dev/pci/if_iwm.c

1.75.2.2  snj /*	$NetBSD: if_iwm.c,v 1.75.2.2 2017/07/25 19:43:03 snj Exp $	*/
1.75.2.2  snj /*	OpenBSD: if_iwm.c,v 1.148 2016/11/19 21:07:08 stsp Exp	*/
1.75.2.2  snj #define IEEE80211_NO_HT
1.75.2.2  snj /*
1.75.2.2  snj  * Copyright (c) 2014, 2016 genua gmbh <info (at) genua.de>
1.75.2.2  snj  *   Author: Stefan Sperling <stsp (at) openbsd.org>
1.75.2.2  snj  * Copyright (c) 2014 Fixup Software Ltd.
1.75.2.2  snj  *
1.75.2.2  snj  * Permission to use, copy, modify, and distribute this software for any
1.75.2.2  snj  * purpose with or without fee is hereby granted, provided that the above
1.75.2.2  snj  * copyright notice and this permission notice appear in all copies.
1.75.2.2  snj  *
1.75.2.2  snj  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
1.75.2.2  snj  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
1.75.2.2  snj  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
1.75.2.2  snj  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
1.75.2.2  snj  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
1.75.2.2  snj  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1.75.2.2  snj  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.75.2.2  snj  */
1.75.2.2  snj
1.75.2.2  snj /*-
1.75.2.2  snj  * Based on BSD-licensed source modules in the Linux iwlwifi driver,
1.75.2.2  snj  * which were used as the reference documentation for this implementation.
1.75.2.2  snj  *
1.75.2.2  snj  ***********************************************************************
1.75.2.2  snj  *
1.75.2.2  snj  * This file is provided under a dual BSD/GPLv2 license.  When using or
1.75.2.2  snj  * redistributing this file, you may do so under either license.
1.75.2.2  snj  *
1.75.2.2  snj  * GPL LICENSE SUMMARY
1.75.2.2  snj  *
1.75.2.2  snj  * Copyright(c) 2008 - 2014 Intel Corporation. All rights reserved.
1.75.2.2  snj  * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
1.75.2.2  snj  * Copyright(c) 2016        Intel Deutschland GmbH
1.75.2.2  snj  *
1.75.2.2  snj  * This program is free software; you can redistribute it and/or modify
1.75.2.2  snj  * it under the terms of version 2 of the GNU General Public License as
1.75.2.2  snj  * published by the Free Software Foundation.
1.75.2.2  snj  *
1.75.2.2  snj  * This program is distributed in the hope that it will be useful, but
1.75.2.2  snj  * WITHOUT ANY WARRANTY; without even the implied warranty of
1.75.2.2  snj  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
1.75.2.2  snj  * General Public License for more details.
1.75.2.2  snj  *
1.75.2.2  snj  * You should have received a copy of the GNU General Public License
1.75.2.2  snj  * along with this program; if not, write to the Free Software
1.75.2.2  snj  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
1.75.2.2  snj  * USA
1.75.2.2  snj  *
1.75.2.2  snj  * The full GNU General Public License is included in this distribution
1.75.2.2  snj  * in the file called COPYING.
1.75.2.2  snj  *
1.75.2.2  snj  * Contact Information:
1.75.2.2  snj  *  Intel Linux Wireless <linuxwifi (at) intel.com>
1.75.2.2  snj  * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
1.75.2.2  snj  *
1.75.2.2  snj  * BSD LICENSE
1.75.2.2  snj  *
1.75.2.2  snj  * Copyright(c) 2005 - 2014 Intel Corporation. All rights reserved.
1.75.2.2  snj  * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
1.75.2.2  snj  * Copyright(c) 2016        Intel Deutschland GmbH
1.75.2.2  snj  * All rights reserved.
1.75.2.2  snj  *
1.75.2.2  snj  * Redistribution and use in source and binary forms, with or without
1.75.2.2  snj  * modification, are permitted provided that the following conditions
1.75.2.2  snj  * are met:
1.75.2.2  snj  *
1.75.2.2  snj  *  * Redistributions of source code must retain the above copyright
1.75.2.2  snj  *    notice, this list of conditions and the following disclaimer.
1.75.2.2  snj  *  * Redistributions in binary form must reproduce the above copyright
1.75.2.2  snj  *    notice, this list of conditions and the following disclaimer in
1.75.2.2  snj  *    the documentation and/or other materials provided with the
1.75.2.2  snj  *    distribution.
1.75.2.2  snj  *  * Neither the name Intel Corporation nor the names of its
1.75.2.2  snj  *    contributors may be used to endorse or promote products derived
1.75.2.2  snj  *    from this software without specific prior written permission.
1.75.2.2  snj  *
1.75.2.2  snj  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.75.2.2  snj  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.75.2.2  snj  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
1.75.2.2  snj  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
1.75.2.2  snj  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.75.2.2  snj  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1.75.2.2  snj  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1.75.2.2  snj  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.75.2.2  snj  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.75.2.2  snj  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1.75.2.2  snj  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.75.2.2  snj  */
1.75.2.2  snj
1.75.2.2  snj /*-
1.75.2.2  snj  * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini (at) free.fr>
1.75.2.2  snj  *
1.75.2.2  snj  * Permission to use, copy, modify, and distribute this software for any
1.75.2.2  snj  * purpose with or without fee is hereby granted, provided that the above
1.75.2.2  snj  * copyright notice and this permission notice appear in all copies.
1.75.2.2  snj  *
1.75.2.2  snj  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
1.75.2.2  snj  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
1.75.2.2  snj  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
1.75.2.2  snj  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
1.75.2.2  snj  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
1.75.2.2  snj  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1.75.2.2  snj  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.75.2.2  snj  */
1.75.2.2  snj
1.75.2.2  snj #include <sys/cdefs.h>
1.75.2.2  snj __KERNEL_RCSID(0, "$NetBSD: if_iwm.c,v 1.75.2.2 2017/07/25 19:43:03 snj Exp $");
1.75.2.2  snj
1.75.2.2  snj #include <sys/param.h>
1.75.2.2  snj #include <sys/conf.h>
1.75.2.2  snj #include <sys/kernel.h>
1.75.2.2  snj #include <sys/kmem.h>
1.75.2.2  snj #include <sys/mbuf.h>
1.75.2.2  snj #include <sys/mutex.h>
1.75.2.2  snj #include <sys/proc.h>
1.75.2.2  snj #include <sys/socket.h>
1.75.2.2  snj #include <sys/sockio.h>
1.75.2.2  snj #include <sys/sysctl.h>
1.75.2.2  snj #include <sys/systm.h>
1.75.2.2  snj
1.75.2.2  snj #include <sys/cpu.h>
1.75.2.2  snj #include <sys/bus.h>
1.75.2.2  snj #include <sys/workqueue.h>
1.75.2.2  snj #include <machine/endian.h>
1.75.2.2  snj #include <sys/intr.h>
1.75.2.2  snj
1.75.2.2  snj #include <dev/pci/pcireg.h>
1.75.2.2  snj #include <dev/pci/pcivar.h>
1.75.2.2  snj #include <dev/pci/pcidevs.h>
1.75.2.2  snj #include <dev/firmload.h>
1.75.2.2  snj
1.75.2.2  snj #include <net/bpf.h>
1.75.2.2  snj #include <net/if.h>
1.75.2.2  snj #include <net/if_dl.h>
1.75.2.2  snj #include <net/if_media.h>
1.75.2.2  snj #include <net/if_ether.h>
1.75.2.2  snj
1.75.2.2  snj #include <netinet/in.h>
1.75.2.2  snj #include <netinet/ip.h>
1.75.2.2  snj
1.75.2.2  snj #include <net80211/ieee80211_var.h>
1.75.2.2  snj #include <net80211/ieee80211_amrr.h>
1.75.2.2  snj #include <net80211/ieee80211_radiotap.h>
1.75.2.2  snj
1.75.2.2  snj #define DEVNAME(_s)	device_xname((_s)->sc_dev)
1.75.2.2  snj #define IC2IFP(_ic_)	((_ic_)->ic_ifp)
1.75.2.2  snj
1.75.2.2  snj #define le16_to_cpup(_a_) (le16toh(*(const uint16_t *)(_a_)))
1.75.2.2  snj #define le32_to_cpup(_a_) (le32toh(*(const uint32_t *)(_a_)))
1.75.2.2  snj
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj #define DPRINTF(x)	do { if (iwm_debug > 0) printf x; } while (0)
1.75.2.2  snj #define DPRINTFN(n, x)	do { if (iwm_debug >= (n)) printf x; } while (0)
1.75.2.2  snj int iwm_debug = 0;
1.75.2.2  snj #else
1.75.2.2  snj #define DPRINTF(x)	do { ; } while (0)
1.75.2.2  snj #define DPRINTFN(n, x)	do { ; } while (0)
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj #include <dev/pci/if_iwmreg.h>
1.75.2.2  snj #include <dev/pci/if_iwmvar.h>
1.75.2.2  snj
1.75.2.2  snj static const uint8_t iwm_nvm_channels[] = {
1.75.2.2  snj 	/* 2.4 GHz */
1.75.2.2  snj 	1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
1.75.2.2  snj 	/* 5 GHz */
1.75.2.2  snj 	36, 40, 44, 48, 52, 56, 60, 64,
1.75.2.2  snj 	100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
1.75.2.2  snj 	149, 153, 157, 161, 165
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj static const uint8_t iwm_nvm_channels_8000[] = {
1.75.2.2  snj 	/* 2.4 GHz */
1.75.2.2  snj 	1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
1.75.2.2  snj 	/* 5 GHz */
1.75.2.2  snj 	36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92,
1.75.2.2  snj 	96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
1.75.2.2  snj 	149, 153, 157, 161, 165, 169, 173, 177, 181
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj #define IWM_NUM_2GHZ_CHANNELS	14
1.75.2.2  snj
1.75.2.2  snj static const struct iwm_rate {
1.75.2.2  snj 	uint8_t rate;
1.75.2.2  snj 	uint8_t plcp;
1.75.2.2  snj 	uint8_t ht_plcp;
1.75.2.2  snj } iwm_rates[] = {
1.75.2.2  snj 		/* Legacy */		/* HT */
1.75.2.2  snj 	{   2,	IWM_RATE_1M_PLCP,	IWM_RATE_HT_SISO_MCS_INV_PLCP  },
1.75.2.2  snj 	{   4,	IWM_RATE_2M_PLCP,	IWM_RATE_HT_SISO_MCS_INV_PLCP },
1.75.2.2  snj 	{  11,	IWM_RATE_5M_PLCP,	IWM_RATE_HT_SISO_MCS_INV_PLCP  },
1.75.2.2  snj 	{  22,	IWM_RATE_11M_PLCP,	IWM_RATE_HT_SISO_MCS_INV_PLCP },
1.75.2.2  snj 	{  12,	IWM_RATE_6M_PLCP,	IWM_RATE_HT_SISO_MCS_0_PLCP },
1.75.2.2  snj 	{  18,	IWM_RATE_9M_PLCP,	IWM_RATE_HT_SISO_MCS_INV_PLCP  },
1.75.2.2  snj 	{  24,	IWM_RATE_12M_PLCP,	IWM_RATE_HT_SISO_MCS_1_PLCP },
1.75.2.2  snj 	{  36,	IWM_RATE_18M_PLCP,	IWM_RATE_HT_SISO_MCS_2_PLCP },
1.75.2.2  snj 	{  48,	IWM_RATE_24M_PLCP,	IWM_RATE_HT_SISO_MCS_3_PLCP },
1.75.2.2  snj 	{  72,	IWM_RATE_36M_PLCP,	IWM_RATE_HT_SISO_MCS_4_PLCP },
1.75.2.2  snj 	{  96,	IWM_RATE_48M_PLCP,	IWM_RATE_HT_SISO_MCS_5_PLCP },
1.75.2.2  snj 	{ 108,	IWM_RATE_54M_PLCP,	IWM_RATE_HT_SISO_MCS_6_PLCP },
1.75.2.2  snj 	{ 128,	IWM_RATE_INVM_PLCP,	IWM_RATE_HT_SISO_MCS_7_PLCP },
1.75.2.2  snj };
1.75.2.2  snj #define IWM_RIDX_CCK	0
1.75.2.2  snj #define IWM_RIDX_OFDM	4
1.75.2.2  snj #define IWM_RIDX_MAX	(__arraycount(iwm_rates)-1)
1.75.2.2  snj #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
1.75.2.2  snj #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj /* Convert an MCS index into an iwm_rates[] index. */
1.75.2.2  snj static const int iwm_mcs2ridx[] = {
1.75.2.2  snj 	IWM_RATE_MCS_0_INDEX,
1.75.2.2  snj 	IWM_RATE_MCS_1_INDEX,
1.75.2.2  snj 	IWM_RATE_MCS_2_INDEX,
1.75.2.2  snj 	IWM_RATE_MCS_3_INDEX,
1.75.2.2  snj 	IWM_RATE_MCS_4_INDEX,
1.75.2.2  snj 	IWM_RATE_MCS_5_INDEX,
1.75.2.2  snj 	IWM_RATE_MCS_6_INDEX,
1.75.2.2  snj 	IWM_RATE_MCS_7_INDEX,
1.75.2.2  snj };
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj struct iwm_nvm_section {
1.75.2.2  snj 	uint16_t length;
1.75.2.2  snj 	uint8_t *data;
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj struct iwm_newstate_state {
1.75.2.2  snj 	struct work ns_wk;
1.75.2.2  snj 	enum ieee80211_state ns_nstate;
1.75.2.2  snj 	int ns_arg;
1.75.2.2  snj 	int ns_generation;
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj static int	iwm_store_cscheme(struct iwm_softc *, uint8_t *, size_t);
1.75.2.2  snj static int	iwm_firmware_store_section(struct iwm_softc *,
1.75.2.2  snj 		    enum iwm_ucode_type, uint8_t *, size_t);
1.75.2.2  snj static int	iwm_set_default_calib(struct iwm_softc *, const void *);
1.75.2.2  snj static int	iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type);
1.75.2.2  snj static uint32_t iwm_read_prph(struct iwm_softc *, uint32_t);
1.75.2.2  snj static void	iwm_write_prph(struct iwm_softc *, uint32_t, uint32_t);
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj static int	iwm_read_mem(struct iwm_softc *, uint32_t, void *, int);
1.75.2.2  snj #endif
1.75.2.2  snj static int	iwm_write_mem(struct iwm_softc *, uint32_t, const void *, int);
1.75.2.2  snj static int	iwm_write_mem32(struct iwm_softc *, uint32_t, uint32_t);
1.75.2.2  snj static int	iwm_poll_bit(struct iwm_softc *, int, uint32_t, uint32_t, int);
1.75.2.2  snj static int	iwm_nic_lock(struct iwm_softc *);
1.75.2.2  snj static void	iwm_nic_unlock(struct iwm_softc *);
1.75.2.2  snj static void	iwm_set_bits_mask_prph(struct iwm_softc *, uint32_t, uint32_t,
1.75.2.2  snj 		    uint32_t);
1.75.2.2  snj static void	iwm_set_bits_prph(struct iwm_softc *, uint32_t, uint32_t);
1.75.2.2  snj static void	iwm_clear_bits_prph(struct iwm_softc *, uint32_t, uint32_t);
1.75.2.2  snj static int	iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *,
1.75.2.2  snj 		    bus_size_t, bus_size_t);
1.75.2.2  snj static void	iwm_dma_contig_free(struct iwm_dma_info *);
1.75.2.2  snj static int	iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
1.75.2.2  snj static void	iwm_disable_rx_dma(struct iwm_softc *);
1.75.2.2  snj static void	iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
1.75.2.2  snj static void	iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
1.75.2.2  snj static int	iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
1.75.2.2  snj 		    int);
1.75.2.2  snj static void	iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
1.75.2.2  snj static void	iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
1.75.2.2  snj static void	iwm_enable_rfkill_int(struct iwm_softc *);
1.75.2.2  snj static int	iwm_check_rfkill(struct iwm_softc *);
1.75.2.2  snj static void	iwm_enable_interrupts(struct iwm_softc *);
1.75.2.2  snj static void	iwm_restore_interrupts(struct iwm_softc *);
1.75.2.2  snj static void	iwm_disable_interrupts(struct iwm_softc *);
1.75.2.2  snj static void	iwm_ict_reset(struct iwm_softc *);
1.75.2.2  snj static int	iwm_set_hw_ready(struct iwm_softc *);
1.75.2.2  snj static int	iwm_prepare_card_hw(struct iwm_softc *);
1.75.2.2  snj static void	iwm_apm_config(struct iwm_softc *);
1.75.2.2  snj static int	iwm_apm_init(struct iwm_softc *);
1.75.2.2  snj static void	iwm_apm_stop(struct iwm_softc *);
1.75.2.2  snj static int	iwm_allow_mcast(struct iwm_softc *);
1.75.2.2  snj static int	iwm_start_hw(struct iwm_softc *);
1.75.2.2  snj static void	iwm_stop_device(struct iwm_softc *);
1.75.2.2  snj static void	iwm_nic_config(struct iwm_softc *);
1.75.2.2  snj static int	iwm_nic_rx_init(struct iwm_softc *);
1.75.2.2  snj static int	iwm_nic_tx_init(struct iwm_softc *);
1.75.2.2  snj static int	iwm_nic_init(struct iwm_softc *);
1.75.2.2  snj static int	iwm_enable_txq(struct iwm_softc *, int, int, int);
1.75.2.2  snj static int	iwm_post_alive(struct iwm_softc *);
1.75.2.2  snj static struct iwm_phy_db_entry *
1.75.2.2  snj 		iwm_phy_db_get_section(struct iwm_softc *,
1.75.2.2  snj 		    enum iwm_phy_db_section_type, uint16_t);
1.75.2.2  snj static int	iwm_phy_db_set_section(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_calib_res_notif_phy_db *, uint16_t);
1.75.2.2  snj static int	iwm_is_valid_channel(uint16_t);
1.75.2.2  snj static uint8_t	iwm_ch_id_to_ch_index(uint16_t);
1.75.2.2  snj static uint16_t iwm_channel_id_to_papd(uint16_t);
1.75.2.2  snj static uint16_t iwm_channel_id_to_txp(struct iwm_softc *, uint16_t);
1.75.2.2  snj static int	iwm_phy_db_get_section_data(struct iwm_softc *, uint32_t,
1.75.2.2  snj 		    uint8_t **, uint16_t *, uint16_t);
1.75.2.2  snj static int	iwm_send_phy_db_cmd(struct iwm_softc *, uint16_t, uint16_t,
1.75.2.2  snj 		    void *);
1.75.2.2  snj static int	iwm_phy_db_send_all_channel_groups(struct iwm_softc *,
1.75.2.2  snj 		    enum iwm_phy_db_section_type, uint8_t);
1.75.2.2  snj static int	iwm_send_phy_db_data(struct iwm_softc *);
1.75.2.2  snj static void	iwm_te_v2_to_v1(const struct iwm_time_event_cmd_v2 *,
1.75.2.2  snj 		    struct iwm_time_event_cmd_v1 *);
1.75.2.2  snj static int	iwm_send_time_event_cmd(struct iwm_softc *,
1.75.2.2  snj 		    const struct iwm_time_event_cmd_v2 *);
1.75.2.2  snj static void	iwm_protect_session(struct iwm_softc *, struct iwm_node *,
1.75.2.2  snj 		    uint32_t, uint32_t);
1.75.2.2  snj static int	iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
1.75.2.2  snj 		    uint16_t, uint8_t *, uint16_t *);
1.75.2.2  snj static int	iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
1.75.2.2  snj 		    uint16_t *, size_t);
1.75.2.2  snj static void	iwm_init_channel_map(struct iwm_softc *, const uint16_t * const,
1.75.2.2  snj 		    const uint8_t *, size_t);
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj static void	iwm_setup_ht_rates(struct iwm_softc *);
1.75.2.2  snj static void	iwm_htprot_task(void *);
1.75.2.2  snj static void	iwm_update_htprot(struct ieee80211com *,
1.75.2.2  snj 		    struct ieee80211_node *);
1.75.2.2  snj static int	iwm_ampdu_rx_start(struct ieee80211com *,
1.75.2.2  snj 		    struct ieee80211_node *, uint8_t);
1.75.2.2  snj static void	iwm_ampdu_rx_stop(struct ieee80211com *,
1.75.2.2  snj 		    struct ieee80211_node *, uint8_t);
1.75.2.2  snj static void	iwm_sta_rx_agg(struct iwm_softc *, struct ieee80211_node *,
1.75.2.2  snj 		    uint8_t, uint16_t, int);
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj static int	iwm_ampdu_tx_start(struct ieee80211com *,
1.75.2.2  snj 		    struct ieee80211_node *, uint8_t);
1.75.2.2  snj static void	iwm_ampdu_tx_stop(struct ieee80211com *,
1.75.2.2  snj 		    struct ieee80211_node *, uint8_t);
1.75.2.2  snj #endif
1.75.2.2  snj static void	iwm_ba_task(void *);
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj static int	iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
1.75.2.2  snj 		    const uint16_t *, const uint16_t *, const uint16_t *,
1.75.2.2  snj 		    const uint16_t *, const uint16_t *);
1.75.2.2  snj static void	iwm_set_hw_address_8000(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_nvm_data *, const uint16_t *, const uint16_t *);
1.75.2.2  snj static int	iwm_parse_nvm_sections(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_nvm_section *);
1.75.2.2  snj static int	iwm_nvm_init(struct iwm_softc *);
1.75.2.2  snj static int	iwm_firmware_load_sect(struct iwm_softc *, uint32_t,
1.75.2.2  snj 		    const uint8_t *, uint32_t);
1.75.2.2  snj static int	iwm_firmware_load_chunk(struct iwm_softc *, uint32_t,
1.75.2.2  snj 		    const uint8_t *, uint32_t);
1.75.2.2  snj static int	iwm_load_cpu_sections_7000(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_fw_sects *, int , int *);
1.75.2.2  snj static int	iwm_load_firmware_7000(struct iwm_softc *, enum iwm_ucode_type);
1.75.2.2  snj static int	iwm_load_cpu_sections_8000(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_fw_sects *, int , int *);
1.75.2.2  snj static int	iwm_load_firmware_8000(struct iwm_softc *, enum iwm_ucode_type);
1.75.2.2  snj static int	iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type);
1.75.2.2  snj static int	iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type);
1.75.2.2  snj static int	iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
1.75.2.2  snj static int	iwm_send_phy_cfg_cmd(struct iwm_softc *);
1.75.2.2  snj static int	iwm_load_ucode_wait_alive(struct iwm_softc *,
1.75.2.2  snj 		    enum iwm_ucode_type);
1.75.2.2  snj static int	iwm_run_init_mvm_ucode(struct iwm_softc *, int);
1.75.2.2  snj static int	iwm_rx_addbuf(struct iwm_softc *, int, int);
1.75.2.2  snj static int	iwm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *);
1.75.2.2  snj static int	iwm_get_signal_strength(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_rx_phy_info *);
1.75.2.2  snj static void	iwm_rx_rx_phy_cmd(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_rx_packet *, struct iwm_rx_data *);
1.75.2.2  snj static int	iwm_get_noise(const struct iwm_statistics_rx_non_phy *);
1.75.2.2  snj static void	iwm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *,
1.75.2.2  snj 		    struct iwm_rx_data *);
1.75.2.2  snj static void	iwm_rx_tx_cmd_single(struct iwm_softc *, struct iwm_rx_packet *,		    struct iwm_node *);
1.75.2.2  snj static void	iwm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *,
1.75.2.2  snj 		    struct iwm_rx_data *);
1.75.2.2  snj static int	iwm_binding_cmd(struct iwm_softc *, struct iwm_node *,
1.75.2.2  snj 		    uint32_t);
1.75.2.2  snj #if 0
1.75.2.2  snj static int	iwm_binding_update(struct iwm_softc *, struct iwm_node *, int);
1.75.2.2  snj static int	iwm_binding_add_vif(struct iwm_softc *, struct iwm_node *);
1.75.2.2  snj #endif
1.75.2.2  snj static void	iwm_phy_ctxt_cmd_hdr(struct iwm_softc *, struct iwm_phy_ctxt *,
1.75.2.2  snj 		    struct iwm_phy_context_cmd *, uint32_t, uint32_t);
1.75.2.2  snj static void	iwm_phy_ctxt_cmd_data(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_phy_context_cmd *, struct ieee80211_channel *,
1.75.2.2  snj 		    uint8_t, uint8_t);
1.75.2.2  snj static int	iwm_phy_ctxt_cmd(struct iwm_softc *, struct iwm_phy_ctxt *,
1.75.2.2  snj 		    uint8_t, uint8_t, uint32_t, uint32_t);
1.75.2.2  snj static int	iwm_send_cmd(struct iwm_softc *, struct iwm_host_cmd *);
1.75.2.2  snj static int	iwm_send_cmd_pdu(struct iwm_softc *, uint32_t, uint32_t,
1.75.2.2  snj 		    uint16_t, const void *);
1.75.2.2  snj static int	iwm_send_cmd_status(struct iwm_softc *, struct iwm_host_cmd *,
1.75.2.2  snj 		    uint32_t *);
1.75.2.2  snj static int	iwm_send_cmd_pdu_status(struct iwm_softc *, uint32_t, uint16_t,
1.75.2.2  snj 		    const void *, uint32_t *);
1.75.2.2  snj static void	iwm_free_resp(struct iwm_softc *, struct iwm_host_cmd *);
1.75.2.2  snj static void	iwm_cmd_done(struct iwm_softc *, int qid, int idx);
1.75.2.2  snj #if 0
1.75.2.2  snj static void	iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
1.75.2.2  snj 		    uint16_t);
1.75.2.2  snj #endif
1.75.2.2  snj static const struct iwm_rate *
1.75.2.2  snj 		iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
1.75.2.2  snj 		    struct ieee80211_frame *, struct iwm_tx_cmd *);
1.75.2.2  snj static int	iwm_tx(struct iwm_softc *, struct mbuf *,
1.75.2.2  snj 		    struct ieee80211_node *, int);
1.75.2.2  snj static void	iwm_led_enable(struct iwm_softc *);
1.75.2.2  snj static void	iwm_led_disable(struct iwm_softc *);
1.75.2.2  snj static int	iwm_led_is_enabled(struct iwm_softc *);
1.75.2.2  snj static void	iwm_led_blink_timeout(void *);
1.75.2.2  snj static void	iwm_led_blink_start(struct iwm_softc *);
1.75.2.2  snj static void	iwm_led_blink_stop(struct iwm_softc *);
1.75.2.2  snj static int	iwm_beacon_filter_send_cmd(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_beacon_filter_cmd *);
1.75.2.2  snj static void	iwm_beacon_filter_set_cqm_params(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_node *, struct iwm_beacon_filter_cmd *);
1.75.2.2  snj static int	iwm_update_beacon_abort(struct iwm_softc *, struct iwm_node *,
1.75.2.2  snj 		    int);
1.75.2.2  snj static void	iwm_power_build_cmd(struct iwm_softc *, struct iwm_node *,
1.75.2.2  snj 		    struct iwm_mac_power_cmd *);
1.75.2.2  snj static int	iwm_power_mac_update_mode(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_node *);
1.75.2.2  snj static int	iwm_power_update_device(struct iwm_softc *);
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj static int	iwm_enable_beacon_filter(struct iwm_softc *, struct iwm_node *);
1.75.2.2  snj #endif
1.75.2.2  snj static int	iwm_disable_beacon_filter(struct iwm_softc *);
1.75.2.2  snj static int	iwm_add_sta_cmd(struct iwm_softc *, struct iwm_node *, int);
1.75.2.2  snj static int	iwm_add_aux_sta(struct iwm_softc *);
1.75.2.2  snj static uint16_t iwm_scan_rx_chain(struct iwm_softc *);
1.75.2.2  snj static uint32_t iwm_scan_rate_n_flags(struct iwm_softc *, int, int);
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj static uint16_t iwm_get_active_dwell(struct iwm_softc *, int, int);
1.75.2.2  snj static uint16_t iwm_get_passive_dwell(struct iwm_softc *, int);
1.75.2.2  snj #endif
1.75.2.2  snj static uint8_t	iwm_lmac_scan_fill_channels(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_scan_channel_cfg_lmac *, int);
1.75.2.2  snj static int	iwm_fill_probe_req(struct iwm_softc *,
1.75.2.2  snj 		    struct iwm_scan_probe_req *);
1.75.2.2  snj static int	iwm_lmac_scan(struct iwm_softc *);
1.75.2.2  snj static int	iwm_config_umac_scan(struct iwm_softc *);
1.75.2.2  snj static int	iwm_umac_scan(struct iwm_softc *);
1.75.2.2  snj static uint8_t	iwm_ridx2rate(struct ieee80211_rateset *, int);
1.75.2.2  snj static void	iwm_ack_rates(struct iwm_softc *, struct iwm_node *, int *,
1.75.2.2  snj 		    int *);
1.75.2.2  snj static void	iwm_mac_ctxt_cmd_common(struct iwm_softc *, struct iwm_node *,
1.75.2.2  snj 		    struct iwm_mac_ctx_cmd *, uint32_t, int);
1.75.2.2  snj static void	iwm_mac_ctxt_cmd_fill_sta(struct iwm_softc *, struct iwm_node *,
1.75.2.2  snj 		    struct iwm_mac_data_sta *, int);
1.75.2.2  snj static int	iwm_mac_ctxt_cmd(struct iwm_softc *, struct iwm_node *,
1.75.2.2  snj 		    uint32_t, int);
1.75.2.2  snj static int	iwm_update_quotas(struct iwm_softc *, struct iwm_node *);
1.75.2.2  snj static int	iwm_auth(struct iwm_softc *);
1.75.2.2  snj static int	iwm_assoc(struct iwm_softc *);
1.75.2.2  snj static void	iwm_calib_timeout(void *);
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj static void	iwm_setrates_task(void *);
1.75.2.2  snj static int	iwm_setrates(struct iwm_node *);
1.75.2.2  snj #endif
1.75.2.2  snj static int	iwm_media_change(struct ifnet *);
1.75.2.2  snj static int	iwm_do_newstate(struct ieee80211com *, enum ieee80211_state,
1.75.2.2  snj 		    int);
1.75.2.2  snj static void	iwm_newstate_cb(struct work *, void *);
1.75.2.2  snj static int	iwm_newstate(struct ieee80211com *, enum ieee80211_state, int);
1.75.2.2  snj static void	iwm_endscan(struct iwm_softc *);
1.75.2.2  snj static void	iwm_fill_sf_command(struct iwm_softc *, struct iwm_sf_cfg_cmd *,
1.75.2.2  snj 		    struct ieee80211_node *);
1.75.2.2  snj static int	iwm_sf_config(struct iwm_softc *, int);
1.75.2.2  snj static int	iwm_send_bt_init_conf(struct iwm_softc *);
1.75.2.2  snj static int	iwm_send_update_mcc_cmd(struct iwm_softc *, const char *);
1.75.2.2  snj static void	iwm_tt_tx_backoff(struct iwm_softc *, uint32_t);
1.75.2.2  snj static int	iwm_init_hw(struct iwm_softc *);
1.75.2.2  snj static int	iwm_init(struct ifnet *);
1.75.2.2  snj static void	iwm_start(struct ifnet *);
1.75.2.2  snj static void	iwm_stop(struct ifnet *, int);
1.75.2.2  snj static void	iwm_watchdog(struct ifnet *);
1.75.2.2  snj static int	iwm_ioctl(struct ifnet *, u_long, void *);
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj static const char *iwm_desc_lookup(uint32_t);
1.75.2.2  snj static void	iwm_nic_error(struct iwm_softc *);
1.75.2.2  snj static void	iwm_nic_umac_error(struct iwm_softc *);
1.75.2.2  snj #endif
1.75.2.2  snj static void	iwm_notif_intr(struct iwm_softc *);
1.75.2.2  snj static int	iwm_intr(void *);
1.75.2.2  snj static void	iwm_softintr(void *);
1.75.2.2  snj static int	iwm_preinit(struct iwm_softc *);
1.75.2.2  snj static void	iwm_attach_hook(device_t);
1.75.2.2  snj static void	iwm_attach(device_t, device_t, void *);
1.75.2.2  snj #if 0
1.75.2.2  snj static void	iwm_init_task(void *);
1.75.2.2  snj static int	iwm_activate(device_t, enum devact);
1.75.2.2  snj static void	iwm_wakeup(struct iwm_softc *);
1.75.2.2  snj #endif
1.75.2.2  snj static void	iwm_radiotap_attach(struct iwm_softc *);
1.75.2.2  snj static int	iwm_sysctl_fw_loaded_handler(SYSCTLFN_PROTO);
1.75.2.2  snj
1.75.2.2  snj /* XXX needed by iwn_scan */
1.75.2.2  snj static u_int8_t	*ieee80211_add_ssid(u_int8_t *, const u_int8_t *, u_int);
1.75.2.2  snj static u_int8_t	*ieee80211_add_rates(u_int8_t *,
1.75.2.2  snj 		    const struct ieee80211_rateset *);
1.75.2.2  snj static u_int8_t	*ieee80211_add_xrates(u_int8_t *,
1.75.2.2  snj 		    const struct ieee80211_rateset *);
1.75.2.2  snj
1.75.2.2  snj static int iwm_sysctl_root_num;
1.75.2.2  snj static int iwm_lar_disable;
1.75.2.2  snj
1.75.2.2  snj #ifndef	IWM_DEFAULT_MCC
1.75.2.2  snj #define	IWM_DEFAULT_MCC	"ZZ"
1.75.2.2  snj #endif
1.75.2.2  snj static char iwm_default_mcc[3] = IWM_DEFAULT_MCC;
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_firmload(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_fw_info *fw = &sc->sc_fw;
1.75.2.2  snj 	firmware_handle_t fwh;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	if (ISSET(sc->sc_flags, IWM_FLAG_FW_LOADED))
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	/* Open firmware image. */
1.75.2.2  snj 	err = firmware_open("if_iwm", sc->sc_fwname, &fwh);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not get firmware handle %s\n", sc->sc_fwname);
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (fw->fw_rawdata != NULL && fw->fw_rawsize > 0) {
1.75.2.2  snj 		kmem_free(fw->fw_rawdata, fw->fw_rawsize);
1.75.2.2  snj 		fw->fw_rawdata = NULL;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	fw->fw_rawsize = firmware_get_size(fwh);
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Well, this is how the Linux driver checks it ....
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (fw->fw_rawsize < sizeof(uint32_t)) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "firmware too short: %zd bytes\n", fw->fw_rawsize);
1.75.2.2  snj 		err = EINVAL;
1.75.2.2  snj 		goto out;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Read the firmware. */
1.75.2.2  snj 	fw->fw_rawdata = kmem_alloc(fw->fw_rawsize, KM_SLEEP);
1.75.2.2  snj 	if (fw->fw_rawdata == NULL) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "not enough memory to stock firmware %s\n", sc->sc_fwname);
1.75.2.2  snj 		err = ENOMEM;
1.75.2.2  snj 		goto out;
1.75.2.2  snj 	}
1.75.2.2  snj 	err = firmware_read(fwh, 0, fw->fw_rawdata, fw->fw_rawsize);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not read firmware %s\n", sc->sc_fwname);
1.75.2.2  snj 		goto out;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	SET(sc->sc_flags, IWM_FLAG_FW_LOADED);
1.75.2.2  snj  out:
1.75.2.2  snj 	/* caller will release memory, if necessary */
1.75.2.2  snj
1.75.2.2  snj 	firmware_close(fwh);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * XXX code from OpenBSD src/sys/net80211/ieee80211_output.c
1.75.2.2  snj  * Copyright (c) 2001 Atsushi Onoe
1.75.2.2  snj  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
1.75.2.2  snj  * Copyright (c) 2007-2009 Damien Bergamini
1.75.2.2  snj  * All rights reserved.
1.75.2.2  snj  */
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Add an SSID element to a frame (see 7.3.2.1).
1.75.2.2  snj  */
1.75.2.2  snj static u_int8_t *
1.75.2.2  snj ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len)
1.75.2.2  snj {
1.75.2.2  snj 	*frm++ = IEEE80211_ELEMID_SSID;
1.75.2.2  snj 	*frm++ = len;
1.75.2.2  snj 	memcpy(frm, ssid, len);
1.75.2.2  snj 	return frm + len;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Add a supported rates element to a frame (see 7.3.2.2).
1.75.2.2  snj  */
1.75.2.2  snj static u_int8_t *
1.75.2.2  snj ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs)
1.75.2.2  snj {
1.75.2.2  snj 	int nrates;
1.75.2.2  snj
1.75.2.2  snj 	*frm++ = IEEE80211_ELEMID_RATES;
1.75.2.2  snj 	nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE);
1.75.2.2  snj 	*frm++ = nrates;
1.75.2.2  snj 	memcpy(frm, rs->rs_rates, nrates);
1.75.2.2  snj 	return frm + nrates;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Add an extended supported rates element to a frame (see 7.3.2.14).
1.75.2.2  snj  */
1.75.2.2  snj static u_int8_t *
1.75.2.2  snj ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs)
1.75.2.2  snj {
1.75.2.2  snj 	int nrates;
1.75.2.2  snj
1.75.2.2  snj 	KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE);
1.75.2.2  snj
1.75.2.2  snj 	*frm++ = IEEE80211_ELEMID_XRATES;
1.75.2.2  snj 	nrates = rs->rs_nrates - IEEE80211_RATE_SIZE;
1.75.2.2  snj 	*frm++ = nrates;
1.75.2.2  snj 	memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates);
1.75.2.2  snj 	return frm + nrates;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * just maintaining status quo.
1.75.2.2  snj  */
1.75.2.2  snj static void
1.75.2.2  snj iwm_fix_channel(struct iwm_softc *sc, struct mbuf *m)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_frame *wh;
1.75.2.2  snj 	uint8_t subtype;
1.75.2.2  snj
1.75.2.2  snj 	wh = mtod(m, struct ieee80211_frame *);
1.75.2.2  snj
1.75.2.2  snj 	if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT)
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
1.75.2.2  snj
1.75.2.2  snj 	if (subtype != IEEE80211_FC0_SUBTYPE_BEACON &&
1.75.2.2  snj 	    subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP)
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	int chan = le32toh(sc->sc_last_phy_info.channel);
1.75.2.2  snj 	if (chan < __arraycount(ic->ic_channels))
1.75.2.2  snj 		ic->ic_curchan = &ic->ic_channels[chan];
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_store_cscheme(struct iwm_softc *sc, uint8_t *data, size_t dlen)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_fw_cscheme_list *l = (struct iwm_fw_cscheme_list *)data;
1.75.2.2  snj
1.75.2.2  snj 	if (dlen < sizeof(*l) ||
1.75.2.2  snj 	    dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj
1.75.2.2  snj 	/* we don't actually store anything for now, always use s/w crypto */
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_firmware_store_section(struct iwm_softc *sc, enum iwm_ucode_type type,
1.75.2.2  snj     uint8_t *data, size_t dlen)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_fw_sects *fws;
1.75.2.2  snj 	struct iwm_fw_onesect *fwone;
1.75.2.2  snj
1.75.2.2  snj 	if (type >= IWM_UCODE_TYPE_MAX)
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj 	if (dlen < sizeof(uint32_t))
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj
1.75.2.2  snj 	fws = &sc->sc_fw.fw_sects[type];
1.75.2.2  snj 	if (fws->fw_count >= IWM_UCODE_SECT_MAX)
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj
1.75.2.2  snj 	fwone = &fws->fw_sect[fws->fw_count];
1.75.2.2  snj
1.75.2.2  snj 	/* first 32bit are device load offset */
1.75.2.2  snj 	memcpy(&fwone->fws_devoff, data, sizeof(uint32_t));
1.75.2.2  snj
1.75.2.2  snj 	/* rest is data */
1.75.2.2  snj 	fwone->fws_data = data + sizeof(uint32_t);
1.75.2.2  snj 	fwone->fws_len = dlen - sizeof(uint32_t);
1.75.2.2  snj
1.75.2.2  snj 	/* for freeing the buffer during driver unload */
1.75.2.2  snj 	fwone->fws_alloc = data;
1.75.2.2  snj 	fwone->fws_allocsize = dlen;
1.75.2.2  snj
1.75.2.2  snj 	fws->fw_count++;
1.75.2.2  snj 	fws->fw_totlen += fwone->fws_len;
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj struct iwm_tlv_calib_data {
1.75.2.2  snj 	uint32_t ucode_type;
1.75.2.2  snj 	struct iwm_tlv_calib_ctrl calib;
1.75.2.2  snj } __packed;
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_set_default_calib(struct iwm_softc *sc, const void *data)
1.75.2.2  snj {
1.75.2.2  snj 	const struct iwm_tlv_calib_data *def_calib = data;
1.75.2.2  snj 	uint32_t ucode_type = le32toh(def_calib->ucode_type);
1.75.2.2  snj
1.75.2.2  snj 	if (ucode_type >= IWM_UCODE_TYPE_MAX) {
1.75.2.2  snj 		DPRINTF(("%s: Wrong ucode_type %u for default calibration.\n",
1.75.2.2  snj 		    DEVNAME(sc), ucode_type));
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_default_calib[ucode_type].flow_trigger =
1.75.2.2  snj 	    def_calib->calib.flow_trigger;
1.75.2.2  snj 	sc->sc_default_calib[ucode_type].event_trigger =
1.75.2.2  snj 	    def_calib->calib.event_trigger;
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_fw_info *fw = &sc->sc_fw;
1.75.2.2  snj 	struct iwm_tlv_ucode_header *uhdr;
1.75.2.2  snj 	struct iwm_ucode_tlv tlv;
1.75.2.2  snj 	enum iwm_ucode_tlv_type tlv_type;
1.75.2.2  snj 	uint8_t *data;
1.75.2.2  snj 	int err, status;
1.75.2.2  snj 	size_t len;
1.75.2.2  snj
1.75.2.2  snj 	if (ucode_type != IWM_UCODE_TYPE_INIT &&
1.75.2.2  snj 	    fw->fw_status == IWM_FW_STATUS_DONE)
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	if (fw->fw_status == IWM_FW_STATUS_NONE) {
1.75.2.2  snj 		fw->fw_status = IWM_FW_STATUS_INPROGRESS;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		while (fw->fw_status == IWM_FW_STATUS_INPROGRESS)
1.75.2.2  snj 			tsleep(&sc->sc_fw, 0, "iwmfwp", 0);
1.75.2.2  snj 	}
1.75.2.2  snj 	status = fw->fw_status;
1.75.2.2  snj
1.75.2.2  snj 	if (status == IWM_FW_STATUS_DONE)
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_firmload(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not read firmware %s (error %d)\n",
1.75.2.2  snj 		    sc->sc_fwname, err);
1.75.2.2  snj 		goto out;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_capaflags = 0;
1.75.2.2  snj 	sc->sc_capa_n_scan_channels = IWM_MAX_NUM_SCAN_CHANNELS;
1.75.2.2  snj 	memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa));
1.75.2.2  snj 	memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc));
1.75.2.2  snj
1.75.2.2  snj 	uhdr = (void *)fw->fw_rawdata;
1.75.2.2  snj 	if (*(uint32_t *)fw->fw_rawdata != 0
1.75.2.2  snj 	    || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "invalid firmware %s\n",
1.75.2.2  snj 		    sc->sc_fwname);
1.75.2.2  snj 		err = EINVAL;
1.75.2.2  snj 		goto out;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)",
1.75.2.2  snj 	    IWM_UCODE_MAJOR(le32toh(uhdr->ver)),
1.75.2.2  snj 	    IWM_UCODE_MINOR(le32toh(uhdr->ver)),
1.75.2.2  snj 	    IWM_UCODE_API(le32toh(uhdr->ver)));
1.75.2.2  snj 	data = uhdr->data;
1.75.2.2  snj 	len = fw->fw_rawsize - sizeof(*uhdr);
1.75.2.2  snj
1.75.2.2  snj 	while (len >= sizeof(tlv)) {
1.75.2.2  snj 		size_t tlv_len;
1.75.2.2  snj 		void *tlv_data;
1.75.2.2  snj
1.75.2.2  snj 		memcpy(&tlv, data, sizeof(tlv));
1.75.2.2  snj 		tlv_len = le32toh(tlv.length);
1.75.2.2  snj 		tlv_type = le32toh(tlv.type);
1.75.2.2  snj
1.75.2.2  snj 		len -= sizeof(tlv);
1.75.2.2  snj 		data += sizeof(tlv);
1.75.2.2  snj 		tlv_data = data;
1.75.2.2  snj
1.75.2.2  snj 		if (len < tlv_len) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "firmware too short: %zu bytes\n", len);
1.75.2.2  snj 			err = EINVAL;
1.75.2.2  snj 			goto parse_out;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		switch (tlv_type) {
1.75.2.2  snj 		case IWM_UCODE_TLV_PROBE_MAX_LEN:
1.75.2.2  snj 			if (tlv_len < sizeof(uint32_t)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			sc->sc_capa_max_probe_len
1.75.2.2  snj 			    = le32toh(*(uint32_t *)tlv_data);
1.75.2.2  snj 			/* limit it to something sensible */
1.75.2.2  snj 			if (sc->sc_capa_max_probe_len >
1.75.2.2  snj 			    IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IWM_UCODE_TLV_PAN:
1.75.2.2  snj 			if (tlv_len) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN;
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IWM_UCODE_TLV_FLAGS:
1.75.2.2  snj 			if (tlv_len < sizeof(uint32_t)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			if (tlv_len % sizeof(uint32_t)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			/*
1.75.2.2  snj 			 * Apparently there can be many flags, but Linux driver
1.75.2.2  snj 			 * parses only the first one, and so do we.
1.75.2.2  snj 			 *
1.75.2.2  snj 			 * XXX: why does this override IWM_UCODE_TLV_PAN?
