if_iwn.c revision 1.19
1 /* $NetBSD: if_iwn.c,v 1.19 2008/09/20 18:28:28 freza Exp $ */ 2 3 /*- 4 * Copyright (c) 2007 5 * Damien Bergamini <damien.bergamini (at) free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: if_iwn.c,v 1.19 2008/09/20 18:28:28 freza Exp $"); 22 23 24 /* 25 * Driver for Intel Wireless WiFi Link 4965AGN 802.11 network adapters. 26 */ 27 28 #include "bpfilter.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/mutex.h> 39 #include <sys/conf.h> 40 #include <sys/kauth.h> 41 #include <sys/callout.h> 42 43 #include <machine/bus.h> 44 #include <machine/endian.h> 45 #include <machine/intr.h> 46 47 #include <dev/pci/pcireg.h> 48 #include <dev/pci/pcivar.h> 49 #include <dev/pci/pcidevs.h> 50 51 #if NBPFILTER > 0 52 #include <net/bpf.h> 53 #endif 54 #include <net/if.h> 55 #include <net/if_arp.h> 56 #include <net/if_dl.h> 57 #include <net/if_media.h> 58 #include <net/if_types.h> 59 60 #include <netinet/in.h> 61 #include <netinet/in_systm.h> 62 #include <netinet/in_var.h> 63 #include <net/if_ether.h> 64 #include <netinet/ip.h> 65 66 #include <net80211/ieee80211_var.h> 67 #include <net80211/ieee80211_amrr.h> 68 #include <net80211/ieee80211_radiotap.h> 69 70 #include <dev/firmload.h> 71 72 #include <dev/pci/if_iwnreg.h> 73 #include <dev/pci/if_iwnvar.h> 74 75 #if 0 76 static const struct pci_matchid iwn_devices[] = { 77 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_4965AGN_1 }, 78 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_4965AGN_2 } 79 }; 80 #endif 81 82 /* 83 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 84 */ 85 static const struct ieee80211_rateset iwn_rateset_11a = 86 { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } }; 87 88 static const struct ieee80211_rateset iwn_rateset_11b = 89 { 4, { 2, 4, 11, 22 } }; 90 91 static const struct ieee80211_rateset iwn_rateset_11g = 92 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 93 94 95 #define EDCA_NUM_AC 4 96 static int iwn_match(device_t , struct cfdata *, void *); 97 static void iwn_attach(device_t , device_t, void *); 98 static int iwn_detach(device_t, int); 99 100 static void iwn_radiotap_attach(struct iwn_softc *); 101 static int iwn_dma_contig_alloc(bus_dma_tag_t, struct iwn_dma_info *, 102 void **, bus_size_t, bus_size_t, int); 103 static void iwn_dma_contig_free(struct iwn_dma_info *); 104 static int iwn_alloc_shared(struct iwn_softc *); 105 static void iwn_free_shared(struct iwn_softc *); 106 static int iwn_alloc_kw(struct iwn_softc *); 107 static void iwn_free_kw(struct iwn_softc *); 108 static int iwn_alloc_fwmem(struct iwn_softc *); 109 static void iwn_free_fwmem(struct iwn_softc *); 110 static struct iwn_rbuf *iwn_alloc_rbuf(struct iwn_softc *); 111 static void iwn_free_rbuf(struct mbuf *, void *, size_t, void *); 112 static int iwn_alloc_rpool(struct iwn_softc *); 113 static void iwn_free_rpool(struct iwn_softc *); 114 static int iwn_alloc_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 115 static void iwn_reset_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 116 static void iwn_free_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 117 static int iwn_alloc_tx_ring(struct iwn_softc *, struct iwn_tx_ring *, 118 int, int); 119 static void iwn_reset_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 120 static void iwn_free_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 121 static struct ieee80211_node *iwn_node_alloc(struct ieee80211_node_table *); 122 static void iwn_newassoc(struct ieee80211_node *, int); 123 static int iwn_media_change(struct ifnet *); 124 static int iwn_newstate(struct ieee80211com *, enum ieee80211_state, int); 125 static void iwn_mem_lock(struct iwn_softc *); 126 static void iwn_mem_unlock(struct iwn_softc *); 127 static uint32_t iwn_mem_read(struct iwn_softc *, uint32_t); 128 static void iwn_mem_write(struct iwn_softc *, uint32_t, uint32_t); 129 static void iwn_mem_write_region_4(struct iwn_softc *, uint32_t, 130 const uint32_t *, int); 131 static int iwn_eeprom_lock(struct iwn_softc *); 132 static void iwn_eeprom_unlock(struct iwn_softc *); 133 static int iwn_read_prom_data(struct iwn_softc *, uint32_t, void *, int); 134 static int iwn_load_microcode(struct iwn_softc *, const uint8_t *, int); 135 static int iwn_load_firmware(struct iwn_softc *); 136 static void iwn_calib_timeout(void *); 137 static void iwn_iter_func(void *, struct ieee80211_node *); 138 static void iwn_ampdu_rx_start(struct iwn_softc *, struct iwn_rx_desc *); 139 static void iwn_rx_intr(struct iwn_softc *, struct iwn_rx_desc *, 140 struct iwn_rx_data *); 141 static void iwn_rx_statistics(struct iwn_softc *, struct iwn_rx_desc *); 142 static void iwn_tx_intr(struct iwn_softc *, struct iwn_rx_desc *); 143 static void iwn_cmd_intr(struct iwn_softc *, struct iwn_rx_desc *); 144 static void iwn_notif_intr(struct iwn_softc *); 145 static int iwn_intr(void *); 146 static void iwn_read_eeprom(struct iwn_softc *); 147 static void iwn_read_eeprom_channels(struct iwn_softc *, int); 148 static uint8_t iwn_plcp_signal(int); 149 static int iwn_tx_data(struct iwn_softc *, struct mbuf *, 150 struct ieee80211_node *, int); 151 static void iwn_start(struct ifnet *); 152 static void iwn_watchdog(struct ifnet *); 153 static int iwn_ioctl(struct ifnet *, u_long, void *); 154 static int iwn_cmd(struct iwn_softc *, int, const void *, int, int); 155 static int iwn_wme_update(struct ieee80211com *); 156 static int iwn_setup_node_mrr(struct iwn_softc *, uint8_t, int); 157 static void iwn_set_led(struct iwn_softc *, uint8_t, uint8_t, uint8_t); 158 static int iwn_set_critical_temp(struct iwn_softc *); 159 static void iwn_enable_tsf(struct iwn_softc *, struct ieee80211_node *); 160 static void iwn_power_calibration(struct iwn_softc *, int); 161 static int iwn_set_txpower(struct iwn_softc *, 162 struct ieee80211_channel *, int); 163 static int iwn_get_rssi(const struct iwn_rx_stat *); 164 static int iwn_get_noise(const struct iwn_rx_general_stats *); 165 static int iwn_get_temperature(struct iwn_softc *); 166 static int iwn_init_sensitivity(struct iwn_softc *); 167 static void iwn_compute_differential_gain(struct iwn_softc *, 168 const struct iwn_rx_general_stats *); 169 static void iwn_tune_sensitivity(struct iwn_softc *, 170 const struct iwn_rx_stats *); 171 static int iwn_send_sensitivity(struct iwn_softc *); 172 /*static int iwn_setup_beacon(struct iwn_softc *, struct ieee80211_node *);*/ 173 static int iwn_auth(struct iwn_softc *); 174 static int iwn_run(struct iwn_softc *); 175 static int iwn_scan(struct iwn_softc *, uint16_t); 176 static int iwn_config(struct iwn_softc *); 177 static void iwn_post_alive(struct iwn_softc *); 178 static void iwn_stop_master(struct iwn_softc *); 179 static int iwn_reset(struct iwn_softc *); 180 static void iwn_hw_config(struct iwn_softc *); 181 static int iwn_init(struct ifnet *); 182 static void iwn_stop(struct ifnet *, int); 183 static void iwn_fix_channel(struct ieee80211com *, struct mbuf *); 184 static bool iwn_resume(device_t PMF_FN_PROTO); 185 static int iwn_add_node(struct iwn_softc *sc, 186 struct ieee80211_node *ni, bool broadcast, bool async); 187 188 189 190 #define IWN_DEBUG 191 192 #ifdef IWN_DEBUG 193 #define DPRINTF(x) do { if (iwn_debug > 0) printf x; } while (0) 194 #define DPRINTFN(n, x) do { if (iwn_debug >= (n)) printf x; } while (0) 195 int iwn_debug = 0; 196 #else 197 #define DPRINTF(x) 198 #define DPRINTFN(n, x) 199 #endif 200 201 #ifdef IWN_DEBUG 202 static void iwn_print_power_group(struct iwn_softc *, int); 203 #endif 204 205 CFATTACH_DECL_NEW(iwn, sizeof(struct iwn_softc), iwn_match, iwn_attach, 206 iwn_detach, NULL); 207 208 static int 209 iwn_match(device_t parent, struct cfdata *match __unused, void *aux) 210 { 211 struct pci_attach_args *pa = aux; 212 213 if (PCI_VENDOR(pa->pa_id) != PCI_VENDOR_INTEL) 214 return 0; 215 216 if (PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_PRO_WL_4965AGN_1 || 217 PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_PRO_WL_4965AGN_2) 218 return 1; 219 220 return 0; 221 } 222 223 /* Base Address Register */ 224 #define IWN_PCI_BAR0 0x10 225 226 static void 227 iwn_attach(device_t parent __unused, device_t self, void *aux) 228 { 229 struct iwn_softc *sc = device_private(self); 230 struct ieee80211com *ic = &sc->sc_ic; 231 struct ifnet *ifp = &sc->sc_ec.ec_if; 232 struct pci_attach_args *pa = aux; 233 const char *intrstr; 234 char devinfo[256]; 235 pci_intr_handle_t ih; 236 pcireg_t memtype, data; 237 int i, error, revision; 238 239 sc->sc_dev = self; 240 sc->sc_pct = pa->pa_pc; 241 sc->sc_pcitag = pa->pa_tag; 242 243 callout_init(&sc->calib_to, 0); 244 callout_setfunc(&sc->calib_to, iwn_calib_timeout, sc); 245 246 pci_devinfo(pa->pa_id, pa->pa_class, 0, devinfo, sizeof devinfo); 247 revision = PCI_REVISION(pa->pa_class); 248 aprint_normal(": %s (rev. 0x%2x)\n", devinfo, revision); 249 250 251 /* clear device specific PCI configuration register 0x41 */ 252 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 253 data &= ~0x0000ff00; 254 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, data); 255 256 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 257 data |= PCI_COMMAND_MASTER_ENABLE; 258 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, data); 259 260 /* enable bus-mastering */ 261 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 262 data |= PCI_COMMAND_MASTER_ENABLE; 263 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, data); 264 265 /* map the register window */ 266 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, IWN_PCI_BAR0); 267 error = pci_mapreg_map(pa, IWN_PCI_BAR0, memtype, 0, &sc->sc_st, 268 &sc->sc_sh, NULL, &sc->sc_sz); 269 if (error != 0) { 270 aprint_error_dev(self, "could not map memory space\n"); 271 return; 272 } 273 274 sc->sc_dmat = pa->pa_dmat; 275 276 if (pci_intr_map(pa, &ih) != 0) { 277 aprint_error_dev(self, "could not map interrupt\n"); 278 return; 279 } 280 281 intrstr = pci_intr_string(sc->sc_pct, ih); 282 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, iwn_intr, sc); 283 284 if (sc->sc_ih == NULL) { 285 aprint_error_dev(self, "could not establish interrupt"); 286 if (intrstr != NULL) 287 aprint_error(" at %s", intrstr); 288 aprint_error("\n"); 289 return; 290 } 291 aprint_normal_dev(self, "interrupting at %s\n", intrstr); 292 293 if (iwn_reset(sc) != 0) { 294 aprint_error_dev(self, "could not reset adapter\n"); 295 return; 296 } 297 298 /* 299 * Allocate DMA memory for firmware transfers. 300 */ 301 if ((error = iwn_alloc_fwmem(sc)) != 0) { 302 aprint_error_dev(self, "could not allocate firmware memory\n"); 303 return; 304 } 305 306 /* 307 * Allocate a "keep warm" page. 308 */ 309 if ((error = iwn_alloc_kw(sc)) != 0) { 310 aprint_error_dev(self, "could not allocate keep warm page\n"); 311 goto fail1; 312 } 313 314 /* 315 * Allocate shared area (communication area). 316 */ 317 if ((error = iwn_alloc_shared(sc)) != 0) { 318 aprint_error_dev(self, "could not allocate shared area\n"); 319 goto fail2; 320 } 321 322 /* 323 * Allocate Rx buffers and Tx/Rx rings. 324 */ 325 if ((error = iwn_alloc_rpool(sc)) != 0) { 326 aprint_error_dev(self, "could not allocate Rx buffers\n"); 327 goto fail3; 328 } 329 330 for (i = 0; i < IWN_NTXQUEUES; i++) { 331 struct iwn_tx_ring *txq = &sc->txq[i]; 332 error = iwn_alloc_tx_ring(sc, txq, IWN_TX_RING_COUNT, i); 333 if (error != 0) { 334 aprint_error_dev(self, "could not allocate Tx ring %d\n", i); 335 goto fail4; 336 } 337 } 338 339 if (iwn_alloc_rx_ring(sc, &sc->rxq) != 0) { 340 aprint_error_dev(self, "could not allocate Rx ring\n"); 341 goto fail4; 342 } 343 344 345 ic->ic_ifp = ifp; 346 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 347 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 348 ic->ic_state = IEEE80211_S_INIT; 349 350 /* set device capabilities */ 351 ic->ic_caps = 352 IEEE80211_C_IBSS | /* IBSS mode support */ 353 IEEE80211_C_WPA | /* 802.11i */ 354 IEEE80211_C_MONITOR | /* monitor mode supported */ 355 IEEE80211_C_TXPMGT | /* tx power management */ 356 IEEE80211_C_SHSLOT | /* short slot time supported */ 357 IEEE80211_C_SHPREAMBLE| /* short preamble supported */ 358 IEEE80211_C_WME; /* 802.11e */ 359 360 /* read supported channels and MAC address from EEPROM */ 361 iwn_read_eeprom(sc); 362 363 /* set supported .11a, .11b and .11g rates */ 364 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwn_rateset_11a; 365 ic->ic_sup_rates[IEEE80211_MODE_11B] = iwn_rateset_11b; 366 ic->ic_sup_rates[IEEE80211_MODE_11G] = iwn_rateset_11g; 367 368 /* IBSS channel undefined for now */ 369 ic->ic_ibss_chan = &ic->ic_channels[0]; 370 371 ifp->if_softc = sc; 372 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 373 ifp->if_init = iwn_init; 374 ifp->if_stop = iwn_stop; 375 ifp->if_ioctl = iwn_ioctl; 376 ifp->if_start = iwn_start; 377 ifp->if_watchdog = iwn_watchdog; 378 IFQ_SET_READY(&ifp->if_snd); 379 memcpy(ifp->if_xname, device_xname(self), IFNAMSIZ); 380 381 if_attach(ifp); 382 ieee80211_ifattach(ic); 383 ic->ic_node_alloc = iwn_node_alloc; 384 ic->ic_newassoc = iwn_newassoc; 385 ic->ic_wme.wme_update = iwn_wme_update; 386 387 /* override state transition machine */ 388 sc->sc_newstate = ic->ic_newstate; 389 ic->ic_newstate = iwn_newstate; 390 ieee80211_media_init(ic, iwn_media_change, ieee80211_media_status); 391 392 sc->amrr.amrr_min_success_threshold = 1; 393 sc->amrr.amrr_max_success_threshold = 15; 394 395 if (!pmf_device_register(self, NULL, iwn_resume)) 396 aprint_error_dev(self, "couldn't establish power handler\n"); 397 else 398 pmf_class_network_register(self, ifp); 399 400 iwn_radiotap_attach(sc); 401 402 ieee80211_announce(ic); 403 404 return; 405 406 /* free allocated memory if something failed during attachment */ 407 fail4: while (--i >= 0) 408 iwn_free_tx_ring(sc, &sc->txq[i]); 409 iwn_free_rpool(sc); 410 fail3: iwn_free_shared(sc); 411 fail2: iwn_free_kw(sc); 412 fail1: iwn_free_fwmem(sc); 413 } 414 415 static int 416 iwn_detach(struct device* self, int flags __unused) 417 { 418 struct iwn_softc *sc = (struct iwn_softc *)self; 419 struct ifnet *ifp = sc->sc_ic.ic_ifp; 420 int ac; 421 422 iwn_stop(ifp, 1); 423 424 #if NBPFILTER > 0 425 if (ifp != NULL) 426 bpfdetach(ifp); 427 #endif 428 ieee80211_ifdetach(&sc->sc_ic); 429 if (ifp != NULL) 430 if_detach(ifp); 431 432 for (ac = 0; ac < IWN_NTXQUEUES; ac++) 433 iwn_free_tx_ring(sc, &sc->txq[ac]); 434 iwn_free_rx_ring(sc, &sc->rxq); 435 iwn_free_rpool(sc); 436 iwn_free_shared(sc); 437 438 if (sc->sc_ih != NULL) { 439 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 440 sc->sc_ih = NULL; 441 } 442 443 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 444 445 return 0; 446 } 447 448 /* 449 * Attach the interface to 802.11 radiotap. 