if_iwn.c revision 1.20
1 /* $NetBSD: if_iwn.c,v 1.20 2008/10/13 12:41:45 blymn Exp $ */ 2 3 /*- 4 * Copyright (c) 2007 5 * Damien Bergamini <damien.bergamini (at) free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: if_iwn.c,v 1.20 2008/10/13 12:41:45 blymn Exp $"); 22 23 24 /* 25 * Driver for Intel Wireless WiFi Link 4965AGN 802.11 network adapters. 26 */ 27 28 #include "bpfilter.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/mutex.h> 39 #include <sys/conf.h> 40 #include <sys/kauth.h> 41 #include <sys/callout.h> 42 43 #include <machine/bus.h> 44 #include <machine/endian.h> 45 #include <machine/intr.h> 46 47 #include <dev/pci/pcireg.h> 48 #include <dev/pci/pcivar.h> 49 #include <dev/pci/pcidevs.h> 50 51 #if NBPFILTER > 0 52 #include <net/bpf.h> 53 #endif 54 #include <net/if.h> 55 #include <net/if_arp.h> 56 #include <net/if_dl.h> 57 #include <net/if_media.h> 58 #include <net/if_types.h> 59 60 #include <netinet/in.h> 61 #include <netinet/in_systm.h> 62 #include <netinet/in_var.h> 63 #include <net/if_ether.h> 64 #include <netinet/ip.h> 65 66 #include <net80211/ieee80211_var.h> 67 #include <net80211/ieee80211_amrr.h> 68 #include <net80211/ieee80211_radiotap.h> 69 70 #include <dev/firmload.h> 71 72 #include <dev/pci/if_iwnreg.h> 73 #include <dev/pci/if_iwnvar.h> 74 75 #if 0 76 static const struct pci_matchid iwn_devices[] = { 77 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_4965AGN_1 }, 78 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_4965AGN_2 } 79 }; 80 #endif 81 82 /* 83 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 84 */ 85 static const struct ieee80211_rateset iwn_rateset_11a = 86 { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } }; 87 88 static const struct ieee80211_rateset iwn_rateset_11b = 89 { 4, { 2, 4, 11, 22 } }; 90 91 static const struct ieee80211_rateset iwn_rateset_11g = 92 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 93 94 95 #define EDCA_NUM_AC 4 96 static int iwn_match(device_t , struct cfdata *, void *); 97 static void iwn_attach(device_t , device_t, void *); 98 static int iwn_detach(device_t, int); 99 100 static void iwn_radiotap_attach(struct iwn_softc *); 101 static int iwn_dma_contig_alloc(bus_dma_tag_t, struct iwn_dma_info *, 102 void **, bus_size_t, bus_size_t, int); 103 static void iwn_dma_contig_free(struct iwn_dma_info *); 104 static int iwn_alloc_shared(struct iwn_softc *); 105 static void iwn_free_shared(struct iwn_softc *); 106 static int iwn_alloc_kw(struct iwn_softc *); 107 static void iwn_free_kw(struct iwn_softc *); 108 static int iwn_alloc_fwmem(struct iwn_softc *); 109 static void iwn_free_fwmem(struct iwn_softc *); 110 static struct iwn_rbuf *iwn_alloc_rbuf(struct iwn_softc *); 111 static void iwn_free_rbuf(struct mbuf *, void *, size_t, void *); 112 static int iwn_alloc_rpool(struct iwn_softc *); 113 static void iwn_free_rpool(struct iwn_softc *); 114 static int iwn_alloc_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 115 static void iwn_reset_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 116 static void iwn_free_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 117 static int iwn_alloc_tx_ring(struct iwn_softc *, struct iwn_tx_ring *, 118 int, int); 119 static void iwn_reset_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 120 static void iwn_free_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 121 static struct ieee80211_node *iwn_node_alloc(struct ieee80211_node_table *); 122 static void iwn_newassoc(struct ieee80211_node *, int); 123 static int iwn_media_change(struct ifnet *); 124 static int iwn_newstate(struct ieee80211com *, enum ieee80211_state, int); 125 static void iwn_mem_lock(struct iwn_softc *); 126 static void iwn_mem_unlock(struct iwn_softc *); 127 static uint32_t iwn_mem_read(struct iwn_softc *, uint32_t); 128 static void iwn_mem_write(struct iwn_softc *, uint32_t, uint32_t); 129 static void iwn_mem_write_region_4(struct iwn_softc *, uint32_t, 130 const uint32_t *, int); 131 static int iwn_eeprom_lock(struct iwn_softc *); 132 static void iwn_eeprom_unlock(struct iwn_softc *); 133 static int iwn_read_prom_data(struct iwn_softc *, uint32_t, void *, int); 134 static int iwn_load_microcode(struct iwn_softc *, const uint8_t *, int); 135 static int iwn_load_firmware(struct iwn_softc *); 136 static void iwn_calib_timeout(void *); 137 static void iwn_iter_func(void *, struct ieee80211_node *); 138 static void iwn_ampdu_rx_start(struct iwn_softc *, struct iwn_rx_desc *); 139 static void iwn_rx_intr(struct iwn_softc *, struct iwn_rx_desc *, 140 struct iwn_rx_data *); 141 static void iwn_rx_statistics(struct iwn_softc *, struct iwn_rx_desc *); 142 static void iwn_tx_intr(struct iwn_softc *, struct iwn_rx_desc *); 143 static void iwn_cmd_intr(struct iwn_softc *, struct iwn_rx_desc *); 144 static void iwn_notif_intr(struct iwn_softc *); 145 static int iwn_intr(void *); 146 static void iwn_read_eeprom(struct iwn_softc *); 147 static void iwn_read_eeprom_channels(struct iwn_softc *, int); 148 static uint8_t iwn_plcp_signal(int); 149 static int iwn_tx_data(struct iwn_softc *, struct mbuf *, 150 struct ieee80211_node *, int); 151 static void iwn_start(struct ifnet *); 152 static void iwn_watchdog(struct ifnet *); 153 static int iwn_ioctl(struct ifnet *, u_long, void *); 154 static int iwn_cmd(struct iwn_softc *, int, const void *, int, int); 155 static int iwn_wme_update(struct ieee80211com *); 156 static int iwn_setup_node_mrr(struct iwn_softc *, uint8_t, int); 157 static void iwn_set_led(struct iwn_softc *, uint8_t, uint8_t, uint8_t); 158 static int iwn_set_critical_temp(struct iwn_softc *); 159 static void iwn_enable_tsf(struct iwn_softc *, struct ieee80211_node *); 160 static void iwn_power_calibration(struct iwn_softc *, int); 161 static int iwn_set_txpower(struct iwn_softc *, 162 struct ieee80211_channel *, int); 163 static int iwn_get_rssi(const struct iwn_rx_stat *); 164 static int iwn_get_noise(const struct iwn_rx_general_stats *); 165 static int iwn_get_temperature(struct iwn_softc *); 166 static int iwn_init_sensitivity(struct iwn_softc *); 167 static void iwn_compute_differential_gain(struct iwn_softc *, 168 const struct iwn_rx_general_stats *); 169 static void iwn_tune_sensitivity(struct iwn_softc *, 170 const struct iwn_rx_stats *); 171 static int iwn_send_sensitivity(struct iwn_softc *); 172 static int iwn_setup_beacon(struct iwn_softc *, struct ieee80211_node *); 173 static int iwn_auth(struct iwn_softc *); 174 static int iwn_run(struct iwn_softc *); 175 static int iwn_scan(struct iwn_softc *, uint16_t); 176 static int iwn_config(struct iwn_softc *); 177 static void iwn_post_alive(struct iwn_softc *); 178 static void iwn_stop_master(struct iwn_softc *); 179 static int iwn_reset(struct iwn_softc *); 180 static void iwn_hw_config(struct iwn_softc *); 181 static int iwn_init(struct ifnet *); 182 static void iwn_stop(struct ifnet *, int); 183 static void iwn_fix_channel(struct ieee80211com *, struct mbuf *); 184 static bool iwn_resume(device_t PMF_FN_PROTO); 185 static int iwn_add_node(struct iwn_softc *sc, 186 struct ieee80211_node *ni, bool broadcast, bool async, uint32_t htflags); 187 188 189 190 #define IWN_DEBUG 191 192 #ifdef IWN_DEBUG 193 #define DPRINTF(x) do { if (iwn_debug > 0) printf x; } while (0) 194 #define DPRINTFN(n, x) do { if (iwn_debug >= (n)) printf x; } while (0) 195 int iwn_debug = 0; 196 #else 197 #define DPRINTF(x) 198 #define DPRINTFN(n, x) 199 #endif 200 201 #ifdef IWN_DEBUG 202 static void iwn_print_power_group(struct iwn_softc *, int); 203 #endif 204 205 CFATTACH_DECL_NEW(iwn, sizeof(struct iwn_softc), iwn_match, iwn_attach, 206 iwn_detach, NULL); 207 208 static int 209 iwn_match(device_t parent, struct cfdata *match __unused, void *aux) 210 { 211 struct pci_attach_args *pa = aux; 212 213 if (PCI_VENDOR(pa->pa_id) != PCI_VENDOR_INTEL) 214 return 0; 215 216 if (PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_PRO_WL_4965AGN_1 || 217 PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_PRO_WL_4965AGN_2) 218 return 1; 219 220 return 0; 221 } 222 223 /* Base Address Register */ 224 #define IWN_PCI_BAR0 0x10 225 226 static void 227 iwn_attach(device_t parent __unused, device_t self, void *aux) 228 { 229 struct iwn_softc *sc = device_private(self); 230 struct ieee80211com *ic = &sc->sc_ic; 231 struct ifnet *ifp = &sc->sc_ec.ec_if; 232 struct pci_attach_args *pa = aux; 233 const char *intrstr; 234 char devinfo[256]; 235 pci_intr_handle_t ih; 236 pcireg_t memtype, data; 237 int i, error, revision; 238 239 sc->sc_dev = self; 240 sc->sc_pct = pa->pa_pc; 241 sc->sc_pcitag = pa->pa_tag; 242 243 callout_init(&sc->calib_to, 0); 244 callout_setfunc(&sc->calib_to, iwn_calib_timeout, sc); 245 246 pci_devinfo(pa->pa_id, pa->pa_class, 0, devinfo, sizeof devinfo); 247 revision = PCI_REVISION(pa->pa_class); 248 aprint_normal(": %s (rev. 0x%2x)\n", devinfo, revision); 249 250 251 /* clear device specific PCI configuration register 0x41 */ 252 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 253 data &= ~0x0000ff00; 254 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, data); 255 256 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 257 data |= PCI_COMMAND_MASTER_ENABLE; 258 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, data); 259 260 /* enable bus-mastering */ 261 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 262 data |= PCI_COMMAND_MASTER_ENABLE; 263 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, data); 264 265 /* map the register window */ 266 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, IWN_PCI_BAR0); 267 error = pci_mapreg_map(pa, IWN_PCI_BAR0, memtype, 0, &sc->sc_st, 268 &sc->sc_sh, NULL, &sc->sc_sz); 269 if (error != 0) { 270 aprint_error_dev(self, "could not map memory space\n"); 271 return; 272 } 273 274 #if 0 275 sc->sc_dmat = pa->pa_dmat; 276 #endif 277 /* XXX may not be needed */ 278 if (bus_dmatag_subregion(pa->pa_dmat, 0, 3 << 30, 279 &(sc->sc_dmat), BUS_DMA_NOWAIT) != 0) { 280 aprint_error_dev(self, 281 "WARNING: failed to restrict dma range, " 282 "falling back to parent bus dma range\n"); 283 sc->sc_dmat = pa->pa_dmat; 284 } 285 286 if (pci_intr_map(pa, &ih) != 0) { 287 aprint_error_dev(self, "could not map interrupt\n"); 288 return; 289 } 290 291 intrstr = pci_intr_string(sc->sc_pct, ih); 292 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, iwn_intr, sc); 293 294 if (sc->sc_ih == NULL) { 295 aprint_error_dev(self, "could not establish interrupt"); 296 if (intrstr != NULL) 297 aprint_error(" at %s", intrstr); 298 aprint_error("\n"); 299 return; 300 } 301 aprint_normal_dev(self, "interrupting at %s\n", intrstr); 302 303 if (iwn_reset(sc) != 0) { 304 aprint_error_dev(self, "could not reset adapter\n"); 305 return; 306 } 307 308 /* 309 * Allocate DMA memory for firmware transfers. 310 */ 311 if ((error = iwn_alloc_fwmem(sc)) != 0) { 312 aprint_error_dev(self, "could not allocate firmware memory\n"); 313 return; 314 } 315 316 /* 317 * Allocate a "keep warm" page. 318 */ 319 if ((error = iwn_alloc_kw(sc)) != 0) { 320 aprint_error_dev(self, "could not allocate keep warm page\n"); 321 goto fail1; 322 } 323 324 /* 325 * Allocate shared area (communication area). 326 */ 327 if ((error = iwn_alloc_shared(sc)) != 0) { 328 aprint_error_dev(self, "could not allocate shared area\n"); 329 goto fail2; 330 } 331 332 /* 333 * Allocate Rx buffers and Tx/Rx rings. 334 */ 335 if ((error = iwn_alloc_rpool(sc)) != 0) { 336 aprint_error_dev(self, "could not allocate Rx buffers\n"); 337 goto fail3; 338 } 339 340 for (i = 0; i < IWN_NTXQUEUES; i++) { 341 struct iwn_tx_ring *txq = &sc->txq[i]; 342 error = iwn_alloc_tx_ring(sc, txq, IWN_TX_RING_COUNT, i); 343 if (error != 0) { 344 aprint_error_dev(self, "could not allocate Tx ring %d\n", i); 345 goto fail4; 346 } 347 } 348 349 if (iwn_alloc_rx_ring(sc, &sc->rxq) != 0) { 350 aprint_error_dev(self, "could not allocate Rx ring\n"); 351 goto fail4; 352 } 353 354 355 ic->ic_ifp = ifp; 356 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 357 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 358 ic->ic_state = IEEE80211_S_INIT; 359 360 /* set device capabilities */ 361 ic->ic_caps = 362 IEEE80211_C_IBSS | /* IBSS mode support */ 363 IEEE80211_C_WPA | /* 802.11i */ 364 IEEE80211_C_MONITOR | /* monitor mode supported */ 365 IEEE80211_C_TXPMGT | /* tx power management */ 366 IEEE80211_C_SHSLOT | /* short slot time supported */ 367 IEEE80211_C_SHPREAMBLE| /* short preamble supported */ 368 IEEE80211_C_WME; /* 802.11e */ 369 370 /* read supported channels and MAC address from EEPROM */ 371 iwn_read_eeprom(sc); 372 373 /* set supported .11a, .11b and .11g rates */ 374 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwn_rateset_11a; 375 ic->ic_sup_rates[IEEE80211_MODE_11B] = iwn_rateset_11b; 376 ic->ic_sup_rates[IEEE80211_MODE_11G] = iwn_rateset_11g; 377 378 /* IBSS channel undefined for now */ 379 ic->ic_ibss_chan = &ic->ic_channels[0]; 380 381 ifp->if_softc = sc; 382 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 383 ifp->if_init = iwn_init; 384 ifp->if_stop = iwn_stop; 385 ifp->if_ioctl = iwn_ioctl; 386 ifp->if_start = iwn_start; 387 ifp->if_watchdog = iwn_watchdog; 388 IFQ_SET_READY(&ifp->if_snd); 389 memcpy(ifp->if_xname, device_xname(self), IFNAMSIZ); 390 391 if_attach(ifp); 392 ieee80211_ifattach(ic); 393 ic->ic_node_alloc = iwn_node_alloc; 394 ic->ic_newassoc = iwn_newassoc; 395 ic->ic_wme.wme_update = iwn_wme_update; 396 397 /* override state transition machine */ 398 sc->sc_newstate = ic->ic_newstate; 399 ic->ic_newstate = iwn_newstate; 400 ieee80211_media_init(ic, iwn_media_change, ieee80211_media_status); 401 402 sc->amrr.amrr_min_success_threshold = 1; 403 sc->amrr.amrr_max_success_threshold = 15; 404 405 if (!pmf_device_register(self, NULL, iwn_resume)) 406 aprint_error_dev(self, "couldn't establish power handler\n"); 407 else 408 pmf_class_network_register(self, ifp); 409 410 iwn_radiotap_attach(sc); 411 412 ieee80211_announce(ic); 413 414 return; 415 416 /* free allocated memory if something failed during attachment */ 417 fail4: while (--i >= 0) 418 iwn_free_tx_ring(sc, &sc->txq[i]); 419 iwn_free_rpool(sc); 420 fail3: iwn_free_shared(sc); 421 fail2: iwn_free_kw(sc); 422 fail1: iwn_free_fwmem(sc); 423 } 424 425 static int 426 iwn_detach(struct device* self, int flags __unused) 427 { 428 struct iwn_softc *sc = (struct iwn_softc *)self; 429 struct ifnet *ifp = sc->sc_ic.ic_ifp; 430 int ac; 431 432 iwn_stop(ifp, 1); 433 434 #if NBPFILTER > 0 435 if (ifp != NULL) 436 bpfdetach(ifp); 437 #endif 438 ieee80211_ifdetach(&sc->sc_ic); 439 if (ifp != NULL) 440 if_detach(ifp); 441 442 for (ac = 0; ac < IWN_NTXQUEUES; ac++) 443 iwn_free_tx_ring(sc, &sc->txq[ac]); 444 iwn_free_rx_ring(sc, &sc->rxq); 445 iwn_free_rpool(sc); 446 iwn_free_shared(sc); 447 448 if (sc->sc_ih != NULL) { 449 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 450 sc->sc_ih = NULL; 451 } 452 453 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 454 455 return 0; 456 } 457 458 /* 459 * Attach the interface to 802.11 radiotap. 