1.75.2.2  snj 			 * Intentional or a bug?  Observations from
1.75.2.2  snj 			 * current firmware file:
1.75.2.2  snj 			 *  1) TLV_PAN is parsed first
1.75.2.2  snj 			 *  2) TLV_FLAGS contains TLV_FLAGS_PAN
1.75.2.2  snj 			 * ==> this resets TLV_PAN to itself... hnnnk
1.75.2.2  snj 			 */
1.75.2.2  snj 			sc->sc_capaflags = le32toh(*(uint32_t *)tlv_data);
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IWM_UCODE_TLV_CSCHEME:
1.75.2.2  snj 			err = iwm_store_cscheme(sc, tlv_data, tlv_len);
1.75.2.2  snj 			if (err)
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IWM_UCODE_TLV_NUM_OF_CPU: {
1.75.2.2  snj 			uint32_t num_cpu;
1.75.2.2  snj 			if (tlv_len != sizeof(uint32_t)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			num_cpu = le32toh(*(uint32_t *)tlv_data);
1.75.2.2  snj 			if (num_cpu == 2) {
1.75.2.2  snj 				fw->fw_sects[IWM_UCODE_TYPE_REGULAR].is_dual_cpus =
1.75.2.2  snj 				    true;
1.75.2.2  snj 				fw->fw_sects[IWM_UCODE_TYPE_INIT].is_dual_cpus =
1.75.2.2  snj 				    true;
1.75.2.2  snj 				fw->fw_sects[IWM_UCODE_TYPE_WOW].is_dual_cpus =
1.75.2.2  snj 				    true;
1.75.2.2  snj 			} else if (num_cpu < 1 || num_cpu > 2) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj 		case IWM_UCODE_TLV_SEC_RT:
1.75.2.2  snj 			err = iwm_firmware_store_section(sc,
1.75.2.2  snj 			    IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len);
1.75.2.2  snj 			if (err)
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IWM_UCODE_TLV_SEC_INIT:
1.75.2.2  snj 			err = iwm_firmware_store_section(sc,
1.75.2.2  snj 			    IWM_UCODE_TYPE_INIT, tlv_data, tlv_len);
1.75.2.2  snj 			if (err)
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IWM_UCODE_TLV_SEC_WOWLAN:
1.75.2.2  snj 			err = iwm_firmware_store_section(sc,
1.75.2.2  snj 			    IWM_UCODE_TYPE_WOW, tlv_data, tlv_len);
1.75.2.2  snj 			if (err)
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IWM_UCODE_TLV_DEF_CALIB:
1.75.2.2  snj 			if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			err = iwm_set_default_calib(sc, tlv_data);
1.75.2.2  snj 			if (err)
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IWM_UCODE_TLV_PHY_SKU:
1.75.2.2  snj 			if (tlv_len != sizeof(uint32_t)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			sc->sc_fw_phy_config = le32toh(*(uint32_t *)tlv_data);
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_UCODE_TLV_API_CHANGES_SET: {
1.75.2.2  snj 			struct iwm_ucode_api *api;
1.75.2.2  snj 			uint32_t idx, bits;
1.75.2.2  snj 			int i;
1.75.2.2  snj 			if (tlv_len != sizeof(*api)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			api = (struct iwm_ucode_api *)tlv_data;
1.75.2.2  snj 			idx = le32toh(api->api_index);
1.75.2.2  snj 			bits = le32toh(api->api_flags);
1.75.2.2  snj 			if (idx >= howmany(IWM_NUM_UCODE_TLV_API, 32)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			for (i = 0; i < 32; i++) {
1.75.2.2  snj 				if (!ISSET(bits, __BIT(i)))
1.75.2.2  snj 					continue;
1.75.2.2  snj 				setbit(sc->sc_ucode_api, i + (32 * idx));
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_UCODE_TLV_ENABLED_CAPABILITIES: {
1.75.2.2  snj 			struct iwm_ucode_capa *capa;
1.75.2.2  snj 			uint32_t idx, bits;
1.75.2.2  snj 			int i;
1.75.2.2  snj 			if (tlv_len != sizeof(*capa)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			capa = (struct iwm_ucode_capa *)tlv_data;
1.75.2.2  snj 			idx = le32toh(capa->api_index);
1.75.2.2  snj 			bits = le32toh(capa->api_capa);
1.75.2.2  snj 			if (idx >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			for (i = 0; i < 32; i++) {
1.75.2.2  snj 				if (!ISSET(bits, __BIT(i)))
1.75.2.2  snj 					continue;
1.75.2.2  snj 				setbit(sc->sc_enabled_capa, i + (32 * idx));
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_UCODE_TLV_FW_UNDOCUMENTED1:
1.75.2.2  snj 		case IWM_UCODE_TLV_SDIO_ADMA_ADDR:
1.75.2.2  snj 		case IWM_UCODE_TLV_FW_GSCAN_CAPA:
1.75.2.2  snj 		case IWM_UCODE_TLV_FW_MEM_SEG:
1.75.2.2  snj 			/* ignore, not used by current driver */
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_UCODE_TLV_SEC_RT_USNIFFER:
1.75.2.2  snj 			err = iwm_firmware_store_section(sc,
1.75.2.2  snj 			    IWM_UCODE_TYPE_REGULAR_USNIFFER, tlv_data,
1.75.2.2  snj 			    tlv_len);
1.75.2.2  snj 			if (err)
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_UCODE_TLV_PAGING: {
1.75.2.2  snj 			uint32_t paging_mem_size;
1.75.2.2  snj 			if (tlv_len != sizeof(paging_mem_size)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			paging_mem_size = le32toh(*(uint32_t *)tlv_data);
1.75.2.2  snj 			if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			fw->fw_sects[IWM_UCODE_TYPE_REGULAR].paging_mem_size =
1.75.2.2  snj 			    paging_mem_size;
1.75.2.2  snj 			fw->fw_sects[IWM_UCODE_TYPE_REGULAR_USNIFFER].paging_mem_size =
1.75.2.2  snj 			    paging_mem_size;
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_UCODE_TLV_N_SCAN_CHANNELS:
1.75.2.2  snj 			if (tlv_len != sizeof(uint32_t)) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			sc->sc_capa_n_scan_channels =
1.75.2.2  snj 			  le32toh(*(uint32_t *)tlv_data);
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_UCODE_TLV_FW_VERSION:
1.75.2.2  snj 			if (tlv_len != sizeof(uint32_t) * 3) {
1.75.2.2  snj 				err = EINVAL;
1.75.2.2  snj 				goto parse_out;
1.75.2.2  snj 			}
1.75.2.2  snj 			snprintf(sc->sc_fwver, sizeof(sc->sc_fwver),
1.75.2.2  snj 			    "%d.%d.%d",
1.75.2.2  snj 			    le32toh(((uint32_t *)tlv_data)[0]),
1.75.2.2  snj 			    le32toh(((uint32_t *)tlv_data)[1]),
1.75.2.2  snj 			    le32toh(((uint32_t *)tlv_data)[2]));
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		default:
1.75.2.2  snj 			DPRINTF(("%s: unknown firmware section %d, abort\n",
1.75.2.2  snj 			    DEVNAME(sc), tlv_type));
1.75.2.2  snj 			err = EINVAL;
1.75.2.2  snj 			goto parse_out;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		len -= roundup(tlv_len, 4);
1.75.2.2  snj 		data += roundup(tlv_len, 4);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	KASSERT(err == 0);
1.75.2.2  snj
1.75.2.2  snj  parse_out:
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "firmware parse error, section type %d\n", tlv_type);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "device uses unsupported power ops\n");
1.75.2.2  snj 		err = ENOTSUP;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj  out:
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		fw->fw_status = IWM_FW_STATUS_NONE;
1.75.2.2  snj 	else
1.75.2.2  snj 		fw->fw_status = IWM_FW_STATUS_DONE;
1.75.2.2  snj 	wakeup(&sc->sc_fw);
1.75.2.2  snj
1.75.2.2  snj 	if (err && fw->fw_rawdata != NULL) {
1.75.2.2  snj 		kmem_free(fw->fw_rawdata, fw->fw_rawsize);
1.75.2.2  snj 		fw->fw_rawdata = NULL;
1.75.2.2  snj 		CLR(sc->sc_flags, IWM_FLAG_FW_LOADED);
1.75.2.2  snj 		/* don't touch fw->fw_status */
1.75.2.2  snj 		memset(fw->fw_sects, 0, sizeof(fw->fw_sects));
1.75.2.2  snj 	}
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint32_t
1.75.2.2  snj iwm_read_prph(struct iwm_softc *sc, uint32_t addr)
1.75.2.2  snj {
1.75.2.2  snj 	IWM_WRITE(sc,
1.75.2.2  snj 	    IWM_HBUS_TARG_PRPH_RADDR, ((addr & 0x000fffff) | (3 << 24)));
1.75.2.2  snj 	IWM_BARRIER_READ_WRITE(sc);
1.75.2.2  snj 	return IWM_READ(sc, IWM_HBUS_TARG_PRPH_RDAT);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_write_prph(struct iwm_softc *sc, uint32_t addr, uint32_t val)
1.75.2.2  snj {
1.75.2.2  snj 	IWM_WRITE(sc,
1.75.2.2  snj 	    IWM_HBUS_TARG_PRPH_WADDR, ((addr & 0x000fffff) | (3 << 24)));
1.75.2.2  snj 	IWM_BARRIER_WRITE(sc);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_HBUS_TARG_PRPH_WDAT, val);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj static int
1.75.2.2  snj iwm_read_mem(struct iwm_softc *sc, uint32_t addr, void *buf, int dwords)
1.75.2.2  snj {
1.75.2.2  snj 	int offs;
1.75.2.2  snj 	uint32_t *vals = buf;
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_nic_lock(sc)) {
1.75.2.2  snj 		IWM_WRITE(sc, IWM_HBUS_TARG_MEM_RADDR, addr);
1.75.2.2  snj 		for (offs = 0; offs < dwords; offs++)
1.75.2.2  snj 			vals[offs] = IWM_READ(sc, IWM_HBUS_TARG_MEM_RDAT);
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj 		return 0;
1.75.2.2  snj 	}
1.75.2.2  snj 	return EBUSY;
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_write_mem(struct iwm_softc *sc, uint32_t addr, const void *buf, int dwords)
1.75.2.2  snj {
1.75.2.2  snj 	int offs;
1.75.2.2  snj 	const uint32_t *vals = buf;
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_nic_lock(sc)) {
1.75.2.2  snj 		IWM_WRITE(sc, IWM_HBUS_TARG_MEM_WADDR, addr);
1.75.2.2  snj 		/* WADDR auto-increments */
1.75.2.2  snj 		for (offs = 0; offs < dwords; offs++) {
1.75.2.2  snj 			uint32_t val = vals ? vals[offs] : 0;
1.75.2.2  snj 			IWM_WRITE(sc, IWM_HBUS_TARG_MEM_WDAT, val);
1.75.2.2  snj 		}
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj 		return 0;
1.75.2.2  snj 	}
1.75.2.2  snj 	return EBUSY;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_write_mem32(struct iwm_softc *sc, uint32_t addr, uint32_t val)
1.75.2.2  snj {
1.75.2.2  snj 	return iwm_write_mem(sc, addr, &val, 1);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_poll_bit(struct iwm_softc *sc, int reg, uint32_t bits, uint32_t mask,
1.75.2.2  snj     int timo)
1.75.2.2  snj {
1.75.2.2  snj 	for (;;) {
1.75.2.2  snj 		if ((IWM_READ(sc, reg) & mask) == (bits & mask)) {
1.75.2.2  snj 			return 1;
1.75.2.2  snj 		}
1.75.2.2  snj 		if (timo < 10) {
1.75.2.2  snj 			return 0;
1.75.2.2  snj 		}
1.75.2.2  snj 		timo -= 10;
1.75.2.2  snj 		DELAY(10);
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_nic_lock(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int rv = 0;
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_cmd_hold_nic_awake)
1.75.2.2  snj 		return 1;
1.75.2.2  snj
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 	    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
1.75.2.2  snj 		DELAY(2);
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 	    IWM_CSR_GP_CNTRL_REG_VAL_MAC_ACCESS_EN,
1.75.2.2  snj 	    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY
1.75.2.2  snj 	     | IWM_CSR_GP_CNTRL_REG_FLAG_GOING_TO_SLEEP, 15000)) {
1.75.2.2  snj 		rv = 1;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		DPRINTF(("%s: resetting device via NMI\n", DEVNAME(sc)));
1.75.2.2  snj 		IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_FORCE_NMI);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return rv;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_nic_unlock(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_cmd_hold_nic_awake)
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 	    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_set_bits_mask_prph(struct iwm_softc *sc, uint32_t reg, uint32_t bits,
1.75.2.2  snj     uint32_t mask)
1.75.2.2  snj {
1.75.2.2  snj 	uint32_t val;
1.75.2.2  snj
1.75.2.2  snj 	/* XXX: no error path? */
1.75.2.2  snj 	if (iwm_nic_lock(sc)) {
1.75.2.2  snj 		val = iwm_read_prph(sc, reg) & mask;
1.75.2.2  snj 		val |= bits;
1.75.2.2  snj 		iwm_write_prph(sc, reg, val);
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_set_bits_prph(struct iwm_softc *sc, uint32_t reg, uint32_t bits)
1.75.2.2  snj {
1.75.2.2  snj 	iwm_set_bits_mask_prph(sc, reg, bits, ~0);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_clear_bits_prph(struct iwm_softc *sc, uint32_t reg, uint32_t bits)
1.75.2.2  snj {
1.75.2.2  snj 	iwm_set_bits_mask_prph(sc, reg, 0, ~bits);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma,
1.75.2.2  snj     bus_size_t size, bus_size_t alignment)
1.75.2.2  snj {
1.75.2.2  snj 	int nsegs, err;
1.75.2.2  snj 	void *va;
1.75.2.2  snj
1.75.2.2  snj 	dma->tag = tag;
1.75.2.2  snj 	dma->size = size;
1.75.2.2  snj
1.75.2.2  snj 	err = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT,
1.75.2.2  snj 	    &dma->map);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		goto fail;
1.75.2.2  snj
1.75.2.2  snj 	err = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs,
1.75.2.2  snj 	    BUS_DMA_NOWAIT);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		goto fail;
1.75.2.2  snj
1.75.2.2  snj 	err = bus_dmamem_map(tag, &dma->seg, 1, size, &va, BUS_DMA_NOWAIT);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		goto fail;
1.75.2.2  snj 	dma->vaddr = va;
1.75.2.2  snj
1.75.2.2  snj 	err = bus_dmamap_load(tag, dma->map, dma->vaddr, size, NULL,
1.75.2.2  snj 	    BUS_DMA_NOWAIT);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		goto fail;
1.75.2.2  snj
1.75.2.2  snj 	memset(dma->vaddr, 0, size);
1.75.2.2  snj 	bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE);
1.75.2.2  snj 	dma->paddr = dma->map->dm_segs[0].ds_addr;
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj
1.75.2.2  snj fail:	iwm_dma_contig_free(dma);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_dma_contig_free(struct iwm_dma_info *dma)
1.75.2.2  snj {
1.75.2.2  snj 	if (dma->map != NULL) {
1.75.2.2  snj 		if (dma->vaddr != NULL) {
1.75.2.2  snj 			bus_dmamap_sync(dma->tag, dma->map, 0, dma->size,
1.75.2.2  snj 			    BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
1.75.2.2  snj 			bus_dmamap_unload(dma->tag, dma->map);
1.75.2.2  snj 			bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size);
1.75.2.2  snj 			bus_dmamem_free(dma->tag, &dma->seg, 1);
1.75.2.2  snj 			dma->vaddr = NULL;
1.75.2.2  snj 		}
1.75.2.2  snj 		bus_dmamap_destroy(dma->tag, dma->map);
1.75.2.2  snj 		dma->map = NULL;
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1.75.2.2  snj {
1.75.2.2  snj 	bus_size_t size;
1.75.2.2  snj 	int i, err;
1.75.2.2  snj
1.75.2.2  snj 	ring->cur = 0;
1.75.2.2  snj
1.75.2.2  snj 	/* Allocate RX descriptors (256-byte aligned). */
1.75.2.2  snj 	size = IWM_RX_RING_COUNT * sizeof(uint32_t);
1.75.2.2  snj 	err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not allocate RX ring DMA memory\n");
1.75.2.2  snj 		goto fail;
1.75.2.2  snj 	}
1.75.2.2  snj 	ring->desc = ring->desc_dma.vaddr;
1.75.2.2  snj
1.75.2.2  snj 	/* Allocate RX status area (16-byte aligned). */
1.75.2.2  snj 	err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
1.75.2.2  snj 	    sizeof(*ring->stat), 16);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not allocate RX status DMA memory\n");
1.75.2.2  snj 		goto fail;
1.75.2.2  snj 	}
1.75.2.2  snj 	ring->stat = ring->stat_dma.vaddr;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1.75.2.2  snj 		struct iwm_rx_data *data = &ring->data[i];
1.75.2.2  snj
1.75.2.2  snj 		memset(data, 0, sizeof(*data));
1.75.2.2  snj 		err = bus_dmamap_create(sc->sc_dmat, IWM_RBUF_SIZE, 1,
1.75.2.2  snj 		    IWM_RBUF_SIZE, 0, BUS_DMA_NOWAIT | BUS_DMA_ALLOCNOW,
1.75.2.2  snj 		    &data->map);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not create RX buf DMA map\n");
1.75.2.2  snj 			goto fail;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i);
1.75.2.2  snj 		if (err)
1.75.2.2  snj 			goto fail;
1.75.2.2  snj 	}
1.75.2.2  snj 	return 0;
1.75.2.2  snj
1.75.2.2  snj fail:	iwm_free_rx_ring(sc, ring);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_disable_rx_dma(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int ntries;
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_nic_lock(sc)) {
1.75.2.2  snj 		IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 0);
1.75.2.2  snj 		for (ntries = 0; ntries < 1000; ntries++) {
1.75.2.2  snj 			if (IWM_READ(sc, IWM_FH_MEM_RSSR_RX_STATUS_REG) &
1.75.2.2  snj 			    IWM_FH_RSSR_CHNL0_RX_STATUS_CHNL_IDLE)
1.75.2.2  snj 				break;
1.75.2.2  snj 			DELAY(10);
1.75.2.2  snj 		}
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj void
1.75.2.2  snj iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1.75.2.2  snj {
1.75.2.2  snj 	ring->cur = 0;
1.75.2.2  snj 	memset(ring->stat, 0, sizeof(*ring->stat));
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, ring->stat_dma.map, 0,
1.75.2.2  snj 	    ring->stat_dma.size, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1.75.2.2  snj {
1.75.2.2  snj 	int i;
1.75.2.2  snj
1.75.2.2  snj 	iwm_dma_contig_free(&ring->desc_dma);
1.75.2.2  snj 	iwm_dma_contig_free(&ring->stat_dma);
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1.75.2.2  snj 		struct iwm_rx_data *data = &ring->data[i];
1.75.2.2  snj
1.75.2.2  snj 		if (data->m != NULL) {
1.75.2.2  snj 			bus_dmamap_sync(sc->sc_dmat, data->map, 0,
1.75.2.2  snj 			    data->map->dm_mapsize, BUS_DMASYNC_POSTREAD);
1.75.2.2  snj 			bus_dmamap_unload(sc->sc_dmat, data->map);
1.75.2.2  snj 			m_freem(data->m);
1.75.2.2  snj 			data->m = NULL;
1.75.2.2  snj 		}
1.75.2.2  snj 		if (data->map != NULL) {
1.75.2.2  snj 			bus_dmamap_destroy(sc->sc_dmat, data->map);
1.75.2.2  snj 			data->map = NULL;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
1.75.2.2  snj {
1.75.2.2  snj 	bus_addr_t paddr;
1.75.2.2  snj 	bus_size_t size;
1.75.2.2  snj 	int i, err, nsegs;
1.75.2.2  snj
1.75.2.2  snj 	ring->qid = qid;
1.75.2.2  snj 	ring->queued = 0;
1.75.2.2  snj 	ring->cur = 0;
1.75.2.2  snj
1.75.2.2  snj 	/* Allocate TX descriptors (256-byte aligned). */
1.75.2.2  snj 	size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
1.75.2.2  snj 	err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not allocate TX ring DMA memory\n");
1.75.2.2  snj 		goto fail;
1.75.2.2  snj 	}
1.75.2.2  snj 	ring->desc = ring->desc_dma.vaddr;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
1.75.2.2  snj 	 * to allocate commands space for other rings.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (qid > IWM_CMD_QUEUE)
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
1.75.2.2  snj 	err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not allocate TX cmd DMA memory\n");
1.75.2.2  snj 		goto fail;
1.75.2.2  snj 	}
1.75.2.2  snj 	ring->cmd = ring->cmd_dma.vaddr;
1.75.2.2  snj
1.75.2.2  snj 	paddr = ring->cmd_dma.paddr;
1.75.2.2  snj 	for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1.75.2.2  snj 		struct iwm_tx_data *data = &ring->data[i];
1.75.2.2  snj 		size_t mapsize;
1.75.2.2  snj
1.75.2.2  snj 		data->cmd_paddr = paddr;
1.75.2.2  snj 		data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
1.75.2.2  snj 		    + offsetof(struct iwm_tx_cmd, scratch);
1.75.2.2  snj 		paddr += sizeof(struct iwm_device_cmd);
1.75.2.2  snj
1.75.2.2  snj 		/* FW commands may require more mapped space than packets. */
1.75.2.2  snj 		if (qid == IWM_CMD_QUEUE) {
1.75.2.2  snj 			mapsize = IWM_RBUF_SIZE;
1.75.2.2  snj 			nsegs = 1;
1.75.2.2  snj 		} else {
1.75.2.2  snj 			mapsize = MCLBYTES;
1.75.2.2  snj 			nsegs = IWM_NUM_OF_TBS - 2;
1.75.2.2  snj 		}
1.75.2.2  snj 		err = bus_dmamap_create(sc->sc_dmat, mapsize, nsegs, mapsize,
1.75.2.2  snj 		    0, BUS_DMA_NOWAIT, &data->map);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not create TX buf DMA map\n");
1.75.2.2  snj 			goto fail;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj 	KASSERT(paddr == ring->cmd_dma.paddr + size);
1.75.2.2  snj 	return 0;
1.75.2.2  snj
1.75.2.2  snj fail:	iwm_free_tx_ring(sc, ring);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_clear_cmd_in_flight(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj
1.75.2.2  snj 	if (!sc->apmg_wake_up_wa)
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	if (!sc->sc_cmd_hold_nic_awake) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "cmd_hold_nic_awake not set\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_cmd_hold_nic_awake = 0;
1.75.2.2  snj 	IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 	    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_set_cmd_in_flight(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int ret;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * wake up the NIC to make sure that the firmware will see the host
1.75.2.2  snj 	 * command - we will let the NIC sleep once all the host commands
1.75.2.2  snj 	 * returned. This needs to be done only on NICs that have
1.75.2.2  snj 	 * apmg_wake_up_wa set.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (sc->apmg_wake_up_wa && !sc->sc_cmd_hold_nic_awake) {
1.75.2.2  snj
1.75.2.2  snj 		IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 		    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1.75.2.2  snj
1.75.2.2  snj 		ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 		    IWM_CSR_GP_CNTRL_REG_VAL_MAC_ACCESS_EN,
1.75.2.2  snj 		    (IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY |
1.75.2.2  snj 		     IWM_CSR_GP_CNTRL_REG_FLAG_GOING_TO_SLEEP),
1.75.2.2  snj 		    15000);
1.75.2.2  snj 		if (ret == 0) {
1.75.2.2  snj 			IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 			    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "failed to wake NIC for hcmd\n");
1.75.2.2  snj 			return EIO;
1.75.2.2  snj 		}
1.75.2.2  snj 		sc->sc_cmd_hold_nic_awake = 1;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj static void
1.75.2.2  snj iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1.75.2.2  snj {
1.75.2.2  snj 	int i;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1.75.2.2  snj 		struct iwm_tx_data *data = &ring->data[i];
1.75.2.2  snj
1.75.2.2  snj 		if (data->m != NULL) {
1.75.2.2  snj 			bus_dmamap_sync(sc->sc_dmat, data->map, 0,
1.75.2.2  snj 			    data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
1.75.2.2  snj 			bus_dmamap_unload(sc->sc_dmat, data->map);
1.75.2.2  snj 			m_freem(data->m);
1.75.2.2  snj 			data->m = NULL;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj 	/* Clear TX descriptors. */
1.75.2.2  snj 	memset(ring->desc, 0, ring->desc_dma.size);
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0,
1.75.2.2  snj 	    ring->desc_dma.size, BUS_DMASYNC_PREWRITE);
1.75.2.2  snj 	sc->qfullmsk &= ~(1 << ring->qid);
1.75.2.2  snj 	ring->queued = 0;
1.75.2.2  snj 	ring->cur = 0;
1.75.2.2  snj
1.75.2.2  snj 	if (ring->qid == IWM_CMD_QUEUE && sc->sc_cmd_hold_nic_awake)
1.75.2.2  snj 		iwm_clear_cmd_in_flight(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1.75.2.2  snj {
1.75.2.2  snj 	int i;
1.75.2.2  snj
1.75.2.2  snj 	iwm_dma_contig_free(&ring->desc_dma);
1.75.2.2  snj 	iwm_dma_contig_free(&ring->cmd_dma);
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1.75.2.2  snj 		struct iwm_tx_data *data = &ring->data[i];
1.75.2.2  snj
1.75.2.2  snj 		if (data->m != NULL) {
1.75.2.2  snj 			bus_dmamap_sync(sc->sc_dmat, data->map, 0,
1.75.2.2  snj 			    data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
1.75.2.2  snj 			bus_dmamap_unload(sc->sc_dmat, data->map);
1.75.2.2  snj 			m_freem(data->m);
1.75.2.2  snj 			data->m = NULL;
1.75.2.2  snj 		}
1.75.2.2  snj 		if (data->map != NULL) {
1.75.2.2  snj 			bus_dmamap_destroy(sc->sc_dmat, data->map);
1.75.2.2  snj 			data->map = NULL;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_enable_rfkill_int(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	sc->sc_intmask = IWM_CSR_INT_BIT_RF_KILL;
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_check_rfkill(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	uint32_t v;
1.75.2.2  snj 	int s;
1.75.2.2  snj 	int rv;
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * "documentation" is not really helpful here:
1.75.2.2  snj 	 *  27:	HW_RF_KILL_SW
1.75.2.2  snj 	 *	Indicates state of (platform's) hardware RF-Kill switch
1.75.2.2  snj 	 *
1.75.2.2  snj 	 * But apparently when it's off, it's on ...
1.75.2.2  snj 	 */
1.75.2.2  snj 	v = IWM_READ(sc, IWM_CSR_GP_CNTRL);
1.75.2.2  snj 	rv = (v & IWM_CSR_GP_CNTRL_REG_FLAG_HW_RF_KILL_SW) == 0;
1.75.2.2  snj 	if (rv) {
1.75.2.2  snj 		sc->sc_flags |= IWM_FLAG_RFKILL;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		sc->sc_flags &= ~IWM_FLAG_RFKILL;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	splx(s);
1.75.2.2  snj 	return rv;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_enable_interrupts(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_restore_interrupts(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_disable_interrupts(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int s = splnet();
1.75.2.2  snj
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1.75.2.2  snj
1.75.2.2  snj 	/* acknowledge all interrupts */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT, ~0);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1.75.2.2  snj
1.75.2.2  snj 	splx(s);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_ict_reset(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	iwm_disable_interrupts(sc);
1.75.2.2  snj
1.75.2.2  snj 	memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, sc->ict_dma.map, 0, IWM_ICT_SIZE,
1.75.2.2  snj 	    BUS_DMASYNC_PREWRITE);
1.75.2.2  snj 	sc->ict_cur = 0;
1.75.2.2  snj
1.75.2.2  snj 	/* Set physical address of ICT (4KB aligned). */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1.75.2.2  snj 	    IWM_CSR_DRAM_INT_TBL_ENABLE
1.75.2.2  snj 	    | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1.75.2.2  snj 	    | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER
1.75.2.2  snj 	    | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1.75.2.2  snj
1.75.2.2  snj 	/* Switch to ICT interrupt mode in driver. */
1.75.2.2  snj 	sc->sc_flags |= IWM_FLAG_USE_ICT;
1.75.2.2  snj
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT, ~0);
1.75.2.2  snj 	iwm_enable_interrupts(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #define IWM_HW_READY_TIMEOUT 50
1.75.2.2  snj static int
1.75.2.2  snj iwm_set_hw_ready(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int ready;
1.75.2.2  snj
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_HW_IF_CONFIG_REG,
1.75.2.2  snj 	    IWM_CSR_HW_IF_CONFIG_REG_BIT_NIC_READY);
1.75.2.2  snj
1.75.2.2  snj 	ready = iwm_poll_bit(sc, IWM_CSR_HW_IF_CONFIG_REG,
1.75.2.2  snj 	    IWM_CSR_HW_IF_CONFIG_REG_BIT_NIC_READY,
1.75.2.2  snj 	    IWM_CSR_HW_IF_CONFIG_REG_BIT_NIC_READY,
1.75.2.2  snj 	    IWM_HW_READY_TIMEOUT);
1.75.2.2  snj 	if (ready)
1.75.2.2  snj 		IWM_SETBITS(sc, IWM_CSR_MBOX_SET_REG,
1.75.2.2  snj 		    IWM_CSR_MBOX_SET_REG_OS_ALIVE);
1.75.2.2  snj
1.75.2.2  snj 	return ready;
1.75.2.2  snj }
1.75.2.2  snj #undef IWM_HW_READY_TIMEOUT
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_prepare_card_hw(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int t = 0;
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_set_hw_ready(sc))
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	DELAY(100);
1.75.2.2  snj
1.75.2.2  snj 	/* If HW is not ready, prepare the conditions to check again */
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_HW_IF_CONFIG_REG,
1.75.2.2  snj 	    IWM_CSR_HW_IF_CONFIG_REG_PREPARE);
1.75.2.2  snj
1.75.2.2  snj 	do {
1.75.2.2  snj 		if (iwm_set_hw_ready(sc))
1.75.2.2  snj 			return 0;
1.75.2.2  snj 		DELAY(200);
1.75.2.2  snj 		t += 200;
1.75.2.2  snj 	} while (t < 150000);
1.75.2.2  snj
1.75.2.2  snj 	return ETIMEDOUT;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_apm_config(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	pcireg_t reg;
1.75.2.2  snj
1.75.2.2  snj 	reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag,
1.75.2.2  snj 	    sc->sc_cap_off + PCIE_LCSR);
1.75.2.2  snj 	if (reg & PCIE_LCSR_ASPM_L1) {
1.75.2.2  snj 		/* Um the Linux driver prints "Disabling L0S for this one ... */
1.75.2.2  snj 		IWM_SETBITS(sc, IWM_CSR_GIO_REG,
1.75.2.2  snj 		    IWM_CSR_GIO_REG_VAL_L0S_ENABLED);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		/* ... and "Enabling" here */
1.75.2.2  snj 		IWM_CLRBITS(sc, IWM_CSR_GIO_REG,
1.75.2.2  snj 		    IWM_CSR_GIO_REG_VAL_L0S_ENABLED);
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Start up NIC's basic functionality after it has been reset
1.75.2.2  snj  * e.g. after platform boot or shutdown.
1.75.2.2  snj  * NOTE:  This does not load uCode nor start the embedded processor
1.75.2.2  snj  */
1.75.2.2  snj static int
1.75.2.2  snj iwm_apm_init(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int err = 0;
1.75.2.2  snj
1.75.2.2  snj 	/* Disable L0S exit timer (platform NMI workaround) */
1.75.2.2  snj 	if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) {
1.75.2.2  snj 		IWM_SETBITS(sc, IWM_CSR_GIO_CHICKEN_BITS,
1.75.2.2  snj 		    IWM_CSR_GIO_CHICKEN_BITS_REG_BIT_DIS_L0S_EXIT_TIMER);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Disable L0s without affecting L1;
1.75.2.2  snj 	 *  don't wait for ICH L0s (ICH bug W/A)
1.75.2.2  snj 	 */
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_GIO_CHICKEN_BITS,
1.75.2.2  snj 	    IWM_CSR_GIO_CHICKEN_BITS_REG_BIT_L1A_NO_L0S_RX);
1.75.2.2  snj
1.75.2.2  snj 	/* Set FH wait threshold to maximum (HW error during stress W/A) */
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_DBG_HPET_MEM_REG, IWM_CSR_DBG_HPET_MEM_REG_VAL);
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Enable HAP INTA (interrupt from management bus) to
1.75.2.2  snj 	 * wake device's PCI Express link L1a -> L0s
1.75.2.2  snj 	 */
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_HW_IF_CONFIG_REG,
1.75.2.2  snj 	    IWM_CSR_HW_IF_CONFIG_REG_BIT_HAP_WAKE_L1A);
1.75.2.2  snj
1.75.2.2  snj 	iwm_apm_config(sc);
1.75.2.2  snj
1.75.2.2  snj #if 0 /* not for 7k/8k */
1.75.2.2  snj 	/* Configure analog phase-lock-loop before activating to D0A */
1.75.2.2  snj 	if (trans->cfg->base_params->pll_cfg_val)
1.75.2.2  snj 		IWM_SETBITS(trans, IWM_CSR_ANA_PLL_CFG,
1.75.2.2  snj 		    trans->cfg->base_params->pll_cfg_val);
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Set "initialization complete" bit to move adapter from
1.75.2.2  snj 	 * D0U* --> D0A* (powered-up active) state.
1.75.2.2  snj 	 */
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Wait for clock stabilization; once stabilized, access to
1.75.2.2  snj 	 * device-internal resources is supported, e.g. iwm_write_prph()
1.75.2.2  snj 	 * and accesses to uCode SRAM.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (!iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 	    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
1.75.2.2  snj 	    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 25000)) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "timeout waiting for clock stabilization\n");
1.75.2.2  snj 		err = ETIMEDOUT;
1.75.2.2  snj 		goto out;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (sc->host_interrupt_operation_mode) {
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * This is a bit of an abuse - This is needed for 7260 / 3160
1.75.2.2  snj 		 * only check host_interrupt_operation_mode even if this is
1.75.2.2  snj 		 * not related to host_interrupt_operation_mode.
1.75.2.2  snj 		 *
1.75.2.2  snj 		 * Enable the oscillator to count wake up time for L1 exit. This
1.75.2.2  snj 		 * consumes slightly more power (100uA) - but allows to be sure
1.75.2.2  snj 		 * that we wake up from L1 on time.
1.75.2.2  snj 		 *
1.75.2.2  snj 		 * This looks weird: read twice the same register, discard the
1.75.2.2  snj 		 * value, set a bit, and yet again, read that same register
1.75.2.2  snj 		 * just to discard the value. But that's the way the hardware
1.75.2.2  snj 		 * seems to like it.
1.75.2.2  snj 		 */
1.75.2.2  snj 		iwm_read_prph(sc, IWM_OSC_CLK);
1.75.2.2  snj 		iwm_read_prph(sc, IWM_OSC_CLK);
1.75.2.2  snj 		iwm_set_bits_prph(sc, IWM_OSC_CLK, IWM_OSC_CLK_FORCE_CONTROL);
1.75.2.2  snj 		iwm_read_prph(sc, IWM_OSC_CLK);
1.75.2.2  snj 		iwm_read_prph(sc, IWM_OSC_CLK);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Enable DMA clock and wait for it to stabilize.
1.75.2.2  snj 	 *
1.75.2.2  snj 	 * Write to "CLK_EN_REG"; "1" bits enable clocks, while "0" bits
1.75.2.2  snj 	 * do not disable clocks.  This preserves any hardware bits already
1.75.2.2  snj 	 * set by default in "CLK_CTRL_REG" after reset.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1.75.2.2  snj 		iwm_write_prph(sc, IWM_APMG_CLK_EN_REG,
1.75.2.2  snj 		    IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1.75.2.2  snj 		DELAY(20);
1.75.2.2  snj
1.75.2.2  snj 		/* Disable L1-Active */
1.75.2.2  snj 		iwm_set_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1.75.2.2  snj 		    IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1.75.2.2  snj
1.75.2.2  snj 		/* Clear the interrupt in APMG if the NIC is in RFKILL */
1.75.2.2  snj 		iwm_write_prph(sc, IWM_APMG_RTC_INT_STT_REG,
1.75.2.2  snj 		    IWM_APMG_RTC_INT_STT_RFKILL);
1.75.2.2  snj 	}
1.75.2.2  snj  out:
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "apm init error %d\n", err);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_apm_stop(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	/* stop device's busmaster DMA activity */
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_STOP_MASTER);
1.75.2.2  snj
1.75.2.2  snj 	if (!iwm_poll_bit(sc, IWM_CSR_RESET,
1.75.2.2  snj 	    IWM_CSR_RESET_REG_FLAG_MASTER_DISABLED,
1.75.2.2  snj 	    IWM_CSR_RESET_REG_FLAG_MASTER_DISABLED, 100))
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "timeout waiting for master\n");
1.75.2.2  snj 	DPRINTF(("iwm apm stop\n"));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_start_hw(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_prepare_card_hw(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	/* Reset the entire device */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1.75.2.2  snj 	DELAY(10);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_apm_init(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	iwm_enable_rfkill_int(sc);
1.75.2.2  snj 	iwm_check_rfkill(sc);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_stop_device(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int chnl, ntries;
1.75.2.2  snj 	int qid;
1.75.2.2  snj
1.75.2.2  snj 	iwm_disable_interrupts(sc);
1.75.2.2  snj 	sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1.75.2.2  snj
1.75.2.2  snj 	/* Deactivate TX scheduler. */
1.75.2.2  snj 	iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1.75.2.2  snj
1.75.2.2  snj 	/* Stop all DMA channels. */
1.75.2.2  snj 	if (iwm_nic_lock(sc)) {
1.75.2.2  snj 		for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1.75.2.2  snj 			IWM_WRITE(sc,
1.75.2.2  snj 			    IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1.75.2.2  snj 			for (ntries = 0; ntries < 200; ntries++) {
1.75.2.2  snj 				uint32_t r;
1.75.2.2  snj
1.75.2.2  snj 				r = IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG);
1.75.2.2  snj 				if (r & IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(
1.75.2.2  snj 				    chnl))
1.75.2.2  snj 					break;
1.75.2.2  snj 				DELAY(20);
1.75.2.2  snj 			}
1.75.2.2  snj 		}
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj 	}
1.75.2.2  snj 	iwm_disable_rx_dma(sc);
1.75.2.2  snj
1.75.2.2  snj 	iwm_reset_rx_ring(sc, &sc->rxq);
1.75.2.2  snj
1.75.2.2  snj 	for (qid = 0; qid < __arraycount(sc->txq); qid++)
1.75.2.2  snj 		iwm_reset_tx_ring(sc, &sc->txq[qid]);
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1.75.2.2  snj 		/* Power-down device's busmaster DMA clocks */
1.75.2.2  snj 		if (iwm_nic_lock(sc)) {
1.75.2.2  snj 			iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG,
1.75.2.2  snj 			    IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1.75.2.2  snj 			DELAY(5);
1.75.2.2  snj 			iwm_nic_unlock(sc);
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Make sure (redundant) we've released our request to stay awake */
1.75.2.2  snj 	IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 	    IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1.75.2.2  snj
1.75.2.2  snj 	/* Stop the device, and put it in low power state */
1.75.2.2  snj 	iwm_apm_stop(sc);
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Upon stop, the APM issues an interrupt if HW RF kill is set.
1.75.2.2  snj 	 * Clean again the interrupt here
1.75.2.2  snj 	 */
1.75.2.2  snj 	iwm_disable_interrupts(sc);
1.75.2.2  snj
1.75.2.2  snj 	/* Reset the on-board processor. */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1.75.2.2  snj
1.75.2.2  snj 	/* Even though we stop the HW we still want the RF kill interrupt. */
1.75.2.2  snj 	iwm_enable_rfkill_int(sc);
1.75.2.2  snj 	iwm_check_rfkill(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_nic_config(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1.75.2.2  snj 	uint32_t reg_val = 0;
1.75.2.2  snj
1.75.2.2  snj 	radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1.75.2.2  snj 	    IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1.75.2.2  snj 	radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1.75.2.2  snj 	    IWM_FW_PHY_CFG_RADIO_STEP_POS;
1.75.2.2  snj 	radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1.75.2.2  snj 	    IWM_FW_PHY_CFG_RADIO_DASH_POS;
1.75.2.2  snj
1.75.2.2  snj 	reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1.75.2.2  snj 	    IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1.75.2.2  snj 	reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1.75.2.2  snj 	    IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1.75.2.2  snj
1.75.2.2  snj 	/* radio configuration */
1.75.2.2  snj 	reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1.75.2.2  snj 	reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1.75.2.2  snj 	reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1.75.2.2  snj
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val);
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1.75.2.2  snj 	    radio_cfg_step, radio_cfg_dash));
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * W/A : NIC is stuck in a reset state after Early PCIe power off
1.75.2.2  snj 	 * (PCIe power is lost before PERST# is asserted), causing ME FW
1.75.2.2  snj 	 * to lose ownership and not being able to obtain it back.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1.75.2.2  snj 		iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1.75.2.2  snj 		    IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1.75.2.2  snj 		    ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_nic_rx_init(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	if (!iwm_nic_lock(sc))
1.75.2.2  snj 		return EBUSY;
1.75.2.2  snj
1.75.2.2  snj 	memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, sc->rxq.stat_dma.map,
1.75.2.2  snj 	    0, sc->rxq.stat_dma.size,
1.75.2.2  snj 	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
1.75.2.2  snj
1.75.2.2  snj 	iwm_disable_rx_dma(sc);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1.75.2.2  snj
1.75.2.2  snj 	/* Set physical address of RX ring (256-byte aligned). */
1.75.2.2  snj 	IWM_WRITE(sc,
1.75.2.2  snj 	    IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8);
1.75.2.2  snj
1.75.2.2  snj 	/* Set physical address of RX status (16-byte aligned). */
1.75.2.2  snj 	IWM_WRITE(sc,
1.75.2.2  snj 	    IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1.75.2.2  snj
1.75.2.2  snj 	/* Enable RX. */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1.75.2.2  snj 	    IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL		|
1.75.2.2  snj 	    IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY		|  /* HW bug */
1.75.2.2  snj 	    IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL	|
1.75.2.2  snj 	    IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK	|
1.75.2.2  snj 	    IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K		|
1.75.2.2  snj 	    (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1.75.2.2  snj 	    IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1.75.2.2  snj
1.75.2.2  snj 	IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1.75.2.2  snj
1.75.2.2  snj 	/* W/A for interrupt coalescing bug in 7260 and 3160 */
1.75.2.2  snj 	if (sc->host_interrupt_operation_mode)
1.75.2.2  snj 		IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * This value should initially be 0 (before preparing any RBs),
1.75.2.2  snj 	 * and should be 8 after preparing the first 8 RBs (for example).
