1526 if (wpi_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 1527 break; 1528 } 1529 ieee80211_end_scan(ifp); 1530 break; 1531 } 1532 } 1533 1534 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1535 } 1536 1537 /* Tell the firmware what we have processed. */ 1538 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1539 WPI_WRITE(sc, WPI_FH_RX_WPTR, hw & ~7); 1540 } 1541 1542 /* 1543 * Dump the error log of the firmware when a firmware panic occurs. Although 1544 * we can't debug the firmware because it is neither open source nor free, it 1545 * can help us to identify certain classes of problems. 1546 */ 1547 void 1548 wpi_fatal_intr(struct wpi_softc *sc) 1549 { 1550 #define N(a) (sizeof (a) / sizeof ((a)[0])) 1551 struct wpi_fwdump dump; 1552 uint32_t i, offset, count; 1553 1554 /* Check that the error log address is valid. */ 1555 if (sc->errptr < WPI_FW_DATA_BASE || 1556 sc->errptr + sizeof (dump) > 1557 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 1558 printf("%s: bad firmware error log address 0x%08x\n", 1559 sc->sc_dev.dv_xname, sc->errptr); 1560 return; 1561 } 1562 1563 if (wpi_nic_lock(sc) != 0) { 1564 printf("%s: could not read firmware error log\n", 1565 sc->sc_dev.dv_xname); 1566 return; 1567 } 1568 /* Read number of entries in the log. */ 1569 count = wpi_mem_read(sc, sc->errptr); 1570 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 1571 printf("%s: invalid count field (count=%u)\n", 1572 sc->sc_dev.dv_xname, count); 1573 wpi_nic_unlock(sc); 1574 return; 1575 } 1576 /* Skip "count" field. */ 1577 offset = sc->errptr + sizeof (uint32_t); 1578 printf("firmware error log (count=%u):\n", count); 1579 for (i = 0; i < count; i++) { 1580 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 1581 sizeof (dump) / sizeof (uint32_t)); 1582 1583 printf(" error type = \"%s\" (0x%08X)\n", 1584 (dump.desc < N(wpi_fw_errmsg)) ? 1585 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 1586 dump.desc); 1587 printf(" error data = 0x%08X\n", 1588 dump.data); 1589 printf(" branch link = 0x%08X%08X\n", 1590 dump.blink[0], dump.blink[1]); 1591 printf(" interrupt link = 0x%08X%08X\n", 1592 dump.ilink[0], dump.ilink[1]); 1593 printf(" time = %u\n", dump.time); 1594 1595 offset += sizeof (dump); 1596 } 1597 wpi_nic_unlock(sc); 1598 /* Dump driver status (TX and RX rings) while we're here. */ 1599 printf("driver status:\n"); 1600 for (i = 0; i < 6; i++) { 1601 struct wpi_tx_ring *ring = &sc->txq[i]; 1602 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 1603 i, ring->qid, ring->cur, ring->queued); 1604 } 1605 printf(" rx ring: cur=%d\n", sc->rxq.cur); 1606 printf(" 802.11 state %d\n", sc->sc_ic.ic_state); 1607 #undef N 1608 } 1609 1610 int 1611 wpi_intr(void *arg) 1612 { 1613 struct wpi_softc *sc = arg; 1614 struct ifnet *ifp = &sc->sc_ic.ic_if; 1615 uint32_t r1, r2; 1616 1617 /* Disable interrupts. */ 1618 WPI_WRITE(sc, WPI_MASK, 0); 1619 1620 r1 = WPI_READ(sc, WPI_INT); 1621 r2 = WPI_READ(sc, WPI_FH_INT); 1622 1623 if (r1 == 0 && r2 == 0) { 1624 if (ifp->if_flags & IFF_UP) 1625 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1626 return 0; /* Interrupt not for us. */ 1627 } 1628 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 1629 return 0; /* Hardware gone! */ 1630 1631 /* Acknowledge interrupts. */ 1632 WPI_WRITE(sc, WPI_INT, r1); 1633 WPI_WRITE(sc, WPI_FH_INT, r2); 1634 1635 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 1636 printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); 1637 /* Dump firmware error log and stop. */ 1638 wpi_fatal_intr(sc); 1639 ifp->if_flags &= ~IFF_UP; 1640 wpi_stop(ifp, 1); 1641 return 1; 1642 } 1643 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 1644 (r2 & WPI_FH_INT_RX)) 1645 wpi_notif_intr(sc); 1646 1647 if (r1 & WPI_INT_ALIVE) 1648 wakeup(sc); /* Firmware is alive. */ 1649 1650 /* Re-enable interrupts. */ 1651 if (ifp->if_flags & IFF_UP) 1652 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 1653 1654 return 1; 1655 } 1656 1657 int 1658 wpi_tx(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1659 { 1660 struct ieee80211com *ic = &sc->sc_ic; 1661 struct wpi_node *wn = (void *)ni; 1662 struct wpi_tx_ring *ring; 1663 struct wpi_tx_desc *desc; 1664 struct wpi_tx_data *data; 1665 struct wpi_tx_cmd *cmd; 1666 struct wpi_cmd_data *tx; 1667 const struct wpi_rate *rinfo; 1668 struct ieee80211_frame *wh; 1669 struct ieee80211_key *k = NULL; 1670 struct mbuf *m1; 1671 enum ieee80211_edca_ac ac; 1672 uint32_t flags; 1673 uint16_t qos; 1674 u_int hdrlen; 1675 uint8_t *ivp, tid, ridx, type; 1676 int i, totlen, hasqos, error; 1677 1678 wh = mtod(m, struct ieee80211_frame *); 1679 hdrlen = ieee80211_get_hdrlen(wh); 1680 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1681 1682 /* Select EDCA Access Category and TX ring for this frame. */ 1683 if ((hasqos = ieee80211_has_qos(wh))) { 1684 qos = ieee80211_get_qos(wh); 1685 tid = qos & IEEE80211_QOS_TID; 1686 ac = ieee80211_up_to_ac(ic, tid); 1687 } else { 1688 tid = 0; 1689 ac = EDCA_AC_BE; 1690 } 1691 1692 ring = &sc->txq[ac]; 1693 desc = &ring->desc[ring->cur]; 1694 data = &ring->data[ring->cur]; 1695 1696 /* Choose a TX rate index. */ 1697 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1698 type != IEEE80211_FC0_TYPE_DATA) { 1699 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 1700 WPI_RIDX_OFDM6 : WPI_RIDX_CCK1; 1701 } else if (ic->ic_fixed_rate != -1) { 1702 ridx = sc->fixed_ridx; 1703 } else 1704 ridx = wn->ridx[ni->ni_txrate]; 1705 rinfo = &wpi_rates[ridx]; 1706 1707 #if NBPFILTER > 0 1708 if (sc->sc_drvbpf != NULL) { 1709 struct mbuf mb; 1710 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 1711 1712 tap->wt_flags = 0; 1713 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1714 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1715 tap->wt_rate = rinfo->rate; 1716 tap->wt_hwqueue = ac; 1717 if ((ic->ic_flags & IEEE80211_F_WEPON) && 1718 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 1719 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1720 1721 mb.m_data = (caddr_t)tap; 1722 mb.m_len = sc->sc_txtap_len; 1723 mb.m_next = m; 1724 mb.m_nextpkt = NULL; 1725 mb.m_type = 0; 1726 mb.m_flags = 0; 1727 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1728 } 1729 #endif 1730 1731 totlen = m->m_pkthdr.len; 1732 1733 /* Encrypt the frame if need be. */ 1734 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1735 /* Retrieve key for TX. */ 1736 k = ieee80211_get_txkey(ic, wh, ni); 1737 if (k->k_cipher != IEEE80211_CIPHER_CCMP) { 1738 /* Do software encryption. */ 1739 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1740 return ENOBUFS; 1741 /* 802.11 header may have moved. */ 1742 wh = mtod(m, struct ieee80211_frame *); 1743 totlen = m->m_pkthdr.len; 1744 1745 } else /* HW appends CCMP MIC. */ 1746 totlen += IEEE80211_CCMP_HDRLEN; 1747 } 1748 1749 /* Prepare TX firmware command. */ 1750 cmd = &ring->cmd[ring->cur]; 1751 cmd->code = WPI_CMD_TX_DATA; 1752 cmd->flags = 0; 1753 cmd->qid = ring->qid; 1754 cmd->idx = ring->cur; 1755 1756 tx = (struct wpi_cmd_data *)cmd->data; 1757 /* NB: No need to clear tx, all fields are reinitialized here. */ 1758 1759 flags = 0; 1760 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1761 /* Unicast frame, check if an ACK is