460 */ 461 static void 462 iwn_radiotap_attach(struct iwn_softc *sc) 463 { 464 struct ifnet *ifp = sc->sc_ic.ic_ifp; 465 466 #if NBPFILTER > 0 467 bpfattach2(ifp, DLT_IEEE802_11_RADIO, 468 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 469 &sc->sc_drvbpf); 470 471 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 472 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 473 sc->sc_rxtap.wr_ihdr.it_present = htole32(IWN_RX_RADIOTAP_PRESENT); 474 475 sc->sc_txtap_len = sizeof sc->sc_txtapu; 476 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 477 sc->sc_txtap.wt_ihdr.it_present = htole32(IWN_TX_RADIOTAP_PRESENT); 478 #endif 479 } 480 481 482 /* 483 * Build a beacon frame that the firmware will broadcast periodically in 484 * IBSS or HostAP modes. 485 */ 486 static int 487 iwn_setup_beacon(struct iwn_softc *sc, struct ieee80211_node *ni) 488 { 489 struct ieee80211com *ic = &sc->sc_ic; 490 struct iwn_tx_ring *ring = &sc->txq[4]; 491 struct iwn_tx_desc *desc; 492 struct iwn_tx_data *data; 493 struct iwn_tx_cmd *cmd; 494 struct iwn_cmd_beacon *bcn; 495 struct ieee80211_beacon_offsets bo; 496 struct mbuf *m0; 497 bus_addr_t paddr; 498 int error; 499 500 desc = &ring->desc[ring->cur]; 501 data = &ring->data[ring->cur]; 502 503 m0 = ieee80211_beacon_alloc(ic, ni, &bo); 504 if (m0 == NULL) { 505 aprint_error_dev(sc->sc_dev, "could not allocate beacon frame\n"); 506 return ENOMEM; 507 } 508 509 cmd = &ring->cmd[ring->cur]; 510 cmd->code = IWN_CMD_SET_BEACON; 511 cmd->flags = 0; 512 cmd->qid = ring->qid; 513 cmd->idx = ring->cur; 514 515 bcn = (struct iwn_cmd_beacon *)cmd->data; 516 memset(bcn, 0, sizeof (struct iwn_cmd_beacon)); 517 bcn->id = IWN_ID_BROADCAST; 518 bcn->lifetime = htole32(IWN_LIFETIME_INFINITE); 519 bcn->len = htole16(m0->m_pkthdr.len); 520 bcn->rate = (ic->ic_curmode == IEEE80211_MODE_11A) ? 521 iwn_plcp_signal(12) : iwn_plcp_signal(2); 522 bcn->flags2 = 0x2; /* RATE_MCS_CCK_MSK */ 523 524 bcn->flags = htole32(IWN_TX_AUTO_SEQ | IWN_TX_INSERT_TSTAMP 525 | IWN_TX_USE_NODE_RATE); 526 527 /* save and trim IEEE802.11 header */ 528 m_copydata(m0, 0, sizeof (struct ieee80211_frame), (void *)&bcn->wh); 529 m_adj(m0, sizeof (struct ieee80211_frame)); 530 531 /* assume beacon frame is contiguous */ 532 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 533 BUS_DMA_READ | BUS_DMA_NOWAIT); 534 if (error) { 535 aprint_error_dev(sc->sc_dev, "could not map beacon\n"); 536 m_freem(m0); 537 return error; 538 } 539 540 data->m = m0; 541 542 /* first scatter/gather segment is used by the beacon command */ 543 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 544 545 IWN_SET_DESC_NSEGS(desc, 2); 546 IWN_SET_DESC_SEG(desc, 0, paddr , 4 + sizeof(struct iwn_cmd_beacon)); 547 IWN_SET_DESC_SEG(desc, 1, data->map->dm_segs[0].ds_addr, 548 data->map->dm_segs[1].ds_len); 549 550 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 551 data->map->dm_mapsize /* calc? */, BUS_DMASYNC_PREWRITE); 552 553 /* kick cmd ring */ 554 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 555 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 556 557 return 0; 558 } 559 560 static int 561 iwn_dma_contig_alloc(bus_dma_tag_t tag, struct iwn_dma_info *dma, void **kvap, 562 bus_size_t size, bus_size_t alignment, int flags) 563 { 564 int nsegs, error; 565 566 dma->tag = tag; 567 dma->size = size; 568 569 error = bus_dmamap_create(tag, size, 1, size, 0, flags, &dma->map); 570 if (error != 0) 571 goto fail; 572 573 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 574 flags); 575 if (error != 0) 576 goto fail; 577 578 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, flags); 579 if (error != 0) 580 goto fail; 581 582 error = bus_dmamap_load(tag, dma->map, dma->vaddr, size, NULL, flags); 583 if (error != 0) 584 goto fail; 585 586 memset(dma->vaddr, 0, size); 587 588 dma->paddr = dma->map->dm_segs[0].ds_addr; 589 if (kvap != NULL) 590 *kvap = dma->vaddr; 591 592 return 0; 593 594 fail: iwn_dma_contig_free(dma); 595 return error; 596 } 597 598 static void 599 iwn_dma_contig_free(struct iwn_dma_info *dma) 600 { 601 if (dma->map != NULL) { 602 if (dma->vaddr != NULL) { 603 bus_dmamap_unload(dma->tag, dma->map); 604 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 605 bus_dmamem_free(dma->tag, &dma->seg, 1); 606 dma->vaddr = NULL; 607 } 608 bus_dmamap_destroy(dma->tag, dma->map); 609 dma->map = NULL; 610 } 611 } 612 613 static int 614 iwn_alloc_shared(struct iwn_softc *sc) 615 { 616 int error; 617 void *p; 618 /* must be aligned on a 1KB boundary */ 619 error = iwn_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 620 &p, sizeof (struct iwn_shared), 1024,BUS_DMA_NOWAIT); 621 sc->shared = p; 622 if (error != 0) 623 aprint_error_dev(sc->sc_dev, 624 "could not allocate shared area DMA memory\n"); 625 626 return error; 627 628 } 629 630 static void 631 iwn_free_shared(struct iwn_softc *sc) 632 { 633 iwn_dma_contig_free(&sc->shared_dma); 634 } 635 636 static int 637 iwn_alloc_kw(struct iwn_softc *sc) 638 { 639 /* must be aligned on a 16-byte boundary */ 640 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, NULL, 641 PAGE_SIZE, PAGE_SIZE, BUS_DMA_NOWAIT); 642 } 643 644 static void 645 iwn_free_kw(struct iwn_softc *sc) 646 { 647 iwn_dma_contig_free(&sc->kw_dma); 648 } 649 650 static int 651 iwn_alloc_fwmem(struct iwn_softc *sc) 652 { 653 int error; 654 /* allocate enough contiguous space to store text and data */ 655 error = iwn_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 656 IWN_FW_MAIN_TEXT_MAXSZ + IWN_FW_MAIN_DATA_MAXSZ, 16, 657 BUS_DMA_NOWAIT); 658 659 if (error != 0){ 660 aprint_error_dev(sc->sc_dev, 661 "could not allocate firmware transfer area DMA memory\n" ); 662 663 } 664 return error; 665 } 666 667 static void 668 iwn_free_fwmem(struct iwn_softc *sc) 669 { 670 iwn_dma_contig_free(&sc->fw_dma); 671 } 672 673 static struct iwn_rbuf * 674 iwn_alloc_rbuf(struct iwn_softc *sc) 675 { 676 struct iwn_rbuf *rbuf; 677 678 mutex_enter(&sc->rxq.freelist_mtx); 679 rbuf = SLIST_FIRST(&sc->rxq.freelist); 680 if (rbuf != NULL) { 681 SLIST_REMOVE_HEAD(&sc->rxq.freelist, next); 682 sc->rxq.nb_free_entries --; 683 } 684 mutex_exit(&sc->rxq.freelist_mtx); 685 686 return rbuf; 687 } 688 689 /* 690 * This is called automatically by the network stack when the mbuf to which 691 * our Rx buffer is attached is freed. 692 */ 693 static void 694 iwn_free_rbuf(struct mbuf* m, void *buf, size_t size, void *arg) 695 { 696 struct iwn_rbuf *rbuf = arg; 697 struct iwn_softc *sc = rbuf->sc; 698 699 /* put the buffer back in the free list */ 700 mutex_enter(&sc->rxq.freelist_mtx); 701 SLIST_INSERT_HEAD(&sc->rxq.freelist, rbuf, next); 702 mutex_exit(&sc->rxq.freelist_mtx); 703 sc->rxq.nb_free_entries ++; 704 705 if (__predict_true(m != NULL)) 706 pool_cache_put(mb_cache, m); 707 } 708 709 710 static int 711 iwn_alloc_rpool(struct iwn_softc *sc) 712 { 713 struct iwn_rx_ring *ring = &sc->rxq; 714 struct iwn_rbuf *rbuf; 715 int i, error; 716 717 mutex_init(&ring->freelist_mtx, MUTEX_DEFAULT, IPL_NET); 718 719 /* allocate a big chunk of DMA'able memory.. */ 720 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->buf_dma, NULL, 721 IWN_RBUF_COUNT * IWN_RBUF_SIZE, IWN_BUF_ALIGN, BUS_DMA_NOWAIT); 722 if (error != 0) { 723 aprint_error_dev(sc->sc_dev, 724 "could not allocate Rx buffers DMA memory\n"); 725 return error; 726 } 727 728 /* ..and split it into chunks of "rbufsz" bytes */ 729 SLIST_INIT(&ring->freelist); 730 for (i = 0; i < IWN_RBUF_COUNT; i++) { 731 rbuf = &ring->rbuf[i]; 732 733 rbuf->sc = sc; /* backpointer for callbacks */ 734 rbuf->vaddr = (char *)ring->buf_dma.vaddr + i * IWN_RBUF_SIZE; 735 rbuf->paddr = ring->buf_dma.paddr + i * IWN_RBUF_SIZE; 736 737 SLIST_INSERT_HEAD(&ring->freelist, rbuf, next); 738 } 739 ring->nb_free_entries = IWN_RBUF_COUNT; 740 return 0; 741 } 742 743 static void 744 iwn_free_rpool(struct iwn_softc *sc) 745 { 746 iwn_dma_contig_free(&sc->rxq.buf_dma); 747 } 748 749 static int 750 iwn_alloc_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 751 { 752 struct iwn_rx_data *data; 753 struct iwn_rbuf *rbuf; 754 int i, error; 755 void *p; 756 757 ring->cur = 0; 758 759 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 760 &p, IWN_RX_RING_COUNT * sizeof (struct iwn_rx_desc), 761 IWN_RING_DMA_ALIGN, BUS_DMA_NOWAIT); 762 if (error != 0) { 763 aprint_error_dev(sc->sc_dev, 764 "could not allocate rx ring DMA memory\n"); 765 goto fail; 766 } 767 ring->desc = p; 768 769 /* 770 * Setup Rx buffers. 771 */ 772 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 773 data = &ring->data[i]; 774 775 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 776 if (data->m == NULL) { 777 aprint_error_dev(sc->sc_dev, "could not allocate rx mbuf\n"); 778 error = ENOMEM; 779 goto fail; 780 } 781 if ((rbuf = iwn_alloc_rbuf(sc)) == NULL) { 782 m_freem(data->m); 783 data->m = NULL; 784 aprint_error_dev(sc->sc_dev, "could not allocate rx buffer\n"); 785 error = ENOMEM; 786 goto fail; 787 } 788 /* attach Rx buffer to mbuf */ 789 MEXTADD(data->m, rbuf->vaddr, IWN_RBUF_SIZE, 0, iwn_free_rbuf, 790 rbuf); 791 792 data->m->m_flags |= M_EXT_RW; 793 /* Rx buffers are aligned on a 256-byte boundary */ 794 ring->desc[i] = htole32(rbuf->paddr >> 8); 795 } 796 797 return 0; 798 799 fail: iwn_free_rx_ring(sc, ring); 800 return error; 801 } 802 803 static void 804 iwn_reset_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 805 { 806 int ntries; 807 808 iwn_mem_lock(sc); 809 810 IWN_WRITE(sc, IWN_RX_CONFIG, 0); 811 for (ntries = 0; ntries < 100; ntries++) { 812 if (IWN_READ(sc, IWN_RX_STATUS) & IWN_RX_IDLE) 813 break; 814 DELAY(10); 815 } 816 #ifdef IWN_DEBUG 817 if (ntries == 100 && iwn_debug > 0) 818 aprint_error_dev(sc->sc_dev, "timeout resetting Rx ring\n"); 819 #endif 820 iwn_mem_unlock(sc); 821 822 ring->cur = 0; 823 } 824 825 static void 826 iwn_free_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 827 { 828 int i; 829 830 iwn_dma_contig_free(&ring->desc_dma); 831 832 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 833 if (ring->data[i].m != NULL) 834 m_freem(ring->data[i].m); 835 } 836 } 837 838 static int 839 iwn_alloc_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring, int count, 840 int qid) 841 { 842 struct iwn_tx_data *data; 843 int i, error; 844 void *p; 845 846 ring->qid = qid; 847 ring->count = count; 848 ring->queued = 0; 849 ring->cur = 0; 850 851 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 852 &p, count * sizeof (struct iwn_tx_desc), 853 IWN_RING_DMA_ALIGN, BUS_DMA_NOWAIT); 854 if (error != 0) { 855 aprint_error_dev(sc->sc_dev, "could not allocate tx ring DMA memory\n"); 856 goto fail; 857 } 858 ring->desc = p; 859 860 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 861 &p, count * sizeof (struct iwn_tx_cmd), 4, BUS_DMA_NOWAIT); 862 if (error != 0) { 863 aprint_error_dev(sc->sc_dev, "could not allocate tx cmd DMA memory\n"); 864 goto fail; 865 } 866 ring->cmd = p; 867 868 ring->data = malloc(count * sizeof (struct iwn_tx_data), M_DEVBUF, M_NOWAIT); 869 870 if (ring->data == NULL) { 871 aprint_error_dev(sc->sc_dev,"could not allocate tx data slots\n"); 872 goto fail; 873 } 874 875 memset(ring->data, 0, count * sizeof (struct iwn_tx_data)); 876 877 for (i = 0; i < count; i++) { 878 data = &ring->data[i]; 879 880 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 881 IWN_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 882 &data->map); 883 if (error != 0) { 884 aprint_error_dev(sc->sc_dev, "could not create tx buf DMA map\n"); 885 goto fail; 886 } 887 } 888 889 return 0; 890 891 fail: iwn_free_tx_ring(sc, ring); 892 return error; 893 } 894 895 static void 896 iwn_reset_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 897 { 898 struct iwn_tx_data *data; 899 uint32_t tmp; 900 int i, ntries; 901 902 iwn_mem_lock(sc); 903 904 IWN_WRITE(sc, IWN_TX_CONFIG(ring->qid), 0); 905 for (ntries = 0; ntries < 100; ntries++) { 906 tmp = IWN_READ(sc, IWN_TX_STATUS); 907 if ((tmp & IWN_TX_IDLE(ring->qid)) == IWN_TX_IDLE(ring->qid)) 908 break; 909 DELAY(10); 910 } 911 #ifdef IWN_DEBUG 912 if (ntries == 100 && iwn_debug > 1) { 913 aprint_error_dev(sc->sc_dev, "timeout resetting Tx ring %d\n", ring->qid); 914 } 915 #endif 916 iwn_mem_unlock(sc); 917 918 for (i = 0; i < ring->count; i++) { 919 data = &ring->data[i]; 920 921 if (data->m != NULL) { 922 bus_dmamap_unload(sc->sc_dmat, data->map); 923 m_freem(data->m); 924 data->m = NULL; 925 } 926 } 927 928 ring->queued = 0; 929 ring->cur = 0; 930 } 931 932 static void 933 iwn_free_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 934 { 935 struct iwn_tx_data *data; 936 int i; 937 938 iwn_dma_contig_free(&ring->desc_dma); 939 iwn_dma_contig_free(&ring->cmd_dma); 940 941 if (ring->data != NULL) { 942 for (i = 0; i < ring->count; i++) { 943 data = &ring->data[i]; 944 945 if (data->m != NULL) { 946 bus_dmamap_unload(sc->sc_dmat, data->map); 947 m_freem(data->m); 948 } 949 } 950 free(ring->data, M_DEVBUF); 951 } 952 } 953 954 /*ARGUSED*/ 955 struct ieee80211_node * 956 iwn_node_alloc(struct ieee80211_node_table *nt __unused) 957 { 958 struct iwn_node *wn; 959 960 wn = malloc(sizeof (struct iwn_node), M_80211_NODE, M_NOWAIT | M_ZERO); 961 962 return (struct ieee80211_node *)wn; 963 } 964 965 static void 966 iwn_newassoc(struct ieee80211_node *ni, int isnew) 967 { 968 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc; 969 int i; 970 971 ieee80211_amrr_node_init(&sc->amrr, &((struct iwn_node *)ni)->amn); 972 973 /* set rate to some reasonable initial value */ 974 for (i = ni->ni_rates.rs_nrates - 1; 975 i > 0 && (ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL) > 72; 976 i--); 977 ni->ni_txrate = i; 978 } 979 980 static int 981 iwn_media_change(struct ifnet *ifp) 982 { 983 int error; 984 985 error = ieee80211_media_change(ifp); 986 if (error != ENETRESET) 987 return error; 988 989 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) 990 iwn_init(ifp); 991 992 return 0; 993 } 994 995 static int 996 iwn_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 997 { 998 struct ifnet *ifp = ic->ic_ifp; 999 struct iwn_softc *sc = ifp->if_softc; 1000 int error; 1001 1002 callout_stop(&sc->calib_to); 1003 1004 DPRINTF(("iwn_newstate: nstate = %d, ic->ic_state = %d\n", nstate, 1005 ic->ic_state)); 1006 1007 switch (nstate) { 1008 1009 case IEEE80211_S_SCAN: 1010 1011 if (sc->is_scanning) 1012 break; 1013 1014 sc->is_scanning = true; 1015 ieee80211_node_table_reset(&ic->ic_scan); 1016 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1017 1018 /* make the link LED blink while we're scanning */ 1019 iwn_set_led(sc, IWN_LED_LINK, 20, 2); 1020 1021 if ((error = iwn_scan(sc, IEEE80211_CHAN_G)) != 0) { 1022 aprint_error_dev(sc->sc_dev, "could not initiate scan\n"); 1023 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 1024 return error; 1025 } 1026 ic->ic_state = nstate; 1027 return 0; 1028 1029 case IEEE80211_S_ASSOC: 1030 if (ic->ic_state != IEEE80211_S_RUN) 1031 break; 1032 /* FALLTHROUGH */ 1033 case IEEE80211_S_AUTH: 1034 /* cancel any active scan - it apparently breaks auth */ 1035 (void)iwn_cmd(sc, IWN_CMD_SCAN_ABORT, NULL, 0, 0); 1036 1037 if ((error = iwn_auth(sc)) != 0) { 1038 aprint_error_dev(sc->sc_dev, 1039 "could not move to auth state\n"); 1040 return error; 1041 } 1042 break; 1043 1044 case IEEE80211_S_RUN: 1045 if ((error = iwn_run(sc)) != 0) { 1046 aprint_error_dev(sc->sc_dev, 1047 "could not move to run state\n"); 1048 return error; 1049 } 1050 break; 1051 1052 case IEEE80211_S_INIT: 1053 sc->is_scanning = false; 1054 break; 1055 } 1056 1057 return sc->sc_newstate(ic, nstate, arg); 1058 } 1059 1060 /* 1061 * Grab exclusive access to NIC memory. 