if_iwn.c revision 1.22.4.3
1 /* $NetBSD: if_iwn.c,v 1.22.4.3 2008/11/15 03:13:51 snj Exp $ */ 2 3 /*- 4 * Copyright (c) 2007 5 * Damien Bergamini <damien.bergamini (at) free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: if_iwn.c,v 1.22.4.3 2008/11/15 03:13:51 snj Exp $"); 22 23 24 /* 25 * Driver for Intel Wireless WiFi Link 4965AGN 802.11 network adapters. 26 */ 27 28 #include "bpfilter.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/mutex.h> 39 #include <sys/conf.h> 40 #include <sys/kauth.h> 41 #include <sys/callout.h> 42 43 #include <machine/bus.h> 44 #include <machine/endian.h> 45 #include <machine/intr.h> 46 47 #include <dev/pci/pcireg.h> 48 #include <dev/pci/pcivar.h> 49 #include <dev/pci/pcidevs.h> 50 51 #if NBPFILTER > 0 52 #include <net/bpf.h> 53 #endif 54 #include <net/if.h> 55 #include <net/if_arp.h> 56 #include <net/if_dl.h> 57 #include <net/if_media.h> 58 #include <net/if_types.h> 59 60 #include <netinet/in.h> 61 #include <netinet/in_systm.h> 62 #include <netinet/in_var.h> 63 #include <net/if_ether.h> 64 #include <netinet/ip.h> 65 66 #include <net80211/ieee80211_var.h> 67 #include <net80211/ieee80211_amrr.h> 68 #include <net80211/ieee80211_radiotap.h> 69 70 #include <dev/firmload.h> 71 72 #include <dev/pci/if_iwnreg.h> 73 #include <dev/pci/if_iwnvar.h> 74 75 #if 0 76 static const struct pci_matchid iwn_devices[] = { 77 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_4965AGN_1 }, 78 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_4965AGN_2 } 79 }; 80 #endif 81 82 /* 83 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 84 */ 85 static const struct ieee80211_rateset iwn_rateset_11a = 86 { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } }; 87 88 static const struct ieee80211_rateset iwn_rateset_11b = 89 { 4, { 2, 4, 11, 22 } }; 90 91 static const struct ieee80211_rateset iwn_rateset_11g = 92 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 93 94 95 #define EDCA_NUM_AC 4 96 static int iwn_match(device_t , struct cfdata *, void *); 97 static void iwn_attach(device_t , device_t, void *); 98 static int iwn_detach(device_t, int); 99 100 static void iwn_radiotap_attach(struct iwn_softc *); 101 static int iwn_dma_contig_alloc(bus_dma_tag_t, struct iwn_dma_info *, 102 void **, bus_size_t, bus_size_t, int); 103 static void iwn_dma_contig_free(struct iwn_dma_info *); 104 static int iwn_alloc_shared(struct iwn_softc *); 105 static void iwn_free_shared(struct iwn_softc *); 106 static int iwn_alloc_kw(struct iwn_softc *); 107 static void iwn_free_kw(struct iwn_softc *); 108 static int iwn_alloc_fwmem(struct iwn_softc *); 109 static void iwn_free_fwmem(struct iwn_softc *); 110 static struct iwn_rbuf *iwn_alloc_rbuf(struct iwn_softc *); 111 static void iwn_free_rbuf(struct mbuf *, void *, size_t, void *); 112 static int iwn_alloc_rpool(struct iwn_softc *); 113 static void iwn_free_rpool(struct iwn_softc *); 114 static int iwn_alloc_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 115 static void iwn_reset_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 116 static void iwn_free_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 117 static int iwn_alloc_tx_ring(struct iwn_softc *, struct iwn_tx_ring *, 118 int, int); 119 static void iwn_reset_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 120 static void iwn_free_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 121 static struct ieee80211_node *iwn_node_alloc(struct ieee80211_node_table *); 122 static void iwn_newassoc(struct ieee80211_node *, int); 123 static int iwn_media_change(struct ifnet *); 124 static int iwn_newstate(struct ieee80211com *, enum ieee80211_state, int); 125 static void iwn_mem_lock(struct iwn_softc *); 126 static void iwn_mem_unlock(struct iwn_softc *); 127 static uint32_t iwn_mem_read(struct iwn_softc *, uint32_t); 128 static void iwn_mem_write(struct iwn_softc *, uint32_t, uint32_t); 129 static void iwn_mem_write_region_4(struct iwn_softc *, uint32_t, 130 const uint32_t *, int); 131 static int iwn_eeprom_lock(struct iwn_softc *); 132 static void iwn_eeprom_unlock(struct iwn_softc *); 133 static int iwn_read_prom_data(struct iwn_softc *, uint32_t, void *, int); 134 static int iwn_load_microcode(struct iwn_softc *, const uint8_t *, int); 135 static int iwn_load_firmware(struct iwn_softc *); 136 static void iwn_calib_timeout(void *); 137 static void iwn_iter_func(void *, struct ieee80211_node *); 138 static void iwn_ampdu_rx_start(struct iwn_softc *, struct iwn_rx_desc *); 139 static void iwn_rx_intr(struct iwn_softc *, struct iwn_rx_desc *, 140 struct iwn_rx_data *); 141 static void iwn_rx_statistics(struct iwn_softc *, struct iwn_rx_desc *); 142 static void iwn_tx_intr(struct iwn_softc *, struct iwn_rx_desc *); 143 static void iwn_cmd_intr(struct iwn_softc *, struct iwn_rx_desc *); 144 static void iwn_notif_intr(struct iwn_softc *); 145 static int iwn_intr(void *); 146 static void iwn_read_eeprom(struct iwn_softc *); 147 static void iwn_read_eeprom_channels(struct iwn_softc *, int); 148 static uint8_t iwn_plcp_signal(int); 149 static int iwn_tx_data(struct iwn_softc *, struct mbuf *, 150 struct ieee80211_node *, int); 151 static void iwn_start(struct ifnet *); 152 static void iwn_watchdog(struct ifnet *); 153 static int iwn_ioctl(struct ifnet *, u_long, void *); 154 static int iwn_cmd(struct iwn_softc *, int, const void *, int, int); 155 static int iwn_wme_update(struct ieee80211com *); 156 static int iwn_setup_node_mrr(struct iwn_softc *, uint8_t, int); 157 static void iwn_set_led(struct iwn_softc *, uint8_t, uint8_t, uint8_t); 158 static int iwn_set_critical_temp(struct iwn_softc *); 159 static void iwn_enable_tsf(struct iwn_softc *, struct ieee80211_node *); 160 static void iwn_power_calibration(struct iwn_softc *, int); 161 static int iwn_set_txpower(struct iwn_softc *, 162 struct ieee80211_channel *, int); 163 static int iwn_get_rssi(const struct iwn_rx_stat *); 164 static int iwn_get_noise(const struct iwn_rx_general_stats *); 165 static int iwn_get_temperature(struct iwn_softc *); 166 static int iwn_init_sensitivity(struct iwn_softc *); 167 static void iwn_compute_differential_gain(struct iwn_softc *, 168 const struct iwn_rx_general_stats *); 169 static void iwn_tune_sensitivity(struct iwn_softc *, 170 const struct iwn_rx_stats *); 171 static int iwn_send_sensitivity(struct iwn_softc *); 172 static int iwn_setup_beacon(struct iwn_softc *, struct ieee80211_node *); 173 static int iwn_auth(struct iwn_softc *); 174 static int iwn_run(struct iwn_softc *); 175 static int iwn_scan(struct iwn_softc *, uint16_t); 176 static int iwn_config(struct iwn_softc *); 177 static void iwn_post_alive(struct iwn_softc *); 178 static void iwn_stop_master(struct iwn_softc *); 179 static int iwn_reset(struct iwn_softc *); 180 static void iwn_hw_config(struct iwn_softc *); 181 static int iwn_init(struct ifnet *); 182 static void iwn_stop(struct ifnet *, int); 183 static void iwn_fix_channel(struct ieee80211com *, struct mbuf *); 184 static bool iwn_resume(device_t PMF_FN_PROTO); 185 static int iwn_add_node(struct iwn_softc *sc, 186 struct ieee80211_node *ni, bool broadcast, bool async, uint32_t htflags); 187 188 189 190 #define IWN_DEBUG 191 192 #ifdef IWN_DEBUG 193 #define DPRINTF(x) do { if (iwn_debug > 0) printf x; } while (0) 194 #define DPRINTFN(n, x) do { if (iwn_debug >= (n)) printf x; } while (0) 195 int iwn_debug = 0; 196 #else 197 #define DPRINTF(x) 198 #define DPRINTFN(n, x) 199 #endif 200 201 #ifdef IWN_DEBUG 202 static void iwn_print_power_group(struct iwn_softc *, int); 203 #endif 204 205 CFATTACH_DECL_NEW(iwn, sizeof(struct iwn_softc), iwn_match, iwn_attach, 206 iwn_detach, NULL); 207 208 static int 209 iwn_match(device_t parent, struct cfdata *match __unused, void *aux) 210 { 211 struct pci_attach_args *pa = aux; 212 213 if (PCI_VENDOR(pa->pa_id) != PCI_VENDOR_INTEL) 214 return 0; 215 216 if (PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_PRO_WL_4965AGN_1 || 217 PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_PRO_WL_4965AGN_2) 218 return 1; 219 220 return 0; 221 } 222 223 /* Base Address Register */ 224 #define IWN_PCI_BAR0 0x10 225 226 static void 227 iwn_attach(device_t parent __unused, device_t self, void *aux) 228 { 229 struct iwn_softc *sc = device_private(self); 230 struct ieee80211com *ic = &sc->sc_ic; 231 struct ifnet *ifp = &sc->sc_ec.ec_if; 232 struct pci_attach_args *pa = aux; 233 const char *intrstr; 234 char devinfo[256]; 235 pci_intr_handle_t ih; 236 pcireg_t memtype, data; 237 int i, error, revision; 238 239 sc->sc_dev = self; 240 sc->sc_pct = pa->pa_pc; 241 sc->sc_pcitag = pa->pa_tag; 242 243 callout_init(&sc->calib_to, 0); 244 callout_setfunc(&sc->calib_to, iwn_calib_timeout, sc); 245 246 pci_devinfo(pa->pa_id, pa->pa_class, 0, devinfo, sizeof devinfo); 247 revision = PCI_REVISION(pa->pa_class); 248 aprint_normal(": %s (rev. 0x%2x)\n", devinfo, revision); 249 250 251 /* clear device specific PCI configuration register 0x41 */ 252 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 253 data &= ~0x0000ff00; 254 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, data); 255 256 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 257 data |= PCI_COMMAND_MASTER_ENABLE; 258 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, data); 259 260 /* enable bus-mastering */ 261 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 262 data |= PCI_COMMAND_MASTER_ENABLE; 263 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, data); 264 265 /* map the register window */ 266 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, IWN_PCI_BAR0); 267 error = pci_mapreg_map(pa, IWN_PCI_BAR0, memtype, 0, &sc->sc_st, 268 &sc->sc_sh, NULL, &sc->sc_sz); 269 if (error != 0) { 270 aprint_error_dev(self, "could not map memory space\n"); 271 return; 272 } 273 274 #if 0 275 sc->sc_dmat = pa->pa_dmat; 276 #endif 277 /* XXX may not be needed */ 278 if (bus_dmatag_subregion(pa->pa_dmat, 0, 3 << 30, 279 &(sc->sc_dmat), BUS_DMA_NOWAIT) != 0) { 280 aprint_error_dev(self, 281 "WARNING: failed to restrict dma range, " 282 "falling back to parent bus dma range\n"); 283 sc->sc_dmat = pa->pa_dmat; 284 } 285 286 if (pci_intr_map(pa, &ih) != 0) { 287 aprint_error_dev(self, "could not map interrupt\n"); 288 return; 289 } 290 291 intrstr = pci_intr_string(sc->sc_pct, ih); 292 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, iwn_intr, sc); 293 294 if (sc->sc_ih == NULL) { 295 aprint_error_dev(self, "could not establish interrupt"); 296 if (intrstr != NULL) 297 aprint_error(" at %s", intrstr); 298 aprint_error("\n"); 299 return; 300 } 301 aprint_normal_dev(self, "interrupting at %s\n", intrstr); 302 303 if (iwn_reset(sc) != 0) { 304 aprint_error_dev(self, "could not reset adapter\n"); 305 return; 306 } 307 308 /* 309 * Allocate DMA memory for firmware transfers. 310 */ 311 if ((error = iwn_alloc_fwmem(sc)) != 0) { 312 aprint_error_dev(self, "could not allocate firmware memory\n"); 313 return; 314 } 315 316 /* 317 * Allocate a "keep warm" page. 318 */ 319 if ((error = iwn_alloc_kw(sc)) != 0) { 320 aprint_error_dev(self, "could not allocate keep warm page\n"); 321 goto fail1; 322 } 323 324 /* 325 * Allocate shared area (communication area). 326 */ 327 if ((error = iwn_alloc_shared(sc)) != 0) { 328 aprint_error_dev(self, "could not allocate shared area\n"); 329 goto fail2; 330 } 331 332 /* 333 * Allocate Rx buffers and Tx/Rx rings. 334 */ 335 if ((error = iwn_alloc_rpool(sc)) != 0) { 336 aprint_error_dev(self, "could not allocate Rx buffers\n"); 337 goto fail3; 338 } 339 340 for (i = 0; i < IWN_NTXQUEUES; i++) { 341 struct iwn_tx_ring *txq = &sc->txq[i]; 342 error = iwn_alloc_tx_ring(sc, txq, IWN_TX_RING_COUNT, i); 343 if (error != 0) { 344 aprint_error_dev(self, "could not allocate Tx ring %d\n", i); 345 goto fail4; 346 } 347 } 348 349 if (iwn_alloc_rx_ring(sc, &sc->rxq) != 0) { 350 aprint_error_dev(self, "could not allocate Rx ring\n"); 351 goto fail4; 352 } 353 354 355 ic->ic_ifp = ifp; 356 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 357 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 358 ic->ic_state = IEEE80211_S_INIT; 359 360 /* set device capabilities */ 361 ic->ic_caps = 362 IEEE80211_C_IBSS | /* IBSS mode support */ 363 IEEE80211_C_WPA | /* 802.11i */ 364 IEEE80211_C_MONITOR | /* monitor mode supported */ 365 IEEE80211_C_TXPMGT | /* tx power management */ 366 IEEE80211_C_SHSLOT | /* short slot time supported */ 367 IEEE80211_C_SHPREAMBLE| /* short preamble supported */ 368 IEEE80211_C_WME; /* 802.11e */ 369 370 /* read supported channels and MAC address from EEPROM */ 371 iwn_read_eeprom(sc); 372 373 /* set supported .11a, .11b and .11g rates */ 374 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwn_rateset_11a; 375 ic->ic_sup_rates[IEEE80211_MODE_11B] = iwn_rateset_11b; 376 ic->ic_sup_rates[IEEE80211_MODE_11G] = iwn_rateset_11g; 377 378 /* IBSS channel undefined for now */ 379 ic->ic_ibss_chan = &ic->ic_channels[0]; 380 381 memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN); 382 ic->ic_des_esslen = 0; 383 384 ifp->if_softc = sc; 385 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 386 ifp->if_init = iwn_init; 387 ifp->if_stop = iwn_stop; 388 ifp->if_ioctl = iwn_ioctl; 389 ifp->if_start = iwn_start; 390 ifp->if_watchdog = iwn_watchdog; 391 IFQ_SET_READY(&ifp->if_snd); 392 memcpy(ifp->if_xname, device_xname(self), IFNAMSIZ); 393 394 if_attach(ifp); 395 ieee80211_ifattach(ic); 396 ic->ic_node_alloc = iwn_node_alloc; 397 ic->ic_newassoc = iwn_newassoc; 398 ic->ic_wme.wme_update = iwn_wme_update; 399 400 /* override state transition machine */ 401 sc->sc_newstate = ic->ic_newstate; 402 ic->ic_newstate = iwn_newstate; 403 ieee80211_media_init(ic, iwn_media_change, ieee80211_media_status); 404 405 sc->amrr.amrr_min_success_threshold = 1; 406 sc->amrr.amrr_max_success_threshold = 15; 407 408 if (!pmf_device_register(self, NULL, iwn_resume)) 409 aprint_error_dev(self, "couldn't establish power handler\n"); 410 else 411 pmf_class_network_register(self, ifp); 412 413 iwn_radiotap_attach(sc); 414 415 ieee80211_announce(ic); 416 417 return; 418 419 /* free allocated memory if something failed during attachment */ 420 fail4: while (--i >= 0) 421 iwn_free_tx_ring(sc, &sc->txq[i]); 422 iwn_free_rpool(sc); 423 fail3: iwn_free_shared(sc); 424 fail2: iwn_free_kw(sc); 425 fail1: iwn_free_fwmem(sc); 426 } 427 428 static int 429 iwn_detach(struct device* self, int flags __unused) 430 { 431 struct iwn_softc *sc = (struct iwn_softc *)self; 432 struct ifnet *ifp = sc->sc_ic.ic_ifp; 433 int ac; 434 435 iwn_stop(ifp, 1); 436 437 #if NBPFILTER > 0 438 if (ifp != NULL) 439 bpfdetach(ifp); 440 #endif 441 ieee80211_ifdetach(&sc->sc_ic); 442 if (ifp != NULL) 443 if_detach(ifp); 444 445 for (ac = 0; ac < IWN_NTXQUEUES; ac++) 446 iwn_free_tx_ring(sc, &sc->txq[ac]); 447 iwn_free_rx_ring(sc, &sc->rxq); 448 iwn_free_rpool(sc); 449 iwn_free_shared(sc); 450 451 if (sc->sc_ih != NULL) { 452 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 453 sc->sc_ih = NULL; 454 } 455 456 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 457 458 return 0; 459 } 460 461 /* 462 * Attach the interface to 802.11 radiotap. 