450 */ 451 static void 452 iwn_radiotap_attach(struct iwn_softc *sc) 453 { 454 struct ifnet *ifp = sc->sc_ic.ic_ifp; 455 456 #if NBPFILTER > 0 457 bpfattach2(ifp, DLT_IEEE802_11_RADIO, 458 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 459 &sc->sc_drvbpf); 460 461 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 462 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 463 sc->sc_rxtap.wr_ihdr.it_present = htole32(IWN_RX_RADIOTAP_PRESENT); 464 465 sc->sc_txtap_len = sizeof sc->sc_txtapu; 466 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 467 sc->sc_txtap.wt_ihdr.it_present = htole32(IWN_TX_RADIOTAP_PRESENT); 468 #endif 469 } 470 471 472 /* 473 * Build a beacon frame that the firmware will broadcast periodically in 474 * IBSS or HostAP modes. 475 */ 476 static int 477 iwn_setup_beacon(struct iwn_softc *sc, struct ieee80211_node *ni) 478 { 479 struct ieee80211com *ic = &sc->sc_ic; 480 struct iwn_tx_ring *ring = &sc->txq[4]; 481 struct iwn_tx_desc *desc; 482 struct iwn_tx_data *data; 483 struct iwn_tx_cmd *cmd; 484 struct iwn_cmd_beacon *bcn; 485 struct ieee80211_beacon_offsets bo; 486 struct mbuf *m0; 487 bus_addr_t paddr; 488 int error; 489 490 desc = &ring->desc[ring->cur]; 491 data = &ring->data[ring->cur]; 492 493 m0 = ieee80211_beacon_alloc(ic, ni, &bo); 494 if (m0 == NULL) { 495 aprint_error_dev(sc->sc_dev, "could not allocate beacon frame\n"); 496 return ENOMEM; 497 } 498 499 cmd = &ring->cmd[ring->cur]; 500 cmd->code = IWN_CMD_SET_BEACON; 501 cmd->flags = 0; 502 cmd->qid = ring->qid; 503 cmd->idx = ring->cur; 504 505 bcn = (struct iwn_cmd_beacon *)cmd->data; 506 memset(bcn, 0, sizeof (struct iwn_cmd_beacon)); 507 bcn->id = IWN_ID_BROADCAST; 508 bcn->ofdm_mask = 0xff; 509 bcn->cck_mask = 0x0f; 510 bcn->lifetime = htole32(IWN_LIFETIME_INFINITE); 511 bcn->len = htole16(m0->m_pkthdr.len); 512 bcn->rate = (ic->ic_curmode == IEEE80211_MODE_11A) ? 513 iwn_plcp_signal(12) : iwn_plcp_signal(2); 514 bcn->flags = htole32(IWN_TX_AUTO_SEQ | IWN_TX_INSERT_TSTAMP); 515 516 /* save and trim IEEE802.11 header */ 517 m_copydata(m0, 0, sizeof (struct ieee80211_frame), (void *)&bcn->wh); 518 m_adj(m0, sizeof (struct ieee80211_frame)); 519 520 /* assume beacon frame is contiguous */ 521 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 522 BUS_DMA_READ | BUS_DMA_NOWAIT); 523 if (error) { 524 aprint_error_dev(sc->sc_dev, "could not map beacon\n"); 525 m_freem(m0); 526 return error; 527 } 528 529 data->m = m0; 530 531 /* first scatter/gather segment is used by the beacon command */ 532 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 533 534 IWN_SET_DESC_NSEGS(desc, 2); 535 IWN_SET_DESC_SEG(desc, 0, paddr , 4 + sizeof(struct iwn_cmd_beacon)); 536 IWN_SET_DESC_SEG(desc, 1, data->map->dm_segs[0].ds_addr, 537 data->map->dm_segs[1].ds_len); 538 539 540 /* kick cmd ring */ 541 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 542 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 543 544 return 0; 545 } 546 547 static int 548 iwn_dma_contig_alloc(bus_dma_tag_t tag, struct iwn_dma_info *dma, void **kvap, 549 bus_size_t size, bus_size_t alignment, int flags) 550 { 551 int nsegs, error; 552 553 dma->tag = tag; 554 dma->size = size; 555 556 error = bus_dmamap_create(tag, size, 1, size, 0, flags, &dma->map); 557 if (error != 0) 558 goto fail; 559 560 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 561 flags); 562 if (error != 0) 563 goto fail; 564 565 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, flags); 566 if (error != 0) 567 goto fail; 568 569 error = bus_dmamap_load(tag, dma->map, dma->vaddr, size, NULL, flags); 570 if (error != 0) 571 goto fail; 572 573 memset(dma->vaddr, 0, size); 574 575 dma->paddr = dma->map->dm_segs[0].ds_addr; 576 if (kvap != NULL) 577 *kvap = dma->vaddr; 578 579 return 0; 580 581 fail: iwn_dma_contig_free(dma); 582 return error; 583 } 584 585 static void 586 iwn_dma_contig_free(struct iwn_dma_info *dma) 587 { 588 if (dma->map != NULL) { 589 if (dma->vaddr != NULL) { 590 bus_dmamap_unload(dma->tag, dma->map); 591 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 592 bus_dmamem_free(dma->tag, &dma->seg, 1); 593 dma->vaddr = NULL; 594 } 595 bus_dmamap_destroy(dma->tag, dma->map); 596 dma->map = NULL; 597 } 598 } 599 600 static int 601 iwn_alloc_shared(struct iwn_softc *sc) 602 { 603 int error; 604 void *p; 605 /* must be aligned on a 1KB boundary */ 606 error = iwn_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 607 &p, sizeof (struct iwn_shared), 1024,BUS_DMA_NOWAIT); 608 sc->shared = p; 609 if (error != 0) 610 aprint_error_dev(sc->sc_dev, 611 "could not allocate shared area DMA memory\n"); 612 613 return error; 614 615 } 616 617 static void 618 iwn_free_shared(struct iwn_softc *sc) 619 { 620 iwn_dma_contig_free(&sc->shared_dma); 621 } 622 623 static int 624 iwn_alloc_kw(struct iwn_softc *sc) 625 { 626 /* must be aligned on a 16-byte boundary */ 627 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, NULL, 628 PAGE_SIZE, PAGE_SIZE, BUS_DMA_NOWAIT); 629 } 630 631 static void 632 iwn_free_kw(struct iwn_softc *sc) 633 { 634 iwn_dma_contig_free(&sc->kw_dma); 635 } 636 637 static int 638 iwn_alloc_fwmem(struct iwn_softc *sc) 639 { 640 int error; 641 /* allocate enough contiguous space to store text and data */ 642 error = iwn_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 643 IWN_FW_MAIN_TEXT_MAXSZ + IWN_FW_MAIN_DATA_MAXSZ, 16, 644 BUS_DMA_NOWAIT); 645 646 if (error != 0){ 647 aprint_error_dev(sc->sc_dev, 648 "could not allocate firmware transfer area DMA memory\n" ); 649 650 } 651 return error; 652 } 653 654 static void 655 iwn_free_fwmem(struct iwn_softc *sc) 656 { 657 iwn_dma_contig_free(&sc->fw_dma); 658 } 659 660 static struct iwn_rbuf * 661 iwn_alloc_rbuf(struct iwn_softc *sc) 662 { 663 struct iwn_rbuf *rbuf; 664 665 mutex_enter(&sc->rxq.freelist_mtx); 666 rbuf = SLIST_FIRST(&sc->rxq.freelist); 667 if (rbuf != NULL) { 668 SLIST_REMOVE_HEAD(&sc->rxq.freelist, next); 669 sc->rxq.nb_free_entries --; 670 } 671 mutex_exit(&sc->rxq.freelist_mtx); 672 673 return rbuf; 674 } 675 676 /* 677 * This is called automatically by the network stack when the mbuf to which 678 * our Rx buffer is attached is freed. 679 */ 680 static void 681 iwn_free_rbuf(struct mbuf* m, void *buf, size_t size, void *arg) 682 { 683 struct iwn_rbuf *rbuf = arg; 684 struct iwn_softc *sc = rbuf->sc; 685 686 /* put the buffer back in the free list */ 687 mutex_enter(&sc->rxq.freelist_mtx); 688 SLIST_INSERT_HEAD(&sc->rxq.freelist, rbuf, next); 689 mutex_exit(&sc->rxq.freelist_mtx); 690 sc->rxq.nb_free_entries ++; 691 692 if (__predict_true(m != NULL)) 693 pool_cache_put(mb_cache, m); 694 } 695 696 697 static int 698 iwn_alloc_rpool(struct iwn_softc *sc) 699 { 700 struct iwn_rx_ring *ring = &sc->rxq; 701 struct iwn_rbuf *rbuf; 702 int i, error; 703 704 mutex_init(&ring->freelist_mtx, MUTEX_DEFAULT, IPL_NET); 705 706 /* allocate a big chunk of DMA'able memory.. */ 707 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->buf_dma, NULL, 708 IWN_RBUF_COUNT * IWN_RBUF_SIZE, IWN_BUF_ALIGN, BUS_DMA_NOWAIT); 709 if (error != 0) { 710 aprint_error_dev(sc->sc_dev, 711 "could not allocate Rx buffers DMA memory\n"); 712 return error; 713 } 714 715 /* ..and split it into chunks of "rbufsz" bytes */ 716 SLIST_INIT(&ring->freelist); 717 for (i = 0; i < IWN_RBUF_COUNT; i++) { 718 rbuf = &ring->rbuf[i]; 719 720 rbuf->sc = sc; /* backpointer for callbacks */ 721 rbuf->vaddr = (char *)ring->buf_dma.vaddr + i * IWN_RBUF_SIZE; 722 rbuf->paddr = ring->buf_dma.paddr + i * IWN_RBUF_SIZE; 723 724 SLIST_INSERT_HEAD(&ring->freelist, rbuf, next); 725 } 726 ring->nb_free_entries = IWN_RBUF_COUNT; 727 return 0; 728 } 729 730 static void 731 iwn_free_rpool(struct iwn_softc *sc) 732 { 733 iwn_dma_contig_free(&sc->rxq.buf_dma); 734 } 735 736 static int 737 iwn_alloc_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 738 { 739 struct iwn_rx_data *data; 740 struct iwn_rbuf *rbuf; 741 int i, error; 742 void *p; 743 744 ring->cur = 0; 745 746 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 747 &p, IWN_RX_RING_COUNT * sizeof (struct iwn_rx_desc), 748 IWN_RING_DMA_ALIGN, BUS_DMA_NOWAIT); 749 if (error != 0) { 750 aprint_error_dev(sc->sc_dev, 751 "could not allocate rx ring DMA memory\n"); 752 goto fail; 753 } 754 ring->desc = p; 755 756 /* 757 * Setup Rx buffers. 758 */ 759 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 760 data = &ring->data[i]; 761 762 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 763 if (data->m == NULL) { 764 aprint_error_dev(sc->sc_dev, "could not allocate rx mbuf\n"); 765 error = ENOMEM; 766 goto fail; 767 } 768 if ((rbuf = iwn_alloc_rbuf(sc)) == NULL) { 769 m_freem(data->m); 770 data->m = NULL; 771 aprint_error_dev(sc->sc_dev, "could not allocate rx buffer\n"); 772 error = ENOMEM; 773 goto fail; 774 } 775 /* attach Rx buffer to mbuf */ 776 MEXTADD(data->m, rbuf->vaddr, IWN_RBUF_SIZE, 0, iwn_free_rbuf, 777 rbuf); 778 779 data->m->m_flags |= M_EXT_RW; 780 /* Rx buffers are aligned on a 256-byte boundary */ 781 ring->desc[i] = htole32(rbuf->paddr >> 8); 782 } 783 784 return 0; 785 786 fail: iwn_free_rx_ring(sc, ring); 787 return error; 788 } 789 790 static void 791 iwn_reset_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 792 { 793 int ntries; 794 795 iwn_mem_lock(sc); 796 797 IWN_WRITE(sc, IWN_RX_CONFIG, 0); 798 for (ntries = 0; ntries < 100; ntries++) { 799 if (IWN_READ(sc, IWN_RX_STATUS) & IWN_RX_IDLE) 800 break; 801 DELAY(10); 802 } 803 #ifdef IWN_DEBUG 804 if (ntries == 100 && iwn_debug > 0) 805 aprint_error_dev(sc->sc_dev, "timeout resetting Rx ring\n"); 806 #endif 807 iwn_mem_unlock(sc); 808 809 ring->cur = 0; 810 } 811 812 static void 813 iwn_free_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 814 { 815 int i; 816 817 iwn_dma_contig_free(&ring->desc_dma); 818 819 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 820 if (ring->data[i].m != NULL) 821 m_freem(ring->data[i].m); 822 } 823 } 824 825 static int 826 iwn_alloc_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring, int count, 827 int qid) 828 { 829 struct iwn_tx_data *data; 830 int i, error; 831 void *p; 832 833 ring->qid = qid; 834 ring->count = count; 835 ring->queued = 0; 836 ring->cur = 0; 837 838 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 839 &p, count * sizeof (struct iwn_tx_desc), 840 IWN_RING_DMA_ALIGN, BUS_DMA_NOWAIT); 841 if (error != 0) { 842 aprint_error_dev(sc->sc_dev, "could not allocate tx ring DMA memory\n"); 843 goto fail; 844 } 845 ring->desc = p; 846 847 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 848 &p, count * sizeof (struct iwn_tx_cmd), 4, BUS_DMA_NOWAIT); 849 if (error != 0) { 850 aprint_error_dev(sc->sc_dev, "could not allocate tx cmd DMA memory\n"); 851 goto fail; 852 } 853 ring->cmd = p; 854 855 ring->data = malloc(count * sizeof (struct iwn_tx_data), M_DEVBUF, M_NOWAIT); 856 857 if (ring->data == NULL) { 858 aprint_error_dev(sc->sc_dev,"could not allocate tx data slots\n"); 859 goto fail; 860 } 861 862 memset(ring->data, 0, count * sizeof (struct iwn_tx_data)); 863 864 for (i = 0; i < count; i++) { 865 data = &ring->data[i]; 866 867 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 868 IWN_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 869 &data->map); 870 if (error != 0) { 871 aprint_error_dev(sc->sc_dev, "could not create tx buf DMA map\n"); 872 goto fail; 873 } 874 } 875 876 return 0; 877 878 fail: iwn_free_tx_ring(sc, ring); 879 return error; 880 } 881 882 static void 883 iwn_reset_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 884 { 885 struct iwn_tx_data *data; 886 uint32_t tmp; 887 int i, ntries; 888 889 iwn_mem_lock(sc); 890 891 IWN_WRITE(sc, IWN_TX_CONFIG(ring->qid), 0); 892 for (ntries = 0; ntries < 100; ntries++) { 893 tmp = IWN_READ(sc, IWN_TX_STATUS); 894 if ((tmp & IWN_TX_IDLE(ring->qid)) == IWN_TX_IDLE(ring->qid)) 895 break; 896 DELAY(10); 897 } 898 #ifdef IWN_DEBUG 899 if (ntries == 100 && iwn_debug > 1) { 900 aprint_error_dev(sc->sc_dev, "timeout resetting Tx ring %d\n", ring->qid); 901 } 902 #endif 903 iwn_mem_unlock(sc); 904 905 for (i = 0; i < ring->count; i++) { 906 data = &ring->data[i]; 907 908 if (data->m != NULL) { 909 bus_dmamap_unload(sc->sc_dmat, data->map); 910 m_freem(data->m); 911 data->m = NULL; 912 } 913 } 914 915 ring->queued = 0; 916 ring->cur = 0; 917 } 918 919 static void 920 iwn_free_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 921 { 922 struct iwn_tx_data *data; 923 int i; 924 925 iwn_dma_contig_free(&ring->desc_dma); 926 iwn_dma_contig_free(&ring->cmd_dma); 927 928 if (ring->data != NULL) { 929 for (i = 0; i < ring->count; i++) { 930 data = &ring->data[i]; 931 932 if (data->m != NULL) { 933 bus_dmamap_unload(sc->sc_dmat, data->map); 934 m_freem(data->m); 935 } 936 } 937 free(ring->data, M_DEVBUF); 938 } 939 } 940 941 /*ARGUSED*/ 942 struct ieee80211_node * 943 iwn_node_alloc(struct ieee80211_node_table *nt __unused) 944 { 945 struct iwn_node *wn; 946 947 wn = malloc(sizeof (struct iwn_node), M_80211_NODE, M_NOWAIT | M_ZERO); 948 949 return (struct ieee80211_node *)wn; 950 } 951 952 static void 953 iwn_newassoc(struct ieee80211_node *ni, int isnew) 954 { 955 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc; 956 int i; 957 958 ieee80211_amrr_node_init(&sc->amrr, &((struct iwn_node *)ni)->amn); 959 960 /* set rate to some reasonable initial value */ 961 for (i = ni->ni_rates.rs_nrates - 1; 962 i > 0 && (ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL) > 72; 963 i--); 964 ni->ni_txrate = i; 965 } 966 967 static int 968 iwn_media_change(struct ifnet *ifp) 969 { 970 int error; 971 972 error = ieee80211_media_change(ifp); 973 if (error != ENETRESET) 974 return error; 975 976 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) 977 iwn_init(ifp); 978 979 return 0; 980 } 981 982 static int 983 iwn_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 984 { 985 struct ifnet *ifp = ic->ic_ifp; 986 struct iwn_softc *sc = ifp->if_softc; 987 int error; 988 989 callout_stop(&sc->calib_to); 990 991 DPRINTF(("iwn_newstate: nstate = %d, ic->ic_state = %d\n", nstate, 992 ic->ic_state)); 993 994 switch (nstate) { 995 996 case IEEE80211_S_SCAN: 997 998 if (sc->is_scanning) 999 break; 1000 1001 sc->is_scanning = true; 1002 ieee80211_node_table_reset(&ic->ic_scan); 1003 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1004 1005 /* make the link LED blink while we're scanning */ 1006 iwn_set_led(sc, IWN_LED_LINK, 20, 2); 1007 1008 if ((error = iwn_scan(sc, IEEE80211_CHAN_G)) != 0) { 1009 aprint_error_dev(sc->sc_dev, "could not initiate scan\n"); 1010 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 1011 return error; 1012 } 1013 ic->ic_state = nstate; 1014 return 0; 1015 1016 case IEEE80211_S_ASSOC: 1017 if (ic->ic_state != IEEE80211_S_RUN) 1018 break; 1019 /* FALLTHROUGH */ 1020 case IEEE80211_S_AUTH: 1021 /* reset state to handle reassociations correctly */ 1022 sc->config.associd = 0; 1023 sc->config.filter &= ~htole32(IWN_FILTER_BSS); 1024 /*sc->calib.state = IWN_CALIB_STATE_INIT;*/ 1025 1026 if ((error = iwn_auth(sc)) != 0) { 1027 aprint_error_dev(sc->sc_dev, "could not move to auth state\n"); 1028 return error; 1029 } 1030 break; 1031 1032 case IEEE80211_S_RUN: 1033 if ((error = iwn_run(sc)) != 0) { 1034 aprint_error_dev(sc->sc_dev, "could not move to run state\n"); 1035 return error; 1036 } 1037 break; 1038 1039 case IEEE80211_S_INIT: 1040 sc->is_scanning = false; 1041 break; 1042 } 1043 1044 return sc->sc_newstate(ic, nstate, arg); 1045 } 1046 1047 /* 1048 * Grab exclusive access to NIC memory. 