if_iwn.c revision 1.25
1 /* $NetBSD: if_iwn.c,v 1.25 2008/11/07 00:20:07 dyoung Exp $ */ 2 3 /*- 4 * Copyright (c) 2007 5 * Damien Bergamini <damien.bergamini (at) free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: if_iwn.c,v 1.25 2008/11/07 00:20:07 dyoung Exp $"); 22 23 24 /* 25 * Driver for Intel Wireless WiFi Link 4965AGN 802.11 network adapters. 26 */ 27 28 #include "bpfilter.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/mutex.h> 39 #include <sys/conf.h> 40 #include <sys/kauth.h> 41 #include <sys/callout.h> 42 43 #include <machine/bus.h> 44 #include <machine/endian.h> 45 #include <machine/intr.h> 46 47 #include <dev/pci/pcireg.h> 48 #include <dev/pci/pcivar.h> 49 #include <dev/pci/pcidevs.h> 50 51 #if NBPFILTER > 0 52 #include <net/bpf.h> 53 #endif 54 #include <net/if.h> 55 #include <net/if_arp.h> 56 #include <net/if_dl.h> 57 #include <net/if_media.h> 58 #include <net/if_types.h> 59 60 #include <netinet/in.h> 61 #include <netinet/in_systm.h> 62 #include <netinet/in_var.h> 63 #include <net/if_ether.h> 64 #include <netinet/ip.h> 65 66 #include <net80211/ieee80211_var.h> 67 #include <net80211/ieee80211_amrr.h> 68 #include <net80211/ieee80211_radiotap.h> 69 70 #include <dev/firmload.h> 71 72 #include <dev/pci/if_iwnreg.h> 73 #include <dev/pci/if_iwnvar.h> 74 75 #if 0 76 static const struct pci_matchid iwn_devices[] = { 77 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_4965AGN_1 }, 78 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_4965AGN_2 } 79 }; 80 #endif 81 82 /* 83 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 84 */ 85 static const struct ieee80211_rateset iwn_rateset_11a = 86 { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } }; 87 88 static const struct ieee80211_rateset iwn_rateset_11b = 89 { 4, { 2, 4, 11, 22 } }; 90 91 static const struct ieee80211_rateset iwn_rateset_11g = 92 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 93 94 95 #define EDCA_NUM_AC 4 96 static int iwn_match(device_t , struct cfdata *, void *); 97 static void iwn_attach(device_t , device_t, void *); 98 static int iwn_detach(device_t, int); 99 100 static void iwn_radiotap_attach(struct iwn_softc *); 101 static int iwn_dma_contig_alloc(bus_dma_tag_t, struct iwn_dma_info *, 102 void **, bus_size_t, bus_size_t, int); 103 static void iwn_dma_contig_free(struct iwn_dma_info *); 104 static int iwn_alloc_shared(struct iwn_softc *); 105 static void iwn_free_shared(struct iwn_softc *); 106 static int iwn_alloc_kw(struct iwn_softc *); 107 static void iwn_free_kw(struct iwn_softc *); 108 static int iwn_alloc_fwmem(struct iwn_softc *); 109 static void iwn_free_fwmem(struct iwn_softc *); 110 static struct iwn_rbuf *iwn_alloc_rbuf(struct iwn_softc *); 111 static void iwn_free_rbuf(struct mbuf *, void *, size_t, void *); 112 static int iwn_alloc_rpool(struct iwn_softc *); 113 static void iwn_free_rpool(struct iwn_softc *); 114 static int iwn_alloc_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 115 static void iwn_reset_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 116 static void iwn_free_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 117 static int iwn_alloc_tx_ring(struct iwn_softc *, struct iwn_tx_ring *, 118 int, int); 119 static void iwn_reset_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 120 static void iwn_free_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 121 static struct ieee80211_node *iwn_node_alloc(struct ieee80211_node_table *); 122 static void iwn_newassoc(struct ieee80211_node *, int); 123 static int iwn_media_change(struct ifnet *); 124 static int iwn_newstate(struct ieee80211com *, enum ieee80211_state, int); 125 static void iwn_mem_lock(struct iwn_softc *); 126 static void iwn_mem_unlock(struct iwn_softc *); 127 static uint32_t iwn_mem_read(struct iwn_softc *, uint32_t); 128 static void iwn_mem_write(struct iwn_softc *, uint32_t, uint32_t); 129 static void iwn_mem_write_region_4(struct iwn_softc *, uint32_t, 130 const uint32_t *, int); 131 static int iwn_eeprom_lock(struct iwn_softc *); 132 static void iwn_eeprom_unlock(struct iwn_softc *); 133 static int iwn_read_prom_data(struct iwn_softc *, uint32_t, void *, int); 134 static int iwn_load_microcode(struct iwn_softc *, const uint8_t *, int); 135 static int iwn_load_firmware(struct iwn_softc *); 136 static void iwn_calib_timeout(void *); 137 static void iwn_iter_func(void *, struct ieee80211_node *); 138 static void iwn_ampdu_rx_start(struct iwn_softc *, struct iwn_rx_desc *); 139 static void iwn_rx_intr(struct iwn_softc *, struct iwn_rx_desc *, 140 struct iwn_rx_data *); 141 static void iwn_rx_statistics(struct iwn_softc *, struct iwn_rx_desc *); 142 static void iwn_tx_intr(struct iwn_softc *, struct iwn_rx_desc *); 143 static void iwn_cmd_intr(struct iwn_softc *, struct iwn_rx_desc *); 144 static void iwn_notif_intr(struct iwn_softc *); 145 static int iwn_intr(void *); 146 static void iwn_read_eeprom(struct iwn_softc *); 147 static void iwn_read_eeprom_channels(struct iwn_softc *, int); 148 static uint8_t iwn_plcp_signal(int); 149 static int iwn_tx_data(struct iwn_softc *, struct mbuf *, 150 struct ieee80211_node *, int); 151 static void iwn_start(struct ifnet *); 152 static void iwn_watchdog(struct ifnet *); 153 static int iwn_ioctl(struct ifnet *, u_long, void *); 154 static int iwn_cmd(struct iwn_softc *, int, const void *, int, int); 155 static int iwn_wme_update(struct ieee80211com *); 156 static int iwn_setup_node_mrr(struct iwn_softc *, uint8_t, int); 157 static void iwn_set_led(struct iwn_softc *, uint8_t, uint8_t, uint8_t); 158 static int iwn_set_critical_temp(struct iwn_softc *); 159 static void iwn_enable_tsf(struct iwn_softc *, struct ieee80211_node *); 160 static void iwn_power_calibration(struct iwn_softc *, int); 161 static int iwn_set_txpower(struct iwn_softc *, 162 struct ieee80211_channel *, int); 163 static int iwn_get_rssi(const struct iwn_rx_stat *); 164 static int iwn_get_noise(const struct iwn_rx_general_stats *); 165 static int iwn_get_temperature(struct iwn_softc *); 166 static int iwn_init_sensitivity(struct iwn_softc *); 167 static void iwn_compute_differential_gain(struct iwn_softc *, 168 const struct iwn_rx_general_stats *); 169 static void iwn_tune_sensitivity(struct iwn_softc *, 170 const struct iwn_rx_stats *); 171 static int iwn_send_sensitivity(struct iwn_softc *); 172 static int iwn_setup_beacon(struct iwn_softc *, struct ieee80211_node *); 173 static int iwn_auth(struct iwn_softc *); 174 static int iwn_run(struct iwn_softc *); 175 static int iwn_scan(struct iwn_softc *, uint16_t); 176 static int iwn_config(struct iwn_softc *); 177 static void iwn_post_alive(struct iwn_softc *); 178 static void iwn_stop_master(struct iwn_softc *); 179 static int iwn_reset(struct iwn_softc *); 180 static void iwn_hw_config(struct iwn_softc *); 181 static int iwn_init(struct ifnet *); 182 static void iwn_stop(struct ifnet *, int); 183 static void iwn_fix_channel(struct ieee80211com *, struct mbuf *); 184 static bool iwn_resume(device_t PMF_FN_PROTO); 185 static int iwn_add_node(struct iwn_softc *sc, 186 struct ieee80211_node *ni, bool broadcast, bool async, uint32_t htflags); 187 188 189 190 #define IWN_DEBUG 191 192 #ifdef IWN_DEBUG 193 #define DPRINTF(x) do { if (iwn_debug > 0) printf x; } while (0) 194 #define DPRINTFN(n, x) do { if (iwn_debug >= (n)) printf x; } while (0) 195 int iwn_debug = 0; 196 #else 197 #define DPRINTF(x) 198 #define DPRINTFN(n, x) 199 #endif 200 201 #ifdef IWN_DEBUG 202 static void iwn_print_power_group(struct iwn_softc *, int); 203 #endif 204 205 CFATTACH_DECL_NEW(iwn, sizeof(struct iwn_softc), iwn_match, iwn_attach, 206 iwn_detach, NULL); 207 208 static int 209 iwn_match(device_t parent, struct cfdata *match __unused, void *aux) 210 { 211 struct pci_attach_args *pa = aux; 212 213 if (PCI_VENDOR(pa->pa_id) != PCI_VENDOR_INTEL) 214 return 0; 215 216 if (PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_PRO_WL_4965AGN_1 || 217 PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_PRO_WL_4965AGN_2) 218 return 1; 219 220 return 0; 221 } 222 223 /* Base Address Register */ 224 #define IWN_PCI_BAR0 0x10 225 226 static void 227 iwn_attach(device_t parent __unused, device_t self, void *aux) 228 { 229 struct iwn_softc *sc = device_private(self); 230 struct ieee80211com *ic = &sc->sc_ic; 231 struct ifnet *ifp = &sc->sc_ec.ec_if; 232 struct pci_attach_args *pa = aux; 233 const char *intrstr; 234 char devinfo[256]; 235 pci_intr_handle_t ih; 236 pcireg_t memtype, data; 237 int i, error, revision; 238 239 sc->sc_dev = self; 240 sc->sc_pct = pa->pa_pc; 241 sc->sc_pcitag = pa->pa_tag; 242 243 callout_init(&sc->calib_to, 0); 244 callout_setfunc(&sc->calib_to, iwn_calib_timeout, sc); 245 246 pci_devinfo(pa->pa_id, pa->pa_class, 0, devinfo, sizeof devinfo); 247 revision = PCI_REVISION(pa->pa_class); 248 aprint_normal(": %s (rev. 0x%2x)\n", devinfo, revision); 249 250 251 /* clear device specific PCI configuration register 0x41 */ 252 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 253 data &= ~0x0000ff00; 254 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, data); 255 256 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 257 data |= PCI_COMMAND_MASTER_ENABLE; 258 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, data); 259 260 /* enable bus-mastering */ 261 data = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 262 data |= PCI_COMMAND_MASTER_ENABLE; 263 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, data); 264 265 /* map the register window */ 266 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, IWN_PCI_BAR0); 267 error = pci_mapreg_map(pa, IWN_PCI_BAR0, memtype, 0, &sc->sc_st, 268 &sc->sc_sh, NULL, &sc->sc_sz); 269 if (error != 0) { 270 aprint_error_dev(self, "could not map memory space\n"); 271 return; 272 } 273 274 #if 0 275 sc->sc_dmat = pa->pa_dmat; 276 #endif 277 /* XXX may not be needed */ 278 if (bus_dmatag_subregion(pa->pa_dmat, 0, 3 << 30, 279 &(sc->sc_dmat), BUS_DMA_NOWAIT) != 0) { 280 aprint_error_dev(self, 281 "WARNING: failed to restrict dma range, " 282 "falling back to parent bus dma range\n"); 283 sc->sc_dmat = pa->pa_dmat; 284 } 285 286 if (pci_intr_map(pa, &ih) != 0) { 287 aprint_error_dev(self, "could not map interrupt\n"); 288 return; 289 } 290 291 intrstr = pci_intr_string(sc->sc_pct, ih); 292 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, iwn_intr, sc); 293 294 if (sc->sc_ih == NULL) { 295 aprint_error_dev(self, "could not establish interrupt"); 296 if (intrstr != NULL) 297 aprint_error(" at %s", intrstr); 298 aprint_error("\n"); 299 return; 300 } 301 aprint_normal_dev(self, "interrupting at %s\n", intrstr); 302 303 if (iwn_reset(sc) != 0) { 304 aprint_error_dev(self, "could not reset adapter\n"); 305 return; 306 } 307 308 /* 309 * Allocate DMA memory for firmware transfers. 310 */ 311 if ((error = iwn_alloc_fwmem(sc)) != 0) { 312 aprint_error_dev(self, "could not allocate firmware memory\n"); 313 return; 314 } 315 316 /* 317 * Allocate a "keep warm" page. 318 */ 319 if ((error = iwn_alloc_kw(sc)) != 0) { 320 aprint_error_dev(self, "could not allocate keep warm page\n"); 321 goto fail1; 322 } 323 324 /* 325 * Allocate shared area (communication area). 326 */ 327 if ((error = iwn_alloc_shared(sc)) != 0) { 328 aprint_error_dev(self, "could not allocate shared area\n"); 329 goto fail2; 330 } 331 332 /* 333 * Allocate Rx buffers and Tx/Rx rings. 334 */ 335 if ((error = iwn_alloc_rpool(sc)) != 0) { 336 aprint_error_dev(self, "could not allocate Rx buffers\n"); 337 goto fail3; 338 } 339 340 for (i = 0; i < IWN_NTXQUEUES; i++) { 341 struct iwn_tx_ring *txq = &sc->txq[i]; 342 error = iwn_alloc_tx_ring(sc, txq, IWN_TX_RING_COUNT, i); 343 if (error != 0) { 344 aprint_error_dev(self, "could not allocate Tx ring %d\n", i); 345 goto fail4; 346 } 347 } 348 349 if (iwn_alloc_rx_ring(sc, &sc->rxq) != 0) { 350 aprint_error_dev(self, "could not allocate Rx ring\n"); 351 goto fail4; 352 } 353 354 355 ic->ic_ifp = ifp; 356 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 357 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 358 ic->ic_state = IEEE80211_S_INIT; 359 360 /* set device capabilities */ 361 ic->ic_caps = 362 IEEE80211_C_IBSS | /* IBSS mode support */ 363 IEEE80211_C_WPA | /* 802.11i */ 364 IEEE80211_C_MONITOR | /* monitor mode supported */ 365 IEEE80211_C_TXPMGT | /* tx power management */ 366 IEEE80211_C_SHSLOT | /* short slot time supported */ 367 IEEE80211_C_SHPREAMBLE| /* short preamble supported */ 368 IEEE80211_C_WME; /* 802.11e */ 369 370 /* read supported channels and MAC address from EEPROM */ 371 iwn_read_eeprom(sc); 372 373 /* set supported .11a, .11b and .11g rates */ 374 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwn_rateset_11a; 375 ic->ic_sup_rates[IEEE80211_MODE_11B] = iwn_rateset_11b; 376 ic->ic_sup_rates[IEEE80211_MODE_11G] = iwn_rateset_11g; 377 378 /* IBSS channel undefined for now */ 379 ic->ic_ibss_chan = &ic->ic_channels[0]; 380 381 memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN); 382 ic->ic_des_esslen = 0; 383 384 ifp->if_softc = sc; 385 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 386 ifp->if_init = iwn_init; 387 ifp->if_stop = iwn_stop; 388 ifp->if_ioctl = iwn_ioctl; 389 ifp->if_start = iwn_start; 390 ifp->if_watchdog = iwn_watchdog; 391 IFQ_SET_READY(&ifp->if_snd); 392 memcpy(ifp->if_xname, device_xname(self), IFNAMSIZ); 393 394 if_attach(ifp); 395 ieee80211_ifattach(ic); 396 ic->ic_node_alloc = iwn_node_alloc; 397 ic->ic_newassoc = iwn_newassoc; 398 ic->ic_wme.wme_update = iwn_wme_update; 399 400 /* override state transition machine */ 401 sc->sc_newstate = ic->ic_newstate; 402 ic->ic_newstate = iwn_newstate; 403 ieee80211_media_init(ic, iwn_media_change, ieee80211_media_status); 404 405 sc->amrr.amrr_min_success_threshold = 1; 406 sc->amrr.amrr_max_success_threshold = 15; 407 408 if (!pmf_device_register(self, NULL, iwn_resume)) 409 aprint_error_dev(self, "couldn't establish power handler\n"); 410 else 411 pmf_class_network_register(self, ifp); 412 413 iwn_radiotap_attach(sc); 414 415 ieee80211_announce(ic); 416 417 return; 418 419 /* free allocated memory if something failed during attachment */ 420 fail4: while (--i >= 0) 421 iwn_free_tx_ring(sc, &sc->txq[i]); 422 iwn_free_rpool(sc); 423 fail3: iwn_free_shared(sc); 424 fail2: iwn_free_kw(sc); 425 fail1: iwn_free_fwmem(sc); 426 } 427 428 static int 429 iwn_detach(struct device* self, int flags __unused) 430 { 431 struct iwn_softc *sc = (struct iwn_softc *)self; 432 struct ifnet *ifp = sc->sc_ic.ic_ifp; 433 int ac; 434 435 iwn_stop(ifp, 1); 436 437 #if NBPFILTER > 0 438 if (ifp != NULL) 439 bpfdetach(ifp); 440 #endif 441 ieee80211_ifdetach(&sc->sc_ic); 442 if (ifp != NULL) 443 if_detach(ifp); 444 445 for (ac = 0; ac < IWN_NTXQUEUES; ac++) 446 iwn_free_tx_ring(sc, &sc->txq[ac]); 447 iwn_free_rx_ring(sc, &sc->rxq); 448 iwn_free_rpool(sc); 449 iwn_free_shared(sc); 450 451 if (sc->sc_ih != NULL) { 452 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 453 sc->sc_ih = NULL; 454 } 455 456 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 457 458 return 0; 459 } 460 461 /* 462 * Attach the interface to 802.11 radiotap. 