463 */ 464 static void 465 iwn_radiotap_attach(struct iwn_softc *sc) 466 { 467 struct ifnet *ifp = sc->sc_ic.ic_ifp; 468 469 #if NBPFILTER > 0 470 bpfattach2(ifp, DLT_IEEE802_11_RADIO, 471 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 472 &sc->sc_drvbpf); 473 474 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 475 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 476 sc->sc_rxtap.wr_ihdr.it_present = htole32(IWN_RX_RADIOTAP_PRESENT); 477 478 sc->sc_txtap_len = sizeof sc->sc_txtapu; 479 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 480 sc->sc_txtap.wt_ihdr.it_present = htole32(IWN_TX_RADIOTAP_PRESENT); 481 #endif 482 } 483 484 485 /* 486 * Build a beacon frame that the firmware will broadcast periodically in 487 * IBSS or HostAP modes. 488 */ 489 static int 490 iwn_setup_beacon(struct iwn_softc *sc, struct ieee80211_node *ni) 491 { 492 struct ieee80211com *ic = &sc->sc_ic; 493 struct iwn_tx_ring *ring = &sc->txq[4]; 494 struct iwn_tx_desc *desc; 495 struct iwn_tx_data *data; 496 struct iwn_tx_cmd *cmd; 497 struct iwn_cmd_beacon *bcn; 498 struct ieee80211_beacon_offsets bo; 499 struct mbuf *m0; 500 bus_addr_t paddr; 501 int error; 502 503 desc = &ring->desc[ring->cur]; 504 data = &ring->data[ring->cur]; 505 506 m0 = ieee80211_beacon_alloc(ic, ni, &bo); 507 if (m0 == NULL) { 508 aprint_error_dev(sc->sc_dev, "could not allocate beacon frame\n"); 509 return ENOMEM; 510 } 511 512 cmd = &ring->cmd[ring->cur]; 513 cmd->code = IWN_CMD_SET_BEACON; 514 cmd->flags = 0; 515 cmd->qid = ring->qid; 516 cmd->idx = ring->cur; 517 518 bcn = (struct iwn_cmd_beacon *)cmd->data; 519 memset(bcn, 0, sizeof (struct iwn_cmd_beacon)); 520 bcn->id = IWN_ID_BROADCAST; 521 bcn->lifetime = htole32(IWN_LIFETIME_INFINITE); 522 bcn->len = htole16(m0->m_pkthdr.len); 523 bcn->rate = (ic->ic_curmode == IEEE80211_MODE_11A) ? 524 iwn_plcp_signal(12) : iwn_plcp_signal(2); 525 bcn->flags2 = 0x2; /* RATE_MCS_CCK_MSK */ 526 527 bcn->flags = htole32(IWN_TX_AUTO_SEQ | IWN_TX_INSERT_TSTAMP 528 | IWN_TX_USE_NODE_RATE); 529 530 /* save and trim IEEE802.11 header */ 531 m_copydata(m0, 0, sizeof (struct ieee80211_frame), (void *)&bcn->wh); 532 m_adj(m0, sizeof (struct ieee80211_frame)); 533 534 /* assume beacon frame is contiguous */ 535 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 536 BUS_DMA_READ | BUS_DMA_NOWAIT); 537 if (error) { 538 aprint_error_dev(sc->sc_dev, "could not map beacon\n"); 539 m_freem(m0); 540 return error; 541 } 542 543 data->m = m0; 544 545 /* first scatter/gather segment is used by the beacon command */ 546 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 547 548 IWN_SET_DESC_NSEGS(desc, 2); 549 IWN_SET_DESC_SEG(desc, 0, paddr , 4 + sizeof(struct iwn_cmd_beacon)); 550 IWN_SET_DESC_SEG(desc, 1, data->map->dm_segs[0].ds_addr, 551 data->map->dm_segs[1].ds_len); 552 553 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 554 data->map->dm_mapsize /* calc? */, BUS_DMASYNC_PREWRITE); 555 556 /* kick cmd ring */ 557 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 558 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 559 560 return 0; 561 } 562 563 static int 564 iwn_dma_contig_alloc(bus_dma_tag_t tag, struct iwn_dma_info *dma, void **kvap, 565 bus_size_t size, bus_size_t alignment, int flags) 566 { 567 int nsegs, error; 568 569 dma->tag = tag; 570 dma->size = size; 571 572 error = bus_dmamap_create(tag, size, 1, size, 0, flags, &dma->map); 573 if (error != 0) 574 goto fail; 575 576 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 577 flags); 578 if (error != 0) 579 goto fail; 580 581 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, flags); 582 if (error != 0) 583 goto fail; 584 585 error = bus_dmamap_load(tag, dma->map, dma->vaddr, size, NULL, flags); 586 if (error != 0) 587 goto fail; 588 589 memset(dma->vaddr, 0, size); 590 591 dma->paddr = dma->map->dm_segs[0].ds_addr; 592 if (kvap != NULL) 593 *kvap = dma->vaddr; 594 595 return 0; 596 597 fail: iwn_dma_contig_free(dma); 598 return error; 599 } 600 601 static void 602 iwn_dma_contig_free(struct iwn_dma_info *dma) 603 { 604 if (dma->map != NULL) { 605 if (dma->vaddr != NULL) { 606 bus_dmamap_unload(dma->tag, dma->map); 607 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 608 bus_dmamem_free(dma->tag, &dma->seg, 1); 609 dma->vaddr = NULL; 610 } 611 bus_dmamap_destroy(dma->tag, dma->map); 612 dma->map = NULL; 613 } 614 } 615 616 static int 617 iwn_alloc_shared(struct iwn_softc *sc) 618 { 619 int error; 620 void *p; 621 /* must be aligned on a 1KB boundary */ 622 error = iwn_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 623 &p, sizeof (struct iwn_shared), 1024,BUS_DMA_NOWAIT); 624 sc->shared = p; 625 if (error != 0) 626 aprint_error_dev(sc->sc_dev, 627 "could not allocate shared area DMA memory\n"); 628 629 return error; 630 631 } 632 633 static void 634 iwn_free_shared(struct iwn_softc *sc) 635 { 636 iwn_dma_contig_free(&sc->shared_dma); 637 } 638 639 static int 640 iwn_alloc_kw(struct iwn_softc *sc) 641 { 642 /* must be aligned on a 16-byte boundary */ 643 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, NULL, 644 PAGE_SIZE, PAGE_SIZE, BUS_DMA_NOWAIT); 645 } 646 647 static void 648 iwn_free_kw(struct iwn_softc *sc) 649 { 650 iwn_dma_contig_free(&sc->kw_dma); 651 } 652 653 static int 654 iwn_alloc_fwmem(struct iwn_softc *sc) 655 { 656 int error; 657 /* allocate enough contiguous space to store text and data */ 658 error = iwn_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 659 IWN_FW_MAIN_TEXT_MAXSZ + IWN_FW_MAIN_DATA_MAXSZ, 16, 660 BUS_DMA_NOWAIT); 661 662 if (error != 0){ 663 aprint_error_dev(sc->sc_dev, 664 "could not allocate firmware transfer area DMA memory\n" ); 665 666 } 667 return error; 668 } 669 670 static void 671 iwn_free_fwmem(struct iwn_softc *sc) 672 { 673 iwn_dma_contig_free(&sc->fw_dma); 674 } 675 676 static struct iwn_rbuf * 677 iwn_alloc_rbuf(struct iwn_softc *sc) 678 { 679 struct iwn_rbuf *rbuf; 680 681 mutex_enter(&sc->rxq.freelist_mtx); 682 rbuf = SLIST_FIRST(&sc->rxq.freelist); 683 if (rbuf != NULL) { 684 SLIST_REMOVE_HEAD(&sc->rxq.freelist, next); 685 sc->rxq.nb_free_entries --; 686 } 687 mutex_exit(&sc->rxq.freelist_mtx); 688 689 return rbuf; 690 } 691 692 /* 693 * This is called automatically by the network stack when the mbuf to which 694 * our Rx buffer is attached is freed. 695 */ 696 static void 697 iwn_free_rbuf(struct mbuf* m, void *buf, size_t size, void *arg) 698 { 699 struct iwn_rbuf *rbuf = arg; 700 struct iwn_softc *sc = rbuf->sc; 701 702 /* put the buffer back in the free list */ 703 mutex_enter(&sc->rxq.freelist_mtx); 704 SLIST_INSERT_HEAD(&sc->rxq.freelist, rbuf, next); 705 mutex_exit(&sc->rxq.freelist_mtx); 706 sc->rxq.nb_free_entries ++; 707 708 if (__predict_true(m != NULL)) 709 pool_cache_put(mb_cache, m); 710 } 711 712 713 static int 714 iwn_alloc_rpool(struct iwn_softc *sc) 715 { 716 struct iwn_rx_ring *ring = &sc->rxq; 717 struct iwn_rbuf *rbuf; 718 int i, error; 719 720 mutex_init(&ring->freelist_mtx, MUTEX_DEFAULT, IPL_NET); 721 722 /* allocate a big chunk of DMA'able memory.. */ 723 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->buf_dma, NULL, 724 IWN_RBUF_COUNT * IWN_RBUF_SIZE, IWN_BUF_ALIGN, BUS_DMA_NOWAIT); 725 if (error != 0) { 726 aprint_error_dev(sc->sc_dev, 727 "could not allocate Rx buffers DMA memory\n"); 728 return error; 729 } 730 731 /* ..and split it into chunks of "rbufsz" bytes */ 732 SLIST_INIT(&ring->freelist); 733 for (i = 0; i < IWN_RBUF_COUNT; i++) { 734 rbuf = &ring->rbuf[i]; 735 736 rbuf->sc = sc; /* backpointer for callbacks */ 737 rbuf->vaddr = (char *)ring->buf_dma.vaddr + i * IWN_RBUF_SIZE; 738 rbuf->paddr = ring->buf_dma.paddr + i * IWN_RBUF_SIZE; 739 740 SLIST_INSERT_HEAD(&ring->freelist, rbuf, next); 741 } 742 ring->nb_free_entries = IWN_RBUF_COUNT; 743 return 0; 744 } 745 746 static void 747 iwn_free_rpool(struct iwn_softc *sc) 748 { 749 iwn_dma_contig_free(&sc->rxq.buf_dma); 750 } 751 752 static int 753 iwn_alloc_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 754 { 755 struct iwn_rx_data *data; 756 struct iwn_rbuf *rbuf; 757 int i, error; 758 void *p; 759 760 ring->cur = 0; 761 762 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 763 &p, IWN_RX_RING_COUNT * sizeof (struct iwn_rx_desc), 764 IWN_RING_DMA_ALIGN, BUS_DMA_NOWAIT); 765 if (error != 0) { 766 aprint_error_dev(sc->sc_dev, 767 "could not allocate rx ring DMA memory\n"); 768 goto fail; 769 } 770 ring->desc = p; 771 772 /* 773 * Setup Rx buffers. 774 */ 775 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 776 data = &ring->data[i]; 777 778 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 779 if (data->m == NULL) { 780 aprint_error_dev(sc->sc_dev, "could not allocate rx mbuf\n"); 781 error = ENOMEM; 782 goto fail; 783 } 784 if ((rbuf = iwn_alloc_rbuf(sc)) == NULL) { 785 m_freem(data->m); 786 data->m = NULL; 787 aprint_error_dev(sc->sc_dev, "could not allocate rx buffer\n"); 788 error = ENOMEM; 789 goto fail; 790 } 791 /* attach Rx buffer to mbuf */ 792 MEXTADD(data->m, rbuf->vaddr, IWN_RBUF_SIZE, 0, iwn_free_rbuf, 793 rbuf); 794 795 data->m->m_flags |= M_EXT_RW; 796 /* Rx buffers are aligned on a 256-byte boundary */ 797 ring->desc[i] = htole32(rbuf->paddr >> 8); 798 } 799 800 return 0; 801 802 fail: iwn_free_rx_ring(sc, ring); 803 return error; 804 } 805 806 static void 807 iwn_reset_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 808 { 809 int ntries; 810 811 iwn_mem_lock(sc); 812 813 IWN_WRITE(sc, IWN_RX_CONFIG, 0); 814 for (ntries = 0; ntries < 100; ntries++) { 815 if (IWN_READ(sc, IWN_RX_STATUS) & IWN_RX_IDLE) 816 break; 817 DELAY(10); 818 } 819 #ifdef IWN_DEBUG 820 if (ntries == 100 && iwn_debug > 0) 821 aprint_error_dev(sc->sc_dev, "timeout resetting Rx ring\n"); 822 #endif 823 iwn_mem_unlock(sc); 824 825 ring->cur = 0; 826 } 827 828 static void 829 iwn_free_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 830 { 831 int i; 832 833 iwn_dma_contig_free(&ring->desc_dma); 834 835 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 836 if (ring->data[i].m != NULL) 837 m_freem(ring->data[i].m); 838 } 839 } 840 841 static int 842 iwn_alloc_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring, int count, 843 int qid) 844 { 845 struct iwn_tx_data *data; 846 int i, error; 847 void *p; 848 849 ring->qid = qid; 850 ring->count = count; 851 ring->queued = 0; 852 ring->cur = 0; 853 854 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 855 &p, count * sizeof (struct iwn_tx_desc), 856 IWN_RING_DMA_ALIGN, BUS_DMA_NOWAIT); 857 if (error != 0) { 858 aprint_error_dev(sc->sc_dev, "could not allocate tx ring DMA memory\n"); 859 goto fail; 860 } 861 ring->desc = p; 862 863 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 864 &p, count * sizeof (struct iwn_tx_cmd), 4, BUS_DMA_NOWAIT); 865 if (error != 0) { 866 aprint_error_dev(sc->sc_dev, "could not allocate tx cmd DMA memory\n"); 867 goto fail; 868 } 869 ring->cmd = p; 870 871 ring->data = malloc(count * sizeof (struct iwn_tx_data), M_DEVBUF, M_NOWAIT); 872 873 if (ring->data == NULL) { 874 aprint_error_dev(sc->sc_dev,"could not allocate tx data slots\n"); 875 goto fail; 876 } 877 878 memset(ring->data, 0, count * sizeof (struct iwn_tx_data)); 879 880 for (i = 0; i < count; i++) { 881 data = &ring->data[i]; 882 883 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 884 IWN_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 885 &data->map); 886 if (error != 0) { 887 aprint_error_dev(sc->sc_dev, "could not create tx buf DMA map\n"); 888 goto fail; 889 } 890 } 891 892 return 0; 893 894 fail: iwn_free_tx_ring(sc, ring); 895 return error; 896 } 897 898 static void 899 iwn_reset_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 900 { 901 struct iwn_tx_data *data; 902 uint32_t tmp; 903 int i, ntries; 904 905 iwn_mem_lock(sc); 906 907 IWN_WRITE(sc, IWN_TX_CONFIG(ring->qid), 0); 908 for (ntries = 0; ntries < 100; ntries++) { 909 tmp = IWN_READ(sc, IWN_TX_STATUS); 910 if ((tmp & IWN_TX_IDLE(ring->qid)) == IWN_TX_IDLE(ring->qid)) 911 break; 912 DELAY(10); 913 } 914 #ifdef IWN_DEBUG 915 if (ntries == 100 && iwn_debug > 1) { 916 aprint_error_dev(sc->sc_dev, "timeout resetting Tx ring %d\n", ring->qid); 917 } 918 #endif 919 iwn_mem_unlock(sc); 920 921 for (i = 0; i < ring->count; i++) { 922 data = &ring->data[i]; 923 924 if (data->m != NULL) { 925 bus_dmamap_unload(sc->sc_dmat, data->map); 926 m_freem(data->m); 927 data->m = NULL; 928 } 929 } 930 931 ring->queued = 0; 932 ring->cur = 0; 933 } 934 935 static void 936 iwn_free_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 937 { 938 struct iwn_tx_data *data; 939 int i; 940 941 iwn_dma_contig_free(&ring->desc_dma); 942 iwn_dma_contig_free(&ring->cmd_dma); 943 944 if (ring->data != NULL) { 945 for (i = 0; i < ring->count; i++) { 946 data = &ring->data[i]; 947 948 if (data->m != NULL) { 949 bus_dmamap_unload(sc->sc_dmat, data->map); 950 m_freem(data->m); 951 } 952 } 953 free(ring->data, M_DEVBUF); 954 } 955 } 956 957 /*ARGUSED*/ 958 struct ieee80211_node * 959 iwn_node_alloc(struct ieee80211_node_table *nt __unused) 960 { 961 struct iwn_node *wn; 962 963 wn = malloc(sizeof (struct iwn_node), M_80211_NODE, M_NOWAIT | M_ZERO); 964 965 return (struct ieee80211_node *)wn; 966 } 967 968 static void 969 iwn_newassoc(struct ieee80211_node *ni, int isnew) 970 { 971 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc; 972 int i; 973 974 ieee80211_amrr_node_init(&sc->amrr, &((struct iwn_node *)ni)->amn); 975 976 /* set rate to some reasonable initial value */ 977 for (i = ni->ni_rates.rs_nrates - 1; 978 i > 0 && (ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL) > 72; 979 i--); 980 ni->ni_txrate = i; 981 } 982 983 static int 984 iwn_media_change(struct ifnet *ifp) 985 { 986 int error; 987 988 error = ieee80211_media_change(ifp); 989 if (error != ENETRESET) 990 return error; 991 992 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) 993 iwn_init(ifp); 994 995 return 0; 996 } 997 998 static int 999 iwn_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1000 { 1001 struct ifnet *ifp = ic->ic_ifp; 1002 struct iwn_softc *sc = ifp->if_softc; 1003 int error; 1004 1005 callout_stop(&sc->calib_to); 1006 1007 DPRINTF(("iwn_newstate: nstate = %d, ic->ic_state = %d\n", nstate, 1008 ic->ic_state)); 1009 1010 switch (nstate) { 1011 1012 case IEEE80211_S_SCAN: 1013 1014 if (sc->is_scanning) 1015 break; 1016 1017 sc->is_scanning = true; 1018 ieee80211_node_table_reset(&ic->ic_scan); 1019 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1020 1021 /* make the link LED blink while we're scanning */ 1022 iwn_set_led(sc, IWN_LED_LINK, 20, 2); 1023 1024 if ((error = iwn_scan(sc, IEEE80211_CHAN_G)) != 0) { 1025 aprint_error_dev(sc->sc_dev, "could not initiate scan\n"); 1026 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 1027 return error; 1028 } 1029 ic->ic_state = nstate; 1030 return 0; 1031 1032 case IEEE80211_S_ASSOC: 1033 if (ic->ic_state != IEEE80211_S_RUN) 1034 break; 1035 /* FALLTHROUGH */ 1036 case IEEE80211_S_AUTH: 1037 /* cancel any active scan - it apparently breaks auth */ 1038 /*(void)iwn_cmd(sc, IWN_CMD_SCAN_ABORT, NULL, 0, 1);*/ 1039 1040 if ((error = iwn_auth(sc)) != 0) { 1041 aprint_error_dev(sc->sc_dev, 1042 "could not move to auth state\n"); 1043 return error; 1044 } 1045 break; 1046 1047 case IEEE80211_S_RUN: 1048 if ((error = iwn_run(sc)) != 0) { 1049 aprint_error_dev(sc->sc_dev, 1050 "could not move to run state\n"); 1051 return error; 1052 } 1053 break; 1054 1055 case IEEE80211_S_INIT: 1056 sc->is_scanning = false; 1057 break; 1058 } 1059 1060 return sc->sc_newstate(ic, nstate, arg); 1061 } 1062 1063 /* 1064 * Grab exclusive access to NIC memory. 