1049 */ 1050 static void 1051 iwn_mem_lock(struct iwn_softc *sc) 1052 { 1053 uint32_t tmp; 1054 int ntries; 1055 1056 tmp = IWN_READ(sc, IWN_GPIO_CTL); 1057 IWN_WRITE(sc, IWN_GPIO_CTL, tmp | IWN_GPIO_MAC); 1058 1059 /* spin until we actually get the lock */ 1060 for (ntries = 0; ntries < 1000; ntries++) { 1061 if ((IWN_READ(sc, IWN_GPIO_CTL) & 1062 (IWN_GPIO_CLOCK | IWN_GPIO_SLEEP)) == IWN_GPIO_CLOCK) 1063 break; 1064 DELAY(10); 1065 } 1066 if (ntries == 1000) 1067 aprint_error_dev(sc->sc_dev, "could not lock memory\n"); 1068 } 1069 1070 /* 1071 * Release lock on NIC memory. 1072 */ 1073 static void 1074 iwn_mem_unlock(struct iwn_softc *sc) 1075 { 1076 uint32_t tmp = IWN_READ(sc, IWN_GPIO_CTL); 1077 IWN_WRITE(sc, IWN_GPIO_CTL, tmp & ~IWN_GPIO_MAC); 1078 } 1079 1080 static uint32_t 1081 iwn_mem_read(struct iwn_softc *sc, uint32_t addr) 1082 { 1083 IWN_WRITE(sc, IWN_READ_MEM_ADDR, IWN_MEM_4 | addr); 1084 return IWN_READ(sc, IWN_READ_MEM_DATA); 1085 } 1086 1087 static void 1088 iwn_mem_write(struct iwn_softc *sc, uint32_t addr, uint32_t data) 1089 { 1090 IWN_WRITE(sc, IWN_WRITE_MEM_ADDR, IWN_MEM_4 | addr); 1091 IWN_WRITE(sc, IWN_WRITE_MEM_DATA, data); 1092 } 1093 1094 static void 1095 iwn_mem_write_region_4(struct iwn_softc *sc, uint32_t addr, 1096 const uint32_t *data, int wlen) 1097 { 1098 for (; wlen > 0; wlen--, data++, addr += 4) 1099 iwn_mem_write(sc, addr, *data); 1100 } 1101 1102 static int 1103 iwn_eeprom_lock(struct iwn_softc *sc) 1104 { 1105 uint32_t tmp; 1106 int ntries; 1107 1108 tmp = IWN_READ(sc, IWN_HWCONFIG); 1109 IWN_WRITE(sc, IWN_HWCONFIG, tmp | IWN_HW_EEPROM_LOCKED); 1110 1111 /* spin until we actually get the lock */ 1112 for (ntries = 0; ntries < 100; ntries++) { 1113 if (IWN_READ(sc, IWN_HWCONFIG) & IWN_HW_EEPROM_LOCKED) 1114 return 0; 1115 DELAY(10); 1116 } 1117 return ETIMEDOUT; 1118 } 1119 1120 static void 1121 iwn_eeprom_unlock(struct iwn_softc *sc) 1122 { 1123 uint32_t tmp = IWN_READ(sc, IWN_HWCONFIG); 1124 IWN_WRITE(sc, IWN_HWCONFIG, tmp & ~IWN_HW_EEPROM_LOCKED); 1125 } 1126 1127 /* 1128 * Read `len' bytes from the EEPROM. We access the EEPROM through the MAC 1129 * instead of using the traditional bit-bang method. 1130 */ 1131 static int 1132 iwn_read_prom_data(struct iwn_softc *sc, uint32_t addr, void *data, int len) 1133 { 1134 uint8_t *out = data; 1135 uint32_t val; 1136 int ntries; 1137 1138 iwn_mem_lock(sc); 1139 for (; len > 0; len -= 2, addr++) { 1140 IWN_WRITE(sc, IWN_EEPROM_CTL, addr << 2); 1141 IWN_WRITE(sc, IWN_EEPROM_CTL, 1142 IWN_READ(sc, IWN_EEPROM_CTL) & ~IWN_EEPROM_CMD); 1143 1144 for (ntries = 0; ntries < 10; ntries++) { 1145 if ((val = IWN_READ(sc, IWN_EEPROM_CTL)) & 1146 IWN_EEPROM_READY) 1147 break; 1148 DELAY(5); 1149 } 1150 if (ntries == 10) { 1151 aprint_error_dev(sc->sc_dev, "could not read EEPROM\n"); 1152 return ETIMEDOUT; 1153 } 1154 *out++ = val >> 16; 1155 if (len > 1) 1156 *out++ = val >> 24; 1157 } 1158 iwn_mem_unlock(sc); 1159 1160 return 0; 1161 } 1162 1163 /* 1164 * The firmware boot code is small and is intended to be copied directly into 1165 * the NIC internal memory. 1166 */ 1167 static int 1168 iwn_load_microcode(struct iwn_softc *sc, const uint8_t *ucode, int size) 1169 { 1170 int ntries; 1171 1172 size /= sizeof (uint32_t); 1173 1174 iwn_mem_lock(sc); 1175 1176 /* copy microcode image into NIC memory */ 1177 iwn_mem_write_region_4(sc, IWN_MEM_UCODE_BASE, 1178 (const uint32_t *)ucode, size); 1179 1180 iwn_mem_write(sc, IWN_MEM_UCODE_SRC, 0); 1181 iwn_mem_write(sc, IWN_MEM_UCODE_DST, IWN_FW_TEXT); 1182 iwn_mem_write(sc, IWN_MEM_UCODE_SIZE, size); 1183 1184 /* run microcode */ 1185 iwn_mem_write(sc, IWN_MEM_UCODE_CTL, IWN_UC_RUN); 1186 1187 /* wait for transfer to complete */ 1188 for (ntries = 0; ntries < 1000; ntries++) { 1189 if (!(iwn_mem_read(sc, IWN_MEM_UCODE_CTL) & IWN_UC_RUN)) 1190 break; 1191 DELAY(10); 1192 } 1193 if (ntries == 1000) { 1194 iwn_mem_unlock(sc); 1195 aprint_error_dev(sc->sc_dev, "could not load boot firmware\n"); 1196 return ETIMEDOUT; 1197 } 1198 iwn_mem_write(sc, IWN_MEM_UCODE_CTL, IWN_UC_ENABLE); 1199 1200 iwn_mem_unlock(sc); 1201 1202 return 0; 1203 } 1204 1205 static int 1206 iwn_load_firmware(struct iwn_softc *sc) 1207 { 1208 struct iwn_dma_info *dma = &sc->fw_dma; 1209 struct iwn_firmware_hdr hdr; 1210 const uint8_t *init_text, *init_data, *main_text, *main_data; 1211 const uint8_t *boot_text; 1212 uint32_t init_textsz, init_datasz, main_textsz, main_datasz; 1213 uint32_t boot_textsz; 1214 firmware_handle_t fw; 1215 u_char *dfw; 1216 size_t size; 1217 int error; 1218 1219 /* load firmware image from disk */ 1220 if ((error = firmware_open("if_iwn","iwlwifi-4965.ucode", &fw)) != 0) { 1221 aprint_error_dev(sc->sc_dev, "could not read firmware file\n"); 1222 goto fail1; 1223 } 1224 1225 size = firmware_get_size(fw); 1226 1227 /* extract firmware header information */ 1228 if (size < sizeof (struct iwn_firmware_hdr)) { 1229 aprint_error_dev(sc->sc_dev, "truncated firmware header: %zu bytes\n", size); 1230 1231 error = EINVAL; 1232 goto fail2; 1233 } 1234 1235 1236 if ((error = firmware_read(fw, 0, &hdr, 1237 sizeof (struct iwn_firmware_hdr))) != 0) { 1238 aprint_error_dev(sc->sc_dev, "can't get firmware header\n"); 1239 goto fail2; 1240 } 1241 1242 main_textsz = le32toh(hdr.main_textsz); 1243 main_datasz = le32toh(hdr.main_datasz); 1244 init_textsz = le32toh(hdr.init_textsz); 1245 init_datasz = le32toh(hdr.init_datasz); 1246 boot_textsz = le32toh(hdr.boot_textsz); 1247 1248 /* sanity-check firmware segments sizes */ 1249 if (main_textsz > IWN_FW_MAIN_TEXT_MAXSZ || 1250 main_datasz > IWN_FW_MAIN_DATA_MAXSZ || 1251 init_textsz > IWN_FW_INIT_TEXT_MAXSZ || 1252 init_datasz > IWN_FW_INIT_DATA_MAXSZ || 1253 boot_textsz > IWN_FW_BOOT_TEXT_MAXSZ || 1254 (boot_textsz & 3) != 0) { 1255 aprint_error_dev(sc->sc_dev, "invalid firmware header\n"); 1256 error = EINVAL; 1257 goto fail2; 1258 } 1259 1260 /* check that all firmware segments are present */ 1261 if (size < sizeof (struct iwn_firmware_hdr) + main_textsz + 1262 main_datasz + init_textsz + init_datasz + boot_textsz) { 1263 aprint_error_dev(sc->sc_dev, "firmware file too short: %zu bytes\n", size); 1264 error = EINVAL; 1265 goto fail2; 1266 } 1267 1268 dfw = firmware_malloc(size); 1269 if (dfw == NULL) { 1270 aprint_error_dev(sc->sc_dev, "not enough memory to stock firmware\n"); 1271 error = ENOMEM; 1272 goto fail2; 1273 } 1274 1275 if ((error = firmware_read(fw, 0, dfw, size)) != 0) { 1276 aprint_error_dev(sc->sc_dev, "can't get firmware\n"); 1277 goto fail2; 1278 } 1279 1280 /* get pointers to firmware segments */ 1281 main_text = dfw + sizeof (struct iwn_firmware_hdr); 1282 main_data = main_text + main_textsz; 1283 init_text = main_data + main_datasz; 1284 init_data = init_text + init_textsz; 1285 boot_text = init_data + init_datasz; 1286 1287 /* copy initialization images into pre-allocated DMA-safe memory */ 1288 memcpy(dma->vaddr, init_data, init_datasz); 1289 memcpy((char *)dma->vaddr + IWN_FW_INIT_DATA_MAXSZ, init_text, init_textsz); 1290 1291 /* tell adapter where to find initialization images */ 1292 iwn_mem_lock(sc); 1293 iwn_mem_write(sc, IWN_MEM_DATA_BASE, dma->paddr >> 4); 1294 iwn_mem_write(sc, IWN_MEM_DATA_SIZE, init_datasz); 1295 iwn_mem_write(sc, IWN_MEM_TEXT_BASE, 1296 (dma->paddr + IWN_FW_INIT_DATA_MAXSZ) >> 4); 1297 iwn_mem_write(sc, IWN_MEM_TEXT_SIZE, init_textsz); 1298 iwn_mem_unlock(sc); 1299 1300 /* load firmware boot code */ 1301 if ((error = iwn_load_microcode(sc, boot_text, boot_textsz)) != 0) { 1302 aprint_error_dev(sc->sc_dev, "could not load boot firmware\n"); 1303 goto fail3; 1304 } 1305 1306 /* now press "execute" ;-) */ 1307 IWN_WRITE(sc, IWN_RESET, 0); 1308 1309 /* ..and wait at most one second for adapter to initialize */ 1310 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 1311 /* this isn't what was supposed to happen.. */ 1312 aprint_error_dev(sc->sc_dev, "timeout waiting for adapter to initialize\n"); 1313 } 1314 1315 /* copy runtime images into pre-allocated DMA-safe memory */ 1316 memcpy((char *)dma->vaddr, main_data, main_datasz); 1317 memcpy((char *)dma->vaddr + IWN_FW_MAIN_DATA_MAXSZ, main_text, main_textsz); 1318 1319 /* tell adapter where to find runtime images */ 1320 iwn_mem_lock(sc); 1321 iwn_mem_write(sc, IWN_MEM_DATA_BASE, dma->paddr >> 4); 1322 iwn_mem_write(sc, IWN_MEM_DATA_SIZE, main_datasz); 1323 iwn_mem_write(sc, IWN_MEM_TEXT_BASE, 1324 (dma->paddr + IWN_FW_MAIN_DATA_MAXSZ) >> 4); 1325 iwn_mem_write(sc, IWN_MEM_TEXT_SIZE, IWN_FW_UPDATED | main_textsz); 1326 iwn_mem_unlock(sc); 1327 1328 /* wait at most one second for second alive notification */ 1329 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 1330 /* this isn't what was supposed to happen.. */ 1331 aprint_error_dev(sc->sc_dev, "timeout waiting for adapter to initialize\n"); 1332 } 1333 1334 fail3: firmware_free(dfw,size); 1335 fail2: firmware_close(fw); 1336 fail1: return error; 1337 } 1338 1339 static void 1340 iwn_calib_timeout(void *arg) 1341 { 1342 struct iwn_softc *sc = arg; 1343 struct ieee80211com *ic = &sc->sc_ic; 1344 int s; 1345 1346 /* automatic rate control triggered every 500ms */ 1347 if (ic->ic_fixed_rate == -1) { 1348 s = splnet(); 1349 if (ic->ic_opmode == IEEE80211_M_STA) 1350 iwn_iter_func(sc, ic->ic_bss); 1351 else 1352 ieee80211_iterate_nodes(&ic->ic_sta, iwn_iter_func, sc); 1353 splx(s); 1354 } 1355 1356 /* automatic calibration every 60s */ 1357 if (++sc->calib_cnt >= 120) { 1358 DPRINTF(("sending request for statistics\n")); 1359 (void)iwn_cmd(sc, IWN_CMD_GET_STATISTICS, NULL, 0, 1); 1360 sc->calib_cnt = 0; 1361 } 1362 1363 callout_schedule(&sc->calib_to, hz/2); 1364 1365 } 1366 1367 static void 1368 iwn_iter_func(void *arg, struct ieee80211_node *ni) 1369 { 1370 struct iwn_softc *sc = arg; 1371 struct iwn_node *wn = (struct iwn_node *)ni; 1372 1373 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1374 } 1375 1376 static void 1377 iwn_ampdu_rx_start(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1378 { 1379 struct iwn_rx_stat *stat; 1380 1381 DPRINTFN(2, ("received AMPDU stats\n")); 1382 /* save Rx statistics, they will be used on IWN_AMPDU_RX_DONE */ 1383 stat = (struct iwn_rx_stat *)(desc + 1); 1384 memcpy(&sc->last_rx_stat, stat, sizeof (*stat)); 1385 sc->last_rx_valid = 1; 1386 } 1387 1388 void 1389 iwn_rx_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc, 1390 struct iwn_rx_data *data) 1391 { 1392 struct ieee80211com *ic = &sc->sc_ic; 1393 struct ifnet *ifp = ic->ic_ifp; 1394 struct iwn_rx_ring *ring = &sc->rxq; 1395 struct iwn_rbuf *rbuf; 1396 struct ieee80211_frame *wh; 1397 struct ieee80211_node *ni; 1398 struct mbuf *m, *mnew; 1399 struct iwn_rx_stat *stat; 1400 char *head; 1401 uint32_t *tail; 1402 int len, rssi; 1403 1404 if (desc->type == IWN_AMPDU_RX_DONE) { 1405 /* check for prior AMPDU_RX_START */ 1406 if (!sc->last_rx_valid) { 1407 DPRINTF(("missing AMPDU_RX_START\n")); 1408 ifp->if_ierrors++; 1409 return; 1410 } 1411 sc->last_rx_valid = 0; 1412 stat = &sc->last_rx_stat; 1413 } else 1414 stat = (struct iwn_rx_stat *)(desc + 1); 1415 1416 if (stat->cfg_phy_len > IWN_STAT_MAXLEN) { 1417 aprint_error_dev(sc->sc_dev, "invalid rx statistic header\n"); 1418 ifp->if_ierrors++; 1419 return; 1420 } 1421 1422 if (desc->type == IWN_AMPDU_RX_DONE) { 1423 struct iwn_rx_ampdu *ampdu = 1424 (struct iwn_rx_ampdu *)(desc + 1); 1425 head = (char *)(ampdu + 1); 1426 len = le16toh(ampdu->len); 1427 } else { 1428 head = (char *)(stat + 1) + stat->cfg_phy_len; 1429 len = le16toh(stat->len); 1430 } 1431 1432 DPRINTF(("rx packet len %d\n", len)); 1433 /* discard Rx frames with bad CRC early */ 1434 tail = (uint32_t *)(head + len); 1435 if ((le32toh(*tail) & IWN_RX_NOERROR) != IWN_RX_NOERROR) { 1436 DPRINTFN(2, ("rx flags error %x\n", le32toh(*tail))); 1437 ifp->if_ierrors++; 1438 return; 1439 } 1440 /* XXX for ieee80211_find_rxnode() */ 1441 if (len < sizeof (struct ieee80211_frame)) { 1442 DPRINTF(("frame too short: %d\n", len)); 1443 ic->ic_stats.is_rx_tooshort++; 1444 ifp->if_ierrors++; 1445 return; 1446 } 1447 1448 m = data->m; 1449 1450 /* finalize mbuf */ 1451 m->m_pkthdr.rcvif = ifp; 1452 m->m_data = head; 1453 m->m_pkthdr.len = m->m_len = len; 1454 1455 /* 1456 * See comment in if_wpi.c:wpi_rx_intr() about locking 1457 * nb_free_entries here. In short: it's not required. 1458 */ 1459 if (sc->rxq.nb_free_entries > 0) { 1460 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1461 if (mnew == NULL) { 1462 ic->ic_stats.is_rx_nobuf++; 1463 ifp->if_ierrors++; 1464 return; 1465 } 1466 1467 rbuf = iwn_alloc_rbuf(sc); 1468 1469 /* attach Rx buffer to mbuf */ 1470 MEXTADD(mnew, rbuf->vaddr, IWN_RBUF_SIZE, 0, iwn_free_rbuf, 1471 rbuf); 1472 mnew->m_flags |= M_EXT_RW; 1473 1474 data->m = mnew; 1475 1476 /* update Rx descriptor */ 1477 ring->desc[ring->cur] = htole32(rbuf->paddr >> 8); 1478 } else { 1479 /* no free rbufs, copy frame */ 1480 m = m_dup(m, 0, M_COPYALL, M_DONTWAIT); 1481 if (m == NULL) { 1482 /* no free mbufs either, drop frame */ 1483 ic->ic_stats.is_rx_nobuf++; 1484 ifp->if_ierrors++; 1485 return; 1486 } 1487 } 1488 1489 rssi = iwn_get_rssi(stat); 1490 1491 if (ic->ic_state == IEEE80211_S_SCAN) 1492 iwn_fix_channel(ic, m); 1493 1494 #if NBPFILTER > 0 1495 if (sc->sc_drvbpf != NULL) { 1496 struct iwn_rx_radiotap_header *tap = &sc->sc_rxtap; 1497 1498 tap->wr_flags = 0; 1499 tap->wr_chan_freq = 1500 htole16(ic->ic_channels[stat->chan].ic_freq); 1501 tap->wr_chan_flags = 1502 htole16(ic->ic_channels[stat->chan].ic_flags); 1503 tap->wr_dbm_antsignal = (int8_t)rssi; 1504 tap->wr_dbm_antnoise = (int8_t)sc->noise; 1505 tap->wr_tsft = stat->tstamp; 1506 switch (stat->rate) { 1507 /* CCK rates */ 1508 case 10: tap->wr_rate = 2; break; 1509 case 20: tap->wr_rate = 4; break; 1510 case 55: tap->wr_rate = 11; break; 1511 case 110: tap->wr_rate = 22; break; 1512 /* OFDM rates */ 1513 case 0xd: tap->wr_rate = 12; break; 1514 case 0xf: tap->wr_rate = 18; break; 1515 case 0x5: tap->wr_rate = 24; break; 1516 case 0x7: tap->wr_rate = 36; break; 1517 case 0x9: tap->wr_rate = 48; break; 1518 case 0xb: tap->wr_rate = 72; break; 1519 case 0x1: tap->wr_rate = 96; break; 1520 case 0x3: tap->wr_rate = 108; break; 1521 /* unknown rate: should not happen */ 1522 default: tap->wr_rate = 0; 1523 } 1524 1525 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1526 } 1527 #endif 1528 1529 /* grab a reference to the source node */ 1530 wh = mtod(m, struct ieee80211_frame *); 1531 ni = ieee80211_find_rxnode(ic,(struct ieee80211_frame_min *)wh); 1532 1533 /* send the frame to the 802.11 layer */ 1534 ieee80211_input(ic, m, ni, rssi, 0); 1535 1536 /* node is no longer needed */ 1537 ieee80211_free_node(ni); 1538 } 1539 1540 1541 /* 1542 * XXX: Hack to set the current channel to the value advertised in beacons or 1543 * probe responses. Only used during AP detection. 