1062 */ 1063 static void 1064 iwn_mem_lock(struct iwn_softc *sc) 1065 { 1066 uint32_t tmp; 1067 int ntries; 1068 1069 tmp = IWN_READ(sc, IWN_GPIO_CTL); 1070 IWN_WRITE(sc, IWN_GPIO_CTL, tmp | IWN_GPIO_MAC); 1071 1072 /* spin until we actually get the lock */ 1073 for (ntries = 0; ntries < 1000; ntries++) { 1074 if ((IWN_READ(sc, IWN_GPIO_CTL) & 1075 (IWN_GPIO_CLOCK | IWN_GPIO_SLEEP)) == IWN_GPIO_CLOCK) 1076 break; 1077 DELAY(10); 1078 } 1079 if (ntries == 1000) 1080 aprint_error_dev(sc->sc_dev, "could not lock memory\n"); 1081 } 1082 1083 /* 1084 * Release lock on NIC memory. 1085 */ 1086 static void 1087 iwn_mem_unlock(struct iwn_softc *sc) 1088 { 1089 uint32_t tmp = IWN_READ(sc, IWN_GPIO_CTL); 1090 IWN_WRITE(sc, IWN_GPIO_CTL, tmp & ~IWN_GPIO_MAC); 1091 } 1092 1093 static uint32_t 1094 iwn_mem_read(struct iwn_softc *sc, uint32_t addr) 1095 { 1096 IWN_WRITE(sc, IWN_READ_MEM_ADDR, IWN_MEM_4 | addr); 1097 return IWN_READ(sc, IWN_READ_MEM_DATA); 1098 } 1099 1100 static void 1101 iwn_mem_write(struct iwn_softc *sc, uint32_t addr, uint32_t data) 1102 { 1103 IWN_WRITE(sc, IWN_WRITE_MEM_ADDR, IWN_MEM_4 | addr); 1104 IWN_WRITE(sc, IWN_WRITE_MEM_DATA, data); 1105 } 1106 1107 static void 1108 iwn_mem_write_region_4(struct iwn_softc *sc, uint32_t addr, 1109 const uint32_t *data, int wlen) 1110 { 1111 for (; wlen > 0; wlen--, data++, addr += 4) 1112 iwn_mem_write(sc, addr, *data); 1113 } 1114 1115 static int 1116 iwn_eeprom_lock(struct iwn_softc *sc) 1117 { 1118 uint32_t tmp; 1119 int ntries; 1120 1121 tmp = IWN_READ(sc, IWN_HWCONFIG); 1122 IWN_WRITE(sc, IWN_HWCONFIG, tmp | IWN_HW_EEPROM_LOCKED); 1123 1124 /* spin until we actually get the lock */ 1125 for (ntries = 0; ntries < 100; ntries++) { 1126 if (IWN_READ(sc, IWN_HWCONFIG) & IWN_HW_EEPROM_LOCKED) 1127 return 0; 1128 DELAY(10); 1129 } 1130 return ETIMEDOUT; 1131 } 1132 1133 static void 1134 iwn_eeprom_unlock(struct iwn_softc *sc) 1135 { 1136 uint32_t tmp = IWN_READ(sc, IWN_HWCONFIG); 1137 IWN_WRITE(sc, IWN_HWCONFIG, tmp & ~IWN_HW_EEPROM_LOCKED); 1138 } 1139 1140 /* 1141 * Read `len' bytes from the EEPROM. We access the EEPROM through the MAC 1142 * instead of using the traditional bit-bang method. 1143 */ 1144 static int 1145 iwn_read_prom_data(struct iwn_softc *sc, uint32_t addr, void *data, int len) 1146 { 1147 uint8_t *out = data; 1148 uint32_t val; 1149 int ntries; 1150 1151 iwn_mem_lock(sc); 1152 for (; len > 0; len -= 2, addr++) { 1153 IWN_WRITE(sc, IWN_EEPROM_CTL, addr << 2); 1154 IWN_WRITE(sc, IWN_EEPROM_CTL, 1155 IWN_READ(sc, IWN_EEPROM_CTL) & ~IWN_EEPROM_CMD); 1156 1157 for (ntries = 0; ntries < 10; ntries++) { 1158 if ((val = IWN_READ(sc, IWN_EEPROM_CTL)) & 1159 IWN_EEPROM_READY) 1160 break; 1161 DELAY(5); 1162 } 1163 if (ntries == 10) { 1164 aprint_error_dev(sc->sc_dev, "could not read EEPROM\n"); 1165 return ETIMEDOUT; 1166 } 1167 *out++ = val >> 16; 1168 if (len > 1) 1169 *out++ = val >> 24; 1170 } 1171 iwn_mem_unlock(sc); 1172 1173 return 0; 1174 } 1175 1176 /* 1177 * The firmware boot code is small and is intended to be copied directly into 1178 * the NIC internal memory. 1179 */ 1180 static int 1181 iwn_load_microcode(struct iwn_softc *sc, const uint8_t *ucode, int size) 1182 { 1183 int ntries; 1184 1185 size /= sizeof (uint32_t); 1186 1187 iwn_mem_lock(sc); 1188 1189 /* copy microcode image into NIC memory */ 1190 iwn_mem_write_region_4(sc, IWN_MEM_UCODE_BASE, 1191 (const uint32_t *)ucode, size); 1192 1193 iwn_mem_write(sc, IWN_MEM_UCODE_SRC, 0); 1194 iwn_mem_write(sc, IWN_MEM_UCODE_DST, IWN_FW_TEXT); 1195 iwn_mem_write(sc, IWN_MEM_UCODE_SIZE, size); 1196 1197 /* run microcode */ 1198 iwn_mem_write(sc, IWN_MEM_UCODE_CTL, IWN_UC_RUN); 1199 1200 /* wait for transfer to complete */ 1201 for (ntries = 0; ntries < 1000; ntries++) { 1202 if (!(iwn_mem_read(sc, IWN_MEM_UCODE_CTL) & IWN_UC_RUN)) 1203 break; 1204 DELAY(10); 1205 } 1206 if (ntries == 1000) { 1207 iwn_mem_unlock(sc); 1208 aprint_error_dev(sc->sc_dev, "could not load boot firmware\n"); 1209 return ETIMEDOUT; 1210 } 1211 iwn_mem_write(sc, IWN_MEM_UCODE_CTL, IWN_UC_ENABLE); 1212 1213 iwn_mem_unlock(sc); 1214 1215 return 0; 1216 } 1217 1218 static int 1219 iwn_load_firmware(struct iwn_softc *sc) 1220 { 1221 struct iwn_dma_info *dma = &sc->fw_dma; 1222 struct iwn_firmware_hdr hdr; 1223 const uint8_t *init_text, *init_data, *main_text, *main_data; 1224 const uint8_t *boot_text; 1225 uint32_t init_textsz, init_datasz, main_textsz, main_datasz; 1226 uint32_t boot_textsz; 1227 firmware_handle_t fw; 1228 u_char *dfw; 1229 size_t size; 1230 int error; 1231 1232 /* load firmware image from disk */ 1233 if ((error = firmware_open("if_iwn","iwlwifi-4965.ucode", &fw)) != 0) { 1234 aprint_error_dev(sc->sc_dev, "could not read firmware file\n"); 1235 goto fail1; 1236 } 1237 1238 size = firmware_get_size(fw); 1239 1240 /* extract firmware header information */ 1241 if (size < sizeof (struct iwn_firmware_hdr)) { 1242 aprint_error_dev(sc->sc_dev, "truncated firmware header: %zu bytes\n", size); 1243 1244 error = EINVAL; 1245 goto fail2; 1246 } 1247 1248 1249 if ((error = firmware_read(fw, 0, &hdr, 1250 sizeof (struct iwn_firmware_hdr))) != 0) { 1251 aprint_error_dev(sc->sc_dev, "can't get firmware header\n"); 1252 goto fail2; 1253 } 1254 1255 main_textsz = le32toh(hdr.main_textsz); 1256 main_datasz = le32toh(hdr.main_datasz); 1257 init_textsz = le32toh(hdr.init_textsz); 1258 init_datasz = le32toh(hdr.init_datasz); 1259 boot_textsz = le32toh(hdr.boot_textsz); 1260 1261 /* sanity-check firmware segments sizes */ 1262 if (main_textsz > IWN_FW_MAIN_TEXT_MAXSZ || 1263 main_datasz > IWN_FW_MAIN_DATA_MAXSZ || 1264 init_textsz > IWN_FW_INIT_TEXT_MAXSZ || 1265 init_datasz > IWN_FW_INIT_DATA_MAXSZ || 1266 boot_textsz > IWN_FW_BOOT_TEXT_MAXSZ || 1267 (boot_textsz & 3) != 0) { 1268 aprint_error_dev(sc->sc_dev, "invalid firmware header\n"); 1269 error = EINVAL; 1270 goto fail2; 1271 } 1272 1273 /* check that all firmware segments are present */ 1274 if (size < sizeof (struct iwn_firmware_hdr) + main_textsz + 1275 main_datasz + init_textsz + init_datasz + boot_textsz) { 1276 aprint_error_dev(sc->sc_dev, "firmware file too short: %zu bytes\n", size); 1277 error = EINVAL; 1278 goto fail2; 1279 } 1280 1281 dfw = firmware_malloc(size); 1282 if (dfw == NULL) { 1283 aprint_error_dev(sc->sc_dev, "not enough memory to stock firmware\n"); 1284 error = ENOMEM; 1285 goto fail2; 1286 } 1287 1288 if ((error = firmware_read(fw, 0, dfw, size)) != 0) { 1289 aprint_error_dev(sc->sc_dev, "can't get firmware\n"); 1290 goto fail2; 1291 } 1292 1293 /* get pointers to firmware segments */ 1294 main_text = dfw + sizeof (struct iwn_firmware_hdr); 1295 main_data = main_text + main_textsz; 1296 init_text = main_data + main_datasz; 1297 init_data = init_text + init_textsz; 1298 boot_text = init_data + init_datasz; 1299 1300 /* copy initialization images into pre-allocated DMA-safe memory */ 1301 memcpy(dma->vaddr, init_data, init_datasz); 1302 memcpy((char *)dma->vaddr + IWN_FW_INIT_DATA_MAXSZ, init_text, init_textsz); 1303 1304 /* tell adapter where to find initialization images */ 1305 iwn_mem_lock(sc); 1306 iwn_mem_write(sc, IWN_MEM_DATA_BASE, dma->paddr >> 4); 1307 iwn_mem_write(sc, IWN_MEM_DATA_SIZE, init_datasz); 1308 iwn_mem_write(sc, IWN_MEM_TEXT_BASE, 1309 (dma->paddr + IWN_FW_INIT_DATA_MAXSZ) >> 4); 1310 iwn_mem_write(sc, IWN_MEM_TEXT_SIZE, init_textsz); 1311 iwn_mem_unlock(sc); 1312 1313 /* load firmware boot code */ 1314 if ((error = iwn_load_microcode(sc, boot_text, boot_textsz)) != 0) { 1315 aprint_error_dev(sc->sc_dev, "could not load boot firmware\n"); 1316 goto fail3; 1317 } 1318 1319 /* now press "execute" ;-) */ 1320 IWN_WRITE(sc, IWN_RESET, 0); 1321 1322 /* ..and wait at most one second for adapter to initialize */ 1323 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 1324 /* this isn't what was supposed to happen.. */ 1325 aprint_error_dev(sc->sc_dev, "timeout waiting for adapter to initialize\n"); 1326 } 1327 1328 /* copy runtime images into pre-allocated DMA-safe memory */ 1329 memcpy((char *)dma->vaddr, main_data, main_datasz); 1330 memcpy((char *)dma->vaddr + IWN_FW_MAIN_DATA_MAXSZ, main_text, main_textsz); 1331 1332 /* tell adapter where to find runtime images */ 1333 iwn_mem_lock(sc); 1334 iwn_mem_write(sc, IWN_MEM_DATA_BASE, dma->paddr >> 4); 1335 iwn_mem_write(sc, IWN_MEM_DATA_SIZE, main_datasz); 1336 iwn_mem_write(sc, IWN_MEM_TEXT_BASE, 1337 (dma->paddr + IWN_FW_MAIN_DATA_MAXSZ) >> 4); 1338 iwn_mem_write(sc, IWN_MEM_TEXT_SIZE, IWN_FW_UPDATED | main_textsz); 1339 iwn_mem_unlock(sc); 1340 1341 /* wait at most one second for second alive notification */ 1342 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 1343 /* this isn't what was supposed to happen.. */ 1344 aprint_error_dev(sc->sc_dev, "timeout waiting for adapter to initialize\n"); 1345 } 1346 1347 fail3: firmware_free(dfw,size); 1348 fail2: firmware_close(fw); 1349 fail1: return error; 1350 } 1351 1352 static void 1353 iwn_calib_timeout(void *arg) 1354 { 1355 struct iwn_softc *sc = arg; 1356 struct ieee80211com *ic = &sc->sc_ic; 1357 int s; 1358 1359 /* automatic rate control triggered every 500ms */ 1360 if (ic->ic_fixed_rate == -1) { 1361 s = splnet(); 1362 if (ic->ic_opmode == IEEE80211_M_STA) 1363 iwn_iter_func(sc, ic->ic_bss); 1364 else 1365 ieee80211_iterate_nodes(&ic->ic_sta, iwn_iter_func, sc); 1366 splx(s); 1367 } 1368 1369 /* automatic calibration every 60s */ 1370 if (++sc->calib_cnt >= 120) { 1371 DPRINTF(("sending request for statistics\n")); 1372 (void)iwn_cmd(sc, IWN_CMD_GET_STATISTICS, NULL, 0, 1); 1373 sc->calib_cnt = 0; 1374 } 1375 1376 callout_schedule(&sc->calib_to, hz/2); 1377 1378 } 1379 1380 static void 1381 iwn_iter_func(void *arg, struct ieee80211_node *ni) 1382 { 1383 struct iwn_softc *sc = arg; 1384 struct iwn_node *wn = (struct iwn_node *)ni; 1385 1386 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1387 } 1388 1389 static void 1390 iwn_ampdu_rx_start(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1391 { 1392 struct iwn_rx_stat *stat; 1393 1394 DPRINTFN(2, ("received AMPDU stats\n")); 1395 /* save Rx statistics, they will be used on IWN_AMPDU_RX_DONE */ 1396 stat = (struct iwn_rx_stat *)(desc + 1); 1397 memcpy(&sc->last_rx_stat, stat, sizeof (*stat)); 1398 sc->last_rx_valid = 1; 1399 } 1400 1401 void 1402 iwn_rx_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc, 1403 struct iwn_rx_data *data) 1404 { 1405 struct ieee80211com *ic = &sc->sc_ic; 1406 struct ifnet *ifp = ic->ic_ifp; 1407 struct iwn_rx_ring *ring = &sc->rxq; 1408 struct iwn_rbuf *rbuf; 1409 struct ieee80211_frame *wh; 1410 struct ieee80211_node *ni; 1411 struct mbuf *m, *mnew; 1412 struct iwn_rx_stat *stat; 1413 char *head; 1414 uint32_t *tail; 1415 int len, rssi; 1416 1417 if (desc->type == IWN_AMPDU_RX_DONE) { 1418 /* check for prior AMPDU_RX_START */ 1419 if (!sc->last_rx_valid) { 1420 DPRINTF(("missing AMPDU_RX_START\n")); 1421 ifp->if_ierrors++; 1422 return; 1423 } 1424 sc->last_rx_valid = 0; 1425 stat = &sc->last_rx_stat; 1426 } else 1427 stat = (struct iwn_rx_stat *)(desc + 1); 1428 1429 if (stat->cfg_phy_len > IWN_STAT_MAXLEN) { 1430 aprint_error_dev(sc->sc_dev, "invalid rx statistic header\n"); 1431 ifp->if_ierrors++; 1432 return; 1433 } 1434 1435 if (desc->type == IWN_AMPDU_RX_DONE) { 1436 struct iwn_rx_ampdu *ampdu = 1437 (struct iwn_rx_ampdu *)(desc + 1); 1438 head = (char *)(ampdu + 1); 1439 len = le16toh(ampdu->len); 1440 } else { 1441 head = (char *)(stat + 1) + stat->cfg_phy_len; 1442 len = le16toh(stat->len); 1443 } 1444 1445 DPRINTF(("rx packet len %d\n", len)); 1446 /* discard Rx frames with bad CRC early */ 1447 tail = (uint32_t *)(head + len); 1448 if ((le32toh(*tail) & IWN_RX_NOERROR) != IWN_RX_NOERROR) { 1449 DPRINTFN(2, ("rx flags error %x\n", le32toh(*tail))); 1450 ifp->if_ierrors++; 1451 return; 1452 } 1453 /* XXX for ieee80211_find_rxnode() */ 1454 if (len < sizeof (struct ieee80211_frame)) { 1455 DPRINTF(("frame too short: %d\n", len)); 1456 ic->ic_stats.is_rx_tooshort++; 1457 ifp->if_ierrors++; 1458 return; 1459 } 1460 1461 m = data->m; 1462 1463 /* finalize mbuf */ 1464 m->m_pkthdr.rcvif = ifp; 1465 m->m_data = head; 1466 m->m_pkthdr.len = m->m_len = len; 1467 1468 /* 1469 * See comment in if_wpi.c:wpi_rx_intr() about locking 1470 * nb_free_entries here. In short: it's not required. 1471 */ 1472 if (sc->rxq.nb_free_entries > 0) { 1473 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1474 if (mnew == NULL) { 1475 ic->ic_stats.is_rx_nobuf++; 1476 ifp->if_ierrors++; 1477 return; 1478 } 1479 1480 rbuf = iwn_alloc_rbuf(sc); 1481 1482 /* attach Rx buffer to mbuf */ 1483 MEXTADD(mnew, rbuf->vaddr, IWN_RBUF_SIZE, 0, iwn_free_rbuf, 1484 rbuf); 1485 mnew->m_flags |= M_EXT_RW; 1486 1487 data->m = mnew; 1488 1489 /* update Rx descriptor */ 1490 ring->desc[ring->cur] = htole32(rbuf->paddr >> 8); 1491 } else { 1492 /* no free rbufs, copy frame */ 1493 m = m_dup(m, 0, M_COPYALL, M_DONTWAIT); 1494 if (m == NULL) { 1495 /* no free mbufs either, drop frame */ 1496 ic->ic_stats.is_rx_nobuf++; 1497 ifp->if_ierrors++; 1498 return; 1499 } 1500 } 1501 1502 rssi = iwn_get_rssi(stat); 1503 1504 if ((ic->ic_state == IEEE80211_S_SCAN) && (false)) 1505 iwn_fix_channel(ic, m); 1506 ic->ic_curchan = &ic->ic_channels[11]; 1507 1508 #if NBPFILTER > 0 1509 if (sc->sc_drvbpf != NULL) { 1510 struct iwn_rx_radiotap_header *tap = &sc->sc_rxtap; 1511 1512 tap->wr_flags = 0; 1513 tap->wr_chan_freq = 1514 htole16(ic->ic_channels[stat->chan].ic_freq); 1515 tap->wr_chan_flags = 1516 htole16(ic->ic_channels[stat->chan].ic_flags); 1517 tap->wr_dbm_antsignal = (int8_t)rssi; 1518 tap->wr_dbm_antnoise = (int8_t)sc->noise; 1519 tap->wr_tsft = stat->tstamp; 1520 switch (stat->rate) { 1521 /* CCK rates */ 1522 case 10: tap->wr_rate = 2; break; 1523 case 20: tap->wr_rate = 4; break; 1524 case 55: tap->wr_rate = 11; break; 1525 case 110: tap->wr_rate = 22; break; 1526 /* OFDM rates */ 1527 case 0xd: tap->wr_rate = 12; break; 1528 case 0xf: tap->wr_rate = 18; break; 1529 case 0x5: tap->wr_rate = 24; break; 1530 case 0x7: tap->wr_rate = 36; break; 1531 case 0x9: tap->wr_rate = 48; break; 1532 case 0xb: tap->wr_rate = 72; break; 1533 case 0x1: tap->wr_rate = 96; break; 1534 case 0x3: tap->wr_rate = 108; break; 1535 /* unknown rate: should not happen */ 1536 default: tap->wr_rate = 0; 1537 } 1538 1539 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1540 } 1541 #endif 1542 1543 /* grab a reference to the source node */ 1544 wh = mtod(m, struct ieee80211_frame *); 1545 ni = ieee80211_find_rxnode(ic,(struct ieee80211_frame_min *)wh); 1546 1547 /* send the frame to the 802.11 layer */ 1548 ieee80211_input(ic, m, ni, rssi, 0); 1549 1550 /* node is no longer needed */ 1551 ieee80211_free_node(ni); 1552 } 1553 1554 1555 /* 1556 * XXX: Hack to set the current channel to the value advertised in beacons or 1557 * probe responses. Only used during AP detection. 