expected. */ 1762 if (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 1763 IEEE80211_QOS_ACK_POLICY_NOACK) 1764 flags |= WPI_TX_NEED_ACK; 1765 } 1766 1767 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 1768 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1769 /* NB: Group frames are sent using CCK in 802.11b/g. */ 1770 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 1771 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1772 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1773 ridx <= WPI_RIDX_OFDM54) { 1774 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 1775 flags |= WPI_TX_NEED_CTS | WPI_TX_FULL_TXOP; 1776 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 1777 flags |= WPI_TX_NEED_RTS | WPI_TX_FULL_TXOP; 1778 } 1779 } 1780 1781 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 1782 type != IEEE80211_FC0_TYPE_DATA) 1783 tx->id = WPI_ID_BROADCAST; 1784 else 1785 tx->id = wn->id; 1786 1787 if (type == IEEE80211_FC0_TYPE_MGT) { 1788 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1789 1790 #ifndef IEEE80211_STA_ONLY 1791 /* Tell HW to set timestamp in probe responses. */ 1792 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1793 flags |= WPI_TX_INSERT_TSTAMP; 1794 #endif 1795 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 1796 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 1797 tx->timeout = htole16(3); 1798 else 1799 tx->timeout = htole16(2); 1800 } else 1801 tx->timeout = htole16(0); 1802 1803 tx->len = htole16(totlen); 1804 tx->tid = tid; 1805 tx->rts_ntries = 7; 1806 tx->data_ntries = 15; 1807 tx->ofdm_mask = 0xff; 1808 tx->cck_mask = 0x0f; 1809 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 1810 tx->plcp = rinfo->plcp; 1811 1812 /* Copy 802.11 header in TX command. */ 1813 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 1814 1815 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 1816 /* Trim 802.11 header and prepend CCMP IV. */ 1817 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 1818 ivp = mtod(m, uint8_t *); 1819 k->k_tsc++; 1820 ivp[0] = k->k_tsc; 1821 ivp[1] = k->k_tsc >> 8; 1822 ivp[2] = 0; 1823 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1824 ivp[4] = k->k_tsc >> 16; 1825 ivp[5] = k->k_tsc >> 24; 1826 ivp[6] = k->k_tsc >> 32; 1827 ivp[7] = k->k_tsc >> 40; 1828 1829 tx->security = WPI_CIPHER_CCMP; 1830 memcpy(tx->key, k->k_key, k->k_len); 1831 } else { 1832 /* Trim 802.11 header. */ 1833 m_adj(m, hdrlen); 1834 tx->security = 0; 1835 } 1836 tx->flags = htole32(flags); 1837 1838 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1839 BUS_DMA_NOWAIT); 1840 if (error != 0 && error != EFBIG) { 1841 printf("%s: can't map mbuf (error %d)\n", 1842 sc->sc_dev.dv_xname, error); 1843 m_freem(m); 1844 return error; 1845 } 1846 if (error != 0) { 1847 /* Too many DMA segments, linearize mbuf. */ 1848 MGETHDR(m1, M_DONTWAIT, MT_DATA); 1849 if (m1 == NULL) { 1850 m_freem(m); 1851 return ENOBUFS; 1852 } 1853 if (m->m_pkthdr.len > MHLEN) { 1854 MCLGET(m1, M_DONTWAIT); 1855 if (!(m1->m_flags & M_EXT)) { 1856 m_freem(m); 1857 m_freem(m1); 1858 return ENOBUFS; 1859 } 1860 } 1861 m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, caddr_t)); 1862 m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len; 1863 m_freem(m); 1864 m = m1; 1865 1866 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 1867 BUS_DMA_NOWAIT); 1868 if (error != 0) { 1869 printf("%s: can't map mbuf (error %d)\n", 1870 sc->sc_dev.dv_xname, error); 1871 m_freem(m); 1872 return error; 1873 } 1874 } 1875 1876 data->m = m; 1877 data->ni = ni; 1878 1879 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 1880 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 1881 1882 /* Fill TX descriptor. */ 1883 desc->flags = htole32(WPI_PAD32(m->m_pkthdr.len) << 28 | 1884 (1 + data->map->dm_nsegs) << 24); 1885 /* First DMA segment is used by the TX command. */ 1886 desc->segs[0].addr = htole32(ring->cmd_dma.paddr + 1887 ring->cur * sizeof (struct wpi_tx_cmd)); 1888 desc->segs[0].len = htole32(4 + sizeof (struct wpi_cmd_data) + 1889 ((hdrlen + 3) & ~3)); 1890 /* Other DMA segments are for data payload. */ 1891 for (i = 1; i <= data->map->dm_nsegs; i++) { 1892 desc->segs[i].addr = 1893 htole32(data->map->dm_segs[i - 1].ds_addr); 1894 desc->segs[i].len = 1895 htole32(data->map->dm_segs[i - 1].ds_len); 1896 } 1897 1898 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 1899 BUS_DMASYNC_PREWRITE); 1900 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 1901 (caddr_t)cmd - ring->cmd_dma.vaddr, sizeof (*cmd), 1902 BUS_DMASYNC_PREWRITE); 1903 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 1904 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 1905 BUS_DMASYNC_PREWRITE); 1906 1907 /* Kick TX ring. */ 1908 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 1909 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1910 1911 /* Mark TX ring as full if we reach a certain threshold. */ 1912 if (++ring->queued > WPI_TX_RING_HIMARK) 1913 sc->qfullmsk |= 1 << ring->qid; 1914 1915 return 0; 1916 } 1917 1918 void 1919 wpi_start(struct ifnet *ifp) 1920 { 1921 struct wpi_softc *sc = ifp->if_softc; 1922 struct ieee80211com *ic = &sc->sc_ic; 1923 struct ieee80211_node *ni; 1924 struct mbuf *m; 1925 1926 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1927 return; 1928 1929 for (;;) { 1930 if (sc->qfullmsk != 0) { 1931 ifp->if_flags |= IFF_OACTIVE; 1932 break; 1933 } 1934 /* Send pending management frames first. */ 1935 IF_DEQUEUE(&ic->ic_mgtq, m); 1936 if (m != NULL) { 1937 ni = (void *)m->m_pkthdr.rcvif; 1938 goto sendit; 1939 } 1940 if (ic->ic_state != IEEE80211_S_RUN) 1941 break; 1942 1943 /* Encapsulate and send data frames. */ 1944 IFQ_DEQUEUE(&ifp->if_snd, m); 1945 if (m == NULL) 1946 break; 1947 #if NBPFILTER > 0 1948 if (ifp->if_bpf != NULL) 1949 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1950 #endif 1951 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 1952 continue; 1953 sendit: 1954 #if NBPFILTER > 0 1955 if (ic->ic_rawbpf != NULL) 1956 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1957 #endif 1958 if (wpi_tx(sc, m, ni) != 0) { 1959 ieee80211_release_node(ic, ni); 1960 ifp->if_oerrors++; 1961 continue; 1962 } 1963 1964 sc->sc_tx_timer = 5; 1965 ifp->if_timer = 1; 1966 } 1967 } 1968 1969 void 1970 wpi_watchdog(struct ifnet *ifp) 1971 { 1972 struct wpi_softc *sc = ifp->if_softc; 1973 1974 ifp->if_timer = 0; 1975 1976 if (sc->sc_tx_timer > 0) { 1977 if (--sc->sc_tx_timer == 0) { 1978 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1979 ifp->if_flags &= ~IFF_UP; 1980 wpi_stop(ifp, 1); 1981 ifp->if_oerrors++; 1982 return; 1983 } 1984 ifp->if_timer = 1; 1985 } 1986 1987 ieee80211_watchdog(ifp); 1988 } 1989 1990 int 1991 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1992 { 1993 struct wpi_softc *sc = ifp->if_softc; 1994 struct ieee80211com *ic = &sc->sc_ic; 1995 struct ifaddr *ifa; 1996 struct ifreq *ifr; 1997 int s, error = 0; 1998 1999 s = splnet(); 2000 2001 switch (cmd) { 2002 case SIOCSIFADDR: 2003 ifa = (struct ifaddr *)data; 2004 ifp->if_flags |= IFF_UP; 2005 #ifdef INET 2006 if (ifa->ifa_addr->sa_family == AF_INET) 2007 arp_ifinit(&ic->ic_ac, ifa); 2008 #endif 2009 /* FALLTHROUGH */ 2010 case SIOCSIFFLAGS: 2011 if (ifp->if_flags & IFF_UP) { 2012 if (!