1544 * XXX: Duplicated from if_iwi.c 1545 */ 1546 static void 1547 iwn_fix_channel(struct ieee80211com *ic, struct mbuf *m) 1548 { 1549 struct ieee80211_frame *wh; 1550 uint8_t subtype; 1551 uint8_t *frm, *efrm; 1552 1553 wh = mtod(m, struct ieee80211_frame *); 1554 1555 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT) 1556 return; 1557 1558 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1559 1560 if (subtype != IEEE80211_FC0_SUBTYPE_BEACON && 1561 subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1562 return; 1563 1564 frm = (uint8_t *)(wh + 1); 1565 efrm = mtod(m, uint8_t *) + m->m_len; 1566 1567 frm += 12; /* skip tstamp, bintval and capinfo fields */ 1568 while (frm < efrm) { 1569 if (*frm == IEEE80211_ELEMID_DSPARMS) 1570 #if IEEE80211_CHAN_MAX < 255 1571 if (frm[2] <= IEEE80211_CHAN_MAX) 1572 #endif 1573 ic->ic_curchan = &ic->ic_channels[frm[2]]; 1574 1575 frm += frm[1] + 2; 1576 } 1577 } 1578 1579 static void 1580 iwn_rx_statistics(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1581 { 1582 struct ieee80211com *ic = &sc->sc_ic; 1583 struct iwn_calib_state *calib = &sc->calib; 1584 struct iwn_stats *stats = (struct iwn_stats *)(desc + 1); 1585 1586 /* ignore beacon statistics received during a scan */ 1587 if (ic->ic_state != IEEE80211_S_RUN) 1588 return; 1589 1590 DPRINTFN(3, ("received statistics (cmd=%d)\n", desc->type)); 1591 sc->calib_cnt = 0; /* reset timeout */ 1592 1593 /* test if temperature has changed */ 1594 if (stats->general.temp != sc->rawtemp) { 1595 int temp; 1596 1597 sc->rawtemp = stats->general.temp; 1598 temp = iwn_get_temperature(sc); 1599 DPRINTFN(2, ("temperature=%d\n", temp)); 1600 1601 /* update Tx power if need be */ 1602 iwn_power_calibration(sc, temp); 1603 } 1604 1605 if (desc->type != IWN_BEACON_STATISTICS) 1606 return; /* reply to a statistics request */ 1607 1608 sc->noise = iwn_get_noise(&stats->rx.general); 1609 DPRINTFN(3, ("noise=%d\n", sc->noise)); 1610 1611 /* test that RSSI and noise are present in stats report */ 1612 if (le32toh(stats->rx.general.flags) != 1) { 1613 DPRINTF(("received statistics without RSSI\n")); 1614 return; 1615 } 1616 1617 if (calib->state == IWN_CALIB_STATE_ASSOC) 1618 iwn_compute_differential_gain(sc, &stats->rx.general); 1619 else if (calib->state == IWN_CALIB_STATE_RUN) 1620 iwn_tune_sensitivity(sc, &stats->rx); 1621 } 1622 1623 static void 1624 iwn_tx_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1625 { 1626 struct ifnet *ifp = sc->sc_ic.ic_ifp; 1627 struct iwn_tx_ring *ring = &sc->txq[desc->qid & 0xf]; 1628 struct iwn_tx_data *txdata = &ring->data[desc->idx]; 1629 struct iwn_tx_stat *stat = (struct iwn_tx_stat *)(desc + 1); 1630 struct iwn_node *wn = (struct iwn_node *)txdata->ni; 1631 uint32_t status; 1632 1633 DPRINTFN(4, ("tx done: qid=%d idx=%d retries=%d nkill=%d rate=%x " 1634 "duration=%d status=%x\n", desc->qid, desc->idx, stat->ntries, 1635 stat->nkill, stat->rate, le16toh(stat->duration), 1636 le32toh(stat->status))); 1637 1638 /* 1639 * Update rate control statistics for the node. 1640 */ 1641 wn->amn.amn_txcnt++; 1642 if (stat->ntries > 0) { 1643 DPRINTFN(3, ("tx intr ntries %d\n", stat->ntries)); 1644 wn->amn.amn_retrycnt++; 1645 } 1646 1647 status = le32toh(stat->status) & 0xff; 1648 if (status != 1 && status != 2) 1649 ifp->if_oerrors++; 1650 else 1651 ifp->if_opackets++; 1652 1653 bus_dmamap_unload(sc->sc_dmat, txdata->map); 1654 m_freem(txdata->m); 1655 txdata->m = NULL; 1656 ieee80211_free_node(txdata->ni); 1657 txdata->ni = NULL; 1658 1659 ring->queued--; 1660 1661 sc->sc_tx_timer = 0; 1662 ifp->if_flags &= ~IFF_OACTIVE; 1663 iwn_start(ifp); 1664 } 1665 1666 static void 1667 iwn_cmd_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1668 { 1669 struct iwn_tx_ring *ring = &sc->txq[4]; 1670 struct iwn_tx_data *data; 1671 1672 if ((desc->qid & 0xf) != 4) 1673 return; /* not a command ack */ 1674 1675 data = &ring->data[desc->idx]; 1676 1677 /* if the command was mapped in a mbuf, free it */ 1678 if (data->m != NULL) { 1679 bus_dmamap_unload(sc->sc_dmat, data->map); 1680 m_freem(data->m); 1681 data->m = NULL; 1682 } 1683 1684 wakeup(&ring->cmd[desc->idx]); 1685 } 1686 1687 static void 1688 iwn_notif_intr(struct iwn_softc *sc) 1689 { 1690 struct ieee80211com *ic = &sc->sc_ic; 1691 struct ifnet *ifp = ic->ic_ifp; 1692 uint16_t hw; 1693 1694 hw = le16toh(sc->shared->closed_count); 1695 while (sc->rxq.cur != hw) { 1696 struct iwn_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1697 struct iwn_rx_desc *desc = (void *)data->m->m_ext.ext_buf; 1698 1699 DPRINTFN(4,("rx notification qid=%x idx=%d flags=%x type=%d " 1700 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1701 le32toh(desc->len))); 1702 1703 if (!(desc->qid & 0x80)) /* reply to a command */ 1704 iwn_cmd_intr(sc, desc); 1705 1706 switch (desc->type) { 1707 case IWN_RX_DONE: 1708 case IWN_AMPDU_RX_DONE: 1709 iwn_rx_intr(sc, desc, data); 1710 break; 1711 1712 case IWN_AMPDU_RX_START: 1713 iwn_ampdu_rx_start(sc, desc); 1714 break; 1715 1716 case IWN_TX_DONE: 1717 /* a 802.11 frame has been transmitted */ 1718 iwn_tx_intr(sc, desc); 1719 break; 1720 1721 case IWN_RX_STATISTICS: 1722 case IWN_BEACON_STATISTICS: 1723 iwn_rx_statistics(sc, desc); 1724 break; 1725 1726 case IWN_BEACON_MISSED: 1727 { 1728 struct iwn_beacon_missed *miss = 1729 (struct iwn_beacon_missed *)(desc + 1); 1730 /* 1731 * If more than 5 consecutive beacons are missed, 1732 * reinitialize the sensitivity state machine. 1733 */ 1734 DPRINTFN(2, ("beacons missed %d/%d\n", 1735 le32toh(miss->consecutive), le32toh(miss->total))); 1736 if (ic->ic_state == IEEE80211_S_RUN && 1737 le32toh(miss->consecutive) > 5) 1738 (void)iwn_init_sensitivity(sc); 1739 break; 1740 } 1741 1742 case IWN_UC_READY: 1743 { 1744 struct iwn_ucode_info *uc = 1745 (struct iwn_ucode_info *)(desc + 1); 1746 1747 /* the microcontroller is ready */ 1748 DPRINTF(("microcode alive notification version=%d.%d " 1749 "subtype=%x alive=%x\n", uc->major, uc->minor, 1750 uc->subtype, le32toh(uc->valid))); 1751 1752 if (le32toh(uc->valid) != 1) { 1753 aprint_error_dev(sc->sc_dev, "microcontroller initialization " 1754 "failed\n"); 1755 break; 1756 } 1757 if (uc->subtype == IWN_UCODE_INIT) { 1758 /* save microcontroller's report */ 1759 memcpy(&sc->ucode_info, uc, sizeof (*uc)); 1760 } 1761 break; 1762 } 1763 case IWN_STATE_CHANGED: 1764 { 1765 uint32_t *status = (uint32_t *)(desc + 1); 1766 1767 /* enabled/disabled notification */ 1768 DPRINTF(("state changed to %x\n", le32toh(*status))); 1769 1770 if (le32toh(*status) & 1) { 1771 /* the radio button has to be pushed */ 1772 aprint_error_dev(sc->sc_dev, "Radio transmitter is off\n"); 1773 /* turn the interface down */ 1774 ifp->if_flags &= ~IFF_UP; 1775 iwn_stop(ifp, 1); 1776 return; /* no further processing */ 1777 } 1778 break; 1779 } 1780 case IWN_START_SCAN: 1781 { 1782 struct iwn_start_scan *scan = 1783 (struct iwn_start_scan *)(desc + 1); 1784 1785 DPRINTFN(2, ("scanning channel %d status %x\n", 1786 scan->chan, le32toh(scan->status))); 1787 1788 /* fix current channel */ 1789 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1790 break; 1791 } 1792 case IWN_STOP_SCAN: 1793 { 1794 struct iwn_stop_scan *scan = 1795 (struct iwn_stop_scan *)(desc + 1); 1796 1797 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1798 scan->nchan, scan->status, scan->chan)); 1799 1800 if (scan->status == 1 && scan->chan <= 14) { 1801 /* 1802 * We just finished scanning 802.11g channels, 1803 * start scanning 802.11a ones. 1804 */ 1805 if (iwn_scan(sc, IEEE80211_CHAN_A) == 0) 1806 break; 1807 } 1808 sc->is_scanning = false; 1809 ieee80211_end_scan(ic); 1810 break; 1811 } 1812 } 1813 1814 sc->rxq.cur = (sc->rxq.cur + 1) % IWN_RX_RING_COUNT; 1815 } 1816 1817 /* tell the firmware what we have processed */ 1818 hw = (hw == 0) ? IWN_RX_RING_COUNT - 1 : hw - 1; 1819 IWN_WRITE(sc, IWN_RX_WIDX, hw & ~7); 1820 } 1821 1822 static int 1823 iwn_intr(void *arg) 1824 { 1825 struct iwn_softc *sc = arg; 1826 struct ifnet *ifp = sc->sc_ic.ic_ifp; 1827 uint32_t r1, r2; 1828 1829 /* disable interrupts */ 1830 IWN_WRITE(sc, IWN_MASK, 0); 1831 1832 r1 = IWN_READ(sc, IWN_INTR); 1833 r2 = IWN_READ(sc, IWN_INTR_STATUS); 1834 1835 if (r1 == 0 && r2 == 0) { 1836 if (ifp->if_flags & IFF_UP) 1837 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 1838 return 0; /* not for us */ 1839 } 1840 1841 if (r1 == 0xffffffff) 1842 return 0; /* hardware gone */ 1843 1844 /* ack interrupts */ 1845 IWN_WRITE(sc, IWN_INTR, r1); 1846 IWN_WRITE(sc, IWN_INTR_STATUS, r2); 1847 1848 DPRINTFN(5, ("interrupt reg1=%x reg2=%x\n", r1, r2)); 1849 1850 if (r1 & IWN_RF_TOGGLED) { 1851 uint32_t tmp = IWN_READ(sc, IWN_GPIO_CTL); 1852 aprint_error_dev(sc->sc_dev, "RF switch: radio %s\n", 1853 (tmp & IWN_GPIO_RF_ENABLED) ? "enabled" : "disabled"); 1854 } 1855 if (r1 & IWN_CT_REACHED) { 1856 aprint_error_dev(sc->sc_dev, "critical temperature reached!\n"); 1857 } 1858 if (r1 & (IWN_SW_ERROR | IWN_HW_ERROR)) { 1859 aprint_error_dev(sc->sc_dev, "fatal firmware error\n"); 1860 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP; 1861 iwn_stop(sc->sc_ic.ic_ifp, 1); 1862 return 1; 1863 } 1864 1865 if ((r1 & (IWN_RX_INTR | IWN_SW_RX_INTR)) || 1866 (r2 & IWN_RX_STATUS_INTR)) 1867 iwn_notif_intr(sc); 1868 1869 if (r1 & IWN_ALIVE_INTR) 1870 wakeup(sc); 1871 1872 /* re-enable interrupts */ 1873 if (ifp->if_flags & IFF_UP) 1874 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 1875 1876 return 1; 1877 } 1878 1879 static uint8_t 1880 iwn_plcp_signal(int rate) 1881 { 1882 switch (rate) { 1883 /* CCK rates (returned values are device-dependent) */ 1884 case 2: return 10; 1885 case 4: return 20; 1886 case 11: return 55; 1887 case 22: return 110; 1888 1889 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 1890 /* R1-R4, (u)ral is R4-R1 */ 1891 case 12: return 0xd; 1892 case 18: return 0xf; 1893 case 24: return 0x5; 1894 case 36: return 0x7; 1895 case 48: return 0x9; 1896 case 72: return 0xb; 1897 case 96: return 0x1; 1898 case 108: return 0x3; 1899 case 120: return 0x3; 1900 } 1901 /* unknown rate (should not get there) */ 1902 return 0; 1903 } 1904 1905 /* determine if a given rate is CCK or OFDM */ 1906 #define IWN_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1907 1908 static int 1909 iwn_tx_data(struct iwn_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, 1910 int ac) 1911 { 1912 struct ieee80211com *ic = &sc->sc_ic; 1913 struct iwn_tx_ring *ring = &sc->txq[ac]; 1914 struct iwn_tx_desc *desc; 1915 struct iwn_tx_data *data; 1916 struct iwn_tx_cmd *cmd; 1917 struct iwn_cmd_data *tx; 1918 struct ieee80211_frame *wh; 1919 struct ieee80211_key *k; 1920 const struct chanAccParams *cap; 1921 struct mbuf *mnew; 1922 bus_addr_t paddr; 1923 uint32_t flags; 1924 uint8_t type; 1925 int i, error, pad, rate, hdrlen, noack = 0; 1926 1927 DPRINTFN(5, ("iwn_tx_data entry\n")); 1928 1929 desc = &ring->desc[ring->cur]; 1930 data = &ring->data[ring->cur]; 1931 1932 wh = mtod(m0, struct ieee80211_frame *); 1933 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1934 1935 if (IEEE80211_QOS_HAS_SEQ(wh)) { 1936 hdrlen = sizeof (struct ieee80211_qosframe); 1937 cap = &ic->ic_wme.wme_chanParams; 1938 noack = cap->cap_wmeParams[ac].wmep_noackPolicy; 1939 } else 1940 hdrlen = sizeof (struct ieee80211_frame); 1941 1942 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1943 k = ieee80211_crypto_encap(ic, ni, m0); 1944 if (k == NULL) { 1945 m_freem(m0); 1946 return ENOBUFS; 1947 } 1948 /* packet header may have moved, reset our local pointer */ 1949 wh = mtod(m0, struct ieee80211_frame *); 1950 } 1951 1952 /* pickup a rate */ 1953 if (type == IEEE80211_FC0_TYPE_MGT) { 1954 /* mgmt frames are sent at the lowest available bit-rate */ 1955 rate = ni->ni_rates.rs_rates[0]; 1956 } else { 1957 if (ic->ic_fixed_rate != -1) { 1958 rate = ic->ic_sup_rates[ic->ic_curmode]. 