1558 * XXX: Duplicated from if_iwi.c 1559 */ 1560 static void 1561 iwn_fix_channel(struct ieee80211com *ic, struct mbuf *m) 1562 { 1563 struct ieee80211_frame *wh; 1564 uint8_t subtype; 1565 uint8_t *frm, *efrm; 1566 1567 wh = mtod(m, struct ieee80211_frame *); 1568 1569 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT) 1570 return; 1571 1572 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1573 1574 if (subtype != IEEE80211_FC0_SUBTYPE_BEACON && 1575 subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1576 return; 1577 1578 frm = (uint8_t *)(wh + 1); 1579 efrm = mtod(m, uint8_t *) + m->m_len; 1580 1581 frm += 12; /* skip tstamp, bintval and capinfo fields */ 1582 while (frm < efrm) { 1583 if (*frm == IEEE80211_ELEMID_DSPARMS) 1584 #if IEEE80211_CHAN_MAX < 255 1585 if (frm[2] <= IEEE80211_CHAN_MAX) 1586 #endif 1587 ic->ic_curchan = &ic->ic_channels[frm[2]]; 1588 1589 frm += frm[1] + 2; 1590 } 1591 } 1592 1593 static void 1594 iwn_rx_statistics(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1595 { 1596 struct ieee80211com *ic = &sc->sc_ic; 1597 struct iwn_calib_state *calib = &sc->calib; 1598 struct iwn_stats *stats = (struct iwn_stats *)(desc + 1); 1599 1600 /* ignore beacon statistics received during a scan */ 1601 if (ic->ic_state != IEEE80211_S_RUN) 1602 return; 1603 1604 DPRINTFN(3, ("received statistics (cmd=%d)\n", desc->type)); 1605 sc->calib_cnt = 0; /* reset timeout */ 1606 1607 /* test if temperature has changed */ 1608 if (stats->general.temp != sc->rawtemp) { 1609 int temp; 1610 1611 sc->rawtemp = stats->general.temp; 1612 temp = iwn_get_temperature(sc); 1613 DPRINTFN(2, ("temperature=%d\n", temp)); 1614 1615 /* update Tx power if need be */ 1616 iwn_power_calibration(sc, temp); 1617 } 1618 1619 if (desc->type != IWN_BEACON_STATISTICS) 1620 return; /* reply to a statistics request */ 1621 1622 sc->noise = iwn_get_noise(&stats->rx.general); 1623 DPRINTFN(3, ("noise=%d\n", sc->noise)); 1624 1625 /* test that RSSI and noise are present in stats report */ 1626 if (le32toh(stats->rx.general.flags) != 1) { 1627 DPRINTF(("received statistics without RSSI\n")); 1628 return; 1629 } 1630 1631 if (calib->state == IWN_CALIB_STATE_ASSOC) 1632 iwn_compute_differential_gain(sc, &stats->rx.general); 1633 else if (calib->state == IWN_CALIB_STATE_RUN) 1634 iwn_tune_sensitivity(sc, &stats->rx); 1635 } 1636 1637 static void 1638 iwn_tx_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1639 { 1640 struct ifnet *ifp = sc->sc_ic.ic_ifp; 1641 struct iwn_tx_ring *ring = &sc->txq[desc->qid & 0xf]; 1642 struct iwn_tx_data *txdata = &ring->data[desc->idx]; 1643 struct iwn_tx_stat *stat = (struct iwn_tx_stat *)(desc + 1); 1644 struct iwn_node *wn = (struct iwn_node *)txdata->ni; 1645 uint32_t status; 1646 1647 DPRINTFN(4, ("tx done: qid=%d idx=%d retries=%d nkill=%d rate=%x " 1648 "duration=%d status=%x\n", desc->qid, desc->idx, stat->ntries, 1649 stat->nkill, stat->rate, le16toh(stat->duration), 1650 le32toh(stat->status))); 1651 1652 /* 1653 * Update rate control statistics for the node. 1654 */ 1655 wn->amn.amn_txcnt++; 1656 if (stat->ntries > 0) { 1657 DPRINTFN(3, ("tx intr ntries %d\n", stat->ntries)); 1658 wn->amn.amn_retrycnt++; 1659 } 1660 1661 status = le32toh(stat->status) & 0xff; 1662 if (status != 1 && status != 2) 1663 ifp->if_oerrors++; 1664 else 1665 ifp->if_opackets++; 1666 1667 bus_dmamap_unload(sc->sc_dmat, txdata->map); 1668 m_freem(txdata->m); 1669 txdata->m = NULL; 1670 ieee80211_free_node(txdata->ni); 1671 txdata->ni = NULL; 1672 1673 ring->queued--; 1674 1675 sc->sc_tx_timer = 0; 1676 ifp->if_flags &= ~IFF_OACTIVE; 1677 iwn_start(ifp); 1678 } 1679 1680 static void 1681 iwn_cmd_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1682 { 1683 struct iwn_tx_ring *ring = &sc->txq[4]; 1684 struct iwn_tx_data *data; 1685 1686 if ((desc->qid & 0xf) != 4) 1687 return; /* not a command ack */ 1688 1689 data = &ring->data[desc->idx]; 1690 1691 /* if the command was mapped in a mbuf, free it */ 1692 if (data->m != NULL) { 1693 bus_dmamap_unload(sc->sc_dmat, data->map); 1694 m_freem(data->m); 1695 data->m = NULL; 1696 } 1697 1698 wakeup(&ring->cmd[desc->idx]); 1699 } 1700 1701 static void 1702 iwn_notif_intr(struct iwn_softc *sc) 1703 { 1704 struct ieee80211com *ic = &sc->sc_ic; 1705 struct ifnet *ifp = ic->ic_ifp; 1706 uint16_t hw; 1707 1708 hw = le16toh(sc->shared->closed_count); 1709 while (sc->rxq.cur != hw) { 1710 struct iwn_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1711 struct iwn_rx_desc *desc = (void *)data->m->m_ext.ext_buf; 1712 1713 DPRINTFN(4,("rx notification qid=%x idx=%d flags=%x type=%d " 1714 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1715 le32toh(desc->len))); 1716 1717 if (!(desc->qid & 0x80)) /* reply to a command */ 1718 iwn_cmd_intr(sc, desc); 1719 1720 switch (desc->type) { 1721 case IWN_RX_DONE: 1722 case IWN_AMPDU_RX_DONE: 1723 iwn_rx_intr(sc, desc, data); 1724 break; 1725 1726 case IWN_AMPDU_RX_START: 1727 iwn_ampdu_rx_start(sc, desc); 1728 break; 1729 1730 case IWN_TX_DONE: 1731 /* a 802.11 frame has been transmitted */ 1732 iwn_tx_intr(sc, desc); 1733 break; 1734 1735 case IWN_RX_STATISTICS: 1736 case IWN_BEACON_STATISTICS: 1737 iwn_rx_statistics(sc, desc); 1738 break; 1739 1740 case IWN_BEACON_MISSED: 1741 { 1742 struct iwn_beacon_missed *miss = 1743 (struct iwn_beacon_missed *)(desc + 1); 1744 /* 1745 * If more than 5 consecutive beacons are missed, 1746 * reinitialize the sensitivity state machine. 1747 */ 1748 DPRINTFN(2, ("beacons missed %d/%d\n", 1749 le32toh(miss->consecutive), le32toh(miss->total))); 1750 if (ic->ic_state == IEEE80211_S_RUN && 1751 le32toh(miss->consecutive) > 5) 1752 (void)iwn_init_sensitivity(sc); 1753 break; 1754 } 1755 1756 case IWN_UC_READY: 1757 { 1758 struct iwn_ucode_info *uc = 1759 (struct iwn_ucode_info *)(desc + 1); 1760 1761 /* the microcontroller is ready */ 1762 DPRINTF(("microcode alive notification version=%d.%d " 1763 "subtype=%x alive=%x\n", uc->major, uc->minor, 1764 uc->subtype, le32toh(uc->valid))); 1765 1766 if (le32toh(uc->valid) != 1) { 1767 aprint_error_dev(sc->sc_dev, "microcontroller initialization " 1768 "failed\n"); 1769 break; 1770 } 1771 if (uc->subtype == IWN_UCODE_INIT) { 1772 /* save microcontroller's report */ 1773 memcpy(&sc->ucode_info, uc, sizeof (*uc)); 1774 } 1775 break; 1776 } 1777 case IWN_STATE_CHANGED: 1778 { 1779 uint32_t *status = (uint32_t *)(desc + 1); 1780 1781 /* enabled/disabled notification */ 1782 DPRINTF(("state changed to %x\n", le32toh(*status))); 1783 1784 if (le32toh(*status) & 1) { 1785 /* the radio button has to be pushed */ 1786 aprint_error_dev(sc->sc_dev, "Radio transmitter is off\n"); 1787 /* turn the interface down */ 1788 ifp->if_flags &= ~IFF_UP; 1789 iwn_stop(ifp, 1); 1790 return; /* no further processing */ 1791 } 1792 break; 1793 } 1794 case IWN_START_SCAN: 1795 { 1796 struct iwn_start_scan *scan = 1797 (struct iwn_start_scan *)(desc + 1); 1798 1799 DPRINTFN(2, ("scanning channel %d status %x\n", 1800 scan->chan, le32toh(scan->status))); 1801 1802 /* fix current channel */ 1803 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1804 break; 1805 } 1806 case IWN_STOP_SCAN: 1807 { 1808 struct iwn_stop_scan *scan = 1809 (struct iwn_stop_scan *)(desc + 1); 1810 1811 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1812 scan->nchan, scan->status, scan->chan)); 1813 1814 if (scan->status == 1 && scan->chan <= 14) { 1815 /* 1816 * We just finished scanning 802.11g channels, 1817 * start scanning 802.11a ones. 1818 */ 1819 if (iwn_scan(sc, IEEE80211_CHAN_A) == 0) 1820 break; 1821 } 1822 sc->is_scanning = false; 1823 ieee80211_end_scan(ic); 1824 break; 1825 } 1826 } 1827 1828 sc->rxq.cur = (sc->rxq.cur + 1) % IWN_RX_RING_COUNT; 1829 } 1830 1831 /* tell the firmware what we have processed */ 1832 hw = (hw == 0) ? IWN_RX_RING_COUNT - 1 : hw - 1; 1833 IWN_WRITE(sc, IWN_RX_WIDX, hw & ~7); 1834 } 1835 1836 static int 1837 iwn_intr(void *arg) 1838 { 1839 struct iwn_softc *sc = arg; 1840 struct ifnet *ifp = sc->sc_ic.ic_ifp; 1841 uint32_t r1, r2; 1842 1843 /* disable interrupts */ 1844 IWN_WRITE(sc, IWN_MASK, 0); 1845 1846 r1 = IWN_READ(sc, IWN_INTR); 1847 r2 = IWN_READ(sc, IWN_INTR_STATUS); 1848 1849 if (r1 == 0 && r2 == 0) { 1850 if (ifp->if_flags & IFF_UP) 1851 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 1852 return 0; /* not for us */ 1853 } 1854 1855 if (r1 == 0xffffffff) 1856 return 0; /* hardware gone */ 1857 1858 /* ack interrupts */ 1859 IWN_WRITE(sc, IWN_INTR, r1); 1860 IWN_WRITE(sc, IWN_INTR_STATUS, r2); 1861 1862 DPRINTFN(5, ("interrupt reg1=%x reg2=%x\n", r1, r2)); 1863 1864 if (r1 & IWN_RF_TOGGLED) { 1865 uint32_t tmp = IWN_READ(sc, IWN_GPIO_CTL); 1866 aprint_error_dev(sc->sc_dev, "RF switch: radio %s\n", 1867 (tmp & IWN_GPIO_RF_ENABLED) ? "enabled" : "disabled"); 1868 } 1869 if (r1 & IWN_CT_REACHED) { 1870 aprint_error_dev(sc->sc_dev, "critical temperature reached!\n"); 1871 } 1872 if (r1 & (IWN_SW_ERROR | IWN_HW_ERROR)) { 1873 aprint_error_dev(sc->sc_dev, "fatal firmware error\n"); 1874 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP; 1875 iwn_stop(sc->sc_ic.ic_ifp, 1); 1876 return 1; 1877 } 1878 1879 if ((r1 & (IWN_RX_INTR | IWN_SW_RX_INTR)) || 1880 (r2 & IWN_RX_STATUS_INTR)) 1881 iwn_notif_intr(sc); 1882 1883 if (r1 & IWN_ALIVE_INTR) 1884 wakeup(sc); 1885 1886 /* re-enable interrupts */ 1887 if (ifp->if_flags & IFF_UP) 1888 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 1889 1890 return 1; 1891 } 1892 1893 static uint8_t 1894 iwn_plcp_signal(int rate) 1895 { 1896 switch (rate) { 1897 /* CCK rates (returned values are device-dependent) */ 1898 case 2: return 10; 1899 case 4: return 20; 1900 case 11: return 55; 1901 case 22: return 110; 1902 1903 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 1904 /* R1-R4, (u)ral is R4-R1 */ 1905 case 12: return 0xd; 1906 case 18: return 0xf; 1907 case 24: return 0x5; 1908 case 36: return 0x7; 1909 case 48: return 0x9; 1910 case 72: return 0xb; 1911 case 96: return 0x1; 1912 case 108: return 0x3; 1913 case 120: return 0x3; 1914 } 1915 /* unknown rate (should not get there) */ 1916 return 0; 1917 } 1918 1919 /* determine if a given rate is CCK or OFDM */ 1920 #define IWN_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1921 1922 static int 1923 iwn_tx_data(struct iwn_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, 1924 int ac) 1925 { 1926 struct ieee80211com *ic = &sc->sc_ic; 1927 struct iwn_tx_ring *ring = &sc->txq[ac]; 1928 struct iwn_tx_desc *desc; 1929 struct iwn_tx_data *data; 1930 struct iwn_tx_cmd *cmd; 1931 struct iwn_cmd_data *tx; 1932 struct ieee80211_frame *wh; 1933 struct ieee80211_key *k; 1934 const struct chanAccParams *cap; 1935 struct mbuf *mnew; 1936 bus_addr_t paddr; 1937 uint32_t flags; 1938 uint8_t type; 1939 int i, error, pad, rate, hdrlen, noack = 0; 1940 1941 DPRINTFN(5, ("iwn_tx_data entry\n")); 1942 1943 desc = &ring->desc[ring->cur]; 1944 data = &ring->data[ring->cur]; 1945 1946 wh = mtod(m0, struct ieee80211_frame *); 1947 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1948 1949 if (IEEE80211_QOS_HAS_SEQ(wh)) { 1950 hdrlen = sizeof (struct ieee80211_qosframe); 1951 cap = &ic->ic_wme.wme_chanParams; 1952 noack = cap->cap_wmeParams[ac].wmep_noackPolicy; 1953 } else 1954 hdrlen = sizeof (struct ieee80211_frame); 1955 1956 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1957 k = ieee80211_crypto_encap(ic, ni, m0); 1958 if (k == NULL) { 1959 m_freem(m0); 1960 return ENOBUFS; 1961 } 1962 /* packet header may have moved, reset our local pointer */ 1963 wh = mtod(m0, struct ieee80211_frame *); 1964 } 1965 1966 /* pickup a rate */ 1967 if (type == IEEE80211_FC0_TYPE_MGT) { 1968 /* mgmt frames are sent at the lowest available bit-rate */ 1969 rate = ni->ni_rates.rs_rates[0]; 1970 } else { 1971 if (ic->ic_fixed_rate != -1) { 1972 rate = ic->ic_sup_rates[ic->ic_curmode]. 1973 rs_rates[ic->ic_fixed_rate]; 1974 } else 1975 rate = ni->ni_rates.rs_rates[ni->ni_txrate]; 1976 } 1977 rate &= IEEE80211_RATE_VAL; 1978 1979 #if NBPFILTER > 0 1980 if (sc->sc_drvbpf != NULL) { 1981 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap; 1982 1983 tap->wt_flags = 0; 1984 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1985 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1986 tap->wt_rate = rate; 1987 tap->wt_hwqueue = ac; 1988 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 1989 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1990 1991 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 1992 } 1993 #endif 1994 1995 cmd = &ring->cmd[ring->cur]; 1996 cmd->code = IWN_CMD_TX_DATA; 1997 cmd->flags = 0; 1998 cmd->qid = ring->qid; 1999 cmd->idx = ring->cur; 2000 2001 tx = (struct iwn_cmd_data *)cmd->data; 2002 2003 flags = IWN_TX_AUTO_SEQ; 2004 if (!noack && !IEEE80211_IS_MULTICAST(wh->i_addr1)){ 2005 flags |= IWN_TX_NEED_ACK; 2006 }else if (m0->m_pkthdr.len + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) 2007 flags |= (IWN_TX_NEED_RTS | IWN_TX_FULL_TXOP); 2008 2009 if (IEEE80211_IS_MULTICAST(wh->i_addr1) 2010 || (type != IEEE80211_FC0_TYPE_DATA)) 2011 tx->id = IWN_ID_BROADCAST; 2012 else 2013 tx->id = IWN_ID_BSS; 2014 2015 DPRINTFN(5, ("addr1: %x:%x:%x:%x:%x:%x, id = 0x%x\n", 2016 wh->i_addr1[0], wh->i_addr1[1], wh->i_addr1[2], 2017 wh->i_addr1[3], wh->i_addr1[4], wh->i_addr1[5], tx->id)); 2018 2019 if (type == IEEE80211_FC0_TYPE_MGT) { 2020 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2021 2022 /* tell h/w to set timestamp in probe responses */ 2023 if ((subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) || 2024 (subtype == IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 2025 flags |= IWN_TX_INSERT_TSTAMP; 2026 2027 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2028 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ || 2029 subtype == IEEE80211_FC0_SUBTYPE_AUTH || 2030 subtype == IEEE80211_FC0_SUBTYPE_DEAUTH) { 2031 flags &= ~IWN_TX_NEED_RTS; 2032 flags |= IWN_TX_NEED_CTS; 2033 tx->timeout = htole16(3); 2034 } else 2035 tx->timeout = htole16(2); 2036 } else 2037 tx->timeout = htole16(0); 2038 2039 if (hdrlen & 3) { 2040 /* first segment's length must be a multiple of 4 */ 2041 flags |= IWN_TX_NEED_PADDING; 2042 pad = 4 - (hdrlen & 3); 2043 } else 2044 pad = 0; 2045 2046 if (type == IEEE80211_FC0_TYPE_CTL) { 2047 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2048 2049 /* tell h/w to set timestamp in probe responses */ 2050 if (subtype == 0x0080) /* linux says this is "back request" */ 2051 /* linux says (1 << 6) is IMM_BA_RSP_MASK */ 2052 flags |= (IWN_TX_NEED_ACK | (1 << 6)); 2053 } 2054 2055 2056 tx->flags = htole32(flags); 2057 tx->len = htole16(m0->m_pkthdr.len); 2058 tx->rate = iwn_plcp_signal(rate); 2059 tx->rts_ntries = 60; 2060 tx->data_ntries = 15; 2061 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 2062 2063 /* XXX alternate between Ant A and Ant B ? */ 2064 tx->rflags = IWN_RFLAG_ANT_B; 2065 if (tx->id == IWN_ID_BROADCAST) { 2066 tx->ridx = IWN_MAX_TX_RETRIES - 1; 2067 if (!IWN_RATE_IS_OFDM(rate)) 2068 tx->rflags |= IWN_RFLAG_CCK; 2069 } else { 2070 tx->ridx = 0; 2071 /* tell adapter to ignore rflags */ 2072 tx->flags |= htole32(IWN_TX_USE_NODE_RATE); 2073 } 2074 2075 /* copy and trim IEEE802.11 header */ 2076 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 2077 m_adj(m0, hdrlen); 2078 2079 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 2080 BUS_DMA_WRITE | BUS_DMA_NOWAIT); 2081 if (error != 0 && error != EFBIG) { 2082 aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error); 2083 m_freem(m0); 2084 return error; 2085 } 2086 if (error != 0) { 2087 /* too many fragments, linearize */ 2088 2089 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 2090 if (mnew == NULL) { 2091 m_freem(m0); 2092 return ENOMEM; 2093 } 2094 M_COPY_PKTHDR(mnew, m0); 2095 if (m0->m_pkthdr.len > MHLEN) { 2096 MCLGET(mnew, M_DONTWAIT); 2097 if (!