1065 */ 1066 static void 1067 iwn_mem_lock(struct iwn_softc *sc) 1068 { 1069 uint32_t tmp; 1070 int ntries; 1071 1072 tmp = IWN_READ(sc, IWN_GPIO_CTL); 1073 IWN_WRITE(sc, IWN_GPIO_CTL, tmp | IWN_GPIO_MAC); 1074 1075 /* spin until we actually get the lock */ 1076 for (ntries = 0; ntries < 1000; ntries++) { 1077 if ((IWN_READ(sc, IWN_GPIO_CTL) & 1078 (IWN_GPIO_CLOCK | IWN_GPIO_SLEEP)) == IWN_GPIO_CLOCK) 1079 break; 1080 DELAY(10); 1081 } 1082 if (ntries == 1000) 1083 aprint_error_dev(sc->sc_dev, "could not lock memory\n"); 1084 } 1085 1086 /* 1087 * Release lock on NIC memory. 1088 */ 1089 static void 1090 iwn_mem_unlock(struct iwn_softc *sc) 1091 { 1092 uint32_t tmp = IWN_READ(sc, IWN_GPIO_CTL); 1093 IWN_WRITE(sc, IWN_GPIO_CTL, tmp & ~IWN_GPIO_MAC); 1094 } 1095 1096 static uint32_t 1097 iwn_mem_read(struct iwn_softc *sc, uint32_t addr) 1098 { 1099 IWN_WRITE(sc, IWN_READ_MEM_ADDR, IWN_MEM_4 | addr); 1100 return IWN_READ(sc, IWN_READ_MEM_DATA); 1101 } 1102 1103 static void 1104 iwn_mem_write(struct iwn_softc *sc, uint32_t addr, uint32_t data) 1105 { 1106 IWN_WRITE(sc, IWN_WRITE_MEM_ADDR, IWN_MEM_4 | addr); 1107 IWN_WRITE(sc, IWN_WRITE_MEM_DATA, data); 1108 } 1109 1110 static void 1111 iwn_mem_write_region_4(struct iwn_softc *sc, uint32_t addr, 1112 const uint32_t *data, int wlen) 1113 { 1114 for (; wlen > 0; wlen--, data++, addr += 4) 1115 iwn_mem_write(sc, addr, *data); 1116 } 1117 1118 static int 1119 iwn_eeprom_lock(struct iwn_softc *sc) 1120 { 1121 uint32_t tmp; 1122 int ntries; 1123 1124 tmp = IWN_READ(sc, IWN_HWCONFIG); 1125 IWN_WRITE(sc, IWN_HWCONFIG, tmp | IWN_HW_EEPROM_LOCKED); 1126 1127 /* spin until we actually get the lock */ 1128 for (ntries = 0; ntries < 100; ntries++) { 1129 if (IWN_READ(sc, IWN_HWCONFIG) & IWN_HW_EEPROM_LOCKED) 1130 return 0; 1131 DELAY(10); 1132 } 1133 return ETIMEDOUT; 1134 } 1135 1136 static void 1137 iwn_eeprom_unlock(struct iwn_softc *sc) 1138 { 1139 uint32_t tmp = IWN_READ(sc, IWN_HWCONFIG); 1140 IWN_WRITE(sc, IWN_HWCONFIG, tmp & ~IWN_HW_EEPROM_LOCKED); 1141 } 1142 1143 /* 1144 * Read `len' bytes from the EEPROM. We access the EEPROM through the MAC 1145 * instead of using the traditional bit-bang method. 1146 */ 1147 static int 1148 iwn_read_prom_data(struct iwn_softc *sc, uint32_t addr, void *data, int len) 1149 { 1150 uint8_t *out = data; 1151 uint32_t val; 1152 int ntries; 1153 1154 iwn_mem_lock(sc); 1155 for (; len > 0; len -= 2, addr++) { 1156 IWN_WRITE(sc, IWN_EEPROM_CTL, addr << 2); 1157 IWN_WRITE(sc, IWN_EEPROM_CTL, 1158 IWN_READ(sc, IWN_EEPROM_CTL) & ~IWN_EEPROM_CMD); 1159 1160 for (ntries = 0; ntries < 10; ntries++) { 1161 if ((val = IWN_READ(sc, IWN_EEPROM_CTL)) & 1162 IWN_EEPROM_READY) 1163 break; 1164 DELAY(5); 1165 } 1166 if (ntries == 10) { 1167 aprint_error_dev(sc->sc_dev, "could not read EEPROM\n"); 1168 return ETIMEDOUT; 1169 } 1170 *out++ = val >> 16; 1171 if (len > 1) 1172 *out++ = val >> 24; 1173 } 1174 iwn_mem_unlock(sc); 1175 1176 return 0; 1177 } 1178 1179 /* 1180 * The firmware boot code is small and is intended to be copied directly into 1181 * the NIC internal memory. 1182 */ 1183 static int 1184 iwn_load_microcode(struct iwn_softc *sc, const uint8_t *ucode, int size) 1185 { 1186 int ntries; 1187 1188 size /= sizeof (uint32_t); 1189 1190 iwn_mem_lock(sc); 1191 1192 /* copy microcode image into NIC memory */ 1193 iwn_mem_write_region_4(sc, IWN_MEM_UCODE_BASE, 1194 (const uint32_t *)ucode, size); 1195 1196 iwn_mem_write(sc, IWN_MEM_UCODE_SRC, 0); 1197 iwn_mem_write(sc, IWN_MEM_UCODE_DST, IWN_FW_TEXT); 1198 iwn_mem_write(sc, IWN_MEM_UCODE_SIZE, size); 1199 1200 /* run microcode */ 1201 iwn_mem_write(sc, IWN_MEM_UCODE_CTL, IWN_UC_RUN); 1202 1203 /* wait for transfer to complete */ 1204 for (ntries = 0; ntries < 1000; ntries++) { 1205 if (!(iwn_mem_read(sc, IWN_MEM_UCODE_CTL) & IWN_UC_RUN)) 1206 break; 1207 DELAY(10); 1208 } 1209 if (ntries == 1000) { 1210 iwn_mem_unlock(sc); 1211 aprint_error_dev(sc->sc_dev, "could not load boot firmware\n"); 1212 return ETIMEDOUT; 1213 } 1214 iwn_mem_write(sc, IWN_MEM_UCODE_CTL, IWN_UC_ENABLE); 1215 1216 iwn_mem_unlock(sc); 1217 1218 return 0; 1219 } 1220 1221 static int 1222 iwn_load_firmware(struct iwn_softc *sc) 1223 { 1224 struct iwn_dma_info *dma = &sc->fw_dma; 1225 struct iwn_firmware_hdr hdr; 1226 const uint8_t *init_text, *init_data, *main_text, *main_data; 1227 const uint8_t *boot_text; 1228 uint32_t init_textsz, init_datasz, main_textsz, main_datasz; 1229 uint32_t boot_textsz; 1230 firmware_handle_t fw; 1231 u_char *dfw; 1232 size_t size; 1233 int error; 1234 1235 /* load firmware image from disk */ 1236 if ((error = firmware_open("if_iwn","iwlwifi-4965-1.ucode", &fw)) != 0) { 1237 aprint_error_dev(sc->sc_dev, "could not read firmware file\n"); 1238 goto fail1; 1239 } 1240 1241 size = firmware_get_size(fw); 1242 1243 /* extract firmware header information */ 1244 if (size < sizeof (struct iwn_firmware_hdr)) { 1245 aprint_error_dev(sc->sc_dev, "truncated firmware header: %zu bytes\n", size); 1246 1247 error = EINVAL; 1248 goto fail2; 1249 } 1250 1251 1252 if ((error = firmware_read(fw, 0, &hdr, 1253 sizeof (struct iwn_firmware_hdr))) != 0) { 1254 aprint_error_dev(sc->sc_dev, "can't get firmware header\n"); 1255 goto fail2; 1256 } 1257 1258 main_textsz = le32toh(hdr.main_textsz); 1259 main_datasz = le32toh(hdr.main_datasz); 1260 init_textsz = le32toh(hdr.init_textsz); 1261 init_datasz = le32toh(hdr.init_datasz); 1262 boot_textsz = le32toh(hdr.boot_textsz); 1263 1264 /* sanity-check firmware segments sizes */ 1265 if (main_textsz > IWN_FW_MAIN_TEXT_MAXSZ || 1266 main_datasz > IWN_FW_MAIN_DATA_MAXSZ || 1267 init_textsz > IWN_FW_INIT_TEXT_MAXSZ || 1268 init_datasz > IWN_FW_INIT_DATA_MAXSZ || 1269 boot_textsz > IWN_FW_BOOT_TEXT_MAXSZ || 1270 (boot_textsz & 3) != 0) { 1271 aprint_error_dev(sc->sc_dev, "invalid firmware header\n"); 1272 error = EINVAL; 1273 goto fail2; 1274 } 1275 1276 /* check that all firmware segments are present */ 1277 if (size < sizeof (struct iwn_firmware_hdr) + main_textsz + 1278 main_datasz + init_textsz + init_datasz + boot_textsz) { 1279 aprint_error_dev(sc->sc_dev, "firmware file too short: %zu bytes\n", size); 1280 error = EINVAL; 1281 goto fail2; 1282 } 1283 1284 dfw = firmware_malloc(size); 1285 if (dfw == NULL) { 1286 aprint_error_dev(sc->sc_dev, "not enough memory to stock firmware\n"); 1287 error = ENOMEM; 1288 goto fail2; 1289 } 1290 1291 if ((error = firmware_read(fw, 0, dfw, size)) != 0) { 1292 aprint_error_dev(sc->sc_dev, "can't get firmware\n"); 1293 goto fail2; 1294 } 1295 1296 /* get pointers to firmware segments */ 1297 main_text = dfw + sizeof (struct iwn_firmware_hdr); 1298 main_data = main_text + main_textsz; 1299 init_text = main_data + main_datasz; 1300 init_data = init_text + init_textsz; 1301 boot_text = init_data + init_datasz; 1302 1303 /* copy initialization images into pre-allocated DMA-safe memory */ 1304 memcpy(dma->vaddr, init_data, init_datasz); 1305 memcpy((char *)dma->vaddr + IWN_FW_INIT_DATA_MAXSZ, init_text, init_textsz); 1306 1307 /* tell adapter where to find initialization images */ 1308 iwn_mem_lock(sc); 1309 iwn_mem_write(sc, IWN_MEM_DATA_BASE, dma->paddr >> 4); 1310 iwn_mem_write(sc, IWN_MEM_DATA_SIZE, init_datasz); 1311 iwn_mem_write(sc, IWN_MEM_TEXT_BASE, 1312 (dma->paddr + IWN_FW_INIT_DATA_MAXSZ) >> 4); 1313 iwn_mem_write(sc, IWN_MEM_TEXT_SIZE, init_textsz); 1314 iwn_mem_unlock(sc); 1315 1316 /* load firmware boot code */ 1317 if ((error = iwn_load_microcode(sc, boot_text, boot_textsz)) != 0) { 1318 aprint_error_dev(sc->sc_dev, "could not load boot firmware\n"); 1319 goto fail3; 1320 } 1321 1322 /* now press "execute" ;-) */ 1323 IWN_WRITE(sc, IWN_RESET, 0); 1324 1325 /* ..and wait at most one second for adapter to initialize */ 1326 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 1327 /* this isn't what was supposed to happen.. */ 1328 aprint_error_dev(sc->sc_dev, "timeout waiting for adapter to initialize\n"); 1329 } 1330 1331 /* copy runtime images into pre-allocated DMA-safe memory */ 1332 memcpy((char *)dma->vaddr, main_data, main_datasz); 1333 memcpy((char *)dma->vaddr + IWN_FW_MAIN_DATA_MAXSZ, main_text, main_textsz); 1334 1335 /* tell adapter where to find runtime images */ 1336 iwn_mem_lock(sc); 1337 iwn_mem_write(sc, IWN_MEM_DATA_BASE, dma->paddr >> 4); 1338 iwn_mem_write(sc, IWN_MEM_DATA_SIZE, main_datasz); 1339 iwn_mem_write(sc, IWN_MEM_TEXT_BASE, 1340 (dma->paddr + IWN_FW_MAIN_DATA_MAXSZ) >> 4); 1341 iwn_mem_write(sc, IWN_MEM_TEXT_SIZE, IWN_FW_UPDATED | main_textsz); 1342 iwn_mem_unlock(sc); 1343 1344 /* wait at most one second for second alive notification */ 1345 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 1346 /* this isn't what was supposed to happen.. */ 1347 aprint_error_dev(sc->sc_dev, "timeout waiting for adapter to initialize\n"); 1348 } 1349 1350 fail3: firmware_free(dfw,size); 1351 fail2: firmware_close(fw); 1352 fail1: return error; 1353 } 1354 1355 static void 1356 iwn_calib_timeout(void *arg) 1357 { 1358 struct iwn_softc *sc = arg; 1359 struct ieee80211com *ic = &sc->sc_ic; 1360 int s; 1361 1362 /* automatic rate control triggered every 500ms */ 1363 if (ic->ic_fixed_rate == -1) { 1364 s = splnet(); 1365 if (ic->ic_opmode == IEEE80211_M_STA) 1366 iwn_iter_func(sc, ic->ic_bss); 1367 else 1368 ieee80211_iterate_nodes(&ic->ic_sta, iwn_iter_func, sc); 1369 splx(s); 1370 } 1371 1372 /* automatic calibration every 60s */ 1373 if (++sc->calib_cnt >= 120) { 1374 DPRINTF(("sending request for statistics\n")); 1375 (void)iwn_cmd(sc, IWN_CMD_GET_STATISTICS, NULL, 0, 1); 1376 sc->calib_cnt = 0; 1377 } 1378 1379 callout_schedule(&sc->calib_to, hz/2); 1380 1381 } 1382 1383 static void 1384 iwn_iter_func(void *arg, struct ieee80211_node *ni) 1385 { 1386 struct iwn_softc *sc = arg; 1387 struct iwn_node *wn = (struct iwn_node *)ni; 1388 1389 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1390 } 1391 1392 static void 1393 iwn_ampdu_rx_start(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1394 { 1395 struct iwn_rx_stat *stat; 1396 1397 DPRINTFN(2, ("received AMPDU stats\n")); 1398 /* save Rx statistics, they will be used on IWN_AMPDU_RX_DONE */ 1399 stat = (struct iwn_rx_stat *)(desc + 1); 1400 memcpy(&sc->last_rx_stat, stat, sizeof (*stat)); 1401 sc->last_rx_valid = 1; 1402 } 1403 1404 void 1405 iwn_rx_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc, 1406 struct iwn_rx_data *data) 1407 { 1408 struct ieee80211com *ic = &sc->sc_ic; 1409 struct ifnet *ifp = ic->ic_ifp; 1410 struct iwn_rx_ring *ring = &sc->rxq; 1411 struct iwn_rbuf *rbuf; 1412 struct ieee80211_frame *wh; 1413 struct ieee80211_node *ni; 1414 struct mbuf *m, *mnew; 1415 struct iwn_rx_stat *stat; 1416 char *head; 1417 uint32_t *tail; 1418 int len, rssi; 1419 1420 if (desc->type == IWN_AMPDU_RX_DONE) { 1421 /* check for prior AMPDU_RX_START */ 1422 if (!sc->last_rx_valid) { 1423 DPRINTF(("missing AMPDU_RX_START\n")); 1424 ifp->if_ierrors++; 1425 return; 1426 } 1427 sc->last_rx_valid = 0; 1428 stat = &sc->last_rx_stat; 1429 } else 1430 stat = (struct iwn_rx_stat *)(desc + 1); 1431 1432 if (stat->cfg_phy_len > IWN_STAT_MAXLEN) { 1433 aprint_error_dev(sc->sc_dev, "invalid rx statistic header\n"); 1434 ifp->if_ierrors++; 1435 return; 1436 } 1437 1438 if (desc->type == IWN_AMPDU_RX_DONE) { 1439 struct iwn_rx_ampdu *ampdu = 1440 (struct iwn_rx_ampdu *)(desc + 1); 1441 head = (char *)(ampdu + 1); 1442 len = le16toh(ampdu->len); 1443 } else { 1444 head = (char *)(stat + 1) + stat->cfg_phy_len; 1445 len = le16toh(stat->len); 1446 } 1447 1448 DPRINTF(("rx packet len %d\n", len)); 1449 /* discard Rx frames with bad CRC early */ 1450 tail = (uint32_t *)(head + len); 1451 if ((le32toh(*tail) & IWN_RX_NOERROR) != IWN_RX_NOERROR) { 1452 DPRINTFN(2, ("rx flags error %x\n", le32toh(*tail))); 1453 ifp->if_ierrors++; 1454 return; 1455 } 1456 /* XXX for ieee80211_find_rxnode() */ 1457 if (len < sizeof (struct ieee80211_frame)) { 1458 DPRINTF(("frame too short: %d\n", len)); 1459 ic->ic_stats.is_rx_tooshort++; 1460 ifp->if_ierrors++; 1461 return; 1462 } 1463 1464 m = data->m; 1465 1466 /* finalize mbuf */ 1467 m->m_pkthdr.rcvif = ifp; 1468 m->m_data = head; 1469 m->m_pkthdr.len = m->m_len = len; 1470 1471 /* 1472 * See comment in if_wpi.c:wpi_rx_intr() about locking 1473 * nb_free_entries here. In short: it's not required. 1474 */ 1475 if (sc->rxq.nb_free_entries > 0) { 1476 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1477 if (mnew == NULL) { 1478 ic->ic_stats.is_rx_nobuf++; 1479 ifp->if_ierrors++; 1480 return; 1481 } 1482 1483 rbuf = iwn_alloc_rbuf(sc); 1484 1485 /* attach Rx buffer to mbuf */ 1486 MEXTADD(mnew, rbuf->vaddr, IWN_RBUF_SIZE, 0, iwn_free_rbuf, 1487 rbuf); 1488 mnew->m_flags |= M_EXT_RW; 1489 1490 data->m = mnew; 1491 1492 /* update Rx descriptor */ 1493 ring->desc[ring->cur] = htole32(rbuf->paddr >> 8); 1494 } else { 1495 /* no free rbufs, copy frame */ 1496 m = m_dup(m, 0, M_COPYALL, M_DONTWAIT); 1497 if (m == NULL) { 1498 /* no free mbufs either, drop frame */ 1499 ic->ic_stats.is_rx_nobuf++; 1500 ifp->if_ierrors++; 1501 return; 1502 } 1503 } 1504 1505 rssi = iwn_get_rssi(stat); 1506 1507 if (ic->ic_state == IEEE80211_S_SCAN) 1508 iwn_fix_channel(ic, m); 1509 1510 #if NBPFILTER > 0 1511 if (sc->sc_drvbpf != NULL) { 1512 struct iwn_rx_radiotap_header *tap = &sc->sc_rxtap; 1513 1514 tap->wr_flags = 0; 1515 tap->wr_chan_freq = 1516 htole16(ic->ic_channels[stat->chan].ic_freq); 1517 tap->wr_chan_flags = 1518 htole16(ic->ic_channels[stat->chan].ic_flags); 1519 tap->wr_dbm_antsignal = (int8_t)rssi; 1520 tap->wr_dbm_antnoise = (int8_t)sc->noise; 1521 tap->wr_tsft = stat->tstamp; 1522 switch (stat->rate) { 1523 /* CCK rates */ 1524 case 10: tap->wr_rate = 2; break; 1525 case 20: tap->wr_rate = 4; break; 1526 case 55: tap->wr_rate = 11; break; 1527 case 110: tap->wr_rate = 22; break; 1528 /* OFDM rates */ 1529 case 0xd: tap->wr_rate = 12; break; 1530 case 0xf: tap->wr_rate = 18; break; 1531 case 0x5: tap->wr_rate = 24; break; 1532 case 0x7: tap->wr_rate = 36; break; 1533 case 0x9: tap->wr_rate = 48; break; 1534 case 0xb: tap->wr_rate = 72; break; 1535 case 0x1: tap->wr_rate = 96; break; 1536 case 0x3: tap->wr_rate = 108; break; 1537 /* unknown rate: should not happen */ 1538 default: tap->wr_rate = 0; 1539 } 1540 1541 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1542 } 1543 #endif 1544 1545 /* grab a reference to the source node */ 1546 wh = mtod(m, struct ieee80211_frame *); 1547 ni = ieee80211_find_rxnode(ic,(struct ieee80211_frame_min *)wh); 1548 1549 /* send the frame to the 802.11 layer */ 1550 ieee80211_input(ic, m, ni, rssi, 0); 1551 1552 /* node is no longer needed */ 1553 ieee80211_free_node(ni); 1554 } 1555 1556 1557 /* 1558 * XXX: Hack to set the current channel to the value advertised in beacons or 1559 * probe responses. Only used during AP detection. 