463 */ 464 static void 465 iwn_radiotap_attach(struct iwn_softc *sc) 466 { 467 struct ifnet *ifp = sc->sc_ic.ic_ifp; 468 469 #if NBPFILTER > 0 470 bpfattach2(ifp, DLT_IEEE802_11_RADIO, 471 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 472 &sc->sc_drvbpf); 473 474 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 475 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 476 sc->sc_rxtap.wr_ihdr.it_present = htole32(IWN_RX_RADIOTAP_PRESENT); 477 478 sc->sc_txtap_len = sizeof sc->sc_txtapu; 479 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 480 sc->sc_txtap.wt_ihdr.it_present = htole32(IWN_TX_RADIOTAP_PRESENT); 481 #endif 482 } 483 484 485 /* 486 * Build a beacon frame that the firmware will broadcast periodically in 487 * IBSS or HostAP modes. 488 */ 489 static int 490 iwn_setup_beacon(struct iwn_softc *sc, struct ieee80211_node *ni) 491 { 492 struct ieee80211com *ic = &sc->sc_ic; 493 struct iwn_tx_ring *ring = &sc->txq[4]; 494 struct iwn_tx_desc *desc; 495 struct iwn_tx_data *data; 496 struct iwn_tx_cmd *cmd; 497 struct iwn_cmd_beacon *bcn; 498 struct ieee80211_beacon_offsets bo; 499 struct mbuf *m0; 500 bus_addr_t paddr; 501 int error; 502 503 desc = &ring->desc[ring->cur]; 504 data = &ring->data[ring->cur]; 505 506 m0 = ieee80211_beacon_alloc(ic, ni, &bo); 507 if (m0 == NULL) { 508 aprint_error_dev(sc->sc_dev, "could not allocate beacon frame\n"); 509 return ENOMEM; 510 } 511 512 cmd = &ring->cmd[ring->cur]; 513 cmd->code = IWN_CMD_SET_BEACON; 514 cmd->flags = 0; 515 cmd->qid = ring->qid; 516 cmd->idx = ring->cur; 517 518 bcn = (struct iwn_cmd_beacon *)cmd->data; 519 memset(bcn, 0, sizeof (struct iwn_cmd_beacon)); 520 bcn->id = IWN_ID_BROADCAST; 521 bcn->lifetime = htole32(IWN_LIFETIME_INFINITE); 522 bcn->len = htole16(m0->m_pkthdr.len); 523 bcn->rate = (ic->ic_curmode == IEEE80211_MODE_11A) ? 524 iwn_plcp_signal(12) : iwn_plcp_signal(2); 525 bcn->flags2 = 0x2; /* RATE_MCS_CCK_MSK */ 526 527 bcn->flags = htole32(IWN_TX_AUTO_SEQ | IWN_TX_INSERT_TSTAMP 528 | IWN_TX_USE_NODE_RATE); 529 530 /* save and trim IEEE802.11 header */ 531 m_copydata(m0, 0, sizeof (struct ieee80211_frame), (void *)&bcn->wh); 532 m_adj(m0, sizeof (struct ieee80211_frame)); 533 534 /* assume beacon frame is contiguous */ 535 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 536 BUS_DMA_READ | BUS_DMA_NOWAIT); 537 if (error) { 538 aprint_error_dev(sc->sc_dev, "could not map beacon\n"); 539 m_freem(m0); 540 return error; 541 } 542 543 data->m = m0; 544 545 /* first scatter/gather segment is used by the beacon command */ 546 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 547 548 IWN_SET_DESC_NSEGS(desc, 2); 549 IWN_SET_DESC_SEG(desc, 0, paddr , 4 + sizeof(struct iwn_cmd_beacon)); 550 IWN_SET_DESC_SEG(desc, 1, data->map->dm_segs[0].ds_addr, 551 data->map->dm_segs[1].ds_len); 552 553 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 554 data->map->dm_mapsize /* calc? */, BUS_DMASYNC_PREWRITE); 555 556 /* kick cmd ring */ 557 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 558 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 559 560 return 0; 561 } 562 563 static int 564 iwn_dma_contig_alloc(bus_dma_tag_t tag, struct iwn_dma_info *dma, void **kvap, 565 bus_size_t size, bus_size_t alignment, int flags) 566 { 567 int nsegs, error; 568 569 dma->tag = tag; 570 dma->size = size; 571 572 error = bus_dmamap_create(tag, size, 1, size, 0, flags, &dma->map); 573 if (error != 0) 574 goto fail; 575 576 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 577 flags); 578 if (error != 0) 579 goto fail; 580 581 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, flags); 582 if (error != 0) 583 goto fail; 584 585 error = bus_dmamap_load(tag, dma->map, dma->vaddr, size, NULL, flags); 586 if (error != 0) 587 goto fail; 588 589 memset(dma->vaddr, 0, size); 590 591 dma->paddr = dma->map->dm_segs[0].ds_addr; 592 if (kvap != NULL) 593 *kvap = dma->vaddr; 594 595 return 0; 596 597 fail: iwn_dma_contig_free(dma); 598 return error; 599 } 600 601 static void 602 iwn_dma_contig_free(struct iwn_dma_info *dma) 603 { 604 if (dma->map != NULL) { 605 if (dma->vaddr != NULL) { 606 bus_dmamap_unload(dma->tag, dma->map); 607 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 608 bus_dmamem_free(dma->tag, &dma->seg, 1); 609 dma->vaddr = NULL; 610 } 611 bus_dmamap_destroy(dma->tag, dma->map); 612 dma->map = NULL; 613 } 614 } 615 616 static int 617 iwn_alloc_shared(struct iwn_softc *sc) 618 { 619 int error; 620 void *p; 621 /* must be aligned on a 1KB boundary */ 622 error = iwn_dma_contig_alloc(sc->sc_dmat, &sc->shared_dma, 623 &p, sizeof (struct iwn_shared), 1024,BUS_DMA_NOWAIT); 624 sc->shared = p; 625 if (error != 0) 626 aprint_error_dev(sc->sc_dev, 627 "could not allocate shared area DMA memory\n"); 628 629 return error; 630 631 } 632 633 static void 634 iwn_free_shared(struct iwn_softc *sc) 635 { 636 iwn_dma_contig_free(&sc->shared_dma); 637 } 638 639 static int 640 iwn_alloc_kw(struct iwn_softc *sc) 641 { 642 /* must be aligned on a 16-byte boundary */ 643 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, NULL, 644 PAGE_SIZE, PAGE_SIZE, BUS_DMA_NOWAIT); 645 } 646 647 static void 648 iwn_free_kw(struct iwn_softc *sc) 649 { 650 iwn_dma_contig_free(&sc->kw_dma); 651 } 652 653 static int 654 iwn_alloc_fwmem(struct iwn_softc *sc) 655 { 656 int error; 657 /* allocate enough contiguous space to store text and data */ 658 error = iwn_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 659 IWN_FW_MAIN_TEXT_MAXSZ + IWN_FW_MAIN_DATA_MAXSZ, 16, 660 BUS_DMA_NOWAIT); 661 662 if (error != 0){ 663 aprint_error_dev(sc->sc_dev, 664 "could not allocate firmware transfer area DMA memory\n" ); 665 666 } 667 return error; 668 } 669 670 static void 671 iwn_free_fwmem(struct iwn_softc *sc) 672 { 673 iwn_dma_contig_free(&sc->fw_dma); 674 } 675 676 static struct iwn_rbuf * 677 iwn_alloc_rbuf(struct iwn_softc *sc) 678 { 679 struct iwn_rbuf *rbuf; 680 681 mutex_enter(&sc->rxq.freelist_mtx); 682 rbuf = SLIST_FIRST(&sc->rxq.freelist); 683 if (rbuf != NULL) { 684 SLIST_REMOVE_HEAD(&sc->rxq.freelist, next); 685 sc->rxq.nb_free_entries --; 686 } 687 mutex_exit(&sc->rxq.freelist_mtx); 688 689 return rbuf; 690 } 691 692 /* 693 * This is called automatically by the network stack when the mbuf to which 694 * our Rx buffer is attached is freed. 695 */ 696 static void 697 iwn_free_rbuf(struct mbuf* m, void *buf, size_t size, void *arg) 698 { 699 struct iwn_rbuf *rbuf = arg; 700 struct iwn_softc *sc = rbuf->sc; 701 702 /* put the buffer back in the free list */ 703 mutex_enter(&sc->rxq.freelist_mtx); 704 SLIST_INSERT_HEAD(&sc->rxq.freelist, rbuf, next); 705 mutex_exit(&sc->rxq.freelist_mtx); 706 sc->rxq.nb_free_entries ++; 707 708 if (__predict_true(m != NULL)) 709 pool_cache_put(mb_cache, m); 710 } 711 712 713 static int 714 iwn_alloc_rpool(struct iwn_softc *sc) 715 { 716 struct iwn_rx_ring *ring = &sc->rxq; 717 struct iwn_rbuf *rbuf; 718 int i, error; 719 720 mutex_init(&ring->freelist_mtx, MUTEX_DEFAULT, IPL_NET); 721 722 /* allocate a big chunk of DMA'able memory.. */ 723 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->buf_dma, NULL, 724 IWN_RBUF_COUNT * IWN_RBUF_SIZE, IWN_BUF_ALIGN, BUS_DMA_NOWAIT); 725 if (error != 0) { 726 aprint_error_dev(sc->sc_dev, 727 "could not allocate Rx buffers DMA memory\n"); 728 return error; 729 } 730 731 /* ..and split it into chunks of "rbufsz" bytes */ 732 SLIST_INIT(&ring->freelist); 733 for (i = 0; i < IWN_RBUF_COUNT; i++) { 734 rbuf = &ring->rbuf[i]; 735 736 rbuf->sc = sc; /* backpointer for callbacks */ 737 rbuf->vaddr = (char *)ring->buf_dma.vaddr + i * IWN_RBUF_SIZE; 738 rbuf->paddr = ring->buf_dma.paddr + i * IWN_RBUF_SIZE; 739 740 SLIST_INSERT_HEAD(&ring->freelist, rbuf, next); 741 } 742 ring->nb_free_entries = IWN_RBUF_COUNT; 743 return 0; 744 } 745 746 static void 747 iwn_free_rpool(struct iwn_softc *sc) 748 { 749 iwn_dma_contig_free(&sc->rxq.buf_dma); 750 } 751 752 static int 753 iwn_alloc_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 754 { 755 struct iwn_rx_data *data; 756 struct iwn_rbuf *rbuf; 757 int i, error; 758 void *p; 759 760 ring->cur = 0; 761 762 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 763 &p, IWN_RX_RING_COUNT * sizeof (struct iwn_rx_desc), 764 IWN_RING_DMA_ALIGN, BUS_DMA_NOWAIT); 765 if (error != 0) { 766 aprint_error_dev(sc->sc_dev, 767 "could not allocate rx ring DMA memory\n"); 768 goto fail; 769 } 770 ring->desc = p; 771 772 /* 773 * Setup Rx buffers. 774 */ 775 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 776 data = &ring->data[i]; 777 778 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 779 if (data->m == NULL) { 780 aprint_error_dev(sc->sc_dev, "could not allocate rx mbuf\n"); 781 error = ENOMEM; 782 goto fail; 783 } 784 if ((rbuf = iwn_alloc_rbuf(sc)) == NULL) { 785 m_freem(data->m); 786 data->m = NULL; 787 aprint_error_dev(sc->sc_dev, "could not allocate rx buffer\n"); 788 error = ENOMEM; 789 goto fail; 790 } 791 /* attach Rx buffer to mbuf */ 792 MEXTADD(data->m, rbuf->vaddr, IWN_RBUF_SIZE, 0, iwn_free_rbuf, 793 rbuf); 794 795 data->m->m_flags |= M_EXT_RW; 796 /* Rx buffers are aligned on a 256-byte boundary */ 797 ring->desc[i] = htole32(rbuf->paddr >> 8); 798 } 799 800 return 0; 801 802 fail: iwn_free_rx_ring(sc, ring); 803 return error; 804 } 805 806 static void 807 iwn_reset_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 808 { 809 int ntries; 810 811 iwn_mem_lock(sc); 812 813 IWN_WRITE(sc, IWN_RX_CONFIG, 0); 814 for (ntries = 0; ntries < 100; ntries++) { 815 if (IWN_READ(sc, IWN_RX_STATUS) & IWN_RX_IDLE) 816 break; 817 DELAY(10); 818 } 819 #ifdef IWN_DEBUG 820 if (ntries == 100 && iwn_debug > 0) 821 aprint_error_dev(sc->sc_dev, "timeout resetting Rx ring\n"); 822 #endif 823 iwn_mem_unlock(sc); 824 825 ring->cur = 0; 826 } 827 828 static void 829 iwn_free_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 830 { 831 int i; 832 833 iwn_dma_contig_free(&ring->desc_dma); 834 835 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 836 if (ring->data[i].m != NULL) 837 m_freem(ring->data[i].m); 838 } 839 } 840 841 static int 842 iwn_alloc_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring, int count, 843 int qid) 844 { 845 struct iwn_tx_data *data; 846 int i, error; 847 void *p; 848 849 ring->qid = qid; 850 ring->count = count; 851 ring->queued = 0; 852 ring->cur = 0; 853 854 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 855 &p, count * sizeof (struct iwn_tx_desc), 856 IWN_RING_DMA_ALIGN, BUS_DMA_NOWAIT); 857 if (error != 0) { 858 aprint_error_dev(sc->sc_dev, "could not allocate tx ring DMA memory\n"); 859 goto fail; 860 } 861 ring->desc = p; 862 863 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 864 &p, count * sizeof (struct iwn_tx_cmd), 4, BUS_DMA_NOWAIT); 865 if (error != 0) { 866 aprint_error_dev(sc->sc_dev, "could not allocate tx cmd DMA memory\n"); 867 goto fail; 868 } 869 ring->cmd = p; 870 871 ring->data = malloc(count * sizeof (struct iwn_tx_data), M_DEVBUF, M_NOWAIT); 872 873 if (ring->data == NULL) { 874 aprint_error_dev(sc->sc_dev,"could not allocate tx data slots\n"); 875 goto fail; 876 } 877 878 memset(ring->data, 0, count * sizeof (struct iwn_tx_data)); 879 880 for (i = 0; i < count; i++) { 881 data = &ring->data[i]; 882 883 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 884 IWN_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 885 &data->map); 886 if (error != 0) { 887 aprint_error_dev(sc->sc_dev, "could not create tx buf DMA map\n"); 888 goto fail; 889 } 890 } 891 892 return 0; 893 894 fail: iwn_free_tx_ring(sc, ring); 895 return error; 896 } 897 898 static void 899 iwn_reset_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 900 { 901 struct iwn_tx_data *data; 902 uint32_t tmp; 903 int i, ntries; 904 905 iwn_mem_lock(sc); 906 907 IWN_WRITE(sc, IWN_TX_CONFIG(ring->qid), 0); 908 for (ntries = 0; ntries < 100; ntries++) { 909 tmp = IWN_READ(sc, IWN_TX_STATUS); 910 if ((tmp & IWN_TX_IDLE(ring->qid)) == IWN_TX_IDLE(ring->qid)) 911 break; 912 DELAY(10); 913 } 914 #ifdef IWN_DEBUG 915 if (ntries == 100 && iwn_debug > 1) { 916 aprint_error_dev(sc->sc_dev, "timeout resetting Tx ring %d\n", ring->qid); 917 } 918 #endif 919 iwn_mem_unlock(sc); 920 921 for (i = 0; i < ring->count; i++) { 922 data = &ring->data[i]; 923 924 if (data->m != NULL) { 925 bus_dmamap_unload(sc->sc_dmat, data->map); 926 m_freem(data->m); 927 data->m = NULL; 928 } 929 } 930 931 ring->queued = 0; 932 ring->cur = 0; 933 } 934 935 static void 936 iwn_free_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 937 { 938 struct iwn_tx_data *data; 939 int i; 940 941 iwn_dma_contig_free(&ring->desc_dma); 942 iwn_dma_contig_free(&ring->cmd_dma); 943 944 if (ring->data != NULL) { 945 for (i = 0; i < ring->count; i++) { 946 data = &ring->data[i]; 947 948 if (data->m != NULL) { 949 bus_dmamap_unload(sc->sc_dmat, data->map); 950 m_freem(data->m); 951 } 952 } 953 free(ring->data, M_DEVBUF); 954 } 955 } 956 957 /*ARGUSED*/ 958 struct ieee80211_node * 959 iwn_node_alloc(struct ieee80211_node_table *nt __unused) 960 { 961 struct iwn_node *wn; 962 963 wn = malloc(sizeof (struct iwn_node), M_80211_NODE, M_NOWAIT | M_ZERO); 964 965 return (struct ieee80211_node *)wn; 966 } 967 968 static void 969 iwn_newassoc(struct ieee80211_node *ni, int isnew) 970 { 971 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc; 972 int i; 973 974 ieee80211_amrr_node_init(&sc->amrr, &((struct iwn_node *)ni)->amn); 975 976 /* set rate to some reasonable initial value */ 977 for (i = ni->ni_rates.rs_nrates - 1; 978 i > 0 && (ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL) > 72; 979 i--); 980 ni->ni_txrate = i; 981 } 982 983 static int 984 iwn_media_change(struct ifnet *ifp) 985 { 986 int error; 987 988 error = ieee80211_media_change(ifp); 989 if (error != ENETRESET) 990 return error; 991 992 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) 993 iwn_init(ifp); 994 995 return 0; 996 } 997 998 static int 999 iwn_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1000 { 1001 struct ifnet *ifp = ic->ic_ifp; 1002 struct iwn_softc *sc = ifp->if_softc; 1003 int error; 1004 1005 callout_stop(&sc->calib_to); 1006 1007 DPRINTF(("iwn_newstate: nstate = %d, ic->ic_state = %d\n", nstate, 1008 ic->ic_state)); 1009 1010 switch (nstate) { 1011 1012 case IEEE80211_S_SCAN: 1013 1014 if (sc->is_scanning) 1015 break; 1016 1017 sc->is_scanning = true; 1018 ieee80211_node_table_reset(&ic->ic_scan); 1019 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1020 1021 /* make the link LED blink while we're scanning */ 1022 iwn_set_led(sc, IWN_LED_LINK, 20, 2); 1023 1024 if ((error = iwn_scan(sc, IEEE80211_CHAN_G)) != 0) { 1025 aprint_error_dev(sc->sc_dev, "could not initiate scan\n"); 1026 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 1027 return error; 1028 } 1029 ic->ic_state = nstate; 1030 return 0; 1031 1032 case IEEE80211_S_ASSOC: 1033 if (ic->ic_state != IEEE80211_S_RUN) 1034 break; 1035 /* FALLTHROUGH */ 1036 case IEEE80211_S_AUTH: 1037 /* cancel any active scan - it apparently breaks auth */ 1038 /*(void)iwn_cmd(sc, IWN_CMD_SCAN_ABORT, NULL, 0, 1);*/ 1039 1040 if ((error = iwn_auth(sc)) != 0) { 1041 aprint_error_dev(sc->sc_dev, 1042 "could not move to auth state\n"); 1043 return error; 1044 } 1045 break; 1046 1047 case IEEE80211_S_RUN: 1048 if ((error = iwn_run(sc)) != 0) { 1049 aprint_error_dev(sc->sc_dev, 1050 "could not move to run state\n"); 1051 return error; 1052 } 1053 break; 1054 1055 case IEEE80211_S_INIT: 1056 sc->is_scanning = false; 1057 break; 1058 } 1059 1060 return sc->sc_newstate(ic, nstate, arg); 1061 } 1062 1063 /* 1064 * Grab exclusive access to NIC memory. 