(mnew->m_flags & M_EXT)) { 2098 m_freem(m0); 2099 m_freem(mnew); 2100 return ENOMEM; 2101 } 2102 } 2103 2104 m_copydata(m0, 0, m0->m_pkthdr.len, mtod(mnew, void *)); 2105 m_freem(m0); 2106 mnew->m_len = mnew->m_pkthdr.len; 2107 m0 = mnew; 2108 2109 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 2110 BUS_DMA_WRITE | BUS_DMA_NOWAIT); 2111 if (error != 0) { 2112 aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error); 2113 m_freem(m0); 2114 return error; 2115 } 2116 } 2117 2118 data->m = m0; 2119 data->ni = ni; 2120 2121 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 2122 ring->qid, ring->cur, m0->m_pkthdr.len, data->map->dm_nsegs)); 2123 2124 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 2125 tx->loaddr = htole32(paddr + 4 + 2126 offsetof(struct iwn_cmd_data, ntries)); 2127 tx->hiaddr = 0; /* limit to 32-bit physical addresses */ 2128 2129 /* first scatter/gather segment is used by the tx data command */ 2130 IWN_SET_DESC_NSEGS(desc, 1 + data->map->dm_nsegs); 2131 IWN_SET_DESC_SEG(desc, 0, paddr, 4 + sizeof (*tx) + hdrlen + pad); 2132 for (i = 1; i <= data->map->dm_nsegs; i++) { 2133 IWN_SET_DESC_SEG(desc, i, data->map->dm_segs[i - 1].ds_addr, 2134 data->map->dm_segs[i - 1].ds_len); 2135 } 2136 sc->shared->len[ring->qid][ring->cur] = 2137 htole16(hdrlen + m0->m_pkthdr.len + 8); 2138 if (ring->cur < IWN_TX_WINDOW) { 2139 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 2140 htole16(hdrlen + m0->m_pkthdr.len + 8); 2141 } 2142 2143 ring->queued++; 2144 2145 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 2146 data->map->dm_mapsize /* calc? */, BUS_DMASYNC_PREWRITE); 2147 2148 /* kick ring */ 2149 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 2150 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 2151 2152 return 0; 2153 } 2154 2155 static void 2156 iwn_start(struct ifnet *ifp) 2157 { 2158 struct iwn_softc *sc = ifp->if_softc; 2159 struct ieee80211com *ic = &sc->sc_ic; 2160 struct ieee80211_node *ni; 2161 struct ether_header *eh; 2162 struct mbuf *m0; 2163 int ac; 2164 2165 DPRINTFN(5, ("iwn_start enter\n")); 2166 2167 /* 2168 * net80211 may still try to send management frames even if the 2169 * IFF_RUNNING flag is not set... 2170 */ 2171 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 2172 return; 2173 2174 for (;;) { 2175 IF_DEQUEUE(&ic->ic_mgtq, m0); 2176 if (m0 != NULL) { 2177 /* management frames go into ring 0 */ 2178 2179 2180 ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif; 2181 m0->m_pkthdr.rcvif = NULL; 2182 2183 /* management goes into ring 0 */ 2184 if (sc->txq[0].queued > sc->txq[0].count - 8) { 2185 ifp->if_oerrors++; 2186 continue; 2187 } 2188 2189 #if NBPFILTER > 0 2190 if (ic->ic_rawbpf != NULL) 2191 bpf_mtap(ic->ic_rawbpf, m0); 2192 #endif 2193 if (iwn_tx_data(sc, m0, ni, 0) != 0) { 2194 ifp->if_oerrors++; 2195 break; 2196 } 2197 } else { 2198 if (ic->ic_state != IEEE80211_S_RUN) 2199 break; 2200 IFQ_POLL(&ifp->if_snd, m0); 2201 if (m0 == NULL) 2202 break; 2203 2204 if (m0->m_len < sizeof (*eh) && 2205 (m0 = m_pullup(m0, sizeof (*eh))) == NULL) { 2206 ifp->if_oerrors++; 2207 continue; 2208 } 2209 eh = mtod(m0, struct ether_header *); 2210 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 2211 if (ni == NULL) { 2212 m_freem(m0); 2213 ifp->if_oerrors++; 2214 continue; 2215 } 2216 /* classify mbuf so we can find which tx ring to use */ 2217 if (ieee80211_classify(ic, m0, ni) != 0) { 2218 m_freem(m0); 2219 ieee80211_free_node(ni); 2220 ifp->if_oerrors++; 2221 continue; 2222 } 2223 2224 /* no QoS encapsulation for EAPOL frames */ 2225 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ? 2226 M_WME_GETAC(m0) : WME_AC_BE; 2227 2228 if (sc->txq[ac].queued > sc->txq[ac].count - 8) { 2229 2230 /* there is no place left in this ring */ 2231 ifp->if_flags |= IFF_OACTIVE; 2232 break; 2233 } 2234 IFQ_DEQUEUE(&ifp->if_snd, m0); 2235 #if NBPFILTER > 0 2236 if (ifp->if_bpf != NULL) 2237 bpf_mtap(ifp->if_bpf, m0); 2238 #endif 2239 m0 = ieee80211_encap(ic, m0, ni); 2240 if (m0 == NULL) { 2241 ieee80211_free_node(ni); 2242 ifp->if_oerrors++; 2243 continue; 2244 } 2245 #if NBPFILTER > 0 2246 if (ic->ic_rawbpf != NULL) 2247 bpf_mtap(ic->ic_rawbpf, m0); 2248 #endif 2249 if (iwn_tx_data(sc, m0, ni, ac) != 0) { 2250 ieee80211_free_node(ni); 2251 ifp->if_oerrors++; 2252 break; 2253 } 2254 } 2255 2256 sc->sc_tx_timer = 5; 2257 ifp->if_timer = 1; 2258 } 2259 } 2260 2261 static void 2262 iwn_watchdog(struct ifnet *ifp) 2263 { 2264 struct iwn_softc *sc = ifp->if_softc; 2265 2266 ifp->if_timer = 0; 2267 2268 if (sc->sc_tx_timer > 0) { 2269 if (--sc->sc_tx_timer == 0) { 2270 aprint_error_dev(sc->sc_dev, "device timeout\n"); 2271 ifp->if_flags &= ~IFF_UP; 2272 iwn_stop(ifp, 1); 2273 ifp->if_oerrors++; 2274 return; 2275 } 2276 ifp->if_timer = 1; 2277 } 2278 2279 ieee80211_watchdog(&sc->sc_ic); 2280 } 2281 2282 static int 2283 iwn_ioctl(struct ifnet *ifp, u_long cmd, void * data) 2284 { 2285 2286 #define IS_RUNNING(ifp) \ 2287 ((ifp->if_flags & IFF_UP) && (ifp->if_flags & IFF_RUNNING)) 2288 2289 struct iwn_softc *sc = ifp->if_softc; 2290 struct ieee80211com *ic = &sc->sc_ic; 2291 int s, error = 0; 2292 2293 s = splnet(); 2294 2295 switch (cmd) { 2296 case SIOCSIFFLAGS: 2297 if (ifp->if_flags & IFF_UP) { 2298 if (!(ifp->if_flags & IFF_RUNNING)) 2299 iwn_init(ifp); 2300 } else { 2301 if (ifp->if_flags & IFF_RUNNING) 2302 iwn_stop(ifp, 1); 2303 } 2304 break; 2305 2306 case SIOCADDMULTI: 2307 case SIOCDELMULTI: 2308 /* XXX no h/w multicast filter? --dyoung */ 2309 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 2310 /* setup multicast filter, etc */ 2311 error = 0; 2312 } 2313 break; 2314 2315 default: 2316 error = ieee80211_ioctl(ic, cmd, data); 2317 } 2318 2319 if (error == ENETRESET) { 2320 if (IS_RUNNING(ifp) && 2321 (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)) 2322 iwn_init(ifp); 2323 error = 0; 2324 } 2325 2326 splx(s); 2327 return error; 2328 2329 #undef IS_RUNNING 2330 } 2331 2332 static void 2333 iwn_read_eeprom(struct iwn_softc *sc) 2334 { 2335 struct ieee80211com *ic = &sc->sc_ic; 2336 char domain[4]; 2337 uint16_t val; 2338 int i, error; 2339 2340 if ((error = iwn_eeprom_lock(sc)) != 0) { 2341 aprint_error_dev(sc->sc_dev, "could not lock EEPROM (error=%d)\n", error); 2342 return; 2343 } 2344 /* read and print regulatory domain */ 2345 iwn_read_prom_data(sc, IWN_EEPROM_DOMAIN, domain, 4); 2346 aprint_error_dev(sc->sc_dev, "%.4s", domain); 2347 2348 /* read and print MAC address */ 2349 iwn_read_prom_data(sc, IWN_EEPROM_MAC, ic->ic_myaddr, 6); 2350 aprint_error(", address %s\n", ether_sprintf(ic->ic_myaddr)); 2351 2352 /* read the list of authorized channels */ 2353 for (i = 0; i < IWN_CHAN_BANDS_COUNT; i++) 2354 iwn_read_eeprom_channels(sc, i); 2355 2356 /* read maximum allowed Tx power for 2GHz and 5GHz bands */ 2357 iwn_read_prom_data(sc, IWN_EEPROM_MAXPOW, &val, 2); 2358 sc->maxpwr2GHz = val & 0xff; 2359 sc->maxpwr5GHz = val >> 8; 2360 /* check that EEPROM values are correct */ 2361 if (sc->maxpwr5GHz < 20 || sc->maxpwr5GHz > 50) 2362 sc->maxpwr5GHz = 38; 2363 if (sc->maxpwr2GHz < 20 || sc->maxpwr2GHz > 50) 2364 sc->maxpwr2GHz = 38; 2365 DPRINTF(("maxpwr 2GHz=%d 5GHz=%d\n", sc->maxpwr2GHz, sc->maxpwr5GHz)); 2366 2367 /* read voltage at which samples were taken */ 2368 iwn_read_prom_data(sc, IWN_EEPROM_VOLTAGE, &val, 2); 2369 sc->eeprom_voltage = (int16_t)le16toh(val); 2370 DPRINTF(("voltage=%d (in 0.3V)\n", sc->eeprom_voltage)); 2371 2372 /* read power groups */ 2373 iwn_read_prom_data(sc, IWN_EEPROM_BANDS, sc->bands, sizeof sc->bands); 2374 #ifdef IWN_DEBUG 2375 if (iwn_debug > 0) { 2376 for (i = 0; i < IWN_NBANDS; i++) 2377 iwn_print_power_group(sc, i); 2378 } 2379 #endif 2380 iwn_eeprom_unlock(sc); 2381 } 2382 2383 static void 2384 iwn_read_eeprom_channels(struct iwn_softc *sc, int n) 2385 { 2386 struct ieee80211com *ic = &sc->sc_ic; 2387 const struct iwn_chan_band *band = &iwn_bands[n]; 2388 struct iwn_eeprom_chan channels[IWN_MAX_CHAN_PER_BAND]; 2389 int chan, i; 2390 2391 iwn_read_prom_data(sc, band->addr, channels, 2392 band->nchan * sizeof (struct iwn_eeprom_chan)); 2393 2394 for (i = 0; i < band->nchan; i++) { 2395 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) 2396 continue; 2397 2398 chan = band->chan[i]; 2399 2400 if (n == 0) { /* 2GHz band */ 2401 ic->ic_channels[chan].ic_freq = 2402 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 2403 ic->ic_channels[chan].ic_flags = 2404 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 2405 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 2406 2407 } else { /* 5GHz band */ 2408 /* 2409 * Some adapters support channels 7, 8, 11 and 12 2410 * both in the 2GHz *and* 5GHz bands. 2411 * Because of limitations in our net80211(9) stack, 2412 * we can't support these channels in 5GHz band. 2413 */ 2414 if (chan <= 14) 2415 continue; 2416 2417 ic->ic_channels[chan].ic_freq = 2418 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 2419 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 2420 } 2421 2422 /* is active scan allowed on this channel? */ 2423 if (!(channels[i].flags & IWN_EEPROM_CHAN_ACTIVE)) { 2424 ic->ic_channels[chan].ic_flags |= 2425 IEEE80211_CHAN_PASSIVE; 2426 } 2427 2428 /* save maximum allowed power for this channel */ 2429 sc->maxpwr[chan] = channels[i].maxpwr; 2430 2431 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 2432 chan, channels[i].flags, sc->maxpwr[chan])); 2433 } 2434 } 2435 2436 #ifdef IWN_DEBUG 2437 static void 2438 iwn_print_power_group(struct iwn_softc *sc, int i) 2439 { 2440 struct iwn_eeprom_band *band = &sc->bands[i]; 2441 struct iwn_eeprom_chan_samples *chans = band->chans; 2442 int j, c; 2443 2444 DPRINTF(("===band %d===\n", i)); 2445 DPRINTF(("chan lo=%d, chan hi=%d\n", band->lo, band->hi)); 2446 DPRINTF(("chan1 num=%d\n", chans[0].num)); 2447 for (c = 0; c < IWN_NTXCHAINS; c++) { 2448 for (j = 0; j < IWN_NSAMPLES; j++) { 2449 DPRINTF(("chain %d, sample %d: temp=%d gain=%d " 2450 "power=%d pa_det=%d\n", c, j, 2451 chans[0].samples[c][j].temp, 2452 chans[0].samples[c][j].gain, 2453 chans[0].samples[c][j].power, 2454 chans[0].samples[c][j].pa_det)); 2455 } 2456 } 2457 DPRINTF(("chan2 num=%d\n", chans[1].num)); 2458 for (c = 0; c < IWN_NTXCHAINS; c++) { 2459 for (j = 0; j < IWN_NSAMPLES; j++) { 2460 DPRINTF(("chain %d, sample %d: temp=%d gain=%d " 2461 "power=%d pa_det=%d\n", c, j, 2462 chans[1].samples[c][j].temp, 2463 chans[1].samples[c][j].gain, 2464 chans[1].samples[c][j].power, 2465 chans[1].samples[c][j].pa_det)); 2466 } 2467 } 2468 } 2469 #endif 2470 2471 /* 2472 * Send a command to the firmware. 2473 */ 2474 static int 2475 iwn_cmd(struct iwn_softc *sc, int code, const void *buf, int size, int async) 2476 { 2477 struct iwn_tx_ring *ring = &sc->txq[4]; 2478 struct iwn_tx_desc *desc; 2479 struct iwn_tx_cmd *cmd; 2480 bus_addr_t paddr; 2481 2482 KASSERT(size <= sizeof cmd->data); 2483 2484 desc = &ring->desc[ring->cur]; 2485 cmd = &ring->cmd[ring->cur]; 2486 2487 cmd->code = code; 2488 cmd->flags = 0; 2489 cmd->qid = ring->qid; 2490 cmd->idx = ring->cur; 2491 memcpy(cmd->data, buf, size); 2492 2493 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 2494 2495 IWN_SET_DESC_NSEGS(desc, 1); 2496 IWN_SET_DESC_SEG(desc, 0, paddr, 4 + size); 2497 sc->shared->len[ring->qid][ring->cur] = htole16(8); 2498 if (ring->cur < IWN_TX_WINDOW) { 2499 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 2500 htole16(8); 2501 } 2502 2503 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 0, 2504 4 + size, BUS_DMASYNC_PREWRITE); 2505 2506 /* kick cmd ring */ 2507 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 2508 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 2509 2510 return async ? 0 : tsleep(cmd, PCATCH, "iwncmd", hz); 2511 } 2512 2513 /* 2514 * Configure hardware multi-rate retries for one node. 2515 */ 2516 static int 2517 iwn_setup_node_mrr(struct iwn_softc *sc, uint8_t id, int async) 2518 { 2519 struct ieee80211com *ic = &sc->sc_ic; 2520 struct iwn_cmd_mrr mrr; 2521 int i, ridx; 2522 2523 memset(&mrr, 0, sizeof mrr); 2524 mrr.id = id; 2525 mrr.ssmask = 2; 2526 mrr.dsmask = 3; 2527 mrr.ampdu_disable = 3; 2528 mrr.ampdu_limit = htole16(4000); 2529 2530 if (id == IWN_ID_BSS) 2531 ridx = IWN_OFDM54; 2532 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2533 ridx = IWN_OFDM6; 2534 else 2535 ridx = IWN_CCK1; 2536 for (i = 0; i < IWN_MAX_TX_RETRIES; i++) { 2537 mrr.table[i].rate = iwn_ridx_to_plcp[ridx]; 2538 mrr.table[i].rflags = IWN_RFLAG_ANT_B; 2539 if (ridx <= IWN_CCK11) 2540 mrr.table[i].rflags |= IWN_RFLAG_CCK; 2541 ridx = iwn_prev_ridx[ridx]; 2542 } 2543 return iwn_cmd(sc, IWN_CMD_NODE_MRR_SETUP, &mrr, sizeof mrr, async); 2544 } 2545 2546 static int 2547 iwn_wme_update(struct ieee80211com *ic) 2548 { 2549 #define IWN_EXP2(v) htole16((1 << (v)) - 1) 2550 #define IWN_USEC(v) htole16(IEEE80211_TXOP_TO_US(v)) 2551 struct iwn_softc *sc = ic->ic_ifp->if_softc; 2552 const struct wmeParams *wmep; 2553 struct iwn_wme_setup wme; 2554 int ac; 2555 2556 /* don't override default WME values if WME is not actually enabled */ 2557 if (!