(ifp->if_flags & IFF_RUNNING)) 2013 error = wpi_init(ifp); 2014 } else { 2015 if (ifp->if_flags & IFF_RUNNING) 2016 wpi_stop(ifp, 1); 2017 } 2018 break; 2019 2020 case SIOCADDMULTI: 2021 case SIOCDELMULTI: 2022 ifr = (struct ifreq *)data; 2023 error = (cmd == SIOCADDMULTI) ? 2024 ether_addmulti(ifr, &ic->ic_ac) : 2025 ether_delmulti(ifr, &ic->ic_ac); 2026 2027 if (error == ENETRESET) 2028 error = 0; 2029 break; 2030 2031 case SIOCS80211POWER: 2032 error = ieee80211_ioctl(ifp, cmd, data); 2033 if (error != ENETRESET) 2034 break; 2035 if (ic->ic_state == IEEE80211_S_RUN) { 2036 if (ic->ic_flags & IEEE80211_F_PMGTON) 2037 error = wpi_set_pslevel(sc, 0, 3, 0); 2038 else /* back to CAM */ 2039 error = wpi_set_pslevel(sc, 0, 0, 0); 2040 } else { 2041 /* Defer until transition to IEEE80211_S_RUN. */ 2042 error = 0; 2043 } 2044 break; 2045 2046 default: 2047 error = ieee80211_ioctl(ifp, cmd, data); 2048 } 2049 2050 if (error == ENETRESET) { 2051 error = 0; 2052 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2053 (IFF_UP | IFF_RUNNING)) { 2054 wpi_stop(ifp, 0); 2055 error = wpi_init(ifp); 2056 } 2057 } 2058 2059 splx(s); 2060 return error; 2061 } 2062 2063 /* 2064 * Send a command to the firmware. 2065 */ 2066 int 2067 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, int size, int async) 2068 { 2069 struct wpi_tx_ring *ring = &sc->txq[4]; 2070 struct wpi_tx_desc *desc; 2071 struct wpi_tx_data *data; 2072 struct wpi_tx_cmd *cmd; 2073 struct mbuf *m; 2074 bus_addr_t paddr; 2075 int totlen, error; 2076 2077 desc = &ring->desc[ring->cur]; 2078 data = &ring->data[ring->cur]; 2079 totlen = 4 + size; 2080 2081 if (size > sizeof cmd->data) { 2082 /* Command is too large to fit in a descriptor. */ 2083 if (totlen > MCLBYTES) 2084 return EINVAL; 2085 MGETHDR(m, M_DONTWAIT, MT_DATA); 2086 if (m == NULL) 2087 return ENOMEM; 2088 if (totlen > MHLEN) { 2089 MCLGET(m, M_DONTWAIT); 2090 if (!(m->m_flags & M_EXT)) { 2091 m_freem(m); 2092 return ENOMEM; 2093 } 2094 } 2095 cmd = mtod(m, struct wpi_tx_cmd *); 2096 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 2097 NULL, BUS_DMA_NOWAIT); 2098 if (error != 0) { 2099 m_freem(m); 2100 return error; 2101 } 2102 data->m = m; 2103 paddr = data->map->dm_segs[0].ds_addr; 2104 } else { 2105 cmd = &ring->cmd[ring->cur]; 2106 paddr = data->cmd_paddr; 2107 } 2108 2109 cmd->code = code; 2110 cmd->flags = 0; 2111 cmd->qid = ring->qid; 2112 cmd->idx = ring->cur; 2113 memcpy(cmd->data, buf, size); 2114 2115 desc->flags = htole32(WPI_PAD32(size) << 28 | 1 << 24); 2116 desc->segs[0].addr = htole32(paddr); 2117 desc->segs[0].len = htole32(totlen); 2118 2119 if (size > sizeof cmd->data) { 2120 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 2121 BUS_DMASYNC_PREWRITE); 2122 } else { 2123 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 2124 (caddr_t)cmd - ring->cmd_dma.vaddr, totlen, 2125 BUS_DMASYNC_PREWRITE); 2126 } 2127 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2128 (caddr_t)desc - ring->desc_dma.vaddr, sizeof (*desc), 2129 BUS_DMASYNC_PREWRITE); 2130 2131 /* Kick command ring. */ 2132 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2133 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2134 2135 return async ? 0 : tsleep(cmd, PCATCH, "wpicmd", hz); 2136 } 2137 2138 /* 2139 * Configure HW multi-rate retries. 2140 */ 2141 int 2142 wpi_mrr_setup(struct wpi_softc *sc) 2143 { 2144 struct ieee80211com *ic = &sc->sc_ic; 2145 struct wpi_mrr_setup mrr; 2146 int i, error; 2147 2148 /* CCK rates (not used with 802.11a). */ 2149 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2150 mrr.rates[i].flags = 0; 2151 mrr.rates[i].plcp = wpi_rates[i].plcp; 2152 /* Fallback to the immediate lower CCK rate (if any.) */ 2153 mrr.rates[i].next = 2154 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2155 /* Try one time at this rate before falling back to "next". */ 2156 mrr.rates[i].ntries = 1; 2157 } 2158 /* OFDM rates (not used with 802.11b). */ 2159 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2160 mrr.rates[i].flags = 0; 2161 mrr.rates[i].plcp = wpi_rates[i].plcp; 2162 /* Fallback to the immediate lower rate (if any.) */ 2163 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2164 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2165 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2166 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2167 i - 1; 2168 /* Try one time at this rate before falling back to "next". */ 2169 mrr.rates[i].ntries = 1; 2170 } 2171 /* Setup MRR for control frames. */ 2172 mrr.which = htole32(WPI_MRR_CTL); 2173 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2174 if (error != 0) { 2175 printf("%s: could not setup MRR for control frames\n", 2176 sc->sc_dev.dv_xname); 2177 return error; 2178 } 2179 /* Setup MRR for data frames. */ 2180 mrr.which = htole32(WPI_MRR_DATA); 2181 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2182 if (error != 0) { 2183 printf("%s: could not setup MRR for data frames\n", 2184 sc->sc_dev.dv_xname); 2185 return error; 2186 } 2187 return 0; 2188 } 2189 2190 void 2191 wpi_updateedca(struct ieee80211com *ic) 2192 { 2193 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 2194 struct wpi_softc *sc = ic->ic_softc; 2195 struct wpi_edca_params cmd; 2196 int aci; 2197 2198 memset(&cmd, 0, sizeof cmd); 2199 cmd.flags = htole32(WPI_EDCA_UPDATE); 2200 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 2201 const struct ieee80211_edca_ac_params *ac = 2202 &ic->ic_edca_ac[aci]; 2203 cmd.ac[aci].aifsn = ac->ac_aifsn; 2204 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->ac_ecwmin)); 2205 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->ac_ecwmax)); 2206 cmd.ac[aci].txoplimit = 2207 htole16(IEEE80211_TXOP_TO_US(ac->ac_txoplimit)); 2208 } 2209 (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 2210 #undef WPI_EXP2 2211 } 2212 2213 void 2214 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2215 { 2216 struct wpi_cmd_led led; 2217 2218 led.which = which; 2219 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2220 led.off = off; 2221 led.on = on; 2222 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 2223 } 2224 2225 int 2226 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 2227 { 2228 struct wpi_cmd_timing cmd; 2229 uint64_t val, mod; 2230 2231 memset(&cmd, 0, sizeof cmd); 2232 memcpy(&cmd.tstamp, ni->ni_tstamp, sizeof (uint64_t)); 2233 cmd.bintval = htole16(ni->ni_intval); 2234 cmd.lintval = htole16(10); 2235 2236 /* Compute remaining time until next beacon. */ 2237 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2238 mod = letoh64(cmd.tstamp) % val; 2239 cmd.binitval = htole32((uint32_t)(val - mod)); 2240 2241 DPRINTF(("timing bintval=%u, tstamp=%llu, init=%u\n", 2242 ni->ni_intval, letoh64(cmd.tstamp), (uint32_t)(val - mod))); 2243 2244 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 2245 } 2246 2247 /* 2248 * This function is called periodically (every minute) to adjust TX power 2249 * based on temperature variation. 