1.75.2.2  snj 	 */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1.75.2.2  snj
1.75.2.2  snj 	iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_nic_tx_init(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int qid;
1.75.2.2  snj
1.75.2.2  snj 	if (!iwm_nic_lock(sc))
1.75.2.2  snj 		return EBUSY;
1.75.2.2  snj
1.75.2.2  snj 	/* Deactivate TX scheduler. */
1.75.2.2  snj 	iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1.75.2.2  snj
1.75.2.2  snj 	/* Set physical address of "keep warm" page (16-byte aligned). */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1.75.2.2  snj
1.75.2.2  snj 	for (qid = 0; qid < __arraycount(sc->txq); qid++) {
1.75.2.2  snj 		struct iwm_tx_ring *txq = &sc->txq[qid];
1.75.2.2  snj
1.75.2.2  snj 		/* Set physical address of TX ring (256-byte aligned). */
1.75.2.2  snj 		IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1.75.2.2  snj 		    txq->desc_dma.paddr >> 8);
1.75.2.2  snj 		DPRINTF(("loading ring %d descriptors (%p) at %"PRIxMAX"\n",
1.75.2.2  snj 		    qid, txq->desc, (uintmax_t)(txq->desc_dma.paddr >> 8)));
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE);
1.75.2.2  snj
1.75.2.2  snj 	iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_nic_init(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	iwm_apm_init(sc);
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1.75.2.2  snj 		iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1.75.2.2  snj 		    IWM_APMG_PS_CTRL_VAL_PWR_SRC_VMAIN,
1.75.2.2  snj 		    ~IWM_APMG_PS_CTRL_MSK_PWR_SRC);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	iwm_nic_config(sc);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_nic_rx_init(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_nic_tx_init(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("shadow registers enabled\n"));
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static const uint8_t iwm_ac_to_tx_fifo[] = {
1.75.2.2  snj 	IWM_TX_FIFO_VO,
1.75.2.2  snj 	IWM_TX_FIFO_VI,
1.75.2.2  snj 	IWM_TX_FIFO_BE,
1.75.2.2  snj 	IWM_TX_FIFO_BK,
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo)
1.75.2.2  snj {
1.75.2.2  snj 	if (!iwm_nic_lock(sc)) {
1.75.2.2  snj 		DPRINTF(("%s: cannot enable txq %d\n", DEVNAME(sc), qid));
1.75.2.2  snj 		return EBUSY;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1.75.2.2  snj
1.75.2.2  snj 	if (qid == IWM_CMD_QUEUE) {
1.75.2.2  snj 		iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1.75.2.2  snj 		    (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE)
1.75.2.2  snj 		    | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1.75.2.2  snj
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 		iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid));
1.75.2.2  snj
1.75.2.2  snj 		if (!iwm_nic_lock(sc))
1.75.2.2  snj 			return EBUSY;
1.75.2.2  snj 		iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 		iwm_write_mem32(sc,
1.75.2.2  snj 		    sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1.75.2.2  snj
1.75.2.2  snj 		/* Set scheduler window size and frame limit. */
1.75.2.2  snj 		iwm_write_mem32(sc,
1.75.2.2  snj 		    sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1.75.2.2  snj 		    sizeof(uint32_t),
1.75.2.2  snj 		    ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1.75.2.2  snj 		    IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1.75.2.2  snj 		    ((IWM_FRAME_LIMIT
1.75.2.2  snj 		        << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1.75.2.2  snj 		    IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1.75.2.2  snj
1.75.2.2  snj 		if (!iwm_nic_lock(sc))
1.75.2.2  snj 			return EBUSY;
1.75.2.2  snj 		iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1.75.2.2  snj 		    (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1.75.2.2  snj 		    (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1.75.2.2  snj 		    (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1.75.2.2  snj 		    IWM_SCD_QUEUE_STTS_REG_MSK);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		struct iwm_scd_txq_cfg_cmd cmd;
1.75.2.2  snj 		int err;
1.75.2.2  snj
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 		memset(&cmd, 0, sizeof(cmd));
1.75.2.2  snj 		cmd.scd_queue = qid;
1.75.2.2  snj 		cmd.enable = 1;
1.75.2.2  snj 		cmd.sta_id = sta_id;
1.75.2.2  snj 		cmd.tx_fifo = fifo;
1.75.2.2  snj 		cmd.aggregate = 0;
1.75.2.2  snj 		cmd.window = IWM_FRAME_LIMIT;
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, 0, sizeof(cmd),
1.75.2.2  snj 		    &cmd);
1.75.2.2  snj 		if (err)
1.75.2.2  snj 			return err;
1.75.2.2  snj
1.75.2.2  snj 		if (!iwm_nic_lock(sc))
1.75.2.2  snj 			return EBUSY;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	iwm_write_prph(sc, IWM_SCD_EN_CTRL,
1.75.2.2  snj 	    iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid);
1.75.2.2  snj
1.75.2.2  snj 	iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("enabled txq %d FIFO %d\n", qid, fifo));
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_post_alive(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1.75.2.2  snj 	    IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t);
1.75.2.2  snj 	int err, chnl;
1.75.2.2  snj 	uint32_t base;
1.75.2.2  snj
1.75.2.2  snj 	if (!iwm_nic_lock(sc))
1.75.2.2  snj 		return EBUSY;
1.75.2.2  snj
1.75.2.2  snj 	base = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR);
1.75.2.2  snj 	if (sc->sched_base != base) {
1.75.2.2  snj 		DPRINTF(("%s: sched addr mismatch: 0x%08x != 0x%08x\n",
1.75.2.2  snj 		    DEVNAME(sc), sc->sched_base, base));
1.75.2.2  snj 		sc->sched_base = base;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 	iwm_ict_reset(sc);
1.75.2.2  snj
1.75.2.2  snj 	/* Clear TX scheduler state in SRAM. */
1.75.2.2  snj 	err = iwm_write_mem(sc,
1.75.2.2  snj 	    sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, NULL, nwords);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	if (!iwm_nic_lock(sc))
1.75.2.2  snj 		return EBUSY;
1.75.2.2  snj
1.75.2.2  snj 	/* Set physical address of TX scheduler rings (1KB aligned). */
1.75.2.2  snj 	iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1.75.2.2  snj
1.75.2.2  snj 	iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1.75.2.2  snj
1.75.2.2  snj 	iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 	/* enable command channel */
1.75.2.2  snj 	err = iwm_enable_txq(sc, 0 /* unused */, IWM_CMD_QUEUE, 7);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	if (!iwm_nic_lock(sc))
1.75.2.2  snj 		return EBUSY;
1.75.2.2  snj
1.75.2.2  snj 	/* Activate TX scheduler. */
1.75.2.2  snj 	iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1.75.2.2  snj
1.75.2.2  snj 	/* Enable DMA channels. */
1.75.2.2  snj 	for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1.75.2.2  snj 		IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1.75.2.2  snj 		    IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1.75.2.2  snj 		    IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1.75.2.2  snj 	    IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1.75.2.2  snj
1.75.2.2  snj 	/* Enable L1-Active */
1.75.2.2  snj 	if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) {
1.75.2.2  snj 		iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1.75.2.2  snj 		    IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static struct iwm_phy_db_entry *
1.75.2.2  snj iwm_phy_db_get_section(struct iwm_softc *sc, enum iwm_phy_db_section_type type,
1.75.2.2  snj     uint16_t chg_id)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_phy_db *phy_db = &sc->sc_phy_db;
1.75.2.2  snj
1.75.2.2  snj 	if (type >= IWM_PHY_DB_MAX)
1.75.2.2  snj 		return NULL;
1.75.2.2  snj
1.75.2.2  snj 	switch (type) {
1.75.2.2  snj 	case IWM_PHY_DB_CFG:
1.75.2.2  snj 		return &phy_db->cfg;
1.75.2.2  snj 	case IWM_PHY_DB_CALIB_NCH:
1.75.2.2  snj 		return &phy_db->calib_nch;
1.75.2.2  snj 	case IWM_PHY_DB_CALIB_CHG_PAPD:
1.75.2.2  snj 		if (chg_id >= IWM_NUM_PAPD_CH_GROUPS)
1.75.2.2  snj 			return NULL;
1.75.2.2  snj 		return &phy_db->calib_ch_group_papd[chg_id];
1.75.2.2  snj 	case IWM_PHY_DB_CALIB_CHG_TXP:
1.75.2.2  snj 		if (chg_id >= IWM_NUM_TXP_CH_GROUPS)
1.75.2.2  snj 			return NULL;
1.75.2.2  snj 		return &phy_db->calib_ch_group_txp[chg_id];
1.75.2.2  snj 	default:
1.75.2.2  snj 		return NULL;
1.75.2.2  snj 	}
1.75.2.2  snj 	return NULL;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_phy_db_set_section(struct iwm_softc *sc,
1.75.2.2  snj     struct iwm_calib_res_notif_phy_db *phy_db_notif, uint16_t size)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_phy_db_entry *entry;
1.75.2.2  snj 	enum iwm_phy_db_section_type type = le16toh(phy_db_notif->type);
1.75.2.2  snj 	uint16_t chg_id = 0;
1.75.2.2  snj
1.75.2.2  snj 	if (type == IWM_PHY_DB_CALIB_CHG_PAPD ||
1.75.2.2  snj 	    type == IWM_PHY_DB_CALIB_CHG_TXP)
1.75.2.2  snj 		chg_id = le16toh(*(uint16_t *)phy_db_notif->data);
1.75.2.2  snj
1.75.2.2  snj 	entry = iwm_phy_db_get_section(sc, type, chg_id);
1.75.2.2  snj 	if (!entry)
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj
1.75.2.2  snj 	if (entry->data)
1.75.2.2  snj 		kmem_intr_free(entry->data, entry->size);
1.75.2.2  snj 	entry->data = kmem_intr_alloc(size, KM_NOSLEEP);
1.75.2.2  snj 	if (!entry->data) {
1.75.2.2  snj 		entry->size = 0;
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj 	}
1.75.2.2  snj 	memcpy(entry->data, phy_db_notif->data, size);
1.75.2.2  snj 	entry->size = size;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(10, ("%s(%d): [PHYDB]SET: Type %d, Size: %d, data: %p\n",
1.75.2.2  snj 	    __func__, __LINE__, type, size, entry->data));
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_is_valid_channel(uint16_t ch_id)
1.75.2.2  snj {
1.75.2.2  snj 	if (ch_id <= 14 ||
1.75.2.2  snj 	    (36 <= ch_id && ch_id <= 64 && ch_id % 4 == 0) ||
1.75.2.2  snj 	    (100 <= ch_id && ch_id <= 140 && ch_id % 4 == 0) ||
1.75.2.2  snj 	    (145 <= ch_id && ch_id <= 165 && ch_id % 4 == 1))
1.75.2.2  snj 		return 1;
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint8_t
1.75.2.2  snj iwm_ch_id_to_ch_index(uint16_t ch_id)
1.75.2.2  snj {
1.75.2.2  snj 	if (!iwm_is_valid_channel(ch_id))
1.75.2.2  snj 		return 0xff;
1.75.2.2  snj
1.75.2.2  snj 	if (ch_id <= 14)
1.75.2.2  snj 		return ch_id - 1;
1.75.2.2  snj 	if (ch_id <= 64)
1.75.2.2  snj 		return (ch_id + 20) / 4;
1.75.2.2  snj 	if (ch_id <= 140)
1.75.2.2  snj 		return (ch_id - 12) / 4;
1.75.2.2  snj 	return (ch_id - 13) / 4;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj
1.75.2.2  snj static uint16_t
1.75.2.2  snj iwm_channel_id_to_papd(uint16_t ch_id)
1.75.2.2  snj {
1.75.2.2  snj 	if (!iwm_is_valid_channel(ch_id))
1.75.2.2  snj 		return 0xff;
1.75.2.2  snj
1.75.2.2  snj 	if (1 <= ch_id && ch_id <= 14)
1.75.2.2  snj 		return 0;
1.75.2.2  snj 	if (36 <= ch_id && ch_id <= 64)
1.75.2.2  snj 		return 1;
1.75.2.2  snj 	if (100 <= ch_id && ch_id <= 140)
1.75.2.2  snj 		return 2;
1.75.2.2  snj 	return 3;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint16_t
1.75.2.2  snj iwm_channel_id_to_txp(struct iwm_softc *sc, uint16_t ch_id)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_phy_db *phy_db = &sc->sc_phy_db;
1.75.2.2  snj 	struct iwm_phy_db_chg_txp *txp_chg;
1.75.2.2  snj 	int i;
1.75.2.2  snj 	uint8_t ch_index = iwm_ch_id_to_ch_index(ch_id);
1.75.2.2  snj
1.75.2.2  snj 	if (ch_index == 0xff)
1.75.2.2  snj 		return 0xff;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_NUM_TXP_CH_GROUPS; i++) {
1.75.2.2  snj 		txp_chg = (void *)phy_db->calib_ch_group_txp[i].data;
1.75.2.2  snj 		if (!txp_chg)
1.75.2.2  snj 			return 0xff;
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * Looking for the first channel group the max channel
1.75.2.2  snj 		 * of which is higher than the requested channel.
1.75.2.2  snj 		 */
1.75.2.2  snj 		if (le16toh(txp_chg->max_channel_idx) >= ch_index)
1.75.2.2  snj 			return i;
1.75.2.2  snj 	}
1.75.2.2  snj 	return 0xff;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_phy_db_get_section_data(struct iwm_softc *sc, uint32_t type, uint8_t **data,
1.75.2.2  snj     uint16_t *size, uint16_t ch_id)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_phy_db_entry *entry;
1.75.2.2  snj 	uint16_t ch_group_id = 0;
1.75.2.2  snj
1.75.2.2  snj 	if (type == IWM_PHY_DB_CALIB_CHG_PAPD)
1.75.2.2  snj 		ch_group_id = iwm_channel_id_to_papd(ch_id);
1.75.2.2  snj 	else if (type == IWM_PHY_DB_CALIB_CHG_TXP)
1.75.2.2  snj 		ch_group_id = iwm_channel_id_to_txp(sc, ch_id);
1.75.2.2  snj
1.75.2.2  snj 	entry = iwm_phy_db_get_section(sc, type, ch_group_id);
1.75.2.2  snj 	if (!entry)
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj
1.75.2.2  snj 	*data = entry->data;
1.75.2.2  snj 	*size = entry->size;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(10, ("%s(%d): [PHYDB] GET: Type %d , Size: %d\n",
1.75.2.2  snj 		       __func__, __LINE__, type, *size));
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_phy_db_cmd(struct iwm_softc *sc, uint16_t type, uint16_t length,
1.75.2.2  snj     void *data)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_phy_db_cmd phy_db_cmd;
1.75.2.2  snj 	struct iwm_host_cmd cmd = {
1.75.2.2  snj 		.id = IWM_PHY_DB_CMD,
1.75.2.2  snj 		.flags = IWM_CMD_ASYNC,
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(10, ("Sending PHY-DB hcmd of type %d, of length %d\n",
1.75.2.2  snj 	    type, length));
1.75.2.2  snj
1.75.2.2  snj 	phy_db_cmd.type = le16toh(type);
1.75.2.2  snj 	phy_db_cmd.length = le16toh(length);
1.75.2.2  snj
1.75.2.2  snj 	cmd.data[0] = &phy_db_cmd;
1.75.2.2  snj 	cmd.len[0] = sizeof(struct iwm_phy_db_cmd);
1.75.2.2  snj 	cmd.data[1] = data;
1.75.2.2  snj 	cmd.len[1] = length;
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd(sc, &cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_phy_db_send_all_channel_groups(struct iwm_softc *sc,
1.75.2.2  snj     enum iwm_phy_db_section_type type, uint8_t max_ch_groups)
1.75.2.2  snj {
1.75.2.2  snj 	uint16_t i;
1.75.2.2  snj 	int err;
1.75.2.2  snj 	struct iwm_phy_db_entry *entry;
1.75.2.2  snj
1.75.2.2  snj 	/* Send all the channel-specific groups to operational fw */
1.75.2.2  snj 	for (i = 0; i < max_ch_groups; i++) {
1.75.2.2  snj 		entry = iwm_phy_db_get_section(sc, type, i);
1.75.2.2  snj 		if (!entry)
1.75.2.2  snj 			return EINVAL;
1.75.2.2  snj
1.75.2.2  snj 		if (!entry->size)
1.75.2.2  snj 			continue;
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_send_phy_db_cmd(sc, type, entry->size, entry->data);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			DPRINTF(("%s: Can't SEND phy_db section %d (%d), "
1.75.2.2  snj 			    "err %d\n", DEVNAME(sc), type, i, err));
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		DPRINTFN(10, ("%s: Sent PHY_DB HCMD, type = %d num = %d\n",
1.75.2.2  snj 		    DEVNAME(sc), type, i));
1.75.2.2  snj
1.75.2.2  snj 		DELAY(1000);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_phy_db_data(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	uint8_t *data = NULL;
1.75.2.2  snj 	uint16_t size = 0;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_phy_db_get_section_data(sc, IWM_PHY_DB_CFG, &data, &size, 0);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_phy_db_cmd(sc, IWM_PHY_DB_CFG, size, data);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_phy_db_get_section_data(sc, IWM_PHY_DB_CALIB_NCH,
1.75.2.2  snj 	    &data, &size, 0);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_phy_db_cmd(sc, IWM_PHY_DB_CALIB_NCH, size, data);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_phy_db_send_all_channel_groups(sc,
1.75.2.2  snj 	    IWM_PHY_DB_CALIB_CHG_PAPD, IWM_NUM_PAPD_CH_GROUPS);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_phy_db_send_all_channel_groups(sc,
1.75.2.2  snj 	    IWM_PHY_DB_CALIB_CHG_TXP, IWM_NUM_TXP_CH_GROUPS);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * For the high priority TE use a time event type that has similar priority to
1.75.2.2  snj  * the FW's action scan priority.
1.75.2.2  snj  */
1.75.2.2  snj #define IWM_ROC_TE_TYPE_NORMAL IWM_TE_P2P_DEVICE_DISCOVERABLE
1.75.2.2  snj #define IWM_ROC_TE_TYPE_MGMT_TX IWM_TE_P2P_CLIENT_ASSOC
1.75.2.2  snj
1.75.2.2  snj /* used to convert from time event API v2 to v1 */
1.75.2.2  snj #define IWM_TE_V2_DEP_POLICY_MSK (IWM_TE_V2_DEP_OTHER | IWM_TE_V2_DEP_TSF |\
1.75.2.2  snj 			     IWM_TE_V2_EVENT_SOCIOPATHIC)
1.75.2.2  snj static inline uint16_t
1.75.2.2  snj iwm_te_v2_get_notify(uint16_t policy)
1.75.2.2  snj {
1.75.2.2  snj 	return le16toh(policy) & IWM_TE_V2_NOTIF_MSK;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static inline uint16_t
1.75.2.2  snj iwm_te_v2_get_dep_policy(uint16_t policy)
1.75.2.2  snj {
1.75.2.2  snj 	return (le16toh(policy) & IWM_TE_V2_DEP_POLICY_MSK) >>
1.75.2.2  snj 		IWM_TE_V2_PLACEMENT_POS;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static inline uint16_t
1.75.2.2  snj iwm_te_v2_get_absence(uint16_t policy)
1.75.2.2  snj {
1.75.2.2  snj 	return (le16toh(policy) & IWM_TE_V2_ABSENCE) >> IWM_TE_V2_ABSENCE_POS;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_te_v2_to_v1(const struct iwm_time_event_cmd_v2 *cmd_v2,
1.75.2.2  snj     struct iwm_time_event_cmd_v1 *cmd_v1)
1.75.2.2  snj {
1.75.2.2  snj 	cmd_v1->id_and_color = cmd_v2->id_and_color;
1.75.2.2  snj 	cmd_v1->action = cmd_v2->action;
1.75.2.2  snj 	cmd_v1->id = cmd_v2->id;
1.75.2.2  snj 	cmd_v1->apply_time = cmd_v2->apply_time;
1.75.2.2  snj 	cmd_v1->max_delay = cmd_v2->max_delay;
1.75.2.2  snj 	cmd_v1->depends_on = cmd_v2->depends_on;
1.75.2.2  snj 	cmd_v1->interval = cmd_v2->interval;
1.75.2.2  snj 	cmd_v1->duration = cmd_v2->duration;
1.75.2.2  snj 	if (cmd_v2->repeat == IWM_TE_V2_REPEAT_ENDLESS)
1.75.2.2  snj 		cmd_v1->repeat = htole32(IWM_TE_V1_REPEAT_ENDLESS);
1.75.2.2  snj 	else
1.75.2.2  snj 		cmd_v1->repeat = htole32(cmd_v2->repeat);
1.75.2.2  snj 	cmd_v1->max_frags = htole32(cmd_v2->max_frags);
1.75.2.2  snj 	cmd_v1->interval_reciprocal = 0; /* unused */
1.75.2.2  snj
1.75.2.2  snj 	cmd_v1->dep_policy = htole32(iwm_te_v2_get_dep_policy(cmd_v2->policy));
1.75.2.2  snj 	cmd_v1->is_present = htole32(!iwm_te_v2_get_absence(cmd_v2->policy));
1.75.2.2  snj 	cmd_v1->notify = htole32(iwm_te_v2_get_notify(cmd_v2->policy));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_time_event_cmd(struct iwm_softc *sc,
1.75.2.2  snj     const struct iwm_time_event_cmd_v2 *cmd)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_time_event_cmd_v1 cmd_v1;
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_TIME_EVENT_API_V2)
1.75.2.2  snj 		return iwm_send_cmd_pdu(sc, IWM_TIME_EVENT_CMD, 0, sizeof(*cmd),
1.75.2.2  snj 		    cmd);
1.75.2.2  snj
1.75.2.2  snj 	iwm_te_v2_to_v1(cmd, &cmd_v1);
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_TIME_EVENT_CMD, 0, sizeof(cmd_v1),
1.75.2.2  snj 	    &cmd_v1);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_protect_session(struct iwm_softc *sc, struct iwm_node *in,
1.75.2.2  snj     uint32_t duration, uint32_t max_delay)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_time_event_cmd_v2 time_cmd;
1.75.2.2  snj
1.75.2.2  snj 	memset(&time_cmd, 0, sizeof(time_cmd));
1.75.2.2  snj
1.75.2.2  snj 	time_cmd.action = htole32(IWM_FW_CTXT_ACTION_ADD);
1.75.2.2  snj 	time_cmd.id_and_color =
1.75.2.2  snj 	    htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color));
1.75.2.2  snj 	time_cmd.id = htole32(IWM_TE_BSS_STA_AGGRESSIVE_ASSOC);
1.75.2.2  snj
1.75.2.2  snj 	time_cmd.apply_time = htole32(0);
1.75.2.2  snj
1.75.2.2  snj 	time_cmd.max_frags = IWM_TE_V2_FRAG_NONE;
1.75.2.2  snj 	time_cmd.max_delay = htole32(max_delay);
1.75.2.2  snj 	/* TODO: why do we need to interval = bi if it is not periodic? */
1.75.2.2  snj 	time_cmd.interval = htole32(1);
1.75.2.2  snj 	time_cmd.duration = htole32(duration);
1.75.2.2  snj 	time_cmd.repeat = 1;
1.75.2.2  snj 	time_cmd.policy
1.75.2.2  snj 	    = htole16(IWM_TE_V2_NOTIF_HOST_EVENT_START |
1.75.2.2  snj 	        IWM_TE_V2_NOTIF_HOST_EVENT_END |
1.75.2.2  snj 		IWM_T2_V2_START_IMMEDIATELY);
1.75.2.2  snj
1.75.2.2  snj 	iwm_send_time_event_cmd(sc, &time_cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * NVM read access and content parsing.  We do not support
1.75.2.2  snj  * external NVM or writing NVM.
1.75.2.2  snj  */
1.75.2.2  snj
1.75.2.2  snj /* list of NVM sections we are allowed/need to read */
1.75.2.2  snj static const int iwm_nvm_to_read[] = {
1.75.2.2  snj 	IWM_NVM_SECTION_TYPE_HW,
1.75.2.2  snj 	IWM_NVM_SECTION_TYPE_SW,
1.75.2.2  snj 	IWM_NVM_SECTION_TYPE_REGULATORY,
1.75.2.2  snj 	IWM_NVM_SECTION_TYPE_CALIBRATION,
1.75.2.2  snj 	IWM_NVM_SECTION_TYPE_PRODUCTION,
1.75.2.2  snj 	IWM_NVM_SECTION_TYPE_HW_8000,
1.75.2.2  snj 	IWM_NVM_SECTION_TYPE_MAC_OVERRIDE,
1.75.2.2  snj 	IWM_NVM_SECTION_TYPE_PHY_SKU,
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj /* Default NVM size to read */
1.75.2.2  snj #define IWM_NVM_DEFAULT_CHUNK_SIZE	(2*1024)
1.75.2.2  snj #define IWM_MAX_NVM_SECTION_SIZE_7000	(16 * 512 * sizeof(uint16_t)) /*16 KB*/
1.75.2.2  snj #define IWM_MAX_NVM_SECTION_SIZE_8000	(32 * 512 * sizeof(uint16_t)) /*32 KB*/
1.75.2.2  snj
1.75.2.2  snj #define IWM_NVM_WRITE_OPCODE 1
1.75.2.2  snj #define IWM_NVM_READ_OPCODE 0
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, uint16_t offset,
1.75.2.2  snj     uint16_t length, uint8_t *data, uint16_t *len)
1.75.2.2  snj {
1.75.2.2  snj 	offset = 0;
1.75.2.2  snj 	struct iwm_nvm_access_cmd nvm_access_cmd = {
1.75.2.2  snj 		.offset = htole16(offset),
1.75.2.2  snj 		.length = htole16(length),
1.75.2.2  snj 		.type = htole16(section),
1.75.2.2  snj 		.op_code = IWM_NVM_READ_OPCODE,
1.75.2.2  snj 	};
1.75.2.2  snj 	struct iwm_nvm_access_resp *nvm_resp;
1.75.2.2  snj 	struct iwm_rx_packet *pkt;
1.75.2.2  snj 	struct iwm_host_cmd cmd = {
1.75.2.2  snj 		.id = IWM_NVM_ACCESS_CMD,
1.75.2.2  snj 		.flags = (IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL),
1.75.2.2  snj 		.data = { &nvm_access_cmd, },
1.75.2.2  snj 	};
1.75.2.2  snj 	int err, offset_read;
1.75.2.2  snj 	size_t bytes_read;
1.75.2.2  snj 	uint8_t *resp_data;
1.75.2.2  snj
1.75.2.2  snj 	cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd(sc, &cmd);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		DPRINTF(("%s: Could not send NVM_ACCESS command (error=%d)\n",
1.75.2.2  snj 		    DEVNAME(sc), err));
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	pkt = cmd.resp_pkt;
1.75.2.2  snj 	if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) {
1.75.2.2  snj 		err = EIO;
1.75.2.2  snj 		goto exit;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Extract NVM response */
1.75.2.2  snj 	nvm_resp = (void *)pkt->data;
1.75.2.2  snj
1.75.2.2  snj 	err = le16toh(nvm_resp->status);
1.75.2.2  snj 	bytes_read = le16toh(nvm_resp->length);
1.75.2.2  snj 	offset_read = le16toh(nvm_resp->offset);
1.75.2.2  snj 	resp_data = nvm_resp->data;
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		err = EINVAL;
1.75.2.2  snj 		goto exit;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (offset_read != offset) {
1.75.2.2  snj 		err = EINVAL;
1.75.2.2  snj 		goto exit;
1.75.2.2  snj 	}
1.75.2.2  snj 	if (bytes_read > length) {
1.75.2.2  snj 		err = EINVAL;
1.75.2.2  snj 		goto exit;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	memcpy(data + offset, resp_data, bytes_read);
1.75.2.2  snj 	*len = bytes_read;
1.75.2.2  snj
1.75.2.2  snj  exit:
1.75.2.2  snj 	iwm_free_resp(sc, &cmd);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Reads an NVM section completely.
1.75.2.2  snj  * NICs prior to 7000 family doesn't have a real NVM, but just read
1.75.2.2  snj  * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1.75.2.2  snj  * by uCode, we need to manually check in this case that we don't
1.75.2.2  snj  * overflow and try to read more than the EEPROM size.
1.75.2.2  snj  */
1.75.2.2  snj static int
1.75.2.2  snj iwm_nvm_read_section(struct iwm_softc *sc, uint16_t section, uint8_t *data,
1.75.2.2  snj     uint16_t *len, size_t max_len)
1.75.2.2  snj {
1.75.2.2  snj 	uint16_t chunklen, seglen;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	chunklen = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE;
1.75.2.2  snj 	*len = 0;
1.75.2.2  snj
1.75.2.2  snj 	/* Read NVM chunks until exhausted (reading less than requested) */
1.75.2.2  snj 	while (seglen == chunklen && *len < max_len) {
1.75.2.2  snj 		err = iwm_nvm_read_chunk(sc, section, *len, chunklen, data,
1.75.2.2  snj 		    &seglen);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			DPRINTF(("%s: Cannot read NVM from section %d "
1.75.2.2  snj 			    "offset %d, length %d\n",
1.75.2.2  snj 			    DEVNAME(sc), section, *len, chunklen));
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj 		*len += seglen;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(4, ("NVM section %d read completed\n", section));
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint8_t
1.75.2.2  snj iwm_fw_valid_tx_ant(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	uint8_t tx_ant;
1.75.2.2  snj
1.75.2.2  snj 	tx_ant = ((sc->sc_fw_phy_config & IWM_FW_PHY_CFG_TX_CHAIN)
1.75.2.2  snj 	    >> IWM_FW_PHY_CFG_TX_CHAIN_POS);
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_nvm.valid_tx_ant)
1.75.2.2  snj 		tx_ant &= sc->sc_nvm.valid_tx_ant;
1.75.2.2  snj
1.75.2.2  snj 	return tx_ant;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint8_t
1.75.2.2  snj iwm_fw_valid_rx_ant(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	uint8_t rx_ant;
1.75.2.2  snj
1.75.2.2  snj 	rx_ant = ((sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RX_CHAIN)
1.75.2.2  snj 	    >> IWM_FW_PHY_CFG_RX_CHAIN_POS);
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_nvm.valid_rx_ant)
1.75.2.2  snj 		rx_ant &= sc->sc_nvm.valid_rx_ant;
1.75.2.2  snj
1.75.2.2  snj 	return rx_ant;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_init_channel_map(struct iwm_softc *sc, const uint16_t * const nvm_ch_flags,
1.75.2.2  snj     const uint8_t *nvm_channels, size_t nchan)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_nvm_data *data = &sc->sc_nvm;
1.75.2.2  snj 	int ch_idx;
1.75.2.2  snj 	struct ieee80211_channel *channel;
1.75.2.2  snj 	uint16_t ch_flags;
1.75.2.2  snj 	int is_5ghz;
1.75.2.2  snj 	int flags, hw_value;
1.75.2.2  snj
1.75.2.2  snj 	for (ch_idx = 0; ch_idx < nchan; ch_idx++) {
1.75.2.2  snj 		ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
1.75.2.2  snj 		aprint_debug_dev(sc->sc_dev,
1.75.2.2  snj 		    "Ch. %d: %svalid %cibss %s %cradar %cdfs"
1.75.2.2  snj 		    " %cwide %c40MHz %c80MHz %c160MHz\n",
1.75.2.2  snj 		    nvm_channels[ch_idx],
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_VALID ? "" : "in",
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_IBSS ? '+' : '-',
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_ACTIVE ? "active" : "passive",
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_RADAR ? '+' : '-',
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_DFS ? '+' : '-',
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_WIDE ? '+' : '-',
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_40MHZ ? '+' : '-',
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_80MHZ ? '+' : '-',
1.75.2.2  snj 		    ch_flags & IWM_NVM_CHANNEL_160MHZ ? '+' : '-');
1.75.2.2  snj
1.75.2.2  snj 		if (ch_idx >= IWM_NUM_2GHZ_CHANNELS &&
1.75.2.2  snj 		    !data->sku_cap_band_52GHz_enable)
1.75.2.2  snj 			ch_flags &= ~IWM_NVM_CHANNEL_VALID;
1.75.2.2  snj
1.75.2.2  snj 		if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
1.75.2.2  snj 			DPRINTF(("Ch. %d Flags %x [%sGHz] - No traffic\n",
1.75.2.2  snj 			    nvm_channels[ch_idx], ch_flags,
1.75.2.2  snj 			    (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? "5" : "2.4"));
1.75.2.2  snj 			continue;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		hw_value = nvm_channels[ch_idx];
1.75.2.2  snj 		channel = &ic->ic_channels[hw_value];
1.75.2.2  snj
1.75.2.2  snj 		is_5ghz = ch_idx >= IWM_NUM_2GHZ_CHANNELS;
1.75.2.2  snj 		if (!is_5ghz) {
1.75.2.2  snj 			flags = IEEE80211_CHAN_2GHZ;
1.75.2.2  snj 			channel->ic_flags
1.75.2.2  snj 			    = IEEE80211_CHAN_CCK
1.75.2.2  snj 			    | IEEE80211_CHAN_OFDM
1.75.2.2  snj 			    | IEEE80211_CHAN_DYN
1.75.2.2  snj 			    | IEEE80211_CHAN_2GHZ;
1.75.2.2  snj 		} else {
1.75.2.2  snj 			flags = IEEE80211_CHAN_5GHZ;
1.75.2.2  snj 			channel->ic_flags =
1.75.2.2  snj 			    IEEE80211_CHAN_A;
1.75.2.2  snj 		}
1.75.2.2  snj 		channel->ic_freq = ieee80211_ieee2mhz(hw_value, flags);
1.75.2.2  snj
1.75.2.2  snj 		if (!(ch_flags & IWM_NVM_CHANNEL_ACTIVE))
1.75.2.2  snj 			channel->ic_flags |= IEEE80211_CHAN_PASSIVE;
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 		if (data->sku_cap_11n_enable)
1.75.2.2  snj 			channel->ic_flags |= IEEE80211_CHAN_HT;
1.75.2.2  snj #endif
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj static void
1.75.2.2  snj iwm_setup_ht_rates(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj
1.75.2.2  snj 	/* TX is supported with the same MCS as RX. */
1.75.2.2  snj 	ic->ic_tx_mcs_set = IEEE80211_TX_MCS_SET_DEFINED;
1.75.2.2  snj
1.75.2.2  snj 	ic->ic_sup_mcs[0] = 0xff;		/* MCS 0-7 */
1.75.2.2  snj
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj 	if (sc->sc_nvm.sku_cap_mimo_disable)
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_fw_valid_rx_ant(sc) > 1)
1.75.2.2  snj 		ic->ic_sup_mcs[1] = 0xff;	/* MCS 8-15 */
1.75.2.2  snj 	if (iwm_fw_valid_rx_ant(sc) > 2)
1.75.2.2  snj 		ic->ic_sup_mcs[2] = 0xff;	/* MCS 16-23 */
1.75.2.2  snj #endif
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #define IWM_MAX_RX_BA_SESSIONS 16
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_sta_rx_agg(struct iwm_softc *sc, struct ieee80211_node *ni, uint8_t tid,
1.75.2.2  snj     uint16_t ssn, int start)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_add_sta_cmd_v7 cmd;
1.75.2.2  snj 	struct iwm_node *in = (struct iwm_node *)ni;
1.75.2.2  snj 	int err, s;
1.75.2.2  snj 	uint32_t status;
1.75.2.2  snj
1.75.2.2  snj 	if (start && sc->sc_rx_ba_sessions >= IWM_MAX_RX_BA_SESSIONS) {
1.75.2.2  snj 		ieee80211_addba_req_refuse(ic, ni, tid);
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	memset(&cmd, 0, sizeof(cmd));
1.75.2.2  snj
1.75.2.2  snj 	cmd.sta_id = IWM_STATION_ID;
1.75.2.2  snj 	cmd.mac_id_n_color
1.75.2.2  snj 	    = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color));
1.75.2.2  snj 	cmd.add_modify = IWM_STA_MODE_MODIFY;
1.75.2.2  snj
1.75.2.2  snj 	if (start) {
1.75.2.2  snj 		cmd.add_immediate_ba_tid = (uint8_t)tid;
1.75.2.2  snj 		cmd.add_immediate_ba_ssn = ssn;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		cmd.remove_immediate_ba_tid = (uint8_t)tid;
1.75.2.2  snj 	}
1.75.2.2  snj 	cmd.modify_mask = start ? IWM_STA_MODIFY_ADD_BA_TID :
1.75.2.2  snj 	    IWM_STA_MODIFY_REMOVE_BA_TID;
1.75.2.2  snj
1.75.2.2  snj 	status = IWM_ADD_STA_SUCCESS;
1.75.2.2  snj 	err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(cmd), &cmd,
1.75.2.2  snj 	    &status);
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj 	if (err == 0 && status == IWM_ADD_STA_SUCCESS) {
1.75.2.2  snj 		if (start) {
1.75.2.2  snj 			sc->sc_rx_ba_sessions++;
1.75.2.2  snj 			ieee80211_addba_req_accept(ic, ni, tid);
1.75.2.2  snj 		} else if (sc->sc_rx_ba_sessions > 0)
1.75.2.2  snj 			sc->sc_rx_ba_sessions--;
1.75.2.2  snj 	} else if (start)
1.75.2.2  snj 		ieee80211_addba_req_refuse(ic, ni, tid);
1.75.2.2  snj 	splx(s);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_htprot_task(void *arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = arg;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_node *in = (struct iwm_node *)ic->ic_bss;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	/* This call updates HT protection based on in->in_ni.ni_htop1. */
1.75.2.2  snj 	err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_MODIFY, 1);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not change HT protection: error %d\n", err);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * This function is called by upper layer when HT protection settings in
1.75.2.2  snj  * beacons have changed.
1.75.2.2  snj  */
1.75.2.2  snj static void
1.75.2.2  snj iwm_update_htprot(struct ieee80211com *ic, struct ieee80211_node *ni)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = ic->ic_softc;
1.75.2.2  snj
1.75.2.2  snj 	/* assumes that ni == ic->ic_bss */
1.75.2.2  snj 	task_add(systq, &sc->htprot_task);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_ba_task(void *arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = arg;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_node *ni = ic->ic_bss;
1.75.2.2  snj
1.75.2.2  snj 	if (sc->ba_start)
1.75.2.2  snj 		iwm_sta_rx_agg(sc, ni, sc->ba_tid, sc->ba_ssn, 1);
1.75.2.2  snj 	else
1.75.2.2  snj 		iwm_sta_rx_agg(sc, ni, sc->ba_tid, 0, 0);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * This function is called by upper layer when an ADDBA request is received
1.75.2.2  snj  * from another STA and before the ADDBA response is sent.
1.75.2.2  snj  */
1.75.2.2  snj static int
1.75.2.2  snj iwm_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni,
1.75.2.2  snj     uint8_t tid)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid];
1.75.2.2  snj 	struct iwm_softc *sc = IC2IFP(ic)->if_softc;
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_rx_ba_sessions >= IWM_MAX_RX_BA_SESSIONS)
1.75.2.2  snj 		return ENOSPC;
1.75.2.2  snj
1.75.2.2  snj 	sc->ba_start = 1;
1.75.2.2  snj 	sc->ba_tid = tid;
1.75.2.2  snj 	sc->ba_ssn = htole16(ba->ba_winstart);
1.75.2.2  snj 	task_add(systq, &sc->ba_task);
1.75.2.2  snj
1.75.2.2  snj 	return EBUSY;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * This function is called by upper layer on teardown of an HT-immediate
1.75.2.2  snj  * Block Ack agreement (eg. upon receipt of a DELBA frame).
1.75.2.2  snj  */
1.75.2.2  snj static void
1.75.2.2  snj iwm_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni,
1.75.2.2  snj     uint8_t tid)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = IC2IFP(ic)->if_softc;
1.75.2.2  snj
1.75.2.2  snj 	sc->ba_start = 0;
1.75.2.2  snj 	sc->ba_tid = tid;
1.75.2.2  snj 	task_add(systq, &sc->ba_task);
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_free_fw_paging(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	int i;
1.75.2.2  snj
1.75.2.2  snj 	if (sc->fw_paging_db[0].fw_paging_block.vaddr == NULL)
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_NUM_OF_FW_PAGING_BLOCKS; i++) {
1.75.2.2  snj 		iwm_dma_contig_free(&sc->fw_paging_db[i].fw_paging_block);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	memset(sc->fw_paging_db, 0, sizeof(sc->fw_paging_db));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_fill_paging_mem(struct iwm_softc *sc, const struct iwm_fw_sects *fws)
1.75.2.2  snj {
1.75.2.2  snj 	int sec_idx, idx;
1.75.2.2  snj 	uint32_t offset = 0;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * find where is the paging image start point:
1.75.2.2  snj 	 * if CPU2 exist and it's in paging format, then the image looks like:
1.75.2.2  snj 	 * CPU1 sections (2 or more)
1.75.2.2  snj 	 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between CPU1 to CPU2
1.75.2.2  snj 	 * CPU2 sections (not paged)
1.75.2.2  snj 	 * PAGING_SEPARATOR_SECTION delimiter - separate between CPU2
1.75.2.2  snj 	 * non paged to CPU2 paging sec
1.75.2.2  snj 	 * CPU2 paging CSS
1.75.2.2  snj 	 * CPU2 paging image (including instruction and data)
1.75.2.2  snj 	 */
1.75.2.2  snj 	for (sec_idx = 0; sec_idx < IWM_UCODE_SECT_MAX; sec_idx++) {
1.75.2.2  snj 		if (fws->fw_sect[sec_idx].fws_devoff ==
1.75.2.2  snj 		    IWM_PAGING_SEPARATOR_SECTION) {
1.75.2.2  snj 			sec_idx++;
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * If paging is enabled there should be at least 2 more sections left
1.75.2.2  snj 	 * (one for CSS and one for Paging data)
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (sec_idx >= __arraycount(fws->fw_sect) - 1) {
1.75.2.2  snj 		aprint_verbose_dev(sc->sc_dev,
1.75.2.2  snj 		    "Paging: Missing CSS and/or paging sections\n");
1.75.2.2  snj 		iwm_free_fw_paging(sc);
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* copy the CSS block to the dram */
1.75.2.2  snj 	DPRINTF(("%s: Paging: load paging CSS to FW, sec = %d\n", DEVNAME(sc),
1.75.2.2  snj 	    sec_idx));
1.75.2.2  snj
1.75.2.2  snj 	memcpy(sc->fw_paging_db[0].fw_paging_block.vaddr,
1.75.2.2  snj 	    fws->fw_sect[sec_idx].fws_data, sc->fw_paging_db[0].fw_paging_size);
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("%s: Paging: copied %d CSS bytes to first block\n",
1.75.2.2  snj 	    DEVNAME(sc), sc->fw_paging_db[0].fw_paging_size));
1.75.2.2  snj
1.75.2.2  snj 	sec_idx++;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * copy the paging blocks to the dram
1.75.2.2  snj 	 * loop index start from 1 since that CSS block already copied to dram
1.75.2.2  snj 	 * and CSS index is 0.
1.75.2.2  snj 	 * loop stop at num_of_paging_blk since that last block is not full.
1.75.2.2  snj 	 */
1.75.2.2  snj 	for (idx = 1; idx < sc->num_of_paging_blk; idx++) {
1.75.2.2  snj 		memcpy(sc->fw_paging_db[idx].fw_paging_block.vaddr,
1.75.2.2  snj 		       (const char *)fws->fw_sect[sec_idx].fws_data + offset,
1.75.2.2  snj 		       sc->fw_paging_db[idx].fw_paging_size);
1.75.2.2  snj
1.75.2.2  snj 		DPRINTF(("%s: Paging: copied %d paging bytes to block %d\n",
1.75.2.2  snj 		    DEVNAME(sc), sc->fw_paging_db[idx].fw_paging_size, idx));
1.75.2.2  snj
1.75.2.2  snj 		offset += sc->fw_paging_db[idx].fw_paging_size;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* copy the last paging block */
1.75.2.2  snj 	if (sc->num_of_pages_in_last_blk > 0) {
1.75.2.2  snj 		memcpy(sc->fw_paging_db[idx].fw_paging_block.vaddr,
1.75.2.2  snj 		    (const char *)fws->fw_sect[sec_idx].fws_data + offset,
1.75.2.2  snj 		    IWM_FW_PAGING_SIZE * sc->num_of_pages_in_last_blk);
1.75.2.2  snj
1.75.2.2  snj 		DPRINTF(("%s: Paging: copied %d pages in the last block %d\n",
1.75.2.2  snj 		    DEVNAME(sc), sc->num_of_pages_in_last_blk, idx));
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_alloc_fw_paging_mem(struct iwm_softc *sc, const struct iwm_fw_sects *fws)
1.75.2.2  snj {
1.75.2.2  snj 	int blk_idx = 0;
1.75.2.2  snj 	int error, num_of_pages;
1.75.2.2  snj 	bus_dmamap_t dmap;
1.75.2.2  snj
1.75.2.2  snj 	if (sc->fw_paging_db[0].fw_paging_block.vaddr != NULL) {
1.75.2.2  snj 		int i;
1.75.2.2  snj 		/* Device got reset, and we setup firmware paging again */
1.75.2.2  snj 		for (i = 0; i < sc->num_of_paging_blk + 1; i++) {
1.75.2.2  snj 			dmap = sc->fw_paging_db[i].fw_paging_block.map;
1.75.2.2  snj 			bus_dmamap_sync(sc->sc_dmat, dmap, 0, dmap->dm_mapsize,
1.75.2.2  snj 			    BUS_DMASYNC_POSTWRITE | BUS_DMASYNC_POSTREAD);
1.75.2.2  snj 		}
1.75.2.2  snj 		return 0;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* ensure IWM_BLOCK_2_EXP_SIZE is power of 2 of IWM_PAGING_BLOCK_SIZE */
1.75.2.2  snj 	CTASSERT(__BIT(IWM_BLOCK_2_EXP_SIZE) == IWM_PAGING_BLOCK_SIZE);
1.75.2.2  snj
1.75.2.2  snj 	num_of_pages = fws->paging_mem_size / IWM_FW_PAGING_SIZE;
1.75.2.2  snj 	sc->num_of_paging_blk =
1.75.2.2  snj 	    howmany(num_of_pages, IWM_NUM_OF_PAGE_PER_GROUP);
1.75.2.2  snj 	sc->num_of_pages_in_last_blk = num_of_pages -
1.75.2.2  snj 	    IWM_NUM_OF_PAGE_PER_GROUP * (sc->num_of_paging_blk - 1);
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("%s: Paging: allocating mem for %d paging blocks, "
1.75.2.2  snj 	    "each block holds 8 pages, last block holds %d pages\n",
1.75.2.2  snj 	    DEVNAME(sc), sc->num_of_paging_blk, sc->num_of_pages_in_last_blk));
1.75.2.2  snj
1.75.2.2  snj 	/* allocate block of 4Kbytes for paging CSS */
1.75.2.2  snj 	error = iwm_dma_contig_alloc(sc->sc_dmat,
1.75.2.2  snj 	    &sc->fw_paging_db[blk_idx].fw_paging_block, IWM_FW_PAGING_SIZE,
1.75.2.2  snj 	    4096);
1.75.2.2  snj 	if (error) {
1.75.2.2  snj 		/* free all the previous pages since we failed */
1.75.2.2  snj 		iwm_free_fw_paging(sc);
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	sc->fw_paging_db[blk_idx].fw_paging_size = IWM_FW_PAGING_SIZE;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("%s: Paging: allocated 4K(CSS) bytes for firmware paging.\n",
1.75.2.2  snj 	    DEVNAME(sc)));
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * allocate blocks in dram.
1.75.2.2  snj 	 * since that CSS allocated in fw_paging_db[0] loop start from index 1
1.75.2.2  snj 	 */
1.75.2.2  snj 	for (blk_idx = 1; blk_idx < sc->num_of_paging_blk + 1; blk_idx++) {
1.75.2.2  snj 		/* allocate block of IWM_PAGING_BLOCK_SIZE (32K) */
1.75.2.2  snj 		/* XXX Use iwm_dma_contig_alloc for allocating */
1.75.2.2  snj 		error = iwm_dma_contig_alloc(sc->sc_dmat,
1.75.2.2  snj 		    &sc->fw_paging_db[blk_idx].fw_paging_block,
1.75.2.2  snj 		    IWM_PAGING_BLOCK_SIZE, 4096);
1.75.2.2  snj 		if (error) {
1.75.2.2  snj 			/* free all the previous pages since we failed */
1.75.2.2  snj 			iwm_free_fw_paging(sc);
1.75.2.2  snj 			return ENOMEM;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		sc->fw_paging_db[blk_idx].fw_paging_size =
1.75.2.2  snj 		    IWM_PAGING_BLOCK_SIZE;
1.75.2.2  snj
1.75.2.2  snj 		DPRINTF(("%s: Paging: allocated 32K bytes for firmware "
1.75.2.2  snj 		    "paging.\n", DEVNAME(sc)));
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_save_fw_paging(struct iwm_softc *sc, const struct iwm_fw_sects *fws)
1.75.2.2  snj {
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_alloc_fw_paging_mem(sc, fws);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	return iwm_fill_paging_mem(sc, fws);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static bool
1.75.2.2  snj iwm_has_new_tx_api(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	/* XXX */
1.75.2.2  snj 	return false;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /* send paging cmd to FW in case CPU2 has paging image */
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_paging_cmd(struct iwm_softc *sc, const struct iwm_fw_sects *fws)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_fw_paging_cmd fw_paging_cmd = {
1.75.2.2  snj 		.flags = htole32(IWM_PAGING_CMD_IS_SECURED |
1.75.2.2  snj 		                 IWM_PAGING_CMD_IS_ENABLED |
1.75.2.2  snj 		                 (sc->num_of_pages_in_last_blk <<
1.75.2.2  snj 		                  IWM_PAGING_CMD_NUM_OF_PAGES_IN_LAST_GRP_POS)),
1.75.2.2  snj 		.block_size = htole32(IWM_BLOCK_2_EXP_SIZE),
1.75.2.2  snj 		.block_num = htole32(sc->num_of_paging_blk),
1.75.2.2  snj 	};
1.75.2.2  snj 	size_t size = sizeof(fw_paging_cmd);
1.75.2.2  snj 	int blk_idx;
1.75.2.2  snj 	bus_dmamap_t dmap;
1.75.2.2  snj
1.75.2.2  snj 	if (!iwm_has_new_tx_api(sc))
1.75.2.2  snj 		size -= (sizeof(uint64_t) - sizeof(uint32_t)) *
1.75.2.2  snj 		    IWM_NUM_OF_FW_PAGING_BLOCKS;
1.75.2.2  snj
1.75.2.2  snj 	/* loop for for all paging blocks + CSS block */
1.75.2.2  snj 	for (blk_idx = 0; blk_idx < sc->num_of_paging_blk + 1; blk_idx++) {
1.75.2.2  snj 		bus_addr_t dev_phy_addr =
1.75.2.2  snj 		    sc->fw_paging_db[blk_idx].fw_paging_block.paddr;
1.75.2.2  snj 		if (iwm_has_new_tx_api(sc)) {
1.75.2.2  snj 			fw_paging_cmd.device_phy_addr.addr64[blk_idx] =
1.75.2.2  snj 			    htole64(dev_phy_addr);
1.75.2.2  snj 		} else {
1.75.2.2  snj 			dev_phy_addr = dev_phy_addr >> IWM_PAGE_2_EXP_SIZE;
1.75.2.2  snj 			fw_paging_cmd.device_phy_addr.addr32[blk_idx] =
1.75.2.2  snj 			    htole32(dev_phy_addr);
1.75.2.2  snj 		}
1.75.2.2  snj 		dmap = sc->fw_paging_db[blk_idx].fw_paging_block.map,
1.75.2.2  snj 		bus_dmamap_sync(sc->sc_dmat, dmap, 0, dmap->dm_mapsize,
1.75.2.2  snj 		    BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc,
1.75.2.2  snj 	    iwm_cmd_id(IWM_FW_PAGING_BLOCK_CMD, IWM_ALWAYS_LONG_GROUP, 0),
1.75.2.2  snj 	    0, size, &fw_paging_cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_set_hw_address_8000(struct iwm_softc *sc, struct iwm_nvm_data *data,
1.75.2.2  snj     const uint16_t *mac_override, const uint16_t *nvm_hw)
1.75.2.2  snj {
1.75.2.2  snj 	static const uint8_t reserved_mac[ETHER_ADDR_LEN] = {
1.75.2.2  snj 		0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00
1.75.2.2  snj 	};
1.75.2.2  snj 	static const u_int8_t etheranyaddr[ETHER_ADDR_LEN] = {
1.75.2.2  snj 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1.75.2.2  snj 	};
1.75.2.2  snj 	const uint8_t *hw_addr;
1.75.2.2  snj
1.75.2.2  snj 	if (mac_override) {
1.75.2.2  snj 		hw_addr = (const uint8_t *)(mac_override +
1.75.2.2  snj 		    IWM_MAC_ADDRESS_OVERRIDE_8000);
1.75.2.2  snj
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * Store the MAC address from MAO section.