1560 * XXX: Duplicated from if_iwi.c 1561 */ 1562 static void 1563 iwn_fix_channel(struct ieee80211com *ic, struct mbuf *m) 1564 { 1565 struct ieee80211_frame *wh; 1566 uint8_t subtype; 1567 uint8_t *frm, *efrm; 1568 1569 wh = mtod(m, struct ieee80211_frame *); 1570 1571 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT) 1572 return; 1573 1574 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1575 1576 if (subtype != IEEE80211_FC0_SUBTYPE_BEACON && 1577 subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1578 return; 1579 1580 frm = (uint8_t *)(wh + 1); 1581 efrm = mtod(m, uint8_t *) + m->m_len; 1582 1583 frm += 12; /* skip tstamp, bintval and capinfo fields */ 1584 while (frm < efrm) { 1585 if (*frm == IEEE80211_ELEMID_DSPARMS) 1586 #if IEEE80211_CHAN_MAX < 255 1587 if (frm[2] <= IEEE80211_CHAN_MAX) 1588 #endif 1589 ic->ic_curchan = &ic->ic_channels[frm[2]]; 1590 1591 frm += frm[1] + 2; 1592 } 1593 } 1594 1595 static void 1596 iwn_rx_statistics(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1597 { 1598 struct ieee80211com *ic = &sc->sc_ic; 1599 struct iwn_calib_state *calib = &sc->calib; 1600 struct iwn_stats *stats = (struct iwn_stats *)(desc + 1); 1601 1602 /* ignore beacon statistics received during a scan */ 1603 if (ic->ic_state != IEEE80211_S_RUN) 1604 return; 1605 1606 DPRINTFN(3, ("received statistics (cmd=%d)\n", desc->type)); 1607 sc->calib_cnt = 0; /* reset timeout */ 1608 1609 /* test if temperature has changed */ 1610 if (stats->general.temp != sc->rawtemp) { 1611 int temp; 1612 1613 sc->rawtemp = stats->general.temp; 1614 temp = iwn_get_temperature(sc); 1615 DPRINTFN(2, ("temperature=%d\n", temp)); 1616 1617 /* update Tx power if need be */ 1618 iwn_power_calibration(sc, temp); 1619 } 1620 1621 if (desc->type != IWN_BEACON_STATISTICS) 1622 return; /* reply to a statistics request */ 1623 1624 sc->noise = iwn_get_noise(&stats->rx.general); 1625 DPRINTFN(3, ("noise=%d\n", sc->noise)); 1626 1627 /* test that RSSI and noise are present in stats report */ 1628 if (le32toh(stats->rx.general.flags) != 1) { 1629 DPRINTF(("received statistics without RSSI\n")); 1630 return; 1631 } 1632 1633 if (calib->state == IWN_CALIB_STATE_ASSOC) 1634 iwn_compute_differential_gain(sc, &stats->rx.general); 1635 else if (calib->state == IWN_CALIB_STATE_RUN) 1636 iwn_tune_sensitivity(sc, &stats->rx); 1637 } 1638 1639 static void 1640 iwn_tx_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1641 { 1642 struct ifnet *ifp = sc->sc_ic.ic_ifp; 1643 struct iwn_tx_ring *ring = &sc->txq[desc->qid & 0xf]; 1644 struct iwn_tx_data *txdata = &ring->data[desc->idx]; 1645 struct iwn_tx_stat *stat = (struct iwn_tx_stat *)(desc + 1); 1646 struct iwn_node *wn = (struct iwn_node *)txdata->ni; 1647 uint32_t status; 1648 1649 DPRINTFN(4, ("tx done: qid=%d idx=%d retries=%d nkill=%d rate=%x " 1650 "duration=%d status=%x\n", desc->qid, desc->idx, stat->ntries, 1651 stat->nkill, stat->rate, le16toh(stat->duration), 1652 le32toh(stat->status))); 1653 1654 /* 1655 * Update rate control statistics for the node. 1656 */ 1657 wn->amn.amn_txcnt++; 1658 if (stat->ntries > 0) { 1659 DPRINTFN(3, ("tx intr ntries %d\n", stat->ntries)); 1660 wn->amn.amn_retrycnt++; 1661 } 1662 1663 status = le32toh(stat->status) & 0xff; 1664 if (status != 1 && status != 2) 1665 ifp->if_oerrors++; 1666 else 1667 ifp->if_opackets++; 1668 1669 bus_dmamap_unload(sc->sc_dmat, txdata->map); 1670 m_freem(txdata->m); 1671 txdata->m = NULL; 1672 ieee80211_free_node(txdata->ni); 1673 txdata->ni = NULL; 1674 1675 ring->queued--; 1676 1677 sc->sc_tx_timer = 0; 1678 ifp->if_flags &= ~IFF_OACTIVE; 1679 iwn_start(ifp); 1680 } 1681 1682 static void 1683 iwn_cmd_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1684 { 1685 struct iwn_tx_ring *ring = &sc->txq[4]; 1686 struct iwn_tx_data *data; 1687 1688 if ((desc->qid & 0xf) != 4) 1689 return; /* not a command ack */ 1690 1691 data = &ring->data[desc->idx]; 1692 1693 /* if the command was mapped in a mbuf, free it */ 1694 if (data->m != NULL) { 1695 bus_dmamap_unload(sc->sc_dmat, data->map); 1696 m_freem(data->m); 1697 data->m = NULL; 1698 } 1699 1700 wakeup(&ring->cmd[desc->idx]); 1701 } 1702 1703 static void 1704 iwn_notif_intr(struct iwn_softc *sc) 1705 { 1706 struct ieee80211com *ic = &sc->sc_ic; 1707 struct ifnet *ifp = ic->ic_ifp; 1708 uint16_t hw; 1709 1710 hw = le16toh(sc->shared->closed_count); 1711 while (sc->rxq.cur != hw) { 1712 struct iwn_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1713 struct iwn_rx_desc *desc = (void *)data->m->m_ext.ext_buf; 1714 1715 DPRINTFN(4,("rx notification qid=%x idx=%d flags=%x type=%d " 1716 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1717 le32toh(desc->len))); 1718 1719 if (!(desc->qid & 0x80)) /* reply to a command */ 1720 iwn_cmd_intr(sc, desc); 1721 1722 switch (desc->type) { 1723 case IWN_RX_DONE: 1724 case IWN_AMPDU_RX_DONE: 1725 iwn_rx_intr(sc, desc, data); 1726 break; 1727 1728 case IWN_AMPDU_RX_START: 1729 iwn_ampdu_rx_start(sc, desc); 1730 break; 1731 1732 case IWN_TX_DONE: 1733 /* a 802.11 frame has been transmitted */ 1734 iwn_tx_intr(sc, desc); 1735 break; 1736 1737 case IWN_RX_STATISTICS: 1738 case IWN_BEACON_STATISTICS: 1739 iwn_rx_statistics(sc, desc); 1740 break; 1741 1742 case IWN_BEACON_MISSED: 1743 { 1744 struct iwn_beacon_missed *miss = 1745 (struct iwn_beacon_missed *)(desc + 1); 1746 /* 1747 * If more than 5 consecutive beacons are missed, 1748 * reinitialize the sensitivity state machine. 1749 */ 1750 DPRINTFN(2, ("beacons missed %d/%d\n", 1751 le32toh(miss->consecutive), le32toh(miss->total))); 1752 if (ic->ic_state == IEEE80211_S_RUN && 1753 le32toh(miss->consecutive) > 5) 1754 (void)iwn_init_sensitivity(sc); 1755 break; 1756 } 1757 1758 case IWN_UC_READY: 1759 { 1760 struct iwn_ucode_info *uc = 1761 (struct iwn_ucode_info *)(desc + 1); 1762 1763 /* the microcontroller is ready */ 1764 DPRINTF(("microcode alive notification version=%d.%d " 1765 "subtype=%x alive=%x\n", uc->major, uc->minor, 1766 uc->subtype, le32toh(uc->valid))); 1767 1768 if (le32toh(uc->valid) != 1) { 1769 aprint_error_dev(sc->sc_dev, "microcontroller initialization " 1770 "failed\n"); 1771 break; 1772 } 1773 if (uc->subtype == IWN_UCODE_INIT) { 1774 /* save microcontroller's report */ 1775 memcpy(&sc->ucode_info, uc, sizeof (*uc)); 1776 } 1777 break; 1778 } 1779 case IWN_STATE_CHANGED: 1780 { 1781 uint32_t *status = (uint32_t *)(desc + 1); 1782 1783 /* enabled/disabled notification */ 1784 DPRINTF(("state changed to %x\n", le32toh(*status))); 1785 1786 if (le32toh(*status) & 1) { 1787 /* the radio button has to be pushed */ 1788 aprint_error_dev(sc->sc_dev, "Radio transmitter is off\n"); 1789 /* turn the interface down */ 1790 ifp->if_flags &= ~IFF_UP; 1791 iwn_stop(ifp, 1); 1792 return; /* no further processing */ 1793 } 1794 break; 1795 } 1796 case IWN_START_SCAN: 1797 { 1798 struct iwn_start_scan *scan = 1799 (struct iwn_start_scan *)(desc + 1); 1800 1801 DPRINTFN(2, ("scanning channel %d status %x\n", 1802 scan->chan, le32toh(scan->status))); 1803 1804 /* fix current channel */ 1805 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1806 break; 1807 } 1808 case IWN_STOP_SCAN: 1809 { 1810 struct iwn_stop_scan *scan = 1811 (struct iwn_stop_scan *)(desc + 1); 1812 1813 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1814 scan->nchan, scan->status, scan->chan)); 1815 1816 if (scan->status == 1 && scan->chan <= 14) { 1817 /* 1818 * We just finished scanning 802.11g channels, 1819 * start scanning 802.11a ones. 1820 */ 1821 if (iwn_scan(sc, IEEE80211_CHAN_A) == 0) 1822 break; 1823 } 1824 sc->is_scanning = false; 1825 ieee80211_end_scan(ic); 1826 break; 1827 } 1828 } 1829 1830 sc->rxq.cur = (sc->rxq.cur + 1) % IWN_RX_RING_COUNT; 1831 } 1832 1833 /* tell the firmware what we have processed */ 1834 hw = (hw == 0) ? IWN_RX_RING_COUNT - 1 : hw - 1; 1835 IWN_WRITE(sc, IWN_RX_WIDX, hw & ~7); 1836 } 1837 1838 static int 1839 iwn_intr(void *arg) 1840 { 1841 struct iwn_softc *sc = arg; 1842 struct ifnet *ifp = sc->sc_ic.ic_ifp; 1843 uint32_t r1, r2; 1844 1845 /* disable interrupts */ 1846 IWN_WRITE(sc, IWN_MASK, 0); 1847 1848 r1 = IWN_READ(sc, IWN_INTR); 1849 r2 = IWN_READ(sc, IWN_INTR_STATUS); 1850 1851 if (r1 == 0 && r2 == 0) { 1852 if (ifp->if_flags & IFF_UP) 1853 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 1854 return 0; /* not for us */ 1855 } 1856 1857 if (r1 == 0xffffffff) 1858 return 0; /* hardware gone */ 1859 1860 /* ack interrupts */ 1861 IWN_WRITE(sc, IWN_INTR, r1); 1862 IWN_WRITE(sc, IWN_INTR_STATUS, r2); 1863 1864 DPRINTFN(5, ("interrupt reg1=%x reg2=%x\n", r1, r2)); 1865 1866 if (r1 & IWN_RF_TOGGLED) { 1867 uint32_t tmp = IWN_READ(sc, IWN_GPIO_CTL); 1868 aprint_error_dev(sc->sc_dev, "RF switch: radio %s\n", 1869 (tmp & IWN_GPIO_RF_ENABLED) ? "enabled" : "disabled"); 1870 } 1871 if (r1 & IWN_CT_REACHED) { 1872 aprint_error_dev(sc->sc_dev, "critical temperature reached!\n"); 1873 } 1874 if (r1 & (IWN_SW_ERROR | IWN_HW_ERROR)) { 1875 aprint_error_dev(sc->sc_dev, "fatal firmware error\n"); 1876 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP; 1877 iwn_stop(sc->sc_ic.ic_ifp, 1); 1878 return 1; 1879 } 1880 1881 if ((r1 & (IWN_RX_INTR | IWN_SW_RX_INTR)) || 1882 (r2 & IWN_RX_STATUS_INTR)) 1883 iwn_notif_intr(sc); 1884 1885 if (r1 & IWN_ALIVE_INTR) 1886 wakeup(sc); 1887 1888 /* re-enable interrupts */ 1889 if (ifp->if_flags & IFF_UP) 1890 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 1891 1892 return 1; 1893 } 1894 1895 static uint8_t 1896 iwn_plcp_signal(int rate) 1897 { 1898 switch (rate) { 1899 /* CCK rates (returned values are device-dependent) */ 1900 case 2: return 10; 1901 case 4: return 20; 1902 case 11: return 55; 1903 case 22: return 110; 1904 1905 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 1906 /* R1-R4, (u)ral is R4-R1 */ 1907 case 12: return 0xd; 1908 case 18: return 0xf; 1909 case 24: return 0x5; 1910 case 36: return 0x7; 1911 case 48: return 0x9; 1912 case 72: return 0xb; 1913 case 96: return 0x1; 1914 case 108: return 0x3; 1915 case 120: return 0x3; 1916 } 1917 /* unknown rate (should not get there) */ 1918 return 0; 1919 } 1920 1921 /* determine if a given rate is CCK or OFDM */ 1922 #define IWN_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1923 1924 static int 1925 iwn_tx_data(struct iwn_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, 1926 int ac) 1927 { 1928 struct ieee80211com *ic = &sc->sc_ic; 1929 struct iwn_tx_ring *ring = &sc->txq[ac]; 1930 struct iwn_tx_desc *desc; 1931 struct iwn_tx_data *data; 1932 struct iwn_tx_cmd *cmd; 1933 struct iwn_cmd_data *tx; 1934 struct ieee80211_frame *wh; 1935 struct ieee80211_key *k; 1936 const struct chanAccParams *cap; 1937 struct mbuf *mnew; 1938 bus_addr_t paddr; 1939 uint32_t flags; 1940 uint8_t type; 1941 int i, error, pad, rate, hdrlen, noack = 0; 1942 1943 DPRINTFN(5, ("iwn_tx_data entry\n")); 1944 1945 desc = &ring->desc[ring->cur]; 1946 data = &ring->data[ring->cur]; 1947 1948 wh = mtod(m0, struct ieee80211_frame *); 1949 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1950 1951 if (IEEE80211_QOS_HAS_SEQ(wh)) { 1952 hdrlen = sizeof (struct ieee80211_qosframe); 1953 cap = &ic->ic_wme.wme_chanParams; 1954 noack = cap->cap_wmeParams[ac].wmep_noackPolicy; 1955 } else 1956 hdrlen = sizeof (struct ieee80211_frame); 1957 1958 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1959 k = ieee80211_crypto_encap(ic, ni, m0); 1960 if (k == NULL) { 1961 m_freem(m0); 1962 return ENOBUFS; 1963 } 1964 /* packet header may have moved, reset our local pointer */ 1965 wh = mtod(m0, struct ieee80211_frame *); 1966 } 1967 1968 /* pickup a rate */ 1969 if (type == IEEE80211_FC0_TYPE_MGT) { 1970 /* mgmt frames are sent at the lowest available bit-rate */ 1971 rate = ni->ni_rates.rs_rates[0]; 1972 } else { 1973 if (ic->ic_fixed_rate != -1) { 1974 rate = ic->ic_sup_rates[ic->ic_curmode]. 1975 rs_rates[ic->ic_fixed_rate]; 1976 } else 1977 rate = ni->ni_rates.rs_rates[ni->ni_txrate]; 1978 } 1979 rate &= IEEE80211_RATE_VAL; 1980 1981 #if NBPFILTER > 0 1982 if (sc->sc_drvbpf != NULL) { 1983 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap; 1984 1985 tap->wt_flags = 0; 1986 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1987 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1988 tap->wt_rate = rate; 1989 tap->wt_hwqueue = ac; 1990 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 1991 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1992 1993 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 1994 } 1995 #endif 1996 1997 cmd = &ring->cmd[ring->cur]; 1998 cmd->code = IWN_CMD_TX_DATA; 1999 cmd->flags = 0; 2000 cmd->qid = ring->qid; 2001 cmd->idx = ring->cur; 2002 2003 tx = (struct iwn_cmd_data *)cmd->data; 2004 2005 flags = IWN_TX_AUTO_SEQ; 2006 if (!noack && !IEEE80211_IS_MULTICAST(wh->i_addr1)){ 2007 flags |= IWN_TX_NEED_ACK; 2008 }else if (m0->m_pkthdr.len + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) 2009 flags |= (IWN_TX_NEED_RTS | IWN_TX_FULL_TXOP); 2010 2011 if (IEEE80211_IS_MULTICAST(wh->i_addr1) 2012 || (type != IEEE80211_FC0_TYPE_DATA)) 2013 tx->id = IWN_ID_BROADCAST; 2014 else 2015 tx->id = IWN_ID_BSS; 2016 2017 DPRINTFN(5, ("addr1: %x:%x:%x:%x:%x:%x, id = 0x%x\n", 2018 wh->i_addr1[0], wh->i_addr1[1], wh->i_addr1[2], 2019 wh->i_addr1[3], wh->i_addr1[4], wh->i_addr1[5], tx->id)); 2020 2021 if (type == IEEE80211_FC0_TYPE_MGT) { 2022 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2023 2024 /* tell h/w to set timestamp in probe responses */ 2025 if ((subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) || 2026 (subtype == IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 2027 flags |= IWN_TX_INSERT_TSTAMP; 2028 2029 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2030 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ || 2031 subtype == IEEE80211_FC0_SUBTYPE_AUTH || 2032 subtype == IEEE80211_FC0_SUBTYPE_DEAUTH) { 2033 flags &= ~IWN_TX_NEED_RTS; 2034 flags |= IWN_TX_NEED_CTS; 2035 tx->timeout = htole16(3); 2036 } else 2037 tx->timeout = htole16(2); 2038 } else 2039 tx->timeout = htole16(0); 2040 2041 if (hdrlen & 3) { 2042 /* first segment's length must be a multiple of 4 */ 2043 flags |= IWN_TX_NEED_PADDING; 2044 pad = 4 - (hdrlen & 3); 2045 } else 2046 pad = 0; 2047 2048 if (type == IEEE80211_FC0_TYPE_CTL) { 2049 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2050 2051 /* tell h/w to set timestamp in probe responses */ 2052 if (subtype == 0x0080) /* linux says this is "back request" */ 2053 /* linux says (1 << 6) is IMM_BA_RSP_MASK */ 2054 flags |= (IWN_TX_NEED_ACK | (1 << 6)); 2055 } 2056 2057 2058 tx->flags = htole32(flags); 2059 tx->len = htole16(m0->m_pkthdr.len); 2060 tx->rate = iwn_plcp_signal(rate); 2061 tx->rts_ntries = 60; 2062 tx->data_ntries = 15; 2063 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 2064 2065 /* XXX alternate between Ant A and Ant B ? */ 2066 tx->rflags = IWN_RFLAG_ANT_B; 2067 if (tx->id == IWN_ID_BROADCAST) { 2068 tx->ridx = IWN_MAX_TX_RETRIES - 1; 2069 if (!IWN_RATE_IS_OFDM(rate)) 2070 tx->rflags |= IWN_RFLAG_CCK; 2071 } else { 2072 tx->ridx = 0; 2073 /* tell adapter to ignore rflags */ 2074 tx->flags |= htole32(IWN_TX_USE_NODE_RATE); 2075 } 2076 2077 /* copy and trim IEEE802.11 header */ 2078 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 2079 m_adj(m0, hdrlen); 2080 2081 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 2082 BUS_DMA_WRITE | BUS_DMA_NOWAIT); 2083 if (error != 0 && error != EFBIG) { 2084 aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error); 2085 m_freem(m0); 2086 return error; 2087 } 2088 if (error != 0) { 2089 /* too many fragments, linearize */ 2090 2091 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 2092 if (mnew == NULL) { 2093 m_freem(m0); 2094 return ENOMEM; 2095 } 2096 M_COPY_PKTHDR(mnew, m0); 2097 if (m0->m_pkthdr.len > MHLEN) { 2098 MCLGET(mnew, M_DONTWAIT); 2099 if (!