2250 */ 2251 void 2252 wpi_power_calibration(struct wpi_softc *sc, int temp) 2253 { 2254 /* Sanity-check temperature. */ 2255 if (temp < -260 || temp > 25) { 2256 /* This can't be correct, ignore. */ 2257 DPRINTF(("out-of-range temperature reported: %d\n", temp)); 2258 return; 2259 } 2260 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2261 /* Adjust TX power if need be (delta > 6). */ 2262 if (abs(temp - sc->temp) > 6) { 2263 /* Record temperature of last calibration. */ 2264 sc->temp = temp; 2265 (void)wpi_set_txpower(sc, 1); 2266 } 2267 } 2268 2269 /* 2270 * Set TX power for current channel (each rate has its own power settings). 2271 */ 2272 int 2273 wpi_set_txpower(struct wpi_softc *sc, int async) 2274 { 2275 struct ieee80211com *ic = &sc->sc_ic; 2276 struct ieee80211_channel *ch; 2277 struct wpi_power_group *group; 2278 struct wpi_cmd_txpower cmd; 2279 u_int chan; 2280 int idx, i; 2281 2282 /* Retrieve current channel from last RXON. */ 2283 chan = sc->rxon.chan; 2284 DPRINTF(("setting TX power for channel %d\n", chan)); 2285 ch = &ic->ic_channels[chan]; 2286 2287 /* Find the TX power group to which this channel belongs. */ 2288 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2289 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 2290 if (chan <= group->chan) 2291 break; 2292 } else 2293 group = &sc->groups[0]; 2294 2295 memset(&cmd, 0, sizeof cmd); 2296 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2297 cmd.chan = htole16(chan); 2298 2299 /* Set TX power for all OFDM and CCK rates. */ 2300 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 2301 /* Retrieve TX power for this channel/rate. */ 2302 idx = wpi_get_power_index(sc, group, ch, i); 2303 2304 cmd.rates[i].plcp = wpi_rates[i].plcp; 2305 2306 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2307 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 2308 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 2309 } else { 2310 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 2311 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 2312 } 2313 DPRINTF(("chan %d/rate %d: power index %d\n", chan, 2314 wpi_rates[i].rate, idx)); 2315 } 2316 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 2317 } 2318 2319 /* 2320 * Determine TX power index for a given channel/rate combination. 2321 * This takes into account the regulatory information from EEPROM and the 2322 * current temperature. 2323 */ 2324 int 2325 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 2326 struct ieee80211_channel *c, int ridx) 2327 { 2328 /* Fixed-point arithmetic division using a n-bit fractional part. */ 2329 #define fdivround(a, b, n) \ 2330 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2331 2332 /* Linear interpolation. */ 2333 #define interpolate(x, x1, y1, x2, y2, n) \ 2334 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2335 2336 struct ieee80211com *ic = &sc->sc_ic; 2337 struct wpi_power_sample *sample; 2338 int pwr, idx; 2339 u_int chan; 2340 2341 /* Get channel number. */ 2342 chan = ieee80211_chan2ieee(ic, c); 2343 2344 /* Default TX power is group's maximum TX power minus 3dB. */ 2345 pwr = group->maxpwr / 2; 2346 2347 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 2348 switch (ridx) { 2349 case WPI_RIDX_OFDM36: 2350 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 2351 break; 2352 case WPI_RIDX_OFDM48: 2353 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 2354 break; 2355 case WPI_RIDX_OFDM54: 2356 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 2357 break; 2358 } 2359 2360 /* Never exceed the channel's maximum allowed TX power. */ 2361 pwr = MIN(pwr, sc->maxpwr[chan]); 2362 2363 /* Retrieve TX power index into gain tables from samples. */ 2364 for (sample = group->samples; sample < &group->samples[3]; sample++) 2365 if (pwr > sample[1].power) 2366 break; 2367 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 2368 idx = interpolate(pwr, sample[0].power, sample[0].index, 2369 sample[1].power, sample[1].index, 19); 2370 2371 /*- 2372 * Adjust power index based on current temperature: 2373 * - if cooler than factory-calibrated: decrease output power 2374 * - if warmer than factory-calibrated: increase output power 2375 */ 2376 idx -= (sc->temp - group->temp) * 11 / 100; 2377 2378 /* Decrease TX power for CCK rates (-5dB). */ 2379 if (ridx >= WPI_RIDX_CCK1) 2380 idx += 10; 2381 2382 /* Make sure idx stays in a valid range. */ 2383 if (idx < 0) 2384 idx = 0; 2385 else if (idx > WPI_MAX_PWR_INDEX) 2386 idx = WPI_MAX_PWR_INDEX; 2387 return idx; 2388 2389 #undef interpolate 2390 #undef fdivround 2391 } 2392 2393 /* 2394 * Set STA mode power saving level (between 0 and 5). 2395 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 2396 */ 2397 int 2398 wpi_set_pslevel(struct wpi_softc *sc, int dtim, int level, int async) 2399 { 2400 struct wpi_pmgt_cmd cmd; 2401 const struct wpi_pmgt *pmgt; 2402 uint32_t max, skip_dtim; 2403 pcireg_t reg; 2404 int i; 2405 2406 /* Select which PS parameters to use. */ 2407 if (dtim <= 10) 2408 pmgt = &wpi_pmgt[0][level]; 2409 else 2410 pmgt = &wpi_pmgt[1][level]; 2411 2412 memset(&cmd, 0, sizeof cmd); 2413 if (level != 0) /* not CAM */ 2414 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 2415 /* Retrieve PCIe Active State Power Management (ASPM). */ 2416 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 2417 sc->sc_cap_off + PCI_PCIE_LCSR); 2418 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 2419 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 2420 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 2421 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 2422 2423 if (dtim == 0) { 2424 dtim = 1; 2425 skip_dtim = 0; 2426 } else 2427 skip_dtim = pmgt->skip_dtim; 2428 if (skip_dtim != 0) { 2429 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 2430 max = pmgt->intval[4]; 2431 if (max == (uint32_t)-1) 2432 max = dtim * (skip_dtim + 1); 2433 else if (max > dtim) 2434 max = (max / dtim) * dtim; 2435 } else 2436 max = dtim; 2437 for (i = 0; i < 5; i++) 2438 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 2439 2440 DPRINTF(("setting power saving level to %d\n", level)); 2441 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 2442 } 2443 2444 int 2445 wpi_config(struct wpi_softc *sc) 2446 { 2447 struct ieee80211com *ic = &sc->sc_ic; 2448 struct ifnet *ifp = &ic->ic_if; 2449 struct wpi_bluetooth bluetooth; 2450 struct wpi_node_info node; 2451 int error; 2452 2453 /* Set power saving level to CAM during initialization. */ 2454 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 2455 printf("%s: could not set power saving level\n", 2456 sc->sc_dev.dv_xname); 2457 return error; 2458 } 2459 2460 /* Configure bluetooth coexistence. */ 2461 memset(&bluetooth, 0, sizeof bluetooth); 2462 bluetooth.flags = 3; 2463 bluetooth.lead = 0xaa; 2464 bluetooth.kill = 1; 2465 error = wpi_cmd(sc, WPI_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 2466 if (error != 0) { 2467 printf("%s: could not configure bluetooth coexistence\n", 2468 sc->sc_dev.dv_xname); 2469 return error; 2470 } 2471 2472 /* Configure adapter. */ 2473 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 2474 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2475 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 2476 /* Set default channel. */ 2477 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 2478 sc->rxon.flags = htole32(WPI_RXON_TSF); 2479 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 2480 