1065 */ 1066 static void 1067 iwn_mem_lock(struct iwn_softc *sc) 1068 { 1069 uint32_t tmp; 1070 int ntries; 1071 1072 tmp = IWN_READ(sc, IWN_GPIO_CTL); 1073 IWN_WRITE(sc, IWN_GPIO_CTL, tmp | IWN_GPIO_MAC); 1074 1075 /* spin until we actually get the lock */ 1076 for (ntries = 0; ntries < 1000; ntries++) { 1077 if ((IWN_READ(sc, IWN_GPIO_CTL) & 1078 (IWN_GPIO_CLOCK | IWN_GPIO_SLEEP)) == IWN_GPIO_CLOCK) 1079 break; 1080 DELAY(10); 1081 } 1082 if (ntries == 1000) 1083 aprint_error_dev(sc->sc_dev, "could not lock memory\n"); 1084 } 1085 1086 /* 1087 * Release lock on NIC memory. 1088 */ 1089 static void 1090 iwn_mem_unlock(struct iwn_softc *sc) 1091 { 1092 uint32_t tmp = IWN_READ(sc, IWN_GPIO_CTL); 1093 IWN_WRITE(sc, IWN_GPIO_CTL, tmp & ~IWN_GPIO_MAC); 1094 } 1095 1096 static uint32_t 1097 iwn_mem_read(struct iwn_softc *sc, uint32_t addr) 1098 { 1099 IWN_WRITE(sc, IWN_READ_MEM_ADDR, IWN_MEM_4 | addr); 1100 return IWN_READ(sc, IWN_READ_MEM_DATA); 1101 } 1102 1103 static void 1104 iwn_mem_write(struct iwn_softc *sc, uint32_t addr, uint32_t data) 1105 { 1106 IWN_WRITE(sc, IWN_WRITE_MEM_ADDR, IWN_MEM_4 | addr); 1107 IWN_WRITE(sc, IWN_WRITE_MEM_DATA, data); 1108 } 1109 1110 static void 1111 iwn_mem_write_region_4(struct iwn_softc *sc, uint32_t addr, 1112 const uint32_t *data, int wlen) 1113 { 1114 for (; wlen > 0; wlen--, data++, addr += 4) 1115 iwn_mem_write(sc, addr, *data); 1116 } 1117 1118 static int 1119 iwn_eeprom_lock(struct iwn_softc *sc) 1120 { 1121 uint32_t tmp; 1122 int ntries; 1123 1124 tmp = IWN_READ(sc, IWN_HWCONFIG); 1125 IWN_WRITE(sc, IWN_HWCONFIG, tmp | IWN_HW_EEPROM_LOCKED); 1126 1127 /* spin until we actually get the lock */ 1128 for (ntries = 0; ntries < 100; ntries++) { 1129 if (IWN_READ(sc, IWN_HWCONFIG) & IWN_HW_EEPROM_LOCKED) 1130 return 0; 1131 DELAY(10); 1132 } 1133 return ETIMEDOUT; 1134 } 1135 1136 static void 1137 iwn_eeprom_unlock(struct iwn_softc *sc) 1138 { 1139 uint32_t tmp = IWN_READ(sc, IWN_HWCONFIG); 1140 IWN_WRITE(sc, IWN_HWCONFIG, tmp & ~IWN_HW_EEPROM_LOCKED); 1141 } 1142 1143 /* 1144 * Read `len' bytes from the EEPROM. We access the EEPROM through the MAC 1145 * instead of using the traditional bit-bang method. 1146 */ 1147 static int 1148 iwn_read_prom_data(struct iwn_softc *sc, uint32_t addr, void *data, int len) 1149 { 1150 uint8_t *out = data; 1151 uint32_t val; 1152 int ntries; 1153 1154 iwn_mem_lock(sc); 1155 for (; len > 0; len -= 2, addr++) { 1156 IWN_WRITE(sc, IWN_EEPROM_CTL, addr << 2); 1157 IWN_WRITE(sc, IWN_EEPROM_CTL, 1158 IWN_READ(sc, IWN_EEPROM_CTL) & ~IWN_EEPROM_CMD); 1159 1160 for (ntries = 0; ntries < 10; ntries++) { 1161 if ((val = IWN_READ(sc, IWN_EEPROM_CTL)) & 1162 IWN_EEPROM_READY) 1163 break; 1164 DELAY(5); 1165 } 1166 if (ntries == 10) { 1167 aprint_error_dev(sc->sc_dev, "could not read EEPROM\n"); 1168 return ETIMEDOUT; 1169 } 1170 *out++ = val >> 16; 1171 if (len > 1) 1172 *out++ = val >> 24; 1173 } 1174 iwn_mem_unlock(sc); 1175 1176 return 0; 1177 } 1178 1179 /* 1180 * The firmware boot code is small and is intended to be copied directly into 1181 * the NIC internal memory. 1182 */ 1183 static int 1184 iwn_load_microcode(struct iwn_softc *sc, const uint8_t *ucode, int size) 1185 { 1186 int ntries; 1187 1188 size /= sizeof (uint32_t); 1189 1190 iwn_mem_lock(sc); 1191 1192 /* copy microcode image into NIC memory */ 1193 iwn_mem_write_region_4(sc, IWN_MEM_UCODE_BASE, 1194 (const uint32_t *)ucode, size); 1195 1196 iwn_mem_write(sc, IWN_MEM_UCODE_SRC, 0); 1197 iwn_mem_write(sc, IWN_MEM_UCODE_DST, IWN_FW_TEXT); 1198 iwn_mem_write(sc, IWN_MEM_UCODE_SIZE, size); 1199 1200 /* run microcode */ 1201 iwn_mem_write(sc, IWN_MEM_UCODE_CTL, IWN_UC_RUN); 1202 1203 /* wait for transfer to complete */ 1204 for (ntries = 0; ntries < 1000; ntries++) { 1205 if (!(iwn_mem_read(sc, IWN_MEM_UCODE_CTL) & IWN_UC_RUN)) 1206 break; 1207 DELAY(10); 1208 } 1209 if (ntries == 1000) { 1210 iwn_mem_unlock(sc); 1211 aprint_error_dev(sc->sc_dev, "could not load boot firmware\n"); 1212 return ETIMEDOUT; 1213 } 1214 iwn_mem_write(sc, IWN_MEM_UCODE_CTL, IWN_UC_ENABLE); 1215 1216 iwn_mem_unlock(sc); 1217 1218 return 0; 1219 } 1220 1221 static int 1222 iwn_load_firmware(struct iwn_softc *sc) 1223 { 1224 struct iwn_dma_info *dma = &sc->fw_dma; 1225 struct iwn_firmware_hdr hdr; 1226 const uint8_t *init_text, *init_data, *main_text, *main_data; 1227 const uint8_t *boot_text; 1228 uint32_t init_textsz, init_datasz, main_textsz, main_datasz; 1229 uint32_t boot_textsz; 1230 firmware_handle_t fw; 1231 u_char *dfw; 1232 size_t size; 1233 int error; 1234 1235 /* load firmware image from disk */ 1236 if ((error = firmware_open("if_iwn","iwlwifi-4965.ucode", &fw)) != 0) { 1237 aprint_error_dev(sc->sc_dev, "could not read firmware file\n"); 1238 goto fail1; 1239 } 1240 1241 size = firmware_get_size(fw); 1242 1243 /* extract firmware header information */ 1244 if (size < sizeof (struct iwn_firmware_hdr)) { 1245 aprint_error_dev(sc->sc_dev, "truncated firmware header: %zu bytes\n", size); 1246 1247 error = EINVAL; 1248 goto fail2; 1249 } 1250 1251 1252 if ((error = firmware_read(fw, 0, &hdr, 1253 sizeof (struct iwn_firmware_hdr))) != 0) { 1254 aprint_error_dev(sc->sc_dev, "can't get firmware header\n"); 1255 goto fail2; 1256 } 1257 1258 main_textsz = le32toh(hdr.main_textsz); 1259 main_datasz = le32toh(hdr.main_datasz); 1260 init_textsz = le32toh(hdr.init_textsz); 1261 init_datasz = le32toh(hdr.init_datasz); 1262 boot_textsz = le32toh(hdr.boot_textsz); 1263 1264 /* sanity-check firmware segments sizes */ 1265 if (main_textsz > IWN_FW_MAIN_TEXT_MAXSZ || 1266 main_datasz > IWN_FW_MAIN_DATA_MAXSZ || 1267 init_textsz > IWN_FW_INIT_TEXT_MAXSZ || 1268 init_datasz > IWN_FW_INIT_DATA_MAXSZ || 1269 boot_textsz > IWN_FW_BOOT_TEXT_MAXSZ || 1270 (boot_textsz & 3) != 0) { 1271 aprint_error_dev(sc->sc_dev, "invalid firmware header\n"); 1272 error = EINVAL; 1273 goto fail2; 1274 } 1275 1276 /* check that all firmware segments are present */ 1277 if (size < sizeof (struct iwn_firmware_hdr) + main_textsz + 1278 main_datasz + init_textsz + init_datasz + boot_textsz) { 1279 aprint_error_dev(sc->sc_dev, "firmware file too short: %zu bytes\n", size); 1280 error = EINVAL; 1281 goto fail2; 1282 } 1283 1284 dfw = firmware_malloc(size); 1285 if (dfw == NULL) { 1286 aprint_error_dev(sc->sc_dev, "not enough memory to stock firmware\n"); 1287 error = ENOMEM; 1288 goto fail2; 1289 } 1290 1291 if ((error = firmware_read(fw, 0, dfw, size)) != 0) { 1292 aprint_error_dev(sc->sc_dev, "can't get firmware\n"); 1293 goto fail2; 1294 } 1295 1296 /* get pointers to firmware segments */ 1297 main_text = dfw + sizeof (struct iwn_firmware_hdr); 1298 main_data = main_text + main_textsz; 1299 init_text = main_data + main_datasz; 1300 init_data = init_text + init_textsz; 1301 boot_text = init_data + init_datasz; 1302 1303 /* copy initialization images into pre-allocated DMA-safe memory */ 1304 memcpy(dma->vaddr, init_data, init_datasz); 1305 memcpy((char *)dma->vaddr + IWN_FW_INIT_DATA_MAXSZ, init_text, init_textsz); 1306 1307 /* tell adapter where to find initialization images */ 1308 iwn_mem_lock(sc); 1309 iwn_mem_write(sc, IWN_MEM_DATA_BASE, dma->paddr >> 4); 1310 iwn_mem_write(sc, IWN_MEM_DATA_SIZE, init_datasz); 1311 iwn_mem_write(sc, IWN_MEM_TEXT_BASE, 1312 (dma->paddr + IWN_FW_INIT_DATA_MAXSZ) >> 4); 1313 iwn_mem_write(sc, IWN_MEM_TEXT_SIZE, init_textsz); 1314 iwn_mem_unlock(sc); 1315 1316 /* load firmware boot code */ 1317 if ((error = iwn_load_microcode(sc, boot_text, boot_textsz)) != 0) { 1318 aprint_error_dev(sc->sc_dev, "could not load boot firmware\n"); 1319 goto fail3; 1320 } 1321 1322 /* now press "execute" ;-) */ 1323 IWN_WRITE(sc, IWN_RESET, 0); 1324 1325 /* ..and wait at most one second for adapter to initialize */ 1326 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 1327 /* this isn't what was supposed to happen.. */ 1328 aprint_error_dev(sc->sc_dev, "timeout waiting for adapter to initialize\n"); 1329 } 1330 1331 /* copy runtime images into pre-allocated DMA-safe memory */ 1332 memcpy((char *)dma->vaddr, main_data, main_datasz); 1333 memcpy((char *)dma->vaddr + IWN_FW_MAIN_DATA_MAXSZ, main_text, main_textsz); 1334 1335 /* tell adapter where to find runtime images */ 1336 iwn_mem_lock(sc); 1337 iwn_mem_write(sc, IWN_MEM_DATA_BASE, dma->paddr >> 4); 1338 iwn_mem_write(sc, IWN_MEM_DATA_SIZE, main_datasz); 1339 iwn_mem_write(sc, IWN_MEM_TEXT_BASE, 1340 (dma->paddr + IWN_FW_MAIN_DATA_MAXSZ) >> 4); 1341 iwn_mem_write(sc, IWN_MEM_TEXT_SIZE, IWN_FW_UPDATED | main_textsz); 1342 iwn_mem_unlock(sc); 1343 1344 /* wait at most one second for second alive notification */ 1345 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 1346 /* this isn't what was supposed to happen.. */ 1347 aprint_error_dev(sc->sc_dev, "timeout waiting for adapter to initialize\n"); 1348 } 1349 1350 fail3: firmware_free(dfw,size); 1351 fail2: firmware_close(fw); 1352 fail1: return error; 1353 } 1354 1355 static void 1356 iwn_calib_timeout(void *arg) 1357 { 1358 struct iwn_softc *sc = arg; 1359 struct ieee80211com *ic = &sc->sc_ic; 1360 int s; 1361 1362 /* automatic rate control triggered every 500ms */ 1363 if (ic->ic_fixed_rate == -1) { 1364 s = splnet(); 1365 if (ic->ic_opmode == IEEE80211_M_STA) 1366 iwn_iter_func(sc, ic->ic_bss); 1367 else 1368 ieee80211_iterate_nodes(&ic->ic_sta, iwn_iter_func, sc); 1369 splx(s); 1370 } 1371 1372 /* automatic calibration every 60s */ 1373 if (++sc->calib_cnt >= 120) { 1374 DPRINTF(("sending request for statistics\n")); 1375 (void)iwn_cmd(sc, IWN_CMD_GET_STATISTICS, NULL, 0, 1); 1376 sc->calib_cnt = 0; 1377 } 1378 1379 callout_schedule(&sc->calib_to, hz/2); 1380 1381 } 1382 1383 static void 1384 iwn_iter_func(void *arg, struct ieee80211_node *ni) 1385 { 1386 struct iwn_softc *sc = arg; 1387 struct iwn_node *wn = (struct iwn_node *)ni; 1388 1389 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1390 } 1391 1392 static void 1393 iwn_ampdu_rx_start(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1394 { 1395 struct iwn_rx_stat *stat; 1396 1397 DPRINTFN(2, ("received AMPDU stats\n")); 1398 /* save Rx statistics, they will be used on IWN_AMPDU_RX_DONE */ 1399 stat = (struct iwn_rx_stat *)(desc + 1); 1400 memcpy(&sc->last_rx_stat, stat, sizeof (*stat)); 1401 sc->last_rx_valid = 1; 1402 } 1403 1404 void 1405 iwn_rx_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc, 1406 struct iwn_rx_data *data) 1407 { 1408 struct ieee80211com *ic = &sc->sc_ic; 1409 struct ifnet *ifp = ic->ic_ifp; 1410 struct iwn_rx_ring *ring = &sc->rxq; 1411 struct iwn_rbuf *rbuf; 1412 struct ieee80211_frame *wh; 1413 struct ieee80211_node *ni; 1414 struct mbuf *m, *mnew; 1415 struct iwn_rx_stat *stat; 1416 char *head; 1417 uint32_t *tail; 1418 int len, rssi; 1419 1420 if (desc->type == IWN_AMPDU_RX_DONE) { 1421 /* check for prior AMPDU_RX_START */ 1422 if (!sc->last_rx_valid) { 1423 DPRINTF(("missing AMPDU_RX_START\n")); 1424 ifp->if_ierrors++; 1425 return; 1426 } 1427 sc->last_rx_valid = 0; 1428 stat = &sc->last_rx_stat; 1429 } else 1430 stat = (struct iwn_rx_stat *)(desc + 1); 1431 1432 if (stat->cfg_phy_len > IWN_STAT_MAXLEN) { 1433 aprint_error_dev(sc->sc_dev, "invalid rx statistic header\n"); 1434 ifp->if_ierrors++; 1435 return; 1436 } 1437 1438 if (desc->type == IWN_AMPDU_RX_DONE) { 1439 struct iwn_rx_ampdu *ampdu = 1440 (struct iwn_rx_ampdu *)(desc + 1); 1441 head = (char *)(ampdu + 1); 1442 len = le16toh(ampdu->len); 1443 } else { 1444 head = (char *)(stat + 1) + stat->cfg_phy_len; 1445 len = le16toh(stat->len); 1446 } 1447 1448 DPRINTF(("rx packet len %d\n", len)); 1449 /* discard Rx frames with bad CRC early */ 1450 tail = (uint32_t *)(head + len); 1451 if ((le32toh(*tail) & IWN_RX_NOERROR) != IWN_RX_NOERROR) { 1452 DPRINTFN(2, ("rx flags error %x\n", le32toh(*tail))); 1453 ifp->if_ierrors++; 1454 return; 1455 } 1456 /* XXX for ieee80211_find_rxnode() */ 1457 if (len < sizeof (struct ieee80211_frame)) { 1458 DPRINTF(("frame too short: %d\n", len)); 1459 ic->ic_stats.is_rx_tooshort++; 1460 ifp->if_ierrors++; 1461 return; 1462 } 1463 1464 m = data->m; 1465 1466 /* finalize mbuf */ 1467 m->m_pkthdr.rcvif = ifp; 1468 m->m_data = head; 1469 m->m_pkthdr.len = m->m_len = len; 1470 1471 /* 1472 * See comment in if_wpi.c:wpi_rx_intr() about locking 1473 * nb_free_entries here. In short: it's not required. 1474 */ 1475 if (sc->rxq.nb_free_entries > 0) { 1476 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1477 if (mnew == NULL) { 1478 ic->ic_stats.is_rx_nobuf++; 1479 ifp->if_ierrors++; 1480 return; 1481 } 1482 1483 rbuf = iwn_alloc_rbuf(sc); 1484 1485 /* attach Rx buffer to mbuf */ 1486 MEXTADD(mnew, rbuf->vaddr, IWN_RBUF_SIZE, 0, iwn_free_rbuf, 1487 rbuf); 1488 mnew->m_flags |= M_EXT_RW; 1489 1490 data->m = mnew; 1491 1492 /* update Rx descriptor */ 1493 ring->desc[ring->cur] = htole32(rbuf->paddr >> 8); 1494 } else { 1495 /* no free rbufs, copy frame */ 1496 m = m_dup(m, 0, M_COPYALL, M_DONTWAIT); 1497 if (m == NULL) { 1498 /* no free mbufs either, drop frame */ 1499 ic->ic_stats.is_rx_nobuf++; 1500 ifp->if_ierrors++; 1501 return; 1502 } 1503 } 1504 1505 rssi = iwn_get_rssi(stat); 1506 1507 if (ic->ic_state == IEEE80211_S_SCAN) 1508 iwn_fix_channel(ic, m); 1509 1510 #if NBPFILTER > 0 1511 if (sc->sc_drvbpf != NULL) { 1512 struct iwn_rx_radiotap_header *tap = &sc->sc_rxtap; 1513 1514 tap->wr_flags = 0; 1515 tap->wr_chan_freq = 1516 htole16(ic->ic_channels[stat->chan].ic_freq); 1517 tap->wr_chan_flags = 1518 htole16(ic->ic_channels[stat->chan].ic_flags); 1519 tap->wr_dbm_antsignal = (int8_t)rssi; 1520 tap->wr_dbm_antnoise = (int8_t)sc->noise; 1521 tap->wr_tsft = stat->tstamp; 1522 switch (stat->rate) { 1523 /* CCK rates */ 1524 case 10: tap->wr_rate = 2; break; 1525 case 20: tap->wr_rate = 4; break; 1526 case 55: tap->wr_rate = 11; break; 1527 case 110: tap->wr_rate = 22; break; 1528 /* OFDM rates */ 1529 case 0xd: tap->wr_rate = 12; break; 1530 case 0xf: tap->wr_rate = 18; break; 1531 case 0x5: tap->wr_rate = 24; break; 1532 case 0x7: tap->wr_rate = 36; break; 1533 case 0x9: tap->wr_rate = 48; break; 1534 case 0xb: tap->wr_rate = 72; break; 1535 case 0x1: tap->wr_rate = 96; break; 1536 case 0x3: tap->wr_rate = 108; break; 1537 /* unknown rate: should not happen */ 1538 default: tap->wr_rate = 0; 1539 } 1540 1541 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1542 } 1543 #endif 1544 1545 /* grab a reference to the source node */ 1546 wh = mtod(m, struct ieee80211_frame *); 1547 ni = ieee80211_find_rxnode(ic,(struct ieee80211_frame_min *)wh); 1548 1549 /* send the frame to the 802.11 layer */ 1550 ieee80211_input(ic, m, ni, rssi, 0); 1551 1552 /* node is no longer needed */ 1553 ieee80211_free_node(ni); 1554 } 1555 1556 1557 /* 1558 * XXX: Hack to set the current channel to the value advertised in beacons or 1559 * probe responses. Only used during AP detection. 