(ic->ic_flags & IEEE80211_F_WME)) 2558 return 0; 2559 2560 wme.flags = 0; 2561 for (ac = 0; ac < WME_NUM_AC; ac++) { 2562 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac]; 2563 wme.ac[ac].aifsn = wmep->wmep_aifsn; 2564 wme.ac[ac].cwmin = IWN_EXP2(wmep->wmep_logcwmin); 2565 wme.ac[ac].cwmax = IWN_EXP2(wmep->wmep_logcwmax); 2566 wme.ac[ac].txop = IWN_USEC(wmep->wmep_txopLimit); 2567 2568 DPRINTF(("setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 2569 "txop=%d\n", ac, wme.ac[ac].aifsn, wme.ac[ac].cwmin, 2570 wme.ac[ac].cwmax, wme.ac[ac].txop)); 2571 } 2572 2573 return iwn_cmd(sc, IWN_CMD_SET_WME, &wme, sizeof wme, 1); 2574 #undef IWN_USEC 2575 #undef IWN_EXP2 2576 } 2577 2578 2579 2580 static void 2581 iwn_set_led(struct iwn_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2582 { 2583 struct iwn_cmd_led led; 2584 2585 led.which = which; 2586 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2587 led.off = off; 2588 led.on = on; 2589 2590 (void)iwn_cmd(sc, IWN_CMD_SET_LED, &led, sizeof led, 1); 2591 } 2592 2593 /* 2594 * Set the critical temperature at which the firmware will automatically stop 2595 * the radio transmitter. 2596 */ 2597 static int 2598 iwn_set_critical_temp(struct iwn_softc *sc) 2599 { 2600 struct iwn_ucode_info *uc = &sc->ucode_info; 2601 struct iwn_critical_temp crit; 2602 uint32_t r1, r2, r3, temp; 2603 2604 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_CTEMP_STOP_RF); 2605 2606 r1 = le32toh(uc->temp[0].chan20MHz); 2607 r2 = le32toh(uc->temp[1].chan20MHz); 2608 r3 = le32toh(uc->temp[2].chan20MHz); 2609 /* inverse function of iwn_get_temperature() */ 2610 2611 temp = r2 + ((IWN_CTOK(110) * (r3 - r1)) / 259); 2612 2613 memset(&crit, 0, sizeof crit); 2614 crit.tempR = htole32(temp); 2615 DPRINTF(("setting critical temperature to %u\n", temp)); 2616 return iwn_cmd(sc, IWN_CMD_SET_CRITICAL_TEMP, &crit, sizeof crit, 0); 2617 } 2618 2619 static void 2620 iwn_enable_tsf(struct iwn_softc *sc, struct ieee80211_node *ni) 2621 { 2622 struct iwn_cmd_tsf tsf; 2623 uint64_t val, mod; 2624 2625 memset(&tsf, 0, sizeof tsf); 2626 memcpy(&tsf.tstamp, ni->ni_tstamp.data, 8); 2627 tsf.bintval = htole16(ni->ni_intval); 2628 tsf.lintval = htole16(10); 2629 2630 /* compute remaining time until next beacon */ 2631 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2632 mod = le64toh(tsf.tstamp) % val; 2633 tsf.binitval = htole32((uint32_t)(val - mod)); 2634 2635 DPRINTF(("TSF bintval=%u tstamp=%" PRIu64 ", init=%" PRIu64 "\n", 2636 ni->ni_intval, le64toh(tsf.tstamp), val - mod)); 2637 2638 if (iwn_cmd(sc, IWN_CMD_TSF, &tsf, sizeof tsf, 1) != 0) 2639 aprint_error_dev(sc->sc_dev, "could not enable TSF\n"); 2640 } 2641 2642 static void 2643 iwn_power_calibration(struct iwn_softc *sc, int temp) 2644 { 2645 struct ieee80211com *ic = &sc->sc_ic; 2646 2647 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2648 2649 /* adjust Tx power if need be (delta >= 3C) */ 2650 if (abs(temp - sc->temp) < 3) 2651 return; 2652 2653 sc->temp = temp; 2654 2655 DPRINTF(("setting Tx power for channel %d\n", 2656 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan))); 2657 if (iwn_set_txpower(sc, ic->ic_bss->ni_chan, 1) != 0) { 2658 /* just warn, too bad for the automatic calibration... */ 2659 aprint_error_dev(sc->sc_dev, "could not adjust Tx power\n"); 2660 } 2661 } 2662 2663 /* 2664 * Set Tx power for a given channel (each rate has its own power settings). 2665 * This function takes into account the regulatory information from EEPROM, 2666 * the current temperature and the current voltage. 2667 */ 2668 static int 2669 iwn_set_txpower(struct iwn_softc *sc, struct ieee80211_channel *ch, int async) 2670 { 2671 /* fixed-point arithmetic division using a n-bit fractional part */ 2672 #define fdivround(a, b, n) \ 2673 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2674 /* linear interpolation */ 2675 #define interpolate(x, x1, y1, x2, y2, n) \ 2676 ((y1) + fdivround(((int)(x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2677 2678 static const int tdiv[IWN_NATTEN_GROUPS] = { 9, 8, 8, 8, 6 }; 2679 struct ieee80211com *ic = &sc->sc_ic; 2680 struct iwn_ucode_info *uc = &sc->ucode_info; 2681 struct iwn_cmd_txpower cmd; 2682 struct iwn_eeprom_chan_samples *chans; 2683 const uint8_t *rf_gain, *dsp_gain; 2684 int32_t vdiff, tdiff; 2685 int i, c, grp, maxpwr; 2686 u_int chan; 2687 2688 /* get channel number */ 2689 chan = ieee80211_chan2ieee(ic, ch); 2690 2691 memset(&cmd, 0, sizeof cmd); 2692 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2693 cmd.chan = chan; 2694 2695 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2696 maxpwr = sc->maxpwr5GHz; 2697 rf_gain = iwn_rf_gain_5ghz; 2698 dsp_gain = iwn_dsp_gain_5ghz; 2699 } else { 2700 maxpwr = sc->maxpwr2GHz; 2701 rf_gain = iwn_rf_gain_2ghz; 2702 dsp_gain = iwn_dsp_gain_2ghz; 2703 } 2704 2705 /* compute voltage compensation */ 2706 vdiff = ((int32_t)le32toh(uc->volt) - sc->eeprom_voltage) / 7; 2707 if (vdiff > 0) 2708 vdiff *= 2; 2709 if (abs(vdiff) > 2) 2710 vdiff = 0; 2711 DPRINTF(("voltage compensation=%d (UCODE=%d, EEPROM=%d)\n", 2712 vdiff, le32toh(uc->volt), sc->eeprom_voltage)); 2713 2714 /* get channel's attenuation group */ 2715 if (chan <= 20) /* 1-20 */ 2716 grp = 4; 2717 else if (chan <= 43) /* 34-43 */ 2718 grp = 0; 2719 else if (chan <= 70) /* 44-70 */ 2720 grp = 1; 2721 else if (chan <= 124) /* 71-124 */ 2722 grp = 2; 2723 else /* 125-200 */ 2724 grp = 3; 2725 DPRINTF(("chan %d, attenuation group=%d\n", chan, grp)); 2726 2727 /* get channel's sub-band */ 2728 for (i = 0; i < IWN_NBANDS; i++) 2729 if (sc->bands[i].lo != 0 && 2730 sc->bands[i].lo <= chan && chan <= sc->bands[i].hi) 2731 break; 2732 chans = sc->bands[i].chans; 2733 DPRINTF(("chan %d sub-band=%d\n", chan, i)); 2734 2735 for (c = 0; c < IWN_NTXCHAINS; c++) { 2736 uint8_t power, gain, temp; 2737 int maxchpwr, pwr, ridx, idx; 2738 2739 power = interpolate(chan, 2740 chans[0].num, chans[0].samples[c][1].power, 2741 chans[1].num, chans[1].samples[c][1].power, 1); 2742 gain = interpolate(chan, 2743 chans[0].num, chans[0].samples[c][1].gain, 2744 chans[1].num, chans[1].samples[c][1].gain, 1); 2745 temp = interpolate(chan, 2746 chans[0].num, chans[0].samples[c][1].temp, 2747 chans[1].num, chans[1].samples[c][1].temp, 1); 2748 DPRINTF(("Tx chain %d: power=%d gain=%d temp=%d\n", 2749 c, power, gain, temp)); 2750 2751 /* compute temperature compensation */ 2752 tdiff = ((sc->temp - temp) * 2) / tdiv[grp]; 2753 DPRINTF(("temperature compensation=%d (current=%d, " 2754 "EEPROM=%d)\n", tdiff, sc->temp, temp)); 2755 2756 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) { 2757 maxchpwr = sc->maxpwr[chan] * 2; 2758 if ((ridx / 8) & 1) { 2759 /* MIMO: decrease Tx power (-3dB) */ 2760 maxchpwr -= 6; 2761 } 2762 2763 pwr = maxpwr - 10; 2764 2765 /* decrease power for highest OFDM rates */ 2766 if ((ridx % 8) == 5) /* 48Mbit/s */ 2767 pwr -= 5; 2768 else if ((ridx % 8) == 6) /* 54Mbit/s */ 2769 pwr -= 7; 2770 else if ((ridx % 8) == 7) /* 60Mbit/s */ 2771 pwr -= 10; 2772 2773 if (pwr > maxchpwr) 2774 pwr = maxchpwr; 2775 2776 idx = gain - (pwr - power) - tdiff - vdiff; 2777 if ((ridx / 8) & 1) /* MIMO */ 2778 idx += (int32_t)le32toh(uc->atten[grp][c]); 2779 2780 if (cmd.band == 0) 2781 idx += 9; /* 5GHz */ 2782 if (ridx == IWN_RIDX_MAX) 2783 idx += 5; /* CCK */ 2784 2785 /* make sure idx stays in a valid range */ 2786 if (idx < 0) 2787 idx = 0; 2788 else if (idx > IWN_MAX_PWR_INDEX) 2789 idx = IWN_MAX_PWR_INDEX; 2790 2791 DPRINTF(("Tx chain %d, rate idx %d: power=%d\n", 2792 c, ridx, idx)); 2793 cmd.power[ridx].rf_gain[c] = rf_gain[idx]; 2794 cmd.power[ridx].dsp_gain[c] = dsp_gain[idx]; 2795 } 2796 } 2797 2798 DPRINTF(("setting tx power for chan %d\n", chan)); 2799 return iwn_cmd(sc, IWN_CMD_TXPOWER, &cmd, sizeof cmd, async); 2800 2801 #undef interpolate 2802 #undef fdivround 2803 } 2804 2805 /* 2806 * Get the best (maximum) RSSI among Rx antennas (in dBm). 2807 */ 2808 static int 2809 iwn_get_rssi(const struct iwn_rx_stat *stat) 2810 { 2811 uint8_t mask, agc; 2812 int rssi; 2813 2814 mask = (le16toh(stat->antenna) >> 4) & 0x7; 2815 agc = (le16toh(stat->agc) >> 7) & 0x7f; 2816 2817 rssi = 0; 2818 if (mask & (1 << 0)) /* Ant A */ 2819 rssi = max(rssi, stat->rssi[0]); 2820 if (mask & (1 << 1)) /* Ant B */ 2821 rssi = max(rssi, stat->rssi[2]); 2822 if (mask & (1 << 2)) /* Ant C */ 2823 rssi = max(rssi, stat->rssi[4]); 2824 2825 return rssi - agc - IWN_RSSI_TO_DBM; 2826 } 2827 2828 /* 2829 * Get the average noise among Rx antennas (in dBm). 2830 */ 2831 static int 2832 iwn_get_noise(const struct iwn_rx_general_stats *stats) 2833 { 2834 int i, total, nbant, noise; 2835 2836 total = nbant = 0; 2837 for (i = 0; i < 3; i++) { 2838 if ((noise = le32toh(stats->noise[i]) & 0xff) == 0) 2839 continue; 2840 total += noise; 2841 nbant++; 2842 } 2843 /* there should be at least one antenna but check anyway */ 2844 return (nbant == 0) ? -127 : (total / nbant) - 107; 2845 } 2846 2847 /* 2848 * Read temperature (in degC) from the on-board thermal sensor. 2849 */ 2850 static int 2851 iwn_get_temperature(struct iwn_softc *sc) 2852 { 2853 struct iwn_ucode_info *uc = &sc->ucode_info; 2854 int32_t r1, r2, r3, r4, temp; 2855 2856 r1 = le32toh(uc->temp[0].chan20MHz); 2857 r2 = le32toh(uc->temp[1].chan20MHz); 2858 r3 = le32toh(uc->temp[2].chan20MHz); 2859 r4 = le32toh(sc->rawtemp); 2860 2861 if (r1 == r3) /* prevents division by 0 (should not happen) */ 2862 return 0; 2863 2864 /* sign-extend 23-bit R4 value to 32-bit */ 2865 r4 = (r4 << 8) >> 8; 2866 /* compute temperature */ 2867 temp = (259 * (r4 - r2)) / (r3 - r1); 2868 temp = (temp * 97) / 100 + 8; 2869 2870 DPRINTF(("temperature %dK/%dC\n", temp, IWN_KTOC(temp))); 2871 return IWN_KTOC(temp); 2872 } 2873 2874 /* 2875 * Initialize sensitivity calibration state machine. 2876 */ 2877 static int 2878 iwn_init_sensitivity(struct iwn_softc *sc) 2879 { 2880 struct iwn_calib_state *calib = &sc->calib; 2881 struct iwn_phy_calib_cmd cmd; 2882 int error; 2883 2884 /* reset calibration state */ 2885 memset(calib, 0, sizeof (*calib)); 2886 calib->state = IWN_CALIB_STATE_INIT; 2887 calib->cck_state = IWN_CCK_STATE_HIFA; 2888 /* initial values taken from the reference driver */ 2889 calib->corr_ofdm_x1 = 105; 2890 calib->corr_ofdm_mrc_x1 = 220; 2891 calib->corr_ofdm_x4 = 90; 2892 calib->corr_ofdm_mrc_x4 = 170; 2893 calib->corr_cck_x4 = 125; 2894 calib->corr_cck_mrc_x4 = 200; 2895 calib->energy_cck = 100; 2896 2897 /* write initial sensitivity values */ 2898 if ((error = iwn_send_sensitivity(sc)) != 0) 2899 return error; 2900 2901 memset(&cmd, 0, sizeof cmd); 2902 cmd.code = IWN_SET_DIFF_GAIN; 2903 /* differential gains initially set to 0 for all 3 antennas */ 2904 DPRINTF(("setting differential gains\n")); 2905 return iwn_cmd(sc, IWN_PHY_CALIB, &cmd, sizeof cmd, 1); 2906 } 2907 2908 /* 2909 * Collect noise and RSSI statistics for the first 20 beacons received 2910 * after association and use them to determine connected antennas and 2911 * set differential gains. 2912 */ 2913 static void 2914 iwn_compute_differential_gain(struct iwn_softc *sc, 2915 const struct iwn_rx_general_stats *stats) 2916 { 2917 struct iwn_calib_state *calib = &sc->calib; 2918 struct iwn_phy_calib_cmd cmd; 2919 int i, val; 2920 2921 /* accumulate RSSI and noise for all 3 antennas */ 2922 for (i = 0; i < 3; i++) { 2923 calib->rssi[i] += le32toh(stats->rssi[i]) & 0xff; 2924 calib->noise[i] += le32toh(stats->noise[i]) & 0xff; 2925 } 2926 2927 /* we update differential gain only once after 20 beacons */ 2928 if (++calib->nbeacons < 20) 2929 return; 2930 2931 /* determine antenna with highest average RSSI */ 2932 val = max(calib->rssi[0], calib->rssi[1]); 2933 val = max(calib->rssi[2], val); 2934 2935 /* determine which antennas are connected */ 2936 sc->antmsk = 0; 2937 for (i = 0; i < 3; i++) 2938 if (val - calib->rssi[i] <= 15 * 20) 2939 sc->antmsk |= 1 << i; 2940 /* if neither Ant A and Ant B are connected.. */ 2941 if ((sc->antmsk & (1 << 0 | 1 << 1)) == 0) 2942 sc->antmsk |= 1 << 1; /* ..mark Ant B as connected! */ 2943 2944 /* get minimal noise among connected antennas */ 2945 val = INT_MAX; /* ok, there's at least one */ 2946 for (i = 0; i < 3; i++) 2947 if (sc->antmsk & (1 << i)) 2948 val = min(calib->noise[i], val); 2949 2950 memset(&cmd, 0, sizeof cmd); 2951 cmd.code = IWN_SET_DIFF_GAIN; 2952 /* set differential gains for connected antennas */ 2953 for (i = 0; i < 3; i++) { 2954 if (sc->antmsk & (1 << i)) { 2955 cmd.gain[i] = (calib->noise[i] - val) / 30; 2956 /* limit differential gain to 3 */ 2957 cmd.gain[i] = min(cmd.gain[i], 3); 2958 cmd.gain[i] |= IWN_GAIN_SET; 2959 } 2960 } 2961 DPRINTF(("setting differential gains Ant A/B/C: %x/%x/%x (%x)\n", 2962 cmd.gain[0], cmd.gain[1], cmd.gain[2], sc->antmsk)); 2963 if (iwn_cmd(sc, IWN_PHY_CALIB, &cmd, sizeof cmd, 1) == 0) 2964 calib->state = IWN_CALIB_STATE_RUN; 2965 } 2966 2967 /* 2968 * Tune RF Rx sensitivity based on the number of false alarms detected 2969 * during the last beacon period. 