(mnew->m_flags & M_EXT)) { 2100 m_freem(m0); 2101 m_freem(mnew); 2102 return ENOMEM; 2103 } 2104 } 2105 2106 m_copydata(m0, 0, m0->m_pkthdr.len, mtod(mnew, void *)); 2107 m_freem(m0); 2108 mnew->m_len = mnew->m_pkthdr.len; 2109 m0 = mnew; 2110 2111 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 2112 BUS_DMA_WRITE | BUS_DMA_NOWAIT); 2113 if (error != 0) { 2114 aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error); 2115 m_freem(m0); 2116 return error; 2117 } 2118 } 2119 2120 data->m = m0; 2121 data->ni = ni; 2122 2123 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 2124 ring->qid, ring->cur, m0->m_pkthdr.len, data->map->dm_nsegs)); 2125 2126 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 2127 tx->loaddr = htole32(paddr + 4 + 2128 offsetof(struct iwn_cmd_data, ntries)); 2129 tx->hiaddr = 0; /* limit to 32-bit physical addresses */ 2130 2131 /* first scatter/gather segment is used by the tx data command */ 2132 IWN_SET_DESC_NSEGS(desc, 1 + data->map->dm_nsegs); 2133 IWN_SET_DESC_SEG(desc, 0, paddr, 4 + sizeof (*tx) + hdrlen + pad); 2134 for (i = 1; i <= data->map->dm_nsegs; i++) { 2135 IWN_SET_DESC_SEG(desc, i, data->map->dm_segs[i - 1].ds_addr, 2136 data->map->dm_segs[i - 1].ds_len); 2137 } 2138 sc->shared->len[ring->qid][ring->cur] = 2139 htole16(hdrlen + m0->m_pkthdr.len + 8); 2140 if (ring->cur < IWN_TX_WINDOW) { 2141 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 2142 htole16(hdrlen + m0->m_pkthdr.len + 8); 2143 } 2144 2145 ring->queued++; 2146 2147 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 2148 data->map->dm_mapsize /* calc? */, BUS_DMASYNC_PREWRITE); 2149 2150 /* kick ring */ 2151 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 2152 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 2153 2154 return 0; 2155 } 2156 2157 static void 2158 iwn_start(struct ifnet *ifp) 2159 { 2160 struct iwn_softc *sc = ifp->if_softc; 2161 struct ieee80211com *ic = &sc->sc_ic; 2162 struct ieee80211_node *ni; 2163 struct ether_header *eh; 2164 struct mbuf *m0; 2165 int ac; 2166 2167 DPRINTFN(5, ("iwn_start enter\n")); 2168 2169 /* 2170 * net80211 may still try to send management frames even if the 2171 * IFF_RUNNING flag is not set... 2172 */ 2173 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 2174 return; 2175 2176 for (;;) { 2177 IF_DEQUEUE(&ic->ic_mgtq, m0); 2178 if (m0 != NULL) { 2179 /* management frames go into ring 0 */ 2180 2181 2182 ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif; 2183 m0->m_pkthdr.rcvif = NULL; 2184 2185 /* management goes into ring 0 */ 2186 if (sc->txq[0].queued > sc->txq[0].count - 8) { 2187 ifp->if_oerrors++; 2188 continue; 2189 } 2190 2191 #if NBPFILTER > 0 2192 if (ic->ic_rawbpf != NULL) 2193 bpf_mtap(ic->ic_rawbpf, m0); 2194 #endif 2195 if (iwn_tx_data(sc, m0, ni, 0) != 0) { 2196 ifp->if_oerrors++; 2197 break; 2198 } 2199 } else { 2200 if (ic->ic_state != IEEE80211_S_RUN) 2201 break; 2202 IFQ_POLL(&ifp->if_snd, m0); 2203 if (m0 == NULL) 2204 break; 2205 2206 if (m0->m_len < sizeof (*eh) && 2207 (m0 = m_pullup(m0, sizeof (*eh))) == NULL) { 2208 ifp->if_oerrors++; 2209 continue; 2210 } 2211 eh = mtod(m0, struct ether_header *); 2212 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 2213 if (ni == NULL) { 2214 m_freem(m0); 2215 ifp->if_oerrors++; 2216 continue; 2217 } 2218 /* classify mbuf so we can find which tx ring to use */ 2219 if (ieee80211_classify(ic, m0, ni) != 0) { 2220 m_freem(m0); 2221 ieee80211_free_node(ni); 2222 ifp->if_oerrors++; 2223 continue; 2224 } 2225 2226 /* no QoS encapsulation for EAPOL frames */ 2227 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ? 2228 M_WME_GETAC(m0) : WME_AC_BE; 2229 2230 if (sc->txq[ac].queued > sc->txq[ac].count - 8) { 2231 2232 /* there is no place left in this ring */ 2233 ifp->if_flags |= IFF_OACTIVE; 2234 break; 2235 } 2236 IFQ_DEQUEUE(&ifp->if_snd, m0); 2237 #if NBPFILTER > 0 2238 if (ifp->if_bpf != NULL) 2239 bpf_mtap(ifp->if_bpf, m0); 2240 #endif 2241 m0 = ieee80211_encap(ic, m0, ni); 2242 if (m0 == NULL) { 2243 ieee80211_free_node(ni); 2244 ifp->if_oerrors++; 2245 continue; 2246 } 2247 #if NBPFILTER > 0 2248 if (ic->ic_rawbpf != NULL) 2249 bpf_mtap(ic->ic_rawbpf, m0); 2250 #endif 2251 if (iwn_tx_data(sc, m0, ni, ac) != 0) { 2252 ieee80211_free_node(ni); 2253 ifp->if_oerrors++; 2254 break; 2255 } 2256 } 2257 2258 sc->sc_tx_timer = 5; 2259 ifp->if_timer = 1; 2260 } 2261 } 2262 2263 static void 2264 iwn_watchdog(struct ifnet *ifp) 2265 { 2266 struct iwn_softc *sc = ifp->if_softc; 2267 2268 ifp->if_timer = 0; 2269 2270 if (sc->sc_tx_timer > 0) { 2271 if (--sc->sc_tx_timer == 0) { 2272 aprint_error_dev(sc->sc_dev, "device timeout\n"); 2273 ifp->if_flags &= ~IFF_UP; 2274 iwn_stop(ifp, 1); 2275 ifp->if_oerrors++; 2276 return; 2277 } 2278 ifp->if_timer = 1; 2279 } 2280 2281 ieee80211_watchdog(&sc->sc_ic); 2282 } 2283 2284 static int 2285 iwn_ioctl(struct ifnet *ifp, u_long cmd, void * data) 2286 { 2287 2288 #define IS_RUNNING(ifp) \ 2289 ((ifp->if_flags & IFF_UP) && (ifp->if_flags & IFF_RUNNING)) 2290 2291 struct iwn_softc *sc = ifp->if_softc; 2292 struct ieee80211com *ic = &sc->sc_ic; 2293 int s, error = 0; 2294 2295 s = splnet(); 2296 2297 switch (cmd) { 2298 case SIOCSIFFLAGS: 2299 if (ifp->if_flags & IFF_UP) { 2300 if (!(ifp->if_flags & IFF_RUNNING)) 2301 iwn_init(ifp); 2302 } else { 2303 if (ifp->if_flags & IFF_RUNNING) 2304 iwn_stop(ifp, 1); 2305 } 2306 break; 2307 2308 case SIOCADDMULTI: 2309 case SIOCDELMULTI: 2310 /* XXX no h/w multicast filter? --dyoung */ 2311 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 2312 /* setup multicast filter, etc */ 2313 error = 0; 2314 } 2315 break; 2316 2317 default: 2318 error = ieee80211_ioctl(ic, cmd, data); 2319 } 2320 2321 if (error == ENETRESET) { 2322 if (IS_RUNNING(ifp) && 2323 (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)) 2324 iwn_init(ifp); 2325 error = 0; 2326 } 2327 2328 splx(s); 2329 return error; 2330 2331 #undef IS_RUNNING 2332 } 2333 2334 static void 2335 iwn_read_eeprom(struct iwn_softc *sc) 2336 { 2337 struct ieee80211com *ic = &sc->sc_ic; 2338 char domain[4]; 2339 uint16_t val; 2340 int i, error; 2341 2342 if ((error = iwn_eeprom_lock(sc)) != 0) { 2343 aprint_error_dev(sc->sc_dev, "could not lock EEPROM (error=%d)\n", error); 2344 return; 2345 } 2346 /* read and print regulatory domain */ 2347 iwn_read_prom_data(sc, IWN_EEPROM_DOMAIN, domain, 4); 2348 aprint_error_dev(sc->sc_dev, "%.4s", domain); 2349 2350 /* read and print MAC address */ 2351 iwn_read_prom_data(sc, IWN_EEPROM_MAC, ic->ic_myaddr, 6); 2352 aprint_error(", address %s\n", ether_sprintf(ic->ic_myaddr)); 2353 2354 /* read the list of authorized channels */ 2355 for (i = 0; i < IWN_CHAN_BANDS_COUNT; i++) 2356 iwn_read_eeprom_channels(sc, i); 2357 2358 /* read maximum allowed Tx power for 2GHz and 5GHz bands */ 2359 iwn_read_prom_data(sc, IWN_EEPROM_MAXPOW, &val, 2); 2360 sc->maxpwr2GHz = val & 0xff; 2361 sc->maxpwr5GHz = val >> 8; 2362 /* check that EEPROM values are correct */ 2363 if (sc->maxpwr5GHz < 20 || sc->maxpwr5GHz > 50) 2364 sc->maxpwr5GHz = 38; 2365 if (sc->maxpwr2GHz < 20 || sc->maxpwr2GHz > 50) 2366 sc->maxpwr2GHz = 38; 2367 DPRINTF(("maxpwr 2GHz=%d 5GHz=%d\n", sc->maxpwr2GHz, sc->maxpwr5GHz)); 2368 2369 /* read voltage at which samples were taken */ 2370 iwn_read_prom_data(sc, IWN_EEPROM_VOLTAGE, &val, 2); 2371 sc->eeprom_voltage = (int16_t)le16toh(val); 2372 DPRINTF(("voltage=%d (in 0.3V)\n", sc->eeprom_voltage)); 2373 2374 /* read power groups */ 2375 iwn_read_prom_data(sc, IWN_EEPROM_BANDS, sc->bands, sizeof sc->bands); 2376 #ifdef IWN_DEBUG 2377 if (iwn_debug > 0) { 2378 for (i = 0; i < IWN_NBANDS; i++) 2379 iwn_print_power_group(sc, i); 2380 } 2381 #endif 2382 iwn_eeprom_unlock(sc); 2383 } 2384 2385 static void 2386 iwn_read_eeprom_channels(struct iwn_softc *sc, int n) 2387 { 2388 struct ieee80211com *ic = &sc->sc_ic; 2389 const struct iwn_chan_band *band = &iwn_bands[n]; 2390 struct iwn_eeprom_chan channels[IWN_MAX_CHAN_PER_BAND]; 2391 int chan, i; 2392 2393 iwn_read_prom_data(sc, band->addr, channels, 2394 band->nchan * sizeof (struct iwn_eeprom_chan)); 2395 2396 for (i = 0; i < band->nchan; i++) { 2397 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) 2398 continue; 2399 2400 chan = band->chan[i]; 2401 2402 if (n == 0) { /* 2GHz band */ 2403 ic->ic_channels[chan].ic_freq = 2404 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 2405 ic->ic_channels[chan].ic_flags = 2406 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 2407 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 2408 2409 } else { /* 5GHz band */ 2410 /* 2411 * Some adapters support channels 7, 8, 11 and 12 2412 * both in the 2GHz *and* 5GHz bands. 2413 * Because of limitations in our net80211(9) stack, 2414 * we can't support these channels in 5GHz band. 2415 */ 2416 if (chan <= 14) 2417 continue; 2418 2419 ic->ic_channels[chan].ic_freq = 2420 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 2421 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 2422 } 2423 2424 /* is active scan allowed on this channel? */ 2425 if (!(channels[i].flags & IWN_EEPROM_CHAN_ACTIVE)) { 2426 ic->ic_channels[chan].ic_flags |= 2427 IEEE80211_CHAN_PASSIVE; 2428 } 2429 2430 /* save maximum allowed power for this channel */ 2431 sc->maxpwr[chan] = channels[i].maxpwr; 2432 2433 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 2434 chan, channels[i].flags, sc->maxpwr[chan])); 2435 } 2436 } 2437 2438 #ifdef IWN_DEBUG 2439 static void 2440 iwn_print_power_group(struct iwn_softc *sc, int i) 2441 { 2442 struct iwn_eeprom_band *band = &sc->bands[i]; 2443 struct iwn_eeprom_chan_samples *chans = band->chans; 2444 int j, c; 2445 2446 DPRINTF(("===band %d===\n", i)); 2447 DPRINTF(("chan lo=%d, chan hi=%d\n", band->lo, band->hi)); 2448 DPRINTF(("chan1 num=%d\n", chans[0].num)); 2449 for (c = 0; c < IWN_NTXCHAINS; c++) { 2450 for (j = 0; j < IWN_NSAMPLES; j++) { 2451 DPRINTF(("chain %d, sample %d: temp=%d gain=%d " 2452 "power=%d pa_det=%d\n", c, j, 2453 chans[0].samples[c][j].temp, 2454 chans[0].samples[c][j].gain, 2455 chans[0].samples[c][j].power, 2456 chans[0].samples[c][j].pa_det)); 2457 } 2458 } 2459 DPRINTF(("chan2 num=%d\n", chans[1].num)); 2460 for (c = 0; c < IWN_NTXCHAINS; c++) { 2461 for (j = 0; j < IWN_NSAMPLES; j++) { 2462 DPRINTF(("chain %d, sample %d: temp=%d gain=%d " 2463 "power=%d pa_det=%d\n", c, j, 2464 chans[1].samples[c][j].temp, 2465 chans[1].samples[c][j].gain, 2466 chans[1].samples[c][j].power, 2467 chans[1].samples[c][j].pa_det)); 2468 } 2469 } 2470 } 2471 #endif 2472 2473 /* 2474 * Send a command to the firmware. 2475 */ 2476 static int 2477 iwn_cmd(struct iwn_softc *sc, int code, const void *buf, int size, int async) 2478 { 2479 struct iwn_tx_ring *ring = &sc->txq[4]; 2480 struct iwn_tx_desc *desc; 2481 struct iwn_tx_cmd *cmd; 2482 bus_addr_t paddr; 2483 2484 KASSERT(size <= sizeof cmd->data); 2485 2486 desc = &ring->desc[ring->cur]; 2487 cmd = &ring->cmd[ring->cur]; 2488 2489 cmd->code = code; 2490 cmd->flags = 0; 2491 cmd->qid = ring->qid; 2492 cmd->idx = ring->cur; 2493 memcpy(cmd->data, buf, size); 2494 2495 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 2496 2497 IWN_SET_DESC_NSEGS(desc, 1); 2498 IWN_SET_DESC_SEG(desc, 0, paddr, 4 + size); 2499 sc->shared->len[ring->qid][ring->cur] = htole16(8); 2500 if (ring->cur < IWN_TX_WINDOW) { 2501 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 2502 htole16(8); 2503 } 2504 2505 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 0, 2506 4 + size, BUS_DMASYNC_PREWRITE); 2507 2508 /* kick cmd ring */ 2509 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 2510 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 2511 2512 return async ? 0 : tsleep(cmd, PCATCH, "iwncmd", hz); 2513 } 2514 2515 /* 2516 * Configure hardware multi-rate retries for one node. 2517 */ 2518 static int 2519 iwn_setup_node_mrr(struct iwn_softc *sc, uint8_t id, int async) 2520 { 2521 struct ieee80211com *ic = &sc->sc_ic; 2522 struct iwn_cmd_mrr mrr; 2523 int i, ridx; 2524 2525 memset(&mrr, 0, sizeof mrr); 2526 mrr.id = id; 2527 mrr.ssmask = 2; 2528 mrr.dsmask = 3; 2529 mrr.ampdu_disable = 3; 2530 mrr.ampdu_limit = htole16(4000); 2531 2532 if (id == IWN_ID_BSS) 2533 ridx = IWN_OFDM54; 2534 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2535 ridx = IWN_OFDM6; 2536 else 2537 ridx = IWN_CCK1; 2538 for (i = 0; i < IWN_MAX_TX_RETRIES; i++) { 2539 mrr.table[i].rate = iwn_ridx_to_plcp[ridx]; 2540 mrr.table[i].rflags = IWN_RFLAG_ANT_B; 2541 if (ridx <= IWN_CCK11) 2542 mrr.table[i].rflags |= IWN_RFLAG_CCK; 2543 ridx = iwn_prev_ridx[ridx]; 2544 } 2545 return iwn_cmd(sc, IWN_CMD_NODE_MRR_SETUP, &mrr, sizeof mrr, async); 2546 } 2547 2548 static int 2549 iwn_wme_update(struct ieee80211com *ic) 2550 { 2551 #define IWN_EXP2(v) htole16((1 << (v)) - 1) 2552 #define IWN_USEC(v) htole16(IEEE80211_TXOP_TO_US(v)) 2553 struct iwn_softc *sc = ic->ic_ifp->if_softc; 2554 const struct wmeParams *wmep; 2555 struct iwn_wme_setup wme; 2556 int ac; 2557 2558 /* don't override default WME values if WME is not actually enabled */ 2559 if (!