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2481 switch (ic->ic_opmode) { 2482 case IEEE80211_M_STA: 2483 sc->rxon.mode = WPI_MODE_STA; 2484 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST); 2485 break; 2486 case IEEE80211_M_MONITOR: 2487 sc->rxon.mode = WPI_MODE_MONITOR; 2488 sc->rxon.filter = htole32(WPI_FILTER_MULTICAST | 2489 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2490 break; 2491 default: 2492 /* Should not get there. */ 2493 break; 2494 } 2495 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 2496 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 2497 DPRINTF(("setting configuration\n")); 2498 error = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->rxon, 2499 sizeof (struct wpi_rxon), 0); 2500 if (error != 0) { 2501 printf("%s: configure command failed\n", sc->sc_dev.dv_xname); 2502 return error; 2503 } 2504 2505 /* Configuration has changed, set TX power accordingly. */ 2506 if ((error = wpi_set_txpower(sc, 0)) != 0) { 2507 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2508 return error; 2509 } 2510 2511 /* Add broadcast node. */ 2512 memset(&node, 0, sizeof node); 2513 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2514 node.id = WPI_ID_BROADCAST; 2515 node.plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2516 node.action = htole32(WPI_ACTION_SET_RATE); 2517 node.antenna = WPI_ANTENNA_BOTH; 2518 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 0); 2519 if (error != 0) { 2520 printf("%s: could not add broadcast node\n", 2521 sc->sc_dev.dv_xname); 2522 return error; 2523 } 2524 2525 if ((error = wpi_mrr_setup(sc)) != 0) { 2526 printf("%s: could not setup MRR\n", sc->sc_dev.dv_xname); 2527 return error; 2528 } 2529 return 0; 2530 } 2531 2532 int 2533 wpi_scan(struct wpi_softc *sc, uint16_t flags) 2534 { 2535 struct ieee80211com *ic = &sc->sc_ic; 2536 struct wpi_scan_hdr *hdr; 2537 struct wpi_cmd_data *tx; 2538 struct wpi_scan_essid *essid; 2539 struct wpi_scan_chan *chan; 2540 struct ieee80211_frame *wh; 2541 struct ieee80211_rateset *rs; 2542 struct ieee80211_channel *c; 2543 uint8_t *buf, *frm; 2544 int buflen, error; 2545 2546 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 2547 if (buf == NULL) { 2548 printf("%s: could not allocate buffer for scan command\n", 2549 sc->sc_dev.dv_xname); 2550 return ENOMEM; 2551 } 2552 hdr = (struct wpi_scan_hdr *)buf; 2553 /* 2554 * Move to the next channel if no frames are received within 10ms 2555 * after sending the probe request. 2556 */ 2557 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 2558 hdr->quiet_threshold = htole16(1); /* min # of packets */ 2559 2560 tx = (struct wpi_cmd_data *)(hdr + 1); 2561 tx->flags = htole32(WPI_TX_AUTO_SEQ); 2562 tx->id = WPI_ID_BROADCAST; 2563 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2564 2565 if (flags & IEEE80211_CHAN_5GHZ) { 2566 hdr->crc_threshold = htole16(1); 2567 /* Send probe requests at 6Mbps. */ 2568 tx->plcp = wpi_rates[WPI_RIDX_OFDM6].plcp; 2569 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 2570 } else { 2571 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 2572 /* Send probe requests at 1Mbps. */ 2573 tx->plcp = wpi_rates[WPI_RIDX_CCK1].plcp; 2574 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 2575 } 2576 2577 essid = (struct wpi_scan_essid *)(tx + 1); 2578 if (ic->ic_des_esslen != 0) { 2579 essid[0].id = IEEE80211_ELEMID_SSID; 2580 essid[0].len = ic->ic_des_esslen; 2581 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 2582 } 2583 /* 2584 * Build a probe request frame. Most of the following code is a 2585 * copy & paste of what is done in net80211. 2586 */ 2587 wh = (struct ieee80211_frame *)(essid + 4); 2588 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2589 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2590 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2591 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2592 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2593 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2594 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 2595 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 2596 2597 frm = (uint8_t *)(wh + 1); 2598 frm = ieee80211_add_ssid(frm, NULL, 0); 2599 frm = ieee80211_add_rates(frm, rs); 2600 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2601 frm = ieee80211_add_xrates(frm, rs); 2602 2603 /* Set length of probe request. */ 2604 tx->len = htole16(frm - (uint8_t *)wh); 2605 2606 chan = (struct wpi_scan_chan *)frm; 2607 for (c = &ic->ic_channels[1]; 2608 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 2609 if ((c->ic_flags & flags) != flags) 2610 continue; 2611 2612 chan->chan = ieee80211_chan2ieee(ic, c); 2613 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 2614 chan->flags = 0; 2615 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 2616 chan->flags |= WPI_CHAN_ACTIVE; 2617 if (ic->ic_des_esslen != 0) 2618 chan->flags |= WPI_CHAN_NPBREQS(1); 2619 chan->dsp_gain = 0x6e; 2620 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2621 chan->rf_gain = 0x3b; 2622 chan->active = htole16(24); 2623 chan->passive = htole16(110); 2624 } else { 2625 chan->rf_gain = 0x28; 2626 chan->active = htole16(36); 2627 chan->passive = htole16(120); 2628 } 2629 hdr->nchan++; 2630 chan++; 2631 } 2632 2633 buflen = (uint8_t *)chan - buf; 2634 hdr->len = htole16(buflen); 2635 2636 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 2637 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 2638 free(buf, M_DEVBUF); 2639 return error; 2640 } 2641 2642 int 2643 wpi_auth(struct wpi_softc *sc) 2644 { 2645 struct ieee80211com *ic = &sc->sc_ic; 2646 struct ieee80211_node *ni = ic->ic_bss; 2647 struct wpi_node_info node; 2648 int error; 2649 2650 /* Update adapter's configuration. */ 2651 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 2652 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 2653 sc->rxon.flags = htole32(WPI_RXON_TSF); 2654 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 2655 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 2656 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2657 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2658 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2659 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2660 switch (ic->ic_curmode) { 2661 case IEEE80211_MODE_11A: 2662 sc->rxon.cck_mask = 0; 2663 sc->rxon.ofdm_mask = 0x15; 2664 break; 2665 case IEEE80211_MODE_11B: 2666 sc->rxon.cck_mask = 0x03; 2667 sc->rxon.ofdm_mask = 0; 2668 break; 2669 default: /* Assume 802.11b/g. */ 2670 sc->rxon.cck_mask = 0x0f; 2671 sc->rxon.ofdm_mask = 0x15; 2672 } 2673 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 2674 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 2675 error = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->rxon, 2676 sizeof (struct wpi_rxon), 1); 2677 if (error != 0) { 2678 printf("%s: could not configure\n", sc->sc_dev.dv_xname); 2679 return error; 2680 } 2681 2682 /* Configuration has changed, set TX power accordingly. */ 2683 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2684 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2685 return error; 2686 } 2687 /* 2688 * Reconfiguring RXON clears the firmware's nodes table so we must 2689 * add the broadcast node again. 