1560 * XXX: Duplicated from if_iwi.c 1561 */ 1562 static void 1563 iwn_fix_channel(struct ieee80211com *ic, struct mbuf *m) 1564 { 1565 struct ieee80211_frame *wh; 1566 uint8_t subtype; 1567 uint8_t *frm, *efrm; 1568 1569 wh = mtod(m, struct ieee80211_frame *); 1570 1571 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT) 1572 return; 1573 1574 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1575 1576 if (subtype != IEEE80211_FC0_SUBTYPE_BEACON && 1577 subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1578 return; 1579 1580 frm = (uint8_t *)(wh + 1); 1581 efrm = mtod(m, uint8_t *) + m->m_len; 1582 1583 frm += 12; /* skip tstamp, bintval and capinfo fields */ 1584 while (frm < efrm) { 1585 if (*frm == IEEE80211_ELEMID_DSPARMS) 1586 #if IEEE80211_CHAN_MAX < 255 1587 if (frm[2] <= IEEE80211_CHAN_MAX) 1588 #endif 1589 ic->ic_curchan = &ic->ic_channels[frm[2]]; 1590 1591 frm += frm[1] + 2; 1592 } 1593 } 1594 1595 static void 1596 iwn_rx_statistics(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1597 { 1598 struct ieee80211com *ic = &sc->sc_ic; 1599 struct iwn_calib_state *calib = &sc->calib; 1600 struct iwn_stats *stats = (struct iwn_stats *)(desc + 1); 1601 1602 /* ignore beacon statistics received during a scan */ 1603 if (ic->ic_state != IEEE80211_S_RUN) 1604 return; 1605 1606 DPRINTFN(3, ("received statistics (cmd=%d)\n", desc->type)); 1607 sc->calib_cnt = 0; /* reset timeout */ 1608 1609 /* test if temperature has changed */ 1610 if (stats->general.temp != sc->rawtemp) { 1611 int temp; 1612 1613 sc->rawtemp = stats->general.temp; 1614 temp = iwn_get_temperature(sc); 1615 DPRINTFN(2, ("temperature=%d\n", temp)); 1616 1617 /* update Tx power if need be */ 1618 iwn_power_calibration(sc, temp); 1619 } 1620 1621 if (desc->type != IWN_BEACON_STATISTICS) 1622 return; /* reply to a statistics request */ 1623 1624 sc->noise = iwn_get_noise(&stats->rx.general); 1625 DPRINTFN(3, ("noise=%d\n", sc->noise)); 1626 1627 /* test that RSSI and noise are present in stats report */ 1628 if (le32toh(stats->rx.general.flags) != 1) { 1629 DPRINTF(("received statistics without RSSI\n")); 1630 return; 1631 } 1632 1633 if (calib->state == IWN_CALIB_STATE_ASSOC) 1634 iwn_compute_differential_gain(sc, &stats->rx.general); 1635 else if (calib->state == IWN_CALIB_STATE_RUN) 1636 iwn_tune_sensitivity(sc, &stats->rx); 1637 } 1638 1639 static void 1640 iwn_tx_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1641 { 1642 struct ifnet *ifp = sc->sc_ic.ic_ifp; 1643 struct iwn_tx_ring *ring = &sc->txq[desc->qid & 0xf]; 1644 struct iwn_tx_data *txdata = &ring->data[desc->idx]; 1645 struct iwn_tx_stat *stat = (struct iwn_tx_stat *)(desc + 1); 1646 struct iwn_node *wn = (struct iwn_node *)txdata->ni; 1647 uint32_t status; 1648 1649 DPRINTFN(4, ("tx done: qid=%d idx=%d retries=%d nkill=%d rate=%x " 1650 "duration=%d status=%x\n", desc->qid, desc->idx, stat->ntries, 1651 stat->nkill, stat->rate, le16toh(stat->duration), 1652 le32toh(stat->status))); 1653 1654 /* 1655 * Update rate control statistics for the node. 1656 */ 1657 wn->amn.amn_txcnt++; 1658 if (stat->ntries > 0) { 1659 DPRINTFN(3, ("tx intr ntries %d\n", stat->ntries)); 1660 wn->amn.amn_retrycnt++; 1661 } 1662 1663 status = le32toh(stat->status) & 0xff; 1664 if (status != 1 && status != 2) 1665 ifp->if_oerrors++; 1666 else 1667 ifp->if_opackets++; 1668 1669 bus_dmamap_unload(sc->sc_dmat, txdata->map); 1670 m_freem(txdata->m); 1671 txdata->m = NULL; 1672 ieee80211_free_node(txdata->ni); 1673 txdata->ni = NULL; 1674 1675 ring->queued--; 1676 1677 sc->sc_tx_timer = 0; 1678 ifp->if_flags &= ~IFF_OACTIVE; 1679 iwn_start(ifp); 1680 } 1681 1682 static void 1683 iwn_cmd_intr(struct iwn_softc *sc, struct iwn_rx_desc *desc) 1684 { 1685 struct iwn_tx_ring *ring = &sc->txq[4]; 1686 struct iwn_tx_data *data; 1687 1688 if ((desc->qid & 0xf) != 4) 1689 return; /* not a command ack */ 1690 1691 data = &ring->data[desc->idx]; 1692 1693 /* if the command was mapped in a mbuf, free it */ 1694 if (data->m != NULL) { 1695 bus_dmamap_unload(sc->sc_dmat, data->map); 1696 m_freem(data->m); 1697 data->m = NULL; 1698 } 1699 1700 wakeup(&ring->cmd[desc->idx]); 1701 } 1702 1703 static void 1704 iwn_notif_intr(struct iwn_softc *sc) 1705 { 1706 struct ieee80211com *ic = &sc->sc_ic; 1707 struct ifnet *ifp = ic->ic_ifp; 1708 uint16_t hw; 1709 1710 hw = le16toh(sc->shared->closed_count); 1711 while (sc->rxq.cur != hw) { 1712 struct iwn_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1713 struct iwn_rx_desc *desc = (void *)data->m->m_ext.ext_buf; 1714 1715 DPRINTFN(4,("rx notification qid=%x idx=%d flags=%x type=%d " 1716 "len=%d\n", desc->qid, desc->idx, desc->flags, desc->type, 1717 le32toh(desc->len))); 1718 1719 if (!(desc->qid & 0x80)) /* reply to a command */ 1720 iwn_cmd_intr(sc, desc); 1721 1722 switch (desc->type) { 1723 case IWN_RX_DONE: 1724 case IWN_AMPDU_RX_DONE: 1725 iwn_rx_intr(sc, desc, data); 1726 break; 1727 1728 case IWN_AMPDU_RX_START: 1729 iwn_ampdu_rx_start(sc, desc); 1730 break; 1731 1732 case IWN_TX_DONE: 1733 /* a 802.11 frame has been transmitted */ 1734 iwn_tx_intr(sc, desc); 1735 break; 1736 1737 case IWN_RX_STATISTICS: 1738 case IWN_BEACON_STATISTICS: 1739 iwn_rx_statistics(sc, desc); 1740 break; 1741 1742 case IWN_BEACON_MISSED: 1743 { 1744 struct iwn_beacon_missed *miss = 1745 (struct iwn_beacon_missed *)(desc + 1); 1746 /* 1747 * If more than 5 consecutive beacons are missed, 1748 * reinitialize the sensitivity state machine. 1749 */ 1750 DPRINTFN(2, ("beacons missed %d/%d\n", 1751 le32toh(miss->consecutive), le32toh(miss->total))); 1752 if (ic->ic_state == IEEE80211_S_RUN && 1753 le32toh(miss->consecutive) > 5) 1754 (void)iwn_init_sensitivity(sc); 1755 break; 1756 } 1757 1758 case IWN_UC_READY: 1759 { 1760 struct iwn_ucode_info *uc = 1761 (struct iwn_ucode_info *)(desc + 1); 1762 1763 /* the microcontroller is ready */ 1764 DPRINTF(("microcode alive notification version=%d.%d " 1765 "subtype=%x alive=%x\n", uc->major, uc->minor, 1766 uc->subtype, le32toh(uc->valid))); 1767 1768 if (le32toh(uc->valid) != 1) { 1769 aprint_error_dev(sc->sc_dev, "microcontroller initialization " 1770 "failed\n"); 1771 break; 1772 } 1773 if (uc->subtype == IWN_UCODE_INIT) { 1774 /* save microcontroller's report */ 1775 memcpy(&sc->ucode_info, uc, sizeof (*uc)); 1776 } 1777 break; 1778 } 1779 case IWN_STATE_CHANGED: 1780 { 1781 uint32_t *status = (uint32_t *)(desc + 1); 1782 1783 /* enabled/disabled notification */ 1784 DPRINTF(("state changed to %x\n", le32toh(*status))); 1785 1786 if (le32toh(*status) & 1) { 1787 /* the radio button has to be pushed */ 1788 aprint_error_dev(sc->sc_dev, "Radio transmitter is off\n"); 1789 /* turn the interface down */ 1790 ifp->if_flags &= ~IFF_UP; 1791 iwn_stop(ifp, 1); 1792 return; /* no further processing */ 1793 } 1794 break; 1795 } 1796 case IWN_START_SCAN: 1797 { 1798 struct iwn_start_scan *scan = 1799 (struct iwn_start_scan *)(desc + 1); 1800 1801 DPRINTFN(2, ("scanning channel %d status %x\n", 1802 scan->chan, le32toh(scan->status))); 1803 1804 /* fix current channel */ 1805 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 1806 break; 1807 } 1808 case IWN_STOP_SCAN: 1809 { 1810 struct iwn_stop_scan *scan = 1811 (struct iwn_stop_scan *)(desc + 1); 1812 1813 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 1814 scan->nchan, scan->status, scan->chan)); 1815 1816 if (scan->status == 1 && scan->chan <= 14) { 1817 /* 1818 * We just finished scanning 802.11g channels, 1819 * start scanning 802.11a ones. 1820 */ 1821 if (iwn_scan(sc, IEEE80211_CHAN_A) == 0) 1822 break; 1823 } 1824 sc->is_scanning = false; 1825 ieee80211_end_scan(ic); 1826 break; 1827 } 1828 } 1829 1830 sc->rxq.cur = (sc->rxq.cur + 1) % IWN_RX_RING_COUNT; 1831 } 1832 1833 /* tell the firmware what we have processed */ 1834 hw = (hw == 0) ? IWN_RX_RING_COUNT - 1 : hw - 1; 1835 IWN_WRITE(sc, IWN_RX_WIDX, hw & ~7); 1836 } 1837 1838 static int 1839 iwn_intr(void *arg) 1840 { 1841 struct iwn_softc *sc = arg; 1842 struct ifnet *ifp = sc->sc_ic.ic_ifp; 1843 uint32_t r1, r2; 1844 1845 /* disable interrupts */ 1846 IWN_WRITE(sc, IWN_MASK, 0); 1847 1848 r1 = IWN_READ(sc, IWN_INTR); 1849 r2 = IWN_READ(sc, IWN_INTR_STATUS); 1850 1851 if (r1 == 0 && r2 == 0) { 1852 if (ifp->if_flags & IFF_UP) 1853 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 1854 return 0; /* not for us */ 1855 } 1856 1857 if (r1 == 0xffffffff) 1858 return 0; /* hardware gone */ 1859 1860 /* ack interrupts */ 1861 IWN_WRITE(sc, IWN_INTR, r1); 1862 IWN_WRITE(sc, IWN_INTR_STATUS, r2); 1863 1864 DPRINTFN(5, ("interrupt reg1=%x reg2=%x\n", r1, r2)); 1865 1866 if (r1 & IWN_RF_TOGGLED) { 1867 uint32_t tmp = IWN_READ(sc, IWN_GPIO_CTL); 1868 aprint_error_dev(sc->sc_dev, "RF switch: radio %s\n", 1869 (tmp & IWN_GPIO_RF_ENABLED) ? "enabled" : "disabled"); 1870 } 1871 if (r1 & IWN_CT_REACHED) { 1872 aprint_error_dev(sc->sc_dev, "critical temperature reached!\n"); 1873 } 1874 if (r1 & (IWN_SW_ERROR | IWN_HW_ERROR)) { 1875 aprint_error_dev(sc->sc_dev, "fatal firmware error\n"); 1876 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP; 1877 iwn_stop(sc->sc_ic.ic_ifp, 1); 1878 return 1; 1879 } 1880 1881 if ((r1 & (IWN_RX_INTR | IWN_SW_RX_INTR)) || 1882 (r2 & IWN_RX_STATUS_INTR)) 1883 iwn_notif_intr(sc); 1884 1885 if (r1 & IWN_ALIVE_INTR) 1886 wakeup(sc); 1887 1888 /* re-enable interrupts */ 1889 if (ifp->if_flags & IFF_UP) 1890 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 1891 1892 return 1; 1893 } 1894 1895 static uint8_t 1896 iwn_plcp_signal(int rate) 1897 { 1898 switch (rate) { 1899 /* CCK rates (returned values are device-dependent) */ 1900 case 2: return 10; 1901 case 4: return 20; 1902 case 11: return 55; 1903 case 22: return 110; 1904 1905 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 1906 /* R1-R4, (u)ral is R4-R1 */ 1907 case 12: return 0xd; 1908 case 18: return 0xf; 1909 case 24: return 0x5; 1910 case 36: return 0x7; 1911 case 48: return 0x9; 1912 case 72: return 0xb; 1913 case 96: return 0x1; 1914 case 108: return 0x3; 1915 case 120: return 0x3; 1916 } 1917 /* unknown rate (should not get there) */ 1918 return 0; 1919 } 1920 1921 /* determine if a given rate is CCK or OFDM */ 1922 #define IWN_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1923 1924 static int 1925 iwn_tx_data(struct iwn_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, 1926 int ac) 1927 { 1928 struct ieee80211com *ic = &sc->sc_ic; 1929 struct iwn_tx_ring *ring = &sc->txq[ac]; 1930 struct iwn_tx_desc *desc; 1931 struct iwn_tx_data *data; 1932 struct iwn_tx_cmd *cmd; 1933 struct iwn_cmd_data *tx; 1934 struct ieee80211_frame *wh; 1935 struct ieee80211_key *k; 1936 const struct chanAccParams *cap; 1937 struct mbuf *mnew; 1938 bus_addr_t paddr; 1939 uint32_t flags; 1940 uint8_t type; 1941 int i, error, pad, rate, hdrlen, noack = 0; 1942 1943 DPRINTFN(5, ("iwn_tx_data entry\n")); 1944 1945 desc = &ring->desc[ring->cur]; 1946 data = &ring->data[ring->cur]; 1947 1948 wh = mtod(m0, struct ieee80211_frame *); 1949 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1950 1951 if (IEEE80211_QOS_HAS_SEQ(wh)) { 1952 hdrlen = sizeof (struct ieee80211_qosframe); 1953 cap = &ic->ic_wme.wme_chanParams; 1954 noack = cap->cap_wmeParams[ac].wmep_noackPolicy; 1955 } else 1956 hdrlen = sizeof (struct ieee80211_frame); 1957 1958 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1959 k = ieee80211_crypto_encap(ic, ni, m0); 1960 if (k == NULL) { 1961 m_freem(m0); 1962 return ENOBUFS; 1963 } 1964 /* packet header may have moved, reset our local pointer */ 1965 wh = mtod(m0, struct ieee80211_frame *); 1966 } 1967 1968 /* pickup a rate */ 1969 if (type == IEEE80211_FC0_TYPE_MGT) { 1970 /* mgmt frames are sent at the lowest available bit-rate */ 1971 rate = ni->ni_rates.rs_rates[0]; 1972 } else { 1973 if (ic->ic_fixed_rate != -1) { 1974 rate = ic->ic_sup_rates[ic->ic_curmode]. 1975 rs_rates[ic->ic_fixed_rate]; 1976 } else 1977 rate = ni->ni_rates.rs_rates[ni->ni_txrate]; 1978 } 1979 rate &= IEEE80211_RATE_VAL; 1980 1981 #if NBPFILTER > 0 1982 if (sc->sc_drvbpf != NULL) { 1983 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap; 1984 1985 tap->wt_flags = 0; 1986 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 1987 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 1988 tap->wt_rate = rate; 1989 tap->wt_hwqueue = ac; 1990 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 1991 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1992 1993 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 1994 } 1995 #endif 1996 1997 cmd = &ring->cmd[ring->cur]; 1998 cmd->code = IWN_CMD_TX_DATA; 1999 cmd->flags = 0; 2000 cmd->qid = ring->qid; 2001 cmd->idx = ring->cur; 2002 2003 tx = (struct iwn_cmd_data *)cmd->data; 2004 2005 flags = IWN_TX_AUTO_SEQ; 2006 if (!noack && !IEEE80211_IS_MULTICAST(wh->i_addr1)){ 2007 flags |= IWN_TX_NEED_ACK; 2008 }else if (m0->m_pkthdr.len + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) 2009 flags |= (IWN_TX_NEED_RTS | IWN_TX_FULL_TXOP); 2010 2011 if (IEEE80211_IS_MULTICAST(wh->i_addr1) 2012 || (type != IEEE80211_FC0_TYPE_DATA)) 2013 tx->id = IWN_ID_BROADCAST; 2014 else 2015 tx->id = IWN_ID_BSS; 2016 2017 DPRINTFN(5, ("addr1: %x:%x:%x:%x:%x:%x, id = 0x%x\n", 2018 wh->i_addr1[0], wh->i_addr1[1], wh->i_addr1[2], 2019 wh->i_addr1[3], wh->i_addr1[4], wh->i_addr1[5], tx->id)); 2020 2021 if (type == IEEE80211_FC0_TYPE_MGT) { 2022 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2023 2024 /* tell h/w to set timestamp in probe responses */ 2025 if ((subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) || 2026 (subtype == IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 2027 flags |= IWN_TX_INSERT_TSTAMP; 2028 2029 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2030 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ || 2031 subtype == IEEE80211_FC0_SUBTYPE_AUTH || 2032 subtype == IEEE80211_FC0_SUBTYPE_DEAUTH) { 2033 flags &= ~IWN_TX_NEED_RTS; 2034 flags |= IWN_TX_NEED_CTS; 2035 tx->timeout = htole16(3); 2036 } else 2037 tx->timeout = htole16(2); 2038 } else 2039 tx->timeout = htole16(0); 2040 2041 if (hdrlen & 3) { 2042 /* first segment's length must be a multiple of 4 */ 2043 flags |= IWN_TX_NEED_PADDING; 2044 pad = 4 - (hdrlen & 3); 2045 } else 2046 pad = 0; 2047 2048 if (type == IEEE80211_FC0_TYPE_CTL) { 2049 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2050 2051 /* tell h/w to set timestamp in probe responses */ 2052 if (subtype == 0x0080) /* linux says this is "back request" */ 2053 /* linux says (1 << 6) is IMM_BA_RSP_MASK */ 2054 flags |= (IWN_TX_NEED_ACK | (1 << 6)); 2055 } 2056 2057 2058 tx->flags = htole32(flags); 2059 tx->len = htole16(m0->m_pkthdr.len); 2060 tx->rate = iwn_plcp_signal(rate); 2061 tx->rts_ntries = 60; 2062 tx->data_ntries = 15; 2063 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 2064 2065 /* XXX alternate between Ant A and Ant B ? */ 2066 tx->rflags = IWN_RFLAG_ANT_B; 2067 if (tx->id == IWN_ID_BROADCAST) { 2068 tx->ridx = IWN_MAX_TX_RETRIES - 1; 2069 if (!IWN_RATE_IS_OFDM(rate)) 2070 tx->rflags |= IWN_RFLAG_CCK; 2071 } else { 2072 tx->ridx = 0; 2073 /* tell adapter to ignore rflags */ 2074 tx->flags |= htole32(IWN_TX_USE_NODE_RATE); 2075 } 2076 2077 /* copy and trim IEEE802.11 header */ 2078 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 2079 m_adj(m0, hdrlen); 2080 2081 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 2082 BUS_DMA_WRITE | BUS_DMA_NOWAIT); 2083 if (error != 0 && error != EFBIG) { 2084 aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error); 2085 m_freem(m0); 2086 return error; 2087 } 2088 if (error != 0) { 2089 /* too many fragments, linearize */ 2090 2091 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 2092 if (mnew == NULL) { 2093 m_freem(m0); 2094 return ENOMEM; 2095 } 2096 M_COPY_PKTHDR(mnew, m0); 2097 if (m0->m_pkthdr.len > MHLEN) { 2098 MCLGET(mnew, M_DONTWAIT); 2099 if (!