1.75.2.2  snj 		 * No byte swapping is required in MAO section
1.75.2.2  snj 		 */
1.75.2.2  snj 		memcpy(data->hw_addr, hw_addr, ETHER_ADDR_LEN);
1.75.2.2  snj
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * Force the use of the OTP MAC address in case of reserved MAC
1.75.2.2  snj 		 * address in the NVM, or if address is given but invalid.
1.75.2.2  snj 		 */
1.75.2.2  snj 		if (memcmp(reserved_mac, hw_addr, ETHER_ADDR_LEN) != 0 &&
1.75.2.2  snj 		    (memcmp(etherbroadcastaddr, data->hw_addr,
1.75.2.2  snj 		    sizeof(etherbroadcastaddr)) != 0) &&
1.75.2.2  snj 		    (memcmp(etheranyaddr, data->hw_addr,
1.75.2.2  snj 		    sizeof(etheranyaddr)) != 0) &&
1.75.2.2  snj 		    !ETHER_IS_MULTICAST(data->hw_addr))
1.75.2.2  snj 			return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (nvm_hw) {
1.75.2.2  snj 		/* Read the mac address from WFMP registers. */
1.75.2.2  snj 		uint32_t mac_addr0 =
1.75.2.2  snj 		    htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0));
1.75.2.2  snj 		uint32_t mac_addr1 =
1.75.2.2  snj 		    htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1));
1.75.2.2  snj
1.75.2.2  snj 		hw_addr = (const uint8_t *)&mac_addr0;
1.75.2.2  snj 		data->hw_addr[0] = hw_addr[3];
1.75.2.2  snj 		data->hw_addr[1] = hw_addr[2];
1.75.2.2  snj 		data->hw_addr[2] = hw_addr[1];
1.75.2.2  snj 		data->hw_addr[3] = hw_addr[0];
1.75.2.2  snj
1.75.2.2  snj 		hw_addr = (const uint8_t *)&mac_addr1;
1.75.2.2  snj 		data->hw_addr[4] = hw_addr[1];
1.75.2.2  snj 		data->hw_addr[5] = hw_addr[0];
1.75.2.2  snj
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "mac address not found\n");
1.75.2.2  snj 	memset(data->hw_addr, 0, sizeof(data->hw_addr));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_parse_nvm_data(struct iwm_softc *sc, const uint16_t *nvm_hw,
1.75.2.2  snj     const uint16_t *nvm_sw, const uint16_t *nvm_calib,
1.75.2.2  snj     const uint16_t *mac_override, const uint16_t *phy_sku,
1.75.2.2  snj     const uint16_t *regulatory)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_nvm_data *data = &sc->sc_nvm;
1.75.2.2  snj 	uint8_t hw_addr[ETHER_ADDR_LEN];
1.75.2.2  snj 	uint32_t sku;
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1.75.2.2  snj 		uint16_t radio_cfg = le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
1.75.2.2  snj 		data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
1.75.2.2  snj 		data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
1.75.2.2  snj 		data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
1.75.2.2  snj 		data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
1.75.2.2  snj
1.75.2.2  snj 		data->nvm_version = le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
1.75.2.2  snj 		sku = le16_to_cpup(nvm_sw + IWM_SKU);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		uint32_t radio_cfg = le32_to_cpup(phy_sku + IWM_RADIO_CFG_8000);
1.75.2.2  snj 		data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg);
1.75.2.2  snj 		data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg);
1.75.2.2  snj 		data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg);
1.75.2.2  snj 		data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK_8000(radio_cfg);
1.75.2.2  snj 		data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg);
1.75.2.2  snj 		data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg);
1.75.2.2  snj
1.75.2.2  snj 		data->nvm_version = le32_to_cpup(nvm_sw + IWM_NVM_VERSION_8000);
1.75.2.2  snj 		sku = le32_to_cpup(phy_sku + IWM_SKU_8000);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
1.75.2.2  snj 	data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
1.75.2.2  snj 	data->sku_cap_11n_enable = sku & IWM_NVM_SKU_CAP_11N_ENABLE;
1.75.2.2  snj 	data->sku_cap_mimo_disable = sku & IWM_NVM_SKU_CAP_MIMO_DISABLE;
1.75.2.2  snj
1.75.2.2  snj 	data->n_hw_addrs = le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1.75.2.2  snj 		memcpy(hw_addr, nvm_hw + IWM_HW_ADDR, ETHER_ADDR_LEN);
1.75.2.2  snj 		data->hw_addr[0] = hw_addr[1];
1.75.2.2  snj 		data->hw_addr[1] = hw_addr[0];
1.75.2.2  snj 		data->hw_addr[2] = hw_addr[3];
1.75.2.2  snj 		data->hw_addr[3] = hw_addr[2];
1.75.2.2  snj 		data->hw_addr[4] = hw_addr[5];
1.75.2.2  snj 		data->hw_addr[5] = hw_addr[4];
1.75.2.2  snj 	} else
1.75.2.2  snj 		iwm_set_hw_address_8000(sc, data, mac_override, nvm_hw);
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
1.75.2.2  snj 		uint16_t lar_offset, lar_config;
1.75.2.2  snj 		lar_offset = data->nvm_version < 0xE39 ?
1.75.2.2  snj 		    IWM_NVM_LAR_OFFSET_8000_OLD : IWM_NVM_LAR_OFFSET_8000;
1.75.2.2  snj 		lar_config = le16_to_cpup(regulatory + lar_offset);
1.75.2.2  snj                 data->lar_enabled = !!(lar_config & IWM_NVM_LAR_ENABLED_8000);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
1.75.2.2  snj 		iwm_init_channel_map(sc, &nvm_sw[IWM_NVM_CHANNELS],
1.75.2.2  snj 		    iwm_nvm_channels, __arraycount(iwm_nvm_channels));
1.75.2.2  snj 	else
1.75.2.2  snj 		iwm_init_channel_map(sc, &regulatory[IWM_NVM_CHANNELS_8000],
1.75.2.2  snj 		    iwm_nvm_channels_8000, __arraycount(iwm_nvm_channels_8000));
1.75.2.2  snj
1.75.2.2  snj 	data->calib_version = 255;   /* TODO:
1.75.2.2  snj 					this value will prevent some checks from
1.75.2.2  snj 					failing, we need to check if this
1.75.2.2  snj 					field is still needed, and if it does,
1.75.2.2  snj 					where is it in the NVM */
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
1.75.2.2  snj {
1.75.2.2  snj 	const uint16_t *hw, *sw, *calib, *mac_override = NULL, *phy_sku = NULL;
1.75.2.2  snj 	const uint16_t *regulatory = NULL;
1.75.2.2  snj
1.75.2.2  snj 	/* Checking for required sections */
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1.75.2.2  snj 		if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
1.75.2.2  snj 		    !sections[IWM_NVM_SECTION_TYPE_HW].data) {
1.75.2.2  snj 			return ENOENT;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		hw = (const uint16_t *) sections[IWM_NVM_SECTION_TYPE_HW].data;
1.75.2.2  snj 	} else if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
1.75.2.2  snj 		/* SW and REGULATORY sections are mandatory */
1.75.2.2  snj 		if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
1.75.2.2  snj 		    !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) {
1.75.2.2  snj 			return ENOENT;
1.75.2.2  snj 		}
1.75.2.2  snj 		/* MAC_OVERRIDE or at least HW section must exist */
1.75.2.2  snj 		if (!sections[IWM_NVM_SECTION_TYPE_HW_8000].data &&
1.75.2.2  snj 		    !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) {
1.75.2.2  snj 			return ENOENT;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		/* PHY_SKU section is mandatory in B0 */
1.75.2.2  snj 		if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) {
1.75.2.2  snj 			return ENOENT;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		regulatory = (const uint16_t *)
1.75.2.2  snj 		    sections[IWM_NVM_SECTION_TYPE_REGULATORY].data;
1.75.2.2  snj 		hw = (const uint16_t *)
1.75.2.2  snj 		    sections[IWM_NVM_SECTION_TYPE_HW_8000].data;
1.75.2.2  snj 		mac_override =
1.75.2.2  snj 			(const uint16_t *)
1.75.2.2  snj 			sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data;
1.75.2.2  snj 		phy_sku = (const uint16_t *)
1.75.2.2  snj 		    sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		panic("unknown device family %d\n", sc->sc_device_family);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
1.75.2.2  snj 	calib = (const uint16_t *)
1.75.2.2  snj 	    sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
1.75.2.2  snj
1.75.2.2  snj 	return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override,
1.75.2.2  snj 	    phy_sku, regulatory);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_nvm_init(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS];
1.75.2.2  snj 	int i, section, err;
1.75.2.2  snj 	uint16_t len;
1.75.2.2  snj 	uint8_t *buf;
1.75.2.2  snj 	const size_t bufsz = (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) ?
1.75.2.2  snj 	    IWM_MAX_NVM_SECTION_SIZE_8000 : IWM_MAX_NVM_SECTION_SIZE_7000;
1.75.2.2  snj
1.75.2.2  snj 	/* Read From FW NVM */
1.75.2.2  snj 	DPRINTF(("Read NVM\n"));
1.75.2.2  snj
1.75.2.2  snj 	memset(nvm_sections, 0, sizeof(nvm_sections));
1.75.2.2  snj
1.75.2.2  snj 	buf = kmem_alloc(bufsz, KM_SLEEP);
1.75.2.2  snj 	if (buf == NULL)
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < __arraycount(iwm_nvm_to_read); i++) {
1.75.2.2  snj 		section = iwm_nvm_to_read[i];
1.75.2.2  snj 		KASSERT(section <= IWM_NVM_NUM_OF_SECTIONS);
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_nvm_read_section(sc, section, buf, &len, bufsz);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			err = 0;
1.75.2.2  snj 			continue;
1.75.2.2  snj 		}
1.75.2.2  snj 		nvm_sections[section].data = kmem_alloc(len, KM_SLEEP);
1.75.2.2  snj 		if (nvm_sections[section].data == NULL) {
1.75.2.2  snj 			err = ENOMEM;
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj 		memcpy(nvm_sections[section].data, buf, len);
1.75.2.2  snj 		nvm_sections[section].length = len;
1.75.2.2  snj 	}
1.75.2.2  snj 	kmem_free(buf, bufsz);
1.75.2.2  snj 	if (err == 0)
1.75.2.2  snj 		err = iwm_parse_nvm_sections(sc, nvm_sections);
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_NVM_NUM_OF_SECTIONS; i++) {
1.75.2.2  snj 		if (nvm_sections[i].data != NULL)
1.75.2.2  snj 			kmem_free(nvm_sections[i].data, nvm_sections[i].length);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_firmware_load_sect(struct iwm_softc *sc, uint32_t dst_addr,
1.75.2.2  snj     const uint8_t *section, uint32_t byte_cnt)
1.75.2.2  snj {
1.75.2.2  snj 	int err = EINVAL;
1.75.2.2  snj 	uint32_t chunk_sz, offset;
1.75.2.2  snj
1.75.2.2  snj 	chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, byte_cnt);
1.75.2.2  snj
1.75.2.2  snj 	for (offset = 0; offset < byte_cnt; offset += chunk_sz) {
1.75.2.2  snj 		uint32_t addr, len;
1.75.2.2  snj 		const uint8_t *data;
1.75.2.2  snj 		bool is_extended = false;
1.75.2.2  snj
1.75.2.2  snj 		addr = dst_addr + offset;
1.75.2.2  snj 		len = MIN(chunk_sz, byte_cnt - offset);
1.75.2.2  snj 		data = section + offset;
1.75.2.2  snj
1.75.2.2  snj 		if (addr >= IWM_FW_MEM_EXTENDED_START &&
1.75.2.2  snj 		    addr <= IWM_FW_MEM_EXTENDED_END)
1.75.2.2  snj 			is_extended = true;
1.75.2.2  snj
1.75.2.2  snj 		if (is_extended)
1.75.2.2  snj 			iwm_set_bits_prph(sc, IWM_LMPM_CHICK,
1.75.2.2  snj 			    IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_firmware_load_chunk(sc, addr, data, len);
1.75.2.2  snj
1.75.2.2  snj 		if (is_extended)
1.75.2.2  snj 			iwm_clear_bits_prph(sc, IWM_LMPM_CHICK,
1.75.2.2  snj 			    IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
1.75.2.2  snj
1.75.2.2  snj 		if (err)
1.75.2.2  snj 			break;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr,
1.75.2.2  snj     const uint8_t *section, uint32_t byte_cnt)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_dma_info *dma = &sc->fw_dma;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	/* Copy firmware chunk into pre-allocated DMA-safe memory. */
1.75.2.2  snj 	memcpy(dma->vaddr, section, byte_cnt);
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, dma->map, 0, byte_cnt,
1.75.2.2  snj 	    BUS_DMASYNC_PREWRITE);
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_fw_chunk_done = 0;
1.75.2.2  snj
1.75.2.2  snj 	if (!iwm_nic_lock(sc))
1.75.2.2  snj 		return EBUSY;
1.75.2.2  snj
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
1.75.2.2  snj 	    IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
1.75.2.2  snj 	    dst_addr);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
1.75.2.2  snj 	    dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
1.75.2.2  snj 	    (iwm_get_dma_hi_addr(dma->paddr)
1.75.2.2  snj 	      << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
1.75.2.2  snj 	    1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
1.75.2.2  snj 	    1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
1.75.2.2  snj 	    IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
1.75.2.2  snj 	    IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE    |
1.75.2.2  snj 	    IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
1.75.2.2  snj 	    IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
1.75.2.2  snj
1.75.2.2  snj 	iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 	/* Wait for this segment to load. */
1.75.2.2  snj 	err = 0;
1.75.2.2  snj 	while (!sc->sc_fw_chunk_done) {
1.75.2.2  snj 		err = tsleep(&sc->sc_fw, 0, "iwmfw", mstohz(5000));
1.75.2.2  snj 		if (err)
1.75.2.2  snj 			break;
1.75.2.2  snj 	}
1.75.2.2  snj 	if (!sc->sc_fw_chunk_done) {
1.75.2.2  snj 		DPRINTF(("%s: fw chunk addr 0x%x len %d failed to load\n",
1.75.2.2  snj 		    DEVNAME(sc), dst_addr, byte_cnt));
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_load_cpu_sections_7000(struct iwm_softc *sc, struct iwm_fw_sects *fws,
1.75.2.2  snj     int cpu, int *first_ucode_section)
1.75.2.2  snj {
1.75.2.2  snj 	int i, err = 0;
1.75.2.2  snj 	uint32_t last_read_idx = 0;
1.75.2.2  snj 	void *data;
1.75.2.2  snj 	uint32_t dlen;
1.75.2.2  snj 	uint32_t offset;
1.75.2.2  snj
1.75.2.2  snj 	if (cpu == 1) {
1.75.2.2  snj 		*first_ucode_section = 0;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		(*first_ucode_section)++;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	for (i = *first_ucode_section; i < IWM_UCODE_SECT_MAX; i++) {
1.75.2.2  snj 		last_read_idx = i;
1.75.2.2  snj 		data = fws->fw_sect[i].fws_data;
1.75.2.2  snj 		dlen = fws->fw_sect[i].fws_len;
1.75.2.2  snj 		offset = fws->fw_sect[i].fws_devoff;
1.75.2.2  snj
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
1.75.2.2  snj 		 * CPU1 to CPU2.
1.75.2.2  snj 		 * PAGING_SEPARATOR_SECTION delimiter - separate between
1.75.2.2  snj 		 * CPU2 non paged to CPU2 paging sec.
1.75.2.2  snj 		 */
1.75.2.2  snj 		if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
1.75.2.2  snj 		    offset == IWM_PAGING_SEPARATOR_SECTION)
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		if (dlen > sc->sc_fwdmasegsz) {
1.75.2.2  snj 			err = EFBIG;
1.75.2.2  snj 		} else
1.75.2.2  snj 			err = iwm_firmware_load_sect(sc, offset, data, dlen);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			DPRINTF(("%s: could not load firmware chunk %d "
1.75.2.2  snj 			    "(error %d)\n", DEVNAME(sc), i, err));
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	*first_ucode_section = last_read_idx;
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_load_firmware_7000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_fw_sects *fws;
1.75.2.2  snj 	int err = 0;
1.75.2.2  snj 	int first_ucode_section;
1.75.2.2  snj
1.75.2.2  snj 	fws = &sc->sc_fw.fw_sects[ucode_type];
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("%s: working with %s CPU\n", DEVNAME(sc),
1.75.2.2  snj 	    fws->is_dual_cpus ? "dual" : "single"));
1.75.2.2  snj
1.75.2.2  snj 	/* load to FW the binary Secured sections of CPU1 */
1.75.2.2  snj 	err = iwm_load_cpu_sections_7000(sc, fws, 1, &first_ucode_section);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	if (fws->is_dual_cpus) {
1.75.2.2  snj 		/* set CPU2 header address */
1.75.2.2  snj 		if (iwm_nic_lock(sc)) {
1.75.2.2  snj 			iwm_write_prph(sc,
1.75.2.2  snj 			    IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR,
1.75.2.2  snj 			    IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE);
1.75.2.2  snj 			iwm_nic_unlock(sc);
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		/* load to FW the binary sections of CPU2 */
1.75.2.2  snj 		err = iwm_load_cpu_sections_7000(sc, fws, 2,
1.75.2.2  snj 		    &first_ucode_section);
1.75.2.2  snj 		if (err)
1.75.2.2  snj 			return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* release CPU reset */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_RESET, 0);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_load_cpu_sections_8000(struct iwm_softc *sc, struct iwm_fw_sects *fws,
1.75.2.2  snj     int cpu, int *first_ucode_section)
1.75.2.2  snj {
1.75.2.2  snj 	int shift_param;
1.75.2.2  snj 	int i, err = 0, sec_num = 0x1;
1.75.2.2  snj 	uint32_t val, last_read_idx = 0;
1.75.2.2  snj 	void *data;
1.75.2.2  snj 	uint32_t dlen;
1.75.2.2  snj 	uint32_t offset;
1.75.2.2  snj
1.75.2.2  snj 	if (cpu == 1) {
1.75.2.2  snj 		shift_param = 0;
1.75.2.2  snj 		*first_ucode_section = 0;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		shift_param = 16;
1.75.2.2  snj 		(*first_ucode_section)++;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	for (i = *first_ucode_section; i < IWM_UCODE_SECT_MAX; i++) {
1.75.2.2  snj 		last_read_idx = i;
1.75.2.2  snj 		data = fws->fw_sect[i].fws_data;
1.75.2.2  snj 		dlen = fws->fw_sect[i].fws_len;
1.75.2.2  snj 		offset = fws->fw_sect[i].fws_devoff;
1.75.2.2  snj
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
1.75.2.2  snj 		 * CPU1 to CPU2.
1.75.2.2  snj 		 * PAGING_SEPARATOR_SECTION delimiter - separate between
1.75.2.2  snj 		 * CPU2 non paged to CPU2 paging sec.
1.75.2.2  snj 		 */
1.75.2.2  snj 		if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
1.75.2.2  snj 		    offset == IWM_PAGING_SEPARATOR_SECTION)
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		if (dlen > sc->sc_fwdmasegsz) {
1.75.2.2  snj 			err = EFBIG;
1.75.2.2  snj 		} else
1.75.2.2  snj 			err = iwm_firmware_load_sect(sc, offset, data, dlen);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			DPRINTF(("%s: could not load firmware chunk %d "
1.75.2.2  snj 			    "(error %d)\n", DEVNAME(sc), i, err));
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		/* Notify the ucode of the loaded section number and status */
1.75.2.2  snj 		if (iwm_nic_lock(sc)) {
1.75.2.2  snj 			val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS);
1.75.2.2  snj 			val = val | (sec_num << shift_param);
1.75.2.2  snj 			IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val);
1.75.2.2  snj 			sec_num = (sec_num << 1) | 0x1;
1.75.2.2  snj 			iwm_nic_unlock(sc);
1.75.2.2  snj
1.75.2.2  snj 			/*
1.75.2.2  snj 			 * The firmware won't load correctly without this delay.
1.75.2.2  snj 			 */
1.75.2.2  snj 			DELAY(8000);
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	*first_ucode_section = last_read_idx;
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_nic_lock(sc)) {
1.75.2.2  snj 		if (cpu == 1)
1.75.2.2  snj 			IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF);
1.75.2.2  snj 		else
1.75.2.2  snj 			IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_load_firmware_8000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_fw_sects *fws;
1.75.2.2  snj 	int err = 0;
1.75.2.2  snj 	int first_ucode_section;
1.75.2.2  snj
1.75.2.2  snj 	fws = &sc->sc_fw.fw_sects[ucode_type];
1.75.2.2  snj
1.75.2.2  snj 	/* configure the ucode to be ready to get the secured image */
1.75.2.2  snj 	/* release CPU reset */
1.75.2.2  snj 	if (iwm_nic_lock(sc)) {
1.75.2.2  snj 		iwm_write_prph(sc, IWM_RELEASE_CPU_RESET,
1.75.2.2  snj 		    IWM_RELEASE_CPU_RESET_BIT);
1.75.2.2  snj 		iwm_nic_unlock(sc);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* load to FW the binary Secured sections of CPU1 */
1.75.2.2  snj 	err = iwm_load_cpu_sections_8000(sc, fws, 1, &first_ucode_section);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	/* load to FW the binary sections of CPU2 */
1.75.2.2  snj 	return iwm_load_cpu_sections_8000(sc, fws, 2, &first_ucode_section);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1.75.2.2  snj {
1.75.2.2  snj 	int err, w;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_uc.uc_intr = 0;
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
1.75.2.2  snj 		err = iwm_load_firmware_8000(sc, ucode_type);
1.75.2.2  snj 	else
1.75.2.2  snj 		err = iwm_load_firmware_7000(sc, ucode_type);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	/* wait for the firmware to load */
1.75.2.2  snj 	for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++)
1.75.2.2  snj 		err = tsleep(&sc->sc_uc, 0, "iwmuc", mstohz(100));
1.75.2.2  snj 	if (err || !sc->sc_uc.uc_ok) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not load firmware (error %d, ok %d)\n",
1.75.2.2  snj 		    err, sc->sc_uc.uc_ok);
1.75.2.2  snj 		if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev, "cpu1 status: 0x%x\n",
1.75.2.2  snj 			    iwm_read_prph(sc, IWM_SB_CPU_1_STATUS));
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev, "cpu2 status: 0x%x\n",
1.75.2.2  snj 			    iwm_read_prph(sc, IWM_SB_CPU_2_STATUS));
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1.75.2.2  snj {
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT, ~0);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_nic_init(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "Unable to init nic\n");
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* make sure rfkill handshake bits are cleared */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
1.75.2.2  snj 	    IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
1.75.2.2  snj
1.75.2.2  snj 	/* clear (again), then enable host interrupts */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT, ~0);
1.75.2.2  snj 	iwm_enable_interrupts(sc);
1.75.2.2  snj
1.75.2.2  snj 	/* really make sure rfkill handshake bits are cleared */
1.75.2.2  snj 	/* maybe we should write a few times more?  just to make sure */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1.75.2.2  snj
1.75.2.2  snj 	return iwm_load_firmware(sc, ucode_type);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
1.75.2.2  snj 		.valid = htole32(valid_tx_ant),
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 0,
1.75.2.2  snj 	    sizeof(tx_ant_cmd), &tx_ant_cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_phy_cfg_cmd phy_cfg_cmd;
1.75.2.2  snj 	enum iwm_ucode_type ucode_type = sc->sc_uc_current;
1.75.2.2  snj
1.75.2.2  snj 	phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config);
1.75.2.2  snj 	phy_cfg_cmd.calib_control.event_trigger =
1.75.2.2  snj 	    sc->sc_default_calib[ucode_type].event_trigger;
1.75.2.2  snj 	phy_cfg_cmd.calib_control.flow_trigger =
1.75.2.2  snj 	    sc->sc_default_calib[ucode_type].flow_trigger;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(10, ("Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg));
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, 0,
1.75.2.2  snj 	    sizeof(phy_cfg_cmd), &phy_cfg_cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_load_ucode_wait_alive(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_fw_sects *fws;
1.75.2.2  snj 	enum iwm_ucode_type old_type = sc->sc_uc_current;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_read_firmware(sc, ucode_type);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_uc_current = ucode_type;
1.75.2.2  snj 	err = iwm_start_fw(sc, ucode_type);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		sc->sc_uc_current = old_type;
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_post_alive(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	fws = &sc->sc_fw.fw_sects[ucode_type];
1.75.2.2  snj 	if (fws->paging_mem_size) {
1.75.2.2  snj 		err = iwm_save_fw_paging(sc, fws);
1.75.2.2  snj 		if (err)
1.75.2.2  snj 			return err;
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_send_paging_cmd(sc, fws);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			iwm_free_fw_paging(sc);
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm)
1.75.2.2  snj {
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "radio is disabled by hardware switch\n");
1.75.2.2  snj 		return EPERM;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_init_complete = 0;
1.75.2.2  snj 	err = iwm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_INIT);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		DPRINTF(("%s: failed to load init firmware\n", DEVNAME(sc)));
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (justnvm) {
1.75.2.2  snj 		err = iwm_nvm_init(sc);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev, "failed to read nvm\n");
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		memcpy(&sc->sc_ic.ic_myaddr, &sc->sc_nvm.hw_addr,
1.75.2.2  snj 		    ETHER_ADDR_LEN);
1.75.2.2  snj 		return 0;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_bt_init_conf(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_sf_config(sc, IWM_SF_INIT_OFF);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc));
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Send phy configurations command to init uCode
1.75.2.2  snj 	 * to start the 16.0 uCode init image internal calibrations.
1.75.2.2  snj 	 */
1.75.2.2  snj 	err = iwm_send_phy_cfg_cmd(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Nothing to do but wait for the init complete notification
1.75.2.2  snj 	 * from the firmware
1.75.2.2  snj 	 */
1.75.2.2  snj 	while (!sc->sc_init_complete) {
1.75.2.2  snj 		err = tsleep(&sc->sc_init_complete, 0, "iwminit", mstohz(2000));
1.75.2.2  snj 		if (err)
1.75.2.2  snj 			break;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_rx_ring *ring = &sc->rxq;
1.75.2.2  snj 	struct iwm_rx_data *data = &ring->data[idx];
1.75.2.2  snj 	struct mbuf *m;
1.75.2.2  snj 	int err;
1.75.2.2  snj 	int fatal = 0;
1.75.2.2  snj
1.75.2.2  snj 	m = m_gethdr(M_DONTWAIT, MT_DATA);
1.75.2.2  snj 	if (m == NULL)
1.75.2.2  snj 		return ENOBUFS;
1.75.2.2  snj
1.75.2.2  snj 	if (size <= MCLBYTES) {
1.75.2.2  snj 		MCLGET(m, M_DONTWAIT);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		MEXTMALLOC(m, IWM_RBUF_SIZE, M_DONTWAIT);
1.75.2.2  snj 	}
1.75.2.2  snj 	if ((m->m_flags & M_EXT) == 0) {
1.75.2.2  snj 		m_freem(m);
1.75.2.2  snj 		return ENOBUFS;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (data->m != NULL) {
1.75.2.2  snj 		bus_dmamap_unload(sc->sc_dmat, data->map);
1.75.2.2  snj 		fatal = 1;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
1.75.2.2  snj 	err = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m,
1.75.2.2  snj 	    BUS_DMA_READ|BUS_DMA_NOWAIT);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		/* XXX */
1.75.2.2  snj 		if (fatal)
1.75.2.2  snj 			panic("iwm: could not load RX mbuf");
1.75.2.2  snj 		m_freem(m);
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj 	data->m = m;
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, data->map, 0, size, BUS_DMASYNC_PREREAD);
1.75.2.2  snj
1.75.2.2  snj 	/* Update RX descriptor. */
1.75.2.2  snj 	ring->desc[idx] = htole32(data->map->dm_segs[0].ds_addr >> 8);
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map,
1.75.2.2  snj 	    idx * sizeof(uint32_t), sizeof(uint32_t), BUS_DMASYNC_PREWRITE);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #define IWM_RSSI_OFFSET 50
1.75.2.2  snj static int
1.75.2.2  snj iwm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
1.75.2.2  snj {
1.75.2.2  snj 	int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm;
1.75.2.2  snj 	uint32_t agc_a, agc_b;
1.75.2.2  snj 	uint32_t val;
1.75.2.2  snj
1.75.2.2  snj 	val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]);
1.75.2.2  snj 	agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS;
1.75.2.2  snj 	agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS;
1.75.2.2  snj
1.75.2.2  snj 	val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]);
1.75.2.2  snj 	rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS;
1.75.2.2  snj 	rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * dBm = rssi dB - agc dB - constant.
1.75.2.2  snj 	 * Higher AGC (higher radio gain) means lower signal.
1.75.2.2  snj 	 */
1.75.2.2  snj 	rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a;
1.75.2.2  snj 	rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b;
1.75.2.2  snj 	max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm);
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("Rssi In A %d B %d Max %d AGCA %d AGCB %d\n",
1.75.2.2  snj 	    rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b));
1.75.2.2  snj
1.75.2.2  snj 	return max_rssi_dbm;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * RSSI values are reported by the FW as positive values - need to negate
1.75.2.2  snj  * to obtain their dBM.  Account for missing antennas by replacing 0
1.75.2.2  snj  * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
1.75.2.2  snj  */
1.75.2.2  snj static int
1.75.2.2  snj iwm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
1.75.2.2  snj {
1.75.2.2  snj 	int energy_a, energy_b, energy_c, max_energy;
1.75.2.2  snj 	uint32_t val;
1.75.2.2  snj
1.75.2.2  snj 	val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
1.75.2.2  snj 	energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
1.75.2.2  snj 	    IWM_RX_INFO_ENERGY_ANT_A_POS;
1.75.2.2  snj 	energy_a = energy_a ? -energy_a : -256;
1.75.2.2  snj 	energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
1.75.2.2  snj 	    IWM_RX_INFO_ENERGY_ANT_B_POS;
1.75.2.2  snj 	energy_b = energy_b ? -energy_b : -256;
1.75.2.2  snj 	energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
1.75.2.2  snj 	    IWM_RX_INFO_ENERGY_ANT_C_POS;
1.75.2.2  snj 	energy_c = energy_c ? -energy_c : -256;
1.75.2.2  snj 	max_energy = MAX(energy_a, energy_b);
1.75.2.2  snj 	max_energy = MAX(max_energy, energy_c);
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(12, ("energy In A %d B %d C %d, and max %d\n",
1.75.2.2  snj 	    energy_a, energy_b, energy_c, max_energy));
1.75.2.2  snj
1.75.2.2  snj 	return max_energy;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_rx_rx_phy_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
1.75.2.2  snj     struct iwm_rx_data *data)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(20, ("received PHY stats\n"));
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*pkt),
1.75.2.2  snj 	    sizeof(*phy_info), BUS_DMASYNC_POSTREAD);
1.75.2.2  snj
1.75.2.2  snj 	memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Retrieve the average noise (in dBm) among receivers.
1.75.2.2  snj  */
1.75.2.2  snj static int
1.75.2.2  snj iwm_get_noise(const struct iwm_statistics_rx_non_phy *stats)
1.75.2.2  snj {
1.75.2.2  snj 	int i, total, nbant, noise;
1.75.2.2  snj
1.75.2.2  snj 	total = nbant = noise = 0;
1.75.2.2  snj 	for (i = 0; i < 3; i++) {
1.75.2.2  snj 		noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
1.75.2.2  snj 		if (noise) {
1.75.2.2  snj 			total += noise;
1.75.2.2  snj 			nbant++;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* There should be at least one antenna but check anyway. */
1.75.2.2  snj 	return (nbant == 0) ? -127 : (total / nbant) - 107;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_rx_rx_mpdu(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
1.75.2.2  snj     struct iwm_rx_data *data)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_frame *wh;
1.75.2.2  snj 	struct ieee80211_node *ni;
1.75.2.2  snj 	struct ieee80211_channel *c = NULL;
1.75.2.2  snj 	struct mbuf *m;
1.75.2.2  snj 	struct iwm_rx_phy_info *phy_info;
1.75.2.2  snj 	struct iwm_rx_mpdu_res_start *rx_res;
1.75.2.2  snj 	int device_timestamp;
1.75.2.2  snj 	uint32_t len;
1.75.2.2  snj 	uint32_t rx_pkt_status;
1.75.2.2  snj 	int rssi;
1.75.2.2  snj 	int s;
1.75.2.2  snj
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, data->map, 0, IWM_RBUF_SIZE,
1.75.2.2  snj 	    BUS_DMASYNC_POSTREAD);
1.75.2.2  snj
1.75.2.2  snj 	phy_info = &sc->sc_last_phy_info;
1.75.2.2  snj 	rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
1.75.2.2  snj 	wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
1.75.2.2  snj 	len = le16toh(rx_res->byte_count);
1.75.2.2  snj 	rx_pkt_status = le32toh(*(uint32_t *)(pkt->data +
1.75.2.2  snj 	    sizeof(*rx_res) + len));
1.75.2.2  snj
1.75.2.2  snj 	m = data->m;
1.75.2.2  snj 	m->m_data = pkt->data + sizeof(*rx_res);
1.75.2.2  snj 	m->m_pkthdr.len = m->m_len = len;
1.75.2.2  snj
1.75.2.2  snj 	if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
1.75.2.2  snj 		DPRINTF(("dsp size out of range [0,20]: %d\n",
1.75.2.2  snj 		    phy_info->cfg_phy_cnt));
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
1.75.2.2  snj 	    !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
1.75.2.2  snj 		DPRINTF(("Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status));
1.75.2.2  snj 		return; /* drop */
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	device_timestamp = le32toh(phy_info->system_timestamp);
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) {
1.75.2.2  snj 		rssi = iwm_get_signal_strength(sc, phy_info);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		rssi = iwm_calc_rssi(sc, phy_info);
1.75.2.2  snj 	}
1.75.2.2  snj 	rssi = -rssi;
1.75.2.2  snj
1.75.2.2  snj 	if (ic->ic_state == IEEE80211_S_SCAN)
1.75.2.2  snj 		iwm_fix_channel(sc, m);
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0)
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	m->m_pkthdr.rcvif = IC2IFP(ic);
1.75.2.2  snj
1.75.2.2  snj 	if (le32toh(phy_info->channel) < __arraycount(ic->ic_channels))
1.75.2.2  snj 		c = &ic->ic_channels[le32toh(phy_info->channel)];
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj
1.75.2.2  snj 	ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
1.75.2.2  snj 	if (c)
1.75.2.2  snj 		ni->ni_chan = c;
1.75.2.2  snj
1.75.2.2  snj 	if (__predict_false(sc->sc_drvbpf != NULL)) {
1.75.2.2  snj 		struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
1.75.2.2  snj
1.75.2.2  snj 		tap->wr_flags = 0;
1.75.2.2  snj 		if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
1.75.2.2  snj 			tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
1.75.2.2  snj 		tap->wr_chan_freq =
1.75.2.2  snj 		    htole16(ic->ic_channels[phy_info->channel].ic_freq);
1.75.2.2  snj 		tap->wr_chan_flags =
1.75.2.2  snj 		    htole16(ic->ic_channels[phy_info->channel].ic_flags);
1.75.2.2  snj 		tap->wr_dbm_antsignal = (int8_t)rssi;
1.75.2.2  snj 		tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
1.75.2.2  snj 		tap->wr_tsft = phy_info->system_timestamp;
1.75.2.2  snj 		if (phy_info->phy_flags &
1.75.2.2  snj 		    htole16(IWM_RX_RES_PHY_FLAGS_OFDM_HT)) {
1.75.2.2  snj 			uint8_t mcs = (phy_info->rate_n_flags &
1.75.2.2  snj 			    htole32(IWM_RATE_HT_MCS_RATE_CODE_MSK |
1.75.2.2  snj 			      IWM_RATE_HT_MCS_NSS_MSK));
1.75.2.2  snj 			tap->wr_rate = (0x80 | mcs);
1.75.2.2  snj 		} else {
1.75.2.2  snj 			uint8_t rate = (phy_info->rate_n_flags &
1.75.2.2  snj 			    htole32(IWM_RATE_LEGACY_RATE_MSK));
1.75.2.2  snj 			switch (rate) {
1.75.2.2  snj 			/* CCK rates. */
1.75.2.2  snj 			case  10: tap->wr_rate =   2; break;
1.75.2.2  snj 			case  20: tap->wr_rate =   4; break;
1.75.2.2  snj 			case  55: tap->wr_rate =  11; break;
1.75.2.2  snj 			case 110: tap->wr_rate =  22; break;
1.75.2.2  snj 			/* OFDM rates. */
1.75.2.2  snj 			case 0xd: tap->wr_rate =  12; break;
1.75.2.2  snj 			case 0xf: tap->wr_rate =  18; break;
1.75.2.2  snj 			case 0x5: tap->wr_rate =  24; break;
1.75.2.2  snj 			case 0x7: tap->wr_rate =  36; break;
1.75.2.2  snj 			case 0x9: tap->wr_rate =  48; break;
1.75.2.2  snj 			case 0xb: tap->wr_rate =  72; break;
1.75.2.2  snj 			case 0x1: tap->wr_rate =  96; break;
1.75.2.2  snj 			case 0x3: tap->wr_rate = 108; break;
1.75.2.2  snj 			/* Unknown rate: should not happen. */
1.75.2.2  snj 			default:  tap->wr_rate =   0;
1.75.2.2  snj 			}
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m);
1.75.2.2  snj 	}
1.75.2.2  snj 	ieee80211_input(ic, m, ni, rssi, device_timestamp);
1.75.2.2  snj 	ieee80211_free_node(ni);
1.75.2.2  snj
1.75.2.2  snj 	splx(s);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
1.75.2.2  snj     struct iwm_node *in)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ifnet *ifp = IC2IFP(ic);
1.75.2.2  snj 	struct iwm_tx_resp *tx_resp = (void *)pkt->data;
1.75.2.2  snj 	int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
1.75.2.2  snj 	int failack = tx_resp->failure_frame;
1.75.2.2  snj
1.75.2.2  snj 	KASSERT(tx_resp->frame_count == 1);
1.75.2.2  snj
1.75.2.2  snj 	/* Update rate control statistics. */
1.75.2.2  snj 	in->in_amn.amn_txcnt++;
1.75.2.2  snj 	if (failack > 0) {
1.75.2.2  snj 		in->in_amn.amn_retrycnt++;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (status != IWM_TX_STATUS_SUCCESS &&
1.75.2.2  snj 	    status != IWM_TX_STATUS_DIRECT_DONE)
1.75.2.2  snj 		ifp->if_oerrors++;
1.75.2.2  snj 	else
1.75.2.2  snj 		ifp->if_opackets++;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_rx_tx_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
1.75.2.2  snj     struct iwm_rx_data *data)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ifnet *ifp = IC2IFP(ic);
1.75.2.2  snj 	struct iwm_cmd_header *cmd_hdr = &pkt->hdr;
1.75.2.2  snj 	int idx = cmd_hdr->idx;
1.75.2.2  snj 	int qid = cmd_hdr->qid;
1.75.2.2  snj 	struct iwm_tx_ring *ring = &sc->txq[qid];
1.75.2.2  snj 	struct iwm_tx_data *txd = &ring->data[idx];
1.75.2.2  snj 	struct iwm_node *in = txd->in;
1.75.2.2  snj 	int s;
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj
1.75.2.2  snj 	if (txd->done) {
1.75.2.2  snj 		DPRINTF(("%s: got tx interrupt that's already been handled!\n",
1.75.2.2  snj 		    DEVNAME(sc)));
1.75.2.2  snj 		splx(s);
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, data->map, 0, IWM_RBUF_SIZE,
1.75.2.2  snj 	    BUS_DMASYNC_POSTREAD);
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_tx_timer = 0;
1.75.2.2  snj
1.75.2.2  snj 	iwm_rx_tx_cmd_single(sc, pkt, in);
1.75.2.2  snj
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, txd->map, 0, txd->map->dm_mapsize,
1.75.2.2  snj 	    BUS_DMASYNC_POSTWRITE);
1.75.2.2  snj 	bus_dmamap_unload(sc->sc_dmat, txd->map);
1.75.2.2  snj 	m_freem(txd->m);
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(8, ("free txd %p, in %p\n", txd, txd->in));
1.75.2.2  snj 	KASSERT(txd->done == 0);
1.75.2.2  snj 	txd->done = 1;
1.75.2.2  snj 	KASSERT(txd->in);
1.75.2.2  snj
1.75.2.2  snj 	txd->m = NULL;
1.75.2.2  snj 	txd->in = NULL;
1.75.2.2  snj 	ieee80211_free_node(&in->in_ni);
1.75.2.2  snj
1.75.2.2  snj 	if (--ring->queued < IWM_TX_RING_LOMARK) {
1.75.2.2  snj 		sc->qfullmsk &= ~(1 << qid);
1.75.2.2  snj 		if (sc->qfullmsk == 0 && (ifp->if_flags & IFF_OACTIVE)) {
1.75.2.2  snj 			ifp->if_flags &= ~IFF_OACTIVE;
1.75.2.2  snj 			KASSERT(KERNEL_LOCKED_P());
1.75.2.2  snj 			iwm_start(ifp);
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	splx(s);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_binding_cmd(struct iwm_softc *sc, struct iwm_node *in, uint32_t action)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_binding_cmd cmd;
1.75.2.2  snj 	struct iwm_phy_ctxt *phyctxt = in->in_phyctxt;
1.75.2.2  snj 	int i, err;
1.75.2.2  snj 	uint32_t status;
1.75.2.2  snj
1.75.2.2  snj 	memset(&cmd, 0, sizeof(cmd));
1.75.2.2  snj
1.75.2.2  snj 	cmd.id_and_color
1.75.2.2  snj 	    = htole32(IWM_FW_CMD_ID_AND_COLOR(phyctxt->id, phyctxt->color));
1.75.2.2  snj 	cmd.action = htole32(action);
1.75.2.2  snj 	cmd.phy = htole32(IWM_FW_CMD_ID_AND_COLOR(phyctxt->id, phyctxt->color));
1.75.2.2  snj
1.75.2.2  snj 	cmd.macs[0] = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color));
1.75.2.2  snj 	for (i = 1; i < IWM_MAX_MACS_IN_BINDING; i++)
1.75.2.2  snj 		cmd.macs[i] = htole32(IWM_FW_CTXT_INVALID);
1.75.2.2  snj
1.75.2.2  snj 	status = 0;
1.75.2.2  snj 	err = iwm_send_cmd_pdu_status(sc, IWM_BINDING_CONTEXT_CMD,
1.75.2.2  snj 	    sizeof(cmd), &cmd, &status);
1.75.2.2  snj 	if (err == 0 && status != 0)
1.75.2.2  snj 		err = EIO;
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_phy_ctxt_cmd_hdr(struct iwm_softc *sc, struct iwm_phy_ctxt *ctxt,
1.75.2.2  snj     struct iwm_phy_context_cmd *cmd, uint32_t action, uint32_t apply_time)
1.75.2.2  snj {
1.75.2.2  snj 	memset(cmd, 0, sizeof(struct iwm_phy_context_cmd));
1.75.2.2  snj
1.75.2.2  snj 	cmd->id_and_color = htole32(IWM_FW_CMD_ID_AND_COLOR(ctxt->id,
1.75.2.2  snj 	    ctxt->color));
1.75.2.2  snj 	cmd->action = htole32(action);
1.75.2.2  snj 	cmd->apply_time = htole32(apply_time);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_phy_ctxt_cmd_data(struct iwm_softc *sc, struct iwm_phy_context_cmd *cmd,
1.75.2.2  snj     struct ieee80211_channel *chan, uint8_t chains_static,
1.75.2.2  snj     uint8_t chains_dynamic)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	uint8_t active_cnt, idle_cnt;
1.75.2.2  snj
1.75.2.2  snj 	cmd->ci.band = IEEE80211_IS_CHAN_2GHZ(chan) ?
1.75.2.2  snj 	    IWM_PHY_BAND_24 : IWM_PHY_BAND_5;
1.75.2.2  snj
1.75.2.2  snj 	cmd->ci.channel = ieee80211_chan2ieee(ic, chan);
1.75.2.2  snj 	cmd->ci.width = IWM_PHY_VHT_CHANNEL_MODE20;
1.75.2.2  snj 	cmd->ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_BELOW;
1.75.2.2  snj
1.75.2.2  snj 	/* Set rx the chains */
1.75.2.2  snj 	idle_cnt = chains_static;
1.75.2.2  snj 	active_cnt = chains_dynamic;
1.75.2.2  snj
1.75.2.2  snj 	cmd->rxchain_info = htole32(iwm_fw_valid_rx_ant(sc) <<
1.75.2.2  snj 	    IWM_PHY_RX_CHAIN_VALID_POS);
1.75.2.2  snj 	cmd->rxchain_info |= htole32(idle_cnt << IWM_PHY_RX_CHAIN_CNT_POS);
1.75.2.2  snj 	cmd->rxchain_info |= htole32(active_cnt <<
1.75.2.2  snj 	    IWM_PHY_RX_CHAIN_MIMO_CNT_POS);
1.75.2.2  snj
1.75.2.2  snj 	cmd->txchain_info = htole32(iwm_fw_valid_tx_ant(sc));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_phy_ctxt_cmd(struct iwm_softc *sc, struct iwm_phy_ctxt *ctxt,
1.75.2.2  snj     uint8_t chains_static, uint8_t chains_dynamic, uint32_t action,
1.75.2.2  snj     uint32_t apply_time)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_phy_context_cmd cmd;
1.75.2.2  snj
1.75.2.2  snj 	iwm_phy_ctxt_cmd_hdr(sc, ctxt, &cmd, action, apply_time);
1.75.2.2  snj
1.75.2.2  snj 	iwm_phy_ctxt_cmd_data(sc, &cmd, ctxt->channel,
1.75.2.2  snj 	    chains_static, chains_dynamic);
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_PHY_CONTEXT_CMD, 0,
1.75.2.2  snj 	    sizeof(struct iwm_phy_context_cmd), &cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_cmd(struct iwm_softc *sc, struct iwm_host_cmd *hcmd)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_tx_ring *ring = &sc->txq[IWM_CMD_QUEUE];
1.75.2.2  snj 	struct iwm_tfd *desc;
1.75.2.2  snj 	struct iwm_tx_data *txdata;
1.75.2.2  snj 	struct iwm_device_cmd *cmd;
1.75.2.2  snj 	struct mbuf *m;
1.75.2.2  snj 	bus_addr_t paddr;
1.75.2.2  snj 	uint32_t addr_lo;
1.75.2.2  snj 	int err = 0, i, paylen, off, s;
1.75.2.2  snj 	int code;
1.75.2.2  snj 	int async, wantresp;
1.75.2.2  snj 	int group_id;
1.75.2.2  snj 	size_t hdrlen, datasz;
1.75.2.2  snj 	uint8_t *data;
1.75.2.2  snj
1.75.2.2  snj 	code = hcmd->id;
1.75.2.2  snj 	async = hcmd->flags & IWM_CMD_ASYNC;
1.75.2.2  snj 	wantresp = hcmd->flags & IWM_CMD_WANT_SKB;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0, paylen = 0; i < __arraycount(hcmd->len); i++) {
1.75.2.2  snj 		paylen += hcmd->len[i];
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* if the command wants an answer, busy sc_cmd_resp */
1.75.2.2  snj 	if (wantresp) {
1.75.2.2  snj 		KASSERT(!async);
1.75.2.2  snj 		while (sc->sc_wantresp != IWM_CMD_RESP_IDLE)
1.75.2.2  snj 			tsleep(&sc->sc_wantresp, 0, "iwmcmdsl", 0);
1.75.2.2  snj 		sc->sc_wantresp = ring->qid << 16 | ring->cur;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Is the hardware still available?  (after e.g. above wait).