2690 */ 2691 memset(&node, 0, sizeof node); 2692 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 2693 node.id = WPI_ID_BROADCAST; 2694 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2695 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2696 node.action = htole32(WPI_ACTION_SET_RATE); 2697 node.antenna = WPI_ANTENNA_BOTH; 2698 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2699 if (error != 0) { 2700 printf("%s: could not add broadcast node\n", 2701 sc->sc_dev.dv_xname); 2702 return error; 2703 } 2704 return 0; 2705 } 2706 2707 int 2708 wpi_run(struct wpi_softc *sc) 2709 { 2710 struct ieee80211com *ic = &sc->sc_ic; 2711 struct ieee80211_node *ni = ic->ic_bss; 2712 struct wpi_node_info node; 2713 int error; 2714 2715 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 2716 /* Link LED blinks while monitoring. */ 2717 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 2718 return 0; 2719 } 2720 if ((error = wpi_set_timing(sc, ni)) != 0) { 2721 printf("%s: could not set timing\n", sc->sc_dev.dv_xname); 2722 return error; 2723 } 2724 2725 /* Update adapter's configuration. */ 2726 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 2727 /* Short preamble and slot time are negotiated when associating. */ 2728 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 2729 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2730 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 2731 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2732 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 2733 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 2734 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 2735 error = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->rxon, 2736 sizeof (struct wpi_rxon), 1); 2737 if (error != 0) { 2738 printf("%s: could not update configuration\n", 2739 sc->sc_dev.dv_xname); 2740 return error; 2741 } 2742 2743 /* Configuration has changed, set TX power accordingly. */ 2744 if ((error = wpi_set_txpower(sc, 1)) != 0) { 2745 printf("%s: could not set TX power\n", sc->sc_dev.dv_xname); 2746 return error; 2747 } 2748 2749 /* Fake a join to init the TX rate. */ 2750 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 2751 wpi_newassoc(ic, ni, 1); 2752 2753 /* Add BSS node. */ 2754 memset(&node, 0, sizeof node); 2755 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_bssid); 2756 node.id = WPI_ID_BSS; 2757 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2758 wpi_rates[WPI_RIDX_OFDM6].plcp : wpi_rates[WPI_RIDX_CCK1].plcp; 2759 node.action = htole32(WPI_ACTION_SET_RATE); 2760 node.antenna = WPI_ANTENNA_BOTH; 2761 DPRINTF(("adding BSS node\n")); 2762 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2763 if (error != 0) { 2764 printf("%s: could not add BSS node\n", sc->sc_dev.dv_xname); 2765 return error; 2766 } 2767 2768 /* Start periodic calibration timer. */ 2769 sc->calib_cnt = 0; 2770 timeout_add(&sc->calib_to, hz / 2); 2771 2772 /* Link LED always on while associated. */ 2773 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 2774 2775 /* Enable power-saving mode if requested by user. */ 2776 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 2777 (void)wpi_set_pslevel(sc, 0, 3, 1); 2778 2779 return 0; 2780 } 2781 2782 /* 2783 * We support CCMP hardware encryption/decryption of unicast frames only. 2784 * HW support for TKIP really sucks. We should let TKIP die anyway. 2785 */ 2786 int 2787 wpi_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2788 struct ieee80211_key *k) 2789 { 2790 struct wpi_softc *sc = ic->ic_softc; 2791 struct wpi_node *wn = (void *)ni; 2792 struct wpi_node_info node; 2793 uint16_t kflags; 2794 2795 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2796 k->k_cipher != IEEE80211_CIPHER_CCMP) 2797 return ieee80211_set_key(ic, ni, k); 2798 2799 kflags = WPI_KFLAG_CCMP | WPI_KFLAG_KID(k->k_id); 2800 memset(&node, 0, sizeof node); 2801 node.id = wn->id; 2802 node.control = WPI_NODE_UPDATE; 2803 node.flags = WPI_FLAG_SET_KEY; 2804 node.kflags = htole16(kflags); 2805 memcpy(node.key, k->k_key, k->k_len); 2806 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 2807 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2808 } 2809 2810 void 2811 wpi_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 2812 struct ieee80211_key *k) 2813 { 2814 struct wpi_softc *sc = ic->ic_softc; 2815 struct wpi_node *wn = (void *)ni; 2816 struct wpi_node_info node; 2817 2818 if ((k->k_flags & IEEE80211_KEY_GROUP) || 2819 k->k_cipher != IEEE80211_CIPHER_CCMP) { 2820 /* See comment about other ciphers above. */ 2821 ieee80211_delete_key(ic, ni, k); 2822 return; 2823 } 2824 if (ic->ic_state != IEEE80211_S_RUN) 2825 return; /* Nothing to do. */ 2826 memset(&node, 0, sizeof node); 2827 node.id = wn->id; 2828 node.control = WPI_NODE_UPDATE; 2829 node.flags = WPI_FLAG_SET_KEY; 2830 node.kflags = 0; 2831 DPRINTF(("delete keys for node %d\n", node.id)); 2832 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2833 } 2834 2835 int 2836 wpi_post_alive(struct wpi_softc *sc) 2837 { 2838 int ntries, error; 2839 2840 /* Check (again) that the radio is not disabled. */ 2841 if ((error = wpi_nic_lock(sc)) != 0) 2842 return error; 2843 /* NB: Runtime firmware must be up and running. */ 2844 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 2845 printf("%s: radio is disabled by hardware switch\n", 2846 sc->sc_dev.dv_xname); 2847 wpi_nic_unlock(sc); 2848 return EPERM; /* :-) */ 2849 } 2850 wpi_nic_unlock(sc); 2851 2852 /* Wait for thermal sensor to calibrate. */ 2853 for (ntries = 0; ntries < 1000; ntries++) { 2854 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 2855 break; 2856 DELAY(10); 2857 } 2858 if (ntries == 1000) { 2859 printf("%s: timeout waiting for thermal sensor calibration\n", 2860 sc->sc_dev.dv_xname); 2861 return ETIMEDOUT; 2862 } 2863 DPRINTF(("temperature %d\n", sc->temp)); 2864 sc->sensor.value = sc->temp + 260; 2865 sc->sensor.flags &= ~SENSOR_FINVALID; 2866 return 0; 2867 } 2868 2869 /* 2870 * The firmware boot code is small and is intended to be copied directly into 2871 * the NIC internal memory (no DMA transfer.) 2872 */ 2873 int 2874 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 2875 { 2876 int error, ntries; 2877 2878 size /= sizeof (uint32_t); 2879 2880 if ((error = wpi_nic_lock(sc)) != 0) 2881 return error; 2882 2883 /* Copy microcode image into NIC memory. */ 2884 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 2885 (const uint32_t *)ucode, size); 2886 2887 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 2888 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 2889 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 2890 2891 /* Start boot load now. */ 2892 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 2893 2894 /* Wait for transfer to complete. */ 2895 for (ntries = 0; ntries < 1000; ntries++) { 2896 if (!