(ic->ic_flags & IEEE80211_F_WME)) 2560 return 0; 2561 2562 wme.flags = 0; 2563 for (ac = 0; ac < WME_NUM_AC; ac++) { 2564 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac]; 2565 wme.ac[ac].aifsn = wmep->wmep_aifsn; 2566 wme.ac[ac].cwmin = IWN_EXP2(wmep->wmep_logcwmin); 2567 wme.ac[ac].cwmax = IWN_EXP2(wmep->wmep_logcwmax); 2568 wme.ac[ac].txop = IWN_USEC(wmep->wmep_txopLimit); 2569 2570 DPRINTF(("setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 2571 "txop=%d\n", ac, wme.ac[ac].aifsn, wme.ac[ac].cwmin, 2572 wme.ac[ac].cwmax, wme.ac[ac].txop)); 2573 } 2574 2575 return iwn_cmd(sc, IWN_CMD_SET_WME, &wme, sizeof wme, 1); 2576 #undef IWN_USEC 2577 #undef IWN_EXP2 2578 } 2579 2580 2581 2582 static void 2583 iwn_set_led(struct iwn_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2584 { 2585 struct iwn_cmd_led led; 2586 2587 led.which = which; 2588 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2589 led.off = off; 2590 led.on = on; 2591 2592 (void)iwn_cmd(sc, IWN_CMD_SET_LED, &led, sizeof led, 1); 2593 } 2594 2595 /* 2596 * Set the critical temperature at which the firmware will automatically stop 2597 * the radio transmitter. 2598 */ 2599 static int 2600 iwn_set_critical_temp(struct iwn_softc *sc) 2601 { 2602 struct iwn_ucode_info *uc = &sc->ucode_info; 2603 struct iwn_critical_temp crit; 2604 uint32_t r1, r2, r3, temp; 2605 2606 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_CTEMP_STOP_RF); 2607 2608 r1 = le32toh(uc->temp[0].chan20MHz); 2609 r2 = le32toh(uc->temp[1].chan20MHz); 2610 r3 = le32toh(uc->temp[2].chan20MHz); 2611 /* inverse function of iwn_get_temperature() */ 2612 2613 temp = r2 + ((IWN_CTOK(110) * (r3 - r1)) / 259); 2614 2615 memset(&crit, 0, sizeof crit); 2616 crit.tempR = htole32(temp); 2617 DPRINTF(("setting critical temperature to %u\n", temp)); 2618 return iwn_cmd(sc, IWN_CMD_SET_CRITICAL_TEMP, &crit, sizeof crit, 0); 2619 } 2620 2621 static void 2622 iwn_enable_tsf(struct iwn_softc *sc, struct ieee80211_node *ni) 2623 { 2624 struct iwn_cmd_tsf tsf; 2625 uint64_t val, mod; 2626 2627 memset(&tsf, 0, sizeof tsf); 2628 memcpy(&tsf.tstamp, ni->ni_tstamp.data, 8); 2629 tsf.bintval = htole16(ni->ni_intval); 2630 tsf.lintval = htole16(10); 2631 2632 /* compute remaining time until next beacon */ 2633 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2634 mod = le64toh(tsf.tstamp) % val; 2635 tsf.binitval = htole32((uint32_t)(val - mod)); 2636 2637 DPRINTF(("TSF bintval=%u tstamp=%" PRIu64 ", init=%" PRIu64 "\n", 2638 ni->ni_intval, le64toh(tsf.tstamp), val - mod)); 2639 2640 if (iwn_cmd(sc, IWN_CMD_TSF, &tsf, sizeof tsf, 1) != 0) 2641 aprint_error_dev(sc->sc_dev, "could not enable TSF\n"); 2642 } 2643 2644 static void 2645 iwn_power_calibration(struct iwn_softc *sc, int temp) 2646 { 2647 struct ieee80211com *ic = &sc->sc_ic; 2648 2649 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2650 2651 /* adjust Tx power if need be (delta >= 3C) */ 2652 if (abs(temp - sc->temp) < 3) 2653 return; 2654 2655 sc->temp = temp; 2656 2657 DPRINTF(("setting Tx power for channel %d\n", 2658 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan))); 2659 if (iwn_set_txpower(sc, ic->ic_bss->ni_chan, 1) != 0) { 2660 /* just warn, too bad for the automatic calibration... */ 2661 aprint_error_dev(sc->sc_dev, "could not adjust Tx power\n"); 2662 } 2663 } 2664 2665 /* 2666 * Set Tx power for a given channel (each rate has its own power settings). 2667 * This function takes into account the regulatory information from EEPROM, 2668 * the current temperature and the current voltage. 2669 */ 2670 static int 2671 iwn_set_txpower(struct iwn_softc *sc, struct ieee80211_channel *ch, int async) 2672 { 2673 /* fixed-point arithmetic division using a n-bit fractional part */ 2674 #define fdivround(a, b, n) \ 2675 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2676 /* linear interpolation */ 2677 #define interpolate(x, x1, y1, x2, y2, n) \ 2678 ((y1) + fdivround(((int)(x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2679 2680 static const int tdiv[IWN_NATTEN_GROUPS] = { 9, 8, 8, 8, 6 }; 2681 struct ieee80211com *ic = &sc->sc_ic; 2682 struct iwn_ucode_info *uc = &sc->ucode_info; 2683 struct iwn_cmd_txpower cmd; 2684 struct iwn_eeprom_chan_samples *chans; 2685 const uint8_t *rf_gain, *dsp_gain; 2686 int32_t vdiff, tdiff; 2687 int i, c, grp, maxpwr; 2688 u_int chan; 2689 2690 /* get channel number */ 2691 chan = ieee80211_chan2ieee(ic, ch); 2692 2693 memset(&cmd, 0, sizeof cmd); 2694 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2695 cmd.chan = chan; 2696 2697 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2698 maxpwr = sc->maxpwr5GHz; 2699 rf_gain = iwn_rf_gain_5ghz; 2700 dsp_gain = iwn_dsp_gain_5ghz; 2701 } else { 2702 maxpwr = sc->maxpwr2GHz; 2703 rf_gain = iwn_rf_gain_2ghz; 2704 dsp_gain = iwn_dsp_gain_2ghz; 2705 } 2706 2707 /* compute voltage compensation */ 2708 vdiff = ((int32_t)le32toh(uc->volt) - sc->eeprom_voltage) / 7; 2709 if (vdiff > 0) 2710 vdiff *= 2; 2711 if (abs(vdiff) > 2) 2712 vdiff = 0; 2713 DPRINTF(("voltage compensation=%d (UCODE=%d, EEPROM=%d)\n", 2714 vdiff, le32toh(uc->volt), sc->eeprom_voltage)); 2715 2716 /* get channel's attenuation group */ 2717 if (chan <= 20) /* 1-20 */ 2718 grp = 4; 2719 else if (chan <= 43) /* 34-43 */ 2720 grp = 0; 2721 else if (chan <= 70) /* 44-70 */ 2722 grp = 1; 2723 else if (chan <= 124) /* 71-124 */ 2724 grp = 2; 2725 else /* 125-200 */ 2726 grp = 3; 2727 DPRINTF(("chan %d, attenuation group=%d\n", chan, grp)); 2728 2729 /* get channel's sub-band */ 2730 for (i = 0; i < IWN_NBANDS; i++) 2731 if (sc->bands[i].lo != 0 && 2732 sc->bands[i].lo <= chan && chan <= sc->bands[i].hi) 2733 break; 2734 chans = sc->bands[i].chans; 2735 DPRINTF(("chan %d sub-band=%d\n", chan, i)); 2736 2737 for (c = 0; c < IWN_NTXCHAINS; c++) { 2738 uint8_t power, gain, temp; 2739 int maxchpwr, pwr, ridx, idx; 2740 2741 power = interpolate(chan, 2742 chans[0].num, chans[0].samples[c][1].power, 2743 chans[1].num, chans[1].samples[c][1].power, 1); 2744 gain = interpolate(chan, 2745 chans[0].num, chans[0].samples[c][1].gain, 2746 chans[1].num, chans[1].samples[c][1].gain, 1); 2747 temp = interpolate(chan, 2748 chans[0].num, chans[0].samples[c][1].temp, 2749 chans[1].num, chans[1].samples[c][1].temp, 1); 2750 DPRINTF(("Tx chain %d: power=%d gain=%d temp=%d\n", 2751 c, power, gain, temp)); 2752 2753 /* compute temperature compensation */ 2754 tdiff = ((sc->temp - temp) * 2) / tdiv[grp]; 2755 DPRINTF(("temperature compensation=%d (current=%d, " 2756 "EEPROM=%d)\n", tdiff, sc->temp, temp)); 2757 2758 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) { 2759 maxchpwr = sc->maxpwr[chan] * 2; 2760 if ((ridx / 8) & 1) { 2761 /* MIMO: decrease Tx power (-3dB) */ 2762 maxchpwr -= 6; 2763 } 2764 2765 pwr = maxpwr - 10; 2766 2767 /* decrease power for highest OFDM rates */ 2768 if ((ridx % 8) == 5) /* 48Mbit/s */ 2769 pwr -= 5; 2770 else if ((ridx % 8) == 6) /* 54Mbit/s */ 2771 pwr -= 7; 2772 else if ((ridx % 8) == 7) /* 60Mbit/s */ 2773 pwr -= 10; 2774 2775 if (pwr > maxchpwr) 2776 pwr = maxchpwr; 2777 2778 idx = gain - (pwr - power) - tdiff - vdiff; 2779 if ((ridx / 8) & 1) /* MIMO */ 2780 idx += (int32_t)le32toh(uc->atten[grp][c]); 2781 2782 if (cmd.band == 0) 2783 idx += 9; /* 5GHz */ 2784 if (ridx == IWN_RIDX_MAX) 2785 idx += 5; /* CCK */ 2786 2787 /* make sure idx stays in a valid range */ 2788 if (idx < 0) 2789 idx = 0; 2790 else if (idx > IWN_MAX_PWR_INDEX) 2791 idx = IWN_MAX_PWR_INDEX; 2792 2793 DPRINTF(("Tx chain %d, rate idx %d: power=%d\n", 2794 c, ridx, idx)); 2795 cmd.power[ridx].rf_gain[c] = rf_gain[idx]; 2796 cmd.power[ridx].dsp_gain[c] = dsp_gain[idx]; 2797 } 2798 } 2799 2800 DPRINTF(("setting tx power for chan %d\n", chan)); 2801 return iwn_cmd(sc, IWN_CMD_TXPOWER, &cmd, sizeof cmd, async); 2802 2803 #undef interpolate 2804 #undef fdivround 2805 } 2806 2807 /* 2808 * Get the best (maximum) RSSI among Rx antennas (in dBm). 2809 */ 2810 static int 2811 iwn_get_rssi(const struct iwn_rx_stat *stat) 2812 { 2813 uint8_t mask, agc; 2814 int rssi; 2815 2816 mask = (le16toh(stat->antenna) >> 4) & 0x7; 2817 agc = (le16toh(stat->agc) >> 7) & 0x7f; 2818 2819 rssi = 0; 2820 if (mask & (1 << 0)) /* Ant A */ 2821 rssi = max(rssi, stat->rssi[0]); 2822 if (mask & (1 << 1)) /* Ant B */ 2823 rssi = max(rssi, stat->rssi[2]); 2824 if (mask & (1 << 2)) /* Ant C */ 2825 rssi = max(rssi, stat->rssi[4]); 2826 2827 return rssi - agc - IWN_RSSI_TO_DBM; 2828 } 2829 2830 /* 2831 * Get the average noise among Rx antennas (in dBm). 2832 */ 2833 static int 2834 iwn_get_noise(const struct iwn_rx_general_stats *stats) 2835 { 2836 int i, total, nbant, noise; 2837 2838 total = nbant = 0; 2839 for (i = 0; i < 3; i++) { 2840 if ((noise = le32toh(stats->noise[i]) & 0xff) == 0) 2841 continue; 2842 total += noise; 2843 nbant++; 2844 } 2845 /* there should be at least one antenna but check anyway */ 2846 return (nbant == 0) ? -127 : (total / nbant) - 107; 2847 } 2848 2849 /* 2850 * Read temperature (in degC) from the on-board thermal sensor. 2851 */ 2852 static int 2853 iwn_get_temperature(struct iwn_softc *sc) 2854 { 2855 struct iwn_ucode_info *uc = &sc->ucode_info; 2856 int32_t r1, r2, r3, r4, temp; 2857 2858 r1 = le32toh(uc->temp[0].chan20MHz); 2859 r2 = le32toh(uc->temp[1].chan20MHz); 2860 r3 = le32toh(uc->temp[2].chan20MHz); 2861 r4 = le32toh(sc->rawtemp); 2862 2863 if (r1 == r3) /* prevents division by 0 (should not happen) */ 2864 return 0; 2865 2866 /* sign-extend 23-bit R4 value to 32-bit */ 2867 r4 = (r4 << 8) >> 8; 2868 /* compute temperature */ 2869 temp = (259 * (r4 - r2)) / (r3 - r1); 2870 temp = (temp * 97) / 100 + 8; 2871 2872 DPRINTF(("temperature %dK/%dC\n", temp, IWN_KTOC(temp))); 2873 return IWN_KTOC(temp); 2874 } 2875 2876 /* 2877 * Initialize sensitivity calibration state machine. 2878 */ 2879 static int 2880 iwn_init_sensitivity(struct iwn_softc *sc) 2881 { 2882 struct iwn_calib_state *calib = &sc->calib; 2883 struct iwn_phy_calib_cmd cmd; 2884 int error; 2885 2886 /* reset calibration state */ 2887 memset(calib, 0, sizeof (*calib)); 2888 calib->state = IWN_CALIB_STATE_INIT; 2889 calib->cck_state = IWN_CCK_STATE_HIFA; 2890 /* initial values taken from the reference driver */ 2891 calib->corr_ofdm_x1 = 105; 2892 calib->corr_ofdm_mrc_x1 = 220; 2893 calib->corr_ofdm_x4 = 90; 2894 calib->corr_ofdm_mrc_x4 = 170; 2895 calib->corr_cck_x4 = 125; 2896 calib->corr_cck_mrc_x4 = 200; 2897 calib->energy_cck = 100; 2898 2899 /* write initial sensitivity values */ 2900 if ((error = iwn_send_sensitivity(sc)) != 0) 2901 return error; 2902 2903 memset(&cmd, 0, sizeof cmd); 2904 cmd.code = IWN_SET_DIFF_GAIN; 2905 /* differential gains initially set to 0 for all 3 antennas */ 2906 DPRINTF(("setting differential gains\n")); 2907 return iwn_cmd(sc, IWN_PHY_CALIB, &cmd, sizeof cmd, 1); 2908 } 2909 2910 /* 2911 * Collect noise and RSSI statistics for the first 20 beacons received 2912 * after association and use them to determine connected antennas and 2913 * set differential gains. 2914 */ 2915 static void 2916 iwn_compute_differential_gain(struct iwn_softc *sc, 2917 const struct iwn_rx_general_stats *stats) 2918 { 2919 struct iwn_calib_state *calib = &sc->calib; 2920 struct iwn_phy_calib_cmd cmd; 2921 int i, val; 2922 2923 /* accumulate RSSI and noise for all 3 antennas */ 2924 for (i = 0; i < 3; i++) { 2925 calib->rssi[i] += le32toh(stats->rssi[i]) & 0xff; 2926 calib->noise[i] += le32toh(stats->noise[i]) & 0xff; 2927 } 2928 2929 /* we update differential gain only once after 20 beacons */ 2930 if (++calib->nbeacons < 20) 2931 return; 2932 2933 /* determine antenna with highest average RSSI */ 2934 val = max(calib->rssi[0], calib->rssi[1]); 2935 val = max(calib->rssi[2], val); 2936 2937 /* determine which antennas are connected */ 2938 sc->antmsk = 0; 2939 for (i = 0; i < 3; i++) 2940 if (val - calib->rssi[i] <= 15 * 20) 2941 sc->antmsk |= 1 << i; 2942 /* if neither Ant A and Ant B are connected.. */ 2943 if ((sc->antmsk & (1 << 0 | 1 << 1)) == 0) 2944 sc->antmsk |= 1 << 1; /* ..mark Ant B as connected! */ 2945 2946 /* get minimal noise among connected antennas */ 2947 val = INT_MAX; /* ok, there's at least one */ 2948 for (i = 0; i < 3; i++) 2949 if (sc->antmsk & (1 << i)) 2950 val = min(calib->noise[i], val); 2951 2952 memset(&cmd, 0, sizeof cmd); 2953 cmd.code = IWN_SET_DIFF_GAIN; 2954 /* set differential gains for connected antennas */ 2955 for (i = 0; i < 3; i++) { 2956 if (sc->antmsk & (1 << i)) { 2957 cmd.gain[i] = (calib->noise[i] - val) / 30; 2958 /* limit differential gain to 3 */ 2959 cmd.gain[i] = min(cmd.gain[i], 3); 2960 cmd.gain[i] |= IWN_GAIN_SET; 2961 } 2962 } 2963 DPRINTF(("setting differential gains Ant A/B/C: %x/%x/%x (%x)\n", 2964 cmd.gain[0], cmd.gain[1], cmd.gain[2], sc->antmsk)); 2965 if (iwn_cmd(sc, IWN_PHY_CALIB, &cmd, sizeof cmd, 1) == 0) 2966 calib->state = IWN_CALIB_STATE_RUN; 2967 } 2968 2969 /* 2970 * Tune RF Rx sensitivity based on the number of false alarms detected 2971 * during the last beacon period. 