1.75.2.2  snj 	 */
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj 	if (sc->sc_flags & IWM_FLAG_STOPPED) {
1.75.2.2  snj 		err = ENXIO;
1.75.2.2  snj 		goto out;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	desc = &ring->desc[ring->cur];
1.75.2.2  snj 	txdata = &ring->data[ring->cur];
1.75.2.2  snj
1.75.2.2  snj 	group_id = iwm_cmd_groupid(code);
1.75.2.2  snj 	if (group_id != 0) {
1.75.2.2  snj 		hdrlen = sizeof(cmd->hdr_wide);
1.75.2.2  snj 		datasz = sizeof(cmd->data_wide);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		hdrlen = sizeof(cmd->hdr);
1.75.2.2  snj 		datasz = sizeof(cmd->data);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (paylen > datasz) {
1.75.2.2  snj 		/* Command is too large to fit in pre-allocated space. */
1.75.2.2  snj 		size_t totlen = hdrlen + paylen;
1.75.2.2  snj 		if (paylen > IWM_MAX_CMD_PAYLOAD_SIZE) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "firmware command too long (%zd bytes)\n", totlen);
1.75.2.2  snj 			err = EINVAL;
1.75.2.2  snj 			goto out;
1.75.2.2  snj 		}
1.75.2.2  snj 		m = m_gethdr(M_DONTWAIT, MT_DATA);
1.75.2.2  snj 		if (m == NULL) {
1.75.2.2  snj 			err = ENOMEM;
1.75.2.2  snj 			goto out;
1.75.2.2  snj 		}
1.75.2.2  snj 		MEXTMALLOC(m, IWM_RBUF_SIZE, M_DONTWAIT);
1.75.2.2  snj 		if (!(m->m_flags & M_EXT)) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not get fw cmd mbuf (%zd bytes)\n", totlen);
1.75.2.2  snj 			m_freem(m);
1.75.2.2  snj 			err = ENOMEM;
1.75.2.2  snj 			goto out;
1.75.2.2  snj 		}
1.75.2.2  snj 		cmd = mtod(m, struct iwm_device_cmd *);
1.75.2.2  snj 		err = bus_dmamap_load(sc->sc_dmat, txdata->map, cmd,
1.75.2.2  snj 		    totlen, NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not load fw cmd mbuf (%zd bytes)\n", totlen);
1.75.2.2  snj 			m_freem(m);
1.75.2.2  snj 			goto out;
1.75.2.2  snj 		}
1.75.2.2  snj 		txdata->m = m;
1.75.2.2  snj 		paddr = txdata->map->dm_segs[0].ds_addr;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		cmd = &ring->cmd[ring->cur];
1.75.2.2  snj 		paddr = txdata->cmd_paddr;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (group_id != 0) {
1.75.2.2  snj 		cmd->hdr_wide.opcode = iwm_cmd_opcode(code);
1.75.2.2  snj 		cmd->hdr_wide.group_id = group_id;
1.75.2.2  snj 		cmd->hdr_wide.qid = ring->qid;
1.75.2.2  snj 		cmd->hdr_wide.idx = ring->cur;
1.75.2.2  snj 		cmd->hdr_wide.length = htole16(paylen);
1.75.2.2  snj 		cmd->hdr_wide.version = iwm_cmd_version(code);
1.75.2.2  snj 		data = cmd->data_wide;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		cmd->hdr.code = code;
1.75.2.2  snj 		cmd->hdr.flags = 0;
1.75.2.2  snj 		cmd->hdr.qid = ring->qid;
1.75.2.2  snj 		cmd->hdr.idx = ring->cur;
1.75.2.2  snj 		data = cmd->data;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0, off = 0; i < __arraycount(hcmd->data); i++) {
1.75.2.2  snj 		if (hcmd->len[i] == 0)
1.75.2.2  snj 			continue;
1.75.2.2  snj 		memcpy(data + off, hcmd->data[i], hcmd->len[i]);
1.75.2.2  snj 		off += hcmd->len[i];
1.75.2.2  snj 	}
1.75.2.2  snj 	KASSERT(off == paylen);
1.75.2.2  snj
1.75.2.2  snj 	/* lo field is not aligned */
1.75.2.2  snj 	addr_lo = htole32((uint32_t)paddr);
1.75.2.2  snj 	memcpy(&desc->tbs[0].lo, &addr_lo, sizeof(uint32_t));
1.75.2.2  snj 	desc->tbs[0].hi_n_len  = htole16(iwm_get_dma_hi_addr(paddr)
1.75.2.2  snj 	    | ((hdrlen + paylen) << 4));
1.75.2.2  snj 	desc->num_tbs = 1;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(8, ("iwm_send_cmd 0x%x size=%zu %s\n",
1.75.2.2  snj 	    code, hdrlen + paylen, async ? " (async)" : ""));
1.75.2.2  snj
1.75.2.2  snj 	if (paylen > datasz) {
1.75.2.2  snj 		bus_dmamap_sync(sc->sc_dmat, txdata->map, 0, hdrlen + paylen,
1.75.2.2  snj 		    BUS_DMASYNC_PREWRITE);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map,
1.75.2.2  snj 		    (uint8_t *)cmd - (uint8_t *)ring->cmd, hdrlen + paylen,
1.75.2.2  snj 		    BUS_DMASYNC_PREWRITE);
1.75.2.2  snj 	}
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map,
1.75.2.2  snj 	    (uint8_t *)desc - (uint8_t *)ring->desc, sizeof(*desc),
1.75.2.2  snj 	    BUS_DMASYNC_PREWRITE);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_set_cmd_in_flight(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		goto out;
1.75.2.2  snj 	ring->queued++;
1.75.2.2  snj
1.75.2.2  snj #if 0
1.75.2.2  snj 	iwm_update_sched(sc, ring->qid, ring->cur, 0, 0);
1.75.2.2  snj #endif
1.75.2.2  snj 	DPRINTF(("sending command 0x%x qid %d, idx %d\n",
1.75.2.2  snj 	    code, ring->qid, ring->cur));
1.75.2.2  snj
1.75.2.2  snj 	/* Kick command ring. */
1.75.2.2  snj 	ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
1.75.2.2  snj 	IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
1.75.2.2  snj
1.75.2.2  snj 	if (!async) {
1.75.2.2  snj 		int generation = sc->sc_generation;
1.75.2.2  snj 		err = tsleep(desc, PCATCH, "iwmcmd", mstohz(2000));
1.75.2.2  snj 		if (err == 0) {
1.75.2.2  snj 			/* if hardware is no longer up, return error */
1.75.2.2  snj 			if (generation != sc->sc_generation) {
1.75.2.2  snj 				err = ENXIO;
1.75.2.2  snj 			} else {
1.75.2.2  snj 				hcmd->resp_pkt = (void *)sc->sc_cmd_resp;
1.75.2.2  snj 			}
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj  out:
1.75.2.2  snj 	if (wantresp && err) {
1.75.2.2  snj 		iwm_free_resp(sc, hcmd);
1.75.2.2  snj 	}
1.75.2.2  snj 	splx(s);
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_cmd_pdu(struct iwm_softc *sc, uint32_t id, uint32_t flags,
1.75.2.2  snj     uint16_t len, const void *data)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_host_cmd cmd = {
1.75.2.2  snj 		.id = id,
1.75.2.2  snj 		.len = { len, },
1.75.2.2  snj 		.data = { data, },
1.75.2.2  snj 		.flags = flags,
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd(sc, &cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_cmd_status(struct iwm_softc *sc, struct iwm_host_cmd *cmd,
1.75.2.2  snj     uint32_t *status)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_rx_packet *pkt;
1.75.2.2  snj 	struct iwm_cmd_response *resp;
1.75.2.2  snj 	int err, resp_len;
1.75.2.2  snj
1.75.2.2  snj 	KASSERT((cmd->flags & IWM_CMD_WANT_SKB) == 0);
1.75.2.2  snj 	cmd->flags |= IWM_CMD_WANT_SKB;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd(sc, cmd);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj 	pkt = cmd->resp_pkt;
1.75.2.2  snj
1.75.2.2  snj 	/* Can happen if RFKILL is asserted */
1.75.2.2  snj 	if (!pkt) {
1.75.2.2  snj 		err = 0;
1.75.2.2  snj 		goto out_free_resp;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) {
1.75.2.2  snj 		err = EIO;
1.75.2.2  snj 		goto out_free_resp;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	resp_len = iwm_rx_packet_payload_len(pkt);
1.75.2.2  snj 	if (resp_len != sizeof(*resp)) {
1.75.2.2  snj 		err = EIO;
1.75.2.2  snj 		goto out_free_resp;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	resp = (void *)pkt->data;
1.75.2.2  snj 	*status = le32toh(resp->status);
1.75.2.2  snj  out_free_resp:
1.75.2.2  snj 	iwm_free_resp(sc, cmd);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_cmd_pdu_status(struct iwm_softc *sc, uint32_t id, uint16_t len,
1.75.2.2  snj     const void *data, uint32_t *status)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_host_cmd cmd = {
1.75.2.2  snj 		.id = id,
1.75.2.2  snj 		.len = { len, },
1.75.2.2  snj 		.data = { data, },
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_status(sc, &cmd, status);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_free_resp(struct iwm_softc *sc, struct iwm_host_cmd *hcmd)
1.75.2.2  snj {
1.75.2.2  snj 	KASSERT(sc->sc_wantresp != IWM_CMD_RESP_IDLE);
1.75.2.2  snj 	KASSERT((hcmd->flags & IWM_CMD_WANT_SKB) == IWM_CMD_WANT_SKB);
1.75.2.2  snj 	sc->sc_wantresp = IWM_CMD_RESP_IDLE;
1.75.2.2  snj 	wakeup(&sc->sc_wantresp);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_cmd_done(struct iwm_softc *sc, int qid, int idx)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_tx_ring *ring = &sc->txq[IWM_CMD_QUEUE];
1.75.2.2  snj 	struct iwm_tx_data *data;
1.75.2.2  snj 	int s;
1.75.2.2  snj
1.75.2.2  snj 	if (qid != IWM_CMD_QUEUE) {
1.75.2.2  snj 		return;	/* Not a command ack. */
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj
1.75.2.2  snj 	data = &ring->data[idx];
1.75.2.2  snj
1.75.2.2  snj 	if (data->m != NULL) {
1.75.2.2  snj 		bus_dmamap_sync(sc->sc_dmat, data->map, 0,
1.75.2.2  snj 		    data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
1.75.2.2  snj 		bus_dmamap_unload(sc->sc_dmat, data->map);
1.75.2.2  snj 		m_freem(data->m);
1.75.2.2  snj 		data->m = NULL;
1.75.2.2  snj 	}
1.75.2.2  snj 	wakeup(&ring->desc[idx]);
1.75.2.2  snj
1.75.2.2  snj 	if (((idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "Some HCMDs skipped?: idx=%d queued=%d cur=%d\n",
1.75.2.2  snj 		    idx, ring->queued, ring->cur);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	KASSERT(ring->queued > 0);
1.75.2.2  snj 	if (--ring->queued == 0)
1.75.2.2  snj 		iwm_clear_cmd_in_flight(sc);
1.75.2.2  snj
1.75.2.2  snj 	splx(s);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #if 0
1.75.2.2  snj /*
1.75.2.2  snj  * necessary only for block ack mode
1.75.2.2  snj  */
1.75.2.2  snj void
1.75.2.2  snj iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
1.75.2.2  snj     uint16_t len)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
1.75.2.2  snj 	uint16_t w_val;
1.75.2.2  snj
1.75.2.2  snj 	scd_bc_tbl = sc->sched_dma.vaddr;
1.75.2.2  snj
1.75.2.2  snj 	len += 8; /* magic numbers came naturally from paris */
1.75.2.2  snj 	if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE)
1.75.2.2  snj 		len = roundup(len, 4) / 4;
1.75.2.2  snj
1.75.2.2  snj 	w_val = htole16(sta_id << 12 | len);
1.75.2.2  snj
1.75.2.2  snj 	/* Update TX scheduler. */
1.75.2.2  snj 	scd_bc_tbl[qid].tfd_offset[idx] = w_val;
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map,
1.75.2.2  snj 	    (char *)(void *)w - (char *)(void *)sc->sched_dma.vaddr,
1.75.2.2  snj 	    sizeof(uint16_t), BUS_DMASYNC_PREWRITE);
1.75.2.2  snj
1.75.2.2  snj 	/* I really wonder what this is ?!? */
1.75.2.2  snj 	if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
1.75.2.2  snj 		scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
1.75.2.2  snj 		bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map,
1.75.2.2  snj 		    (char *)(void *)(w + IWM_TFD_QUEUE_SIZE_MAX) -
1.75.2.2  snj 		    (char *)(void *)sc->sched_dma.vaddr,
1.75.2.2  snj 		    sizeof (uint16_t), BUS_DMASYNC_PREWRITE);
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Fill in various bit for management frames, and leave them
1.75.2.2  snj  * unfilled for data frames (firmware takes care of that).
1.75.2.2  snj  * Return the selected TX rate.
1.75.2.2  snj  */
1.75.2.2  snj static const struct iwm_rate *
1.75.2.2  snj iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
1.75.2.2  snj     struct ieee80211_frame *wh, struct iwm_tx_cmd *tx)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_node *ni = &in->in_ni;
1.75.2.2  snj 	const struct iwm_rate *rinfo;
1.75.2.2  snj 	int type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1.75.2.2  snj 	int ridx, rate_flags, i, ind;
1.75.2.2  snj 	int nrates = ni->ni_rates.rs_nrates;
1.75.2.2  snj
1.75.2.2  snj 	tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
1.75.2.2  snj 	tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
1.75.2.2  snj
1.75.2.2  snj 	if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
1.75.2.2  snj 	    type != IEEE80211_FC0_TYPE_DATA) {
1.75.2.2  snj 		/* for non-data, use the lowest supported rate */
1.75.2.2  snj 		ridx = (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) ?
1.75.2.2  snj 		    IWM_RIDX_OFDM : IWM_RIDX_CCK;
1.75.2.2  snj 		tx->data_retry_limit = IWM_MGMT_DFAULT_RETRY_LIMIT;
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	} else if (ic->ic_fixed_mcs != -1) {
1.75.2.2  snj 		ridx = sc->sc_fixed_ridx;
1.75.2.2  snj #endif
1.75.2.2  snj 	} else if (ic->ic_fixed_rate != -1) {
1.75.2.2  snj 		ridx = sc->sc_fixed_ridx;
1.75.2.2  snj 	} else {
1.75.2.2  snj 		/* for data frames, use RS table */
1.75.2.2  snj 		tx->initial_rate_index = 0;
1.75.2.2  snj 		tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
1.75.2.2  snj 		DPRINTFN(12, ("start with txrate %d\n",
1.75.2.2  snj 		    tx->initial_rate_index));
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 		if (ni->ni_flags & IEEE80211_NODE_HT) {
1.75.2.2  snj 			ridx = iwm_mcs2ridx[ni->ni_txmcs];
1.75.2.2  snj 			return &iwm_rates[ridx];
1.75.2.2  snj 		}
1.75.2.2  snj #endif
1.75.2.2  snj 		ridx = (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) ?
1.75.2.2  snj 		    IWM_RIDX_OFDM : IWM_RIDX_CCK;
1.75.2.2  snj 		for (i = 0; i < nrates; i++) {
1.75.2.2  snj 			if (iwm_rates[i].rate == (ni->ni_txrate &
1.75.2.2  snj 			    IEEE80211_RATE_VAL)) {
1.75.2.2  snj 				ridx = i;
1.75.2.2  snj 				break;
1.75.2.2  snj 			}
1.75.2.2  snj 		}
1.75.2.2  snj 		return &iwm_rates[ridx];
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	rinfo = &iwm_rates[ridx];
1.75.2.2  snj 	for (i = 0, ind = sc->sc_mgmt_last_antenna;
1.75.2.2  snj 	    i < IWM_RATE_MCS_ANT_NUM; i++) {
1.75.2.2  snj 		ind = (ind + 1) % IWM_RATE_MCS_ANT_NUM;
1.75.2.2  snj 		if (iwm_fw_valid_tx_ant(sc) & (1 << ind)) {
1.75.2.2  snj 			sc->sc_mgmt_last_antenna = ind;
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj 	rate_flags = (1 << sc->sc_mgmt_last_antenna) << IWM_RATE_MCS_ANT_POS;
1.75.2.2  snj 	if (IWM_RIDX_IS_CCK(ridx))
1.75.2.2  snj 		rate_flags |= IWM_RATE_MCS_CCK_MSK;
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	if ((ni->ni_flags & IEEE80211_NODE_HT) &&
1.75.2.2  snj 	    rinfo->ht_plcp != IWM_RATE_HT_SISO_MCS_INV_PLCP) {
1.75.2.2  snj 		rate_flags |= IWM_RATE_MCS_HT_MSK;
1.75.2.2  snj 		tx->rate_n_flags = htole32(rate_flags | rinfo->ht_plcp);
1.75.2.2  snj 	} else
1.75.2.2  snj #endif
1.75.2.2  snj 		tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
1.75.2.2  snj
1.75.2.2  snj 	return rinfo;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #define TB0_SIZE 16
1.75.2.2  snj static int
1.75.2.2  snj iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_node *in = (struct iwm_node *)ni;
1.75.2.2  snj 	struct iwm_tx_ring *ring;
1.75.2.2  snj 	struct iwm_tx_data *data;
1.75.2.2  snj 	struct iwm_tfd *desc;
1.75.2.2  snj 	struct iwm_device_cmd *cmd;
1.75.2.2  snj 	struct iwm_tx_cmd *tx;
1.75.2.2  snj 	struct ieee80211_frame *wh;
1.75.2.2  snj 	struct ieee80211_key *k = NULL;
1.75.2.2  snj 	struct mbuf *m1;
1.75.2.2  snj 	const struct iwm_rate *rinfo;
1.75.2.2  snj 	uint32_t flags;
1.75.2.2  snj 	u_int hdrlen;
1.75.2.2  snj 	bus_dma_segment_t *seg;
1.75.2.2  snj 	uint8_t tid, type;
1.75.2.2  snj 	int i, totlen, err, pad;
1.75.2.2  snj
1.75.2.2  snj 	wh = mtod(m, struct ieee80211_frame *);
1.75.2.2  snj 	hdrlen = ieee80211_anyhdrsize(wh);
1.75.2.2  snj 	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1.75.2.2  snj
1.75.2.2  snj 	tid = 0;
1.75.2.2  snj
1.75.2.2  snj 	ring = &sc->txq[ac];
1.75.2.2  snj 	desc = &ring->desc[ring->cur];
1.75.2.2  snj 	memset(desc, 0, sizeof(*desc));
1.75.2.2  snj 	data = &ring->data[ring->cur];
1.75.2.2  snj
1.75.2.2  snj 	cmd = &ring->cmd[ring->cur];
1.75.2.2  snj 	cmd->hdr.code = IWM_TX_CMD;
1.75.2.2  snj 	cmd->hdr.flags = 0;
1.75.2.2  snj 	cmd->hdr.qid = ring->qid;
1.75.2.2  snj 	cmd->hdr.idx = ring->cur;
1.75.2.2  snj
1.75.2.2  snj 	tx = (void *)cmd->data;
1.75.2.2  snj 	memset(tx, 0, sizeof(*tx));
1.75.2.2  snj
1.75.2.2  snj 	rinfo = iwm_tx_fill_cmd(sc, in, wh, tx);
1.75.2.2  snj
1.75.2.2  snj 	if (__predict_false(sc->sc_drvbpf != NULL)) {
1.75.2.2  snj 		struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
1.75.2.2  snj
1.75.2.2  snj 		tap->wt_flags = 0;
1.75.2.2  snj 		tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
1.75.2.2  snj 		tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 		if ((ni->ni_flags & IEEE80211_NODE_HT) &&
1.75.2.2  snj 		    !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1.75.2.2  snj 		    type == IEEE80211_FC0_TYPE_DATA &&
1.75.2.2  snj 		    rinfo->plcp == IWM_RATE_INVM_PLCP) {
1.75.2.2  snj 			tap->wt_rate = (0x80 | rinfo->ht_plcp);
1.75.2.2  snj 		} else
1.75.2.2  snj #endif
1.75.2.2  snj 			tap->wt_rate = rinfo->rate;
1.75.2.2  snj 		tap->wt_hwqueue = ac;
1.75.2.2  snj 		if (wh->i_fc[1] & IEEE80211_FC1_WEP)
1.75.2.2  snj 			tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
1.75.2.2  snj
1.75.2.2  snj 		bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Encrypt the frame if need be. */
1.75.2.2  snj 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1.75.2.2  snj 		k = ieee80211_crypto_encap(ic, ni, m);
1.75.2.2  snj 		if (k == NULL) {
1.75.2.2  snj 			m_freem(m);
1.75.2.2  snj 			return ENOBUFS;
1.75.2.2  snj 		}
1.75.2.2  snj 		/* Packet header may have moved, reset our local pointer. */
1.75.2.2  snj 		wh = mtod(m, struct ieee80211_frame *);
1.75.2.2  snj 	}
1.75.2.2  snj 	totlen = m->m_pkthdr.len;
1.75.2.2  snj
1.75.2.2  snj 	flags = 0;
1.75.2.2  snj 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1.75.2.2  snj 		flags |= IWM_TX_CMD_FLG_ACK;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (type == IEEE80211_FC0_TYPE_DATA &&
1.75.2.2  snj 	    !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1.75.2.2  snj 	    (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold ||
1.75.2.2  snj 	     (ic->ic_flags & IEEE80211_F_USEPROT)))
1.75.2.2  snj 		flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
1.75.2.2  snj
1.75.2.2  snj 	if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
1.75.2.2  snj 	    type != IEEE80211_FC0_TYPE_DATA)
1.75.2.2  snj 		tx->sta_id = IWM_AUX_STA_ID;
1.75.2.2  snj 	else
1.75.2.2  snj 		tx->sta_id = IWM_STATION_ID;
1.75.2.2  snj
1.75.2.2  snj 	if (type == IEEE80211_FC0_TYPE_MGT) {
1.75.2.2  snj 		uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
1.75.2.2  snj
1.75.2.2  snj 		if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
1.75.2.2  snj 		    subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
1.75.2.2  snj 			tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC);
1.75.2.2  snj 		else
1.75.2.2  snj 			tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (hdrlen & 3) {
1.75.2.2  snj 		/* First segment length must be a multiple of 4. */
1.75.2.2  snj 		flags |= IWM_TX_CMD_FLG_MH_PAD;
1.75.2.2  snj 		pad = 4 - (hdrlen & 3);
1.75.2.2  snj 	} else
1.75.2.2  snj 		pad = 0;
1.75.2.2  snj
1.75.2.2  snj 	tx->driver_txop = 0;
1.75.2.2  snj 	tx->next_frame_len = 0;
1.75.2.2  snj
1.75.2.2  snj 	tx->len = htole16(totlen);
1.75.2.2  snj 	tx->tid_tspec = tid;
1.75.2.2  snj 	tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
1.75.2.2  snj
1.75.2.2  snj 	/* Set physical address of "scratch area". */
1.75.2.2  snj 	tx->dram_lsb_ptr = htole32(data->scratch_paddr);
1.75.2.2  snj 	tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
1.75.2.2  snj
1.75.2.2  snj 	/* Copy 802.11 header in TX command. */
1.75.2.2  snj 	memcpy(tx + 1, wh, hdrlen);
1.75.2.2  snj
1.75.2.2  snj 	flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
1.75.2.2  snj
1.75.2.2  snj 	tx->sec_ctl = 0;
1.75.2.2  snj 	tx->tx_flags |= htole32(flags);
1.75.2.2  snj
1.75.2.2  snj 	/* Trim 802.11 header. */
1.75.2.2  snj 	m_adj(m, hdrlen);
1.75.2.2  snj
1.75.2.2  snj 	err = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m,
1.75.2.2  snj 	    BUS_DMA_NOWAIT | BUS_DMA_WRITE);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		if (err != EFBIG) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "can't map mbuf (error %d)\n", err);
1.75.2.2  snj 			m_freem(m);
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj 		/* Too many DMA segments, linearize mbuf. */
1.75.2.2  snj 		MGETHDR(m1, M_DONTWAIT, MT_DATA);
1.75.2.2  snj 		if (m1 == NULL) {
1.75.2.2  snj 			m_freem(m);
1.75.2.2  snj 			return ENOBUFS;
1.75.2.2  snj 		}
1.75.2.2  snj 		if (m->m_pkthdr.len > MHLEN) {
1.75.2.2  snj 			MCLGET(m1, M_DONTWAIT);
1.75.2.2  snj 			if (!(m1->m_flags & M_EXT)) {
1.75.2.2  snj 				m_freem(m);
1.75.2.2  snj 				m_freem(m1);
1.75.2.2  snj 				return ENOBUFS;
1.75.2.2  snj 			}
1.75.2.2  snj 		}
1.75.2.2  snj 		m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, void *));
1.75.2.2  snj 		m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len;
1.75.2.2  snj 		m_freem(m);
1.75.2.2  snj 		m = m1;
1.75.2.2  snj
1.75.2.2  snj 		err = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m,
1.75.2.2  snj 		    BUS_DMA_NOWAIT | BUS_DMA_WRITE);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "can't map mbuf (error %d)\n", err);
1.75.2.2  snj 			m_freem(m);
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj 	data->m = m;
1.75.2.2  snj 	data->in = in;
1.75.2.2  snj 	data->done = 0;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(8, ("sending txd %p, in %p\n", data, data->in));
1.75.2.2  snj 	KASSERT(data->in != NULL);
1.75.2.2  snj
1.75.2.2  snj 	DPRINTFN(8, ("sending data: qid=%d idx=%d len=%d nsegs=%d type=%d "
1.75.2.2  snj 	    "subtype=%x tx_flags=%08x init_rateidx=%08x rate_n_flags=%08x\n",
1.75.2.2  snj 	    ring->qid, ring->cur, totlen, data->map->dm_nsegs, type,
1.75.2.2  snj 	    (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) >> 4,
1.75.2.2  snj 	    le32toh(tx->tx_flags), le32toh(tx->initial_rate_index),
1.75.2.2  snj 	    le32toh(tx->rate_n_flags)));
1.75.2.2  snj
1.75.2.2  snj 	/* Fill TX descriptor. */
1.75.2.2  snj 	desc->num_tbs = 2 + data->map->dm_nsegs;
1.75.2.2  snj
1.75.2.2  snj 	desc->tbs[0].lo = htole32(data->cmd_paddr);
1.75.2.2  snj 	desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
1.75.2.2  snj 	    (TB0_SIZE << 4);
1.75.2.2  snj 	desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
1.75.2.2  snj 	desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
1.75.2.2  snj 	    ((sizeof(struct iwm_cmd_header) + sizeof(*tx)
1.75.2.2  snj 	      + hdrlen + pad - TB0_SIZE) << 4);
1.75.2.2  snj
1.75.2.2  snj 	/* Other DMA segments are for data payload. */
1.75.2.2  snj 	seg = data->map->dm_segs;
1.75.2.2  snj 	for (i = 0; i < data->map->dm_nsegs; i++, seg++) {
1.75.2.2  snj 		desc->tbs[i+2].lo = htole32(seg->ds_addr);
1.75.2.2  snj 		desc->tbs[i+2].hi_n_len =
1.75.2.2  snj 		    htole16(iwm_get_dma_hi_addr(seg->ds_addr))
1.75.2.2  snj 		    | ((seg->ds_len) << 4);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize,
1.75.2.2  snj 	    BUS_DMASYNC_PREWRITE);
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map,
1.75.2.2  snj 	    (uint8_t *)cmd - (uint8_t *)ring->cmd, sizeof(*cmd),
1.75.2.2  snj 	    BUS_DMASYNC_PREWRITE);
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map,
1.75.2.2  snj 	    (uint8_t *)desc - (uint8_t *)ring->desc, sizeof(*desc),
1.75.2.2  snj 	    BUS_DMASYNC_PREWRITE);
1.75.2.2  snj
1.75.2.2  snj #if 0
1.75.2.2  snj 	iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id,
1.75.2.2  snj 	    le16toh(tx->len));
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	/* Kick TX ring. */
1.75.2.2  snj 	ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
1.75.2.2  snj 	IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
1.75.2.2  snj
1.75.2.2  snj 	/* Mark TX ring as full if we reach a certain threshold. */
1.75.2.2  snj 	if (++ring->queued > IWM_TX_RING_HIMARK) {
1.75.2.2  snj 		sc->qfullmsk |= 1 << ring->qid;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #if 0
1.75.2.2  snj /* not necessary? */
1.75.2.2  snj static int
1.75.2.2  snj iwm_flush_tx_path(struct iwm_softc *sc, int tfd_msk, int sync)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_tx_path_flush_cmd flush_cmd = {
1.75.2.2  snj 		.queues_ctl = htole32(tfd_msk),
1.75.2.2  snj 		.flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
1.75.2.2  snj 	};
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, sync ? 0 : IWM_CMD_ASYNC,
1.75.2.2  snj 	    sizeof(flush_cmd), &flush_cmd);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "Flushing tx queue failed: %d\n",
1.75.2.2  snj 		    err);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_led_enable(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_LED_REG, IWM_CSR_LED_REG_TURN_ON);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_led_disable(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_LED_REG, IWM_CSR_LED_REG_TURN_OFF);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_led_is_enabled(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	return (IWM_READ(sc, IWM_CSR_LED_REG) == IWM_CSR_LED_REG_TURN_ON);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_led_blink_timeout(void *arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = arg;
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_led_is_enabled(sc))
1.75.2.2  snj 		iwm_led_disable(sc);
1.75.2.2  snj 	else
1.75.2.2  snj 		iwm_led_enable(sc);
1.75.2.2  snj
1.75.2.2  snj 	callout_schedule(&sc->sc_led_blink_to, mstohz(200));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_led_blink_start(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	callout_schedule(&sc->sc_led_blink_to, mstohz(200));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_led_blink_stop(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	callout_stop(&sc->sc_led_blink_to);
1.75.2.2  snj 	iwm_led_disable(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #define IWM_POWER_KEEP_ALIVE_PERIOD_SEC    25
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_beacon_filter_send_cmd(struct iwm_softc *sc,
1.75.2.2  snj     struct iwm_beacon_filter_cmd *cmd)
1.75.2.2  snj {
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_REPLY_BEACON_FILTERING_CMD,
1.75.2.2  snj 	    0, sizeof(struct iwm_beacon_filter_cmd), cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_beacon_filter_set_cqm_params(struct iwm_softc *sc, struct iwm_node *in,
1.75.2.2  snj     struct iwm_beacon_filter_cmd *cmd)
1.75.2.2  snj {
1.75.2.2  snj 	cmd->ba_enable_beacon_abort = htole32(sc->sc_bf.ba_enabled);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_update_beacon_abort(struct iwm_softc *sc, struct iwm_node *in, int enable)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_beacon_filter_cmd cmd = {
1.75.2.2  snj 		IWM_BF_CMD_CONFIG_DEFAULTS,
1.75.2.2  snj 		.bf_enable_beacon_filter = htole32(1),
1.75.2.2  snj 		.ba_enable_beacon_abort = htole32(enable),
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	if (!sc->sc_bf.bf_enabled)
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_bf.ba_enabled = enable;
1.75.2.2  snj 	iwm_beacon_filter_set_cqm_params(sc, in, &cmd);
1.75.2.2  snj 	return iwm_beacon_filter_send_cmd(sc, &cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_power_build_cmd(struct iwm_softc *sc, struct iwm_node *in,
1.75.2.2  snj     struct iwm_mac_power_cmd *cmd)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211_node *ni = &in->in_ni;
1.75.2.2  snj 	int dtim_period, dtim_msec, keep_alive;
1.75.2.2  snj
1.75.2.2  snj 	cmd->id_and_color = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id,
1.75.2.2  snj 	    in->in_color));
1.75.2.2  snj 	if (ni->ni_dtim_period)
1.75.2.2  snj 		dtim_period = ni->ni_dtim_period;
1.75.2.2  snj 	else
1.75.2.2  snj 		dtim_period = 1;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Regardless of power management state the driver must set
1.75.2.2  snj 	 * keep alive period. FW will use it for sending keep alive NDPs
1.75.2.2  snj 	 * immediately after association. Check that keep alive period
1.75.2.2  snj 	 * is at least 3 * DTIM.
1.75.2.2  snj 	 */
1.75.2.2  snj 	dtim_msec = dtim_period * ni->ni_intval;
1.75.2.2  snj 	keep_alive = MAX(3 * dtim_msec, 1000 * IWM_POWER_KEEP_ALIVE_PERIOD_SEC);
1.75.2.2  snj 	keep_alive = roundup(keep_alive, 1000) / 1000;
1.75.2.2  snj 	cmd->keep_alive_seconds = htole16(keep_alive);
1.75.2.2  snj
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj 	cmd->flags = htole16(IWM_POWER_FLAGS_POWER_SAVE_ENA_MSK);
1.75.2.2  snj 	cmd->rx_data_timeout = IWM_DEFAULT_PS_RX_DATA_TIMEOUT;
1.75.2.2  snj 	cmd->tx_data_timeout = IWM_DEFAULT_PS_TX_DATA_TIMEOUT;
1.75.2.2  snj #endif
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_power_mac_update_mode(struct iwm_softc *sc, struct iwm_node *in)
1.75.2.2  snj {
1.75.2.2  snj 	int err;
1.75.2.2  snj 	int ba_enable;
1.75.2.2  snj 	struct iwm_mac_power_cmd cmd;
1.75.2.2  snj
1.75.2.2  snj 	memset(&cmd, 0, sizeof(cmd));
1.75.2.2  snj
1.75.2.2  snj 	iwm_power_build_cmd(sc, in, &cmd);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd_pdu(sc, IWM_MAC_PM_POWER_TABLE, 0,
1.75.2.2  snj 	    sizeof(cmd), &cmd);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	ba_enable = !!(cmd.flags &
1.75.2.2  snj 	    htole16(IWM_POWER_FLAGS_POWER_MANAGEMENT_ENA_MSK));
1.75.2.2  snj 	return iwm_update_beacon_abort(sc, in, ba_enable);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_power_update_device(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_device_power_cmd cmd = {
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj 		.flags = htole16(IWM_DEVICE_POWER_FLAGS_POWER_SAVE_ENA_MSK),
1.75.2.2  snj #else
1.75.2.2  snj 		.flags = 0,
1.75.2.2  snj #endif
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DEVICE_PS_CMD))
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	cmd.flags |= htole16(IWM_DEVICE_POWER_FLAGS_CAM_MSK);
1.75.2.2  snj 	DPRINTF(("Sending device power command with flags = 0x%X\n",
1.75.2.2  snj 	    cmd.flags));
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_POWER_TABLE_CMD, 0, sizeof(cmd), &cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj static int
1.75.2.2  snj iwm_enable_beacon_filter(struct iwm_softc *sc, struct iwm_node *in)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_beacon_filter_cmd cmd = {
1.75.2.2  snj 		IWM_BF_CMD_CONFIG_DEFAULTS,
1.75.2.2  snj 		.bf_enable_beacon_filter = htole32(1),
1.75.2.2  snj 	};
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	iwm_beacon_filter_set_cqm_params(sc, in, &cmd);
1.75.2.2  snj 	err = iwm_beacon_filter_send_cmd(sc, &cmd);
1.75.2.2  snj
1.75.2.2  snj 	if (err == 0)
1.75.2.2  snj 		sc->sc_bf.bf_enabled = 1;
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_disable_beacon_filter(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_beacon_filter_cmd cmd;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	memset(&cmd, 0, sizeof(cmd));
1.75.2.2  snj 	if ((sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_BF_UPDATED) == 0)
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_beacon_filter_send_cmd(sc, &cmd);
1.75.2.2  snj 	if (err == 0)
1.75.2.2  snj 		sc->sc_bf.bf_enabled = 0;
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_add_sta_cmd(struct iwm_softc *sc, struct iwm_node *in, int update)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_add_sta_cmd_v7 add_sta_cmd;
1.75.2.2  snj 	int err;
1.75.2.2  snj 	uint32_t status;
1.75.2.2  snj
1.75.2.2  snj 	memset(&add_sta_cmd, 0, sizeof(add_sta_cmd));
1.75.2.2  snj
1.75.2.2  snj 	add_sta_cmd.sta_id = IWM_STATION_ID;
1.75.2.2  snj 	add_sta_cmd.mac_id_n_color
1.75.2.2  snj 	    = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color));
1.75.2.2  snj 	if (!update) {
1.75.2.2  snj 		int ac;
1.75.2.2  snj 		for (ac = 0; ac < WME_NUM_AC; ac++) {
1.75.2.2  snj 			add_sta_cmd.tfd_queue_msk |=
1.75.2.2  snj 			    htole32(__BIT(iwm_ac_to_tx_fifo[ac]));
1.75.2.2  snj 		}
1.75.2.2  snj 		IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid);
1.75.2.2  snj 	}
1.75.2.2  snj 	add_sta_cmd.add_modify = update ? 1 : 0;
1.75.2.2  snj 	add_sta_cmd.station_flags_msk
1.75.2.2  snj 	    |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK);
1.75.2.2  snj 	add_sta_cmd.tid_disable_tx = htole16(0xffff);
1.75.2.2  snj 	if (update)
1.75.2.2  snj 		add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX);
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	if (in->in_ni.ni_flags & IEEE80211_NODE_HT) {
1.75.2.2  snj 		add_sta_cmd.station_flags_msk
1.75.2.2  snj 		    |= htole32(IWM_STA_FLG_MAX_AGG_SIZE_MSK |
1.75.2.2  snj 		    IWM_STA_FLG_AGG_MPDU_DENS_MSK);
1.75.2.2  snj
1.75.2.2  snj 		add_sta_cmd.station_flags
1.75.2.2  snj 		    |= htole32(IWM_STA_FLG_MAX_AGG_SIZE_64K);
1.75.2.2  snj 		switch (ic->ic_ampdu_params & IEEE80211_AMPDU_PARAM_SS) {
1.75.2.2  snj 		case IEEE80211_AMPDU_PARAM_SS_2:
1.75.2.2  snj 			add_sta_cmd.station_flags
1.75.2.2  snj 			    |= htole32(IWM_STA_FLG_AGG_MPDU_DENS_2US);
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IEEE80211_AMPDU_PARAM_SS_4:
1.75.2.2  snj 			add_sta_cmd.station_flags
1.75.2.2  snj 			    |= htole32(IWM_STA_FLG_AGG_MPDU_DENS_4US);
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IEEE80211_AMPDU_PARAM_SS_8:
1.75.2.2  snj 			add_sta_cmd.station_flags
1.75.2.2  snj 			    |= htole32(IWM_STA_FLG_AGG_MPDU_DENS_8US);
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IEEE80211_AMPDU_PARAM_SS_16:
1.75.2.2  snj 			add_sta_cmd.station_flags
1.75.2.2  snj 			    |= htole32(IWM_STA_FLG_AGG_MPDU_DENS_16US);
1.75.2.2  snj 			break;
1.75.2.2  snj 		default:
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	status = IWM_ADD_STA_SUCCESS;
1.75.2.2  snj 	err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(add_sta_cmd),
1.75.2.2  snj 	    &add_sta_cmd, &status);
1.75.2.2  snj 	if (err == 0 && status != IWM_ADD_STA_SUCCESS)
1.75.2.2  snj 		err = EIO;
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_add_aux_sta(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_add_sta_cmd_v7 cmd;
1.75.2.2  snj 	int err;
1.75.2.2  snj 	uint32_t status;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_enable_txq(sc, 0, IWM_AUX_QUEUE, IWM_TX_FIFO_MCAST);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	memset(&cmd, 0, sizeof(cmd));
1.75.2.2  snj 	cmd.sta_id = IWM_AUX_STA_ID;
1.75.2.2  snj 	cmd.mac_id_n_color =
1.75.2.2  snj 	    htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_MAC_INDEX_AUX, 0));
1.75.2.2  snj 	cmd.tfd_queue_msk = htole32(1 << IWM_AUX_QUEUE);
1.75.2.2  snj 	cmd.tid_disable_tx = htole16(0xffff);
1.75.2.2  snj
1.75.2.2  snj 	status = IWM_ADD_STA_SUCCESS;
1.75.2.2  snj 	err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(cmd), &cmd,
1.75.2.2  snj 	    &status);
1.75.2.2  snj 	if (err == 0 && status != IWM_ADD_STA_SUCCESS)
1.75.2.2  snj 		err = EIO;
1.75.2.2  snj
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #define IWM_PLCP_QUIET_THRESH 1
1.75.2.2  snj #define IWM_ACTIVE_QUIET_TIME 10
1.75.2.2  snj #define LONG_OUT_TIME_PERIOD 600
1.75.2.2  snj #define SHORT_OUT_TIME_PERIOD 200
1.75.2.2  snj #define SUSPEND_TIME_PERIOD 100
1.75.2.2  snj
1.75.2.2  snj static uint16_t
1.75.2.2  snj iwm_scan_rx_chain(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	uint16_t rx_chain;
1.75.2.2  snj 	uint8_t rx_ant;
1.75.2.2  snj
1.75.2.2  snj 	rx_ant = iwm_fw_valid_rx_ant(sc);
1.75.2.2  snj 	rx_chain = rx_ant << IWM_PHY_RX_CHAIN_VALID_POS;
1.75.2.2  snj 	rx_chain |= rx_ant << IWM_PHY_RX_CHAIN_FORCE_MIMO_SEL_POS;
1.75.2.2  snj 	rx_chain |= rx_ant << IWM_PHY_RX_CHAIN_FORCE_SEL_POS;
1.75.2.2  snj 	rx_chain |= 0x1 << IWM_PHY_RX_CHAIN_DRIVER_FORCE_POS;
1.75.2.2  snj 	return htole16(rx_chain);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint32_t
1.75.2.2  snj iwm_scan_rate_n_flags(struct iwm_softc *sc, int flags, int no_cck)
1.75.2.2  snj {
1.75.2.2  snj 	uint32_t tx_ant;
1.75.2.2  snj 	int i, ind;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0, ind = sc->sc_scan_last_antenna;
1.75.2.2  snj 	    i < IWM_RATE_MCS_ANT_NUM; i++) {
1.75.2.2  snj 		ind = (ind + 1) % IWM_RATE_MCS_ANT_NUM;
1.75.2.2  snj 		if (iwm_fw_valid_tx_ant(sc) & (1 << ind)) {
1.75.2.2  snj 			sc->sc_scan_last_antenna = ind;
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj 	tx_ant = (1 << sc->sc_scan_last_antenna) << IWM_RATE_MCS_ANT_POS;
1.75.2.2  snj
1.75.2.2  snj 	if ((flags & IEEE80211_CHAN_2GHZ) && !no_cck)
1.75.2.2  snj 		return htole32(IWM_RATE_1M_PLCP | IWM_RATE_MCS_CCK_MSK |
1.75.2.2  snj 				   tx_ant);
1.75.2.2  snj 	else
1.75.2.2  snj 		return htole32(IWM_RATE_6M_PLCP | tx_ant);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj /*
1.75.2.2  snj  * If req->n_ssids > 0, it means we should do an active scan.
1.75.2.2  snj  * In case of active scan w/o directed scan, we receive a zero-length SSID
1.75.2.2  snj  * just to notify that this scan is active and not passive.
1.75.2.2  snj  * In order to notify the FW of the number of SSIDs we wish to scan (including
1.75.2.2  snj  * the zero-length one), we need to set the corresponding bits in chan->type,
1.75.2.2  snj  * one for each SSID, and set the active bit (first). If the first SSID is
1.75.2.2  snj  * already included in the probe template, so we need to set only
1.75.2.2  snj  * req->n_ssids - 1 bits in addition to the first bit.