1959 rs_rates[ic->ic_fixed_rate]; 1960 } else 1961 rate = ni->ni_rates.rs_rates[ni->ni_txrate]; 1962 } 1963 rate &= IEEE80211_RATE_VAL; 1964 1965 #if NBPFILTER > 0 1966 if (sc->sc_drvbpf != NULL) { 1967 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap; 1968 1969 tap->wt_flags = 0; 1970 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1971 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1972 tap->wt_rate = rate; 1973 tap->wt_hwqueue = ac; 1974 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 1975 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1976 1977 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 1978 } 1979 #endif 1980 1981 cmd = &ring->cmd[ring->cur]; 1982 cmd->code = IWN_CMD_TX_DATA; 1983 cmd->flags = 0; 1984 cmd->qid = ring->qid; 1985 cmd->idx = ring->cur; 1986 1987 tx = (struct iwn_cmd_data *)cmd->data; 1988 1989 flags = IWN_TX_AUTO_SEQ; 1990 if (!noack && !IEEE80211_IS_MULTICAST(wh->i_addr1)){ 1991 flags |= IWN_TX_NEED_ACK; 1992 }else if (m0->m_pkthdr.len + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) 1993 flags |= (IWN_TX_NEED_RTS | IWN_TX_FULL_TXOP); 1994 1995 tx->id = IEEE80211_IS_MULTICAST(wh->i_addr1) ? IWN_ID_BROADCAST : IWN_ID_BSS; 1996 1997 DPRINTFN(5, ("addr1: %x:%x:%x:%x:%x:%x, id = 0x%x\n", 1998 wh->i_addr1[0], wh->i_addr1[1], wh->i_addr1[2], 1999 wh->i_addr1[3], wh->i_addr1[4], wh->i_addr1[5], tx->id)); 2000 2001 if (type == IEEE80211_FC0_TYPE_MGT) { 2002 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2003 2004 /* tell h/w to set timestamp in probe responses */ 2005 if ((subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) || 2006 (subtype == IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 2007 flags |= IWN_TX_INSERT_TSTAMP; 2008 2009 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2010 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 2011 flags &= ~IWN_TX_NEED_RTS; 2012 flags |= IWN_TX_NEED_CTS; 2013 tx->timeout = htole16(3); 2014 } else 2015 tx->timeout = htole16(2); 2016 } else 2017 tx->timeout = htole16(0); 2018 2019 if (hdrlen & 3) { 2020 /* first segment's length must be a multiple of 4 */ 2021 flags |= IWN_TX_NEED_PADDING; 2022 pad = 4 - (hdrlen & 3); 2023 } else 2024 pad = 0; 2025 2026 if (type == IEEE80211_FC0_TYPE_CTL) { 2027 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2028 2029 /* tell h/w to set timestamp in probe responses */ 2030 if (subtype == 0x0080) /* linux says this is "back request" */ 2031 /* linux says (1 << 6) is IMM_BA_RSP_MASK */ 2032 flags |= (IWN_TX_NEED_ACK | (1 << 6)); 2033 } 2034 2035 2036 tx->flags = htole32(flags); 2037 tx->len = htole16(m0->m_pkthdr.len); 2038 tx->rate = iwn_plcp_signal(rate); 2039 tx->rts_ntries = 60; 2040 tx->data_ntries = 15; 2041 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 2042 2043 /* XXX alternate between Ant A and Ant B ? */ 2044 tx->rflags = IWN_RFLAG_ANT_B; 2045 if (tx->id == IWN_ID_BROADCAST) { 2046 tx->ridx = IWN_MAX_TX_RETRIES - 1; 2047 if (!IWN_RATE_IS_OFDM(rate)) 2048 tx->rflags |= IWN_RFLAG_CCK; 2049 } else { 2050 tx->ridx = 0; 2051 /* tell adapter to ignore rflags */ 2052 tx->flags |= htole32(IWN_TX_USE_NODE_RATE); 2053 } 2054 2055 /* copy and trim IEEE802.11 header */ 2056 memcpy((uint8_t *)(tx + 1), wh, hdrlen); 2057 m_adj(m0, hdrlen); 2058 2059 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 2060 BUS_DMA_WRITE | BUS_DMA_NOWAIT); 2061 if (error != 0 && error != EFBIG) { 2062 aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error); 2063 m_freem(m0); 2064 return error; 2065 } 2066 if (error != 0) { 2067 /* too many fragments, linearize */ 2068 2069 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 2070 if (mnew == NULL) { 2071 m_freem(m0); 2072 return ENOMEM; 2073 } 2074 M_COPY_PKTHDR(mnew, m0); 2075 if (m0->m_pkthdr.len > MHLEN) { 2076 MCLGET(mnew, M_DONTWAIT); 2077 if (!(mnew->m_flags & M_EXT)) { 2078 m_freem(m0); 2079 m_freem(mnew); 2080 return ENOMEM; 2081 } 2082 } 2083 2084 m_copydata(m0, 0, m0->m_pkthdr.len, mtod(mnew, void *)); 2085 m_freem(m0); 2086 mnew->m_len = mnew->m_pkthdr.len; 2087 m0 = mnew; 2088 2089 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 2090 BUS_DMA_WRITE | BUS_DMA_NOWAIT); 2091 if (error != 0) { 2092 aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error); 2093 m_freem(m0); 2094 return error; 2095 } 2096 } 2097 2098 data->m = m0; 2099 data->ni = ni; 2100 2101 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 2102 ring->qid, ring->cur, m0->m_pkthdr.len, data->map->dm_nsegs)); 2103 2104 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 2105 tx->loaddr = htole32(paddr + 4 + 2106 offsetof(struct iwn_cmd_data, ntries)); 2107 tx->hiaddr = 0; /* limit to 32-bit physical addresses */ 2108 2109 /* first scatter/gather segment is used by the tx data command */ 2110 IWN_SET_DESC_NSEGS(desc, 1 + data->map->dm_nsegs); 2111 IWN_SET_DESC_SEG(desc, 0, paddr, 4 + sizeof (*tx) + hdrlen + pad); 2112 for (i = 1; i <= data->map->dm_nsegs; i++) { 2113 IWN_SET_DESC_SEG(desc, i, data->map->dm_segs[i - 1].ds_addr, 2114 data->map->dm_segs[i - 1].ds_len); 2115 } 2116 sc->shared->len[ring->qid][ring->cur] = 2117 htole16(hdrlen + m0->m_pkthdr.len + 8); 2118 if (ring->cur < IWN_TX_WINDOW) { 2119 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 2120 htole16(hdrlen + m0->m_pkthdr.len + 8); 2121 } 2122 2123 ring->queued++; 2124 2125 /* kick ring */ 2126 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 2127 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 2128 2129 return 0; 2130 } 2131 2132 static void 2133 iwn_start(struct ifnet *ifp) 2134 { 2135 struct iwn_softc *sc = ifp->if_softc; 2136 struct ieee80211com *ic = &sc->sc_ic; 2137 struct ieee80211_node *ni; 2138 struct ether_header *eh; 2139 struct mbuf *m0; 2140 int ac; 2141 2142 DPRINTFN(5, ("iwn_start enter\n")); 2143 2144 /* 2145 * net80211 may still try to send management frames even if the 2146 * IFF_RUNNING flag is not set... 2147 */ 2148 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 2149 return; 2150 2151 for (;;) { 2152 IF_DEQUEUE(&ic->ic_mgtq, m0); 2153 if (m0 != NULL) { 2154 /* management frames go into ring 0 */ 2155 2156 2157 ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif; 2158 m0->m_pkthdr.rcvif = NULL; 2159 2160 /* management goes into ring 0 */ 2161 if (sc->txq[0].queued > sc->txq[0].count - 8) { 2162 ifp->if_oerrors++; 2163 continue; 2164 } 2165 2166 #if NBPFILTER > 0 2167 if (ic->ic_rawbpf != NULL) 2168 bpf_mtap(ic->ic_rawbpf, m0); 2169 #endif 2170 if (iwn_tx_data(sc, m0, ni, 0) != 0) { 2171 ifp->if_oerrors++; 2172 break; 2173 } 2174 } else { 2175 if (ic->ic_state != IEEE80211_S_RUN) 2176 break; 2177 IFQ_POLL(&ifp->if_snd, m0); 2178 if (m0 == NULL) 2179 break; 2180 2181 if (m0->m_len < sizeof (*eh) && 2182 (m0 = m_pullup(m0, sizeof (*eh))) == NULL) { 2183 ifp->if_oerrors++; 2184 continue; 2185 } 2186 eh = mtod(m0, struct ether_header *); 2187 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 2188 if (ni == NULL) { 2189 m_freem(m0); 2190 ifp->if_oerrors++; 2191 continue; 2192 } 2193 /* classify mbuf so we can find which tx ring to use */ 2194 if (ieee80211_classify(ic, m0, ni) != 0) { 2195 m_freem(m0); 2196 ieee80211_free_node(ni); 2197 ifp->if_oerrors++; 2198 continue; 2199 } 2200 2201 /* no QoS encapsulation for EAPOL frames */ 2202 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ? 2203 M_WME_GETAC(m0) : WME_AC_BE; 2204 2205 if (sc->txq[ac].queued > sc->txq[ac].count - 8) { 2206 2207 /* there is no place left in this ring */ 2208 ifp->if_flags |= IFF_OACTIVE; 2209 break; 2210 } 2211 IFQ_DEQUEUE(&ifp->if_snd, m0); 2212 #if NBPFILTER > 0 2213 if (ifp->if_bpf != NULL) 2214 bpf_mtap(ifp->if_bpf, m0); 2215 #endif 2216 m0 = ieee80211_encap(ic, m0, ni); 2217 if (m0 == NULL) { 2218 ieee80211_free_node(ni); 2219 ifp->if_oerrors++; 2220 continue; 2221 } 2222 #if NBPFILTER > 0 2223 if (ic->ic_rawbpf != NULL) 2224 bpf_mtap(ic->ic_rawbpf, m0); 2225 #endif 2226 if (iwn_tx_data(sc, m0, ni, ac) != 0) { 2227 ieee80211_free_node(ni); 2228 ifp->if_oerrors++; 2229 break; 2230 } 2231 } 2232 2233 sc->sc_tx_timer = 5; 2234 ifp->if_timer = 1; 2235 } 2236 } 2237 2238 static void 2239 iwn_watchdog(struct ifnet *ifp) 2240 { 2241 struct iwn_softc *sc = ifp->if_softc; 2242 2243 ifp->if_timer = 0; 2244 2245 if (sc->sc_tx_timer > 0) { 2246 if (--sc->sc_tx_timer == 0) { 2247 aprint_error_dev(sc->sc_dev, "device timeout\n"); 2248 ifp->if_flags &= ~IFF_UP; 2249 iwn_stop(ifp, 1); 2250 ifp->if_oerrors++; 2251 return; 2252 } 2253 ifp->if_timer = 1; 2254 } 2255 2256 ieee80211_watchdog(&sc->sc_ic); 2257 } 2258 2259 static int 2260 iwn_ioctl(struct ifnet *ifp, u_long cmd, void * data) 2261 { 2262 2263 #define IS_RUNNING(ifp) \ 2264 ((ifp->if_flags & IFF_UP) && (ifp->if_flags & IFF_RUNNING)) 2265 2266 struct iwn_softc *sc = ifp->if_softc; 2267 struct ieee80211com *ic = &sc->sc_ic; 2268 int s, error = 0; 2269 2270 s = splnet(); 2271 2272 switch (cmd) { 2273 case SIOCSIFFLAGS: 2274 if (ifp->if_flags & IFF_UP) { 2275 if (!(ifp->if_flags & IFF_RUNNING)) 2276 iwn_init(ifp); 2277 } else { 2278 if (ifp->if_flags & IFF_RUNNING) 2279 iwn_stop(ifp, 1); 2280 } 2281 break; 2282 2283 case SIOCADDMULTI: 2284 case SIOCDELMULTI: 2285 /* XXX no h/w multicast filter? --dyoung */ 2286 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 2287 /* setup multicast filter, etc */ 2288 error = 0; 2289 } 2290 break; 2291 2292 default: 2293 error = ieee80211_ioctl(ic, cmd, data); 2294 } 2295 2296 if (error == ENETRESET) { 2297 if (IS_RUNNING(ifp) && 2298 (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)) 2299 iwn_init(ifp); 2300 error = 0; 2301 } 2302 2303 splx(s); 2304 return error; 2305 2306 #undef IS_RUNNING 2307 } 2308 2309 static void 2310 iwn_read_eeprom(struct iwn_softc *sc) 2311 { 2312 struct ieee80211com *ic = &sc->sc_ic; 2313 char domain[4]; 2314 uint16_t val; 2315 int i, error; 2316 2317 if ((error = iwn_eeprom_lock(sc)) != 0) { 2318 aprint_error_dev(sc->sc_dev, "could not lock EEPROM (error=%d)\n", error); 2319 return; 2320 } 2321 /* read and print regulatory domain */ 2322 iwn_read_prom_data(sc, IWN_EEPROM_DOMAIN, domain, 4); 2323 aprint_error_dev(sc->sc_dev, "%.4s", domain); 2324 2325 /* read and print MAC address */ 2326 iwn_read_prom_data(sc, IWN_EEPROM_MAC, ic->ic_myaddr, 6); 2327 aprint_error(", address %s\n", ether_sprintf(ic->ic_myaddr)); 2328 2329 /* read the list of authorized channels */ 2330 for (i = 0; i < IWN_CHAN_BANDS_COUNT; i++) 2331 iwn_read_eeprom_channels(sc, i); 2332 2333 /* read maximum allowed Tx power for 2GHz and 5GHz bands */ 2334 iwn_read_prom_data(sc, IWN_EEPROM_MAXPOW, &val, 2); 2335 sc->maxpwr2GHz = val & 0xff; 2336 sc->maxpwr5GHz = val >> 8; 2337 /* check that EEPROM values are correct */ 2338 if (sc->maxpwr5GHz < 20 || sc->maxpwr5GHz > 50) 2339 sc->maxpwr5GHz = 38; 2340 if (sc->maxpwr2GHz < 20 || sc->maxpwr2GHz > 50) 2341 sc->maxpwr2GHz = 38; 2342 DPRINTF(("maxpwr 2GHz=%d 5GHz=%d\n", sc->maxpwr2GHz, sc->maxpwr5GHz)); 2343 2344 /* read voltage at which samples were taken */ 2345 iwn_read_prom_data(sc, IWN_EEPROM_VOLTAGE, &val, 2); 2346 sc->eeprom_voltage = (int16_t)le16toh(val); 2347 DPRINTF(("voltage=%d (in 0.3V)\n", sc->eeprom_voltage)); 2348 2349 /* read power groups */ 2350 iwn_read_prom_data(sc, IWN_EEPROM_BANDS, sc->bands, sizeof sc->bands); 2351 #ifdef IWN_DEBUG 2352 if (iwn_debug > 0) { 2353 for (i = 0; i < IWN_NBANDS; i++) 2354 iwn_print_power_group(sc, i); 2355 } 2356 #endif 2357 iwn_eeprom_unlock(sc); 2358 } 2359 2360 static void 2361 iwn_read_eeprom_channels(struct iwn_softc *sc, int n) 2362 { 2363 struct ieee80211com *ic = &sc->sc_ic; 2364 const struct iwn_chan_band *band = &iwn_bands[n]; 2365 struct iwn_eeprom_chan channels[IWN_MAX_CHAN_PER_BAND]; 2366 int chan, i; 2367 2368 iwn_read_prom_data(sc, band->addr, channels, 2369 band->nchan * sizeof (struct iwn_eeprom_chan)); 2370 2371 for (i = 0; i < band->nchan; i++) { 2372 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) 2373 continue; 2374 2375 chan = band->chan[i]; 2376 2377 if (n == 0) { /* 2GHz band */ 2378 ic->ic_channels[chan].ic_freq = 2379 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 2380 ic->ic_channels[chan].ic_flags = 2381 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 2382 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 2383 2384 } else { /* 5GHz band */ 2385 /* 2386 * Some adapters support channels 7, 8, 11 and 12 2387 * both in the 2GHz *and* 5GHz bands. 2388 * Because of limitations in our net80211(9) stack, 2389 * we can't support these channels in 5GHz band. 2390 */ 2391 if (chan <= 14) 2392 continue; 2393 2394 ic->ic_channels[chan].ic_freq = 2395 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 2396 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 2397 } 2398 2399 /* is active scan allowed on this channel? */ 2400 if (!(channels[i].flags & IWN_EEPROM_CHAN_ACTIVE)) { 2401 ic->ic_channels[chan].ic_flags |= 2402 IEEE80211_CHAN_PASSIVE; 2403 } 2404 2405 /* save maximum allowed power for this channel */ 2406 sc->maxpwr[chan] = channels[i].maxpwr; 2407 2408 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 2409 chan, channels[i].flags, sc->maxpwr[chan])); 2410 } 2411 } 2412 2413 #ifdef IWN_DEBUG 2414 static void 2415 iwn_print_power_group(struct iwn_softc *sc, int i) 2416 { 2417 struct iwn_eeprom_band *band = &sc->bands[i]; 2418 struct iwn_eeprom_chan_samples *chans = band->chans; 2419 int j, c; 2420 2421 DPRINTF(("===band %d===\n", i)); 2422 DPRINTF(("chan lo=%d, chan hi=%d\n", band->lo, band->hi)); 2423 DPRINTF(("chan1 num=%d\n", chans[0].num)); 2424 for (c = 0; c < IWN_NTXCHAINS; c++) { 2425 for (j = 0; j < IWN_NSAMPLES; j++) { 2426 DPRINTF(("chain %d, sample %d: temp=%d gain=%d " 2427 "power=%d pa_det=%d\n", c, j, 2428 chans[0].samples[c][j].temp, 2429 chans[0].samples[c][j].gain, 2430 chans[0].samples[c][j].power, 2431 chans[0].samples[c][j].pa_det)); 2432 } 2433 } 2434 DPRINTF(("chan2 num=%d\n", chans[1].num)); 2435 for (c = 0; c < IWN_NTXCHAINS; c++) { 2436 for (j = 0; j < IWN_NSAMPLES; j++) { 2437 DPRINTF(("chain %d, sample %d: temp=%d gain=%d " 2438 "power=%d pa_det=%d\n", c, j, 2439 chans[1].samples[c][j].temp, 2440 chans[1].samples[c][j].gain, 2441 chans[1].samples[c][j].power, 2442 chans[1].samples[c][j].pa_det)); 2443 } 2444 } 2445 } 2446 #endif 2447 2448 /* 2449 * Send a command to the firmware. 2450 */ 2451 static int 2452 iwn_cmd(struct iwn_softc *sc, int code, const void *buf, int size, int async) 2453 { 2454 struct iwn_tx_ring *ring = &sc->txq[4]; 2455 struct iwn_tx_desc *desc; 2456 struct iwn_tx_cmd *cmd; 2457 bus_addr_t paddr; 2458 2459 KASSERT(size <= sizeof cmd->data); 2460 2461 desc = &ring->desc[ring->cur]; 2462 cmd = &ring->cmd[ring->cur]; 2463 2464 cmd->code = code; 2465 cmd->flags = 0; 2466 cmd->qid = ring->qid; 2467 cmd->idx = ring->cur; 2468 memcpy(cmd->data, buf, size); 2469 2470 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 2471 2472 IWN_SET_DESC_NSEGS(desc, 1); 2473 IWN_SET_DESC_SEG(desc, 0, paddr, 4 + size); 2474 sc->shared->len[ring->qid][ring->cur] = htole16(8); 2475 if (ring->cur < IWN_TX_WINDOW) { 2476 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 2477 htole16(8); 2478 } 2479 2480 /* kick cmd ring */ 2481 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 2482 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 2483 2484 return async ? 0 : tsleep(cmd, PCATCH, "iwncmd", hz); 2485 } 2486 2487 /* 2488 * Configure hardware multi-rate retries for one node. 2489 */ 2490 static int 2491 iwn_setup_node_mrr(struct iwn_softc *sc, uint8_t id, int async) 2492 { 2493 struct ieee80211com *ic = &sc->sc_ic; 2494 struct iwn_cmd_mrr mrr; 2495 int i, ridx; 2496 2497 memset(&mrr, 0, sizeof mrr); 2498 mrr.id = id; 2499 mrr.ssmask = 2; 2500 mrr.dsmask = 3; 2501 mrr.ampdu_disable = 3; 2502 mrr.ampdu_limit = htole16(4000); 2503 2504 if (id == IWN_ID_BSS) 2505 ridx = IWN_OFDM54; 2506 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2507 ridx = IWN_OFDM6; 2508 else 2509 ridx = IWN_CCK1; 2510 for (i = 0; i < IWN_MAX_TX_RETRIES; i++) { 2511 mrr.table[i].rate = iwn_ridx_to_plcp[ridx]; 2512 mrr.table[i].rflags = IWN_RFLAG_ANT_B; 2513 if (ridx <= IWN_CCK11) 2514 mrr.table[i].rflags |= IWN_RFLAG_CCK; 2515 ridx = iwn_prev_ridx[ridx]; 2516 } 2517 return iwn_cmd(sc, IWN_CMD_NODE_MRR_SETUP, &mrr, sizeof mrr, async); 2518 } 2519 2520 static int 2521 iwn_wme_update(struct ieee80211com *ic) 2522 { 2523 #define IWN_EXP2(v) htole16((1 << (v)) - 1) 2524 #define IWN_USEC(v) htole16(IEEE80211_TXOP_TO_US(v)) 2525 struct iwn_softc *sc = ic->ic_ifp->if_softc; 2526 const struct wmeParams *wmep; 2527 struct iwn_wme_setup wme; 2528 int ac; 2529 2530 /* don't override default WME values if WME is not actually enabled */ 2531 if (!