2970 */ 2971 static void 2972 iwn_tune_sensitivity(struct iwn_softc *sc, const struct iwn_rx_stats *stats) 2973 { 2974 #define inc_clip(val, inc, max) \ 2975 if ((val) < (max)) { \ 2976 if ((val) < (max) - (inc)) \ 2977 (val) += (inc); \ 2978 else \ 2979 (val) = (max); \ 2980 needs_update = 1; \ 2981 } 2982 #define dec_clip(val, dec, min) \ 2983 if ((val) > (min)) { \ 2984 if ((val) > (min) + (dec)) \ 2985 (val) -= (dec); \ 2986 else \ 2987 (val) = (min); \ 2988 needs_update = 1; \ 2989 } 2990 2991 struct iwn_calib_state *calib = &sc->calib; 2992 uint32_t val, rxena, fa; 2993 uint32_t energy[3], energy_min; 2994 uint8_t noise[3], noise_ref; 2995 int i, needs_update = 0; 2996 2997 /* check that we've been enabled long enough */ 2998 if ((rxena = le32toh(stats->general.load)) == 0) 2999 return; 3000 3001 /* compute number of false alarms since last call for OFDM */ 3002 fa = le32toh(stats->ofdm.bad_plcp) - calib->bad_plcp_ofdm; 3003 fa += le32toh(stats->ofdm.fa) - calib->fa_ofdm; 3004 fa *= 200 * 1024; /* 200TU */ 3005 3006 /* save counters values for next call */ 3007 calib->bad_plcp_ofdm = le32toh(stats->ofdm.bad_plcp); 3008 calib->fa_ofdm = le32toh(stats->ofdm.fa); 3009 3010 if (fa > 50 * rxena) { 3011 /* high false alarm count, decrease sensitivity */ 3012 DPRINTFN(2, ("OFDM high false alarm count: %u\n", fa)); 3013 inc_clip(calib->corr_ofdm_x1, 1, 140); 3014 inc_clip(calib->corr_ofdm_mrc_x1, 1, 270); 3015 inc_clip(calib->corr_ofdm_x4, 1, 120); 3016 inc_clip(calib->corr_ofdm_mrc_x4, 1, 210); 3017 3018 } else if (fa < 5 * rxena) { 3019 /* low false alarm count, increase sensitivity */ 3020 DPRINTFN(2, ("OFDM low false alarm count: %u\n", fa)); 3021 dec_clip(calib->corr_ofdm_x1, 1, 105); 3022 dec_clip(calib->corr_ofdm_mrc_x1, 1, 220); 3023 dec_clip(calib->corr_ofdm_x4, 1, 85); 3024 dec_clip(calib->corr_ofdm_mrc_x4, 1, 170); 3025 } 3026 3027 /* compute maximum noise among 3 antennas */ 3028 for (i = 0; i < 3; i++) 3029 noise[i] = (le32toh(stats->general.noise[i]) >> 8) & 0xff; 3030 val = max(noise[0], noise[1]); 3031 val = max(noise[2], val); 3032 /* insert it into our samples table */ 3033 calib->noise_samples[calib->cur_noise_sample] = val; 3034 calib->cur_noise_sample = (calib->cur_noise_sample + 1) % 20; 3035 3036 /* compute maximum noise among last 20 samples */ 3037 noise_ref = calib->noise_samples[0]; 3038 for (i = 1; i < 20; i++) 3039 noise_ref = max(noise_ref, calib->noise_samples[i]); 3040 3041 /* compute maximum energy among 3 antennas */ 3042 for (i = 0; i < 3; i++) 3043 energy[i] = le32toh(stats->general.energy[i]); 3044 val = min(energy[0], energy[1]); 3045 val = min(energy[2], val); 3046 /* insert it into our samples table */ 3047 calib->energy_samples[calib->cur_energy_sample] = val; 3048 calib->cur_energy_sample = (calib->cur_energy_sample + 1) % 10; 3049 3050 /* compute minimum energy among last 10 samples */ 3051 energy_min = calib->energy_samples[0]; 3052 for (i = 1; i < 10; i++) 3053 energy_min = max(energy_min, calib->energy_samples[i]); 3054 energy_min += 6; 3055 3056 /* compute number of false alarms since last call for CCK */ 3057 fa = le32toh(stats->cck.bad_plcp) - calib->bad_plcp_cck; 3058 fa += le32toh(stats->cck.fa) - calib->fa_cck; 3059 fa *= 200 * 1024; /* 200TU */ 3060 3061 /* save counters values for next call */ 3062 calib->bad_plcp_cck = le32toh(stats->cck.bad_plcp); 3063 calib->fa_cck = le32toh(stats->cck.fa); 3064 3065 if (fa > 50 * rxena) { 3066 /* high false alarm count, decrease sensitivity */ 3067 DPRINTFN(2, ("CCK high false alarm count: %u\n", fa)); 3068 calib->cck_state = IWN_CCK_STATE_HIFA; 3069 calib->low_fa = 0; 3070 3071 if (calib->corr_cck_x4 > 160) { 3072 calib->noise_ref = noise_ref; 3073 if (calib->energy_cck > 2) 3074 dec_clip(calib->energy_cck, 2, energy_min); 3075 } 3076 if (calib->corr_cck_x4 < 160) { 3077 calib->corr_cck_x4 = 161; 3078 needs_update = 1; 3079 } else 3080 inc_clip(calib->corr_cck_x4, 3, 200); 3081 3082 inc_clip(calib->corr_cck_mrc_x4, 3, 400); 3083 3084 } else if (fa < 5 * rxena) { 3085 /* low false alarm count, increase sensitivity */ 3086 DPRINTFN(2, ("CCK low false alarm count: %u\n", fa)); 3087 calib->cck_state = IWN_CCK_STATE_LOFA; 3088 calib->low_fa++; 3089 3090 if (calib->cck_state != 0 && 3091 ((calib->noise_ref - noise_ref) > 2 || 3092 calib->low_fa > 100)) { 3093 inc_clip(calib->energy_cck, 2, 97); 3094 dec_clip(calib->corr_cck_x4, 3, 125); 3095 dec_clip(calib->corr_cck_mrc_x4, 3, 200); 3096 } 3097 } else { 3098 /* not worth to increase or decrease sensitivity */ 3099 DPRINTFN(2, ("CCK normal false alarm count: %u\n", fa)); 3100 calib->low_fa = 0; 3101 calib->noise_ref = noise_ref; 3102 3103 if (calib->cck_state == IWN_CCK_STATE_HIFA) { 3104 /* previous interval had many false alarms */ 3105 dec_clip(calib->energy_cck, 8, energy_min); 3106 } 3107 calib->cck_state = IWN_CCK_STATE_INIT; 3108 } 3109 3110 if (needs_update) 3111 (void)iwn_send_sensitivity(sc); 3112 #undef dec_clip 3113 #undef inc_clip 3114 } 3115 3116 static int 3117 iwn_send_sensitivity(struct iwn_softc *sc) 3118 { 3119 struct iwn_calib_state *calib = &sc->calib; 3120 struct iwn_sensitivity_cmd cmd; 3121 3122 memset(&cmd, 0, sizeof cmd); 3123 cmd.which = IWN_SENSITIVITY_WORKTBL; 3124 /* OFDM modulation */ 3125 cmd.corr_ofdm_x1 = le16toh(calib->corr_ofdm_x1); 3126 cmd.corr_ofdm_mrc_x1 = le16toh(calib->corr_ofdm_mrc_x1); 3127 cmd.corr_ofdm_x4 = le16toh(calib->corr_ofdm_x4); 3128 cmd.corr_ofdm_mrc_x4 = le16toh(calib->corr_ofdm_mrc_x4); 3129 cmd.energy_ofdm = le16toh(100); 3130 cmd.energy_ofdm_th = le16toh(62); 3131 /* CCK modulation */ 3132 cmd.corr_cck_x4 = le16toh(calib->corr_cck_x4); 3133 cmd.corr_cck_mrc_x4 = le16toh(calib->corr_cck_mrc_x4); 3134 cmd.energy_cck = le16toh(calib->energy_cck); 3135 /* Barker modulation: use default values */ 3136 cmd.corr_barker = le16toh(190); 3137 cmd.corr_barker_mrc = le16toh(390); 3138 3139 DPRINTFN(2, ("setting sensitivity\n")); 3140 return iwn_cmd(sc, IWN_SENSITIVITY, &cmd, sizeof cmd, 1); 3141 } 3142 3143 static int 3144 iwn_add_node(struct iwn_softc *sc, struct ieee80211_node *ni, bool broadcast, 3145 bool async, uint32_t htflags) 3146 { 3147 struct iwn_node_info node; 3148 int error; 3149 3150 error = 0; 3151 3152 memset(&node, 0, sizeof node); 3153 if (broadcast == true) { 3154 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 3155 node.id = IWN_ID_BROADCAST; 3156 DPRINTF(("adding broadcast node\n")); 3157 } else { 3158 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3159 node.id = IWN_ID_BSS; 3160 node.htflags = htole32(htflags); 3161 DPRINTF(("adding BSS node\n")); 3162 } 3163 3164 error = iwn_cmd(sc, IWN_CMD_ADD_NODE, &node, sizeof node, async); 3165 if (error != 0) { 3166 aprint_error_dev(sc->sc_dev, "could not add %s node\n", 3167 (broadcast == 1)? "broadcast" : "BSS"); 3168 return error; 3169 } 3170 DPRINTF(("setting MRR for node %d\n", node.id)); 3171 if ((error = iwn_setup_node_mrr(sc, node.id, async)) != 0) { 3172 aprint_error_dev(sc->sc_dev, 3173 "could not setup MRR for %s node\n", 3174 (broadcast == 1)? "broadcast" : "BSS"); 3175 return error; 3176 } 3177 3178 return error; 3179 } 3180 3181 static int 3182 iwn_auth(struct iwn_softc *sc) 3183 { 3184 struct ieee80211com *ic = &sc->sc_ic; 3185 struct ieee80211_node *ni = ic->ic_bss; 3186 int error; 3187 3188 sc->calib.state = IWN_CALIB_STATE_INIT; 3189 3190 /* update adapter's configuration */ 3191 sc->config.associd = 0; 3192 IEEE80211_ADDR_COPY(sc->config.bssid, ni->ni_bssid); 3193 sc->config.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 3194 sc->config.flags = htole32(IWN_CONFIG_TSF); 3195 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { 3196 sc->config.flags |= htole32(IWN_CONFIG_AUTO | 3197 IWN_CONFIG_24GHZ); 3198 } 3199 switch (ic->ic_curmode) { 3200 case IEEE80211_MODE_11A: 3201 sc->config.cck_mask = 0; 3202 sc->config.ofdm_mask = 0x15; 3203 break; 3204 case IEEE80211_MODE_11B: 3205 sc->config.cck_mask = 0x03; 3206 sc->config.ofdm_mask = 0; 3207 break; 3208 default: /* assume 802.11b/g */ 3209 sc->config.cck_mask = 0xf; 3210 sc->config.ofdm_mask = 0x15; 3211 } 3212 3213 /* iwn_enable_tsf(sc, ni);*/ 3214 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3215 sc->config.flags |= htole32(IWN_CONFIG_SHSLOT); 3216 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3217 sc->config.flags |= htole32(IWN_CONFIG_SHPREAMBLE); 3218 sc->config.filter &= ~htole32(IWN_FILTER_BSS); 3219 3220 DPRINTF(("config chan %d flags %x cck %x ofdm %x\n", sc->config.chan, 3221 sc->config.flags, sc->config.cck_mask, sc->config.ofdm_mask)); 3222 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3223 sizeof (struct iwn_config), 1); 3224 if (error != 0) { 3225 aprint_error_dev(sc->sc_dev, "could not configure\n"); 3226 return error; 3227 } 3228 3229 /* configuration has changed, set Tx power accordingly */ 3230 if ((error = iwn_set_txpower(sc, ni->ni_chan, 1)) != 0) { 3231 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3232 return error; 3233 } 3234 3235 /* 3236 * Reconfiguring clears the adapter's nodes table so we must 3237 * add the broadcast node again. 3238 */ 3239 if ((error = iwn_add_node(sc, ni, true, true, 0)) != 0) 3240 return error; 3241 3242 /* add BSS node */ 3243 if ((error = iwn_add_node(sc, ni, false, true, 0)) != 0) 3244 return error; 3245 3246 if (ic->ic_opmode == IEEE80211_M_STA) { 3247 /* fake a join to init the tx rate */ 3248 iwn_newassoc(ni, 1); 3249 } 3250 3251 if ((error = iwn_init_sensitivity(sc)) != 0) { 3252 aprint_error_dev(sc->sc_dev, "could not set sensitivity\n"); 3253 return error; 3254 } 3255 3256 3257 return 0; 3258 } 3259 3260 /* 3261 * Configure the adapter for associated state. 3262 */ 3263 static int 3264 iwn_run(struct iwn_softc *sc) 3265 { 3266 struct ieee80211com *ic = &sc->sc_ic; 3267 struct ieee80211_node *ni = ic->ic_bss; 3268 int error; 3269 3270 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 3271 /* link LED blinks while monitoring */ 3272 iwn_set_led(sc, IWN_LED_LINK, 5, 5); 3273 return 0; 3274 } 3275 3276 iwn_enable_tsf(sc, ni); 3277 3278 /* update adapter's configuration */ 3279 sc->config.associd = htole16(ni->ni_associd & ~0xc000); 3280 /* short preamble/slot time are negotiated when associating */ 3281 sc->config.flags &= ~htole32(IWN_CONFIG_SHPREAMBLE | 3282 IWN_CONFIG_SHSLOT); 3283 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3284 sc->config.flags |= htole32(IWN_CONFIG_SHSLOT); 3285 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3286 sc->config.flags |= htole32(IWN_CONFIG_SHPREAMBLE); 3287 sc->config.filter |= htole32(IWN_FILTER_BSS); 3288 3289 DPRINTF(("config chan %d flags %x\n", sc->config.chan, 3290 sc->config.flags)); 3291 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3292 sizeof (struct iwn_config), 1); 3293 if (error != 0) { 3294 aprint_error_dev(sc->sc_dev, 3295 "could not update configuration\n"); 3296 return error; 3297 } 3298 3299 /* configuration has changed, set Tx power accordingly */ 3300 if ((error = iwn_set_txpower(sc, ni->ni_chan, 1)) != 0) { 3301 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3302 return error; 3303 } 3304 3305 /* add BSS node */ 3306 iwn_add_node(sc, ni, false, true, 3307 (3 << IWN_AMDPU_SIZE_FACTOR_SHIFT | 3308 5 << IWN_AMDPU_DENSITY_SHIFT)); 3309 3310 if (ic->ic_opmode == IEEE80211_M_STA) { 3311 /* fake a join to init the tx rate */ 3312 iwn_newassoc(ni, 1); 3313 } 3314 3315 if ((error = iwn_init_sensitivity(sc)) != 0) { 3316 aprint_error_dev(sc->sc_dev, "could not set sensitivity\n"); 3317 return error; 3318 } 3319 3320 /* start periodic calibration timer */ 3321 sc->calib.state = IWN_CALIB_STATE_ASSOC; 3322 sc->calib_cnt = 0; 3323 callout_schedule(&sc->calib_to, hz / 2); 3324 3325 if (0 == 1) { /* XXX don't do the beacon - we get a firmware error 3326 XXX when we try. Something is wrong with the 3327 XXX setup of the frame. Just don't ever call 3328 XXX the function but reference it to keep gcc happy 3329 */ 3330 /* now we are associated set up the beacon frame */ 3331 if ((error = iwn_setup_beacon(sc, ni))) { 3332 aprint_error_dev(sc->sc_dev, 3333 "could not setup beacon frame\n"); 3334 return error; 3335 } 3336 } 3337 3338 3339 /* link LED always on while associated */ 3340 iwn_set_led(sc, IWN_LED_LINK, 0, 1); 3341 3342 return 0; 3343 } 3344 3345 /* 3346 * Send a scan request to the firmware. Since this command is huge, we map it 3347 * into a mbuf instead of using the pre-allocated set of commands. this function 3348 * implemented as iwl4965_bg_request_scan in the linux driver. 3349 */ 3350 static int 3351 iwn_scan(struct iwn_softc *sc, uint16_t flags) 3352 { 3353 struct ieee80211com *ic = &sc->sc_ic; 3354 struct iwn_tx_ring *ring = &sc->txq[4]; 3355 struct iwn_tx_desc *desc; 3356 struct iwn_tx_data *data; 3357 struct iwn_tx_cmd *cmd; 3358 struct iwn_cmd_data *tx; 3359 struct iwn_scan_hdr *hdr; 3360 struct iwn_scan_essid *essid; 3361 struct iwn_scan_chan *chan; 3362 struct ieee80211_frame *wh; 3363 struct ieee80211_rateset *rs; 3364 struct ieee80211_channel *c; 3365 enum ieee80211_phymode mode; 3366 uint8_t *frm; 3367 int pktlen, error, nrates; 3368 3369 desc = &ring->desc[ring->cur]; 3370 data = &ring->data[ring->cur]; 3371 3372 /* 3373 * allocate an mbuf and initialize it so that it contains a packet 3374 * header. M_DONTWAIT can fail and MT_DATA means it is dynamically 3375 * allocated. 3376 */ 3377 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 3378 if (data->m == NULL) { 3379 aprint_error_dev(sc->sc_dev, "could not allocate mbuf for scan command\n"); 3380 return ENOMEM; 3381 } 3382 3383 /* 3384 * allocates and adds an mbuf cluster to a normal mbuf m. the how 3385 * is M_DONTWAIT and the flag M_EXT is set upon success. 3386 */ 3387 MCLGET(data->m, M_DONTWAIT); 3388 if (!(data->m->m_flags & M_EXT)) { 3389 m_freem(data->m); 3390 data->m = NULL; 3391 aprint_error_dev(sc->sc_dev, "could not allocate mbuf for scan command\n"); 3392 return ENOMEM; 3393 } 3394 3395 /* 3396 * returns a pointer to the data contained in the specified mbuf. 3397 * in this case it is our iwn_tx_cmd. we initialize the basic 3398 * members of the command here with exception to data[136]. 3399 */ 3400 cmd = mtod(data->m, struct iwn_tx_cmd *); 3401 cmd->code = IWN_CMD_SCAN; 3402 cmd->flags = 0; 3403 cmd->qid = ring->qid; 3404 cmd->idx = ring->cur; 3405 3406 hdr = (struct iwn_scan_hdr *)cmd->data; 3407 memset(hdr, 0, sizeof (struct iwn_scan_hdr)); 3408 /* 3409 * Move to the next channel if no packets are received within 5 msecs 3410 * after sending the probe request (this helps to reduce the duration 3411 * of active scans). 3412 */ 3413 hdr->quiet = htole16(5); /* timeout in milliseconds */ 3414 hdr->plcp_threshold = htole16(1); /* min # of packets */ 3415 3416 /* select Ant B and Ant C for scanning */ 3417 hdr->rxchain = htole16(0x3e1 | 7 << IWN_RXCHAIN_ANTMSK_SHIFT); 3418 3419 tx = (struct iwn_cmd_data *)(hdr + 1); 3420 memset(tx, 0, sizeof (struct iwn_cmd_data)); 3421 /* 3422 * linux 3423 * flags = IWN_TX_AUTO_SEQ 3424 * 0x200 is rate selection? 3425 * id = ??? 3426 * lifetime = IWN_LIFETIME_INFINITE 3427 * 3428 */ 3429 tx->flags = htole32(IWN_TX_AUTO_SEQ | 0x200); // XXX 3430 tx->id = IWN_ID_BROADCAST; 3431 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 3432 tx->rflags = IWN_RFLAG_ANT_B; 3433 3434 if (flags & IEEE80211_CHAN_A) { 3435 hdr->crc_threshold = htole16(1); 3436 /* send probe requests at 6Mbps */ 3437 tx->rate = iwn_ridx_to_plcp[IWN_OFDM6]; 3438 } else { 3439 hdr->flags = htole32(IWN_CONFIG_24GHZ | IWN_CONFIG_AUTO); 3440 /* send probe requests at 1Mbps */ 3441 tx->rate = iwn_ridx_to_plcp[IWN_CCK1]; 3442 tx->rflags |= IWN_RFLAG_CCK; 3443 } 3444 3445 essid = (struct iwn_scan_essid *)(tx + 1); 3446 memset(essid, 0, 4 * sizeof (struct iwn_scan_essid)); 3447 essid[0].id = IEEE80211_ELEMID_SSID; 3448 essid[0].len = ic->ic_des_esslen; 3449 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 3450 3451 /* 3452 * Build a probe request frame. Most of the following code is a 3453 * copy & paste of what is done in net80211. 