1.75.2.2  snj  */
1.75.2.2  snj static uint16_t
1.75.2.2  snj iwm_get_active_dwell(struct iwm_softc *sc, int flags, int n_ssids)
1.75.2.2  snj {
1.75.2.2  snj 	if (flags & IEEE80211_CHAN_2GHZ)
1.75.2.2  snj 		return 30  + 3 * (n_ssids + 1);
1.75.2.2  snj 	return 20  + 2 * (n_ssids + 1);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint16_t
1.75.2.2  snj iwm_get_passive_dwell(struct iwm_softc *sc, int flags)
1.75.2.2  snj {
1.75.2.2  snj 	return (flags & IEEE80211_CHAN_2GHZ) ? 100 + 20 : 100 + 10;
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj static uint8_t
1.75.2.2  snj iwm_lmac_scan_fill_channels(struct iwm_softc *sc,
1.75.2.2  snj     struct iwm_scan_channel_cfg_lmac *chan, int n_ssids)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_channel *c;
1.75.2.2  snj 	uint8_t nchan;
1.75.2.2  snj
1.75.2.2  snj 	for (nchan = 0, c = &ic->ic_channels[1];
1.75.2.2  snj 	    c <= &ic->ic_channels[IEEE80211_CHAN_MAX] &&
1.75.2.2  snj 	    nchan < sc->sc_capa_n_scan_channels;
1.75.2.2  snj 	    c++) {
1.75.2.2  snj 		if (c->ic_flags == 0)
1.75.2.2  snj 			continue;
1.75.2.2  snj
1.75.2.2  snj 		chan->channel_num = htole16(ieee80211_mhz2ieee(c->ic_freq, 0));
1.75.2.2  snj 		chan->iter_count = htole16(1);
1.75.2.2  snj 		chan->iter_interval = htole32(0);
1.75.2.2  snj 		chan->flags = htole32(IWM_UNIFIED_SCAN_CHANNEL_PARTIAL);
1.75.2.2  snj 		chan->flags |= htole32(IWM_SCAN_CHANNEL_NSSIDS(n_ssids));
1.75.2.2  snj 		if (!IEEE80211_IS_CHAN_PASSIVE(c) && n_ssids != 0)
1.75.2.2  snj 			chan->flags |= htole32(IWM_SCAN_CHANNEL_TYPE_ACTIVE);
1.75.2.2  snj 		chan++;
1.75.2.2  snj 		nchan++;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return nchan;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint8_t
1.75.2.2  snj iwm_umac_scan_fill_channels(struct iwm_softc *sc,
1.75.2.2  snj     struct iwm_scan_channel_cfg_umac *chan, int n_ssids)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_channel *c;
1.75.2.2  snj 	uint8_t nchan;
1.75.2.2  snj
1.75.2.2  snj 	for (nchan = 0, c = &ic->ic_channels[1];
1.75.2.2  snj 	    c <= &ic->ic_channels[IEEE80211_CHAN_MAX] &&
1.75.2.2  snj 	    nchan < sc->sc_capa_n_scan_channels;
1.75.2.2  snj 	    c++) {
1.75.2.2  snj 		if (c->ic_flags == 0)
1.75.2.2  snj 			continue;
1.75.2.2  snj
1.75.2.2  snj 		chan->channel_num = ieee80211_mhz2ieee(c->ic_freq, 0);
1.75.2.2  snj 		chan->iter_count = 1;
1.75.2.2  snj 		chan->iter_interval = htole16(0);
1.75.2.2  snj 		chan->flags = htole32(IWM_SCAN_CHANNEL_UMAC_NSSIDS(n_ssids));
1.75.2.2  snj 		chan++;
1.75.2.2  snj 		nchan++;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return nchan;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_fill_probe_req(struct iwm_softc *sc, struct iwm_scan_probe_req *preq)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_frame *wh = (struct ieee80211_frame *)preq->buf;
1.75.2.2  snj 	struct ieee80211_rateset *rs;
1.75.2.2  snj 	size_t remain = sizeof(preq->buf);
1.75.2.2  snj 	uint8_t *frm, *pos;
1.75.2.2  snj
1.75.2.2  snj 	memset(preq, 0, sizeof(*preq));
1.75.2.2  snj
1.75.2.2  snj 	if (remain < sizeof(*wh) + 2 + ic->ic_des_esslen)
1.75.2.2  snj 		return ENOBUFS;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Build a probe request frame.  Most of the following code is a
1.75.2.2  snj 	 * copy & paste of what is done in net80211.
1.75.2.2  snj 	 */
1.75.2.2  snj 	wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
1.75.2.2  snj 	    IEEE80211_FC0_SUBTYPE_PROBE_REQ;
1.75.2.2  snj 	wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1.75.2.2  snj 	IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr);
1.75.2.2  snj 	IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr);
1.75.2.2  snj 	IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr);
1.75.2.2  snj 	*(uint16_t *)&wh->i_dur[0] = 0;	/* filled by HW */
1.75.2.2  snj 	*(uint16_t *)&wh->i_seq[0] = 0;	/* filled by HW */
1.75.2.2  snj
1.75.2.2  snj 	frm = (uint8_t *)(wh + 1);
1.75.2.2  snj 	frm = ieee80211_add_ssid(frm, ic->ic_des_essid, ic->ic_des_esslen);
1.75.2.2  snj
1.75.2.2  snj 	/* Tell the firmware where the MAC header is. */
1.75.2.2  snj 	preq->mac_header.offset = 0;
1.75.2.2  snj 	preq->mac_header.len = htole16(frm - (uint8_t *)wh);
1.75.2.2  snj 	remain -= frm - (uint8_t *)wh;
1.75.2.2  snj
1.75.2.2  snj 	/* Fill in 2GHz IEs and tell firmware where they are. */
1.75.2.2  snj 	rs = &ic->ic_sup_rates[IEEE80211_MODE_11G];
1.75.2.2  snj 	if (rs->rs_nrates > IEEE80211_RATE_SIZE) {
1.75.2.2  snj 		if (remain < 4 + rs->rs_nrates)
1.75.2.2  snj 			return ENOBUFS;
1.75.2.2  snj 	} else if (remain < 2 + rs->rs_nrates)
1.75.2.2  snj 		return ENOBUFS;
1.75.2.2  snj 	preq->band_data[0].offset = htole16(frm - (uint8_t *)wh);
1.75.2.2  snj 	pos = frm;
1.75.2.2  snj 	frm = ieee80211_add_rates(frm, rs);
1.75.2.2  snj 	if (rs->rs_nrates > IEEE80211_RATE_SIZE)
1.75.2.2  snj 		frm = ieee80211_add_xrates(frm, rs);
1.75.2.2  snj 	preq->band_data[0].len = htole16(frm - pos);
1.75.2.2  snj 	remain -= frm - pos;
1.75.2.2  snj
1.75.2.2  snj 	if (isset(sc->sc_enabled_capa,
1.75.2.2  snj 	    IWM_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT)) {
1.75.2.2  snj 		if (remain < 3)
1.75.2.2  snj 			return ENOBUFS;
1.75.2.2  snj 		*frm++ = IEEE80211_ELEMID_DSPARMS;
1.75.2.2  snj 		*frm++ = 1;
1.75.2.2  snj 		*frm++ = 0;
1.75.2.2  snj 		remain -= 3;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_nvm.sku_cap_band_52GHz_enable) {
1.75.2.2  snj 		/* Fill in 5GHz IEs. */
1.75.2.2  snj 		rs = &ic->ic_sup_rates[IEEE80211_MODE_11A];
1.75.2.2  snj 		if (rs->rs_nrates > IEEE80211_RATE_SIZE) {
1.75.2.2  snj 			if (remain < 4 + rs->rs_nrates)
1.75.2.2  snj 				return ENOBUFS;
1.75.2.2  snj 		} else if (remain < 2 + rs->rs_nrates)
1.75.2.2  snj 			return ENOBUFS;
1.75.2.2  snj 		preq->band_data[1].offset = htole16(frm - (uint8_t *)wh);
1.75.2.2  snj 		pos = frm;
1.75.2.2  snj 		frm = ieee80211_add_rates(frm, rs);
1.75.2.2  snj 		if (rs->rs_nrates > IEEE80211_RATE_SIZE)
1.75.2.2  snj 			frm = ieee80211_add_xrates(frm, rs);
1.75.2.2  snj 		preq->band_data[1].len = htole16(frm - pos);
1.75.2.2  snj 		remain -= frm - pos;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	/* Send 11n IEs on both 2GHz and 5GHz bands. */
1.75.2.2  snj 	preq->common_data.offset = htole16(frm - (uint8_t *)wh);
1.75.2.2  snj 	pos = frm;
1.75.2.2  snj 	if (ic->ic_flags & IEEE80211_F_HTON) {
1.75.2.2  snj 		if (remain < 28)
1.75.2.2  snj 			return ENOBUFS;
1.75.2.2  snj 		frm = ieee80211_add_htcaps(frm, ic);
1.75.2.2  snj 		/* XXX add WME info? */
1.75.2.2  snj 	}
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	preq->common_data.len = htole16(frm - pos);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_lmac_scan(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_host_cmd hcmd = {
1.75.2.2  snj 		.id = IWM_SCAN_OFFLOAD_REQUEST_CMD,
1.75.2.2  snj 		.len = { 0, },
1.75.2.2  snj 		.data = { NULL, },
1.75.2.2  snj 		.flags = 0,
1.75.2.2  snj 	};
1.75.2.2  snj 	struct iwm_scan_req_lmac *req;
1.75.2.2  snj 	size_t req_len;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("%s: %s\n", DEVNAME(sc), __func__));
1.75.2.2  snj
1.75.2.2  snj 	req_len = sizeof(struct iwm_scan_req_lmac) +
1.75.2.2  snj 	    (sizeof(struct iwm_scan_channel_cfg_lmac) *
1.75.2.2  snj 	    sc->sc_capa_n_scan_channels) + sizeof(struct iwm_scan_probe_req);
1.75.2.2  snj 	if (req_len > IWM_MAX_CMD_PAYLOAD_SIZE)
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj 	req = kmem_zalloc(req_len, KM_SLEEP);
1.75.2.2  snj 	if (req == NULL)
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj
1.75.2.2  snj 	hcmd.len[0] = (uint16_t)req_len;
1.75.2.2  snj 	hcmd.data[0] = (void *)req;
1.75.2.2  snj
1.75.2.2  snj 	/* These timings correspond to iwlwifi's UNASSOC scan. */
1.75.2.2  snj 	req->active_dwell = 10;
1.75.2.2  snj 	req->passive_dwell = 110;
1.75.2.2  snj 	req->fragmented_dwell = 44;
1.75.2.2  snj 	req->extended_dwell = 90;
1.75.2.2  snj 	req->max_out_time = 0;
1.75.2.2  snj 	req->suspend_time = 0;
1.75.2.2  snj
1.75.2.2  snj 	req->scan_prio = htole32(IWM_SCAN_PRIORITY_HIGH);
1.75.2.2  snj 	req->rx_chain_select = iwm_scan_rx_chain(sc);
1.75.2.2  snj 	req->iter_num = htole32(1);
1.75.2.2  snj 	req->delay = 0;
1.75.2.2  snj
1.75.2.2  snj 	req->scan_flags = htole32(IWM_LMAC_SCAN_FLAG_PASS_ALL |
1.75.2.2  snj 	    IWM_LMAC_SCAN_FLAG_ITER_COMPLETE |
1.75.2.2  snj 	    IWM_LMAC_SCAN_FLAG_EXTENDED_DWELL);
1.75.2.2  snj 	if (ic->ic_des_esslen == 0)
1.75.2.2  snj 		req->scan_flags |= htole32(IWM_LMAC_SCAN_FLAG_PASSIVE);
1.75.2.2  snj 	else
1.75.2.2  snj 		req->scan_flags |= htole32(IWM_LMAC_SCAN_FLAG_PRE_CONNECTION);
1.75.2.2  snj 	if (isset(sc->sc_enabled_capa,
1.75.2.2  snj 	    IWM_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT))
1.75.2.2  snj 		req->scan_flags |= htole32(IWM_LMAC_SCAN_FLAGS_RRM_ENABLED);
1.75.2.2  snj
1.75.2.2  snj 	req->flags = htole32(IWM_PHY_BAND_24);
1.75.2.2  snj 	if (sc->sc_nvm.sku_cap_band_52GHz_enable)
1.75.2.2  snj 		req->flags |= htole32(IWM_PHY_BAND_5);
1.75.2.2  snj 	req->filter_flags =
1.75.2.2  snj 	    htole32(IWM_MAC_FILTER_ACCEPT_GRP | IWM_MAC_FILTER_IN_BEACON);
1.75.2.2  snj
1.75.2.2  snj 	/* Tx flags 2 GHz. */
1.75.2.2  snj 	req->tx_cmd[0].tx_flags = htole32(IWM_TX_CMD_FLG_SEQ_CTL |
1.75.2.2  snj 	    IWM_TX_CMD_FLG_BT_DIS);
1.75.2.2  snj 	req->tx_cmd[0].rate_n_flags =
1.75.2.2  snj 	    iwm_scan_rate_n_flags(sc, IEEE80211_CHAN_2GHZ, 1/*XXX*/);
1.75.2.2  snj 	req->tx_cmd[0].sta_id = IWM_AUX_STA_ID;
1.75.2.2  snj
1.75.2.2  snj 	/* Tx flags 5 GHz. */
1.75.2.2  snj 	req->tx_cmd[1].tx_flags = htole32(IWM_TX_CMD_FLG_SEQ_CTL |
1.75.2.2  snj 	    IWM_TX_CMD_FLG_BT_DIS);
1.75.2.2  snj 	req->tx_cmd[1].rate_n_flags =
1.75.2.2  snj 	    iwm_scan_rate_n_flags(sc, IEEE80211_CHAN_5GHZ, 1/*XXX*/);
1.75.2.2  snj 	req->tx_cmd[1].sta_id = IWM_AUX_STA_ID;
1.75.2.2  snj
1.75.2.2  snj 	/* Check if we're doing an active directed scan. */
1.75.2.2  snj 	if (ic->ic_des_esslen != 0) {
1.75.2.2  snj 		req->direct_scan[0].id = IEEE80211_ELEMID_SSID;
1.75.2.2  snj 		req->direct_scan[0].len = ic->ic_des_esslen;
1.75.2.2  snj 		memcpy(req->direct_scan[0].ssid, ic->ic_des_essid,
1.75.2.2  snj 		    ic->ic_des_esslen);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	req->n_channels = iwm_lmac_scan_fill_channels(sc,
1.75.2.2  snj 	    (struct iwm_scan_channel_cfg_lmac *)req->data,
1.75.2.2  snj 	    ic->ic_des_esslen != 0);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_fill_probe_req(sc,
1.75.2.2  snj 	    (struct iwm_scan_probe_req *)(req->data +
1.75.2.2  snj 	    (sizeof(struct iwm_scan_channel_cfg_lmac) *
1.75.2.2  snj 	     sc->sc_capa_n_scan_channels)));
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		kmem_free(req, req_len);
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Specify the scan plan: We'll do one iteration. */
1.75.2.2  snj 	req->schedule[0].iterations = 1;
1.75.2.2  snj 	req->schedule[0].full_scan_mul = 1;
1.75.2.2  snj
1.75.2.2  snj 	/* Disable EBS. */
1.75.2.2  snj 	req->channel_opt[0].non_ebs_ratio = 1;
1.75.2.2  snj 	req->channel_opt[1].non_ebs_ratio = 1;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd(sc, &hcmd);
1.75.2.2  snj 	kmem_free(req, req_len);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_config_umac_scan(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_scan_config *scan_config;
1.75.2.2  snj 	int err, nchan;
1.75.2.2  snj 	size_t cmd_size;
1.75.2.2  snj 	struct ieee80211_channel *c;
1.75.2.2  snj 	struct iwm_host_cmd hcmd = {
1.75.2.2  snj 		.id = iwm_cmd_id(IWM_SCAN_CFG_CMD, IWM_ALWAYS_LONG_GROUP, 0),
1.75.2.2  snj 		.flags = 0,
1.75.2.2  snj 	};
1.75.2.2  snj 	static const uint32_t rates = (IWM_SCAN_CONFIG_RATE_1M |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_RATE_2M | IWM_SCAN_CONFIG_RATE_5M |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_RATE_11M | IWM_SCAN_CONFIG_RATE_6M |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_RATE_9M | IWM_SCAN_CONFIG_RATE_12M |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_RATE_18M | IWM_SCAN_CONFIG_RATE_24M |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_RATE_36M | IWM_SCAN_CONFIG_RATE_48M |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_RATE_54M);
1.75.2.2  snj
1.75.2.2  snj 	cmd_size = sizeof(*scan_config) + sc->sc_capa_n_scan_channels;
1.75.2.2  snj
1.75.2.2  snj 	scan_config = kmem_zalloc(cmd_size, KM_SLEEP);
1.75.2.2  snj 	if (scan_config == NULL)
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj
1.75.2.2  snj 	scan_config->tx_chains = htole32(iwm_fw_valid_tx_ant(sc));
1.75.2.2  snj 	scan_config->rx_chains = htole32(iwm_fw_valid_rx_ant(sc));
1.75.2.2  snj 	scan_config->legacy_rates = htole32(rates |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_SUPPORTED_RATE(rates));
1.75.2.2  snj
1.75.2.2  snj 	/* These timings correspond to iwlwifi's UNASSOC scan. */
1.75.2.2  snj 	scan_config->dwell_active = 10;
1.75.2.2  snj 	scan_config->dwell_passive = 110;
1.75.2.2  snj 	scan_config->dwell_fragmented = 44;
1.75.2.2  snj 	scan_config->dwell_extended = 90;
1.75.2.2  snj 	scan_config->out_of_channel_time = htole32(0);
1.75.2.2  snj 	scan_config->suspend_time = htole32(0);
1.75.2.2  snj
1.75.2.2  snj 	IEEE80211_ADDR_COPY(scan_config->mac_addr, sc->sc_ic.ic_myaddr);
1.75.2.2  snj
1.75.2.2  snj 	scan_config->bcast_sta_id = IWM_AUX_STA_ID;
1.75.2.2  snj 	scan_config->channel_flags = IWM_CHANNEL_FLAG_EBS |
1.75.2.2  snj 	    IWM_CHANNEL_FLAG_ACCURATE_EBS | IWM_CHANNEL_FLAG_EBS_ADD |
1.75.2.2  snj 	    IWM_CHANNEL_FLAG_PRE_SCAN_PASSIVE2ACTIVE;
1.75.2.2  snj
1.75.2.2  snj 	for (c = &ic->ic_channels[1], nchan = 0;
1.75.2.2  snj 	    c <= &ic->ic_channels[IEEE80211_CHAN_MAX] &&
1.75.2.2  snj 	    nchan < sc->sc_capa_n_scan_channels; c++) {
1.75.2.2  snj 		if (c->ic_flags == 0)
1.75.2.2  snj 			continue;
1.75.2.2  snj 		scan_config->channel_array[nchan++] =
1.75.2.2  snj 		    ieee80211_mhz2ieee(c->ic_freq, 0);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	scan_config->flags = htole32(IWM_SCAN_CONFIG_FLAG_ACTIVATE |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_SET_TX_CHAINS |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_SET_RX_CHAINS |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_SET_AUX_STA_ID |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_SET_ALL_TIMES |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_SET_LEGACY_RATES |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_SET_MAC_ADDR |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS|
1.75.2.2  snj 	    IWM_SCAN_CONFIG_N_CHANNELS(nchan) |
1.75.2.2  snj 	    IWM_SCAN_CONFIG_FLAG_CLEAR_FRAGMENTED);
1.75.2.2  snj
1.75.2.2  snj 	hcmd.data[0] = scan_config;
1.75.2.2  snj 	hcmd.len[0] = cmd_size;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd(sc, &hcmd);
1.75.2.2  snj 	kmem_free(scan_config, cmd_size);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_umac_scan(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_host_cmd hcmd = {
1.75.2.2  snj 		.id = iwm_cmd_id(IWM_SCAN_REQ_UMAC, IWM_ALWAYS_LONG_GROUP, 0),
1.75.2.2  snj 		.len = { 0, },
1.75.2.2  snj 		.data = { NULL, },
1.75.2.2  snj 		.flags = 0,
1.75.2.2  snj 	};
1.75.2.2  snj 	struct iwm_scan_req_umac *req;
1.75.2.2  snj 	struct iwm_scan_req_umac_tail *tail;
1.75.2.2  snj 	size_t req_len;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("%s: %s\n", DEVNAME(sc), __func__));
1.75.2.2  snj
1.75.2.2  snj 	req_len = sizeof(struct iwm_scan_req_umac) +
1.75.2.2  snj 	    (sizeof(struct iwm_scan_channel_cfg_umac) *
1.75.2.2  snj 	    sc->sc_capa_n_scan_channels) +
1.75.2.2  snj 	    sizeof(struct iwm_scan_req_umac_tail);
1.75.2.2  snj 	if (req_len > IWM_MAX_CMD_PAYLOAD_SIZE)
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj 	req = kmem_zalloc(req_len, KM_SLEEP);
1.75.2.2  snj 	if (req == NULL)
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj
1.75.2.2  snj 	hcmd.len[0] = (uint16_t)req_len;
1.75.2.2  snj 	hcmd.data[0] = (void *)req;
1.75.2.2  snj
1.75.2.2  snj 	/* These timings correspond to iwlwifi's UNASSOC scan. */
1.75.2.2  snj 	req->active_dwell = 10;
1.75.2.2  snj 	req->passive_dwell = 110;
1.75.2.2  snj 	req->fragmented_dwell = 44;
1.75.2.2  snj 	req->extended_dwell = 90;
1.75.2.2  snj 	req->max_out_time = 0;
1.75.2.2  snj 	req->suspend_time = 0;
1.75.2.2  snj
1.75.2.2  snj 	req->scan_priority = htole32(IWM_SCAN_PRIORITY_HIGH);
1.75.2.2  snj 	req->ooc_priority = htole32(IWM_SCAN_PRIORITY_HIGH);
1.75.2.2  snj
1.75.2.2  snj 	req->n_channels = iwm_umac_scan_fill_channels(sc,
1.75.2.2  snj 	    (struct iwm_scan_channel_cfg_umac *)req->data,
1.75.2.2  snj 	    ic->ic_des_esslen != 0);
1.75.2.2  snj
1.75.2.2  snj 	req->general_flags = htole32(IWM_UMAC_SCAN_GEN_FLAGS_PASS_ALL |
1.75.2.2  snj 	    IWM_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE |
1.75.2.2  snj 	    IWM_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL);
1.75.2.2  snj
1.75.2.2  snj 	tail = (struct iwm_scan_req_umac_tail *)(req->data +
1.75.2.2  snj 		sizeof(struct iwm_scan_channel_cfg_umac) *
1.75.2.2  snj 			sc->sc_capa_n_scan_channels);
1.75.2.2  snj
1.75.2.2  snj 	/* Check if we're doing an active directed scan. */
1.75.2.2  snj 	if (ic->ic_des_esslen != 0) {
1.75.2.2  snj 		tail->direct_scan[0].id = IEEE80211_ELEMID_SSID;
1.75.2.2  snj 		tail->direct_scan[0].len = ic->ic_des_esslen;
1.75.2.2  snj 		memcpy(tail->direct_scan[0].ssid, ic->ic_des_essid,
1.75.2.2  snj 		    ic->ic_des_esslen);
1.75.2.2  snj 		req->general_flags |=
1.75.2.2  snj 		    htole32(IWM_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT);
1.75.2.2  snj 	} else
1.75.2.2  snj 		req->general_flags |= htole32(IWM_UMAC_SCAN_GEN_FLAGS_PASSIVE);
1.75.2.2  snj
1.75.2.2  snj 	if (isset(sc->sc_enabled_capa,
1.75.2.2  snj 	    IWM_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT))
1.75.2.2  snj 		req->general_flags |=
1.75.2.2  snj 		    htole32(IWM_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_fill_probe_req(sc, &tail->preq);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		kmem_free(req, req_len);
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Specify the scan plan: We'll do one iteration. */
1.75.2.2  snj 	tail->schedule[0].interval = 0;
1.75.2.2  snj 	tail->schedule[0].iter_count = 1;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd(sc, &hcmd);
1.75.2.2  snj 	kmem_free(req, req_len);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static uint8_t
1.75.2.2  snj iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx)
1.75.2.2  snj {
1.75.2.2  snj 	int i;
1.75.2.2  snj 	uint8_t rval;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < rs->rs_nrates; i++) {
1.75.2.2  snj 		rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL);
1.75.2.2  snj 		if (rval == iwm_rates[ridx].rate)
1.75.2.2  snj 			return rs->rs_rates[i];
1.75.2.2  snj 	}
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_ack_rates(struct iwm_softc *sc, struct iwm_node *in, int *cck_rates,
1.75.2.2  snj     int *ofdm_rates)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211_node *ni = &in->in_ni;
1.75.2.2  snj 	struct ieee80211_rateset *rs = &ni->ni_rates;
1.75.2.2  snj 	int lowest_present_ofdm = -1;
1.75.2.2  snj 	int lowest_present_cck = -1;
1.75.2.2  snj 	uint8_t cck = 0;
1.75.2.2  snj 	uint8_t ofdm = 0;
1.75.2.2  snj 	int i;
1.75.2.2  snj
1.75.2.2  snj 	if (ni->ni_chan == IEEE80211_CHAN_ANYC ||
1.75.2.2  snj 	    IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
1.75.2.2  snj 		for (i = IWM_FIRST_CCK_RATE; i < IWM_FIRST_OFDM_RATE; i++) {
1.75.2.2  snj 			if ((iwm_ridx2rate(rs, i) & IEEE80211_RATE_BASIC) == 0)
1.75.2.2  snj 				continue;
1.75.2.2  snj 			cck |= (1 << i);
1.75.2.2  snj 			if (lowest_present_cck == -1 || lowest_present_cck > i)
1.75.2.2  snj 				lowest_present_cck = i;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj 	for (i = IWM_FIRST_OFDM_RATE; i <= IWM_LAST_NON_HT_RATE; i++) {
1.75.2.2  snj 		if ((iwm_ridx2rate(rs, i) & IEEE80211_RATE_BASIC) == 0)
1.75.2.2  snj 			continue;
1.75.2.2  snj 		ofdm |= (1 << (i - IWM_FIRST_OFDM_RATE));
1.75.2.2  snj 		if (lowest_present_ofdm == -1 || lowest_present_ofdm > i)
1.75.2.2  snj 			lowest_present_ofdm = i;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Now we've got the basic rates as bitmaps in the ofdm and cck
1.75.2.2  snj 	 * variables. This isn't sufficient though, as there might not
1.75.2.2  snj 	 * be all the right rates in the bitmap. E.g. if the only basic
1.75.2.2  snj 	 * rates are 5.5 Mbps and 11 Mbps, we still need to add 1 Mbps
1.75.2.2  snj 	 * and 6 Mbps because the 802.11-2007 standard says in 9.6:
1.75.2.2  snj 	 *
1.75.2.2  snj 	 *    [...] a STA responding to a received frame shall transmit
1.75.2.2  snj 	 *    its Control Response frame [...] at the highest rate in the
1.75.2.2  snj 	 *    BSSBasicRateSet parameter that is less than or equal to the
1.75.2.2  snj 	 *    rate of the immediately previous frame in the frame exchange
1.75.2.2  snj 	 *    sequence ([...]) and that is of the same modulation class
1.75.2.2  snj 	 *    ([...]) as the received frame. If no rate contained in the
1.75.2.2  snj 	 *    BSSBasicRateSet parameter meets these conditions, then the
1.75.2.2  snj 	 *    control frame sent in response to a received frame shall be
1.75.2.2  snj 	 *    transmitted at the highest mandatory rate of the PHY that is
1.75.2.2  snj 	 *    less than or equal to the rate of the received frame, and
1.75.2.2  snj 	 *    that is of the same modulation class as the received frame.
1.75.2.2  snj 	 *
1.75.2.2  snj 	 * As a consequence, we need to add all mandatory rates that are
1.75.2.2  snj 	 * lower than all of the basic rates to these bitmaps.
1.75.2.2  snj 	 */
1.75.2.2  snj
1.75.2.2  snj 	if (IWM_RATE_24M_INDEX < lowest_present_ofdm)
1.75.2.2  snj 		ofdm |= IWM_RATE_BIT_MSK(24) >> IWM_FIRST_OFDM_RATE;
1.75.2.2  snj 	if (IWM_RATE_12M_INDEX < lowest_present_ofdm)
1.75.2.2  snj 		ofdm |= IWM_RATE_BIT_MSK(12) >> IWM_FIRST_OFDM_RATE;
1.75.2.2  snj 	/* 6M already there or needed so always add */
1.75.2.2  snj 	ofdm |= IWM_RATE_BIT_MSK(6) >> IWM_FIRST_OFDM_RATE;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * CCK is a bit more complex with DSSS vs. HR/DSSS vs. ERP.
1.75.2.2  snj 	 * Note, however:
1.75.2.2  snj 	 *  - if no CCK rates are basic, it must be ERP since there must
1.75.2.2  snj 	 *    be some basic rates at all, so they're OFDM => ERP PHY
1.75.2.2  snj 	 *    (or we're in 5 GHz, and the cck bitmap will never be used)
1.75.2.2  snj 	 *  - if 11M is a basic rate, it must be ERP as well, so add 5.5M
1.75.2.2  snj 	 *  - if 5.5M is basic, 1M and 2M are mandatory
1.75.2.2  snj 	 *  - if 2M is basic, 1M is mandatory
1.75.2.2  snj 	 *  - if 1M is basic, that's the only valid ACK rate.
1.75.2.2  snj 	 * As a consequence, it's not as complicated as it sounds, just add
1.75.2.2  snj 	 * any lower rates to the ACK rate bitmap.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (IWM_RATE_11M_INDEX < lowest_present_cck)
1.75.2.2  snj 		cck |= IWM_RATE_BIT_MSK(11) >> IWM_FIRST_CCK_RATE;
1.75.2.2  snj 	if (IWM_RATE_5M_INDEX < lowest_present_cck)
1.75.2.2  snj 		cck |= IWM_RATE_BIT_MSK(5) >> IWM_FIRST_CCK_RATE;
1.75.2.2  snj 	if (IWM_RATE_2M_INDEX < lowest_present_cck)
1.75.2.2  snj 		cck |= IWM_RATE_BIT_MSK(2) >> IWM_FIRST_CCK_RATE;
1.75.2.2  snj 	/* 1M already there or needed so always add */
1.75.2.2  snj 	cck |= IWM_RATE_BIT_MSK(1) >> IWM_FIRST_CCK_RATE;
1.75.2.2  snj
1.75.2.2  snj 	*cck_rates = cck;
1.75.2.2  snj 	*ofdm_rates = ofdm;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_mac_ctxt_cmd_common(struct iwm_softc *sc, struct iwm_node *in,
1.75.2.2  snj     struct iwm_mac_ctx_cmd *cmd, uint32_t action, int assoc)
1.75.2.2  snj {
1.75.2.2  snj #define IWM_EXP2(x)	((1 << (x)) - 1)	/* CWmin = 2^ECWmin - 1 */
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_node *ni = ic->ic_bss;
1.75.2.2  snj 	int cck_ack_rates, ofdm_ack_rates;
1.75.2.2  snj 	int i;
1.75.2.2  snj
1.75.2.2  snj 	cmd->id_and_color = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id,
1.75.2.2  snj 	    in->in_color));
1.75.2.2  snj 	cmd->action = htole32(action);
1.75.2.2  snj
1.75.2.2  snj 	cmd->mac_type = htole32(IWM_FW_MAC_TYPE_BSS_STA);
1.75.2.2  snj 	cmd->tsf_id = htole32(IWM_TSF_ID_A);
1.75.2.2  snj
1.75.2.2  snj 	IEEE80211_ADDR_COPY(cmd->node_addr, ic->ic_myaddr);
1.75.2.2  snj 	IEEE80211_ADDR_COPY(cmd->bssid_addr, ni->ni_bssid);
1.75.2.2  snj
1.75.2.2  snj 	iwm_ack_rates(sc, in, &cck_ack_rates, &ofdm_ack_rates);
1.75.2.2  snj 	cmd->cck_rates = htole32(cck_ack_rates);
1.75.2.2  snj 	cmd->ofdm_rates = htole32(ofdm_ack_rates);
1.75.2.2  snj
1.75.2.2  snj 	cmd->cck_short_preamble
1.75.2.2  snj 	    = htole32((ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1.75.2.2  snj 	      ? IWM_MAC_FLG_SHORT_PREAMBLE : 0);
1.75.2.2  snj 	cmd->short_slot
1.75.2.2  snj 	    = htole32((ic->ic_flags & IEEE80211_F_SHSLOT)
1.75.2.2  snj 	      ? IWM_MAC_FLG_SHORT_SLOT : 0);
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < WME_NUM_AC; i++) {
1.75.2.2  snj 		struct wmeParams *wmep = &ic->ic_wme.wme_params[i];
1.75.2.2  snj 		int txf = iwm_ac_to_tx_fifo[i];
1.75.2.2  snj
1.75.2.2  snj 		cmd->ac[txf].cw_min = htole16(IWM_EXP2(wmep->wmep_logcwmin));
1.75.2.2  snj 		cmd->ac[txf].cw_max = htole16(IWM_EXP2(wmep->wmep_logcwmax));
1.75.2.2  snj 		cmd->ac[txf].aifsn = wmep->wmep_aifsn;
1.75.2.2  snj 		cmd->ac[txf].fifos_mask = (1 << txf);
1.75.2.2  snj 		cmd->ac[txf].edca_txop = htole16(wmep->wmep_txopLimit * 32);
1.75.2.2  snj 	}
1.75.2.2  snj 	if (ni->ni_flags & IEEE80211_NODE_QOS)
1.75.2.2  snj 		cmd->qos_flags |= htole32(IWM_MAC_QOS_FLG_UPDATE_EDCA);
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	if (ni->ni_flags & IEEE80211_NODE_HT) {
1.75.2.2  snj 		enum ieee80211_htprot htprot =
1.75.2.2  snj 		    (ni->ni_htop1 & IEEE80211_HTOP1_PROT_MASK);
1.75.2.2  snj 		switch (htprot) {
1.75.2.2  snj 		case IEEE80211_HTPROT_NONE:
1.75.2.2  snj 			break;
1.75.2.2  snj 		case IEEE80211_HTPROT_NONMEMBER:
1.75.2.2  snj 		case IEEE80211_HTPROT_NONHT_MIXED:
1.75.2.2  snj 			cmd->protection_flags |=
1.75.2.2  snj 			    htole32(IWM_MAC_PROT_FLG_HT_PROT);
1.75.2.2  snj 		case IEEE80211_HTPROT_20MHZ:
1.75.2.2  snj 			cmd->protection_flags |=
1.75.2.2  snj 			    htole32(IWM_MAC_PROT_FLG_HT_PROT |
1.75.2.2  snj 			    IWM_MAC_PROT_FLG_FAT_PROT);
1.75.2.2  snj 			break;
1.75.2.2  snj 		default:
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		cmd->qos_flags |= htole32(IWM_MAC_QOS_FLG_TGN);
1.75.2.2  snj 	}
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	if (ic->ic_flags & IEEE80211_F_USEPROT)
1.75.2.2  snj 		cmd->protection_flags |= htole32(IWM_MAC_PROT_FLG_TGG_PROTECT);
1.75.2.2  snj
1.75.2.2  snj 	cmd->filter_flags = htole32(IWM_MAC_FILTER_ACCEPT_GRP);
1.75.2.2  snj #undef IWM_EXP2
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_mac_ctxt_cmd_fill_sta(struct iwm_softc *sc, struct iwm_node *in,
1.75.2.2  snj     struct iwm_mac_data_sta *sta, int assoc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211_node *ni = &in->in_ni;
1.75.2.2  snj 	uint32_t dtim_off;
1.75.2.2  snj 	uint64_t tsf;
1.75.2.2  snj
1.75.2.2  snj 	dtim_off = ni->ni_dtim_count * ni->ni_intval * IEEE80211_DUR_TU;
1.75.2.2  snj 	tsf = le64toh(ni->ni_tstamp.tsf);
1.75.2.2  snj
1.75.2.2  snj 	sta->is_assoc = htole32(assoc);
1.75.2.2  snj 	sta->dtim_time = htole32(ni->ni_rstamp + dtim_off);
1.75.2.2  snj 	sta->dtim_tsf = htole64(tsf + dtim_off);
1.75.2.2  snj 	sta->bi = htole32(ni->ni_intval);
1.75.2.2  snj 	sta->bi_reciprocal = htole32(iwm_reciprocal(ni->ni_intval));
1.75.2.2  snj 	sta->dtim_interval = htole32(ni->ni_intval * ni->ni_dtim_period);
1.75.2.2  snj 	sta->dtim_reciprocal = htole32(iwm_reciprocal(sta->dtim_interval));
1.75.2.2  snj 	sta->listen_interval = htole32(10);
1.75.2.2  snj 	sta->assoc_id = htole32(ni->ni_associd);
1.75.2.2  snj 	sta->assoc_beacon_arrive_time = htole32(ni->ni_rstamp);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_mac_ctxt_cmd(struct iwm_softc *sc, struct iwm_node *in, uint32_t action,
1.75.2.2  snj     int assoc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211_node *ni = &in->in_ni;
1.75.2.2  snj 	struct iwm_mac_ctx_cmd cmd;
1.75.2.2  snj
1.75.2.2  snj 	memset(&cmd, 0, sizeof(cmd));
1.75.2.2  snj
1.75.2.2  snj 	iwm_mac_ctxt_cmd_common(sc, in, &cmd, action, assoc);
1.75.2.2  snj
1.75.2.2  snj 	/* Allow beacons to pass through as long as we are not associated or we
1.75.2.2  snj 	 * do not have dtim period information */
1.75.2.2  snj 	if (!assoc || !ni->ni_associd || !ni->ni_dtim_period)
1.75.2.2  snj 		cmd.filter_flags |= htole32(IWM_MAC_FILTER_IN_BEACON);
1.75.2.2  snj 	else
1.75.2.2  snj 		iwm_mac_ctxt_cmd_fill_sta(sc, in, &cmd.sta, assoc);
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_MAC_CONTEXT_CMD, 0, sizeof(cmd), &cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #define IWM_MISSED_BEACONS_THRESHOLD 8
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_rx_missed_beacons_notif(struct iwm_softc *sc,
1.75.2.2  snj 	struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_missed_beacons_notif *mb = (void *)pkt->data;
1.75.2.2  snj 	int s;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("missed bcn mac_id=%u, consecutive=%u (%u, %u, %u)\n",
1.75.2.2  snj 	    le32toh(mb->mac_id),
1.75.2.2  snj 	    le32toh(mb->consec_missed_beacons),
1.75.2.2  snj 	    le32toh(mb->consec_missed_beacons_since_last_rx),
1.75.2.2  snj 	    le32toh(mb->num_recvd_beacons),
1.75.2.2  snj 	    le32toh(mb->num_expected_beacons)));
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * TODO: the threshold should be adjusted based on latency conditions,
1.75.2.2  snj 	 * and/or in case of a CS flow on one of the other AP vifs.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (le32toh(mb->consec_missed_beacons_since_last_rx) >
1.75.2.2  snj 	    IWM_MISSED_BEACONS_THRESHOLD) {
1.75.2.2  snj 		s = splnet();
1.75.2.2  snj 		ieee80211_beacon_miss(&sc->sc_ic);
1.75.2.2  snj 		splx(s);
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_update_quotas(struct iwm_softc *sc, struct iwm_node *in)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_time_quota_cmd cmd;
1.75.2.2  snj 	int i, idx, num_active_macs, quota, quota_rem;
1.75.2.2  snj 	int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
1.75.2.2  snj 	int n_ifs[IWM_MAX_BINDINGS] = {0, };
1.75.2.2  snj 	uint16_t id;
1.75.2.2  snj
1.75.2.2  snj 	memset(&cmd, 0, sizeof(cmd));
1.75.2.2  snj
1.75.2.2  snj 	/* currently, PHY ID == binding ID */
1.75.2.2  snj 	if (in) {
1.75.2.2  snj 		id = in->in_phyctxt->id;
1.75.2.2  snj 		KASSERT(id < IWM_MAX_BINDINGS);
1.75.2.2  snj 		colors[id] = in->in_phyctxt->color;
1.75.2.2  snj
1.75.2.2  snj 		if (1)
1.75.2.2  snj 			n_ifs[id] = 1;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * The FW's scheduling session consists of
1.75.2.2  snj 	 * IWM_MAX_QUOTA fragments. Divide these fragments
1.75.2.2  snj 	 * equally between all the bindings that require quota
1.75.2.2  snj 	 */
1.75.2.2  snj 	num_active_macs = 0;
1.75.2.2  snj 	for (i = 0; i < IWM_MAX_BINDINGS; i++) {
1.75.2.2  snj 		cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
1.75.2.2  snj 		num_active_macs += n_ifs[i];
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	quota = 0;
1.75.2.2  snj 	quota_rem = 0;
1.75.2.2  snj 	if (num_active_macs) {
1.75.2.2  snj 		quota = IWM_MAX_QUOTA / num_active_macs;
1.75.2.2  snj 		quota_rem = IWM_MAX_QUOTA % num_active_macs;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
1.75.2.2  snj 		if (colors[i] < 0)
1.75.2.2  snj 			continue;
1.75.2.2  snj
1.75.2.2  snj 		cmd.quotas[idx].id_and_color =
1.75.2.2  snj 			htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
1.75.2.2  snj
1.75.2.2  snj 		if (n_ifs[i] <= 0) {
1.75.2.2  snj 			cmd.quotas[idx].quota = htole32(0);
1.75.2.2  snj 			cmd.quotas[idx].max_duration = htole32(0);
1.75.2.2  snj 		} else {
1.75.2.2  snj 			cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
1.75.2.2  snj 			cmd.quotas[idx].max_duration = htole32(0);
1.75.2.2  snj 		}
1.75.2.2  snj 		idx++;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Give the remainder of the session to the first binding */
1.75.2.2  snj 	cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, 0, sizeof(cmd), &cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_auth(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_node *in = (struct iwm_node *)ic->ic_bss;
1.75.2.2  snj 	uint32_t duration;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_sf_config(sc, IWM_SF_FULL_ON);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_allow_mcast(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_phyctxt[0].channel = in->in_ni.ni_chan;
1.75.2.2  snj 	err = iwm_phy_ctxt_cmd(sc, &sc->sc_phyctxt[0], 1, 1,
1.75.2.2  snj 	    IWM_FW_CTXT_ACTION_MODIFY, 0);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj 	in->in_phyctxt = &sc->sc_phyctxt[0];
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_ADD, 0);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not add MAC context (error %d)\n", err);
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_binding_cmd(sc, in, IWM_FW_CTXT_ACTION_ADD);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_add_sta_cmd(sc, in, 0);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_MODIFY, 0);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "failed to update MAC\n");
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Prevent the FW from wandering off channel during association
1.75.2.2  snj 	 * by "protecting" the session with a time event.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (in->in_ni.ni_intval)
1.75.2.2  snj 		duration = in->in_ni.ni_intval * 2;
1.75.2.2  snj 	else
1.75.2.2  snj 		duration = IEEE80211_DUR_TU;
1.75.2.2  snj 	iwm_protect_session(sc, in, duration, in->in_ni.ni_intval / 2);
1.75.2.2  snj 	DELAY(100);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_assoc(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_node *in = (struct iwm_node *)ic->ic_bss;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_add_sta_cmd(sc, in, 1);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static struct ieee80211_node *
1.75.2.2  snj iwm_node_alloc(struct ieee80211_node_table *nt)
1.75.2.2  snj {
1.75.2.2  snj 	return malloc(sizeof(struct iwm_node), M_80211_NODE, M_NOWAIT | M_ZERO);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_calib_timeout(void *arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = arg;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_node *in = (struct iwm_node *)ic->ic_bss;
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	struct ieee80211_node *ni = &in->in_ni;
1.75.2.2  snj 	int otxrate;
1.75.2.2  snj #endif
1.75.2.2  snj 	int s;
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj 	if ((ic->ic_fixed_rate == -1
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	    || ic->ic_fixed_mcs == -1
1.75.2.2  snj #endif
1.75.2.2  snj 	    ) &&
1.75.2.2  snj 	    ic->ic_opmode == IEEE80211_M_STA && ic->ic_bss) {
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 		if (ni->ni_flags & IEEE80211_NODE_HT)
1.75.2.2  snj 			otxrate = ni->ni_txmcs;
1.75.2.2  snj 		else
1.75.2.2  snj 			otxrate = ni->ni_txrate;
1.75.2.2  snj #endif
1.75.2.2  snj 		ieee80211_amrr_choose(&sc->sc_amrr, &in->in_ni, &in->in_amn);
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * If AMRR has chosen a new TX rate we must update
1.75.2.2  snj 		 * the firwmare's LQ rate table from process context.
1.75.2.2  snj 		 */
1.75.2.2  snj 		if ((ni->ni_flags & IEEE80211_NODE_HT) &&
1.75.2.2  snj 		    otxrate != ni->ni_txmcs)
1.75.2.2  snj 			softint_schedule(sc->setrates_task);
1.75.2.2  snj 		else if (otxrate != ni->ni_txrate)
1.75.2.2  snj 			softint_schedule(sc->setrates_task);
1.75.2.2  snj #endif
1.75.2.2  snj 	}
1.75.2.2  snj 	splx(s);
1.75.2.2  snj
1.75.2.2  snj 	callout_schedule(&sc->sc_calib_to, mstohz(500));
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj static void
1.75.2.2  snj iwm_setrates_task(void *arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = arg;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_node *in = (struct iwm_node *)ic->ic_bss;
1.75.2.2  snj
1.75.2.2  snj 	/* Update rates table based on new TX rate determined by AMRR. */
1.75.2.2  snj 	iwm_setrates(in);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_setrates(struct iwm_node *in)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211_node *ni = &in->in_ni;
1.75.2.2  snj 	struct ieee80211com *ic = ni->ni_ic;
1.75.2.2  snj 	struct iwm_softc *sc = IC2IFP(ic)->if_softc;
1.75.2.2  snj 	struct iwm_lq_cmd *lq = &in->in_lq;
1.75.2.2  snj 	struct ieee80211_rateset *rs = &ni->ni_rates;
1.75.2.2  snj 	int i, j, ridx, ridx_min, tab = 0;
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	int sgi_ok;
1.75.2.2  snj #endif
1.75.2.2  snj 	struct iwm_host_cmd cmd = {
1.75.2.2  snj 		.id = IWM_LQ_CMD,
1.75.2.2  snj 		.len = { sizeof(in->in_lq), },
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	memset(lq, 0, sizeof(*lq));
1.75.2.2  snj 	lq->sta_id = IWM_STATION_ID;
1.75.2.2  snj
1.75.2.2  snj 	if (ic->ic_flags & IEEE80211_F_USEPROT)
1.75.2.2  snj 		lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK;
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	sgi_ok = ((ni->ni_flags & IEEE80211_NODE_HT) &&
1.75.2.2  snj 	    (ni->ni_htcaps & IEEE80211_HTCAP_SGI20));
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Fill the LQ rate selection table with legacy and/or HT rates
1.75.2.2  snj 	 * in descending order, i.e. with the node's current TX rate first.
1.75.2.2  snj 	 * In cases where throughput of an HT rate corresponds to a legacy
1.75.2.2  snj 	 * rate it makes no sense to add both. We rely on the fact that
1.75.2.2  snj 	 * iwm_rates is laid out such that equivalent HT/legacy rates share
1.75.2.2  snj 	 * the same IWM_RATE_*_INDEX value. Also, rates not applicable to
1.75.2.2  snj 	 * legacy/HT are assumed to be marked with an 'invalid' PLCP value.
1.75.2.2  snj 	 */
1.75.2.2  snj 	j = 0;
1.75.2.2  snj 	ridx_min = (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) ?