(ic->ic_flags & IEEE80211_F_WME)) 2532 return 0; 2533 2534 wme.flags = 0; 2535 for (ac = 0; ac < WME_NUM_AC; ac++) { 2536 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac]; 2537 wme.ac[ac].aifsn = wmep->wmep_aifsn; 2538 wme.ac[ac].cwmin = IWN_EXP2(wmep->wmep_logcwmin); 2539 wme.ac[ac].cwmax = IWN_EXP2(wmep->wmep_logcwmax); 2540 wme.ac[ac].txop = IWN_USEC(wmep->wmep_txopLimit); 2541 2542 DPRINTF(("setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 2543 "txop=%d\n", ac, wme.ac[ac].aifsn, wme.ac[ac].cwmin, 2544 wme.ac[ac].cwmax, wme.ac[ac].txop)); 2545 } 2546 2547 return iwn_cmd(sc, IWN_CMD_SET_WME, &wme, sizeof wme, 1); 2548 #undef IWN_USEC 2549 #undef IWN_EXP2 2550 } 2551 2552 2553 2554 static void 2555 iwn_set_led(struct iwn_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2556 { 2557 struct iwn_cmd_led led; 2558 2559 led.which = which; 2560 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2561 led.off = off; 2562 led.on = on; 2563 2564 (void)iwn_cmd(sc, IWN_CMD_SET_LED, &led, sizeof led, 1); 2565 } 2566 2567 /* 2568 * Set the critical temperature at which the firmware will automatically stop 2569 * the radio transmitter. 2570 */ 2571 static int 2572 iwn_set_critical_temp(struct iwn_softc *sc) 2573 { 2574 struct iwn_ucode_info *uc = &sc->ucode_info; 2575 struct iwn_critical_temp crit; 2576 uint32_t r1, r2, r3, temp; 2577 2578 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_CTEMP_STOP_RF); 2579 2580 r1 = le32toh(uc->temp[0].chan20MHz); 2581 r2 = le32toh(uc->temp[1].chan20MHz); 2582 r3 = le32toh(uc->temp[2].chan20MHz); 2583 /* inverse function of iwn_get_temperature() */ 2584 2585 temp = r2 + ((IWN_CTOK(110) * (r3 - r1)) / 259); 2586 2587 memset(&crit, 0, sizeof crit); 2588 crit.tempR = htole32(temp); 2589 DPRINTF(("setting critical temperature to %u\n", temp)); 2590 return iwn_cmd(sc, IWN_CMD_SET_CRITICAL_TEMP, &crit, sizeof crit, 0); 2591 } 2592 2593 static void 2594 iwn_enable_tsf(struct iwn_softc *sc, struct ieee80211_node *ni) 2595 { 2596 struct iwn_cmd_tsf tsf; 2597 uint64_t val, mod; 2598 2599 memset(&tsf, 0, sizeof tsf); 2600 memcpy(&tsf.tstamp, ni->ni_tstamp.data, 8); 2601 tsf.bintval = htole16(ni->ni_intval); 2602 tsf.lintval = htole16(10); 2603 2604 /* compute remaining time until next beacon */ 2605 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2606 mod = le64toh(tsf.tstamp) % val; 2607 tsf.binitval = htole32((uint32_t)(val - mod)); 2608 2609 DPRINTF(("TSF bintval=%u tstamp=%" PRIu64 ", init=%" PRIu64 "\n", 2610 ni->ni_intval, le64toh(tsf.tstamp), val - mod)); 2611 2612 if (iwn_cmd(sc, IWN_CMD_TSF, &tsf, sizeof tsf, 1) != 0) 2613 aprint_error_dev(sc->sc_dev, "could not enable TSF\n"); 2614 } 2615 2616 static void 2617 iwn_power_calibration(struct iwn_softc *sc, int temp) 2618 { 2619 struct ieee80211com *ic = &sc->sc_ic; 2620 2621 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2622 2623 /* adjust Tx power if need be (delta >= 3C) */ 2624 if (abs(temp - sc->temp) < 3) 2625 return; 2626 2627 sc->temp = temp; 2628 2629 DPRINTF(("setting Tx power for channel %d\n", 2630 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan))); 2631 if (iwn_set_txpower(sc, ic->ic_bss->ni_chan, 1) != 0) { 2632 /* just warn, too bad for the automatic calibration... */ 2633 aprint_error_dev(sc->sc_dev, "could not adjust Tx power\n"); 2634 } 2635 } 2636 2637 /* 2638 * Set Tx power for a given channel (each rate has its own power settings). 2639 * This function takes into account the regulatory information from EEPROM, 2640 * the current temperature and the current voltage. 2641 */ 2642 static int 2643 iwn_set_txpower(struct iwn_softc *sc, struct ieee80211_channel *ch, int async) 2644 { 2645 /* fixed-point arithmetic division using a n-bit fractional part */ 2646 #define fdivround(a, b, n) \ 2647 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2648 /* linear interpolation */ 2649 #define interpolate(x, x1, y1, x2, y2, n) \ 2650 ((y1) + fdivround(((int)(x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2651 2652 static const int tdiv[IWN_NATTEN_GROUPS] = { 9, 8, 8, 8, 6 }; 2653 struct ieee80211com *ic = &sc->sc_ic; 2654 struct iwn_ucode_info *uc = &sc->ucode_info; 2655 struct iwn_cmd_txpower cmd; 2656 struct iwn_eeprom_chan_samples *chans; 2657 const uint8_t *rf_gain, *dsp_gain; 2658 int32_t vdiff, tdiff; 2659 int i, c, grp, maxpwr; 2660 u_int chan; 2661 2662 /* get channel number */ 2663 chan = ieee80211_chan2ieee(ic, ch); 2664 2665 memset(&cmd, 0, sizeof cmd); 2666 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2667 cmd.chan = chan; 2668 2669 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2670 maxpwr = sc->maxpwr5GHz; 2671 rf_gain = iwn_rf_gain_5ghz; 2672 dsp_gain = iwn_dsp_gain_5ghz; 2673 } else { 2674 maxpwr = sc->maxpwr2GHz; 2675 rf_gain = iwn_rf_gain_2ghz; 2676 dsp_gain = iwn_dsp_gain_2ghz; 2677 } 2678 2679 /* compute voltage compensation */ 2680 vdiff = ((int32_t)le32toh(uc->volt) - sc->eeprom_voltage) / 7; 2681 if (vdiff > 0) 2682 vdiff *= 2; 2683 if (abs(vdiff) > 2) 2684 vdiff = 0; 2685 DPRINTF(("voltage compensation=%d (UCODE=%d, EEPROM=%d)\n", 2686 vdiff, le32toh(uc->volt), sc->eeprom_voltage)); 2687 2688 /* get channel's attenuation group */ 2689 if (chan <= 20) /* 1-20 */ 2690 grp = 4; 2691 else if (chan <= 43) /* 34-43 */ 2692 grp = 0; 2693 else if (chan <= 70) /* 44-70 */ 2694 grp = 1; 2695 else if (chan <= 124) /* 71-124 */ 2696 grp = 2; 2697 else /* 125-200 */ 2698 grp = 3; 2699 DPRINTF(("chan %d, attenuation group=%d\n", chan, grp)); 2700 2701 /* get channel's sub-band */ 2702 for (i = 0; i < IWN_NBANDS; i++) 2703 if (sc->bands[i].lo != 0 && 2704 sc->bands[i].lo <= chan && chan <= sc->bands[i].hi) 2705 break; 2706 chans = sc->bands[i].chans; 2707 DPRINTF(("chan %d sub-band=%d\n", chan, i)); 2708 2709 for (c = 0; c < IWN_NTXCHAINS; c++) { 2710 uint8_t power, gain, temp; 2711 int maxchpwr, pwr, ridx, idx; 2712 2713 power = interpolate(chan, 2714 chans[0].num, chans[0].samples[c][1].power, 2715 chans[1].num, chans[1].samples[c][1].power, 1); 2716 gain = interpolate(chan, 2717 chans[0].num, chans[0].samples[c][1].gain, 2718 chans[1].num, chans[1].samples[c][1].gain, 1); 2719 temp = interpolate(chan, 2720 chans[0].num, chans[0].samples[c][1].temp, 2721 chans[1].num, chans[1].samples[c][1].temp, 1); 2722 DPRINTF(("Tx chain %d: power=%d gain=%d temp=%d\n", 2723 c, power, gain, temp)); 2724 2725 /* compute temperature compensation */ 2726 tdiff = ((sc->temp - temp) * 2) / tdiv[grp]; 2727 DPRINTF(("temperature compensation=%d (current=%d, " 2728 "EEPROM=%d)\n", tdiff, sc->temp, temp)); 2729 2730 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) { 2731 maxchpwr = sc->maxpwr[chan] * 2; 2732 if ((ridx / 8) & 1) { 2733 /* MIMO: decrease Tx power (-3dB) */ 2734 maxchpwr -= 6; 2735 } 2736 2737 pwr = maxpwr - 10; 2738 2739 /* decrease power for highest OFDM rates */ 2740 if ((ridx % 8) == 5) /* 48Mbit/s */ 2741 pwr -= 5; 2742 else if ((ridx % 8) == 6) /* 54Mbit/s */ 2743 pwr -= 7; 2744 else if ((ridx % 8) == 7) /* 60Mbit/s */ 2745 pwr -= 10; 2746 2747 if (pwr > maxchpwr) 2748 pwr = maxchpwr; 2749 2750 idx = gain - (pwr - power) - tdiff - vdiff; 2751 if ((ridx / 8) & 1) /* MIMO */ 2752 idx += (int32_t)le32toh(uc->atten[grp][c]); 2753 2754 if (cmd.band == 0) 2755 idx += 9; /* 5GHz */ 2756 if (ridx == IWN_RIDX_MAX) 2757 idx += 5; /* CCK */ 2758 2759 /* make sure idx stays in a valid range */ 2760 if (idx < 0) 2761 idx = 0; 2762 else if (idx > IWN_MAX_PWR_INDEX) 2763 idx = IWN_MAX_PWR_INDEX; 2764 2765 DPRINTF(("Tx chain %d, rate idx %d: power=%d\n", 2766 c, ridx, idx)); 2767 cmd.power[ridx].rf_gain[c] = rf_gain[idx]; 2768 cmd.power[ridx].dsp_gain[c] = dsp_gain[idx]; 2769 } 2770 } 2771 2772 DPRINTF(("setting tx power for chan %d\n", chan)); 2773 return iwn_cmd(sc, IWN_CMD_TXPOWER, &cmd, sizeof cmd, async); 2774 2775 #undef interpolate 2776 #undef fdivround 2777 } 2778 2779 /* 2780 * Get the best (maximum) RSSI among Rx antennas (in dBm). 2781 */ 2782 static int 2783 iwn_get_rssi(const struct iwn_rx_stat *stat) 2784 { 2785 uint8_t mask, agc; 2786 int rssi; 2787 2788 mask = (le16toh(stat->antenna) >> 4) & 0x7; 2789 agc = (le16toh(stat->agc) >> 7) & 0x7f; 2790 2791 rssi = 0; 2792 if (mask & (1 << 0)) /* Ant A */ 2793 rssi = max(rssi, stat->rssi[0]); 2794 if (mask & (1 << 1)) /* Ant B */ 2795 rssi = max(rssi, stat->rssi[2]); 2796 if (mask & (1 << 2)) /* Ant C */ 2797 rssi = max(rssi, stat->rssi[4]); 2798 2799 return rssi - agc - IWN_RSSI_TO_DBM; 2800 } 2801 2802 /* 2803 * Get the average noise among Rx antennas (in dBm). 2804 */ 2805 static int 2806 iwn_get_noise(const struct iwn_rx_general_stats *stats) 2807 { 2808 int i, total, nbant, noise; 2809 2810 total = nbant = 0; 2811 for (i = 0; i < 3; i++) { 2812 if ((noise = le32toh(stats->noise[i]) & 0xff) == 0) 2813 continue; 2814 total += noise; 2815 nbant++; 2816 } 2817 /* there should be at least one antenna but check anyway */ 2818 return (nbant == 0) ? -127 : (total / nbant) - 107; 2819 } 2820 2821 /* 2822 * Read temperature (in degC) from the on-board thermal sensor. 2823 */ 2824 static int 2825 iwn_get_temperature(struct iwn_softc *sc) 2826 { 2827 struct iwn_ucode_info *uc = &sc->ucode_info; 2828 int32_t r1, r2, r3, r4, temp; 2829 2830 r1 = le32toh(uc->temp[0].chan20MHz); 2831 r2 = le32toh(uc->temp[1].chan20MHz); 2832 r3 = le32toh(uc->temp[2].chan20MHz); 2833 r4 = le32toh(sc->rawtemp); 2834 2835 if (r1 == r3) /* prevents division by 0 (should not happen) */ 2836 return 0; 2837 2838 /* sign-extend 23-bit R4 value to 32-bit */ 2839 r4 = (r4 << 8) >> 8; 2840 /* compute temperature */ 2841 temp = (259 * (r4 - r2)) / (r3 - r1); 2842 temp = (temp * 97) / 100 + 8; 2843 2844 DPRINTF(("temperature %dK/%dC\n", temp, IWN_KTOC(temp))); 2845 return IWN_KTOC(temp); 2846 } 2847 2848 /* 2849 * Initialize sensitivity calibration state machine. 2850 */ 2851 static int 2852 iwn_init_sensitivity(struct iwn_softc *sc) 2853 { 2854 struct iwn_calib_state *calib = &sc->calib; 2855 struct iwn_phy_calib_cmd cmd; 2856 int error; 2857 2858 /* reset calibration state */ 2859 memset(calib, 0, sizeof (*calib)); 2860 calib->state = IWN_CALIB_STATE_INIT; 2861 calib->cck_state = IWN_CCK_STATE_HIFA; 2862 /* initial values taken from the reference driver */ 2863 calib->corr_ofdm_x1 = 105; 2864 calib->corr_ofdm_mrc_x1 = 220; 2865 calib->corr_ofdm_x4 = 90; 2866 calib->corr_ofdm_mrc_x4 = 170; 2867 calib->corr_cck_x4 = 125; 2868 calib->corr_cck_mrc_x4 = 200; 2869 calib->energy_cck = 100; 2870 2871 /* write initial sensitivity values */ 2872 if ((error = iwn_send_sensitivity(sc)) != 0) 2873 return error; 2874 2875 memset(&cmd, 0, sizeof cmd); 2876 cmd.code = IWN_SET_DIFF_GAIN; 2877 /* differential gains initially set to 0 for all 3 antennas */ 2878 DPRINTF(("setting differential gains\n")); 2879 return iwn_cmd(sc, IWN_PHY_CALIB, &cmd, sizeof cmd, 1); 2880 } 2881 2882 /* 2883 * Collect noise and RSSI statistics for the first 20 beacons received 2884 * after association and use them to determine connected antennas and 2885 * set differential gains. 2886 */ 2887 static void 2888 iwn_compute_differential_gain(struct iwn_softc *sc, 2889 const struct iwn_rx_general_stats *stats) 2890 { 2891 struct iwn_calib_state *calib = &sc->calib; 2892 struct iwn_phy_calib_cmd cmd; 2893 int i, val; 2894 2895 /* accumulate RSSI and noise for all 3 antennas */ 2896 for (i = 0; i < 3; i++) { 2897 calib->rssi[i] += le32toh(stats->rssi[i]) & 0xff; 2898 calib->noise[i] += le32toh(stats->noise[i]) & 0xff; 2899 } 2900 2901 /* we update differential gain only once after 20 beacons */ 2902 if (++calib->nbeacons < 20) 2903 return; 2904 2905 /* determine antenna with highest average RSSI */ 2906 val = max(calib->rssi[0], calib->rssi[1]); 2907 val = max(calib->rssi[2], val); 2908 2909 /* determine which antennas are connected */ 2910 sc->antmsk = 0; 2911 for (i = 0; i < 3; i++) 2912 if (val - calib->rssi[i] <= 15 * 20) 2913 sc->antmsk |= 1 << i; 2914 /* if neither Ant A and Ant B are connected.. */ 2915 if ((sc->antmsk & (1 << 0 | 1 << 1)) == 0) 2916 sc->antmsk |= 1 << 1; /* ..mark Ant B as connected! */ 2917 2918 /* get minimal noise among connected antennas */ 2919 val = INT_MAX; /* ok, there's at least one */ 2920 for (i = 0; i < 3; i++) 2921 if (sc->antmsk & (1 << i)) 2922 val = min(calib->noise[i], val); 2923 2924 memset(&cmd, 0, sizeof cmd); 2925 cmd.code = IWN_SET_DIFF_GAIN; 2926 /* set differential gains for connected antennas */ 2927 for (i = 0; i < 3; i++) { 2928 if (sc->antmsk & (1 << i)) { 2929 cmd.gain[i] = (calib->noise[i] - val) / 30; 2930 /* limit differential gain to 3 */ 2931 cmd.gain[i] = min(cmd.gain[i], 3); 2932 cmd.gain[i] |= IWN_GAIN_SET; 2933 } 2934 } 2935 DPRINTF(("setting differential gains Ant A/B/C: %x/%x/%x (%x)\n", 2936 cmd.gain[0], cmd.gain[1], cmd.gain[2], sc->antmsk)); 2937 if (iwn_cmd(sc, IWN_PHY_CALIB, &cmd, sizeof cmd, 1) == 0) 2938 calib->state = IWN_CALIB_STATE_RUN; 2939 } 2940 2941 /* 2942 * Tune RF Rx sensitivity based on the number of false alarms detected 2943 * during the last beacon period. 