(mnew->m_flags & M_EXT)) { 2100 m_freem(m0); 2101 m_freem(mnew); 2102 return ENOMEM; 2103 } 2104 } 2105 2106 m_copydata(m0, 0, m0->m_pkthdr.len, mtod(mnew, void *)); 2107 m_freem(m0); 2108 mnew->m_len = mnew->m_pkthdr.len; 2109 m0 = mnew; 2110 2111 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0, 2112 BUS_DMA_WRITE | BUS_DMA_NOWAIT); 2113 if (error != 0) { 2114 aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error); 2115 m_freem(m0); 2116 return error; 2117 } 2118 } 2119 2120 data->m = m0; 2121 data->ni = ni; 2122 2123 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 2124 ring->qid, ring->cur, m0->m_pkthdr.len, data->map->dm_nsegs)); 2125 2126 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 2127 tx->loaddr = htole32(paddr + 4 + 2128 offsetof(struct iwn_cmd_data, ntries)); 2129 tx->hiaddr = 0; /* limit to 32-bit physical addresses */ 2130 2131 /* first scatter/gather segment is used by the tx data command */ 2132 IWN_SET_DESC_NSEGS(desc, 1 + data->map->dm_nsegs); 2133 IWN_SET_DESC_SEG(desc, 0, paddr, 4 + sizeof (*tx) + hdrlen + pad); 2134 for (i = 1; i <= data->map->dm_nsegs; i++) { 2135 IWN_SET_DESC_SEG(desc, i, data->map->dm_segs[i - 1].ds_addr, 2136 data->map->dm_segs[i - 1].ds_len); 2137 } 2138 sc->shared->len[ring->qid][ring->cur] = 2139 htole16(hdrlen + m0->m_pkthdr.len + 8); 2140 if (ring->cur < IWN_TX_WINDOW) { 2141 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 2142 htole16(hdrlen + m0->m_pkthdr.len + 8); 2143 } 2144 2145 ring->queued++; 2146 2147 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 2148 data->map->dm_mapsize /* calc? */, BUS_DMASYNC_PREWRITE); 2149 2150 /* kick ring */ 2151 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 2152 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 2153 2154 return 0; 2155 } 2156 2157 static void 2158 iwn_start(struct ifnet *ifp) 2159 { 2160 struct iwn_softc *sc = ifp->if_softc; 2161 struct ieee80211com *ic = &sc->sc_ic; 2162 struct ieee80211_node *ni; 2163 struct ether_header *eh; 2164 struct mbuf *m0; 2165 int ac; 2166 2167 DPRINTFN(5, ("iwn_start enter\n")); 2168 2169 /* 2170 * net80211 may still try to send management frames even if the 2171 * IFF_RUNNING flag is not set... 2172 */ 2173 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 2174 return; 2175 2176 for (;;) { 2177 IF_DEQUEUE(&ic->ic_mgtq, m0); 2178 if (m0 != NULL) { 2179 /* management frames go into ring 0 */ 2180 2181 2182 ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif; 2183 m0->m_pkthdr.rcvif = NULL; 2184 2185 /* management goes into ring 0 */ 2186 if (sc->txq[0].queued > sc->txq[0].count - 8) { 2187 ifp->if_oerrors++; 2188 continue; 2189 } 2190 2191 #if NBPFILTER > 0 2192 if (ic->ic_rawbpf != NULL) 2193 bpf_mtap(ic->ic_rawbpf, m0); 2194 #endif 2195 if (iwn_tx_data(sc, m0, ni, 0) != 0) { 2196 ifp->if_oerrors++; 2197 break; 2198 } 2199 } else { 2200 if (ic->ic_state != IEEE80211_S_RUN) 2201 break; 2202 IFQ_POLL(&ifp->if_snd, m0); 2203 if (m0 == NULL) 2204 break; 2205 2206 if (m0->m_len < sizeof (*eh) && 2207 (m0 = m_pullup(m0, sizeof (*eh))) == NULL) { 2208 ifp->if_oerrors++; 2209 continue; 2210 } 2211 eh = mtod(m0, struct ether_header *); 2212 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 2213 if (ni == NULL) { 2214 m_freem(m0); 2215 ifp->if_oerrors++; 2216 continue; 2217 } 2218 /* classify mbuf so we can find which tx ring to use */ 2219 if (ieee80211_classify(ic, m0, ni) != 0) { 2220 m_freem(m0); 2221 ieee80211_free_node(ni); 2222 ifp->if_oerrors++; 2223 continue; 2224 } 2225 2226 /* no QoS encapsulation for EAPOL frames */ 2227 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ? 2228 M_WME_GETAC(m0) : WME_AC_BE; 2229 2230 if (sc->txq[ac].queued > sc->txq[ac].count - 8) { 2231 2232 /* there is no place left in this ring */ 2233 ifp->if_flags |= IFF_OACTIVE; 2234 break; 2235 } 2236 IFQ_DEQUEUE(&ifp->if_snd, m0); 2237 #if NBPFILTER > 0 2238 if (ifp->if_bpf != NULL) 2239 bpf_mtap(ifp->if_bpf, m0); 2240 #endif 2241 m0 = ieee80211_encap(ic, m0, ni); 2242 if (m0 == NULL) { 2243 ieee80211_free_node(ni); 2244 ifp->if_oerrors++; 2245 continue; 2246 } 2247 #if NBPFILTER > 0 2248 if (ic->ic_rawbpf != NULL) 2249 bpf_mtap(ic->ic_rawbpf, m0); 2250 #endif 2251 if (iwn_tx_data(sc, m0, ni, ac) != 0) { 2252 ieee80211_free_node(ni); 2253 ifp->if_oerrors++; 2254 break; 2255 } 2256 } 2257 2258 sc->sc_tx_timer = 5; 2259 ifp->if_timer = 1; 2260 } 2261 } 2262 2263 static void 2264 iwn_watchdog(struct ifnet *ifp) 2265 { 2266 struct iwn_softc *sc = ifp->if_softc; 2267 2268 ifp->if_timer = 0; 2269 2270 if (sc->sc_tx_timer > 0) { 2271 if (--sc->sc_tx_timer == 0) { 2272 aprint_error_dev(sc->sc_dev, "device timeout\n"); 2273 ifp->if_flags &= ~IFF_UP; 2274 iwn_stop(ifp, 1); 2275 ifp->if_oerrors++; 2276 return; 2277 } 2278 ifp->if_timer = 1; 2279 } 2280 2281 ieee80211_watchdog(&sc->sc_ic); 2282 } 2283 2284 static int 2285 iwn_ioctl(struct ifnet *ifp, u_long cmd, void * data) 2286 { 2287 2288 #define IS_RUNNING(ifp) \ 2289 ((ifp->if_flags & IFF_UP) && (ifp->if_flags & IFF_RUNNING)) 2290 2291 struct iwn_softc *sc = ifp->if_softc; 2292 struct ieee80211com *ic = &sc->sc_ic; 2293 int s, error = 0; 2294 2295 s = splnet(); 2296 2297 switch (cmd) { 2298 case SIOCSIFFLAGS: 2299 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 2300 break; 2301 if (ifp->if_flags & IFF_UP) { 2302 if (!(ifp->if_flags & IFF_RUNNING)) 2303 iwn_init(ifp); 2304 } else { 2305 if (ifp->if_flags & IFF_RUNNING) 2306 iwn_stop(ifp, 1); 2307 } 2308 break; 2309 2310 case SIOCADDMULTI: 2311 case SIOCDELMULTI: 2312 /* XXX no h/w multicast filter? --dyoung */ 2313 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 2314 /* setup multicast filter, etc */ 2315 error = 0; 2316 } 2317 break; 2318 2319 default: 2320 error = ieee80211_ioctl(ic, cmd, data); 2321 } 2322 2323 if (error == ENETRESET) { 2324 if (IS_RUNNING(ifp) && 2325 (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)) 2326 iwn_init(ifp); 2327 error = 0; 2328 } 2329 2330 splx(s); 2331 return error; 2332 2333 #undef IS_RUNNING 2334 } 2335 2336 static void 2337 iwn_read_eeprom(struct iwn_softc *sc) 2338 { 2339 struct ieee80211com *ic = &sc->sc_ic; 2340 char domain[4]; 2341 uint16_t val; 2342 int i, error; 2343 2344 if ((error = iwn_eeprom_lock(sc)) != 0) { 2345 aprint_error_dev(sc->sc_dev, "could not lock EEPROM (error=%d)\n", error); 2346 return; 2347 } 2348 /* read and print regulatory domain */ 2349 iwn_read_prom_data(sc, IWN_EEPROM_DOMAIN, domain, 4); 2350 aprint_error_dev(sc->sc_dev, "%.4s", domain); 2351 2352 /* read and print MAC address */ 2353 iwn_read_prom_data(sc, IWN_EEPROM_MAC, ic->ic_myaddr, 6); 2354 aprint_error(", address %s\n", ether_sprintf(ic->ic_myaddr)); 2355 2356 /* read the list of authorized channels */ 2357 for (i = 0; i < IWN_CHAN_BANDS_COUNT; i++) 2358 iwn_read_eeprom_channels(sc, i); 2359 2360 /* read maximum allowed Tx power for 2GHz and 5GHz bands */ 2361 iwn_read_prom_data(sc, IWN_EEPROM_MAXPOW, &val, 2); 2362 sc->maxpwr2GHz = val & 0xff; 2363 sc->maxpwr5GHz = val >> 8; 2364 /* check that EEPROM values are correct */ 2365 if (sc->maxpwr5GHz < 20 || sc->maxpwr5GHz > 50) 2366 sc->maxpwr5GHz = 38; 2367 if (sc->maxpwr2GHz < 20 || sc->maxpwr2GHz > 50) 2368 sc->maxpwr2GHz = 38; 2369 DPRINTF(("maxpwr 2GHz=%d 5GHz=%d\n", sc->maxpwr2GHz, sc->maxpwr5GHz)); 2370 2371 /* read voltage at which samples were taken */ 2372 iwn_read_prom_data(sc, IWN_EEPROM_VOLTAGE, &val, 2); 2373 sc->eeprom_voltage = (int16_t)le16toh(val); 2374 DPRINTF(("voltage=%d (in 0.3V)\n", sc->eeprom_voltage)); 2375 2376 /* read power groups */ 2377 iwn_read_prom_data(sc, IWN_EEPROM_BANDS, sc->bands, sizeof sc->bands); 2378 #ifdef IWN_DEBUG 2379 if (iwn_debug > 0) { 2380 for (i = 0; i < IWN_NBANDS; i++) 2381 iwn_print_power_group(sc, i); 2382 } 2383 #endif 2384 iwn_eeprom_unlock(sc); 2385 } 2386 2387 static void 2388 iwn_read_eeprom_channels(struct iwn_softc *sc, int n) 2389 { 2390 struct ieee80211com *ic = &sc->sc_ic; 2391 const struct iwn_chan_band *band = &iwn_bands[n]; 2392 struct iwn_eeprom_chan channels[IWN_MAX_CHAN_PER_BAND]; 2393 int chan, i; 2394 2395 iwn_read_prom_data(sc, band->addr, channels, 2396 band->nchan * sizeof (struct iwn_eeprom_chan)); 2397 2398 for (i = 0; i < band->nchan; i++) { 2399 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) 2400 continue; 2401 2402 chan = band->chan[i]; 2403 2404 if (n == 0) { /* 2GHz band */ 2405 ic->ic_channels[chan].ic_freq = 2406 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 2407 ic->ic_channels[chan].ic_flags = 2408 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 2409 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 2410 2411 } else { /* 5GHz band */ 2412 /* 2413 * Some adapters support channels 7, 8, 11 and 12 2414 * both in the 2GHz *and* 5GHz bands. 2415 * Because of limitations in our net80211(9) stack, 2416 * we can't support these channels in 5GHz band. 2417 */ 2418 if (chan <= 14) 2419 continue; 2420 2421 ic->ic_channels[chan].ic_freq = 2422 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 2423 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 2424 } 2425 2426 /* is active scan allowed on this channel? */ 2427 if (!(channels[i].flags & IWN_EEPROM_CHAN_ACTIVE)) { 2428 ic->ic_channels[chan].ic_flags |= 2429 IEEE80211_CHAN_PASSIVE; 2430 } 2431 2432 /* save maximum allowed power for this channel */ 2433 sc->maxpwr[chan] = channels[i].maxpwr; 2434 2435 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 2436 chan, channels[i].flags, sc->maxpwr[chan])); 2437 } 2438 } 2439 2440 #ifdef IWN_DEBUG 2441 static void 2442 iwn_print_power_group(struct iwn_softc *sc, int i) 2443 { 2444 struct iwn_eeprom_band *band = &sc->bands[i]; 2445 struct iwn_eeprom_chan_samples *chans = band->chans; 2446 int j, c; 2447 2448 DPRINTF(("===band %d===\n", i)); 2449 DPRINTF(("chan lo=%d, chan hi=%d\n", band->lo, band->hi)); 2450 DPRINTF(("chan1 num=%d\n", chans[0].num)); 2451 for (c = 0; c < IWN_NTXCHAINS; c++) { 2452 for (j = 0; j < IWN_NSAMPLES; j++) { 2453 DPRINTF(("chain %d, sample %d: temp=%d gain=%d " 2454 "power=%d pa_det=%d\n", c, j, 2455 chans[0].samples[c][j].temp, 2456 chans[0].samples[c][j].gain, 2457 chans[0].samples[c][j].power, 2458 chans[0].samples[c][j].pa_det)); 2459 } 2460 } 2461 DPRINTF(("chan2 num=%d\n", chans[1].num)); 2462 for (c = 0; c < IWN_NTXCHAINS; c++) { 2463 for (j = 0; j < IWN_NSAMPLES; j++) { 2464 DPRINTF(("chain %d, sample %d: temp=%d gain=%d " 2465 "power=%d pa_det=%d\n", c, j, 2466 chans[1].samples[c][j].temp, 2467 chans[1].samples[c][j].gain, 2468 chans[1].samples[c][j].power, 2469 chans[1].samples[c][j].pa_det)); 2470 } 2471 } 2472 } 2473 #endif 2474 2475 /* 2476 * Send a command to the firmware. 2477 */ 2478 static int 2479 iwn_cmd(struct iwn_softc *sc, int code, const void *buf, int size, int async) 2480 { 2481 struct iwn_tx_ring *ring = &sc->txq[4]; 2482 struct iwn_tx_desc *desc; 2483 struct iwn_tx_cmd *cmd; 2484 bus_addr_t paddr; 2485 2486 KASSERT(size <= sizeof cmd->data); 2487 2488 desc = &ring->desc[ring->cur]; 2489 cmd = &ring->cmd[ring->cur]; 2490 2491 cmd->code = code; 2492 cmd->flags = 0; 2493 cmd->qid = ring->qid; 2494 cmd->idx = ring->cur; 2495 memcpy(cmd->data, buf, size); 2496 2497 paddr = ring->cmd_dma.paddr + ring->cur * sizeof (struct iwn_tx_cmd); 2498 2499 IWN_SET_DESC_NSEGS(desc, 1); 2500 IWN_SET_DESC_SEG(desc, 0, paddr, 4 + size); 2501 sc->shared->len[ring->qid][ring->cur] = htole16(8); 2502 if (ring->cur < IWN_TX_WINDOW) { 2503 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 2504 htole16(8); 2505 } 2506 2507 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 0, 2508 4 + size, BUS_DMASYNC_PREWRITE); 2509 2510 /* kick cmd ring */ 2511 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 2512 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 2513 2514 return async ? 0 : tsleep(cmd, PCATCH, "iwncmd", hz); 2515 } 2516 2517 /* 2518 * Configure hardware multi-rate retries for one node. 2519 */ 2520 static int 2521 iwn_setup_node_mrr(struct iwn_softc *sc, uint8_t id, int async) 2522 { 2523 struct ieee80211com *ic = &sc->sc_ic; 2524 struct iwn_cmd_mrr mrr; 2525 int i, ridx; 2526 2527 memset(&mrr, 0, sizeof mrr); 2528 mrr.id = id; 2529 mrr.ssmask = 2; 2530 mrr.dsmask = 3; 2531 mrr.ampdu_disable = 3; 2532 mrr.ampdu_limit = htole16(4000); 2533 2534 if (id == IWN_ID_BSS) 2535 ridx = IWN_OFDM54; 2536 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2537 ridx = IWN_OFDM6; 2538 else 2539 ridx = IWN_CCK1; 2540 for (i = 0; i < IWN_MAX_TX_RETRIES; i++) { 2541 mrr.table[i].rate = iwn_ridx_to_plcp[ridx]; 2542 mrr.table[i].rflags = IWN_RFLAG_ANT_B; 2543 if (ridx <= IWN_CCK11) 2544 mrr.table[i].rflags |= IWN_RFLAG_CCK; 2545 ridx = iwn_prev_ridx[ridx]; 2546 } 2547 return iwn_cmd(sc, IWN_CMD_NODE_MRR_SETUP, &mrr, sizeof mrr, async); 2548 } 2549 2550 static int 2551 iwn_wme_update(struct ieee80211com *ic) 2552 { 2553 #define IWN_EXP2(v) htole16((1 << (v)) - 1) 2554 #define IWN_USEC(v) htole16(IEEE80211_TXOP_TO_US(v)) 2555 struct iwn_softc *sc = ic->ic_ifp->if_softc; 2556 const struct wmeParams *wmep; 2557 struct iwn_wme_setup wme; 2558 int ac; 2559 2560 /* don't override default WME values if WME is not actually enabled */ 2561 if (!