3454 */ 3455 wh = (struct ieee80211_frame *)&essid[4]; 3456 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3457 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3458 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3459 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 3460 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 3461 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 3462 *(u_int16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3463 *(u_int16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3464 3465 frm = (uint8_t *)(wh + 1); 3466 3467 /* add empty SSID IE (firmware generates it for directed scans) */ 3468 *frm++ = IEEE80211_ELEMID_SSID; 3469 *frm++ = 0; 3470 3471 mode = ieee80211_chan2mode(ic, ic->ic_ibss_chan); 3472 rs = &ic->ic_sup_rates[mode]; 3473 3474 /* add supported rates IE */ 3475 3476 *frm++ = IEEE80211_ELEMID_RATES; 3477 nrates = rs->rs_nrates; 3478 if (nrates > IEEE80211_RATE_SIZE) 3479 nrates = IEEE80211_RATE_SIZE; 3480 *frm++ = nrates; 3481 memcpy(frm, rs->rs_rates, nrates); 3482 frm += nrates; 3483 3484 /* add supported xrates IE */ 3485 3486 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 3487 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 3488 *frm++ = IEEE80211_ELEMID_XRATES; 3489 *frm++ = nrates; 3490 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 3491 frm += nrates; 3492 } 3493 3494 /* setup length of probe request */ 3495 tx->len = htole16(frm - (uint8_t *)wh); 3496 3497 chan = (struct iwn_scan_chan *)frm; 3498 for (c = &ic->ic_channels[1]; 3499 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 3500 if ((c->ic_flags & flags) != flags) 3501 continue; 3502 3503 chan->chan = ieee80211_chan2ieee(ic, c); 3504 chan->flags = 0; 3505 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) { 3506 chan->flags |= IWN_CHAN_ACTIVE; 3507 if (ic->ic_des_esslen != 0) 3508 chan->flags |= IWN_CHAN_DIRECT; 3509 } 3510 chan->dsp_gain = 0x6e; 3511 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3512 chan->rf_gain = 0x3b; 3513 chan->active = htole16(10); 3514 chan->passive = htole16(110); 3515 } else { 3516 chan->rf_gain = 0x28; 3517 chan->active = htole16(20); 3518 chan->passive = htole16(120); 3519 } 3520 hdr->nchan++; 3521 chan++; 3522 3523 frm += sizeof (struct iwn_scan_chan); 3524 } 3525 3526 hdr->len = htole16(frm - (uint8_t *)hdr); 3527 pktlen = frm - (uint8_t *)cmd; 3528 3529 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, pktlen, NULL, 3530 BUS_DMA_NOWAIT); 3531 if (error) { 3532 aprint_error_dev(sc->sc_dev, "could not map scan command\n"); 3533 m_freem(data->m); 3534 data->m = NULL; 3535 return error; 3536 } 3537 3538 IWN_SET_DESC_NSEGS(desc, 1); 3539 IWN_SET_DESC_SEG(desc, 0, data->map->dm_segs[0].ds_addr, 3540 data->map->dm_segs[0].ds_len); 3541 sc->shared->len[ring->qid][ring->cur] = htole16(8); 3542 if (ring->cur < IWN_TX_WINDOW) { 3543 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 3544 htole16(8); 3545 } 3546 3547 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 3548 data->map->dm_segs[0].ds_len, BUS_DMASYNC_PREWRITE); 3549 3550 /* kick cmd ring */ 3551 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 3552 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 3553 3554 return 0; /* will be notified async. of failure/success */ 3555 } 3556 3557 static int 3558 iwn_config(struct iwn_softc *sc) 3559 { 3560 struct ieee80211com *ic = &sc->sc_ic; 3561 struct ifnet *ifp = ic->ic_ifp; 3562 struct iwn_power power; 3563 struct iwn_bluetooth bluetooth; 3564 int error; 3565 3566 /* set power mode */ 3567 memset(&power, 0, sizeof power); 3568 power.flags = htole16(IWN_POWER_CAM | 0x8); 3569 DPRINTF(("setting power mode\n")); 3570 error = iwn_cmd(sc, IWN_CMD_SET_POWER_MODE, &power, sizeof power, 0); 3571 if (error != 0) { 3572 aprint_error_dev(sc->sc_dev, "could not set power mode\n"); 3573 return error; 3574 } 3575 3576 /* configure bluetooth coexistence */ 3577 memset(&bluetooth, 0, sizeof bluetooth); 3578 bluetooth.flags = 3; 3579 bluetooth.lead = 0xaa; 3580 bluetooth.kill = 1; 3581 DPRINTF(("configuring bluetooth coexistence\n")); 3582 error = iwn_cmd(sc, IWN_CMD_BLUETOOTH, &bluetooth, sizeof bluetooth, 3583 0); 3584 if (error != 0) { 3585 aprint_error_dev(sc->sc_dev, "could not configure bluetooth coexistence\n"); 3586 return error; 3587 } 3588 3589 /* configure adapter */ 3590 memset(&sc->config, 0, sizeof (struct iwn_config)); 3591 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 3592 IEEE80211_ADDR_COPY(sc->config.myaddr, ic->ic_myaddr); 3593 IEEE80211_ADDR_COPY(sc->config.wlap, ic->ic_myaddr); 3594 /* set default channel */ 3595 sc->config.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 3596 sc->config.flags = htole32(IWN_CONFIG_TSF); 3597 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) { 3598 sc->config.flags |= htole32(IWN_CONFIG_AUTO | 3599 IWN_CONFIG_24GHZ); 3600 } 3601 sc->config.filter = 0; 3602 switch (ic->ic_opmode) { 3603 case IEEE80211_M_STA: 3604 sc->config.mode = IWN_MODE_STA; 3605 sc->config.filter |= htole32(IWN_FILTER_MULTICAST); 3606 break; 3607 case IEEE80211_M_IBSS: 3608 case IEEE80211_M_AHDEMO: 3609 sc->config.mode = IWN_MODE_IBSS; 3610 break; 3611 case IEEE80211_M_HOSTAP: 3612 sc->config.mode = IWN_MODE_HOSTAP; 3613 break; 3614 case IEEE80211_M_MONITOR: 3615 sc->config.mode = IWN_MODE_MONITOR; 3616 sc->config.filter |= htole32(IWN_FILTER_MULTICAST | 3617 IWN_FILTER_CTL | IWN_FILTER_PROMISC); 3618 break; 3619 } 3620 sc->config.cck_mask = 0x0f; /* not yet negotiated */ 3621 sc->config.ofdm_mask = 0xff; /* not yet negotiated */ 3622 sc->config.ht_single_mask = 0xff; 3623 sc->config.ht_dual_mask = 0xff; 3624 sc->config.rxchain = htole16(0x2800 | 7 << IWN_RXCHAIN_ANTMSK_SHIFT); 3625 DPRINTF(("setting configuration\n")); 3626 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3627 sizeof (struct iwn_config), 0); 3628 if (error != 0) { 3629 aprint_error_dev(sc->sc_dev, "configure command failed\n"); 3630 return error; 3631 } 3632 3633 /* configuration has changed, set Tx power accordingly */ 3634 if ((error = iwn_set_txpower(sc, ic->ic_ibss_chan, 0)) != 0) { 3635 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3636 return error; 3637 } 3638 3639 /* add broadcast node */ 3640 if ((error = iwn_add_node(sc, NULL, true, false, 0)) != 0) 3641 return error; 3642 3643 if ((error = iwn_set_critical_temp(sc)) != 0) { 3644 aprint_error_dev(sc->sc_dev, "could not set critical temperature\n"); 3645 return error; 3646 } 3647 3648 return 0; 3649 } 3650 3651 /* 3652 * Do post-alive initialization of the NIC (after firmware upload). 3653 */ 3654 static void 3655 iwn_post_alive(struct iwn_softc *sc) 3656 { 3657 uint32_t base; 3658 uint16_t offset; 3659 int qid; 3660 3661 iwn_mem_lock(sc); 3662 3663 /* clear SRAM */ 3664 base = iwn_mem_read(sc, IWN_SRAM_BASE); 3665 for (offset = 0x380; offset < 0x520; offset += 4) { 3666 IWN_WRITE(sc, IWN_MEM_WADDR, base + offset); 3667 IWN_WRITE(sc, IWN_MEM_WDATA, 0); 3668 } 3669 3670 /* shared area is aligned on a 1K boundary */ 3671 iwn_mem_write(sc, IWN_SRAM_BASE, sc->shared_dma.paddr >> 10); 3672 iwn_mem_write(sc, IWN_SELECT_QCHAIN, 0); 3673 3674 for (qid = 0; qid < IWN_NTXQUEUES; qid++) { 3675 iwn_mem_write(sc, IWN_QUEUE_RIDX(qid), 0); 3676 IWN_WRITE(sc, IWN_TX_WIDX, qid << 8 | 0); 3677 3678 /* set sched. window size */ 3679 IWN_WRITE(sc, IWN_MEM_WADDR, base + IWN_QUEUE_OFFSET(qid)); 3680 IWN_WRITE(sc, IWN_MEM_WDATA, 64); 3681 /* set sched. frame limit */ 3682 IWN_WRITE(sc, IWN_MEM_WADDR, base + IWN_QUEUE_OFFSET(qid) + 4); 3683 IWN_WRITE(sc, IWN_MEM_WDATA, 64 << 16); 3684 } 3685 3686 /* enable interrupts for all 16 queues */ 3687 iwn_mem_write(sc, IWN_QUEUE_INTR_MASK, 0xffff); 3688 3689 /* identify active Tx rings (0-7) */ 3690 iwn_mem_write(sc, IWN_TX_ACTIVE, 0xff); 3691 3692 /* mark Tx rings (4 EDCA + cmd + 2 HCCA) as active */ 3693 for (qid = 0; qid < 7; qid++) { 3694 iwn_mem_write(sc, IWN_TXQ_STATUS(qid), 3695 IWN_TXQ_STATUS_ACTIVE | qid << 1); 3696 } 3697 3698 iwn_mem_unlock(sc); 3699 } 3700 3701 static void 3702 iwn_stop_master(struct iwn_softc *sc) 3703 { 3704 uint32_t tmp; 3705 int ntries; 3706 3707 tmp = IWN_READ(sc, IWN_RESET); 3708 IWN_WRITE(sc, IWN_RESET, tmp | IWN_STOP_MASTER); 3709 3710 tmp = IWN_READ(sc, IWN_GPIO_CTL); 3711 if ((tmp & IWN_GPIO_PWR_STATUS) == IWN_GPIO_PWR_SLEEP) 3712 return; /* already asleep */ 3713 3714 for (ntries = 0; ntries < 100; ntries++) { 3715 if (IWN_READ(sc, IWN_RESET) & IWN_MASTER_DISABLED) 3716 break; 3717 DELAY(10); 3718 } 3719 if (ntries == 100) { 3720 aprint_error_dev(sc->sc_dev, "timeout waiting for master\n"); 3721 } 3722 } 3723 3724 static int 3725 iwn_reset(struct iwn_softc *sc) 3726 { 3727 uint32_t tmp; 3728 int ntries; 3729 3730 /* clear any pending interrupts */ 3731 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3732 3733 tmp = IWN_READ(sc, IWN_CHICKEN); 3734 IWN_WRITE(sc, IWN_CHICKEN, tmp | IWN_CHICKEN_DISLOS); 3735 3736 tmp = IWN_READ(sc, IWN_GPIO_CTL); 3737 IWN_WRITE(sc, IWN_GPIO_CTL, tmp | IWN_GPIO_INIT); 3738 3739 /* wait for clock stabilization */ 3740 for (ntries = 0; ntries < 1000; ntries++) { 3741 if (IWN_READ(sc, IWN_GPIO_CTL) & IWN_GPIO_CLOCK) 3742 break; 3743 DELAY(10); 3744 } 3745 if (ntries == 1000) { 3746 aprint_error_dev(sc->sc_dev, "timeout waiting for clock stabilization\n"); 3747 return ETIMEDOUT; 3748 } 3749 return 0; 3750 } 3751 3752 static void 3753 iwn_hw_config(struct iwn_softc *sc) 3754 { 3755 uint32_t tmp, hw; 3756 3757 /* enable interrupts mitigation */ 3758 IWN_WRITE(sc, IWN_INTR_MIT, 512 / 32); 3759 3760 /* voodoo from the reference driver */ 3761 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3762 tmp = PCI_REVISION(tmp); 3763 if ((tmp & 0x80) && (tmp & 0x7f) < 8) { 3764 /* enable "no snoop" field */ 3765 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0xe8); 3766 tmp &= ~IWN_DIS_NOSNOOP; 3767 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0xe8, tmp); 3768 } 3769 3770 /* disable L1 entry to work around a hardware bug */ 3771 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0xf0); 3772 tmp &= ~IWN_ENA_L1; 3773 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0xf0, tmp); 3774 3775 hw = IWN_READ(sc, IWN_HWCONFIG); 3776 IWN_WRITE(sc, IWN_HWCONFIG, hw | 0x310); 3777 3778 iwn_mem_lock(sc); 3779 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3780 iwn_mem_write(sc, IWN_MEM_POWER, tmp | IWN_POWER_RESET); 3781 DELAY(5); 3782 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3783 iwn_mem_write(sc, IWN_MEM_POWER, tmp & ~IWN_POWER_RESET); 3784 iwn_mem_unlock(sc); 3785 } 3786 3787 static int 3788 iwn_init(struct ifnet *ifp) 3789 { 3790 struct iwn_softc *sc = ifp->if_softc; 3791 struct ieee80211com *ic = &sc->sc_ic; 3792 uint32_t tmp; 3793 int error, qid; 3794 3795 iwn_stop(ifp, 1); 3796 if ((error = iwn_reset(sc)) != 0) { 3797 aprint_error_dev(sc->sc_dev, "could not reset adapter\n"); 3798 goto fail1; 3799 } 3800 3801 iwn_mem_lock(sc); 3802 iwn_mem_read(sc, IWN_CLOCK_CTL); 3803 iwn_mem_write(sc, IWN_CLOCK_CTL, 0xa00); 3804 iwn_mem_read(sc, IWN_CLOCK_CTL); 3805 iwn_mem_unlock(sc); 3806 3807 DELAY(20); 3808 3809 iwn_mem_lock(sc); 3810 tmp = iwn_mem_read(sc, IWN_MEM_PCIDEV); 3811 iwn_mem_write(sc, IWN_MEM_PCIDEV, tmp | 0x800); 3812 iwn_mem_unlock(sc); 3813 3814 iwn_mem_lock(sc); 3815 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3816 iwn_mem_write(sc, IWN_MEM_POWER, tmp & ~0x03000000); 3817 iwn_mem_unlock(sc); 3818 3819 iwn_hw_config(sc); 3820 3821 /* init Rx ring */ 3822 iwn_mem_lock(sc); 3823 IWN_WRITE(sc, IWN_RX_CONFIG, 0); 3824 IWN_WRITE(sc, IWN_RX_WIDX, 0); 3825 /* Rx ring is aligned on a 256-byte boundary */ 3826 IWN_WRITE(sc, IWN_RX_BASE, sc->rxq.desc_dma.paddr >> 8); 3827 /* shared area is aligned on a 16-byte boundary */ 3828 IWN_WRITE(sc, IWN_RW_WIDX_PTR, (sc->shared_dma.paddr + 3829 offsetof(struct iwn_shared, closed_count)) >> 4); 3830 IWN_WRITE(sc, IWN_RX_CONFIG, 0x80601000); 3831 iwn_mem_unlock(sc); 3832 3833 IWN_WRITE(sc, IWN_RX_WIDX, (IWN_RX_RING_COUNT - 1) & ~7); 3834 3835 iwn_mem_lock(sc); 3836 iwn_mem_write(sc, IWN_TX_ACTIVE, 0); 3837 3838 /* set physical address of "keep warm" page */ 3839 IWN_WRITE(sc, IWN_KW_BASE, sc->kw_dma.paddr >> 4); 3840 3841 /* init Tx rings */ 3842 for (qid = 0; qid < IWN_NTXQUEUES; qid++) { 3843 struct iwn_tx_ring *txq = &sc->txq[qid]; 3844 IWN_WRITE(sc, IWN_TX_BASE(qid), txq->desc_dma.paddr >> 8); 3845 IWN_WRITE(sc, IWN_TX_CONFIG(qid), 0x80000008); 3846 } 3847 iwn_mem_unlock(sc); 3848 3849 /* clear "radio off" and "disable command" bits (reversed logic) */ 3850 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3851 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_DISABLE_CMD); 3852 3853 /* clear any pending interrupts */ 3854 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3855 /* enable interrupts */ 3856 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 3857 3858 /* not sure why/if this is necessary... */ 3859 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3860 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3861 3862 /* check that the radio is not disabled by RF switch */ 3863 if (!(IWN_READ(sc, IWN_GPIO_CTL) & IWN_GPIO_RF_ENABLED)) { 3864 aprint_error_dev(sc->sc_dev, "radio is disabled by hardware switch\n"); 3865 error = EBUSY; /* XXX ;-) */ 3866 goto fail1; 3867 } 3868 3869 if ((error = iwn_load_firmware(sc)) != 0) { 3870 aprint_error_dev(sc->sc_dev, "could not load firmware\n"); 3871 goto fail1; 3872 } 3873 3874 /* firmware has notified us that it is alive.. */ 3875 iwn_post_alive(sc); /* ..do post alive initialization */ 3876 3877 sc->rawtemp = sc->ucode_info.temp[3].chan20MHz; 3878 sc->temp = iwn_get_temperature(sc); 3879 DPRINTF(("temperature=%d\n", sc->temp)); 3880 3881 if ((error = iwn_config(sc)) != 0) { 3882 aprint_error_dev(sc->sc_dev, "could not configure device\n"); 3883 goto fail1; 3884 } 3885 3886 DPRINTF(("iwn_config end\n")); 3887 3888 ifp->if_flags &= ~IFF_OACTIVE; 3889 ifp->if_flags |= IFF_RUNNING; 3890 3891 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 3892 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL) 3893 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3894 } 3895 else 3896 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3897 3898 DPRINTF(("iwn_init ok\n")); 3899 return 0; 3900 3901 fail1: 3902 DPRINTF(("iwn_init error\n")); 3903 iwn_stop(ifp, 1); 3904 return error; 3905 } 3906 3907 static void 3908 iwn_stop(struct ifnet *ifp, int disable) 3909 { 3910 struct iwn_softc *sc = ifp->if_softc; 3911 struct ieee80211com *ic = &sc->sc_ic; 3912 uint32_t tmp; 3913 int i; 3914 3915 ifp->if_timer = sc->sc_tx_timer = 0; 3916 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3917 3918 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3919 3920 IWN_WRITE(sc, IWN_RESET, IWN_NEVO_RESET); 3921 3922 /* disable interrupts */ 3923 IWN_WRITE(sc, IWN_MASK, 0); 3924 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3925 IWN_WRITE(sc, IWN_INTR_STATUS, 0xffffffff); 3926 3927 /* make sure we no longer hold the memory lock */ 3928 iwn_mem_unlock(sc); 3929 3930 /* reset all Tx rings */ 3931 for (i = 0; i < IWN_NTXQUEUES; i++) 3932 iwn_reset_tx_ring(sc, &sc->txq[i]); 3933 3934 /* reset Rx ring */ 3935 iwn_reset_rx_ring(sc, &sc->rxq); 3936 3937 iwn_mem_lock(sc); 3938 iwn_mem_write(sc, IWN_MEM_CLOCK2, 0x200); 3939 iwn_mem_unlock(sc); 3940 3941 DELAY(5); 3942 3943 iwn_stop_master(sc); 3944 tmp = IWN_READ(sc, IWN_RESET); 3945 IWN_WRITE(sc, IWN_RESET, tmp | IWN_SW_RESET); 3946 } 3947 3948 static bool 3949 iwn_resume(device_t dv PMF_FN_ARGS) 3950 { 3951 struct iwn_softc *sc = device_private(dv); 3952 3953 (void)iwn_reset(sc); 3954 3955 return true; 3956 } 3957
Indexes created Mon Sep 29 03:10:08 GMT 2025