2944 */ 2945 static void 2946 iwn_tune_sensitivity(struct iwn_softc *sc, const struct iwn_rx_stats *stats) 2947 { 2948 #define inc_clip(val, inc, max) \ 2949 if ((val) < (max)) { \ 2950 if ((val) < (max) - (inc)) \ 2951 (val) += (inc); \ 2952 else \ 2953 (val) = (max); \ 2954 needs_update = 1; \ 2955 } 2956 #define dec_clip(val, dec, min) \ 2957 if ((val) > (min)) { \ 2958 if ((val) > (min) + (dec)) \ 2959 (val) -= (dec); \ 2960 else \ 2961 (val) = (min); \ 2962 needs_update = 1; \ 2963 } 2964 2965 struct iwn_calib_state *calib = &sc->calib; 2966 uint32_t val, rxena, fa; 2967 uint32_t energy[3], energy_min; 2968 uint8_t noise[3], noise_ref; 2969 int i, needs_update = 0; 2970 2971 /* check that we've been enabled long enough */ 2972 if ((rxena = le32toh(stats->general.load)) == 0) 2973 return; 2974 2975 /* compute number of false alarms since last call for OFDM */ 2976 fa = le32toh(stats->ofdm.bad_plcp) - calib->bad_plcp_ofdm; 2977 fa += le32toh(stats->ofdm.fa) - calib->fa_ofdm; 2978 fa *= 200 * 1024; /* 200TU */ 2979 2980 /* save counters values for next call */ 2981 calib->bad_plcp_ofdm = le32toh(stats->ofdm.bad_plcp); 2982 calib->fa_ofdm = le32toh(stats->ofdm.fa); 2983 2984 if (fa > 50 * rxena) { 2985 /* high false alarm count, decrease sensitivity */ 2986 DPRINTFN(2, ("OFDM high false alarm count: %u\n", fa)); 2987 inc_clip(calib->corr_ofdm_x1, 1, 140); 2988 inc_clip(calib->corr_ofdm_mrc_x1, 1, 270); 2989 inc_clip(calib->corr_ofdm_x4, 1, 120); 2990 inc_clip(calib->corr_ofdm_mrc_x4, 1, 210); 2991 2992 } else if (fa < 5 * rxena) { 2993 /* low false alarm count, increase sensitivity */ 2994 DPRINTFN(2, ("OFDM low false alarm count: %u\n", fa)); 2995 dec_clip(calib->corr_ofdm_x1, 1, 105); 2996 dec_clip(calib->corr_ofdm_mrc_x1, 1, 220); 2997 dec_clip(calib->corr_ofdm_x4, 1, 85); 2998 dec_clip(calib->corr_ofdm_mrc_x4, 1, 170); 2999 } 3000 3001 /* compute maximum noise among 3 antennas */ 3002 for (i = 0; i < 3; i++) 3003 noise[i] = (le32toh(stats->general.noise[i]) >> 8) & 0xff; 3004 val = max(noise[0], noise[1]); 3005 val = max(noise[2], val); 3006 /* insert it into our samples table */ 3007 calib->noise_samples[calib->cur_noise_sample] = val; 3008 calib->cur_noise_sample = (calib->cur_noise_sample + 1) % 20; 3009 3010 /* compute maximum noise among last 20 samples */ 3011 noise_ref = calib->noise_samples[0]; 3012 for (i = 1; i < 20; i++) 3013 noise_ref = max(noise_ref, calib->noise_samples[i]); 3014 3015 /* compute maximum energy among 3 antennas */ 3016 for (i = 0; i < 3; i++) 3017 energy[i] = le32toh(stats->general.energy[i]); 3018 val = min(energy[0], energy[1]); 3019 val = min(energy[2], val); 3020 /* insert it into our samples table */ 3021 calib->energy_samples[calib->cur_energy_sample] = val; 3022 calib->cur_energy_sample = (calib->cur_energy_sample + 1) % 10; 3023 3024 /* compute minimum energy among last 10 samples */ 3025 energy_min = calib->energy_samples[0]; 3026 for (i = 1; i < 10; i++) 3027 energy_min = max(energy_min, calib->energy_samples[i]); 3028 energy_min += 6; 3029 3030 /* compute number of false alarms since last call for CCK */ 3031 fa = le32toh(stats->cck.bad_plcp) - calib->bad_plcp_cck; 3032 fa += le32toh(stats->cck.fa) - calib->fa_cck; 3033 fa *= 200 * 1024; /* 200TU */ 3034 3035 /* save counters values for next call */ 3036 calib->bad_plcp_cck = le32toh(stats->cck.bad_plcp); 3037 calib->fa_cck = le32toh(stats->cck.fa); 3038 3039 if (fa > 50 * rxena) { 3040 /* high false alarm count, decrease sensitivity */ 3041 DPRINTFN(2, ("CCK high false alarm count: %u\n", fa)); 3042 calib->cck_state = IWN_CCK_STATE_HIFA; 3043 calib->low_fa = 0; 3044 3045 if (calib->corr_cck_x4 > 160) { 3046 calib->noise_ref = noise_ref; 3047 if (calib->energy_cck > 2) 3048 dec_clip(calib->energy_cck, 2, energy_min); 3049 } 3050 if (calib->corr_cck_x4 < 160) { 3051 calib->corr_cck_x4 = 161; 3052 needs_update = 1; 3053 } else 3054 inc_clip(calib->corr_cck_x4, 3, 200); 3055 3056 inc_clip(calib->corr_cck_mrc_x4, 3, 400); 3057 3058 } else if (fa < 5 * rxena) { 3059 /* low false alarm count, increase sensitivity */ 3060 DPRINTFN(2, ("CCK low false alarm count: %u\n", fa)); 3061 calib->cck_state = IWN_CCK_STATE_LOFA; 3062 calib->low_fa++; 3063 3064 if (calib->cck_state != 0 && 3065 ((calib->noise_ref - noise_ref) > 2 || 3066 calib->low_fa > 100)) { 3067 inc_clip(calib->energy_cck, 2, 97); 3068 dec_clip(calib->corr_cck_x4, 3, 125); 3069 dec_clip(calib->corr_cck_mrc_x4, 3, 200); 3070 } 3071 } else { 3072 /* not worth to increase or decrease sensitivity */ 3073 DPRINTFN(2, ("CCK normal false alarm count: %u\n", fa)); 3074 calib->low_fa = 0; 3075 calib->noise_ref = noise_ref; 3076 3077 if (calib->cck_state == IWN_CCK_STATE_HIFA) { 3078 /* previous interval had many false alarms */ 3079 dec_clip(calib->energy_cck, 8, energy_min); 3080 } 3081 calib->cck_state = IWN_CCK_STATE_INIT; 3082 } 3083 3084 if (needs_update) 3085 (void)iwn_send_sensitivity(sc); 3086 #undef dec_clip 3087 #undef inc_clip 3088 } 3089 3090 static int 3091 iwn_send_sensitivity(struct iwn_softc *sc) 3092 { 3093 struct iwn_calib_state *calib = &sc->calib; 3094 struct iwn_sensitivity_cmd cmd; 3095 3096 memset(&cmd, 0, sizeof cmd); 3097 cmd.which = IWN_SENSITIVITY_WORKTBL; 3098 /* OFDM modulation */ 3099 cmd.corr_ofdm_x1 = le16toh(calib->corr_ofdm_x1); 3100 cmd.corr_ofdm_mrc_x1 = le16toh(calib->corr_ofdm_mrc_x1); 3101 cmd.corr_ofdm_x4 = le16toh(calib->corr_ofdm_x4); 3102 cmd.corr_ofdm_mrc_x4 = le16toh(calib->corr_ofdm_mrc_x4); 3103 cmd.energy_ofdm = le16toh(100); 3104 cmd.energy_ofdm_th = le16toh(62); 3105 /* CCK modulation */ 3106 cmd.corr_cck_x4 = le16toh(calib->corr_cck_x4); 3107 cmd.corr_cck_mrc_x4 = le16toh(calib->corr_cck_mrc_x4); 3108 cmd.energy_cck = le16toh(calib->energy_cck); 3109 /* Barker modulation: use default values */ 3110 cmd.corr_barker = le16toh(190); 3111 cmd.corr_barker_mrc = le16toh(390); 3112 3113 DPRINTFN(2, ("setting sensitivity\n")); 3114 return iwn_cmd(sc, IWN_SENSITIVITY, &cmd, sizeof cmd, 1); 3115 } 3116 3117 static int 3118 iwn_add_node(struct iwn_softc *sc, struct ieee80211_node *ni, bool broadcast, 3119 bool async) 3120 { 3121 struct iwn_node_info node; 3122 int error; 3123 3124 error = 0; 3125 3126 memset(&node, 0, sizeof node); 3127 if (broadcast == true) { 3128 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 3129 node.id = IWN_ID_BROADCAST; 3130 DPRINTF(("adding broadcast node\n")); 3131 } else { 3132 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3133 node.id = IWN_ID_BSS; 3134 node.htflags = htole32(3 << IWN_AMDPU_SIZE_FACTOR_SHIFT | 3135 5 << IWN_AMDPU_DENSITY_SHIFT); 3136 DPRINTF(("adding BSS node\n")); 3137 } 3138 3139 error = iwn_cmd(sc, IWN_CMD_ADD_NODE, &node, sizeof node, async); 3140 if (error != 0) { 3141 aprint_error_dev(sc->sc_dev, "could not add %s node\n", 3142 (broadcast == 1)? "broadcast" : "BSS"); 3143 return error; 3144 } 3145 DPRINTF(("setting MRR for node %d\n", node.id)); 3146 if ((error = iwn_setup_node_mrr(sc, node.id, async)) != 0) { 3147 aprint_error_dev(sc->sc_dev, 3148 "could not setup MRR for %s node\n", 3149 (broadcast == 1)? "broadcast" : "BSS"); 3150 return error; 3151 } 3152 3153 return error; 3154 } 3155 3156 static int 3157 iwn_auth(struct iwn_softc *sc) 3158 { 3159 struct ieee80211com *ic = &sc->sc_ic; 3160 struct ieee80211_node *ni = ic->ic_bss; 3161 int error; 3162 3163 /* update adapter's configuration */ 3164 IEEE80211_ADDR_COPY(sc->config.bssid, ni->ni_bssid); 3165 sc->config.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 3166 sc->config.flags = htole32(IWN_CONFIG_TSF); 3167 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { 3168 sc->config.flags |= htole32(IWN_CONFIG_AUTO | 3169 IWN_CONFIG_24GHZ); 3170 } 3171 switch (ic->ic_curmode) { 3172 case IEEE80211_MODE_11A: 3173 sc->config.cck_mask = 0; 3174 sc->config.ofdm_mask = 0x15; 3175 break; 3176 case IEEE80211_MODE_11B: 3177 sc->config.cck_mask = 0x03; 3178 sc->config.ofdm_mask = 0; 3179 break; 3180 default: /* assume 802.11b/g */ 3181 sc->config.cck_mask = 0xf; 3182 sc->config.ofdm_mask = 0x15; 3183 } 3184 DPRINTF(("config chan %d flags %x cck %x ofdm %x\n", sc->config.chan, 3185 sc->config.flags, sc->config.cck_mask, sc->config.ofdm_mask)); 3186 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3187 sizeof (struct iwn_config), 1); 3188 if (error != 0) { 3189 aprint_error_dev(sc->sc_dev, "could not configure\n"); 3190 return error; 3191 } 3192 3193 /* configuration has changed, set Tx power accordingly */ 3194 if ((error = iwn_set_txpower(sc, ni->ni_chan, 1)) != 0) { 3195 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3196 return error; 3197 } 3198 3199 /* 3200 * Reconfiguring clears the adapter's nodes table so we must 3201 * add the broadcast node again. 3202 */ 3203 if ((error = iwn_add_node(sc, ni, true, true)) != 0) 3204 return error; 3205 3206 /* add BSS node */ 3207 if ((error = iwn_add_node(sc, ni, false, true)) != 0) 3208 return error; 3209 3210 if (ic->ic_opmode == IEEE80211_M_STA) { 3211 /* fake a join to init the tx rate */ 3212 iwn_newassoc(ni, 1); 3213 } 3214 3215 if ((error = iwn_init_sensitivity(sc)) != 0) { 3216 aprint_error_dev(sc->sc_dev, "could not set sensitivity\n"); 3217 return error; 3218 } 3219 3220 3221 return 0; 3222 } 3223 3224 /* 3225 * Configure the adapter for associated state. 3226 */ 3227 static int 3228 iwn_run(struct iwn_softc *sc) 3229 { 3230 struct ieee80211com *ic = &sc->sc_ic; 3231 struct ieee80211_node *ni = ic->ic_bss; 3232 int error; 3233 3234 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 3235 /* link LED blinks while monitoring */ 3236 iwn_set_led(sc, IWN_LED_LINK, 5, 5); 3237 return 0; 3238 } 3239 3240 iwn_enable_tsf(sc, ni); 3241 3242 /* update adapter's configuration */ 3243 sc->config.associd = htole16(ni->ni_associd & ~0xc000); 3244 /* short preamble/slot time are negotiated when associating */ 3245 sc->config.flags &= ~htole32(IWN_CONFIG_SHPREAMBLE | 3246 IWN_CONFIG_SHSLOT); 3247 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3248 sc->config.flags |= htole32(IWN_CONFIG_SHSLOT); 3249 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3250 sc->config.flags |= htole32(IWN_CONFIG_SHPREAMBLE); 3251 sc->config.filter |= htole32(IWN_FILTER_BSS); 3252 3253 DPRINTF(("config chan %d flags %x\n", sc->config.chan, 3254 sc->config.flags)); 3255 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3256 sizeof (struct iwn_config), 1); 3257 if (error != 0) { 3258 aprint_error_dev(sc->sc_dev, 3259 "could not update configuration\n"); 3260 return error; 3261 } 3262 3263 /* configuration has changed, set Tx power accordingly */ 3264 if ((error = iwn_set_txpower(sc, ni->ni_chan, 1)) != 0) { 3265 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3266 return error; 3267 } 3268 3269 /* add BSS node */ 3270 iwn_add_node(sc, ni, false, true); 3271 3272 if (ic->ic_opmode == IEEE80211_M_STA) { 3273 /* fake a join to init the tx rate */ 3274 iwn_newassoc(ni, 1); 3275 } 3276 3277 if ((error = iwn_init_sensitivity(sc)) != 0) { 3278 aprint_error_dev(sc->sc_dev, "could not set sensitivity\n"); 3279 return error; 3280 } 3281 3282 /* start periodic calibration timer */ 3283 sc->calib.state = IWN_CALIB_STATE_ASSOC; 3284 sc->calib_cnt = 0; 3285 callout_schedule(&sc->calib_to, hz / 2); 3286 3287 if (0 == 1) { /* XXX don't do the beacon - we get a firmware error 3288 XXX when we try. Something is wrong with the 3289 XXX setup of the frame. Just don't ever call 3290 XXX the function but reference it to keep gcc happy 3291 */ 3292 /* now we are associated set up the beacon frame */ 3293 if ((error = iwn_setup_beacon(sc, ni))) { 3294 aprint_error_dev(sc->sc_dev, 3295 "could not setup beacon frame\n"); 3296 return error; 3297 } 3298 } 3299 3300 3301 /* link LED always on while associated */ 3302 iwn_set_led(sc, IWN_LED_LINK, 0, 1); 3303 3304 return 0; 3305 } 3306 3307 /* 3308 * Send a scan request to the firmware. Since this command is huge, we map it 3309 * into a mbuf instead of using the pre-allocated set of commands. 3310 */ 3311 static int 3312 iwn_scan(struct iwn_softc *sc, uint16_t flags) 3313 { 3314 struct ieee80211com *ic = &sc->sc_ic; 3315 struct iwn_tx_ring *ring = &sc->txq[4]; 3316 struct iwn_tx_desc *desc; 3317 struct iwn_tx_data *data; 3318 struct iwn_tx_cmd *cmd; 3319 struct iwn_cmd_data *tx; 3320 struct iwn_scan_hdr *hdr; 3321 struct iwn_scan_essid *essid; 3322 struct iwn_scan_chan *chan; 3323 struct ieee80211_frame *wh; 3324 struct ieee80211_rateset *rs; 3325 struct ieee80211_channel *c; 3326 enum ieee80211_phymode mode; 3327 uint8_t *frm; 3328 int pktlen, error, nrates; 3329 3330 desc = &ring->desc[ring->cur]; 3331 data = &ring->data[ring->cur]; 3332 3333 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 3334 if (data->m == NULL) { 3335 aprint_error_dev(sc->sc_dev, "could not allocate mbuf for scan command\n"); 3336 return ENOMEM; 3337 } 3338 MCLGET(data->m, M_DONTWAIT); 3339 if (!(data->m->m_flags & M_EXT)) { 3340 m_freem(data->m); 3341 data->m = NULL; 3342 aprint_error_dev(sc->sc_dev, "could not allocate mbuf for scan command\n"); 3343 return ENOMEM; 3344 } 3345 3346 cmd = mtod(data->m, struct iwn_tx_cmd *); 3347 cmd->code = IWN_CMD_SCAN; 3348 cmd->flags = 0; 3349 cmd->qid = ring->qid; 3350 cmd->idx = ring->cur; 3351 3352 hdr = (struct iwn_scan_hdr *)cmd->data; 3353 memset(hdr, 0, sizeof (struct iwn_scan_hdr)); 3354 /* 3355 * Move to the next channel if no packets are received within 5 msecs 3356 * after sending the probe request (this helps to reduce the duration 3357 * of active scans). 3358 */ 3359 hdr->quiet = htole16(5); /* timeout in milliseconds */ 3360 hdr->plcp_threshold = htole16(1); /* min # of packets */ 3361 3362 /* select Ant B and Ant C for scanning */ 3363 hdr->rxchain = htole16(0x3e1 | 7 << IWN_RXCHAIN_ANTMSK_SHIFT); 3364 3365 tx = (struct iwn_cmd_data *)(hdr + 1); 3366 memset(tx, 0, sizeof (struct iwn_cmd_data)); 3367 tx->flags = htole32(IWN_TX_AUTO_SEQ | 0x200); // XXX 3368 tx->id = IWN_ID_BROADCAST; 3369 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 3370 tx->rflags = IWN_RFLAG_ANT_B; 3371 3372 if (flags & IEEE80211_CHAN_A) { 3373 hdr->crc_threshold = htole16(1); 3374 /* send probe requests at 6Mbps */ 3375 tx->rate = iwn_ridx_to_plcp[IWN_OFDM6]; 3376 } else { 3377 hdr->flags = htole32(IWN_CONFIG_24GHZ | IWN_CONFIG_AUTO); 3378 /* send probe requests at 1Mbps */ 3379 tx->rate = iwn_ridx_to_plcp[IWN_CCK1]; 3380 tx->rflags |= IWN_RFLAG_CCK; 3381 } 3382 3383 essid = (struct iwn_scan_essid *)(tx + 1); 3384 memset(essid, 0, 4 * sizeof (struct iwn_scan_essid)); 3385 essid[0].id = IEEE80211_ELEMID_SSID; 3386 essid[0].len = ic->ic_des_esslen; 3387 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 3388 3389 /* 3390 * Build a probe request frame. Most of the following code is a 3391 * copy & paste of what is done in net80211. 