1.75.2.2  snj 	    IWM_RIDX_OFDM : IWM_RIDX_CCK;
1.75.2.2  snj 	for (ridx = IWM_RIDX_MAX; ridx >= ridx_min; ridx--) {
1.75.2.2  snj 		if (j >= __arraycount(lq->rs_table))
1.75.2.2  snj 			break;
1.75.2.2  snj 		tab = 0;
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 		if ((ni->ni_flags & IEEE80211_NODE_HT) &&
1.75.2.2  snj 		    iwm_rates[ridx].ht_plcp != IWM_RATE_HT_SISO_MCS_INV_PLCP) {
1.75.2.2  snj 			for (i = ni->ni_txmcs; i >= 0; i--) {
1.75.2.2  snj 				if (isclr(ni->ni_rxmcs, i))
1.75.2.2  snj 					continue;
1.75.2.2  snj 				if (ridx == iwm_mcs2ridx[i]) {
1.75.2.2  snj 					tab = iwm_rates[ridx].ht_plcp;
1.75.2.2  snj 					tab |= IWM_RATE_MCS_HT_MSK;
1.75.2.2  snj 					if (sgi_ok)
1.75.2.2  snj 						tab |= IWM_RATE_MCS_SGI_MSK;
1.75.2.2  snj 					break;
1.75.2.2  snj 				}
1.75.2.2  snj 			}
1.75.2.2  snj 		}
1.75.2.2  snj #endif
1.75.2.2  snj 		if (tab == 0 && iwm_rates[ridx].plcp != IWM_RATE_INVM_PLCP) {
1.75.2.2  snj 			for (i = ni->ni_txrate; i >= 0; i--) {
1.75.2.2  snj 				if (iwm_rates[ridx].rate == (rs->rs_rates[i] &
1.75.2.2  snj 				    IEEE80211_RATE_VAL)) {
1.75.2.2  snj 					tab = iwm_rates[ridx].plcp;
1.75.2.2  snj 					break;
1.75.2.2  snj 				}
1.75.2.2  snj 			}
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		if (tab == 0)
1.75.2.2  snj 			continue;
1.75.2.2  snj
1.75.2.2  snj 		tab |= 1 << IWM_RATE_MCS_ANT_POS;
1.75.2.2  snj 		if (IWM_RIDX_IS_CCK(ridx))
1.75.2.2  snj 			tab |= IWM_RATE_MCS_CCK_MSK;
1.75.2.2  snj 		DPRINTFN(2, ("station rate %d %x\n", i, tab));
1.75.2.2  snj 		lq->rs_table[j++] = htole32(tab);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Fill the rest with the lowest possible rate */
1.75.2.2  snj 	i = j > 0 ? j - 1 : 0;
1.75.2.2  snj 	while (j < __arraycount(lq->rs_table))
1.75.2.2  snj 		lq->rs_table[j++] = lq->rs_table[i];
1.75.2.2  snj
1.75.2.2  snj 	lq->single_stream_ant_msk = IWM_ANT_A;
1.75.2.2  snj 	lq->dual_stream_ant_msk = IWM_ANT_AB;
1.75.2.2  snj
1.75.2.2  snj 	lq->agg_time_limit = htole16(4000);	/* 4ms */
1.75.2.2  snj 	lq->agg_disable_start_th = 3;
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj 	lq->agg_frame_cnt_limit = 0x3f;
1.75.2.2  snj #else
1.75.2.2  snj 	lq->agg_frame_cnt_limit = 1; /* tx agg disabled */
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	cmd.data[0] = &in->in_lq;
1.75.2.2  snj 	return iwm_send_cmd(sc, &cmd);
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_media_change(struct ifnet *ifp)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = ifp->if_softc;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	uint8_t rate, ridx;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	err = ieee80211_media_change(ifp);
1.75.2.2  snj 	if (err != ENETRESET)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	if (ic->ic_fixed_mcs != -1)
1.75.2.2  snj 		sc->sc_fixed_ridx = iwm_mcs2ridx[ic->ic_fixed_mcs];
1.75.2.2  snj 	else
1.75.2.2  snj #endif
1.75.2.2  snj 	if (ic->ic_fixed_rate != -1) {
1.75.2.2  snj 		rate = ic->ic_sup_rates[ic->ic_curmode].
1.75.2.2  snj 		    rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL;
1.75.2.2  snj 		/* Map 802.11 rate to HW rate index. */
1.75.2.2  snj 		for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++)
1.75.2.2  snj 			if (iwm_rates[ridx].rate == rate)
1.75.2.2  snj 				break;
1.75.2.2  snj 		sc->sc_fixed_ridx = ridx;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1.75.2.2  snj 	    (IFF_UP | IFF_RUNNING)) {
1.75.2.2  snj 		iwm_stop(ifp, 0);
1.75.2.2  snj 		err = iwm_init(ifp);
1.75.2.2  snj 	}
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_do_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct ifnet *ifp = IC2IFP(ic);
1.75.2.2  snj 	struct iwm_softc *sc = ifp->if_softc;
1.75.2.2  snj 	enum ieee80211_state ostate = ic->ic_state;
1.75.2.2  snj 	struct iwm_node *in;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("switching state %s->%s\n", ieee80211_state_name[ostate],
1.75.2.2  snj 	    ieee80211_state_name[nstate]));
1.75.2.2  snj
1.75.2.2  snj 	if (ostate == IEEE80211_S_SCAN && nstate != ostate)
1.75.2.2  snj 		iwm_led_blink_stop(sc);
1.75.2.2  snj
1.75.2.2  snj 	if (ostate == IEEE80211_S_RUN && nstate != ostate)
1.75.2.2  snj 		iwm_disable_beacon_filter(sc);
1.75.2.2  snj
1.75.2.2  snj 	/* Reset the device if moving out of AUTH, ASSOC, or RUN. */
1.75.2.2  snj 	/* XXX Is there a way to switch states without a full reset? */
1.75.2.2  snj 	if (ostate > IEEE80211_S_SCAN && nstate < ostate) {
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * Upon receiving a deauth frame from AP the net80211 stack
1.75.2.2  snj 		 * puts the driver into AUTH state. This will fail with this
1.75.2.2  snj 		 * driver so bring the FSM from RUN to SCAN in this case.
1.75.2.2  snj 		 */
1.75.2.2  snj 		if (nstate != IEEE80211_S_INIT) {
1.75.2.2  snj 			DPRINTF(("Force transition to INIT; MGT=%d\n", arg));
1.75.2.2  snj 			/* Always pass arg as -1 since we can't Tx right now. */
1.75.2.2  snj 			sc->sc_newstate(ic, IEEE80211_S_INIT, -1);
1.75.2.2  snj 			iwm_stop(ifp, 0);
1.75.2.2  snj 			iwm_init(ifp);
1.75.2.2  snj 			return 0;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		iwm_stop_device(sc);
1.75.2.2  snj 		iwm_init_hw(sc);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	switch (nstate) {
1.75.2.2  snj 	case IEEE80211_S_INIT:
1.75.2.2  snj 		break;
1.75.2.2  snj
1.75.2.2  snj 	case IEEE80211_S_SCAN:
1.75.2.2  snj 		if (ostate == nstate &&
1.75.2.2  snj 		    ISSET(sc->sc_flags, IWM_FLAG_SCANNING))
1.75.2.2  snj 			return 0;
1.75.2.2  snj 		if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN))
1.75.2.2  snj 			err = iwm_umac_scan(sc);
1.75.2.2  snj 		else
1.75.2.2  snj 			err = iwm_lmac_scan(sc);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			DPRINTF(("%s: could not initiate scan: %d\n",
1.75.2.2  snj 			    DEVNAME(sc), err));
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj 		SET(sc->sc_flags, IWM_FLAG_SCANNING);
1.75.2.2  snj 		ic->ic_state = nstate;
1.75.2.2  snj 		iwm_led_blink_start(sc);
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	case IEEE80211_S_AUTH:
1.75.2.2  snj 		err = iwm_auth(sc);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			DPRINTF(("%s: could not move to auth state: %d\n",
1.75.2.2  snj 			    DEVNAME(sc), err));
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj 		break;
1.75.2.2  snj
1.75.2.2  snj 	case IEEE80211_S_ASSOC:
1.75.2.2  snj 		err = iwm_assoc(sc);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			DPRINTF(("%s: failed to associate: %d\n", DEVNAME(sc),
1.75.2.2  snj 			    err));
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj 		break;
1.75.2.2  snj
1.75.2.2  snj 	case IEEE80211_S_RUN:
1.75.2.2  snj 		in = (struct iwm_node *)ic->ic_bss;
1.75.2.2  snj
1.75.2.2  snj 		/* We have now been assigned an associd by the AP. */
1.75.2.2  snj 		err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_MODIFY, 1);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev, "failed to update MAC\n");
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_power_update_device(sc);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could send power command (error %d)\n", err);
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * Disabled for now. Default beacon filter settings
1.75.2.2  snj 		 * prevent net80211 from getting ERP and HT protection
1.75.2.2  snj 		 * updates from beacons.
1.75.2.2  snj 		 */
1.75.2.2  snj 		err = iwm_enable_beacon_filter(sc, in);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not enable beacon filter\n");
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj #endif
1.75.2.2  snj 		err = iwm_power_mac_update_mode(sc, in);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not update MAC power (error %d)\n", err);
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_update_quotas(sc, in);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not update quotas (error %d)\n", err);
1.75.2.2  snj 			return err;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		ieee80211_amrr_node_init(&sc->sc_amrr, &in->in_amn);
1.75.2.2  snj
1.75.2.2  snj 		/* Start at lowest available bit-rate, AMRR will raise. */
1.75.2.2  snj 		in->in_ni.ni_txrate = 0;
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 		in->in_ni.ni_txmcs = 0;
1.75.2.2  snj 		iwm_setrates(in);
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 		callout_schedule(&sc->sc_calib_to, mstohz(500));
1.75.2.2  snj 		iwm_led_enable(sc);
1.75.2.2  snj 		break;
1.75.2.2  snj
1.75.2.2  snj 	default:
1.75.2.2  snj 		break;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return sc->sc_newstate(ic, nstate, arg);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_newstate_cb(struct work *wk, void *v)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = v;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_newstate_state *iwmns = (struct iwm_newstate_state *)wk;
1.75.2.2  snj 	enum ieee80211_state nstate = iwmns->ns_nstate;
1.75.2.2  snj 	int generation = iwmns->ns_generation;
1.75.2.2  snj 	int arg = iwmns->ns_arg;
1.75.2.2  snj 	int s;
1.75.2.2  snj
1.75.2.2  snj 	kmem_free(iwmns, sizeof(*iwmns));
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("Prepare to switch state %d->%d\n", ic->ic_state, nstate));
1.75.2.2  snj 	if (sc->sc_generation != generation) {
1.75.2.2  snj 		DPRINTF(("newstate_cb: someone pulled the plug meanwhile\n"));
1.75.2.2  snj 		if (nstate == IEEE80211_S_INIT) {
1.75.2.2  snj 			DPRINTF(("newstate_cb: nstate == IEEE80211_S_INIT: "
1.75.2.2  snj 			    "calling sc_newstate()\n"));
1.75.2.2  snj 			(void) sc->sc_newstate(ic, nstate, arg);
1.75.2.2  snj 		}
1.75.2.2  snj 	} else
1.75.2.2  snj 		(void) iwm_do_newstate(ic, nstate, arg);
1.75.2.2  snj
1.75.2.2  snj 	splx(s);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_newstate_state *iwmns;
1.75.2.2  snj 	struct ifnet *ifp = IC2IFP(ic);
1.75.2.2  snj 	struct iwm_softc *sc = ifp->if_softc;
1.75.2.2  snj
1.75.2.2  snj 	callout_stop(&sc->sc_calib_to);
1.75.2.2  snj
1.75.2.2  snj 	iwmns = kmem_intr_alloc(sizeof(*iwmns), KM_NOSLEEP);
1.75.2.2  snj 	if (!iwmns) {
1.75.2.2  snj 		DPRINTF(("%s: allocating state cb mem failed\n", DEVNAME(sc)));
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	iwmns->ns_nstate = nstate;
1.75.2.2  snj 	iwmns->ns_arg = arg;
1.75.2.2  snj 	iwmns->ns_generation = sc->sc_generation;
1.75.2.2  snj
1.75.2.2  snj 	workqueue_enqueue(sc->sc_nswq, &iwmns->ns_wk, NULL);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_endscan(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	int s;
1.75.2.2  snj
1.75.2.2  snj 	DPRINTF(("%s: scan ended\n", DEVNAME(sc)));
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj 	if (ic->ic_state == IEEE80211_S_SCAN)
1.75.2.2  snj 		ieee80211_end_scan(ic);
1.75.2.2  snj 	splx(s);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Aging and idle timeouts for the different possible scenarios
1.75.2.2  snj  * in default configuration
1.75.2.2  snj  */
1.75.2.2  snj static const uint32_t
1.75.2.2  snj iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF),
1.75.2.2  snj 		htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF)
1.75.2.2  snj 	},
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF),
1.75.2.2  snj 		htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF)
1.75.2.2  snj 	},
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_MCAST_AGING_TIMER_DEF),
1.75.2.2  snj 		htole32(IWM_SF_MCAST_IDLE_TIMER_DEF)
1.75.2.2  snj 	},
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_BA_AGING_TIMER_DEF),
1.75.2.2  snj 		htole32(IWM_SF_BA_IDLE_TIMER_DEF)
1.75.2.2  snj 	},
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_TX_RE_AGING_TIMER_DEF),
1.75.2.2  snj 		htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF)
1.75.2.2  snj 	},
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Aging and idle timeouts for the different possible scenarios
1.75.2.2  snj  * in single BSS MAC configuration.
1.75.2.2  snj  */
1.75.2.2  snj static const uint32_t
1.75.2.2  snj iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER),
1.75.2.2  snj 		htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER)
1.75.2.2  snj 	},
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_AGG_UNICAST_AGING_TIMER),
1.75.2.2  snj 		htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER)
1.75.2.2  snj 	},
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_MCAST_AGING_TIMER),
1.75.2.2  snj 		htole32(IWM_SF_MCAST_IDLE_TIMER)
1.75.2.2  snj 	},
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_BA_AGING_TIMER),
1.75.2.2  snj 		htole32(IWM_SF_BA_IDLE_TIMER)
1.75.2.2  snj 	},
1.75.2.2  snj 	{
1.75.2.2  snj 		htole32(IWM_SF_TX_RE_AGING_TIMER),
1.75.2.2  snj 		htole32(IWM_SF_TX_RE_IDLE_TIMER)
1.75.2.2  snj 	},
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd,
1.75.2.2  snj     struct ieee80211_node *ni)
1.75.2.2  snj {
1.75.2.2  snj 	int i, j, watermark;
1.75.2.2  snj
1.75.2.2  snj 	sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN);
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * If we are in association flow - check antenna configuration
1.75.2.2  snj 	 * capabilities of the AP station, and choose the watermark accordingly.
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (ni) {
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 		if (ni->ni_flags & IEEE80211_NODE_HT) {
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj 			if (ni->ni_rxmcs[2] != 0)
1.75.2.2  snj 				watermark = IWM_SF_W_MARK_MIMO3;
1.75.2.2  snj 			else if (ni->ni_rxmcs[1] != 0)
1.75.2.2  snj 				watermark = IWM_SF_W_MARK_MIMO2;
1.75.2.2  snj 			else
1.75.2.2  snj #endif
1.75.2.2  snj 				watermark = IWM_SF_W_MARK_SISO;
1.75.2.2  snj 		} else
1.75.2.2  snj #endif
1.75.2.2  snj 			watermark = IWM_SF_W_MARK_LEGACY;
1.75.2.2  snj 	/* default watermark value for unassociated mode. */
1.75.2.2  snj 	} else {
1.75.2.2  snj 		watermark = IWM_SF_W_MARK_MIMO2;
1.75.2.2  snj 	}
1.75.2.2  snj 	sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark);
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) {
1.75.2.2  snj 		for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) {
1.75.2.2  snj 			sf_cmd->long_delay_timeouts[i][j] =
1.75.2.2  snj 					htole32(IWM_SF_LONG_DELAY_AGING_TIMER);
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (ni) {
1.75.2.2  snj 		memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout,
1.75.2.2  snj 		       sizeof(iwm_sf_full_timeout));
1.75.2.2  snj 	} else {
1.75.2.2  snj 		memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def,
1.75.2.2  snj 		       sizeof(iwm_sf_full_timeout_def));
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_sf_config(struct iwm_softc *sc, int new_state)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_sf_cfg_cmd sf_cmd = {
1.75.2.2  snj 		.state = htole32(IWM_SF_FULL_ON),
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
1.75.2.2  snj 		sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF);
1.75.2.2  snj
1.75.2.2  snj 	switch (new_state) {
1.75.2.2  snj 	case IWM_SF_UNINIT:
1.75.2.2  snj 	case IWM_SF_INIT_OFF:
1.75.2.2  snj 		iwm_fill_sf_command(sc, &sf_cmd, NULL);
1.75.2.2  snj 		break;
1.75.2.2  snj 	case IWM_SF_FULL_ON:
1.75.2.2  snj 		iwm_fill_sf_command(sc, &sf_cmd, ic->ic_bss);
1.75.2.2  snj 		break;
1.75.2.2  snj 	default:
1.75.2.2  snj 		return EINVAL;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC,
1.75.2.2  snj 	    sizeof(sf_cmd), &sf_cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_bt_init_conf(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_bt_coex_cmd bt_cmd;
1.75.2.2  snj
1.75.2.2  snj 	bt_cmd.mode = htole32(IWM_BT_COEX_WIFI);
1.75.2.2  snj 	bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET);
1.75.2.2  snj
1.75.2.2  snj 	return iwm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), &bt_cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static bool
1.75.2.2  snj iwm_is_lar_supported(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	bool nvm_lar = sc->sc_nvm.lar_enabled;
1.75.2.2  snj 	bool tlv_lar = isset(sc->sc_enabled_capa,
1.75.2.2  snj 	    IWM_UCODE_TLV_CAPA_LAR_SUPPORT);
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_lar_disable)
1.75.2.2  snj 		return false;
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Enable LAR only if it is supported by the FW (TLV) &&
1.75.2.2  snj 	 * enabled in the NVM
1.75.2.2  snj 	 */
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
1.75.2.2  snj 		return nvm_lar && tlv_lar;
1.75.2.2  snj 	else
1.75.2.2  snj 		return tlv_lar;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_mcc_update_cmd mcc_cmd;
1.75.2.2  snj 	struct iwm_host_cmd hcmd = {
1.75.2.2  snj 		.id = IWM_MCC_UPDATE_CMD,
1.75.2.2  snj 		.flags = IWM_CMD_WANT_SKB,
1.75.2.2  snj 		.data = { &mcc_cmd },
1.75.2.2  snj 	};
1.75.2.2  snj 	int err;
1.75.2.2  snj 	int resp_v2 = isset(sc->sc_enabled_capa,
1.75.2.2  snj 	    IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2);
1.75.2.2  snj
1.75.2.2  snj 	if (!iwm_is_lar_supported(sc)) {
1.75.2.2  snj 		DPRINTF(("%s: no LAR support\n", __func__));
1.75.2.2  snj 		return 0;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	memset(&mcc_cmd, 0, sizeof(mcc_cmd));
1.75.2.2  snj 	mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]);
1.75.2.2  snj 	if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) ||
1.75.2.2  snj 	    isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC))
1.75.2.2  snj 		mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT;
1.75.2.2  snj 	else
1.75.2.2  snj 		mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW;
1.75.2.2  snj
1.75.2.2  snj 	if (resp_v2)
1.75.2.2  snj 		hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd);
1.75.2.2  snj 	else
1.75.2.2  snj 		hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd(sc, &hcmd);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	iwm_free_resp(sc, &hcmd);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_host_cmd cmd = {
1.75.2.2  snj 		.id = IWM_REPLY_THERMAL_MNG_BACKOFF,
1.75.2.2  snj 		.len = { sizeof(uint32_t), },
1.75.2.2  snj 		.data = { &backoff, },
1.75.2.2  snj 	};
1.75.2.2  snj
1.75.2.2  snj 	iwm_send_cmd(sc, &cmd);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_init_hw(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	int err, i, ac;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_preinit(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_start_hw(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "could not initialize hardware\n");
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_run_init_mvm_ucode(sc, 0);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	/* Should stop and start HW since INIT image just loaded. */
1.75.2.2  snj 	iwm_stop_device(sc);
1.75.2.2  snj 	err = iwm_start_hw(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "could not initialize hardware\n");
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Restart, this time with the regular firmware */
1.75.2.2  snj 	err = iwm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not load firmware (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_bt_init_conf(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not init bt coex (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc));
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not init tx ant config (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Send phy db control command and then phy db calibration*/
1.75.2.2  snj 	err = iwm_send_phy_db_data(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not init phy db (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_phy_cfg_cmd(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not send phy config (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Add auxiliary station for scanning */
1.75.2.2  snj 	err = iwm_add_aux_sta(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not add aux station (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * The channel used here isn't relevant as it's
1.75.2.2  snj 		 * going to be overwritten in the other flows.
1.75.2.2  snj 		 * For now use the first channel we have.
1.75.2.2  snj 		 */
1.75.2.2  snj 		sc->sc_phyctxt[i].channel = &ic->ic_channels[1];
1.75.2.2  snj 		err = iwm_phy_ctxt_cmd(sc, &sc->sc_phyctxt[i], 1, 1,
1.75.2.2  snj 		    IWM_FW_CTXT_ACTION_ADD, 0);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not add phy context %d (error %d)\n",
1.75.2.2  snj 			    i, err);
1.75.2.2  snj 			goto err;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Initialize tx backoffs to the minimum. */
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
1.75.2.2  snj 		iwm_tt_tx_backoff(sc, 0);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_power_update_device(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could send power command (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_update_mcc_cmd(sc, iwm_default_mcc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not init LAR (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) {
1.75.2.2  snj 		err = iwm_config_umac_scan(sc);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not configure scan (error %d)\n", err);
1.75.2.2  snj 			goto err;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	for (ac = 0; ac < WME_NUM_AC; ac++) {
1.75.2.2  snj 		err = iwm_enable_txq(sc, IWM_STATION_ID, ac,
1.75.2.2  snj 		    iwm_ac_to_tx_fifo[ac]);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not enable Tx queue %d (error %d)\n",
1.75.2.2  snj 			    i, err);
1.75.2.2  snj 			goto err;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_disable_beacon_filter(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not disable beacon filter (error %d)\n", err);
1.75.2.2  snj 		goto err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj
1.75.2.2  snj  err:
1.75.2.2  snj 	iwm_stop_device(sc);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /* Allow multicast from our BSSID. */
1.75.2.2  snj static int
1.75.2.2  snj iwm_allow_mcast(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_node *ni = ic->ic_bss;
1.75.2.2  snj 	struct iwm_mcast_filter_cmd *cmd;
1.75.2.2  snj 	size_t size;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	size = roundup(sizeof(*cmd), 4);
1.75.2.2  snj 	cmd = kmem_intr_zalloc(size, KM_NOSLEEP);
1.75.2.2  snj 	if (cmd == NULL)
1.75.2.2  snj 		return ENOMEM;
1.75.2.2  snj 	cmd->filter_own = 1;
1.75.2.2  snj 	cmd->port_id = 0;
1.75.2.2  snj 	cmd->count = 0;
1.75.2.2  snj 	cmd->pass_all = 1;
1.75.2.2  snj 	IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 0, size, cmd);
1.75.2.2  snj 	kmem_intr_free(cmd, size);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_init(struct ifnet *ifp)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = ifp->if_softc;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	if (ISSET(sc->sc_flags, IWM_FLAG_HW_INITED))
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_generation++;
1.75.2.2  snj 	sc->sc_flags &= ~IWM_FLAG_STOPPED;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_init_hw(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		iwm_stop(ifp, 1);
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	ifp->if_flags &= ~IFF_OACTIVE;
1.75.2.2  snj 	ifp->if_flags |= IFF_RUNNING;
1.75.2.2  snj
1.75.2.2  snj 	ieee80211_begin_scan(&sc->sc_ic, 0);
1.75.2.2  snj 	SET(sc->sc_flags, IWM_FLAG_HW_INITED);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_start(struct ifnet *ifp)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = ifp->if_softc;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ieee80211_node *ni;
1.75.2.2  snj 	struct ether_header *eh;
1.75.2.2  snj 	struct mbuf *m;
1.75.2.2  snj 	int ac;
1.75.2.2  snj
1.75.2.2  snj 	if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING)
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	for (;;) {
1.75.2.2  snj 		/* why isn't this done per-queue? */
1.75.2.2  snj 		if (sc->qfullmsk != 0) {
1.75.2.2  snj 			ifp->if_flags |= IFF_OACTIVE;
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		/* need to send management frames even if we're not RUNning */
1.75.2.2  snj 		IF_DEQUEUE(&ic->ic_mgtq, m);
1.75.2.2  snj 		if (m) {
1.75.2.2  snj 			ni = M_GETCTX(m, struct ieee80211_node *);
1.75.2.2  snj 			m->m_pkthdr.rcvif = NULL;
1.75.2.2  snj 			ac = WME_AC_BE;
1.75.2.2  snj 			goto sendit;
1.75.2.2  snj 		}
1.75.2.2  snj 		if (ic->ic_state != IEEE80211_S_RUN) {
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		IFQ_DEQUEUE(&ifp->if_snd, m);
1.75.2.2  snj 		if (m == NULL)
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		if (m->m_len < sizeof (*eh) &&
1.75.2.2  snj 		   (m = m_pullup(m, sizeof (*eh))) == NULL) {
1.75.2.2  snj 			ifp->if_oerrors++;
1.75.2.2  snj 			continue;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		eh = mtod(m, struct ether_header *);
1.75.2.2  snj 		ni = ieee80211_find_txnode(ic, eh->ether_dhost);
1.75.2.2  snj 		if (ni == NULL) {
1.75.2.2  snj 			m_freem(m);
1.75.2.2  snj 			ifp->if_oerrors++;
1.75.2.2  snj 			continue;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		/* classify mbuf so we can find which tx ring to use */
1.75.2.2  snj 		if (ieee80211_classify(ic, m, ni) != 0) {
1.75.2.2  snj 			m_freem(m);
1.75.2.2  snj 			ieee80211_free_node(ni);
1.75.2.2  snj 			ifp->if_oerrors++;
1.75.2.2  snj 			continue;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		/* No QoS encapsulation for EAPOL frames. */
1.75.2.2  snj 		ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ?
1.75.2.2  snj 		    M_WME_GETAC(m) : WME_AC_BE;
1.75.2.2  snj
1.75.2.2  snj 		bpf_mtap(ifp, m);
1.75.2.2  snj
1.75.2.2  snj 		if ((m = ieee80211_encap(ic, m, ni)) == NULL) {
1.75.2.2  snj 			ieee80211_free_node(ni);
1.75.2.2  snj 			ifp->if_oerrors++;
1.75.2.2  snj 			continue;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj  sendit:
1.75.2.2  snj 		bpf_mtap3(ic->ic_rawbpf, m);
1.75.2.2  snj
1.75.2.2  snj 		if (iwm_tx(sc, m, ni, ac) != 0) {
1.75.2.2  snj 			ieee80211_free_node(ni);
1.75.2.2  snj 			ifp->if_oerrors++;
1.75.2.2  snj 			continue;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		if (ifp->if_flags & IFF_UP) {
1.75.2.2  snj 			sc->sc_tx_timer = 15;
1.75.2.2  snj 			ifp->if_timer = 1;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_stop(struct ifnet *ifp, int disable)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = ifp->if_softc;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct iwm_node *in = (struct iwm_node *)ic->ic_bss;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_flags &= ~IWM_FLAG_HW_INITED;
1.75.2.2  snj 	sc->sc_flags |= IWM_FLAG_STOPPED;
1.75.2.2  snj 	sc->sc_generation++;
1.75.2.2  snj 	ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
1.75.2.2  snj
1.75.2.2  snj 	if (in)
1.75.2.2  snj 		in->in_phyctxt = NULL;
1.75.2.2  snj
1.75.2.2  snj 	if (ic->ic_state != IEEE80211_S_INIT)
1.75.2.2  snj 		ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1.75.2.2  snj
1.75.2.2  snj 	callout_stop(&sc->sc_calib_to);
1.75.2.2  snj 	iwm_led_blink_stop(sc);
1.75.2.2  snj 	ifp->if_timer = sc->sc_tx_timer = 0;
1.75.2.2  snj 	iwm_stop_device(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_watchdog(struct ifnet *ifp)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = ifp->if_softc;
1.75.2.2  snj
1.75.2.2  snj 	ifp->if_timer = 0;
1.75.2.2  snj 	if (sc->sc_tx_timer > 0) {
1.75.2.2  snj 		if (--sc->sc_tx_timer == 0) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev, "device timeout\n");
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj 			iwm_nic_error(sc);
1.75.2.2  snj #endif
1.75.2.2  snj 			ifp->if_flags &= ~IFF_UP;
1.75.2.2  snj 			iwm_stop(ifp, 1);
1.75.2.2  snj 			ifp->if_oerrors++;
1.75.2.2  snj 			return;
1.75.2.2  snj 		}
1.75.2.2  snj 		ifp->if_timer = 1;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	ieee80211_watchdog(&sc->sc_ic);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_ioctl(struct ifnet *ifp, u_long cmd, void *data)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = ifp->if_softc;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	const struct sockaddr *sa;
1.75.2.2  snj 	int s, err = 0;
1.75.2.2  snj
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj
1.75.2.2  snj 	switch (cmd) {
1.75.2.2  snj 	case SIOCSIFADDR:
1.75.2.2  snj 		ifp->if_flags |= IFF_UP;
1.75.2.2  snj 		/* FALLTHROUGH */
1.75.2.2  snj 	case SIOCSIFFLAGS:
1.75.2.2  snj 		err = ifioctl_common(ifp, cmd, data);
1.75.2.2  snj 		if (err)
1.75.2.2  snj 			break;
1.75.2.2  snj 		if (ifp->if_flags & IFF_UP) {
1.75.2.2  snj 			if (!(ifp->if_flags & IFF_RUNNING)) {
1.75.2.2  snj 				err = iwm_init(ifp);
1.75.2.2  snj 				if (err)
1.75.2.2  snj 					ifp->if_flags &= ~IFF_UP;
1.75.2.2  snj 			}
1.75.2.2  snj 		} else {
1.75.2.2  snj 			if (ifp->if_flags & IFF_RUNNING)
1.75.2.2  snj 				iwm_stop(ifp, 1);
1.75.2.2  snj 		}
1.75.2.2  snj 		break;
1.75.2.2  snj
1.75.2.2  snj 	case SIOCADDMULTI:
1.75.2.2  snj 	case SIOCDELMULTI:
1.75.2.2  snj 		if (!ISSET(sc->sc_flags, IWM_FLAG_ATTACHED)) {
1.75.2.2  snj 			err = ENXIO;
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj 		sa = ifreq_getaddr(SIOCADDMULTI, (struct ifreq *)data);
1.75.2.2  snj 		err = (cmd == SIOCADDMULTI) ?
1.75.2.2  snj 		    ether_addmulti(sa, &sc->sc_ec) :
1.75.2.2  snj 		    ether_delmulti(sa, &sc->sc_ec);
1.75.2.2  snj 		if (err == ENETRESET)
1.75.2.2  snj 			err = 0;
1.75.2.2  snj 		break;
1.75.2.2  snj
1.75.2.2  snj 	default:
1.75.2.2  snj 		if (!ISSET(sc->sc_flags, IWM_FLAG_ATTACHED)) {
1.75.2.2  snj 			err = ether_ioctl(ifp, cmd, data);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj 		err = ieee80211_ioctl(ic, cmd, data);
1.75.2.2  snj 		break;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (err == ENETRESET) {
1.75.2.2  snj 		err = 0;
1.75.2.2  snj 		if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1.75.2.2  snj 		    (IFF_UP | IFF_RUNNING)) {
1.75.2.2  snj 			iwm_stop(ifp, 0);
1.75.2.2  snj 			err = iwm_init(ifp);
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	splx(s);
1.75.2.2  snj 	return err;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Note: This structure is read from the device with IO accesses,
1.75.2.2  snj  * and the reading already does the endian conversion. As it is
1.75.2.2  snj  * read with uint32_t-sized accesses, any members with a different size
1.75.2.2  snj  * need to be ordered correctly though!
1.75.2.2  snj  */
1.75.2.2  snj struct iwm_error_event_table {
1.75.2.2  snj 	uint32_t valid;		/* (nonzero) valid, (0) log is empty */
1.75.2.2  snj 	uint32_t error_id;		/* type of error */
1.75.2.2  snj 	uint32_t trm_hw_status0;	/* TRM HW status */
1.75.2.2  snj 	uint32_t trm_hw_status1;	/* TRM HW status */
1.75.2.2  snj 	uint32_t blink2;		/* branch link */
1.75.2.2  snj 	uint32_t ilink1;		/* interrupt link */
1.75.2.2  snj 	uint32_t ilink2;		/* interrupt link */
1.75.2.2  snj 	uint32_t data1;		/* error-specific data */
1.75.2.2  snj 	uint32_t data2;		/* error-specific data */
1.75.2.2  snj 	uint32_t data3;		/* error-specific data */
1.75.2.2  snj 	uint32_t bcon_time;		/* beacon timer */
1.75.2.2  snj 	uint32_t tsf_low;		/* network timestamp function timer */
1.75.2.2  snj 	uint32_t tsf_hi;		/* network timestamp function timer */
1.75.2.2  snj 	uint32_t gp1;		/* GP1 timer register */
1.75.2.2  snj 	uint32_t gp2;		/* GP2 timer register */
1.75.2.2  snj 	uint32_t fw_rev_type;	/* firmware revision type */
1.75.2.2  snj 	uint32_t major;		/* uCode version major */
1.75.2.2  snj 	uint32_t minor;		/* uCode version minor */
1.75.2.2  snj 	uint32_t hw_ver;		/* HW Silicon version */
1.75.2.2  snj 	uint32_t brd_ver;		/* HW board version */
1.75.2.2  snj 	uint32_t log_pc;		/* log program counter */
1.75.2.2  snj 	uint32_t frame_ptr;		/* frame pointer */
1.75.2.2  snj 	uint32_t stack_ptr;		/* stack pointer */
1.75.2.2  snj 	uint32_t hcmd;		/* last host command header */
1.75.2.2  snj 	uint32_t isr0;		/* isr status register LMPM_NIC_ISR0:
1.75.2.2  snj 				 * rxtx_flag */
1.75.2.2  snj 	uint32_t isr1;		/* isr status register LMPM_NIC_ISR1:
1.75.2.2  snj 				 * host_flag */
1.75.2.2  snj 	uint32_t isr2;		/* isr status register LMPM_NIC_ISR2:
1.75.2.2  snj 				 * enc_flag */
1.75.2.2  snj 	uint32_t isr3;		/* isr status register LMPM_NIC_ISR3:
1.75.2.2  snj 				 * time_flag */
1.75.2.2  snj 	uint32_t isr4;		/* isr status register LMPM_NIC_ISR4:
1.75.2.2  snj 				 * wico interrupt */
1.75.2.2  snj 	uint32_t last_cmd_id;	/* last HCMD id handled by the firmware */
1.75.2.2  snj 	uint32_t wait_event;		/* wait event() caller address */
1.75.2.2  snj 	uint32_t l2p_control;	/* L2pControlField */
1.75.2.2  snj 	uint32_t l2p_duration;	/* L2pDurationField */
1.75.2.2  snj 	uint32_t l2p_mhvalid;	/* L2pMhValidBits */
1.75.2.2  snj 	uint32_t l2p_addr_match;	/* L2pAddrMatchStat */
1.75.2.2  snj 	uint32_t lmpm_pmg_sel;	/* indicate which clocks are turned on
1.75.2.2  snj 				 * (LMPM_PMG_SEL) */
1.75.2.2  snj 	uint32_t u_timestamp;	/* indicate when the date and time of the
1.75.2.2  snj 				 * compilation */
1.75.2.2  snj 	uint32_t flow_handler;	/* FH read/write pointers, RX credit */
1.75.2.2  snj } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */;
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * UMAC error struct - relevant starting from family 8000 chip.
1.75.2.2  snj  * Note: This structure is read from the device with IO accesses,
1.75.2.2  snj  * and the reading already does the endian conversion. As it is
1.75.2.2  snj  * read with u32-sized accesses, any members with a different size
1.75.2.2  snj  * need to be ordered correctly though!
1.75.2.2  snj  */
1.75.2.2  snj struct iwm_umac_error_event_table {
1.75.2.2  snj 	uint32_t valid;		/* (nonzero) valid, (0) log is empty */
1.75.2.2  snj 	uint32_t error_id;	/* type of error */
1.75.2.2  snj 	uint32_t blink1;	/* branch link */
1.75.2.2  snj 	uint32_t blink2;	/* branch link */
1.75.2.2  snj 	uint32_t ilink1;	/* interrupt link */
1.75.2.2  snj 	uint32_t ilink2;	/* interrupt link */
1.75.2.2  snj 	uint32_t data1;		/* error-specific data */
1.75.2.2  snj 	uint32_t data2;		/* error-specific data */
1.75.2.2  snj 	uint32_t data3;		/* error-specific data */
1.75.2.2  snj 	uint32_t umac_major;
1.75.2.2  snj 	uint32_t umac_minor;
1.75.2.2  snj 	uint32_t frame_pointer;	/* core register 27 */
1.75.2.2  snj 	uint32_t stack_pointer;	/* core register 28 */
1.75.2.2  snj 	uint32_t cmd_header;	/* latest host cmd sent to UMAC */
1.75.2.2  snj 	uint32_t nic_isr_pref;	/* ISR status register */
1.75.2.2  snj } __packed;
1.75.2.2  snj
1.75.2.2  snj #define ERROR_START_OFFSET  (1 * sizeof(uint32_t))
1.75.2.2  snj #define ERROR_ELEM_SIZE     (7 * sizeof(uint32_t))
1.75.2.2  snj
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj static const struct {
1.75.2.2  snj 	const char *name;
1.75.2.2  snj 	uint8_t num;
1.75.2.2  snj } advanced_lookup[] = {
1.75.2.2  snj 	{ "NMI_INTERRUPT_WDG", 0x34 },
1.75.2.2  snj 	{ "SYSASSERT", 0x35 },
1.75.2.2  snj 	{ "UCODE_VERSION_MISMATCH", 0x37 },
1.75.2.2  snj 	{ "BAD_COMMAND", 0x38 },
1.75.2.2  snj 	{ "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
1.75.2.2  snj 	{ "FATAL_ERROR", 0x3D },
1.75.2.2  snj 	{ "NMI_TRM_HW_ERR", 0x46 },
1.75.2.2  snj 	{ "NMI_INTERRUPT_TRM", 0x4C },
1.75.2.2  snj 	{ "NMI_INTERRUPT_BREAK_POINT", 0x54 },
1.75.2.2  snj 	{ "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
1.75.2.2  snj 	{ "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
1.75.2.2  snj 	{ "NMI_INTERRUPT_HOST", 0x66 },
1.75.2.2  snj 	{ "NMI_INTERRUPT_ACTION_PT", 0x7C },
1.75.2.2  snj 	{ "NMI_INTERRUPT_UNKNOWN", 0x84 },
1.75.2.2  snj 	{ "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
1.75.2.2  snj 	{ "ADVANCED_SYSASSERT", 0 },
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj static const char *
1.75.2.2  snj iwm_desc_lookup(uint32_t num)
1.75.2.2  snj {
1.75.2.2  snj 	int i;
1.75.2.2  snj
1.75.2.2  snj 	for (i = 0; i < __arraycount(advanced_lookup) - 1; i++)
1.75.2.2  snj 		if (advanced_lookup[i].num == num)
1.75.2.2  snj 			return advanced_lookup[i].name;
1.75.2.2  snj
1.75.2.2  snj 	/* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
1.75.2.2  snj 	return advanced_lookup[i].name;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Support for dumping the error log seemed like a good idea ...
1.75.2.2  snj  * but it's mostly hex junk and the only sensible thing is the
1.75.2.2  snj  * hw/ucode revision (which we know anyway).  Since it's here,
1.75.2.2  snj  * I'll just leave it in, just in case e.g. the Intel guys want to
1.75.2.2  snj  * help us decipher some "ADVANCED_SYSASSERT" later.
1.75.2.2  snj  */
1.75.2.2  snj static void
1.75.2.2  snj iwm_nic_error(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_error_event_table t;
1.75.2.2  snj 	uint32_t base;
1.75.2.2  snj
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "dumping device error log\n");
1.75.2.2  snj 	base = sc->sc_uc.uc_error_event_table;
1.75.2.2  snj 	if (base < 0x800000) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "Invalid error log pointer 0x%08x\n", base);
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_read_mem(sc, base, &t, sizeof(t)/sizeof(uint32_t))) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "reading errlog failed\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (!t.valid) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "errlog not found, skipping\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (ERROR_START_OFFSET <= t.valid * ERROR_ELEM_SIZE) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "Start Error Log Dump:\n");
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "Status: 0x%x, count: %d\n",
1.75.2.2  snj 		    sc->sc_flags, t.valid);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | %-28s\n", t.error_id,
1.75.2.2  snj 	    iwm_desc_lookup(t.error_id));
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | trm_hw_status0\n",
1.75.2.2  snj 	    t.trm_hw_status0);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | trm_hw_status1\n",
1.75.2.2  snj 	    t.trm_hw_status1);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | branchlink2\n", t.blink2);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | interruptlink1\n", t.ilink1);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | interruptlink2\n", t.ilink2);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | data1\n", t.data1);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | data2\n", t.data2);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | data3\n", t.data3);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | beacon time\n", t.bcon_time);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | tsf low\n", t.tsf_low);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | tsf hi\n", t.tsf_hi);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | time gp1\n", t.gp1);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | time gp2\n", t.gp2);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | uCode revision type\n",
1.75.2.2  snj 	    t.fw_rev_type);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | uCode version major\n",
1.75.2.2  snj 	    t.major);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | uCode version minor\n",
1.75.2.2  snj 	    t.minor);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | hw version\n", t.hw_ver);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | board version\n", t.brd_ver);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | hcmd\n", t.hcmd);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | isr0\n", t.isr0);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | isr1\n", t.isr1);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | isr2\n", t.isr2);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | isr3\n", t.isr3);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | isr4\n", t.isr4);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | last cmd Id\n", t.last_cmd_id);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | wait_event\n", t.wait_event);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | l2p_control\n", t.l2p_control);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | l2p_duration\n", t.l2p_duration);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | l2p_mhvalid\n", t.l2p_mhvalid);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | l2p_addr_match\n",
1.75.2.2  snj 	    t.l2p_addr_match);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | lmpm_pmg_sel\n", t.lmpm_pmg_sel);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | timestamp\n", t.u_timestamp);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "%08X | flow_handler\n", t.flow_handler);
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_uc.uc_umac_error_event_table)
1.75.2.2  snj 		iwm_nic_umac_error(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_nic_umac_error(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_umac_error_event_table t;
1.75.2.2  snj 	uint32_t base;
1.75.2.2  snj
1.75.2.2  snj 	base = sc->sc_uc.uc_umac_error_event_table;
1.75.2.2  snj
1.75.2.2  snj 	if (base < 0x800000) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "Invalid error log pointer 0x%08x\n", base);
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_read_mem(sc, base, &t, sizeof(t)/sizeof(uint32_t))) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "reading errlog failed\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (ERROR_START_OFFSET <= t.valid * ERROR_ELEM_SIZE) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "Start UMAC Error Log Dump:\n");
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "Status: 0x%x, count: %d\n",
1.75.2.2  snj 		    sc->sc_flags, t.valid);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | %s\n", t.error_id,
1.75.2.2  snj 		iwm_desc_lookup(t.error_id));
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac branchlink1\n", t.blink1);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac branchlink2\n", t.blink2);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac interruptlink1\n",
1.75.2.2  snj 	    t.ilink1);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac interruptlink2\n",
1.75.2.2  snj 	    t.ilink2);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac data1\n", t.data1);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac data2\n", t.data2);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac data3\n", t.data3);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac major\n", t.umac_major);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | umac minor\n", t.umac_minor);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | frame pointer\n",
1.75.2.2  snj 	    t.frame_pointer);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | stack pointer\n",
1.75.2.2  snj 	    t.stack_pointer);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | last host cmd\n", t.cmd_header);
1.75.2.2  snj 	aprint_error_dev(sc->sc_dev, "0x%08X | isr status reg\n",
1.75.2.2  snj 	    t.nic_isr_pref);
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj #define SYNC_RESP_STRUCT(_var_, _pkt_)					\
1.75.2.2  snj do {									\
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*(_pkt_)),	\
1.75.2.2  snj 	    sizeof(*(_var_)), BUS_DMASYNC_POSTREAD);			\
1.75.2.2  snj 	_var_ = (void *)((_pkt_)+1);					\
1.75.2.2  snj } while (/*CONSTCOND*/0)
1.75.2.2  snj
1.75.2.2  snj #define SYNC_RESP_PTR(_ptr_, _len_, _pkt_)				\
1.75.2.2  snj do {									\
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*(_pkt_)),	\
1.75.2.2  snj 	    sizeof(len), BUS_DMASYNC_POSTREAD);				\
1.75.2.2  snj 	_ptr_ = (void *)((_pkt_)+1);					\
1.75.2.2  snj } while (/*CONSTCOND*/0)
1.75.2.2  snj
1.75.2.2  snj #define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT);
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_notif_intr(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	uint16_t hw;
1.75.2.2  snj
1.75.2.2  snj 	bus_dmamap_sync(sc->sc_dmat, sc->rxq.stat_dma.map,
1.75.2.2  snj 	    0, sc->rxq.stat_dma.size, BUS_DMASYNC_POSTREAD);
1.75.2.2  snj
1.75.2.2  snj 	hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
1.75.2.2  snj 	while (sc->rxq.cur != hw) {
1.75.2.2  snj 		struct iwm_rx_data *data = &sc->rxq.data[sc->rxq.cur];
1.75.2.2  snj 		struct iwm_rx_packet *pkt;
1.75.2.2  snj 		struct iwm_cmd_response *cresp;
1.75.2.2  snj 		int orig_qid, qid, idx, code;
1.75.2.2  snj
1.75.2.2  snj 		bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof(*pkt),
1.75.2.2  snj 		    BUS_DMASYNC_POSTREAD);
1.75.2.2  snj 		pkt = mtod(data->m, struct iwm_rx_packet *);
1.75.2.2  snj
1.75.2.2  snj 		orig_qid = pkt->hdr.qid;
1.75.2.2  snj 		qid = orig_qid & ~0x80;
1.75.2.2  snj 		idx = pkt->hdr.idx;
1.75.2.2  snj
1.75.2.2  snj 		code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code);
1.75.2.2  snj
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * randomly get these from the firmware, no idea why.