(wpi_prph_read(sc, WPI_BSM_WR_CTRL) & 2897 WPI_BSM_WR_CTRL_START)) 2898 break; 2899 DELAY(10); 2900 } 2901 if (ntries == 1000) { 2902 printf("%s: could not load boot firmware\n", 2903 sc->sc_dev.dv_xname); 2904 wpi_nic_unlock(sc); 2905 return ETIMEDOUT; 2906 } 2907 2908 /* Enable boot after power up. */ 2909 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 2910 2911 wpi_nic_unlock(sc); 2912 return 0; 2913 } 2914 2915 int 2916 wpi_load_firmware(struct wpi_softc *sc) 2917 { 2918 struct wpi_fw_info *fw = &sc->fw; 2919 struct wpi_dma_info *dma = &sc->fw_dma; 2920 int error; 2921 2922 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 2923 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 2924 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 2925 BUS_DMASYNC_PREWRITE); 2926 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2927 fw->init.text, fw->init.textsz); 2928 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2929 fw->init.textsz, BUS_DMASYNC_PREWRITE); 2930 2931 /* Tell adapter where to find initialization sections. */ 2932 if ((error = wpi_nic_lock(sc)) != 0) 2933 return error; 2934 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2935 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 2936 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2937 dma->paddr + WPI_FW_DATA_MAXSZ); 2938 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 2939 wpi_nic_unlock(sc); 2940 2941 /* Load firmware boot code. */ 2942 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 2943 if (error != 0) { 2944 printf("%s: could not load boot firmware\n", 2945 sc->sc_dev.dv_xname); 2946 return error; 2947 } 2948 /* Now press "execute". */ 2949 WPI_WRITE(sc, WPI_RESET, 0); 2950 2951 /* Wait at most one second for first alive notification. */ 2952 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 2953 printf("%s: timeout waiting for adapter to initialize\n", 2954 sc->sc_dev.dv_xname); 2955 return error; 2956 } 2957 2958 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 2959 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 2960 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 2961 BUS_DMASYNC_PREWRITE); 2962 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, 2963 fw->main.text, fw->main.textsz); 2964 bus_dmamap_sync(sc->sc_dmat, dma->map, WPI_FW_DATA_MAXSZ, 2965 fw->main.textsz, BUS_DMASYNC_PREWRITE); 2966 2967 /* Tell adapter where to find runtime sections. */ 2968 if ((error = wpi_nic_lock(sc)) != 0) 2969 return error; 2970 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 2971 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 2972 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 2973 dma->paddr + WPI_FW_DATA_MAXSZ); 2974 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 2975 WPI_FW_UPDATED | fw->main.textsz); 2976 wpi_nic_unlock(sc); 2977 2978 return 0; 2979 } 2980 2981 int 2982 wpi_read_firmware(struct wpi_softc *sc) 2983 { 2984 struct wpi_fw_info *fw = &sc->fw; 2985 const struct wpi_firmware_hdr *hdr; 2986 size_t size; 2987 int error; 2988 2989 /* Read firmware image from filesystem. */ 2990 if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { 2991 printf("%s: error, %d, could not read firmware %s\n", 2992 sc->sc_dev.dv_xname, error, "wpi-3945abg"); 2993 return error; 2994 } 2995 if (size < sizeof (*hdr)) { 2996 printf("%s: truncated firmware header: %d bytes\n", 2997 sc->sc_dev.dv_xname, size); 2998 free(fw->data, M_DEVBUF); 2999 return EINVAL; 3000 } 3001 /* Extract firmware header information. */ 3002 hdr = (struct wpi_firmware_hdr *)fw->data; 3003 fw->main.textsz = letoh32(hdr->main_textsz); 3004 fw->main.datasz = letoh32(hdr->main_datasz); 3005 fw->init.textsz = letoh32(hdr->init_textsz); 3006 fw->init.datasz = letoh32(hdr->init_datasz); 3007 fw->boot.textsz = letoh32(hdr->boot_textsz); 3008 fw->boot.datasz = 0; 3009 3010 /* Sanity-check firmware header. */ 3011 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 3012 fw->main.datasz > WPI_FW_DATA_MAXSZ || 3013 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 3014 fw->init.datasz > WPI_FW_DATA_MAXSZ || 3015 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 3016 (fw->boot.textsz & 3) != 0) { 3017 printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); 3018 free(fw->data, M_DEVBUF); 3019 return EINVAL; 3020 } 3021 3022 /* Check that all firmware sections fit. */ 3023 if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 3024 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 3025 printf("%s: firmware file too short: %d bytes\n", 3026 sc->sc_dev.dv_xname, size); 3027 free(fw->data, M_DEVBUF); 3028 return EINVAL; 3029 } 3030 3031 /* Get pointers to firmware sections. */ 3032 fw->main.text = (const uint8_t *)(hdr + 1); 3033 fw->main.data = fw->main.text + fw->main.textsz; 3034 fw->init.text = fw->main.data + fw->main.datasz; 3035 fw->init.data = fw->init.text + fw->init.textsz; 3036 fw->boot.text = fw->init.data + fw->init.datasz; 3037 3038 return 0; 3039 } 3040 3041 int 3042 wpi_clock_wait(struct wpi_softc *sc) 3043 { 3044 int ntries; 3045 3046 /* Set "initialization complete" bit. */ 3047 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 3048 3049 /* Wait for clock stabilization. */ 3050 for (ntries = 0; ntries < 25000; ntries++) { 3051 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 3052 return 0; 3053 DELAY(100); 3054 } 3055 printf("%s: timeout waiting for clock stabilization\n", 3056 sc->sc_dev.dv_xname); 3057 return ETIMEDOUT; 3058 } 3059 3060 int 3061 wpi_apm_init(struct wpi_softc *sc) 3062 { 3063 int error; 3064 3065 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 3066 /* Disable L0s. */ 3067 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 3068 3069 if ((error = wpi_clock_wait(sc)) != 0) 3070 return error; 3071 3072 if ((error = wpi_nic_lock(sc)) != 0) 3073 return error; 3074 /* Enable DMA. */ 3075 wpi_prph_write(sc, WPI_APMG_CLK_ENA, 3076 WPI_APMG_CLK_DMA_CLK_RQT | WPI_APMG_CLK_BSM_CLK_RQT); 3077 DELAY(20); 3078 /* Disable L1. */ 3079 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 3080 wpi_nic_unlock(sc); 3081 3082 return 0; 3083 } 3084 3085 void 3086 wpi_apm_stop_master(struct wpi_softc *sc) 3087 { 3088 int ntries; 3089 3090 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 3091 3092 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 3093 WPI_GP_CNTRL_MAC_PS) 3094 return; /* Already asleep. */ 3095 3096 for (ntries = 0; ntries < 100; ntries++) { 3097 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 3098 return; 3099 DELAY(10); 3100 } 3101 printf("%s: timeout waiting for master\n", sc->sc_dev.dv_xname); 3102 } 3103 3104 void 3105 wpi_apm_stop(struct wpi_softc *sc) 3106 { 3107 wpi_apm_stop_master(sc); 3108 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 3109 } 3110 3111 void 3112 wpi_nic_config(struct wpi_softc *sc) 3113 { 3114 pcireg_t reg; 3115 uint8_t rev; 3116 3117 /* Voodoo from the reference driver. */ 3118 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3119 rev = PCI_REVISION(reg); 3120 if ((rev & 0xc0) == 0x40) 3121 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 3122 else if (!