2972 */ 2973 static void 2974 iwn_tune_sensitivity(struct iwn_softc *sc, const struct iwn_rx_stats *stats) 2975 { 2976 #define inc_clip(val, inc, max) \ 2977 if ((val) < (max)) { \ 2978 if ((val) < (max) - (inc)) \ 2979 (val) += (inc); \ 2980 else \ 2981 (val) = (max); \ 2982 needs_update = 1; \ 2983 } 2984 #define dec_clip(val, dec, min) \ 2985 if ((val) > (min)) { \ 2986 if ((val) > (min) + (dec)) \ 2987 (val) -= (dec); \ 2988 else \ 2989 (val) = (min); \ 2990 needs_update = 1; \ 2991 } 2992 2993 struct iwn_calib_state *calib = &sc->calib; 2994 uint32_t val, rxena, fa; 2995 uint32_t energy[3], energy_min; 2996 uint8_t noise[3], noise_ref; 2997 int i, needs_update = 0; 2998 2999 /* check that we've been enabled long enough */ 3000 if ((rxena = le32toh(stats->general.load)) == 0) 3001 return; 3002 3003 /* compute number of false alarms since last call for OFDM */ 3004 fa = le32toh(stats->ofdm.bad_plcp) - calib->bad_plcp_ofdm; 3005 fa += le32toh(stats->ofdm.fa) - calib->fa_ofdm; 3006 fa *= 200 * 1024; /* 200TU */ 3007 3008 /* save counters values for next call */ 3009 calib->bad_plcp_ofdm = le32toh(stats->ofdm.bad_plcp); 3010 calib->fa_ofdm = le32toh(stats->ofdm.fa); 3011 3012 if (fa > 50 * rxena) { 3013 /* high false alarm count, decrease sensitivity */ 3014 DPRINTFN(2, ("OFDM high false alarm count: %u\n", fa)); 3015 inc_clip(calib->corr_ofdm_x1, 1, 140); 3016 inc_clip(calib->corr_ofdm_mrc_x1, 1, 270); 3017 inc_clip(calib->corr_ofdm_x4, 1, 120); 3018 inc_clip(calib->corr_ofdm_mrc_x4, 1, 210); 3019 3020 } else if (fa < 5 * rxena) { 3021 /* low false alarm count, increase sensitivity */ 3022 DPRINTFN(2, ("OFDM low false alarm count: %u\n", fa)); 3023 dec_clip(calib->corr_ofdm_x1, 1, 105); 3024 dec_clip(calib->corr_ofdm_mrc_x1, 1, 220); 3025 dec_clip(calib->corr_ofdm_x4, 1, 85); 3026 dec_clip(calib->corr_ofdm_mrc_x4, 1, 170); 3027 } 3028 3029 /* compute maximum noise among 3 antennas */ 3030 for (i = 0; i < 3; i++) 3031 noise[i] = (le32toh(stats->general.noise[i]) >> 8) & 0xff; 3032 val = max(noise[0], noise[1]); 3033 val = max(noise[2], val); 3034 /* insert it into our samples table */ 3035 calib->noise_samples[calib->cur_noise_sample] = val; 3036 calib->cur_noise_sample = (calib->cur_noise_sample + 1) % 20; 3037 3038 /* compute maximum noise among last 20 samples */ 3039 noise_ref = calib->noise_samples[0]; 3040 for (i = 1; i < 20; i++) 3041 noise_ref = max(noise_ref, calib->noise_samples[i]); 3042 3043 /* compute maximum energy among 3 antennas */ 3044 for (i = 0; i < 3; i++) 3045 energy[i] = le32toh(stats->general.energy[i]); 3046 val = min(energy[0], energy[1]); 3047 val = min(energy[2], val); 3048 /* insert it into our samples table */ 3049 calib->energy_samples[calib->cur_energy_sample] = val; 3050 calib->cur_energy_sample = (calib->cur_energy_sample + 1) % 10; 3051 3052 /* compute minimum energy among last 10 samples */ 3053 energy_min = calib->energy_samples[0]; 3054 for (i = 1; i < 10; i++) 3055 energy_min = max(energy_min, calib->energy_samples[i]); 3056 energy_min += 6; 3057 3058 /* compute number of false alarms since last call for CCK */ 3059 fa = le32toh(stats->cck.bad_plcp) - calib->bad_plcp_cck; 3060 fa += le32toh(stats->cck.fa) - calib->fa_cck; 3061 fa *= 200 * 1024; /* 200TU */ 3062 3063 /* save counters values for next call */ 3064 calib->bad_plcp_cck = le32toh(stats->cck.bad_plcp); 3065 calib->fa_cck = le32toh(stats->cck.fa); 3066 3067 if (fa > 50 * rxena) { 3068 /* high false alarm count, decrease sensitivity */ 3069 DPRINTFN(2, ("CCK high false alarm count: %u\n", fa)); 3070 calib->cck_state = IWN_CCK_STATE_HIFA; 3071 calib->low_fa = 0; 3072 3073 if (calib->corr_cck_x4 > 160) { 3074 calib->noise_ref = noise_ref; 3075 if (calib->energy_cck > 2) 3076 dec_clip(calib->energy_cck, 2, energy_min); 3077 } 3078 if (calib->corr_cck_x4 < 160) { 3079 calib->corr_cck_x4 = 161; 3080 needs_update = 1; 3081 } else 3082 inc_clip(calib->corr_cck_x4, 3, 200); 3083 3084 inc_clip(calib->corr_cck_mrc_x4, 3, 400); 3085 3086 } else if (fa < 5 * rxena) { 3087 /* low false alarm count, increase sensitivity */ 3088 DPRINTFN(2, ("CCK low false alarm count: %u\n", fa)); 3089 calib->cck_state = IWN_CCK_STATE_LOFA; 3090 calib->low_fa++; 3091 3092 if (calib->cck_state != 0 && 3093 ((calib->noise_ref - noise_ref) > 2 || 3094 calib->low_fa > 100)) { 3095 inc_clip(calib->energy_cck, 2, 97); 3096 dec_clip(calib->corr_cck_x4, 3, 125); 3097 dec_clip(calib->corr_cck_mrc_x4, 3, 200); 3098 } 3099 } else { 3100 /* not worth to increase or decrease sensitivity */ 3101 DPRINTFN(2, ("CCK normal false alarm count: %u\n", fa)); 3102 calib->low_fa = 0; 3103 calib->noise_ref = noise_ref; 3104 3105 if (calib->cck_state == IWN_CCK_STATE_HIFA) { 3106 /* previous interval had many false alarms */ 3107 dec_clip(calib->energy_cck, 8, energy_min); 3108 } 3109 calib->cck_state = IWN_CCK_STATE_INIT; 3110 } 3111 3112 if (needs_update) 3113 (void)iwn_send_sensitivity(sc); 3114 #undef dec_clip 3115 #undef inc_clip 3116 } 3117 3118 static int 3119 iwn_send_sensitivity(struct iwn_softc *sc) 3120 { 3121 struct iwn_calib_state *calib = &sc->calib; 3122 struct iwn_sensitivity_cmd cmd; 3123 3124 memset(&cmd, 0, sizeof cmd); 3125 cmd.which = IWN_SENSITIVITY_WORKTBL; 3126 /* OFDM modulation */ 3127 cmd.corr_ofdm_x1 = le16toh(calib->corr_ofdm_x1); 3128 cmd.corr_ofdm_mrc_x1 = le16toh(calib->corr_ofdm_mrc_x1); 3129 cmd.corr_ofdm_x4 = le16toh(calib->corr_ofdm_x4); 3130 cmd.corr_ofdm_mrc_x4 = le16toh(calib->corr_ofdm_mrc_x4); 3131 cmd.energy_ofdm = le16toh(100); 3132 cmd.energy_ofdm_th = le16toh(62); 3133 /* CCK modulation */ 3134 cmd.corr_cck_x4 = le16toh(calib->corr_cck_x4); 3135 cmd.corr_cck_mrc_x4 = le16toh(calib->corr_cck_mrc_x4); 3136 cmd.energy_cck = le16toh(calib->energy_cck); 3137 /* Barker modulation: use default values */ 3138 cmd.corr_barker = le16toh(190); 3139 cmd.corr_barker_mrc = le16toh(390); 3140 3141 DPRINTFN(2, ("setting sensitivity\n")); 3142 return iwn_cmd(sc, IWN_SENSITIVITY, &cmd, sizeof cmd, 1); 3143 } 3144 3145 static int 3146 iwn_add_node(struct iwn_softc *sc, struct ieee80211_node *ni, bool broadcast, 3147 bool async, uint32_t htflags) 3148 { 3149 struct iwn_node_info node; 3150 int error; 3151 3152 error = 0; 3153 3154 memset(&node, 0, sizeof node); 3155 if (broadcast == true) { 3156 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 3157 node.id = IWN_ID_BROADCAST; 3158 DPRINTF(("adding broadcast node\n")); 3159 } else { 3160 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3161 node.id = IWN_ID_BSS; 3162 node.htflags = htole32(htflags); 3163 DPRINTF(("adding BSS node\n")); 3164 } 3165 3166 error = iwn_cmd(sc, IWN_CMD_ADD_NODE, &node, sizeof node, async); 3167 if (error != 0) { 3168 aprint_error_dev(sc->sc_dev, "could not add %s node\n", 3169 (broadcast == 1)? "broadcast" : "BSS"); 3170 return error; 3171 } 3172 DPRINTF(("setting MRR for node %d\n", node.id)); 3173 if ((error = iwn_setup_node_mrr(sc, node.id, async)) != 0) { 3174 aprint_error_dev(sc->sc_dev, 3175 "could not setup MRR for %s node\n", 3176 (broadcast == 1)? "broadcast" : "BSS"); 3177 return error; 3178 } 3179 3180 return error; 3181 } 3182 3183 static int 3184 iwn_auth(struct iwn_softc *sc) 3185 { 3186 struct ieee80211com *ic = &sc->sc_ic; 3187 struct ieee80211_node *ni = ic->ic_bss; 3188 int error; 3189 3190 sc->calib.state = IWN_CALIB_STATE_INIT; 3191 3192 /* update adapter's configuration */ 3193 sc->config.associd = 0; 3194 IEEE80211_ADDR_COPY(sc->config.bssid, ni->ni_bssid); 3195 sc->config.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 3196 sc->config.flags = htole32(IWN_CONFIG_TSF); 3197 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { 3198 sc->config.flags |= htole32(IWN_CONFIG_AUTO | 3199 IWN_CONFIG_24GHZ); 3200 } 3201 switch (ic->ic_curmode) { 3202 case IEEE80211_MODE_11A: 3203 sc->config.cck_mask = 0; 3204 sc->config.ofdm_mask = 0x15; 3205 break; 3206 case IEEE80211_MODE_11B: 3207 sc->config.cck_mask = 0x03; 3208 sc->config.ofdm_mask = 0; 3209 break; 3210 default: /* assume 802.11b/g */ 3211 sc->config.cck_mask = 0xf; 3212 sc->config.ofdm_mask = 0x15; 3213 } 3214 3215 /* iwn_enable_tsf(sc, ni);*/ 3216 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3217 sc->config.flags |= htole32(IWN_CONFIG_SHSLOT); 3218 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3219 sc->config.flags |= htole32(IWN_CONFIG_SHPREAMBLE); 3220 sc->config.filter &= ~htole32(IWN_FILTER_BSS); 3221 3222 DPRINTF(("config chan %d flags %x cck %x ofdm %x\n", sc->config.chan, 3223 sc->config.flags, sc->config.cck_mask, sc->config.ofdm_mask)); 3224 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3225 sizeof (struct iwn_config), 1); 3226 if (error != 0) { 3227 aprint_error_dev(sc->sc_dev, "could not configure\n"); 3228 return error; 3229 } 3230 3231 /* configuration has changed, set Tx power accordingly */ 3232 if ((error = iwn_set_txpower(sc, ni->ni_chan, 1)) != 0) { 3233 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3234 return error; 3235 } 3236 3237 /* 3238 * Reconfiguring clears the adapter's nodes table so we must 3239 * add the broadcast node again. 3240 */ 3241 if ((error = iwn_add_node(sc, ni, true, true, 0)) != 0) 3242 return error; 3243 3244 /* add BSS node */ 3245 if ((error = iwn_add_node(sc, ni, false, true, 0)) != 0) 3246 return error; 3247 3248 if (ic->ic_opmode == IEEE80211_M_STA) { 3249 /* fake a join to init the tx rate */ 3250 iwn_newassoc(ni, 1); 3251 } 3252 3253 if ((error = iwn_init_sensitivity(sc)) != 0) { 3254 aprint_error_dev(sc->sc_dev, "could not set sensitivity\n"); 3255 return error; 3256 } 3257 3258 3259 return 0; 3260 } 3261 3262 /* 3263 * Configure the adapter for associated state. 3264 */ 3265 static int 3266 iwn_run(struct iwn_softc *sc) 3267 { 3268 struct ieee80211com *ic = &sc->sc_ic; 3269 struct ieee80211_node *ni = ic->ic_bss; 3270 int error; 3271 3272 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 3273 /* link LED blinks while monitoring */ 3274 iwn_set_led(sc, IWN_LED_LINK, 5, 5); 3275 return 0; 3276 } 3277 3278 iwn_enable_tsf(sc, ni); 3279 3280 /* update adapter's configuration */ 3281 sc->config.associd = htole16(ni->ni_associd & ~0xc000); 3282 /* short preamble/slot time are negotiated when associating */ 3283 sc->config.flags &= ~htole32(IWN_CONFIG_SHPREAMBLE | 3284 IWN_CONFIG_SHSLOT); 3285 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3286 sc->config.flags |= htole32(IWN_CONFIG_SHSLOT); 3287 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3288 sc->config.flags |= htole32(IWN_CONFIG_SHPREAMBLE); 3289 sc->config.filter |= htole32(IWN_FILTER_BSS); 3290 3291 DPRINTF(("config chan %d flags %x\n", sc->config.chan, 3292 sc->config.flags)); 3293 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3294 sizeof (struct iwn_config), 1); 3295 if (error != 0) { 3296 aprint_error_dev(sc->sc_dev, 3297 "could not update configuration\n"); 3298 return error; 3299 } 3300 3301 /* configuration has changed, set Tx power accordingly */ 3302 if ((error = iwn_set_txpower(sc, ni->ni_chan, 1)) != 0) { 3303 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3304 return error; 3305 } 3306 3307 /* add BSS node */ 3308 iwn_add_node(sc, ni, false, true, 3309 (3 << IWN_AMDPU_SIZE_FACTOR_SHIFT | 3310 5 << IWN_AMDPU_DENSITY_SHIFT)); 3311 3312 if (ic->ic_opmode == IEEE80211_M_STA) { 3313 /* fake a join to init the tx rate */ 3314 iwn_newassoc(ni, 1); 3315 } 3316 3317 if ((error = iwn_init_sensitivity(sc)) != 0) { 3318 aprint_error_dev(sc->sc_dev, "could not set sensitivity\n"); 3319 return error; 3320 } 3321 3322 /* start periodic calibration timer */ 3323 sc->calib.state = IWN_CALIB_STATE_ASSOC; 3324 sc->calib_cnt = 0; 3325 callout_schedule(&sc->calib_to, hz / 2); 3326 3327 if (0 == 1) { /* XXX don't do the beacon - we get a firmware error 3328 XXX when we try. Something is wrong with the 3329 XXX setup of the frame. Just don't ever call 3330 XXX the function but reference it to keep gcc happy 3331 */ 3332 /* now we are associated set up the beacon frame */ 3333 if ((error = iwn_setup_beacon(sc, ni))) { 3334 aprint_error_dev(sc->sc_dev, 3335 "could not setup beacon frame\n"); 3336 return error; 3337 } 3338 } 3339 3340 3341 /* link LED always on while associated */ 3342 iwn_set_led(sc, IWN_LED_LINK, 0, 1); 3343 3344 return 0; 3345 } 3346 3347 /* 3348 * Send a scan request to the firmware. Since this command is huge, we map it 3349 * into a mbuf instead of using the pre-allocated set of commands. this function 3350 * implemented as iwl4965_bg_request_scan in the linux driver. 3351 */ 3352 static int 3353 iwn_scan(struct iwn_softc *sc, uint16_t flags) 3354 { 3355 struct ieee80211com *ic = &sc->sc_ic; 3356 struct iwn_tx_ring *ring = &sc->txq[4]; 3357 struct iwn_tx_desc *desc; 3358 struct iwn_tx_data *data; 3359 struct iwn_tx_cmd *cmd; 3360 struct iwn_cmd_data *tx; 3361 struct iwn_scan_hdr *hdr; 3362 struct iwn_scan_essid *essid; 3363 struct iwn_scan_chan *chan; 3364 struct ieee80211_frame *wh; 3365 struct ieee80211_rateset *rs; 3366 struct ieee80211_channel *c; 3367 enum ieee80211_phymode mode; 3368 uint8_t *frm; 3369 int pktlen, error, nrates; 3370 3371 desc = &ring->desc[ring->cur]; 3372 data = &ring->data[ring->cur]; 3373 3374 /* 3375 * allocate an mbuf and initialize it so that it contains a packet 3376 * header. M_DONTWAIT can fail and MT_DATA means it is dynamically 3377 * allocated. 3378 */ 3379 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 3380 if (data->m == NULL) { 3381 aprint_error_dev(sc->sc_dev, "could not allocate mbuf for scan command\n"); 3382 return ENOMEM; 3383 } 3384 3385 /* 3386 * allocates and adds an mbuf cluster to a normal mbuf m. the how 3387 * is M_DONTWAIT and the flag M_EXT is set upon success. 3388 */ 3389 MCLGET(data->m, M_DONTWAIT); 3390 if (!(data->m->m_flags & M_EXT)) { 3391 m_freem(data->m); 3392 data->m = NULL; 3393 aprint_error_dev(sc->sc_dev, "could not allocate mbuf for scan command\n"); 3394 return ENOMEM; 3395 } 3396 3397 /* 3398 * returns a pointer to the data contained in the specified mbuf. 3399 * in this case it is our iwn_tx_cmd. we initialize the basic 3400 * members of the command here with exception to data[136]. 3401 */ 3402 cmd = mtod(data->m, struct iwn_tx_cmd *); 3403 cmd->code = IWN_CMD_SCAN; 3404 cmd->flags = 0; 3405 cmd->qid = ring->qid; 3406 cmd->idx = ring->cur; 3407 3408 hdr = (struct iwn_scan_hdr *)cmd->data; 3409 memset(hdr, 0, sizeof (struct iwn_scan_hdr)); 3410 /* 3411 * Move to the next channel if no packets are received within 5 msecs 3412 * after sending the probe request (this helps to reduce the duration 3413 * of active scans). 3414 */ 3415 hdr->quiet = htole16(5); /* timeout in milliseconds */ 3416 hdr->plcp_threshold = htole16(1); /* min # of packets */ 3417 3418 /* select Ant B and Ant C for scanning */ 3419 hdr->rxchain = htole16(0x3e1 | 7 << IWN_RXCHAIN_ANTMSK_SHIFT); 3420 3421 tx = (struct iwn_cmd_data *)(hdr + 1); 3422 memset(tx, 0, sizeof (struct iwn_cmd_data)); 3423 /* 3424 * linux 3425 * flags = IWN_TX_AUTO_SEQ 3426 * 0x200 is rate selection? 3427 * id = ??? 3428 * lifetime = IWN_LIFETIME_INFINITE 3429 * 3430 */ 3431 tx->flags = htole32(IWN_TX_AUTO_SEQ | 0x200); // XXX 3432 tx->id = IWN_ID_BROADCAST; 3433 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 3434 tx->rflags = IWN_RFLAG_ANT_B; 3435 3436 if (flags & IEEE80211_CHAN_A) { 3437 hdr->crc_threshold = htole16(1); 3438 /* send probe requests at 6Mbps */ 3439 tx->rate = iwn_ridx_to_plcp[IWN_OFDM6]; 3440 } else { 3441 hdr->flags = htole32(IWN_CONFIG_24GHZ | IWN_CONFIG_AUTO); 3442 /* send probe requests at 1Mbps */ 3443 tx->rate = iwn_ridx_to_plcp[IWN_CCK1]; 3444 tx->rflags |= IWN_RFLAG_CCK; 3445 } 3446 3447 essid = (struct iwn_scan_essid *)(tx + 1); 3448 memset(essid, 0, 4 * sizeof (struct iwn_scan_essid)); 3449 essid[0].id = IEEE80211_ELEMID_SSID; 3450 essid[0].len = ic->ic_des_esslen; 3451 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 3452 3453 /* 3454 * Build a probe request frame. Most of the following code is a 3455 * copy & paste of what is done in net80211. 