(ic->ic_flags & IEEE80211_F_WME)) 2562 return 0; 2563 2564 wme.flags = 0; 2565 for (ac = 0; ac < WME_NUM_AC; ac++) { 2566 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac]; 2567 wme.ac[ac].aifsn = wmep->wmep_aifsn; 2568 wme.ac[ac].cwmin = IWN_EXP2(wmep->wmep_logcwmin); 2569 wme.ac[ac].cwmax = IWN_EXP2(wmep->wmep_logcwmax); 2570 wme.ac[ac].txop = IWN_USEC(wmep->wmep_txopLimit); 2571 2572 DPRINTF(("setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 2573 "txop=%d\n", ac, wme.ac[ac].aifsn, wme.ac[ac].cwmin, 2574 wme.ac[ac].cwmax, wme.ac[ac].txop)); 2575 } 2576 2577 return iwn_cmd(sc, IWN_CMD_SET_WME, &wme, sizeof wme, 1); 2578 #undef IWN_USEC 2579 #undef IWN_EXP2 2580 } 2581 2582 2583 2584 static void 2585 iwn_set_led(struct iwn_softc *sc, uint8_t which, uint8_t off, uint8_t on) 2586 { 2587 struct iwn_cmd_led led; 2588 2589 led.which = which; 2590 led.unit = htole32(100000); /* on/off in unit of 100ms */ 2591 led.off = off; 2592 led.on = on; 2593 2594 (void)iwn_cmd(sc, IWN_CMD_SET_LED, &led, sizeof led, 1); 2595 } 2596 2597 /* 2598 * Set the critical temperature at which the firmware will automatically stop 2599 * the radio transmitter. 2600 */ 2601 static int 2602 iwn_set_critical_temp(struct iwn_softc *sc) 2603 { 2604 struct iwn_ucode_info *uc = &sc->ucode_info; 2605 struct iwn_critical_temp crit; 2606 uint32_t r1, r2, r3, temp; 2607 2608 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_CTEMP_STOP_RF); 2609 2610 r1 = le32toh(uc->temp[0].chan20MHz); 2611 r2 = le32toh(uc->temp[1].chan20MHz); 2612 r3 = le32toh(uc->temp[2].chan20MHz); 2613 /* inverse function of iwn_get_temperature() */ 2614 2615 temp = r2 + ((IWN_CTOK(110) * (r3 - r1)) / 259); 2616 2617 memset(&crit, 0, sizeof crit); 2618 crit.tempR = htole32(temp); 2619 DPRINTF(("setting critical temperature to %u\n", temp)); 2620 return iwn_cmd(sc, IWN_CMD_SET_CRITICAL_TEMP, &crit, sizeof crit, 0); 2621 } 2622 2623 static void 2624 iwn_enable_tsf(struct iwn_softc *sc, struct ieee80211_node *ni) 2625 { 2626 struct iwn_cmd_tsf tsf; 2627 uint64_t val, mod; 2628 2629 memset(&tsf, 0, sizeof tsf); 2630 memcpy(&tsf.tstamp, ni->ni_tstamp.data, 8); 2631 tsf.bintval = htole16(ni->ni_intval); 2632 tsf.lintval = htole16(10); 2633 2634 /* compute remaining time until next beacon */ 2635 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 2636 mod = le64toh(tsf.tstamp) % val; 2637 tsf.binitval = htole32((uint32_t)(val - mod)); 2638 2639 DPRINTF(("TSF bintval=%u tstamp=%" PRIu64 ", init=%" PRIu64 "\n", 2640 ni->ni_intval, le64toh(tsf.tstamp), val - mod)); 2641 2642 if (iwn_cmd(sc, IWN_CMD_TSF, &tsf, sizeof tsf, 1) != 0) 2643 aprint_error_dev(sc->sc_dev, "could not enable TSF\n"); 2644 } 2645 2646 static void 2647 iwn_power_calibration(struct iwn_softc *sc, int temp) 2648 { 2649 struct ieee80211com *ic = &sc->sc_ic; 2650 2651 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 2652 2653 /* adjust Tx power if need be (delta >= 3C) */ 2654 if (abs(temp - sc->temp) < 3) 2655 return; 2656 2657 sc->temp = temp; 2658 2659 DPRINTF(("setting Tx power for channel %d\n", 2660 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan))); 2661 if (iwn_set_txpower(sc, ic->ic_bss->ni_chan, 1) != 0) { 2662 /* just warn, too bad for the automatic calibration... */ 2663 aprint_error_dev(sc->sc_dev, "could not adjust Tx power\n"); 2664 } 2665 } 2666 2667 /* 2668 * Set Tx power for a given channel (each rate has its own power settings). 2669 * This function takes into account the regulatory information from EEPROM, 2670 * the current temperature and the current voltage. 2671 */ 2672 static int 2673 iwn_set_txpower(struct iwn_softc *sc, struct ieee80211_channel *ch, int async) 2674 { 2675 /* fixed-point arithmetic division using a n-bit fractional part */ 2676 #define fdivround(a, b, n) \ 2677 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 2678 /* linear interpolation */ 2679 #define interpolate(x, x1, y1, x2, y2, n) \ 2680 ((y1) + fdivround(((int)(x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 2681 2682 static const int tdiv[IWN_NATTEN_GROUPS] = { 9, 8, 8, 8, 6 }; 2683 struct ieee80211com *ic = &sc->sc_ic; 2684 struct iwn_ucode_info *uc = &sc->ucode_info; 2685 struct iwn_cmd_txpower cmd; 2686 struct iwn_eeprom_chan_samples *chans; 2687 const uint8_t *rf_gain, *dsp_gain; 2688 int32_t vdiff, tdiff; 2689 int i, c, grp, maxpwr; 2690 u_int chan; 2691 2692 /* get channel number */ 2693 chan = ieee80211_chan2ieee(ic, ch); 2694 2695 memset(&cmd, 0, sizeof cmd); 2696 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 2697 cmd.chan = chan; 2698 2699 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 2700 maxpwr = sc->maxpwr5GHz; 2701 rf_gain = iwn_rf_gain_5ghz; 2702 dsp_gain = iwn_dsp_gain_5ghz; 2703 } else { 2704 maxpwr = sc->maxpwr2GHz; 2705 rf_gain = iwn_rf_gain_2ghz; 2706 dsp_gain = iwn_dsp_gain_2ghz; 2707 } 2708 2709 /* compute voltage compensation */ 2710 vdiff = ((int32_t)le32toh(uc->volt) - sc->eeprom_voltage) / 7; 2711 if (vdiff > 0) 2712 vdiff *= 2; 2713 if (abs(vdiff) > 2) 2714 vdiff = 0; 2715 DPRINTF(("voltage compensation=%d (UCODE=%d, EEPROM=%d)\n", 2716 vdiff, le32toh(uc->volt), sc->eeprom_voltage)); 2717 2718 /* get channel's attenuation group */ 2719 if (chan <= 20) /* 1-20 */ 2720 grp = 4; 2721 else if (chan <= 43) /* 34-43 */ 2722 grp = 0; 2723 else if (chan <= 70) /* 44-70 */ 2724 grp = 1; 2725 else if (chan <= 124) /* 71-124 */ 2726 grp = 2; 2727 else /* 125-200 */ 2728 grp = 3; 2729 DPRINTF(("chan %d, attenuation group=%d\n", chan, grp)); 2730 2731 /* get channel's sub-band */ 2732 for (i = 0; i < IWN_NBANDS; i++) 2733 if (sc->bands[i].lo != 0 && 2734 sc->bands[i].lo <= chan && chan <= sc->bands[i].hi) 2735 break; 2736 chans = sc->bands[i].chans; 2737 DPRINTF(("chan %d sub-band=%d\n", chan, i)); 2738 2739 for (c = 0; c < IWN_NTXCHAINS; c++) { 2740 uint8_t power, gain, temp; 2741 int maxchpwr, pwr, ridx, idx; 2742 2743 power = interpolate(chan, 2744 chans[0].num, chans[0].samples[c][1].power, 2745 chans[1].num, chans[1].samples[c][1].power, 1); 2746 gain = interpolate(chan, 2747 chans[0].num, chans[0].samples[c][1].gain, 2748 chans[1].num, chans[1].samples[c][1].gain, 1); 2749 temp = interpolate(chan, 2750 chans[0].num, chans[0].samples[c][1].temp, 2751 chans[1].num, chans[1].samples[c][1].temp, 1); 2752 DPRINTF(("Tx chain %d: power=%d gain=%d temp=%d\n", 2753 c, power, gain, temp)); 2754 2755 /* compute temperature compensation */ 2756 tdiff = ((sc->temp - temp) * 2) / tdiv[grp]; 2757 DPRINTF(("temperature compensation=%d (current=%d, " 2758 "EEPROM=%d)\n", tdiff, sc->temp, temp)); 2759 2760 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) { 2761 maxchpwr = sc->maxpwr[chan] * 2; 2762 if ((ridx / 8) & 1) { 2763 /* MIMO: decrease Tx power (-3dB) */ 2764 maxchpwr -= 6; 2765 } 2766 2767 pwr = maxpwr - 10; 2768 2769 /* decrease power for highest OFDM rates */ 2770 if ((ridx % 8) == 5) /* 48Mbit/s */ 2771 pwr -= 5; 2772 else if ((ridx % 8) == 6) /* 54Mbit/s */ 2773 pwr -= 7; 2774 else if ((ridx % 8) == 7) /* 60Mbit/s */ 2775 pwr -= 10; 2776 2777 if (pwr > maxchpwr) 2778 pwr = maxchpwr; 2779 2780 idx = gain - (pwr - power) - tdiff - vdiff; 2781 if ((ridx / 8) & 1) /* MIMO */ 2782 idx += (int32_t)le32toh(uc->atten[grp][c]); 2783 2784 if (cmd.band == 0) 2785 idx += 9; /* 5GHz */ 2786 if (ridx == IWN_RIDX_MAX) 2787 idx += 5; /* CCK */ 2788 2789 /* make sure idx stays in a valid range */ 2790 if (idx < 0) 2791 idx = 0; 2792 else if (idx > IWN_MAX_PWR_INDEX) 2793 idx = IWN_MAX_PWR_INDEX; 2794 2795 DPRINTF(("Tx chain %d, rate idx %d: power=%d\n", 2796 c, ridx, idx)); 2797 cmd.power[ridx].rf_gain[c] = rf_gain[idx]; 2798 cmd.power[ridx].dsp_gain[c] = dsp_gain[idx]; 2799 } 2800 } 2801 2802 DPRINTF(("setting tx power for chan %d\n", chan)); 2803 return iwn_cmd(sc, IWN_CMD_TXPOWER, &cmd, sizeof cmd, async); 2804 2805 #undef interpolate 2806 #undef fdivround 2807 } 2808 2809 /* 2810 * Get the best (maximum) RSSI among Rx antennas (in dBm). 2811 */ 2812 static int 2813 iwn_get_rssi(const struct iwn_rx_stat *stat) 2814 { 2815 uint8_t mask, agc; 2816 int rssi; 2817 2818 mask = (le16toh(stat->antenna) >> 4) & 0x7; 2819 agc = (le16toh(stat->agc) >> 7) & 0x7f; 2820 2821 rssi = 0; 2822 if (mask & (1 << 0)) /* Ant A */ 2823 rssi = max(rssi, stat->rssi[0]); 2824 if (mask & (1 << 1)) /* Ant B */ 2825 rssi = max(rssi, stat->rssi[2]); 2826 if (mask & (1 << 2)) /* Ant C */ 2827 rssi = max(rssi, stat->rssi[4]); 2828 2829 return rssi - agc - IWN_RSSI_TO_DBM; 2830 } 2831 2832 /* 2833 * Get the average noise among Rx antennas (in dBm). 2834 */ 2835 static int 2836 iwn_get_noise(const struct iwn_rx_general_stats *stats) 2837 { 2838 int i, total, nbant, noise; 2839 2840 total = nbant = 0; 2841 for (i = 0; i < 3; i++) { 2842 if ((noise = le32toh(stats->noise[i]) & 0xff) == 0) 2843 continue; 2844 total += noise; 2845 nbant++; 2846 } 2847 /* there should be at least one antenna but check anyway */ 2848 return (nbant == 0) ? -127 : (total / nbant) - 107; 2849 } 2850 2851 /* 2852 * Read temperature (in degC) from the on-board thermal sensor. 2853 */ 2854 static int 2855 iwn_get_temperature(struct iwn_softc *sc) 2856 { 2857 struct iwn_ucode_info *uc = &sc->ucode_info; 2858 int32_t r1, r2, r3, r4, temp; 2859 2860 r1 = le32toh(uc->temp[0].chan20MHz); 2861 r2 = le32toh(uc->temp[1].chan20MHz); 2862 r3 = le32toh(uc->temp[2].chan20MHz); 2863 r4 = le32toh(sc->rawtemp); 2864 2865 if (r1 == r3) /* prevents division by 0 (should not happen) */ 2866 return 0; 2867 2868 /* sign-extend 23-bit R4 value to 32-bit */ 2869 r4 = (r4 << 8) >> 8; 2870 /* compute temperature */ 2871 temp = (259 * (r4 - r2)) / (r3 - r1); 2872 temp = (temp * 97) / 100 + 8; 2873 2874 DPRINTF(("temperature %dK/%dC\n", temp, IWN_KTOC(temp))); 2875 return IWN_KTOC(temp); 2876 } 2877 2878 /* 2879 * Initialize sensitivity calibration state machine. 2880 */ 2881 static int 2882 iwn_init_sensitivity(struct iwn_softc *sc) 2883 { 2884 struct iwn_calib_state *calib = &sc->calib; 2885 struct iwn_phy_calib_cmd cmd; 2886 int error; 2887 2888 /* reset calibration state */ 2889 memset(calib, 0, sizeof (*calib)); 2890 calib->state = IWN_CALIB_STATE_INIT; 2891 calib->cck_state = IWN_CCK_STATE_HIFA; 2892 /* initial values taken from the reference driver */ 2893 calib->corr_ofdm_x1 = 105; 2894 calib->corr_ofdm_mrc_x1 = 220; 2895 calib->corr_ofdm_x4 = 90; 2896 calib->corr_ofdm_mrc_x4 = 170; 2897 calib->corr_cck_x4 = 125; 2898 calib->corr_cck_mrc_x4 = 200; 2899 calib->energy_cck = 100; 2900 2901 /* write initial sensitivity values */ 2902 if ((error = iwn_send_sensitivity(sc)) != 0) 2903 return error; 2904 2905 memset(&cmd, 0, sizeof cmd); 2906 cmd.code = IWN_SET_DIFF_GAIN; 2907 /* differential gains initially set to 0 for all 3 antennas */ 2908 DPRINTF(("setting differential gains\n")); 2909 return iwn_cmd(sc, IWN_PHY_CALIB, &cmd, sizeof cmd, 1); 2910 } 2911 2912 /* 2913 * Collect noise and RSSI statistics for the first 20 beacons received 2914 * after association and use them to determine connected antennas and 2915 * set differential gains. 2916 */ 2917 static void 2918 iwn_compute_differential_gain(struct iwn_softc *sc, 2919 const struct iwn_rx_general_stats *stats) 2920 { 2921 struct iwn_calib_state *calib = &sc->calib; 2922 struct iwn_phy_calib_cmd cmd; 2923 int i, val; 2924 2925 /* accumulate RSSI and noise for all 3 antennas */ 2926 for (i = 0; i < 3; i++) { 2927 calib->rssi[i] += le32toh(stats->rssi[i]) & 0xff; 2928 calib->noise[i] += le32toh(stats->noise[i]) & 0xff; 2929 } 2930 2931 /* we update differential gain only once after 20 beacons */ 2932 if (++calib->nbeacons < 20) 2933 return; 2934 2935 /* determine antenna with highest average RSSI */ 2936 val = max(calib->rssi[0], calib->rssi[1]); 2937 val = max(calib->rssi[2], val); 2938 2939 /* determine which antennas are connected */ 2940 sc->antmsk = 0; 2941 for (i = 0; i < 3; i++) 2942 if (val - calib->rssi[i] <= 15 * 20) 2943 sc->antmsk |= 1 << i; 2944 /* if neither Ant A and Ant B are connected.. */ 2945 if ((sc->antmsk & (1 << 0 | 1 << 1)) == 0) 2946 sc->antmsk |= 1 << 1; /* ..mark Ant B as connected! */ 2947 2948 /* get minimal noise among connected antennas */ 2949 val = INT_MAX; /* ok, there's at least one */ 2950 for (i = 0; i < 3; i++) 2951 if (sc->antmsk & (1 << i)) 2952 val = min(calib->noise[i], val); 2953 2954 memset(&cmd, 0, sizeof cmd); 2955 cmd.code = IWN_SET_DIFF_GAIN; 2956 /* set differential gains for connected antennas */ 2957 for (i = 0; i < 3; i++) { 2958 if (sc->antmsk & (1 << i)) { 2959 cmd.gain[i] = (calib->noise[i] - val) / 30; 2960 /* limit differential gain to 3 */ 2961 cmd.gain[i] = min(cmd.gain[i], 3); 2962 cmd.gain[i] |= IWN_GAIN_SET; 2963 } 2964 } 2965 DPRINTF(("setting differential gains Ant A/B/C: %x/%x/%x (%x)\n", 2966 cmd.gain[0], cmd.gain[1], cmd.gain[2], sc->antmsk)); 2967 if (iwn_cmd(sc, IWN_PHY_CALIB, &cmd, sizeof cmd, 1) == 0) 2968 calib->state = IWN_CALIB_STATE_RUN; 2969 } 2970 2971 /* 2972 * Tune RF Rx sensitivity based on the number of false alarms detected 2973 * during the last beacon period. 