(rev & 0x80)) 3123 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 3124 3125 if (sc->cap == 0x80) 3126 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 3127 3128 if ((letoh16(sc->rev) & 0xf0) == 0xd0) 3129 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3130 else 3131 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 3132 3133 if (sc->type > 1) 3134 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 3135 } 3136 3137 int 3138 wpi_hw_init(struct wpi_softc *sc) 3139 { 3140 int chnl, ntries, error; 3141 3142 /* Clear pending interrupts. */ 3143 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3144 3145 if ((error = wpi_apm_init(sc)) != 0) { 3146 printf("%s: could not power ON adapter\n", 3147 sc->sc_dev.dv_xname); 3148 return error; 3149 } 3150 3151 /* Select VMAIN power source. */ 3152 if ((error = wpi_nic_lock(sc)) != 0) 3153 return error; 3154 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 3155 wpi_nic_unlock(sc); 3156 /* Spin until VMAIN gets selected. */ 3157 for (ntries = 0; ntries < 5000; ntries++) { 3158 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 3159 break; 3160 DELAY(10); 3161 } 3162 if (ntries == 5000) { 3163 printf("%s: timeout selecting power source\n", 3164 sc->sc_dev.dv_xname); 3165 return ETIMEDOUT; 3166 } 3167 3168 /* Perform adapter initialization. */ 3169 (void)wpi_nic_config(sc); 3170 3171 /* Initialize RX ring. */ 3172 if ((error = wpi_nic_lock(sc)) != 0) 3173 return error; 3174 /* Set physical address of RX ring. */ 3175 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 3176 /* Set physical address of RX read pointer. */ 3177 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 3178 offsetof(struct wpi_shared, next)); 3179 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 3180 /* Enable RX. */ 3181 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 3182 WPI_FH_RX_CONFIG_DMA_ENA | 3183 WPI_FH_RX_CONFIG_RDRBD_ENA | 3184 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 3185 WPI_FH_RX_CONFIG_MAXFRAG | 3186 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 3187 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 3188 WPI_FH_RX_CONFIG_IRQ_RBTH(1)); 3189 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 3190 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 3191 wpi_nic_unlock(sc); 3192 3193 /* Initialize TX rings. */ 3194 if ((error = wpi_nic_lock(sc)) != 0) 3195 return error; 3196 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 3197 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 3198 /* Enable all 6 TX rings. */ 3199 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 3200 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 3201 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 3202 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 3203 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 3204 /* Set physical address of TX rings. */ 3205 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 3206 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 3207 3208 /* Enable all DMA channels. */ 3209 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3210 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 3211 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 3212 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 3213 } 3214 wpi_nic_unlock(sc); 3215 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 3216 3217 /* Clear "radio off" and "commands blocked" bits. */ 3218 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3219 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 3220 3221 /* Clear pending interrupts. */ 3222 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3223 /* Enable interrupts. */ 3224 WPI_WRITE(sc, WPI_MASK, WPI_INT_MASK); 3225 3226 /* _Really_ make sure "radio off" bit is cleared! */ 3227 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3228 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 3229 3230 if ((error = wpi_load_firmware(sc)) != 0) { 3231 printf("%s: could not load firmware\n", sc->sc_dev.dv_xname); 3232 return error; 3233 } 3234 /* Wait at most one second for firmware alive notification. */ 3235 if ((error = tsleep(sc, PCATCH, "wpiinit", hz)) != 0) { 3236 printf("%s: timeout waiting for adapter to initialize\n", 3237 sc->sc_dev.dv_xname); 3238 return error; 3239 } 3240 /* Do post-firmware initialization. */ 3241 return wpi_post_alive(sc); 3242 } 3243 3244 void 3245 wpi_hw_stop(struct wpi_softc *sc) 3246 { 3247 int chnl, qid, ntries; 3248 uint32_t tmp; 3249 3250 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 3251 3252 /* Disable interrupts. */ 3253 WPI_WRITE(sc, WPI_MASK, 0); 3254 WPI_WRITE(sc, WPI_INT, 0xffffffff); 3255 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 3256 3257 /* Make sure we no longer hold the NIC lock. */ 3258 wpi_nic_unlock(sc); 3259 3260 if (wpi_nic_lock(sc) == 0) { 3261 /* Stop TX scheduler. */ 3262 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 3263 3264 /* Stop all DMA channels. */ 3265 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 3266 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 3267 for (ntries = 0; ntries < 100; ntries++) { 3268 tmp = WPI_READ(sc, WPI_FH_TX_STATUS); 3269 if ((tmp & WPI_FH_TX_STATUS_IDLE(chnl)) == 3270 WPI_FH_TX_STATUS_IDLE(chnl)) 3271 break; 3272 DELAY(10); 3273 } 3274 } 3275 wpi_nic_unlock(sc); 3276 } 3277 3278 /* Stop RX ring. */ 3279 wpi_reset_rx_ring(sc, &sc->rxq); 3280 3281 /* Reset all TX rings. */ 3282 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 3283 wpi_reset_tx_ring(sc, &sc->txq[qid]); 3284 3285 if (wpi_nic_lock(sc) == 0) { 3286 wpi_prph_write(sc, WPI_APMG_CLK_DIS, WPI_APMG_CLK_DMA_CLK_RQT); 3287 wpi_nic_unlock(sc); 3288 } 3289 DELAY(5); 3290 /* Power OFF adapter. */ 3291 wpi_apm_stop(sc); 3292 } 3293 3294 int 3295 wpi_init(struct ifnet *ifp) 3296 { 3297 struct wpi_softc *sc = ifp->if_softc; 3298 struct ieee80211com *ic = &sc->sc_ic; 3299 int error; 3300 3301 #ifdef notyet 3302 /* Check that the radio is not disabled by hardware switch. */ 3303 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 3304 printf("%s: radio is disabled by hardware switch\n", 3305 sc->sc_dev.dv_xname); 3306 error = EPERM; /* :-) */ 3307 goto fail; 3308 } 3309 #endif 3310 /* Read firmware images from the filesystem. */ 3311 if ((error = wpi_read_firmware(sc)) != 0) { 3312 printf("%s: could not read firmware\n", sc->sc_dev.dv_xname); 3313 goto fail; 3314 } 3315 3316 /* Initialize hardware and upload firmware. */ 3317 error = wpi_hw_init(sc); 3318 free(sc->fw.data, M_DEVBUF); 3319 if (error != 0) { 3320 printf("%s: could not initialize hardware\n", 3321 sc->sc_dev.dv_xname); 3322 goto fail; 3323 } 3324 3325 /* Configure adapter now that it is ready. */ 3326 if ((error = wpi_config(sc)) != 0) { 3327 printf("%s: could not configure device\n", 3328 sc->sc_dev.dv_xname); 3329 goto fail; 3330 } 3331 3332 ifp->if_flags &= ~IFF_OACTIVE; 3333 ifp->if_flags |= IFF_RUNNING; 3334 3335 if (ic->ic_opmode != IEEE80211_M_MONITOR) 3336 ieee80211_begin_scan(ifp); 3337 else 3338 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3339 3340 return 0; 3341 3342 fail: wpi_stop(ifp, 1); 3343 return error; 3344 } 3345 3346 void 3347 wpi_stop(struct ifnet *ifp, int disable) 3348 { 3349 struct wpi_softc *sc = ifp->if_softc; 3350 struct ieee80211com *ic = &sc->sc_ic; 3351 3352 ifp->if_timer = sc->sc_tx_timer = 0; 3353 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3354 3355 /* In case we were scanning, release the scan "lock". */ 3356 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 3357 3358 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3359 3360 /* Power OFF hardware. */ 3361 wpi_hw_stop(sc); 3362 3363 /* Temperature sensor is no longer valid. */ 3364 sc->sensor.value = 0; 3365 sc->sensor.flags |= SENSOR_FINVALID; 3366 } 3367