1.75.2.2  snj 		 * they at least seem harmless, so just ignore them for now
1.75.2.2  snj 		 */
1.75.2.2  snj 		if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0)
1.75.2.2  snj 		    || pkt->len_n_flags == htole32(0x55550000))) {
1.75.2.2  snj 			ADVANCE_RXQ(sc);
1.75.2.2  snj 			continue;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		switch (code) {
1.75.2.2  snj 		case IWM_REPLY_RX_PHY_CMD:
1.75.2.2  snj 			iwm_rx_rx_phy_cmd(sc, pkt, data);
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_REPLY_RX_MPDU_CMD:
1.75.2.2  snj 			iwm_rx_rx_mpdu(sc, pkt, data);
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_TX_CMD:
1.75.2.2  snj 			iwm_rx_tx_cmd(sc, pkt, data);
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_MISSED_BEACONS_NOTIFICATION:
1.75.2.2  snj 			iwm_rx_missed_beacons_notif(sc, pkt, data);
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_MFUART_LOAD_NOTIFICATION:
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_ALIVE: {
1.75.2.2  snj 			struct iwm_alive_resp_v1 *resp1;
1.75.2.2  snj 			struct iwm_alive_resp_v2 *resp2;
1.75.2.2  snj 			struct iwm_alive_resp_v3 *resp3;
1.75.2.2  snj
1.75.2.2  snj 			if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp1)) {
1.75.2.2  snj 				SYNC_RESP_STRUCT(resp1, pkt);
1.75.2.2  snj 				sc->sc_uc.uc_error_event_table
1.75.2.2  snj 				    = le32toh(resp1->error_event_table_ptr);
1.75.2.2  snj 				sc->sc_uc.uc_log_event_table
1.75.2.2  snj 				    = le32toh(resp1->log_event_table_ptr);
1.75.2.2  snj 				sc->sched_base = le32toh(resp1->scd_base_ptr);
1.75.2.2  snj 				if (resp1->status == IWM_ALIVE_STATUS_OK)
1.75.2.2  snj 					sc->sc_uc.uc_ok = 1;
1.75.2.2  snj 				else
1.75.2.2  snj 					sc->sc_uc.uc_ok = 0;
1.75.2.2  snj 			}
1.75.2.2  snj 			if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp2)) {
1.75.2.2  snj 				SYNC_RESP_STRUCT(resp2, pkt);
1.75.2.2  snj 				sc->sc_uc.uc_error_event_table
1.75.2.2  snj 				    = le32toh(resp2->error_event_table_ptr);
1.75.2.2  snj 				sc->sc_uc.uc_log_event_table
1.75.2.2  snj 				    = le32toh(resp2->log_event_table_ptr);
1.75.2.2  snj 				sc->sched_base = le32toh(resp2->scd_base_ptr);
1.75.2.2  snj 				sc->sc_uc.uc_umac_error_event_table
1.75.2.2  snj 				    = le32toh(resp2->error_info_addr);
1.75.2.2  snj 				if (resp2->status == IWM_ALIVE_STATUS_OK)
1.75.2.2  snj 					sc->sc_uc.uc_ok = 1;
1.75.2.2  snj 				else
1.75.2.2  snj 					sc->sc_uc.uc_ok = 0;
1.75.2.2  snj 			}
1.75.2.2  snj 			if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp3)) {
1.75.2.2  snj 				SYNC_RESP_STRUCT(resp3, pkt);
1.75.2.2  snj 				sc->sc_uc.uc_error_event_table
1.75.2.2  snj 				    = le32toh(resp3->error_event_table_ptr);
1.75.2.2  snj 				sc->sc_uc.uc_log_event_table
1.75.2.2  snj 				    = le32toh(resp3->log_event_table_ptr);
1.75.2.2  snj 				sc->sched_base = le32toh(resp3->scd_base_ptr);
1.75.2.2  snj 				sc->sc_uc.uc_umac_error_event_table
1.75.2.2  snj 				    = le32toh(resp3->error_info_addr);
1.75.2.2  snj 				if (resp3->status == IWM_ALIVE_STATUS_OK)
1.75.2.2  snj 					sc->sc_uc.uc_ok = 1;
1.75.2.2  snj 				else
1.75.2.2  snj 					sc->sc_uc.uc_ok = 0;
1.75.2.2  snj 			}
1.75.2.2  snj
1.75.2.2  snj 			sc->sc_uc.uc_intr = 1;
1.75.2.2  snj 			wakeup(&sc->sc_uc);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_CALIB_RES_NOTIF_PHY_DB: {
1.75.2.2  snj 			struct iwm_calib_res_notif_phy_db *phy_db_notif;
1.75.2.2  snj 			SYNC_RESP_STRUCT(phy_db_notif, pkt);
1.75.2.2  snj 			uint16_t size = le16toh(phy_db_notif->length);
1.75.2.2  snj 			bus_dmamap_sync(sc->sc_dmat, data->map,
1.75.2.2  snj 			    sizeof(*pkt) + sizeof(*phy_db_notif),
1.75.2.2  snj 			    size, BUS_DMASYNC_POSTREAD);
1.75.2.2  snj 			iwm_phy_db_set_section(sc, phy_db_notif, size);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_STATISTICS_NOTIFICATION: {
1.75.2.2  snj 			struct iwm_notif_statistics *stats;
1.75.2.2  snj 			SYNC_RESP_STRUCT(stats, pkt);
1.75.2.2  snj 			memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
1.75.2.2  snj 			sc->sc_noise = iwm_get_noise(&stats->rx.general);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_NVM_ACCESS_CMD:
1.75.2.2  snj 		case IWM_MCC_UPDATE_CMD:
1.75.2.2  snj 			if (sc->sc_wantresp == ((qid << 16) | idx)) {
1.75.2.2  snj 				bus_dmamap_sync(sc->sc_dmat, data->map, 0,
1.75.2.2  snj 				    sizeof(sc->sc_cmd_resp),
1.75.2.2  snj 				    BUS_DMASYNC_POSTREAD);
1.75.2.2  snj 				memcpy(sc->sc_cmd_resp,
1.75.2.2  snj 				    pkt, sizeof(sc->sc_cmd_resp));
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_MCC_CHUB_UPDATE_CMD: {
1.75.2.2  snj 			struct iwm_mcc_chub_notif *notif;
1.75.2.2  snj 			SYNC_RESP_STRUCT(notif, pkt);
1.75.2.2  snj
1.75.2.2  snj 			sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8;
1.75.2.2  snj 			sc->sc_fw_mcc[1] = notif->mcc & 0xff;
1.75.2.2  snj 			sc->sc_fw_mcc[2] = '\0';
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_DTS_MEASUREMENT_NOTIFICATION:
1.75.2.2  snj 		case IWM_WIDE_ID(IWM_PHY_OPS_GROUP,
1.75.2.2  snj 		    IWM_DTS_MEASUREMENT_NOTIF_WIDE): {
1.75.2.2  snj 			struct iwm_dts_measurement_notif_v1 *notif1;
1.75.2.2  snj 			struct iwm_dts_measurement_notif_v2 *notif2;
1.75.2.2  snj
1.75.2.2  snj 			if (iwm_rx_packet_payload_len(pkt) == sizeof(*notif1)) {
1.75.2.2  snj 				SYNC_RESP_STRUCT(notif1, pkt);
1.75.2.2  snj 				DPRINTF(("%s: DTS temp=%d \n",
1.75.2.2  snj 				    DEVNAME(sc), notif1->temp));
1.75.2.2  snj 				break;
1.75.2.2  snj 			}
1.75.2.2  snj 			if (iwm_rx_packet_payload_len(pkt) == sizeof(*notif2)) {
1.75.2.2  snj 				SYNC_RESP_STRUCT(notif2, pkt);
1.75.2.2  snj 				DPRINTF(("%s: DTS temp=%d \n",
1.75.2.2  snj 				    DEVNAME(sc), notif2->temp));
1.75.2.2  snj 				break;
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_PHY_CONFIGURATION_CMD:
1.75.2.2  snj 		case IWM_TX_ANT_CONFIGURATION_CMD:
1.75.2.2  snj 		case IWM_ADD_STA:
1.75.2.2  snj 		case IWM_MAC_CONTEXT_CMD:
1.75.2.2  snj 		case IWM_REPLY_SF_CFG_CMD:
1.75.2.2  snj 		case IWM_POWER_TABLE_CMD:
1.75.2.2  snj 		case IWM_PHY_CONTEXT_CMD:
1.75.2.2  snj 		case IWM_BINDING_CONTEXT_CMD:
1.75.2.2  snj 		case IWM_TIME_EVENT_CMD:
1.75.2.2  snj 		case IWM_SCAN_REQUEST_CMD:
1.75.2.2  snj 		case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD):
1.75.2.2  snj 		case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC):
1.75.2.2  snj 		case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_ABORT_UMAC):
1.75.2.2  snj 		case IWM_SCAN_OFFLOAD_REQUEST_CMD:
1.75.2.2  snj 		case IWM_SCAN_OFFLOAD_ABORT_CMD:
1.75.2.2  snj 		case IWM_REPLY_BEACON_FILTERING_CMD:
1.75.2.2  snj 		case IWM_MAC_PM_POWER_TABLE:
1.75.2.2  snj 		case IWM_TIME_QUOTA_CMD:
1.75.2.2  snj 		case IWM_REMOVE_STA:
1.75.2.2  snj 		case IWM_TXPATH_FLUSH:
1.75.2.2  snj 		case IWM_LQ_CMD:
1.75.2.2  snj 		case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_FW_PAGING_BLOCK_CMD):
1.75.2.2  snj 		case IWM_BT_CONFIG:
1.75.2.2  snj 		case IWM_REPLY_THERMAL_MNG_BACKOFF:
1.75.2.2  snj 			SYNC_RESP_STRUCT(cresp, pkt);
1.75.2.2  snj 			if (sc->sc_wantresp == ((qid << 16) | idx)) {
1.75.2.2  snj 				memcpy(sc->sc_cmd_resp,
1.75.2.2  snj 				    pkt, sizeof(*pkt) + sizeof(*cresp));
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		/* ignore */
1.75.2.2  snj 		case IWM_PHY_DB_CMD:
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_INIT_COMPLETE_NOTIF:
1.75.2.2  snj 			sc->sc_init_complete = 1;
1.75.2.2  snj 			wakeup(&sc->sc_init_complete);
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_SCAN_OFFLOAD_COMPLETE: {
1.75.2.2  snj 			struct iwm_periodic_scan_complete *notif;
1.75.2.2  snj 			SYNC_RESP_STRUCT(notif, pkt);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_SCAN_ITERATION_COMPLETE: {
1.75.2.2  snj 			struct iwm_lmac_scan_complete_notif *notif;
1.75.2.2  snj 			SYNC_RESP_STRUCT(notif, pkt);
1.75.2.2  snj 			if (ISSET(sc->sc_flags, IWM_FLAG_SCANNING)) {
1.75.2.2  snj 				CLR(sc->sc_flags, IWM_FLAG_SCANNING);
1.75.2.2  snj 				iwm_endscan(sc);
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_SCAN_COMPLETE_UMAC: {
1.75.2.2  snj 			struct iwm_umac_scan_complete *notif;
1.75.2.2  snj 			SYNC_RESP_STRUCT(notif, pkt);
1.75.2.2  snj 			if (ISSET(sc->sc_flags, IWM_FLAG_SCANNING)) {
1.75.2.2  snj 				CLR(sc->sc_flags, IWM_FLAG_SCANNING);
1.75.2.2  snj 				iwm_endscan(sc);
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_SCAN_ITERATION_COMPLETE_UMAC: {
1.75.2.2  snj 			struct iwm_umac_scan_iter_complete_notif *notif;
1.75.2.2  snj 			SYNC_RESP_STRUCT(notif, pkt);
1.75.2.2  snj 			if (ISSET(sc->sc_flags, IWM_FLAG_SCANNING)) {
1.75.2.2  snj 				CLR(sc->sc_flags, IWM_FLAG_SCANNING);
1.75.2.2  snj 				iwm_endscan(sc);
1.75.2.2  snj 			}
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_REPLY_ERROR: {
1.75.2.2  snj 			struct iwm_error_resp *resp;
1.75.2.2  snj 			SYNC_RESP_STRUCT(resp, pkt);
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "firmware error 0x%x, cmd 0x%x\n",
1.75.2.2  snj 			    le32toh(resp->error_type), resp->cmd_id);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_TIME_EVENT_NOTIFICATION: {
1.75.2.2  snj 			struct iwm_time_event_notif *notif;
1.75.2.2  snj 			SYNC_RESP_STRUCT(notif, pkt);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		case IWM_DEBUG_LOG_MSG:
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_MCAST_FILTER_CMD:
1.75.2.2  snj 			break;
1.75.2.2  snj
1.75.2.2  snj 		case IWM_SCD_QUEUE_CFG: {
1.75.2.2  snj 			struct iwm_scd_txq_cfg_rsp *rsp;
1.75.2.2  snj 			SYNC_RESP_STRUCT(rsp, pkt);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		default:
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "unhandled firmware response 0x%x 0x%x/0x%x "
1.75.2.2  snj 			    "rx ring %d[%d]\n",
1.75.2.2  snj 			    code, pkt->hdr.code, pkt->len_n_flags, qid, idx);
1.75.2.2  snj 			break;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * uCode sets bit 0x80 when it originates the notification,
1.75.2.2  snj 		 * i.e. when the notification is not a direct response to a
1.75.2.2  snj 		 * command sent by the driver.
1.75.2.2  snj 		 * For example, uCode issues IWM_REPLY_RX when it sends a
1.75.2.2  snj 		 * received frame to the driver.
1.75.2.2  snj 		 */
1.75.2.2  snj 		if (!(orig_qid & (1 << 7))) {
1.75.2.2  snj 			iwm_cmd_done(sc, qid, idx);
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		ADVANCE_RXQ(sc);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Seems like the hardware gets upset unless we align the write by 8??
1.75.2.2  snj 	 */
1.75.2.2  snj 	hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1;
1.75.2.2  snj 	IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_intr(void *arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = arg;
1.75.2.2  snj
1.75.2.2  snj 	/* Disable interrupts */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1.75.2.2  snj
1.75.2.2  snj 	iwm_softintr(arg);
1.75.2.2  snj 	return 1;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_softintr(void *arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = arg;
1.75.2.2  snj 	struct ifnet *ifp = IC2IFP(&sc->sc_ic);
1.75.2.2  snj 	uint32_t r1, r2;
1.75.2.2  snj 	int isperiodic = 0, s;
1.75.2.2  snj
1.75.2.2  snj 	if (__predict_true(sc->sc_flags & IWM_FLAG_USE_ICT)) {
1.75.2.2  snj 		uint32_t *ict = sc->ict_dma.vaddr;
1.75.2.2  snj 		int tmp;
1.75.2.2  snj
1.75.2.2  snj 		bus_dmamap_sync(sc->sc_dmat, sc->ict_dma.map,
1.75.2.2  snj 		    0, sc->ict_dma.size, BUS_DMASYNC_POSTREAD);
1.75.2.2  snj 		tmp = htole32(ict[sc->ict_cur]);
1.75.2.2  snj 		if (tmp == 0)
1.75.2.2  snj 			goto out_ena;	/* Interrupt not for us. */
1.75.2.2  snj
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * ok, there was something.  keep plowing until we have all.
1.75.2.2  snj 		 */
1.75.2.2  snj 		r1 = r2 = 0;
1.75.2.2  snj 		while (tmp) {
1.75.2.2  snj 			r1 |= tmp;
1.75.2.2  snj 			ict[sc->ict_cur] = 0;	/* Acknowledge. */
1.75.2.2  snj 			sc->ict_cur = (sc->ict_cur + 1) % IWM_ICT_COUNT;
1.75.2.2  snj 			tmp = htole32(ict[sc->ict_cur]);
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		bus_dmamap_sync(sc->sc_dmat, sc->ict_dma.map,
1.75.2.2  snj 		    0, sc->ict_dma.size, BUS_DMASYNC_PREWRITE);
1.75.2.2  snj
1.75.2.2  snj 		/* this is where the fun begins.  don't ask */
1.75.2.2  snj 		if (r1 == 0xffffffff)
1.75.2.2  snj 			r1 = 0;
1.75.2.2  snj
1.75.2.2  snj 		/* i am not expected to understand this */
1.75.2.2  snj 		if (r1 & 0xc0000)
1.75.2.2  snj 			r1 |= 0x8000;
1.75.2.2  snj 		r1 = (0xff & r1) | ((0xff00 & r1) << 16);
1.75.2.2  snj 	} else {
1.75.2.2  snj 		r1 = IWM_READ(sc, IWM_CSR_INT);
1.75.2.2  snj 		if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
1.75.2.2  snj 			return;	/* Hardware gone! */
1.75.2.2  snj 		r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
1.75.2.2  snj 	}
1.75.2.2  snj 	if (r1 == 0 && r2 == 0) {
1.75.2.2  snj 		goto out_ena;	/* Interrupt not for us. */
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Acknowledge interrupts. */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
1.75.2.2  snj 	if (__predict_false(!(sc->sc_flags & IWM_FLAG_USE_ICT)))
1.75.2.2  snj 		IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, r2);
1.75.2.2  snj
1.75.2.2  snj 	if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj 		int i;
1.75.2.2  snj
1.75.2.2  snj 		iwm_nic_error(sc);
1.75.2.2  snj
1.75.2.2  snj 		/* Dump driver status (TX and RX rings) while we're here. */
1.75.2.2  snj 		DPRINTF(("driver status:\n"));
1.75.2.2  snj 		for (i = 0; i < IWM_MAX_QUEUES; i++) {
1.75.2.2  snj 			struct iwm_tx_ring *ring = &sc->txq[i];
1.75.2.2  snj 			DPRINTF(("  tx ring %2d: qid=%-2d cur=%-3d "
1.75.2.2  snj 			    "queued=%-3d\n",
1.75.2.2  snj 			    i, ring->qid, ring->cur, ring->queued));
1.75.2.2  snj 		}
1.75.2.2  snj 		DPRINTF(("  rx ring: cur=%d\n", sc->rxq.cur));
1.75.2.2  snj 		DPRINTF(("  802.11 state %s\n",
1.75.2.2  snj 		    ieee80211_state_name[sc->sc_ic.ic_state]));
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "fatal firmware error\n");
1.75.2.2  snj  fatal:
1.75.2.2  snj 		s = splnet();
1.75.2.2  snj 		ifp->if_flags &= ~IFF_UP;
1.75.2.2  snj 		iwm_stop(ifp, 1);
1.75.2.2  snj 		splx(s);
1.75.2.2  snj 		/* Don't restore interrupt mask */
1.75.2.2  snj 		return;
1.75.2.2  snj
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "hardware error, stopping device\n");
1.75.2.2  snj 		goto fatal;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* firmware chunk loaded */
1.75.2.2  snj 	if (r1 & IWM_CSR_INT_BIT_FH_TX) {
1.75.2.2  snj 		IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
1.75.2.2  snj 		sc->sc_fw_chunk_done = 1;
1.75.2.2  snj 		wakeup(&sc->sc_fw);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
1.75.2.2  snj 		if (iwm_check_rfkill(sc) && (ifp->if_flags & IFF_UP))
1.75.2.2  snj 			goto fatal;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
1.75.2.2  snj 		IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
1.75.2.2  snj 		if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
1.75.2.2  snj 			IWM_WRITE_1(sc,
1.75.2.2  snj 			    IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
1.75.2.2  snj 		isperiodic = 1;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) ||
1.75.2.2  snj 	    isperiodic) {
1.75.2.2  snj 		IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
1.75.2.2  snj
1.75.2.2  snj 		iwm_notif_intr(sc);
1.75.2.2  snj
1.75.2.2  snj 		/* enable periodic interrupt, see above */
1.75.2.2  snj 		if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) &&
1.75.2.2  snj 		    !isperiodic)
1.75.2.2  snj 			IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
1.75.2.2  snj 			    IWM_CSR_INT_PERIODIC_ENA);
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj out_ena:
1.75.2.2  snj 	iwm_restore_interrupts(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj /*
1.75.2.2  snj  * Autoconf glue-sniffing
1.75.2.2  snj  */
1.75.2.2  snj
1.75.2.2  snj static const pci_product_id_t iwm_devices[] = {
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_7260_1,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_7260_2,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_3160_1,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_3160_2,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_7265_1,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_7265_2,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_3165_1,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_3165_2,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_8260_1,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_8260_2,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_4165_1,
1.75.2.2  snj 	PCI_PRODUCT_INTEL_WIFI_LINK_4165_2,
1.75.2.2  snj };
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_match(device_t parent, cfdata_t match __unused, void *aux)
1.75.2.2  snj {
1.75.2.2  snj 	struct pci_attach_args *pa = aux;
1.75.2.2  snj
1.75.2.2  snj 	if (PCI_VENDOR(pa->pa_id) != PCI_VENDOR_INTEL)
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	for (size_t i = 0; i < __arraycount(iwm_devices); i++)
1.75.2.2  snj 		if (PCI_PRODUCT(pa->pa_id) == iwm_devices[i])
1.75.2.2  snj 			return 1;
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_preinit(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	int err;
1.75.2.2  snj
1.75.2.2  snj 	if (ISSET(sc->sc_flags, IWM_FLAG_ATTACHED))
1.75.2.2  snj 		return 0;
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_start_hw(sc);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "could not initialize hardware\n");
1.75.2.2  snj 		return err;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_run_init_mvm_ucode(sc, 1);
1.75.2.2  snj 	iwm_stop_device(sc);
1.75.2.2  snj 	if (err)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_flags |= IWM_FLAG_ATTACHED;
1.75.2.2  snj
1.75.2.2  snj 	aprint_normal_dev(sc->sc_dev, "hw rev 0x%x, fw ver %s, address %s\n",
1.75.2.2  snj 	    sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, sc->sc_fwver,
1.75.2.2  snj 	    ether_sprintf(sc->sc_nvm.hw_addr));
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	if (sc->sc_nvm.sku_cap_11n_enable)
1.75.2.2  snj 		iwm_setup_ht_rates(sc);
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	/* not all hardware can do 5GHz band */
1.75.2.2  snj 	if (sc->sc_nvm.sku_cap_band_52GHz_enable)
1.75.2.2  snj 		ic->ic_sup_rates[IEEE80211_MODE_11A] = ieee80211_std_rateset_11a;
1.75.2.2  snj
1.75.2.2  snj 	ieee80211_ifattach(ic);
1.75.2.2  snj
1.75.2.2  snj 	ic->ic_node_alloc = iwm_node_alloc;
1.75.2.2  snj
1.75.2.2  snj 	/* Override 802.11 state transition machine. */
1.75.2.2  snj 	sc->sc_newstate = ic->ic_newstate;
1.75.2.2  snj 	ic->ic_newstate = iwm_newstate;
1.75.2.2  snj 	ieee80211_media_init(ic, iwm_media_change, ieee80211_media_status);
1.75.2.2  snj 	ieee80211_announce(ic);
1.75.2.2  snj
1.75.2.2  snj 	iwm_radiotap_attach(sc);
1.75.2.2  snj
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_attach_hook(device_t dev)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = device_private(dev);
1.75.2.2  snj
1.75.2.2  snj 	iwm_preinit(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_attach(device_t parent, device_t self, void *aux)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = device_private(self);
1.75.2.2  snj 	struct pci_attach_args *pa = aux;
1.75.2.2  snj 	struct ieee80211com *ic = &sc->sc_ic;
1.75.2.2  snj 	struct ifnet *ifp = &sc->sc_ec.ec_if;
1.75.2.2  snj 	pcireg_t reg, memtype;
1.75.2.2  snj 	pci_intr_handle_t ih;
1.75.2.2  snj 	char intrbuf[PCI_INTRSTR_LEN];
1.75.2.2  snj 	const char *intrstr;
1.75.2.2  snj 	int err;
1.75.2.2  snj 	int txq_i;
1.75.2.2  snj 	const struct sysctlnode *node;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_dev = self;
1.75.2.2  snj 	sc->sc_pct = pa->pa_pc;
1.75.2.2  snj 	sc->sc_pcitag = pa->pa_tag;
1.75.2.2  snj 	sc->sc_dmat = pa->pa_dmat;
1.75.2.2  snj 	sc->sc_pciid = pa->pa_id;
1.75.2.2  snj
1.75.2.2  snj 	pci_aprint_devinfo(pa, NULL);
1.75.2.2  snj
1.75.2.2  snj 	if (workqueue_create(&sc->sc_nswq, "iwmns",
1.75.2.2  snj 	    iwm_newstate_cb, sc, PRI_NONE, IPL_NET, 0))
1.75.2.2  snj 		panic("%s: could not create workqueue: newstate",
1.75.2.2  snj 		    device_xname(self));
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Get the offset of the PCI Express Capability Structure in PCI
1.75.2.2  snj 	 * Configuration Space.
1.75.2.2  snj 	 */
1.75.2.2  snj 	err = pci_get_capability(sc->sc_pct, sc->sc_pcitag,
1.75.2.2  snj 	    PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL);
1.75.2.2  snj 	if (err == 0) {
1.75.2.2  snj 		aprint_error_dev(self,
1.75.2.2  snj 		    "PCIe capability structure not found!\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Clear device-specific "PCI retry timeout" register (41h). */
1.75.2.2  snj 	reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40);
1.75.2.2  snj 	pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg & ~0xff00);
1.75.2.2  snj
1.75.2.2  snj 	/* Enable bus-mastering */
1.75.2.2  snj 	reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG);
1.75.2.2  snj 	reg |= PCI_COMMAND_MASTER_ENABLE;
1.75.2.2  snj 	pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, reg);
1.75.2.2  snj
1.75.2.2  snj 	memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, PCI_MAPREG_START);
1.75.2.2  snj 	err = pci_mapreg_map(pa, PCI_MAPREG_START, memtype, 0,
1.75.2.2  snj 	    &sc->sc_st, &sc->sc_sh, NULL, &sc->sc_sz);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(self, "can't map mem space\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Install interrupt handler. */
1.75.2.2  snj 	err = pci_intr_map(pa, &ih);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(self, "can't allocate interrupt\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj 	reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG);
1.75.2.2  snj 	CLR(reg, PCI_COMMAND_INTERRUPT_DISABLE);
1.75.2.2  snj 	pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, reg);
1.75.2.2  snj 	intrstr = pci_intr_string(sc->sc_pct, ih, intrbuf, sizeof(intrbuf));
1.75.2.2  snj 	sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, iwm_intr, sc);
1.75.2.2  snj 	if (sc->sc_ih == NULL) {
1.75.2.2  snj 		aprint_error_dev(self, "can't establish interrupt");
1.75.2.2  snj 		if (intrstr != NULL)
1.75.2.2  snj 			aprint_error(" at %s", intrstr);
1.75.2.2  snj 		aprint_error("\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj 	aprint_normal_dev(self, "interrupting at %s\n", intrstr);
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_wantresp = IWM_CMD_RESP_IDLE;
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
1.75.2.2  snj 	switch (PCI_PRODUCT(sc->sc_pciid)) {
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_3160_1:
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_3160_2:
1.75.2.2  snj 		sc->sc_fwname = "iwlwifi-3160-17.ucode";
1.75.2.2  snj 		sc->host_interrupt_operation_mode = 1;
1.75.2.2  snj 		sc->apmg_wake_up_wa = 1;
1.75.2.2  snj 		sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
1.75.2.2  snj 		sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
1.75.2.2  snj 		break;
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_3165_1:
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_3165_2:
1.75.2.2  snj 		sc->sc_fwname = "iwlwifi-7265D-22.ucode";
1.75.2.2  snj 		sc->host_interrupt_operation_mode = 0;
1.75.2.2  snj 		sc->apmg_wake_up_wa = 1;
1.75.2.2  snj 		sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
1.75.2.2  snj 		sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
1.75.2.2  snj 		break;
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_3168:
1.75.2.2  snj 		sc->sc_fwname = "iwlwifi-3168-22.ucode";
1.75.2.2  snj 		sc->host_interrupt_operation_mode = 0;
1.75.2.2  snj 		sc->apmg_wake_up_wa = 1;
1.75.2.2  snj 		sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
1.75.2.2  snj 		sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
1.75.2.2  snj 		break;
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_7260_1:
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_7260_2:
1.75.2.2  snj 		sc->sc_fwname = "iwlwifi-7260-17.ucode";
1.75.2.2  snj 		sc->host_interrupt_operation_mode = 1;
1.75.2.2  snj 		sc->apmg_wake_up_wa = 1;
1.75.2.2  snj 		sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
1.75.2.2  snj 		sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
1.75.2.2  snj 		break;
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_7265_1:
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_7265_2:
1.75.2.2  snj 		sc->sc_fwname = (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) ==
1.75.2.2  snj 		    IWM_CSR_HW_REV_TYPE_7265D ?
1.75.2.2  snj 		    "iwlwifi-7265D-22.ucode": "iwlwifi-7265-17.ucode";
1.75.2.2  snj 		sc->host_interrupt_operation_mode = 0;
1.75.2.2  snj 		sc->apmg_wake_up_wa = 1;
1.75.2.2  snj 		sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
1.75.2.2  snj 		sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
1.75.2.2  snj 		break;
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_8260_1:
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_8260_2:
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_4165_1:
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_4165_2:
1.75.2.2  snj 		sc->sc_fwname = "iwlwifi-8000C-22.ucode";
1.75.2.2  snj 		sc->host_interrupt_operation_mode = 0;
1.75.2.2  snj 		sc->apmg_wake_up_wa = 0;
1.75.2.2  snj 		sc->sc_device_family = IWM_DEVICE_FAMILY_8000;
1.75.2.2  snj 		sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000;
1.75.2.2  snj 		break;
1.75.2.2  snj 	case PCI_PRODUCT_INTEL_WIFI_LINK_8265:
1.75.2.2  snj 		sc->sc_fwname = "iwlwifi-8265-22.ucode";
1.75.2.2  snj 		sc->host_interrupt_operation_mode = 0;
1.75.2.2  snj 		sc->apmg_wake_up_wa = 0;
1.75.2.2  snj 		sc->sc_device_family = IWM_DEVICE_FAMILY_8000;
1.75.2.2  snj 		sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000;
1.75.2.2  snj 		break;
1.75.2.2  snj 	default:
1.75.2.2  snj 		aprint_error_dev(self, "unknown product %#x",
1.75.2.2  snj 		    PCI_PRODUCT(sc->sc_pciid));
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj 	DPRINTF(("%s: firmware=%s\n", DEVNAME(sc), sc->sc_fwname));
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have
1.75.2.2  snj 	 * changed, and now the revision step also includes bit 0-1 (no more
1.75.2.2  snj 	 * "dash" value). To keep hw_rev backwards compatible - we'll store it
1.75.2.2  snj 	 * in the old format.
1.75.2.2  snj 	 */
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
1.75.2.2  snj 		sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) |
1.75.2.2  snj 		    (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2);
1.75.2.2  snj
1.75.2.2  snj 	if (iwm_prepare_card_hw(sc) != 0) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "could not initialize hardware\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
1.75.2.2  snj 		uint32_t hw_step;
1.75.2.2  snj
1.75.2.2  snj 		/*
1.75.2.2  snj 		 * In order to recognize C step the driver should read the
1.75.2.2  snj 		 * chip version id located at the AUX bus MISC address.
1.75.2.2  snj 		 */
1.75.2.2  snj 		IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 			    IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
1.75.2.2  snj 		DELAY(2);
1.75.2.2  snj
1.75.2.2  snj 		err = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
1.75.2.2  snj 				   IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
1.75.2.2  snj 				   IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
1.75.2.2  snj 				   25000);
1.75.2.2  snj 		if (!err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "failed to wake up the nic\n");
1.75.2.2  snj 			return;
1.75.2.2  snj 		}
1.75.2.2  snj
1.75.2.2  snj 		if (iwm_nic_lock(sc)) {
1.75.2.2  snj 			hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG);
1.75.2.2  snj 			hw_step |= IWM_ENABLE_WFPM;
1.75.2.2  snj 			iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step);
1.75.2.2  snj 			hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG);
1.75.2.2  snj 			hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF;
1.75.2.2  snj 			if (hw_step == 0x3)
1.75.2.2  snj 				sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) |
1.75.2.2  snj 				    (IWM_SILICON_C_STEP << 2);
1.75.2.2  snj 			iwm_nic_unlock(sc);
1.75.2.2  snj 		} else {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "failed to lock the nic\n");
1.75.2.2  snj 			return;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Allocate DMA memory for firmware transfers.
1.75.2.2  snj 	 * Must be aligned on a 16-byte boundary.
1.75.2.2  snj 	 */
1.75.2.2  snj 	err = iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, sc->sc_fwdmasegsz,
1.75.2.2  snj 	    16);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not allocate memory for firmware\n");
1.75.2.2  snj 		return;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Allocate "Keep Warm" page, used internally by the card. */
1.75.2.2  snj 	err = iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not allocate keep warm page\n");
1.75.2.2  snj 		goto fail1;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Allocate interrupt cause table (ICT).*/
1.75.2.2  snj 	err = iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, IWM_ICT_SIZE,
1.75.2.2  snj 	    1 << IWM_ICT_PADDR_SHIFT);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "could not allocate ICT table\n");
1.75.2.2  snj 		goto fail2;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* TX scheduler rings must be aligned on a 1KB boundary. */
1.75.2.2  snj 	err = iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
1.75.2.2  snj 	    __arraycount(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 		    "could not allocate TX scheduler rings\n");
1.75.2.2  snj 		goto fail3;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	for (txq_i = 0; txq_i < __arraycount(sc->txq); txq_i++) {
1.75.2.2  snj 		err = iwm_alloc_tx_ring(sc, &sc->txq[txq_i], txq_i);
1.75.2.2  snj 		if (err) {
1.75.2.2  snj 			aprint_error_dev(sc->sc_dev,
1.75.2.2  snj 			    "could not allocate TX ring %d\n", txq_i);
1.75.2.2  snj 			goto fail4;
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	err = iwm_alloc_rx_ring(sc, &sc->rxq);
1.75.2.2  snj 	if (err) {
1.75.2.2  snj 		aprint_error_dev(sc->sc_dev, "could not allocate RX ring\n");
1.75.2.2  snj 		goto fail4;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/* Clear pending interrupts. */
1.75.2.2  snj 	IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
1.75.2.2  snj
1.75.2.2  snj 	if ((err = sysctl_createv(&sc->sc_clog, 0, NULL, &node,
1.75.2.2  snj 	    0, CTLTYPE_NODE, device_xname(sc->sc_dev),
1.75.2.2  snj 	    SYSCTL_DESCR("iwm per-controller controls"),
1.75.2.2  snj 	    NULL, 0, NULL, 0,
1.75.2.2  snj 	    CTL_HW, iwm_sysctl_root_num, CTL_CREATE,
1.75.2.2  snj 	    CTL_EOL)) != 0) {
1.75.2.2  snj 		aprint_normal_dev(sc->sc_dev,
1.75.2.2  snj 		    "couldn't create iwm per-controller sysctl node\n");
1.75.2.2  snj 	}
1.75.2.2  snj 	if (err == 0) {
1.75.2.2  snj 		int iwm_nodenum = node->sysctl_num;
1.75.2.2  snj
1.75.2.2  snj 		/* Reload firmware sysctl node */
1.75.2.2  snj 		if ((err = sysctl_createv(&sc->sc_clog, 0, NULL, &node,
1.75.2.2  snj 		    CTLFLAG_READWRITE, CTLTYPE_INT, "fw_loaded",
1.75.2.2  snj 		    SYSCTL_DESCR("Reload firmware"),
1.75.2.2  snj 		    iwm_sysctl_fw_loaded_handler, 0, (void *)sc, 0,
1.75.2.2  snj 		    CTL_HW, iwm_sysctl_root_num, iwm_nodenum, CTL_CREATE,
1.75.2.2  snj 		    CTL_EOL)) != 0) {
1.75.2.2  snj 			aprint_normal_dev(sc->sc_dev,
1.75.2.2  snj 			    "couldn't create load_fw sysctl node\n");
1.75.2.2  snj 		}
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * Attach interface
1.75.2.2  snj 	 */
1.75.2.2  snj 	ic->ic_ifp = ifp;
1.75.2.2  snj 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
1.75.2.2  snj 	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
1.75.2.2  snj 	ic->ic_state = IEEE80211_S_INIT;
1.75.2.2  snj
1.75.2.2  snj 	/* Set device capabilities. */
1.75.2.2  snj 	ic->ic_caps =
1.75.2.2  snj 	    IEEE80211_C_WEP |		/* WEP */
1.75.2.2  snj 	    IEEE80211_C_WPA |		/* 802.11i */
1.75.2.2  snj #ifdef notyet
1.75.2.2  snj 	    IEEE80211_C_SCANALL |	/* device scans all channels at once */
1.75.2.2  snj 	    IEEE80211_C_SCANALLBAND |	/* device scans all bands at once */
1.75.2.2  snj #endif
1.75.2.2  snj 	    IEEE80211_C_SHSLOT |	/* short slot time supported */
1.75.2.2  snj 	    IEEE80211_C_SHPREAMBLE;	/* short preamble supported */
1.75.2.2  snj
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	ic->ic_htcaps = IEEE80211_HTCAP_SGI20;
1.75.2.2  snj 	ic->ic_htxcaps = 0;
1.75.2.2  snj 	ic->ic_txbfcaps = 0;
1.75.2.2  snj 	ic->ic_aselcaps = 0;
1.75.2.2  snj 	ic->ic_ampdu_params = (IEEE80211_AMPDU_PARAM_SS_4 | 0x3 /* 64k */);
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	/* all hardware can do 2.4GHz band */
1.75.2.2  snj 	ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b;
1.75.2.2  snj 	ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g;
1.75.2.2  snj
1.75.2.2  snj 	for (int i = 0; i < __arraycount(sc->sc_phyctxt); i++) {
1.75.2.2  snj 		sc->sc_phyctxt[i].id = i;
1.75.2.2  snj 	}
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_amrr.amrr_min_success_threshold =  1;
1.75.2.2  snj 	sc->sc_amrr.amrr_max_success_threshold = 15;
1.75.2.2  snj
1.75.2.2  snj 	/* IBSS channel undefined for now. */
1.75.2.2  snj 	ic->ic_ibss_chan = &ic->ic_channels[1];
1.75.2.2  snj
1.75.2.2  snj #if 0
1.75.2.2  snj 	ic->ic_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	ifp->if_softc = sc;
1.75.2.2  snj 	ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
1.75.2.2  snj 	ifp->if_init = iwm_init;
1.75.2.2  snj 	ifp->if_stop = iwm_stop;
1.75.2.2  snj 	ifp->if_ioctl = iwm_ioctl;
1.75.2.2  snj 	ifp->if_start = iwm_start;
1.75.2.2  snj 	ifp->if_watchdog = iwm_watchdog;
1.75.2.2  snj 	IFQ_SET_READY(&ifp->if_snd);
1.75.2.2  snj 	memcpy(ifp->if_xname, DEVNAME(sc), IFNAMSIZ);
1.75.2.2  snj
1.75.2.2  snj 	if_attach(ifp);
1.75.2.2  snj #if 0
1.75.2.2  snj 	ieee80211_ifattach(ic);
1.75.2.2  snj #else
1.75.2.2  snj 	ether_ifattach(ifp, ic->ic_myaddr);	/* XXX */
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	callout_init(&sc->sc_calib_to, 0);
1.75.2.2  snj 	callout_setfunc(&sc->sc_calib_to, iwm_calib_timeout, sc);
1.75.2.2  snj 	callout_init(&sc->sc_led_blink_to, 0);
1.75.2.2  snj 	callout_setfunc(&sc->sc_led_blink_to, iwm_led_blink_timeout, sc);
1.75.2.2  snj #ifndef IEEE80211_NO_HT
1.75.2.2  snj 	if (workqueue_create(&sc->sc_setratewq, "iwmsr",
1.75.2.2  snj 	    iwm_setrates_task, sc, PRI_NONE, IPL_NET, 0))
1.75.2.2  snj 		panic("%s: could not create workqueue: setrates",
1.75.2.2  snj 		    device_xname(self));
1.75.2.2  snj 	if (workqueue_create(&sc->sc_bawq, "iwmba",
1.75.2.2  snj 	    iwm_ba_task, sc, PRI_NONE, IPL_NET, 0))
1.75.2.2  snj 		panic("%s: could not create workqueue: blockack",
1.75.2.2  snj 		    device_xname(self));
1.75.2.2  snj 	if (workqueue_create(&sc->sc_htprowq, "iwmhtpro",
1.75.2.2  snj 	    iwm_htprot_task, sc, PRI_NONE, IPL_NET, 0))
1.75.2.2  snj 		panic("%s: could not create workqueue: htprot",
1.75.2.2  snj 		    device_xname(self));
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj 	if (pmf_device_register(self, NULL, NULL))
1.75.2.2  snj 		pmf_class_network_register(self, ifp);
1.75.2.2  snj 	else
1.75.2.2  snj 		aprint_error_dev(self, "couldn't establish power handler\n");
1.75.2.2  snj
1.75.2.2  snj 	/*
1.75.2.2  snj 	 * We can't do normal attach before the file system is mounted
1.75.2.2  snj 	 * because we cannot read the MAC address without loading the
1.75.2.2  snj 	 * firmware from disk.  So we postpone until mountroot is done.
1.75.2.2  snj 	 * Notably, this will require a full driver unload/load cycle
1.75.2.2  snj 	 * (or reboot) in case the firmware is not present when the
1.75.2.2  snj 	 * hook runs.
1.75.2.2  snj 	 */
1.75.2.2  snj 	config_mountroot(self, iwm_attach_hook);
1.75.2.2  snj
1.75.2.2  snj 	return;
1.75.2.2  snj
1.75.2.2  snj fail4:	while (--txq_i >= 0)
1.75.2.2  snj 		iwm_free_tx_ring(sc, &sc->txq[txq_i]);
1.75.2.2  snj 	iwm_free_rx_ring(sc, &sc->rxq);
1.75.2.2  snj 	iwm_dma_contig_free(&sc->sched_dma);
1.75.2.2  snj fail3:	if (sc->ict_dma.vaddr != NULL)
1.75.2.2  snj 		iwm_dma_contig_free(&sc->ict_dma);
1.75.2.2  snj fail2:	iwm_dma_contig_free(&sc->kw_dma);
1.75.2.2  snj fail1:	iwm_dma_contig_free(&sc->fw_dma);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj void
1.75.2.2  snj iwm_radiotap_attach(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	struct ifnet *ifp = IC2IFP(&sc->sc_ic);
1.75.2.2  snj
1.75.2.2  snj 	bpf_attach2(ifp, DLT_IEEE802_11_RADIO,
1.75.2.2  snj 	    sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN,
1.75.2.2  snj 	    &sc->sc_drvbpf);
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
1.75.2.2  snj 	sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
1.75.2.2  snj 	sc->sc_rxtap.wr_ihdr.it_present = htole32(IWM_RX_RADIOTAP_PRESENT);
1.75.2.2  snj
1.75.2.2  snj 	sc->sc_txtap_len = sizeof sc->sc_txtapu;
1.75.2.2  snj 	sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
1.75.2.2  snj 	sc->sc_txtap.wt_ihdr.it_present = htole32(IWM_TX_RADIOTAP_PRESENT);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj #if 0
1.75.2.2  snj static void
1.75.2.2  snj iwm_init_task(void *arg)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = arg;
1.75.2.2  snj 	struct ifnet *ifp = IC2IFP(&sc->sc_ic);
1.75.2.2  snj 	int s;
1.75.2.2  snj
1.75.2.2  snj 	rw_enter_write(&sc->ioctl_rwl);
1.75.2.2  snj 	s = splnet();
1.75.2.2  snj
1.75.2.2  snj 	iwm_stop(ifp, 0);
1.75.2.2  snj 	if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP)
1.75.2.2  snj 		iwm_init(ifp);
1.75.2.2  snj
1.75.2.2  snj 	splx(s);
1.75.2.2  snj 	rw_exit(&sc->ioctl_rwl);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static void
1.75.2.2  snj iwm_wakeup(struct iwm_softc *sc)
1.75.2.2  snj {
1.75.2.2  snj 	pcireg_t reg;
1.75.2.2  snj
1.75.2.2  snj 	/* Clear device-specific "PCI retry timeout" register (41h). */
1.75.2.2  snj 	reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40);
1.75.2.2  snj 	pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg & ~0xff00);
1.75.2.2  snj
1.75.2.2  snj 	iwm_init_task(sc);
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_activate(device_t self, enum devact act)
1.75.2.2  snj {
1.75.2.2  snj 	struct iwm_softc *sc = device_private(self);
1.75.2.2  snj 	struct ifnet *ifp = IC2IFP(&sc->sc_ic);
1.75.2.2  snj
1.75.2.2  snj 	switch (act) {
1.75.2.2  snj 	case DVACT_DEACTIVATE:
1.75.2.2  snj 		if (ifp->if_flags & IFF_RUNNING)
1.75.2.2  snj 			iwm_stop(ifp, 0);
1.75.2.2  snj 		return 0;
1.75.2.2  snj 	default:
1.75.2.2  snj 		return EOPNOTSUPP;
1.75.2.2  snj 	}
1.75.2.2  snj }
1.75.2.2  snj #endif
1.75.2.2  snj
1.75.2.2  snj CFATTACH_DECL_NEW(iwm, sizeof(struct iwm_softc), iwm_match, iwm_attach,
1.75.2.2  snj 	NULL, NULL);
1.75.2.2  snj
1.75.2.2  snj static int
1.75.2.2  snj iwm_sysctl_fw_loaded_handler(SYSCTLFN_ARGS)
1.75.2.2  snj {
1.75.2.2  snj 	struct sysctlnode node;
1.75.2.2  snj 	struct iwm_softc *sc;
1.75.2.2  snj 	int err, t;
1.75.2.2  snj
1.75.2.2  snj 	node = *rnode;
1.75.2.2  snj 	sc = node.sysctl_data;
1.75.2.2  snj 	t = ISSET(sc->sc_flags, IWM_FLAG_FW_LOADED) ? 1 : 0;
1.75.2.2  snj 	node.sysctl_data = &t;
1.75.2.2  snj 	err = sysctl_lookup(SYSCTLFN_CALL(&node));
1.75.2.2  snj 	if (err || newp == NULL)
1.75.2.2  snj 		return err;
1.75.2.2  snj
1.75.2.2  snj 	if (t == 0)
1.75.2.2  snj 		CLR(sc->sc_flags, IWM_FLAG_FW_LOADED);
1.75.2.2  snj 	return 0;
1.75.2.2  snj }
1.75.2.2  snj
1.75.2.2  snj SYSCTL_SETUP(sysctl_iwm, "sysctl iwm(4) subtree setup")
1.75.2.2  snj {
1.75.2.2  snj 	const struct sysctlnode *rnode;
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj 	const struct sysctlnode *cnode;
1.75.2.2  snj #endif /* IWM_DEBUG */
1.75.2.2  snj 	int rc;
1.75.2.2  snj
1.75.2.2  snj 	if ((rc = sysctl_createv(clog, 0, NULL, &rnode,
1.75.2.2  snj 	    CTLFLAG_PERMANENT, CTLTYPE_NODE, "iwm",
1.75.2.2  snj 	    SYSCTL_DESCR("iwm global controls"),
1.75.2.2  snj 	    NULL, 0, NULL, 0, CTL_HW, CTL_CREATE, CTL_EOL)) != 0)
1.75.2.2  snj 		goto err;
1.75.2.2  snj
1.75.2.2  snj 	iwm_sysctl_root_num = rnode->sysctl_num;
1.75.2.2  snj
1.75.2.2  snj #ifdef IWM_DEBUG
1.75.2.2  snj 	/* control debugging printfs */
1.75.2.2  snj 	if ((rc = sysctl_createv(clog, 0, &rnode, &cnode,
1.75.2.2  snj 	    CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT,
1.75.2.2  snj 	    "debug", SYSCTL_DESCR("Enable debugging output"),
1.75.2.2  snj 	    NULL, 0, &iwm_debug, 0, CTL_CREATE, CTL_EOL)) != 0)
1.75.2.2  snj 		goto err;
1.75.2.2  snj #endif /* IWM_DEBUG */
1.75.2.2  snj
1.75.2.2  snj 	return;
1.75.2.2  snj
1.75.2.2  snj  err:
1.75.2.2  snj 	aprint_error("%s: sysctl_createv failed (rc = %d)\n", __func__, rc);
1.75.2.2  snj }