2974 */ 2975 static void 2976 iwn_tune_sensitivity(struct iwn_softc *sc, const struct iwn_rx_stats *stats) 2977 { 2978 #define inc_clip(val, inc, max) \ 2979 if ((val) < (max)) { \ 2980 if ((val) < (max) - (inc)) \ 2981 (val) += (inc); \ 2982 else \ 2983 (val) = (max); \ 2984 needs_update = 1; \ 2985 } 2986 #define dec_clip(val, dec, min) \ 2987 if ((val) > (min)) { \ 2988 if ((val) > (min) + (dec)) \ 2989 (val) -= (dec); \ 2990 else \ 2991 (val) = (min); \ 2992 needs_update = 1; \ 2993 } 2994 2995 struct iwn_calib_state *calib = &sc->calib; 2996 uint32_t val, rxena, fa; 2997 uint32_t energy[3], energy_min; 2998 uint8_t noise[3], noise_ref; 2999 int i, needs_update = 0; 3000 3001 /* check that we've been enabled long enough */ 3002 if ((rxena = le32toh(stats->general.load)) == 0) 3003 return; 3004 3005 /* compute number of false alarms since last call for OFDM */ 3006 fa = le32toh(stats->ofdm.bad_plcp) - calib->bad_plcp_ofdm; 3007 fa += le32toh(stats->ofdm.fa) - calib->fa_ofdm; 3008 fa *= 200 * 1024; /* 200TU */ 3009 3010 /* save counters values for next call */ 3011 calib->bad_plcp_ofdm = le32toh(stats->ofdm.bad_plcp); 3012 calib->fa_ofdm = le32toh(stats->ofdm.fa); 3013 3014 if (fa > 50 * rxena) { 3015 /* high false alarm count, decrease sensitivity */ 3016 DPRINTFN(2, ("OFDM high false alarm count: %u\n", fa)); 3017 inc_clip(calib->corr_ofdm_x1, 1, 140); 3018 inc_clip(calib->corr_ofdm_mrc_x1, 1, 270); 3019 inc_clip(calib->corr_ofdm_x4, 1, 120); 3020 inc_clip(calib->corr_ofdm_mrc_x4, 1, 210); 3021 3022 } else if (fa < 5 * rxena) { 3023 /* low false alarm count, increase sensitivity */ 3024 DPRINTFN(2, ("OFDM low false alarm count: %u\n", fa)); 3025 dec_clip(calib->corr_ofdm_x1, 1, 105); 3026 dec_clip(calib->corr_ofdm_mrc_x1, 1, 220); 3027 dec_clip(calib->corr_ofdm_x4, 1, 85); 3028 dec_clip(calib->corr_ofdm_mrc_x4, 1, 170); 3029 } 3030 3031 /* compute maximum noise among 3 antennas */ 3032 for (i = 0; i < 3; i++) 3033 noise[i] = (le32toh(stats->general.noise[i]) >> 8) & 0xff; 3034 val = max(noise[0], noise[1]); 3035 val = max(noise[2], val); 3036 /* insert it into our samples table */ 3037 calib->noise_samples[calib->cur_noise_sample] = val; 3038 calib->cur_noise_sample = (calib->cur_noise_sample + 1) % 20; 3039 3040 /* compute maximum noise among last 20 samples */ 3041 noise_ref = calib->noise_samples[0]; 3042 for (i = 1; i < 20; i++) 3043 noise_ref = max(noise_ref, calib->noise_samples[i]); 3044 3045 /* compute maximum energy among 3 antennas */ 3046 for (i = 0; i < 3; i++) 3047 energy[i] = le32toh(stats->general.energy[i]); 3048 val = min(energy[0], energy[1]); 3049 val = min(energy[2], val); 3050 /* insert it into our samples table */ 3051 calib->energy_samples[calib->cur_energy_sample] = val; 3052 calib->cur_energy_sample = (calib->cur_energy_sample + 1) % 10; 3053 3054 /* compute minimum energy among last 10 samples */ 3055 energy_min = calib->energy_samples[0]; 3056 for (i = 1; i < 10; i++) 3057 energy_min = max(energy_min, calib->energy_samples[i]); 3058 energy_min += 6; 3059 3060 /* compute number of false alarms since last call for CCK */ 3061 fa = le32toh(stats->cck.bad_plcp) - calib->bad_plcp_cck; 3062 fa += le32toh(stats->cck.fa) - calib->fa_cck; 3063 fa *= 200 * 1024; /* 200TU */ 3064 3065 /* save counters values for next call */ 3066 calib->bad_plcp_cck = le32toh(stats->cck.bad_plcp); 3067 calib->fa_cck = le32toh(stats->cck.fa); 3068 3069 if (fa > 50 * rxena) { 3070 /* high false alarm count, decrease sensitivity */ 3071 DPRINTFN(2, ("CCK high false alarm count: %u\n", fa)); 3072 calib->cck_state = IWN_CCK_STATE_HIFA; 3073 calib->low_fa = 0; 3074 3075 if (calib->corr_cck_x4 > 160) { 3076 calib->noise_ref = noise_ref; 3077 if (calib->energy_cck > 2) 3078 dec_clip(calib->energy_cck, 2, energy_min); 3079 } 3080 if (calib->corr_cck_x4 < 160) { 3081 calib->corr_cck_x4 = 161; 3082 needs_update = 1; 3083 } else 3084 inc_clip(calib->corr_cck_x4, 3, 200); 3085 3086 inc_clip(calib->corr_cck_mrc_x4, 3, 400); 3087 3088 } else if (fa < 5 * rxena) { 3089 /* low false alarm count, increase sensitivity */ 3090 DPRINTFN(2, ("CCK low false alarm count: %u\n", fa)); 3091 calib->cck_state = IWN_CCK_STATE_LOFA; 3092 calib->low_fa++; 3093 3094 if (calib->cck_state != 0 && 3095 ((calib->noise_ref - noise_ref) > 2 || 3096 calib->low_fa > 100)) { 3097 inc_clip(calib->energy_cck, 2, 97); 3098 dec_clip(calib->corr_cck_x4, 3, 125); 3099 dec_clip(calib->corr_cck_mrc_x4, 3, 200); 3100 } 3101 } else { 3102 /* not worth to increase or decrease sensitivity */ 3103 DPRINTFN(2, ("CCK normal false alarm count: %u\n", fa)); 3104 calib->low_fa = 0; 3105 calib->noise_ref = noise_ref; 3106 3107 if (calib->cck_state == IWN_CCK_STATE_HIFA) { 3108 /* previous interval had many false alarms */ 3109 dec_clip(calib->energy_cck, 8, energy_min); 3110 } 3111 calib->cck_state = IWN_CCK_STATE_INIT; 3112 } 3113 3114 if (needs_update) 3115 (void)iwn_send_sensitivity(sc); 3116 #undef dec_clip 3117 #undef inc_clip 3118 } 3119 3120 static int 3121 iwn_send_sensitivity(struct iwn_softc *sc) 3122 { 3123 struct iwn_calib_state *calib = &sc->calib; 3124 struct iwn_sensitivity_cmd cmd; 3125 3126 memset(&cmd, 0, sizeof cmd); 3127 cmd.which = IWN_SENSITIVITY_WORKTBL; 3128 /* OFDM modulation */ 3129 cmd.corr_ofdm_x1 = le16toh(calib->corr_ofdm_x1); 3130 cmd.corr_ofdm_mrc_x1 = le16toh(calib->corr_ofdm_mrc_x1); 3131 cmd.corr_ofdm_x4 = le16toh(calib->corr_ofdm_x4); 3132 cmd.corr_ofdm_mrc_x4 = le16toh(calib->corr_ofdm_mrc_x4); 3133 cmd.energy_ofdm = le16toh(100); 3134 cmd.energy_ofdm_th = le16toh(62); 3135 /* CCK modulation */ 3136 cmd.corr_cck_x4 = le16toh(calib->corr_cck_x4); 3137 cmd.corr_cck_mrc_x4 = le16toh(calib->corr_cck_mrc_x4); 3138 cmd.energy_cck = le16toh(calib->energy_cck); 3139 /* Barker modulation: use default values */ 3140 cmd.corr_barker = le16toh(190); 3141 cmd.corr_barker_mrc = le16toh(390); 3142 3143 DPRINTFN(2, ("setting sensitivity\n")); 3144 return iwn_cmd(sc, IWN_SENSITIVITY, &cmd, sizeof cmd, 1); 3145 } 3146 3147 static int 3148 iwn_add_node(struct iwn_softc *sc, struct ieee80211_node *ni, bool broadcast, 3149 bool async, uint32_t htflags) 3150 { 3151 struct iwn_node_info node; 3152 int error; 3153 3154 error = 0; 3155 3156 memset(&node, 0, sizeof node); 3157 if (broadcast == true) { 3158 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 3159 node.id = IWN_ID_BROADCAST; 3160 DPRINTF(("adding broadcast node\n")); 3161 } else { 3162 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3163 node.id = IWN_ID_BSS; 3164 node.htflags = htole32(htflags); 3165 DPRINTF(("adding BSS node\n")); 3166 } 3167 3168 error = iwn_cmd(sc, IWN_CMD_ADD_NODE, &node, sizeof node, async); 3169 if (error != 0) { 3170 aprint_error_dev(sc->sc_dev, "could not add %s node\n", 3171 (broadcast == 1)? "broadcast" : "BSS"); 3172 return error; 3173 } 3174 DPRINTF(("setting MRR for node %d\n", node.id)); 3175 if ((error = iwn_setup_node_mrr(sc, node.id, async)) != 0) { 3176 aprint_error_dev(sc->sc_dev, 3177 "could not setup MRR for %s node\n", 3178 (broadcast == 1)? "broadcast" : "BSS"); 3179 return error; 3180 } 3181 3182 return error; 3183 } 3184 3185 static int 3186 iwn_auth(struct iwn_softc *sc) 3187 { 3188 struct ieee80211com *ic = &sc->sc_ic; 3189 struct ieee80211_node *ni = ic->ic_bss; 3190 int error; 3191 3192 sc->calib.state = IWN_CALIB_STATE_INIT; 3193 3194 /* update adapter's configuration */ 3195 sc->config.associd = 0; 3196 IEEE80211_ADDR_COPY(sc->config.bssid, ni->ni_bssid); 3197 sc->config.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 3198 sc->config.flags = htole32(IWN_CONFIG_TSF); 3199 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { 3200 sc->config.flags |= htole32(IWN_CONFIG_AUTO | 3201 IWN_CONFIG_24GHZ); 3202 } 3203 switch (ic->ic_curmode) { 3204 case IEEE80211_MODE_11A: 3205 sc->config.cck_mask = 0; 3206 sc->config.ofdm_mask = 0x15; 3207 break; 3208 case IEEE80211_MODE_11B: 3209 sc->config.cck_mask = 0x03; 3210 sc->config.ofdm_mask = 0; 3211 break; 3212 default: /* assume 802.11b/g */ 3213 sc->config.cck_mask = 0xf; 3214 sc->config.ofdm_mask = 0x15; 3215 } 3216 3217 /* iwn_enable_tsf(sc, ni);*/ 3218 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3219 sc->config.flags |= htole32(IWN_CONFIG_SHSLOT); 3220 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3221 sc->config.flags |= htole32(IWN_CONFIG_SHPREAMBLE); 3222 sc->config.filter &= ~htole32(IWN_FILTER_BSS); 3223 3224 DPRINTF(("config chan %d flags %x cck %x ofdm %x\n", sc->config.chan, 3225 sc->config.flags, sc->config.cck_mask, sc->config.ofdm_mask)); 3226 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3227 sizeof (struct iwn_config), 1); 3228 if (error != 0) { 3229 aprint_error_dev(sc->sc_dev, "could not configure\n"); 3230 return error; 3231 } 3232 3233 /* configuration has changed, set Tx power accordingly */ 3234 if ((error = iwn_set_txpower(sc, ni->ni_chan, 1)) != 0) { 3235 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3236 return error; 3237 } 3238 3239 /* 3240 * Reconfiguring clears the adapter's nodes table so we must 3241 * add the broadcast node again. 3242 */ 3243 if ((error = iwn_add_node(sc, ni, true, true, 0)) != 0) 3244 return error; 3245 3246 /* add BSS node */ 3247 if ((error = iwn_add_node(sc, ni, false, true, 0)) != 0) 3248 return error; 3249 3250 if (ic->ic_opmode == IEEE80211_M_STA) { 3251 /* fake a join to init the tx rate */ 3252 iwn_newassoc(ni, 1); 3253 } 3254 3255 if ((error = iwn_init_sensitivity(sc)) != 0) { 3256 aprint_error_dev(sc->sc_dev, "could not set sensitivity\n"); 3257 return error; 3258 } 3259 3260 3261 return 0; 3262 } 3263 3264 /* 3265 * Configure the adapter for associated state. 3266 */ 3267 static int 3268 iwn_run(struct iwn_softc *sc) 3269 { 3270 struct ieee80211com *ic = &sc->sc_ic; 3271 struct ieee80211_node *ni = ic->ic_bss; 3272 int error; 3273 3274 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 3275 /* link LED blinks while monitoring */ 3276 iwn_set_led(sc, IWN_LED_LINK, 5, 5); 3277 return 0; 3278 } 3279 3280 iwn_enable_tsf(sc, ni); 3281 3282 /* update adapter's configuration */ 3283 sc->config.associd = htole16(ni->ni_associd & ~0xc000); 3284 /* short preamble/slot time are negotiated when associating */ 3285 sc->config.flags &= ~htole32(IWN_CONFIG_SHPREAMBLE | 3286 IWN_CONFIG_SHSLOT); 3287 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3288 sc->config.flags |= htole32(IWN_CONFIG_SHSLOT); 3289 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3290 sc->config.flags |= htole32(IWN_CONFIG_SHPREAMBLE); 3291 sc->config.filter |= htole32(IWN_FILTER_BSS); 3292 3293 DPRINTF(("config chan %d flags %x\n", sc->config.chan, 3294 sc->config.flags)); 3295 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3296 sizeof (struct iwn_config), 1); 3297 if (error != 0) { 3298 aprint_error_dev(sc->sc_dev, 3299 "could not update configuration\n"); 3300 return error; 3301 } 3302 3303 /* configuration has changed, set Tx power accordingly */ 3304 if ((error = iwn_set_txpower(sc, ni->ni_chan, 1)) != 0) { 3305 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3306 return error; 3307 } 3308 3309 /* add BSS node */ 3310 iwn_add_node(sc, ni, false, true, 3311 (3 << IWN_AMDPU_SIZE_FACTOR_SHIFT | 3312 5 << IWN_AMDPU_DENSITY_SHIFT)); 3313 3314 if (ic->ic_opmode == IEEE80211_M_STA) { 3315 /* fake a join to init the tx rate */ 3316 iwn_newassoc(ni, 1); 3317 } 3318 3319 if ((error = iwn_init_sensitivity(sc)) != 0) { 3320 aprint_error_dev(sc->sc_dev, "could not set sensitivity\n"); 3321 return error; 3322 } 3323 3324 /* start periodic calibration timer */ 3325 sc->calib.state = IWN_CALIB_STATE_ASSOC; 3326 sc->calib_cnt = 0; 3327 callout_schedule(&sc->calib_to, hz / 2); 3328 3329 if (0 == 1) { /* XXX don't do the beacon - we get a firmware error 3330 XXX when we try. Something is wrong with the 3331 XXX setup of the frame. Just don't ever call 3332 XXX the function but reference it to keep gcc happy 3333 */ 3334 /* now we are associated set up the beacon frame */ 3335 if ((error = iwn_setup_beacon(sc, ni))) { 3336 aprint_error_dev(sc->sc_dev, 3337 "could not setup beacon frame\n"); 3338 return error; 3339 } 3340 } 3341 3342 3343 /* link LED always on while associated */ 3344 iwn_set_led(sc, IWN_LED_LINK, 0, 1); 3345 3346 return 0; 3347 } 3348 3349 /* 3350 * Send a scan request to the firmware. Since this command is huge, we map it 3351 * into a mbuf instead of using the pre-allocated set of commands. this function 3352 * implemented as iwl4965_bg_request_scan in the linux driver. 3353 */ 3354 static int 3355 iwn_scan(struct iwn_softc *sc, uint16_t flags) 3356 { 3357 struct ieee80211com *ic = &sc->sc_ic; 3358 struct iwn_tx_ring *ring = &sc->txq[4]; 3359 struct iwn_tx_desc *desc; 3360 struct iwn_tx_data *data; 3361 struct iwn_tx_cmd *cmd; 3362 struct iwn_cmd_data *tx; 3363 struct iwn_scan_hdr *hdr; 3364 struct iwn_scan_essid *essid; 3365 struct iwn_scan_chan *chan; 3366 struct ieee80211_frame *wh; 3367 struct ieee80211_rateset *rs; 3368 struct ieee80211_channel *c; 3369 enum ieee80211_phymode mode; 3370 uint8_t *frm; 3371 int pktlen, error, nrates; 3372 3373 desc = &ring->desc[ring->cur]; 3374 data = &ring->data[ring->cur]; 3375 3376 /* 3377 * allocate an mbuf and initialize it so that it contains a packet 3378 * header. M_DONTWAIT can fail and MT_DATA means it is dynamically 3379 * allocated. 3380 */ 3381 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 3382 if (data->m == NULL) { 3383 aprint_error_dev(sc->sc_dev, "could not allocate mbuf for scan command\n"); 3384 return ENOMEM; 3385 } 3386 3387 /* 3388 * allocates and adds an mbuf cluster to a normal mbuf m. the how 3389 * is M_DONTWAIT and the flag M_EXT is set upon success. 3390 */ 3391 MCLGET(data->m, M_DONTWAIT); 3392 if (!(data->m->m_flags & M_EXT)) { 3393 m_freem(data->m); 3394 data->m = NULL; 3395 aprint_error_dev(sc->sc_dev, "could not allocate mbuf for scan command\n"); 3396 return ENOMEM; 3397 } 3398 3399 /* 3400 * returns a pointer to the data contained in the specified mbuf. 3401 * in this case it is our iwn_tx_cmd. we initialize the basic 3402 * members of the command here with exception to data[136]. 3403 */ 3404 cmd = mtod(data->m, struct iwn_tx_cmd *); 3405 cmd->code = IWN_CMD_SCAN; 3406 cmd->flags = 0; 3407 cmd->qid = ring->qid; 3408 cmd->idx = ring->cur; 3409 3410 hdr = (struct iwn_scan_hdr *)cmd->data; 3411 memset(hdr, 0, sizeof (struct iwn_scan_hdr)); 3412 /* 3413 * Move to the next channel if no packets are received within 5 msecs 3414 * after sending the probe request (this helps to reduce the duration 3415 * of active scans). 3416 */ 3417 hdr->quiet = htole16(5); /* timeout in milliseconds */ 3418 hdr->plcp_threshold = htole16(1); /* min # of packets */ 3419 3420 /* select Ant B and Ant C for scanning */ 3421 hdr->rxchain = htole16(0x3e1 | 7 << IWN_RXCHAIN_ANTMSK_SHIFT); 3422 3423 tx = (struct iwn_cmd_data *)(hdr + 1); 3424 memset(tx, 0, sizeof (struct iwn_cmd_data)); 3425 /* 3426 * linux 3427 * flags = IWN_TX_AUTO_SEQ 3428 * 0x200 is rate selection? 3429 * id = ??? 3430 * lifetime = IWN_LIFETIME_INFINITE 3431 * 3432 */ 3433 tx->flags = htole32(IWN_TX_AUTO_SEQ | 0x200); // XXX 3434 tx->id = IWN_ID_BROADCAST; 3435 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 3436 tx->rflags = IWN_RFLAG_ANT_B; 3437 3438 if (flags & IEEE80211_CHAN_A) { 3439 hdr->crc_threshold = htole16(1); 3440 /* send probe requests at 6Mbps */ 3441 tx->rate = iwn_ridx_to_plcp[IWN_OFDM6]; 3442 } else { 3443 hdr->flags = htole32(IWN_CONFIG_24GHZ | IWN_CONFIG_AUTO); 3444 /* send probe requests at 1Mbps */ 3445 tx->rate = iwn_ridx_to_plcp[IWN_CCK1]; 3446 tx->rflags |= IWN_RFLAG_CCK; 3447 } 3448 3449 essid = (struct iwn_scan_essid *)(tx + 1); 3450 memset(essid, 0, 4 * sizeof (struct iwn_scan_essid)); 3451 essid[0].id = IEEE80211_ELEMID_SSID; 3452 essid[0].len = ic->ic_des_esslen; 3453 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 3454 3455 /* 3456 * Build a probe request frame. Most of the following code is a 3457 * copy & paste of what is done in net80211. 