3456 */ 3457 wh = (struct ieee80211_frame *)&essid[4]; 3458 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3459 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3460 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3461 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 3462 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 3463 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 3464 *(u_int16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3465 *(u_int16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3466 3467 frm = (uint8_t *)(wh + 1); 3468 3469 /* add empty SSID IE (firmware generates it for directed scans) */ 3470 *frm++ = IEEE80211_ELEMID_SSID; 3471 *frm++ = 0; 3472 3473 mode = ieee80211_chan2mode(ic, ic->ic_ibss_chan); 3474 rs = &ic->ic_sup_rates[mode]; 3475 3476 /* add supported rates IE */ 3477 3478 *frm++ = IEEE80211_ELEMID_RATES; 3479 nrates = rs->rs_nrates; 3480 if (nrates > IEEE80211_RATE_SIZE) 3481 nrates = IEEE80211_RATE_SIZE; 3482 *frm++ = nrates; 3483 memcpy(frm, rs->rs_rates, nrates); 3484 frm += nrates; 3485 3486 /* add supported xrates IE */ 3487 3488 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 3489 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 3490 *frm++ = IEEE80211_ELEMID_XRATES; 3491 *frm++ = nrates; 3492 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 3493 frm += nrates; 3494 } 3495 3496 /* setup length of probe request */ 3497 tx->len = htole16(frm - (uint8_t *)wh); 3498 3499 chan = (struct iwn_scan_chan *)frm; 3500 for (c = &ic->ic_channels[1]; 3501 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 3502 if ((c->ic_flags & flags) != flags) 3503 continue; 3504 3505 chan->chan = ieee80211_chan2ieee(ic, c); 3506 chan->flags = 0; 3507 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) { 3508 chan->flags |= IWN_CHAN_ACTIVE; 3509 if (ic->ic_des_esslen != 0) 3510 chan->flags |= IWN_CHAN_DIRECT; 3511 } 3512 chan->dsp_gain = 0x6e; 3513 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3514 chan->rf_gain = 0x3b; 3515 chan->active = htole16(10); 3516 chan->passive = htole16(110); 3517 } else { 3518 chan->rf_gain = 0x28; 3519 chan->active = htole16(20); 3520 chan->passive = htole16(120); 3521 } 3522 hdr->nchan++; 3523 chan++; 3524 3525 frm += sizeof (struct iwn_scan_chan); 3526 } 3527 3528 hdr->len = htole16(frm - (uint8_t *)hdr); 3529 pktlen = frm - (uint8_t *)cmd; 3530 3531 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, pktlen, NULL, 3532 BUS_DMA_NOWAIT); 3533 if (error) { 3534 aprint_error_dev(sc->sc_dev, "could not map scan command\n"); 3535 m_freem(data->m); 3536 data->m = NULL; 3537 return error; 3538 } 3539 3540 IWN_SET_DESC_NSEGS(desc, 1); 3541 IWN_SET_DESC_SEG(desc, 0, data->map->dm_segs[0].ds_addr, 3542 data->map->dm_segs[0].ds_len); 3543 sc->shared->len[ring->qid][ring->cur] = htole16(8); 3544 if (ring->cur < IWN_TX_WINDOW) { 3545 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 3546 htole16(8); 3547 } 3548 3549 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 3550 data->map->dm_segs[0].ds_len, BUS_DMASYNC_PREWRITE); 3551 3552 /* kick cmd ring */ 3553 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 3554 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 3555 3556 return 0; /* will be notified async. of failure/success */ 3557 } 3558 3559 static int 3560 iwn_config(struct iwn_softc *sc) 3561 { 3562 struct ieee80211com *ic = &sc->sc_ic; 3563 struct ifnet *ifp = ic->ic_ifp; 3564 struct iwn_power power; 3565 struct iwn_bluetooth bluetooth; 3566 int error; 3567 3568 /* set power mode */ 3569 memset(&power, 0, sizeof power); 3570 power.flags = htole16(IWN_POWER_CAM | 0x8); 3571 DPRINTF(("setting power mode\n")); 3572 error = iwn_cmd(sc, IWN_CMD_SET_POWER_MODE, &power, sizeof power, 0); 3573 if (error != 0) { 3574 aprint_error_dev(sc->sc_dev, "could not set power mode\n"); 3575 return error; 3576 } 3577 3578 /* configure bluetooth coexistence */ 3579 memset(&bluetooth, 0, sizeof bluetooth); 3580 bluetooth.flags = 3; 3581 bluetooth.lead = 0xaa; 3582 bluetooth.kill = 1; 3583 DPRINTF(("configuring bluetooth coexistence\n")); 3584 error = iwn_cmd(sc, IWN_CMD_BLUETOOTH, &bluetooth, sizeof bluetooth, 3585 0); 3586 if (error != 0) { 3587 aprint_error_dev(sc->sc_dev, "could not configure bluetooth coexistence\n"); 3588 return error; 3589 } 3590 3591 /* configure adapter */ 3592 memset(&sc->config, 0, sizeof (struct iwn_config)); 3593 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 3594 IEEE80211_ADDR_COPY(sc->config.myaddr, ic->ic_myaddr); 3595 IEEE80211_ADDR_COPY(sc->config.wlap, ic->ic_myaddr); 3596 /* set default channel */ 3597 sc->config.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 3598 sc->config.flags = htole32(IWN_CONFIG_TSF); 3599 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) { 3600 sc->config.flags |= htole32(IWN_CONFIG_AUTO | 3601 IWN_CONFIG_24GHZ); 3602 } 3603 sc->config.filter = 0; 3604 switch (ic->ic_opmode) { 3605 case IEEE80211_M_STA: 3606 sc->config.mode = IWN_MODE_STA; 3607 sc->config.filter |= htole32(IWN_FILTER_MULTICAST); 3608 break; 3609 case IEEE80211_M_IBSS: 3610 case IEEE80211_M_AHDEMO: 3611 sc->config.mode = IWN_MODE_IBSS; 3612 break; 3613 case IEEE80211_M_HOSTAP: 3614 sc->config.mode = IWN_MODE_HOSTAP; 3615 break; 3616 case IEEE80211_M_MONITOR: 3617 sc->config.mode = IWN_MODE_MONITOR; 3618 sc->config.filter |= htole32(IWN_FILTER_MULTICAST | 3619 IWN_FILTER_CTL | IWN_FILTER_PROMISC); 3620 break; 3621 } 3622 sc->config.cck_mask = 0x0f; /* not yet negotiated */ 3623 sc->config.ofdm_mask = 0xff; /* not yet negotiated */ 3624 sc->config.ht_single_mask = 0xff; 3625 sc->config.ht_dual_mask = 0xff; 3626 sc->config.rxchain = htole16(0x2800 | 7 << IWN_RXCHAIN_ANTMSK_SHIFT); 3627 DPRINTF(("setting configuration\n")); 3628 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3629 sizeof (struct iwn_config), 0); 3630 if (error != 0) { 3631 aprint_error_dev(sc->sc_dev, "configure command failed\n"); 3632 return error; 3633 } 3634 3635 /* configuration has changed, set Tx power accordingly */ 3636 if ((error = iwn_set_txpower(sc, ic->ic_ibss_chan, 0)) != 0) { 3637 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3638 return error; 3639 } 3640 3641 /* add broadcast node */ 3642 if ((error = iwn_add_node(sc, NULL, true, false, 0)) != 0) 3643 return error; 3644 3645 if ((error = iwn_set_critical_temp(sc)) != 0) { 3646 aprint_error_dev(sc->sc_dev, "could not set critical temperature\n"); 3647 return error; 3648 } 3649 3650 return 0; 3651 } 3652 3653 /* 3654 * Do post-alive initialization of the NIC (after firmware upload). 3655 */ 3656 static void 3657 iwn_post_alive(struct iwn_softc *sc) 3658 { 3659 uint32_t base; 3660 uint16_t offset; 3661 int qid; 3662 3663 iwn_mem_lock(sc); 3664 3665 /* clear SRAM */ 3666 base = iwn_mem_read(sc, IWN_SRAM_BASE); 3667 for (offset = 0x380; offset < 0x520; offset += 4) { 3668 IWN_WRITE(sc, IWN_MEM_WADDR, base + offset); 3669 IWN_WRITE(sc, IWN_MEM_WDATA, 0); 3670 } 3671 3672 /* shared area is aligned on a 1K boundary */ 3673 iwn_mem_write(sc, IWN_SRAM_BASE, sc->shared_dma.paddr >> 10); 3674 iwn_mem_write(sc, IWN_SELECT_QCHAIN, 0); 3675 3676 for (qid = 0; qid < IWN_NTXQUEUES; qid++) { 3677 iwn_mem_write(sc, IWN_QUEUE_RIDX(qid), 0); 3678 IWN_WRITE(sc, IWN_TX_WIDX, qid << 8 | 0); 3679 3680 /* set sched. window size */ 3681 IWN_WRITE(sc, IWN_MEM_WADDR, base + IWN_QUEUE_OFFSET(qid)); 3682 IWN_WRITE(sc, IWN_MEM_WDATA, 64); 3683 /* set sched. frame limit */ 3684 IWN_WRITE(sc, IWN_MEM_WADDR, base + IWN_QUEUE_OFFSET(qid) + 4); 3685 IWN_WRITE(sc, IWN_MEM_WDATA, 64 << 16); 3686 } 3687 3688 /* enable interrupts for all 16 queues */ 3689 iwn_mem_write(sc, IWN_QUEUE_INTR_MASK, 0xffff); 3690 3691 /* identify active Tx rings (0-7) */ 3692 iwn_mem_write(sc, IWN_TX_ACTIVE, 0xff); 3693 3694 /* mark Tx rings (4 EDCA + cmd + 2 HCCA) as active */ 3695 for (qid = 0; qid < 7; qid++) { 3696 iwn_mem_write(sc, IWN_TXQ_STATUS(qid), 3697 IWN_TXQ_STATUS_ACTIVE | qid << 1); 3698 } 3699 3700 iwn_mem_unlock(sc); 3701 } 3702 3703 static void 3704 iwn_stop_master(struct iwn_softc *sc) 3705 { 3706 uint32_t tmp; 3707 int ntries; 3708 3709 tmp = IWN_READ(sc, IWN_RESET); 3710 IWN_WRITE(sc, IWN_RESET, tmp | IWN_STOP_MASTER); 3711 3712 tmp = IWN_READ(sc, IWN_GPIO_CTL); 3713 if ((tmp & IWN_GPIO_PWR_STATUS) == IWN_GPIO_PWR_SLEEP) 3714 return; /* already asleep */ 3715 3716 for (ntries = 0; ntries < 100; ntries++) { 3717 if (IWN_READ(sc, IWN_RESET) & IWN_MASTER_DISABLED) 3718 break; 3719 DELAY(10); 3720 } 3721 if (ntries == 100) { 3722 aprint_error_dev(sc->sc_dev, "timeout waiting for master\n"); 3723 } 3724 } 3725 3726 static int 3727 iwn_reset(struct iwn_softc *sc) 3728 { 3729 uint32_t tmp; 3730 int ntries; 3731 3732 /* clear any pending interrupts */ 3733 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3734 3735 tmp = IWN_READ(sc, IWN_CHICKEN); 3736 IWN_WRITE(sc, IWN_CHICKEN, tmp | IWN_CHICKEN_DISLOS); 3737 3738 tmp = IWN_READ(sc, IWN_GPIO_CTL); 3739 IWN_WRITE(sc, IWN_GPIO_CTL, tmp | IWN_GPIO_INIT); 3740 3741 /* wait for clock stabilization */ 3742 for (ntries = 0; ntries < 1000; ntries++) { 3743 if (IWN_READ(sc, IWN_GPIO_CTL) & IWN_GPIO_CLOCK) 3744 break; 3745 DELAY(10); 3746 } 3747 if (ntries == 1000) { 3748 aprint_error_dev(sc->sc_dev, "timeout waiting for clock stabilization\n"); 3749 return ETIMEDOUT; 3750 } 3751 return 0; 3752 } 3753 3754 static void 3755 iwn_hw_config(struct iwn_softc *sc) 3756 { 3757 uint32_t tmp, hw; 3758 3759 /* enable interrupts mitigation */ 3760 IWN_WRITE(sc, IWN_INTR_MIT, 512 / 32); 3761 3762 /* voodoo from the reference driver */ 3763 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3764 tmp = PCI_REVISION(tmp); 3765 if ((tmp & 0x80) && (tmp & 0x7f) < 8) { 3766 /* enable "no snoop" field */ 3767 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0xe8); 3768 tmp &= ~IWN_DIS_NOSNOOP; 3769 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0xe8, tmp); 3770 } 3771 3772 /* disable L1 entry to work around a hardware bug */ 3773 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0xf0); 3774 tmp &= ~IWN_ENA_L1; 3775 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0xf0, tmp); 3776 3777 hw = IWN_READ(sc, IWN_HWCONFIG); 3778 IWN_WRITE(sc, IWN_HWCONFIG, hw | 0x310); 3779 3780 iwn_mem_lock(sc); 3781 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3782 iwn_mem_write(sc, IWN_MEM_POWER, tmp | IWN_POWER_RESET); 3783 DELAY(5); 3784 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3785 iwn_mem_write(sc, IWN_MEM_POWER, tmp & ~IWN_POWER_RESET); 3786 iwn_mem_unlock(sc); 3787 } 3788 3789 static int 3790 iwn_init(struct ifnet *ifp) 3791 { 3792 struct iwn_softc *sc = ifp->if_softc; 3793 struct ieee80211com *ic = &sc->sc_ic; 3794 uint32_t tmp; 3795 int error, qid; 3796 3797 iwn_stop(ifp, 1); 3798 if ((error = iwn_reset(sc)) != 0) { 3799 aprint_error_dev(sc->sc_dev, "could not reset adapter\n"); 3800 goto fail1; 3801 } 3802 3803 iwn_mem_lock(sc); 3804 iwn_mem_read(sc, IWN_CLOCK_CTL); 3805 iwn_mem_write(sc, IWN_CLOCK_CTL, 0xa00); 3806 iwn_mem_read(sc, IWN_CLOCK_CTL); 3807 iwn_mem_unlock(sc); 3808 3809 DELAY(20); 3810 3811 iwn_mem_lock(sc); 3812 tmp = iwn_mem_read(sc, IWN_MEM_PCIDEV); 3813 iwn_mem_write(sc, IWN_MEM_PCIDEV, tmp | 0x800); 3814 iwn_mem_unlock(sc); 3815 3816 iwn_mem_lock(sc); 3817 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3818 iwn_mem_write(sc, IWN_MEM_POWER, tmp & ~0x03000000); 3819 iwn_mem_unlock(sc); 3820 3821 iwn_hw_config(sc); 3822 3823 /* init Rx ring */ 3824 iwn_mem_lock(sc); 3825 IWN_WRITE(sc, IWN_RX_CONFIG, 0); 3826 IWN_WRITE(sc, IWN_RX_WIDX, 0); 3827 /* Rx ring is aligned on a 256-byte boundary */ 3828 IWN_WRITE(sc, IWN_RX_BASE, sc->rxq.desc_dma.paddr >> 8); 3829 /* shared area is aligned on a 16-byte boundary */ 3830 IWN_WRITE(sc, IWN_RW_WIDX_PTR, (sc->shared_dma.paddr + 3831 offsetof(struct iwn_shared, closed_count)) >> 4); 3832 IWN_WRITE(sc, IWN_RX_CONFIG, 0x80601000); 3833 iwn_mem_unlock(sc); 3834 3835 IWN_WRITE(sc, IWN_RX_WIDX, (IWN_RX_RING_COUNT - 1) & ~7); 3836 3837 iwn_mem_lock(sc); 3838 iwn_mem_write(sc, IWN_TX_ACTIVE, 0); 3839 3840 /* set physical address of "keep warm" page */ 3841 IWN_WRITE(sc, IWN_KW_BASE, sc->kw_dma.paddr >> 4); 3842 3843 /* init Tx rings */ 3844 for (qid = 0; qid < IWN_NTXQUEUES; qid++) { 3845 struct iwn_tx_ring *txq = &sc->txq[qid]; 3846 IWN_WRITE(sc, IWN_TX_BASE(qid), txq->desc_dma.paddr >> 8); 3847 IWN_WRITE(sc, IWN_TX_CONFIG(qid), 0x80000008); 3848 } 3849 iwn_mem_unlock(sc); 3850 3851 /* clear "radio off" and "disable command" bits (reversed logic) */ 3852 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3853 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_DISABLE_CMD); 3854 3855 /* clear any pending interrupts */ 3856 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3857 /* enable interrupts */ 3858 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 3859 3860 /* not sure why/if this is necessary... */ 3861 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3862 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3863 3864 /* check that the radio is not disabled by RF switch */ 3865 if (!(IWN_READ(sc, IWN_GPIO_CTL) & IWN_GPIO_RF_ENABLED)) { 3866 aprint_error_dev(sc->sc_dev, "radio is disabled by hardware switch\n"); 3867 error = EBUSY; /* XXX ;-) */ 3868 goto fail1; 3869 } 3870 3871 if ((error = iwn_load_firmware(sc)) != 0) { 3872 aprint_error_dev(sc->sc_dev, "could not load firmware\n"); 3873 goto fail1; 3874 } 3875 3876 /* firmware has notified us that it is alive.. */ 3877 iwn_post_alive(sc); /* ..do post alive initialization */ 3878 3879 sc->rawtemp = sc->ucode_info.temp[3].chan20MHz; 3880 sc->temp = iwn_get_temperature(sc); 3881 DPRINTF(("temperature=%d\n", sc->temp)); 3882 3883 if ((error = iwn_config(sc)) != 0) { 3884 aprint_error_dev(sc->sc_dev, "could not configure device\n"); 3885 goto fail1; 3886 } 3887 3888 DPRINTF(("iwn_config end\n")); 3889 3890 ifp->if_flags &= ~IFF_OACTIVE; 3891 ifp->if_flags |= IFF_RUNNING; 3892 3893 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 3894 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL) 3895 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3896 } 3897 else 3898 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3899 3900 DPRINTF(("iwn_init ok\n")); 3901 return 0; 3902 3903 fail1: 3904 DPRINTF(("iwn_init error\n")); 3905 iwn_stop(ifp, 1); 3906 return error; 3907 } 3908 3909 static void 3910 iwn_stop(struct ifnet *ifp, int disable) 3911 { 3912 struct iwn_softc *sc = ifp->if_softc; 3913 struct ieee80211com *ic = &sc->sc_ic; 3914 uint32_t tmp; 3915 int i; 3916 3917 ifp->if_timer = sc->sc_tx_timer = 0; 3918 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3919 3920 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3921 3922 IWN_WRITE(sc, IWN_RESET, IWN_NEVO_RESET); 3923 3924 /* disable interrupts */ 3925 IWN_WRITE(sc, IWN_MASK, 0); 3926 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3927 IWN_WRITE(sc, IWN_INTR_STATUS, 0xffffffff); 3928 3929 /* make sure we no longer hold the memory lock */ 3930 iwn_mem_unlock(sc); 3931 3932 /* reset all Tx rings */ 3933 for (i = 0; i < IWN_NTXQUEUES; i++) 3934 iwn_reset_tx_ring(sc, &sc->txq[i]); 3935 3936 /* reset Rx ring */ 3937 iwn_reset_rx_ring(sc, &sc->rxq); 3938 3939 iwn_mem_lock(sc); 3940 iwn_mem_write(sc, IWN_MEM_CLOCK2, 0x200); 3941 iwn_mem_unlock(sc); 3942 3943 DELAY(5); 3944 3945 iwn_stop_master(sc); 3946 tmp = IWN_READ(sc, IWN_RESET); 3947 IWN_WRITE(sc, IWN_RESET, tmp | IWN_SW_RESET); 3948 } 3949 3950 static bool 3951 iwn_resume(device_t dv PMF_FN_ARGS) 3952 { 3953 struct iwn_softc *sc = device_private(dv); 3954 3955 (void)iwn_reset(sc); 3956 3957 return true; 3958 } 3959
Indexes created Thu Oct 02 14:10:14 GMT 2025