3392 */ 3393 wh = (struct ieee80211_frame *)&essid[4]; 3394 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3395 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3396 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3397 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 3398 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 3399 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 3400 *(u_int16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3401 *(u_int16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3402 3403 frm = (uint8_t *)(wh + 1); 3404 3405 /* add empty SSID IE (firmware generates it for directed scans) */ 3406 *frm++ = IEEE80211_ELEMID_SSID; 3407 *frm++ = 0; 3408 3409 mode = ieee80211_chan2mode(ic, ic->ic_ibss_chan); 3410 rs = &ic->ic_sup_rates[mode]; 3411 3412 /* add supported rates IE */ 3413 3414 *frm++ = IEEE80211_ELEMID_RATES; 3415 nrates = rs->rs_nrates; 3416 if (nrates > IEEE80211_RATE_SIZE) 3417 nrates = IEEE80211_RATE_SIZE; 3418 *frm++ = nrates; 3419 memcpy(frm, rs->rs_rates, nrates); 3420 frm += nrates; 3421 3422 /* add supported xrates IE */ 3423 3424 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 3425 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 3426 *frm++ = IEEE80211_ELEMID_XRATES; 3427 *frm++ = nrates; 3428 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 3429 frm += nrates; 3430 } 3431 3432 /* setup length of probe request */ 3433 tx->len = htole16(frm - (uint8_t *)wh); 3434 3435 chan = (struct iwn_scan_chan *)frm; 3436 for (c = &ic->ic_channels[1]; 3437 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 3438 if ((c->ic_flags & flags) != flags) 3439 continue; 3440 3441 chan->chan = ieee80211_chan2ieee(ic, c); 3442 chan->flags = 0; 3443 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) { 3444 chan->flags |= IWN_CHAN_ACTIVE; 3445 if (ic->ic_des_esslen != 0) 3446 chan->flags |= IWN_CHAN_DIRECT; 3447 } 3448 chan->dsp_gain = 0x6e; 3449 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3450 chan->rf_gain = 0x3b; 3451 chan->active = htole16(10); 3452 chan->passive = htole16(110); 3453 } else { 3454 chan->rf_gain = 0x28; 3455 chan->active = htole16(20); 3456 chan->passive = htole16(120); 3457 } 3458 hdr->nchan++; 3459 chan++; 3460 3461 frm += sizeof (struct iwn_scan_chan); 3462 } 3463 3464 hdr->len = htole16(frm - (uint8_t *)hdr); 3465 pktlen = frm - (uint8_t *)cmd; 3466 3467 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, pktlen, NULL, 3468 BUS_DMA_NOWAIT); 3469 if (error) { 3470 aprint_error_dev(sc->sc_dev, "could not map scan command\n"); 3471 m_freem(data->m); 3472 data->m = NULL; 3473 return error; 3474 } 3475 3476 IWN_SET_DESC_NSEGS(desc, 1); 3477 IWN_SET_DESC_SEG(desc, 0, data->map->dm_segs[0].ds_addr, 3478 data->map->dm_segs[0].ds_len); 3479 sc->shared->len[ring->qid][ring->cur] = htole16(8); 3480 if (ring->cur < IWN_TX_WINDOW) { 3481 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 3482 htole16(8); 3483 } 3484 3485 /* kick cmd ring */ 3486 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 3487 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 3488 3489 return 0; /* will be notified async. of failure/success */ 3490 } 3491 3492 static int 3493 iwn_config(struct iwn_softc *sc) 3494 { 3495 struct ieee80211com *ic = &sc->sc_ic; 3496 struct ifnet *ifp = ic->ic_ifp; 3497 struct iwn_power power; 3498 struct iwn_bluetooth bluetooth; 3499 int error; 3500 3501 /* set power mode */ 3502 memset(&power, 0, sizeof power); 3503 power.flags = htole16(IWN_POWER_CAM | 0x8); 3504 DPRINTF(("setting power mode\n")); 3505 error = iwn_cmd(sc, IWN_CMD_SET_POWER_MODE, &power, sizeof power, 0); 3506 if (error != 0) { 3507 aprint_error_dev(sc->sc_dev, "could not set power mode\n"); 3508 return error; 3509 } 3510 3511 /* configure bluetooth coexistence */ 3512 memset(&bluetooth, 0, sizeof bluetooth); 3513 bluetooth.flags = 3; 3514 bluetooth.lead = 0xaa; 3515 bluetooth.kill = 1; 3516 DPRINTF(("configuring bluetooth coexistence\n")); 3517 error = iwn_cmd(sc, IWN_CMD_BLUETOOTH, &bluetooth, sizeof bluetooth, 3518 0); 3519 if (error != 0) { 3520 aprint_error_dev(sc->sc_dev, "could not configure bluetooth coexistence\n"); 3521 return error; 3522 } 3523 3524 /* configure adapter */ 3525 memset(&sc->config, 0, sizeof (struct iwn_config)); 3526 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 3527 IEEE80211_ADDR_COPY(sc->config.myaddr, ic->ic_myaddr); 3528 IEEE80211_ADDR_COPY(sc->config.wlap, ic->ic_myaddr); 3529 /* set default channel */ 3530 sc->config.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 3531 sc->config.flags = htole32(IWN_CONFIG_TSF); 3532 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) { 3533 sc->config.flags |= htole32(IWN_CONFIG_AUTO | 3534 IWN_CONFIG_24GHZ); 3535 } 3536 sc->config.filter = 0; 3537 switch (ic->ic_opmode) { 3538 case IEEE80211_M_STA: 3539 sc->config.mode = IWN_MODE_STA; 3540 sc->config.filter |= htole32(IWN_FILTER_MULTICAST); 3541 break; 3542 case IEEE80211_M_IBSS: 3543 case IEEE80211_M_AHDEMO: 3544 sc->config.mode = IWN_MODE_IBSS; 3545 break; 3546 case IEEE80211_M_HOSTAP: 3547 sc->config.mode = IWN_MODE_HOSTAP; 3548 break; 3549 case IEEE80211_M_MONITOR: 3550 sc->config.mode = IWN_MODE_MONITOR; 3551 sc->config.filter |= htole32(IWN_FILTER_MULTICAST | 3552 IWN_FILTER_CTL | IWN_FILTER_PROMISC); 3553 break; 3554 } 3555 sc->config.cck_mask = 0x0f; /* not yet negotiated */ 3556 sc->config.ofdm_mask = 0xff; /* not yet negotiated */ 3557 sc->config.ht_single_mask = 0xff; 3558 sc->config.ht_dual_mask = 0xff; 3559 sc->config.rxchain = htole16(0x2800 | 7 << IWN_RXCHAIN_ANTMSK_SHIFT); 3560 DPRINTF(("setting configuration\n")); 3561 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3562 sizeof (struct iwn_config), 0); 3563 if (error != 0) { 3564 aprint_error_dev(sc->sc_dev, "configure command failed\n"); 3565 return error; 3566 } 3567 3568 /* configuration has changed, set Tx power accordingly */ 3569 if ((error = iwn_set_txpower(sc, ic->ic_ibss_chan, 0)) != 0) { 3570 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3571 return error; 3572 } 3573 3574 /* add broadcast node */ 3575 if ((error = iwn_add_node(sc, NULL, true, false)) != 0) 3576 return error; 3577 3578 if ((error = iwn_set_critical_temp(sc)) != 0) { 3579 aprint_error_dev(sc->sc_dev, "could not set critical temperature\n"); 3580 return error; 3581 } 3582 3583 return 0; 3584 } 3585 3586 /* 3587 * Do post-alive initialization of the NIC (after firmware upload). 3588 */ 3589 static void 3590 iwn_post_alive(struct iwn_softc *sc) 3591 { 3592 uint32_t base; 3593 uint16_t offset; 3594 int qid; 3595 3596 iwn_mem_lock(sc); 3597 3598 /* clear SRAM */ 3599 base = iwn_mem_read(sc, IWN_SRAM_BASE); 3600 for (offset = 0x380; offset < 0x520; offset += 4) { 3601 IWN_WRITE(sc, IWN_MEM_WADDR, base + offset); 3602 IWN_WRITE(sc, IWN_MEM_WDATA, 0); 3603 } 3604 3605 /* shared area is aligned on a 1K boundary */ 3606 iwn_mem_write(sc, IWN_SRAM_BASE, sc->shared_dma.paddr >> 10); 3607 iwn_mem_write(sc, IWN_SELECT_QCHAIN, 0); 3608 3609 for (qid = 0; qid < IWN_NTXQUEUES; qid++) { 3610 iwn_mem_write(sc, IWN_QUEUE_RIDX(qid), 0); 3611 IWN_WRITE(sc, IWN_TX_WIDX, qid << 8 | 0); 3612 3613 /* set sched. window size */ 3614 IWN_WRITE(sc, IWN_MEM_WADDR, base + IWN_QUEUE_OFFSET(qid)); 3615 IWN_WRITE(sc, IWN_MEM_WDATA, 64); 3616 /* set sched. frame limit */ 3617 IWN_WRITE(sc, IWN_MEM_WADDR, base + IWN_QUEUE_OFFSET(qid) + 4); 3618 IWN_WRITE(sc, IWN_MEM_WDATA, 64 << 16); 3619 } 3620 3621 /* enable interrupts for all 16 queues */ 3622 iwn_mem_write(sc, IWN_QUEUE_INTR_MASK, 0xffff); 3623 3624 /* identify active Tx rings (0-7) */ 3625 iwn_mem_write(sc, IWN_TX_ACTIVE, 0xff); 3626 3627 /* mark Tx rings (4 EDCA + cmd + 2 HCCA) as active */ 3628 for (qid = 0; qid < 7; qid++) { 3629 iwn_mem_write(sc, IWN_TXQ_STATUS(qid), 3630 IWN_TXQ_STATUS_ACTIVE | qid << 1); 3631 } 3632 3633 iwn_mem_unlock(sc); 3634 } 3635 3636 static void 3637 iwn_stop_master(struct iwn_softc *sc) 3638 { 3639 uint32_t tmp; 3640 int ntries; 3641 3642 tmp = IWN_READ(sc, IWN_RESET); 3643 IWN_WRITE(sc, IWN_RESET, tmp | IWN_STOP_MASTER); 3644 3645 tmp = IWN_READ(sc, IWN_GPIO_CTL); 3646 if ((tmp & IWN_GPIO_PWR_STATUS) == IWN_GPIO_PWR_SLEEP) 3647 return; /* already asleep */ 3648 3649 for (ntries = 0; ntries < 100; ntries++) { 3650 if (IWN_READ(sc, IWN_RESET) & IWN_MASTER_DISABLED) 3651 break; 3652 DELAY(10); 3653 } 3654 if (ntries == 100) { 3655 aprint_error_dev(sc->sc_dev, "timeout waiting for master\n"); 3656 } 3657 } 3658 3659 static int 3660 iwn_reset(struct iwn_softc *sc) 3661 { 3662 uint32_t tmp; 3663 int ntries; 3664 3665 /* clear any pending interrupts */ 3666 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3667 3668 tmp = IWN_READ(sc, IWN_CHICKEN); 3669 IWN_WRITE(sc, IWN_CHICKEN, tmp | IWN_CHICKEN_DISLOS); 3670 3671 tmp = IWN_READ(sc, IWN_GPIO_CTL); 3672 IWN_WRITE(sc, IWN_GPIO_CTL, tmp | IWN_GPIO_INIT); 3673 3674 /* wait for clock stabilization */ 3675 for (ntries = 0; ntries < 1000; ntries++) { 3676 if (IWN_READ(sc, IWN_GPIO_CTL) & IWN_GPIO_CLOCK) 3677 break; 3678 DELAY(10); 3679 } 3680 if (ntries == 1000) { 3681 aprint_error_dev(sc->sc_dev, "timeout waiting for clock stabilization\n"); 3682 return ETIMEDOUT; 3683 } 3684 return 0; 3685 } 3686 3687 static void 3688 iwn_hw_config(struct iwn_softc *sc) 3689 { 3690 uint32_t tmp, hw; 3691 3692 /* enable interrupts mitigation */ 3693 IWN_WRITE(sc, IWN_INTR_MIT, 512 / 32); 3694 3695 /* voodoo from the reference driver */ 3696 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3697 tmp = PCI_REVISION(tmp); 3698 if ((tmp & 0x80) && (tmp & 0x7f) < 8) { 3699 /* enable "no snoop" field */ 3700 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0xe8); 3701 tmp &= ~IWN_DIS_NOSNOOP; 3702 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0xe8, tmp); 3703 } 3704 3705 /* disable L1 entry to work around a hardware bug */ 3706 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0xf0); 3707 tmp &= ~IWN_ENA_L1; 3708 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0xf0, tmp); 3709 3710 hw = IWN_READ(sc, IWN_HWCONFIG); 3711 IWN_WRITE(sc, IWN_HWCONFIG, hw | 0x310); 3712 3713 iwn_mem_lock(sc); 3714 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3715 iwn_mem_write(sc, IWN_MEM_POWER, tmp | IWN_POWER_RESET); 3716 DELAY(5); 3717 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3718 iwn_mem_write(sc, IWN_MEM_POWER, tmp & ~IWN_POWER_RESET); 3719 iwn_mem_unlock(sc); 3720 } 3721 3722 static int 3723 iwn_init(struct ifnet *ifp) 3724 { 3725 struct iwn_softc *sc = ifp->if_softc; 3726 struct ieee80211com *ic = &sc->sc_ic; 3727 uint32_t tmp; 3728 int error, qid; 3729 3730 iwn_stop(ifp, 1); 3731 if ((error = iwn_reset(sc)) != 0) { 3732 aprint_error_dev(sc->sc_dev, "could not reset adapter\n"); 3733 goto fail1; 3734 } 3735 3736 iwn_mem_lock(sc); 3737 iwn_mem_read(sc, IWN_CLOCK_CTL); 3738 iwn_mem_write(sc, IWN_CLOCK_CTL, 0xa00); 3739 iwn_mem_read(sc, IWN_CLOCK_CTL); 3740 iwn_mem_unlock(sc); 3741 3742 DELAY(20); 3743 3744 iwn_mem_lock(sc); 3745 tmp = iwn_mem_read(sc, IWN_MEM_PCIDEV); 3746 iwn_mem_write(sc, IWN_MEM_PCIDEV, tmp | 0x800); 3747 iwn_mem_unlock(sc); 3748 3749 iwn_mem_lock(sc); 3750 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3751 iwn_mem_write(sc, IWN_MEM_POWER, tmp & ~0x03000000); 3752 iwn_mem_unlock(sc); 3753 3754 iwn_hw_config(sc); 3755 3756 /* init Rx ring */ 3757 iwn_mem_lock(sc); 3758 IWN_WRITE(sc, IWN_RX_CONFIG, 0); 3759 IWN_WRITE(sc, IWN_RX_WIDX, 0); 3760 /* Rx ring is aligned on a 256-byte boundary */ 3761 IWN_WRITE(sc, IWN_RX_BASE, sc->rxq.desc_dma.paddr >> 8); 3762 /* shared area is aligned on a 16-byte boundary */ 3763 IWN_WRITE(sc, IWN_RW_WIDX_PTR, (sc->shared_dma.paddr + 3764 offsetof(struct iwn_shared, closed_count)) >> 4); 3765 IWN_WRITE(sc, IWN_RX_CONFIG, 0x80601000); 3766 iwn_mem_unlock(sc); 3767 3768 IWN_WRITE(sc, IWN_RX_WIDX, (IWN_RX_RING_COUNT - 1) & ~7); 3769 3770 iwn_mem_lock(sc); 3771 iwn_mem_write(sc, IWN_TX_ACTIVE, 0); 3772 3773 /* set physical address of "keep warm" page */ 3774 IWN_WRITE(sc, IWN_KW_BASE, sc->kw_dma.paddr >> 4); 3775 3776 /* init Tx rings */ 3777 for (qid = 0; qid < IWN_NTXQUEUES; qid++) { 3778 struct iwn_tx_ring *txq = &sc->txq[qid]; 3779 IWN_WRITE(sc, IWN_TX_BASE(qid), txq->desc_dma.paddr >> 8); 3780 IWN_WRITE(sc, IWN_TX_CONFIG(qid), 0x80000008); 3781 } 3782 iwn_mem_unlock(sc); 3783 3784 /* clear "radio off" and "disable command" bits (reversed logic) */ 3785 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3786 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_DISABLE_CMD); 3787 3788 /* clear any pending interrupts */ 3789 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3790 /* enable interrupts */ 3791 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 3792 3793 /* not sure why/if this is necessary... */ 3794 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3795 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3796 3797 /* check that the radio is not disabled by RF switch */ 3798 if (!(IWN_READ(sc, IWN_GPIO_CTL) & IWN_GPIO_RF_ENABLED)) { 3799 aprint_error_dev(sc->sc_dev, "radio is disabled by hardware switch\n"); 3800 error = EBUSY; /* XXX ;-) */ 3801 goto fail1; 3802 } 3803 3804 if ((error = iwn_load_firmware(sc)) != 0) { 3805 aprint_error_dev(sc->sc_dev, "could not load firmware\n"); 3806 goto fail1; 3807 } 3808 3809 /* firmware has notified us that it is alive.. */ 3810 iwn_post_alive(sc); /* ..do post alive initialization */ 3811 3812 sc->rawtemp = sc->ucode_info.temp[3].chan20MHz; 3813 sc->temp = iwn_get_temperature(sc); 3814 DPRINTF(("temperature=%d\n", sc->temp)); 3815 3816 if ((error = iwn_config(sc)) != 0) { 3817 aprint_error_dev(sc->sc_dev, "could not configure device\n"); 3818 goto fail1; 3819 } 3820 3821 DPRINTF(("iwn_config end\n")); 3822 3823 ifp->if_flags &= ~IFF_OACTIVE; 3824 ifp->if_flags |= IFF_RUNNING; 3825 3826 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 3827 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL) 3828 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3829 } 3830 else 3831 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3832 3833 DPRINTF(("iwn_init ok\n")); 3834 return 0; 3835 3836 fail1: 3837 DPRINTF(("iwn_init error\n")); 3838 iwn_stop(ifp, 1); 3839 return error; 3840 } 3841 3842 static void 3843 iwn_stop(struct ifnet *ifp, int disable) 3844 { 3845 struct iwn_softc *sc = ifp->if_softc; 3846 struct ieee80211com *ic = &sc->sc_ic; 3847 uint32_t tmp; 3848 int i; 3849 3850 ifp->if_timer = sc->sc_tx_timer = 0; 3851 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3852 3853 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3854 3855 IWN_WRITE(sc, IWN_RESET, IWN_NEVO_RESET); 3856 3857 /* disable interrupts */ 3858 IWN_WRITE(sc, IWN_MASK, 0); 3859 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3860 IWN_WRITE(sc, IWN_INTR_STATUS, 0xffffffff); 3861 3862 /* make sure we no longer hold the memory lock */ 3863 iwn_mem_unlock(sc); 3864 3865 /* reset all Tx rings */ 3866 for (i = 0; i < IWN_NTXQUEUES; i++) 3867 iwn_reset_tx_ring(sc, &sc->txq[i]); 3868 3869 /* reset Rx ring */ 3870 iwn_reset_rx_ring(sc, &sc->rxq); 3871 3872 iwn_mem_lock(sc); 3873 iwn_mem_write(sc, IWN_MEM_CLOCK2, 0x200); 3874 iwn_mem_unlock(sc); 3875 3876 DELAY(5); 3877 3878 iwn_stop_master(sc); 3879 tmp = IWN_READ(sc, IWN_RESET); 3880 IWN_WRITE(sc, IWN_RESET, tmp | IWN_SW_RESET); 3881 } 3882 3883 static bool 3884 iwn_resume(device_t dv PMF_FN_ARGS) 3885 { 3886 struct iwn_softc *sc = device_private(dv); 3887 3888 (void)iwn_reset(sc); 3889 3890 return true; 3891 } 3892
Indexes created Mon Sep 29 03:10:08 GMT 2025