3458 */ 3459 wh = (struct ieee80211_frame *)&essid[4]; 3460 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3461 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3462 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3463 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 3464 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 3465 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 3466 *(u_int16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3467 *(u_int16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3468 3469 frm = (uint8_t *)(wh + 1); 3470 3471 /* add empty SSID IE (firmware generates it for directed scans) */ 3472 *frm++ = IEEE80211_ELEMID_SSID; 3473 *frm++ = 0; 3474 3475 mode = ieee80211_chan2mode(ic, ic->ic_ibss_chan); 3476 rs = &ic->ic_sup_rates[mode]; 3477 3478 /* add supported rates IE */ 3479 3480 *frm++ = IEEE80211_ELEMID_RATES; 3481 nrates = rs->rs_nrates; 3482 if (nrates > IEEE80211_RATE_SIZE) 3483 nrates = IEEE80211_RATE_SIZE; 3484 *frm++ = nrates; 3485 memcpy(frm, rs->rs_rates, nrates); 3486 frm += nrates; 3487 3488 /* add supported xrates IE */ 3489 3490 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 3491 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 3492 *frm++ = IEEE80211_ELEMID_XRATES; 3493 *frm++ = nrates; 3494 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 3495 frm += nrates; 3496 } 3497 3498 /* setup length of probe request */ 3499 tx->len = htole16(frm - (uint8_t *)wh); 3500 3501 chan = (struct iwn_scan_chan *)frm; 3502 for (c = &ic->ic_channels[1]; 3503 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 3504 if ((c->ic_flags & flags) != flags) 3505 continue; 3506 3507 chan->chan = ieee80211_chan2ieee(ic, c); 3508 chan->flags = 0; 3509 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) { 3510 chan->flags |= IWN_CHAN_ACTIVE; 3511 if (ic->ic_des_esslen != 0) 3512 chan->flags |= IWN_CHAN_DIRECT; 3513 } 3514 chan->dsp_gain = 0x6e; 3515 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3516 chan->rf_gain = 0x3b; 3517 chan->active = htole16(10); 3518 chan->passive = htole16(110); 3519 } else { 3520 chan->rf_gain = 0x28; 3521 chan->active = htole16(20); 3522 chan->passive = htole16(120); 3523 } 3524 hdr->nchan++; 3525 chan++; 3526 3527 frm += sizeof (struct iwn_scan_chan); 3528 } 3529 3530 hdr->len = htole16(frm - (uint8_t *)hdr); 3531 pktlen = frm - (uint8_t *)cmd; 3532 3533 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, pktlen, NULL, 3534 BUS_DMA_NOWAIT); 3535 if (error) { 3536 aprint_error_dev(sc->sc_dev, "could not map scan command\n"); 3537 m_freem(data->m); 3538 data->m = NULL; 3539 return error; 3540 } 3541 3542 IWN_SET_DESC_NSEGS(desc, 1); 3543 IWN_SET_DESC_SEG(desc, 0, data->map->dm_segs[0].ds_addr, 3544 data->map->dm_segs[0].ds_len); 3545 sc->shared->len[ring->qid][ring->cur] = htole16(8); 3546 if (ring->cur < IWN_TX_WINDOW) { 3547 sc->shared->len[ring->qid][ring->cur + IWN_TX_RING_COUNT] = 3548 htole16(8); 3549 } 3550 3551 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 3552 data->map->dm_segs[0].ds_len, BUS_DMASYNC_PREWRITE); 3553 3554 /* kick cmd ring */ 3555 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 3556 IWN_WRITE(sc, IWN_TX_WIDX, ring->qid << 8 | ring->cur); 3557 3558 return 0; /* will be notified async. of failure/success */ 3559 } 3560 3561 static int 3562 iwn_config(struct iwn_softc *sc) 3563 { 3564 struct ieee80211com *ic = &sc->sc_ic; 3565 struct ifnet *ifp = ic->ic_ifp; 3566 struct iwn_power power; 3567 struct iwn_bluetooth bluetooth; 3568 int error; 3569 3570 /* set power mode */ 3571 memset(&power, 0, sizeof power); 3572 power.flags = htole16(IWN_POWER_CAM | 0x8); 3573 DPRINTF(("setting power mode\n")); 3574 error = iwn_cmd(sc, IWN_CMD_SET_POWER_MODE, &power, sizeof power, 0); 3575 if (error != 0) { 3576 aprint_error_dev(sc->sc_dev, "could not set power mode\n"); 3577 return error; 3578 } 3579 3580 /* configure bluetooth coexistence */ 3581 memset(&bluetooth, 0, sizeof bluetooth); 3582 bluetooth.flags = 3; 3583 bluetooth.lead = 0xaa; 3584 bluetooth.kill = 1; 3585 DPRINTF(("configuring bluetooth coexistence\n")); 3586 error = iwn_cmd(sc, IWN_CMD_BLUETOOTH, &bluetooth, sizeof bluetooth, 3587 0); 3588 if (error != 0) { 3589 aprint_error_dev(sc->sc_dev, "could not configure bluetooth coexistence\n"); 3590 return error; 3591 } 3592 3593 /* configure adapter */ 3594 memset(&sc->config, 0, sizeof (struct iwn_config)); 3595 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 3596 IEEE80211_ADDR_COPY(sc->config.myaddr, ic->ic_myaddr); 3597 IEEE80211_ADDR_COPY(sc->config.wlap, ic->ic_myaddr); 3598 /* set default channel */ 3599 sc->config.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 3600 sc->config.flags = htole32(IWN_CONFIG_TSF); 3601 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) { 3602 sc->config.flags |= htole32(IWN_CONFIG_AUTO | 3603 IWN_CONFIG_24GHZ); 3604 } 3605 sc->config.filter = 0; 3606 switch (ic->ic_opmode) { 3607 case IEEE80211_M_STA: 3608 sc->config.mode = IWN_MODE_STA; 3609 sc->config.filter |= htole32(IWN_FILTER_MULTICAST); 3610 break; 3611 case IEEE80211_M_IBSS: 3612 case IEEE80211_M_AHDEMO: 3613 sc->config.mode = IWN_MODE_IBSS; 3614 break; 3615 case IEEE80211_M_HOSTAP: 3616 sc->config.mode = IWN_MODE_HOSTAP; 3617 break; 3618 case IEEE80211_M_MONITOR: 3619 sc->config.mode = IWN_MODE_MONITOR; 3620 sc->config.filter |= htole32(IWN_FILTER_MULTICAST | 3621 IWN_FILTER_CTL | IWN_FILTER_PROMISC); 3622 break; 3623 } 3624 sc->config.cck_mask = 0x0f; /* not yet negotiated */ 3625 sc->config.ofdm_mask = 0xff; /* not yet negotiated */ 3626 sc->config.ht_single_mask = 0xff; 3627 sc->config.ht_dual_mask = 0xff; 3628 sc->config.rxchain = htole16(0x2800 | 7 << IWN_RXCHAIN_ANTMSK_SHIFT); 3629 DPRINTF(("setting configuration\n")); 3630 error = iwn_cmd(sc, IWN_CMD_CONFIGURE, &sc->config, 3631 sizeof (struct iwn_config), 0); 3632 if (error != 0) { 3633 aprint_error_dev(sc->sc_dev, "configure command failed\n"); 3634 return error; 3635 } 3636 3637 /* configuration has changed, set Tx power accordingly */ 3638 if ((error = iwn_set_txpower(sc, ic->ic_ibss_chan, 0)) != 0) { 3639 aprint_error_dev(sc->sc_dev, "could not set Tx power\n"); 3640 return error; 3641 } 3642 3643 /* add broadcast node */ 3644 if ((error = iwn_add_node(sc, NULL, true, false, 0)) != 0) 3645 return error; 3646 3647 if ((error = iwn_set_critical_temp(sc)) != 0) { 3648 aprint_error_dev(sc->sc_dev, "could not set critical temperature\n"); 3649 return error; 3650 } 3651 3652 return 0; 3653 } 3654 3655 /* 3656 * Do post-alive initialization of the NIC (after firmware upload). 3657 */ 3658 static void 3659 iwn_post_alive(struct iwn_softc *sc) 3660 { 3661 uint32_t base; 3662 uint16_t offset; 3663 int qid; 3664 3665 iwn_mem_lock(sc); 3666 3667 /* clear SRAM */ 3668 base = iwn_mem_read(sc, IWN_SRAM_BASE); 3669 for (offset = 0x380; offset < 0x520; offset += 4) { 3670 IWN_WRITE(sc, IWN_MEM_WADDR, base + offset); 3671 IWN_WRITE(sc, IWN_MEM_WDATA, 0); 3672 } 3673 3674 /* shared area is aligned on a 1K boundary */ 3675 iwn_mem_write(sc, IWN_SRAM_BASE, sc->shared_dma.paddr >> 10); 3676 iwn_mem_write(sc, IWN_SELECT_QCHAIN, 0); 3677 3678 for (qid = 0; qid < IWN_NTXQUEUES; qid++) { 3679 iwn_mem_write(sc, IWN_QUEUE_RIDX(qid), 0); 3680 IWN_WRITE(sc, IWN_TX_WIDX, qid << 8 | 0); 3681 3682 /* set sched. window size */ 3683 IWN_WRITE(sc, IWN_MEM_WADDR, base + IWN_QUEUE_OFFSET(qid)); 3684 IWN_WRITE(sc, IWN_MEM_WDATA, 64); 3685 /* set sched. frame limit */ 3686 IWN_WRITE(sc, IWN_MEM_WADDR, base + IWN_QUEUE_OFFSET(qid) + 4); 3687 IWN_WRITE(sc, IWN_MEM_WDATA, 64 << 16); 3688 } 3689 3690 /* enable interrupts for all 16 queues */ 3691 iwn_mem_write(sc, IWN_QUEUE_INTR_MASK, 0xffff); 3692 3693 /* identify active Tx rings (0-7) */ 3694 iwn_mem_write(sc, IWN_TX_ACTIVE, 0xff); 3695 3696 /* mark Tx rings (4 EDCA + cmd + 2 HCCA) as active */ 3697 for (qid = 0; qid < 7; qid++) { 3698 iwn_mem_write(sc, IWN_TXQ_STATUS(qid), 3699 IWN_TXQ_STATUS_ACTIVE | qid << 1); 3700 } 3701 3702 iwn_mem_unlock(sc); 3703 } 3704 3705 static void 3706 iwn_stop_master(struct iwn_softc *sc) 3707 { 3708 uint32_t tmp; 3709 int ntries; 3710 3711 tmp = IWN_READ(sc, IWN_RESET); 3712 IWN_WRITE(sc, IWN_RESET, tmp | IWN_STOP_MASTER); 3713 3714 tmp = IWN_READ(sc, IWN_GPIO_CTL); 3715 if ((tmp & IWN_GPIO_PWR_STATUS) == IWN_GPIO_PWR_SLEEP) 3716 return; /* already asleep */ 3717 3718 for (ntries = 0; ntries < 100; ntries++) { 3719 if (IWN_READ(sc, IWN_RESET) & IWN_MASTER_DISABLED) 3720 break; 3721 DELAY(10); 3722 } 3723 if (ntries == 100) { 3724 aprint_error_dev(sc->sc_dev, "timeout waiting for master\n"); 3725 } 3726 } 3727 3728 static int 3729 iwn_reset(struct iwn_softc *sc) 3730 { 3731 uint32_t tmp; 3732 int ntries; 3733 3734 /* clear any pending interrupts */ 3735 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3736 3737 tmp = IWN_READ(sc, IWN_CHICKEN); 3738 IWN_WRITE(sc, IWN_CHICKEN, tmp | IWN_CHICKEN_DISLOS); 3739 3740 tmp = IWN_READ(sc, IWN_GPIO_CTL); 3741 IWN_WRITE(sc, IWN_GPIO_CTL, tmp | IWN_GPIO_INIT); 3742 3743 /* wait for clock stabilization */ 3744 for (ntries = 0; ntries < 1000; ntries++) { 3745 if (IWN_READ(sc, IWN_GPIO_CTL) & IWN_GPIO_CLOCK) 3746 break; 3747 DELAY(10); 3748 } 3749 if (ntries == 1000) { 3750 aprint_error_dev(sc->sc_dev, "timeout waiting for clock stabilization\n"); 3751 return ETIMEDOUT; 3752 } 3753 return 0; 3754 } 3755 3756 static void 3757 iwn_hw_config(struct iwn_softc *sc) 3758 { 3759 uint32_t tmp, hw; 3760 3761 /* enable interrupts mitigation */ 3762 IWN_WRITE(sc, IWN_INTR_MIT, 512 / 32); 3763 3764 /* voodoo from the reference driver */ 3765 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_CLASS_REG); 3766 tmp = PCI_REVISION(tmp); 3767 if ((tmp & 0x80) && (tmp & 0x7f) < 8) { 3768 /* enable "no snoop" field */ 3769 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0xe8); 3770 tmp &= ~IWN_DIS_NOSNOOP; 3771 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0xe8, tmp); 3772 } 3773 3774 /* disable L1 entry to work around a hardware bug */ 3775 tmp = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0xf0); 3776 tmp &= ~IWN_ENA_L1; 3777 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0xf0, tmp); 3778 3779 hw = IWN_READ(sc, IWN_HWCONFIG); 3780 IWN_WRITE(sc, IWN_HWCONFIG, hw | 0x310); 3781 3782 iwn_mem_lock(sc); 3783 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3784 iwn_mem_write(sc, IWN_MEM_POWER, tmp | IWN_POWER_RESET); 3785 DELAY(5); 3786 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3787 iwn_mem_write(sc, IWN_MEM_POWER, tmp & ~IWN_POWER_RESET); 3788 iwn_mem_unlock(sc); 3789 } 3790 3791 static int 3792 iwn_init(struct ifnet *ifp) 3793 { 3794 struct iwn_softc *sc = ifp->if_softc; 3795 struct ieee80211com *ic = &sc->sc_ic; 3796 uint32_t tmp; 3797 int error, qid; 3798 3799 iwn_stop(ifp, 1); 3800 if ((error = iwn_reset(sc)) != 0) { 3801 aprint_error_dev(sc->sc_dev, "could not reset adapter\n"); 3802 goto fail1; 3803 } 3804 3805 iwn_mem_lock(sc); 3806 iwn_mem_read(sc, IWN_CLOCK_CTL); 3807 iwn_mem_write(sc, IWN_CLOCK_CTL, 0xa00); 3808 iwn_mem_read(sc, IWN_CLOCK_CTL); 3809 iwn_mem_unlock(sc); 3810 3811 DELAY(20); 3812 3813 iwn_mem_lock(sc); 3814 tmp = iwn_mem_read(sc, IWN_MEM_PCIDEV); 3815 iwn_mem_write(sc, IWN_MEM_PCIDEV, tmp | 0x800); 3816 iwn_mem_unlock(sc); 3817 3818 iwn_mem_lock(sc); 3819 tmp = iwn_mem_read(sc, IWN_MEM_POWER); 3820 iwn_mem_write(sc, IWN_MEM_POWER, tmp & ~0x03000000); 3821 iwn_mem_unlock(sc); 3822 3823 iwn_hw_config(sc); 3824 3825 /* init Rx ring */ 3826 iwn_mem_lock(sc); 3827 IWN_WRITE(sc, IWN_RX_CONFIG, 0); 3828 IWN_WRITE(sc, IWN_RX_WIDX, 0); 3829 /* Rx ring is aligned on a 256-byte boundary */ 3830 IWN_WRITE(sc, IWN_RX_BASE, sc->rxq.desc_dma.paddr >> 8); 3831 /* shared area is aligned on a 16-byte boundary */ 3832 IWN_WRITE(sc, IWN_RW_WIDX_PTR, (sc->shared_dma.paddr + 3833 offsetof(struct iwn_shared, closed_count)) >> 4); 3834 IWN_WRITE(sc, IWN_RX_CONFIG, 0x80601000); 3835 iwn_mem_unlock(sc); 3836 3837 IWN_WRITE(sc, IWN_RX_WIDX, (IWN_RX_RING_COUNT - 1) & ~7); 3838 3839 iwn_mem_lock(sc); 3840 iwn_mem_write(sc, IWN_TX_ACTIVE, 0); 3841 3842 /* set physical address of "keep warm" page */ 3843 IWN_WRITE(sc, IWN_KW_BASE, sc->kw_dma.paddr >> 4); 3844 3845 /* init Tx rings */ 3846 for (qid = 0; qid < IWN_NTXQUEUES; qid++) { 3847 struct iwn_tx_ring *txq = &sc->txq[qid]; 3848 IWN_WRITE(sc, IWN_TX_BASE(qid), txq->desc_dma.paddr >> 8); 3849 IWN_WRITE(sc, IWN_TX_CONFIG(qid), 0x80000008); 3850 } 3851 iwn_mem_unlock(sc); 3852 3853 /* clear "radio off" and "disable command" bits (reversed logic) */ 3854 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3855 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_DISABLE_CMD); 3856 3857 /* clear any pending interrupts */ 3858 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3859 /* enable interrupts */ 3860 IWN_WRITE(sc, IWN_MASK, IWN_INTR_MASK); 3861 3862 /* not sure why/if this is necessary... */ 3863 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3864 IWN_WRITE(sc, IWN_UCODE_CLR, IWN_RADIO_OFF); 3865 3866 /* check that the radio is not disabled by RF switch */ 3867 if (!(IWN_READ(sc, IWN_GPIO_CTL) & IWN_GPIO_RF_ENABLED)) { 3868 aprint_error_dev(sc->sc_dev, "radio is disabled by hardware switch\n"); 3869 error = EBUSY; /* XXX ;-) */ 3870 goto fail1; 3871 } 3872 3873 if ((error = iwn_load_firmware(sc)) != 0) { 3874 aprint_error_dev(sc->sc_dev, "could not load firmware\n"); 3875 goto fail1; 3876 } 3877 3878 /* firmware has notified us that it is alive.. */ 3879 iwn_post_alive(sc); /* ..do post alive initialization */ 3880 3881 sc->rawtemp = sc->ucode_info.temp[3].chan20MHz; 3882 sc->temp = iwn_get_temperature(sc); 3883 DPRINTF(("temperature=%d\n", sc->temp)); 3884 3885 if ((error = iwn_config(sc)) != 0) { 3886 aprint_error_dev(sc->sc_dev, "could not configure device\n"); 3887 goto fail1; 3888 } 3889 3890 DPRINTF(("iwn_config end\n")); 3891 3892 ifp->if_flags &= ~IFF_OACTIVE; 3893 ifp->if_flags |= IFF_RUNNING; 3894 3895 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 3896 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL) 3897 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3898 } 3899 else 3900 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3901 3902 DPRINTF(("iwn_init ok\n")); 3903 return 0; 3904 3905 fail1: 3906 DPRINTF(("iwn_init error\n")); 3907 iwn_stop(ifp, 1); 3908 return error; 3909 } 3910 3911 static void 3912 iwn_stop(struct ifnet *ifp, int disable) 3913 { 3914 struct iwn_softc *sc = ifp->if_softc; 3915 struct ieee80211com *ic = &sc->sc_ic; 3916 uint32_t tmp; 3917 int i; 3918 3919 ifp->if_timer = sc->sc_tx_timer = 0; 3920 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3921 3922 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3923 3924 IWN_WRITE(sc, IWN_RESET, IWN_NEVO_RESET); 3925 3926 /* disable interrupts */ 3927 IWN_WRITE(sc, IWN_MASK, 0); 3928 IWN_WRITE(sc, IWN_INTR, 0xffffffff); 3929 IWN_WRITE(sc, IWN_INTR_STATUS, 0xffffffff); 3930 3931 /* make sure we no longer hold the memory lock */ 3932 iwn_mem_unlock(sc); 3933 3934 /* reset all Tx rings */ 3935 for (i = 0; i < IWN_NTXQUEUES; i++) 3936 iwn_reset_tx_ring(sc, &sc->txq[i]); 3937 3938 /* reset Rx ring */ 3939 iwn_reset_rx_ring(sc, &sc->rxq); 3940 3941 iwn_mem_lock(sc); 3942 iwn_mem_write(sc, IWN_MEM_CLOCK2, 0x200); 3943 iwn_mem_unlock(sc); 3944 3945 DELAY(5); 3946 3947 iwn_stop_master(sc); 3948 tmp = IWN_READ(sc, IWN_RESET); 3949 IWN_WRITE(sc, IWN_RESET, tmp | IWN_SW_RESET); 3950 } 3951 3952 static bool 3953 iwn_resume(device_t dv PMF_FN_ARGS) 3954 { 3955 struct iwn_softc *sc = device_private(dv); 3956 3957 (void)iwn_reset(sc); 3958 3959 return true; 3960 } 3961
Indexes created Sat Sep 27 22:09:54 GMT 2025