/* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * Copyright (c) 2003, 2004 * Daan Vreeken <Danovitsch@Vitsch.net>. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Daan Vreeken. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY Daan Vreeken AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL Daan Vreeken OR THE VOICES IN HIS HEAD * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF * THE POSSIBILITY OF SUCH DAMAGE. */ /* * Atmel AT76c503 / AT76c503a / AT76c505 / AT76c505a USB WLAN driver * * Originally written by Daan Vreeken <Danovitsch @ Vitsch . net> * http://vitsch.net/bsd/atuwi * * Contributed to by : * Chris Whitehouse, Alistair Phillips, Peter Pilka, Martijn van Buul, * Suihong Liang, Arjan van Leeuwen, Stuart Walsh * * Ported to OpenBSD by Theo de Raadt and David Gwynne. */ #include <sys/strsubr.h> #include <sys/strsun.h> #include <sys/mac_provider.h> #include <sys/mac_wifi.h> #include <sys/net80211.h> #define USBDRV_MAJOR_VER 2 #define USBDRV_MINOR_VER 0 #include <sys/usb/usba.h> #include <sys/usb/usba/usba_types.h> #include "fw/atmel_rfmd.hex" #include "fw/atmel_rfmd2958.hex" #include "fw/atmel_rfmd2958-smc.hex" #include "fw/atmel_intersil.hex" #include "fw/atmel_at76c505_rfmd.hex" #include "fw/atmel_at76c503_rfmd_acc.hex" #include "fw/atmel_at76c503_i3863.hex" #include "atu.h" static void *atu_soft_state_p; static mac_callbacks_t atu_m_callbacks; static const struct ieee80211_rateset atu_rateset = {4, {2, 4, 11, 22}}; static int atu_usb_request(struct atu_softc *sc, uint8_t type, uint8_t request, uint16_t value, uint16_t index, uint16_t length, uint8_t *data) { usb_ctrl_setup_t req; usb_cb_flags_t cf; usb_cr_t cr; mblk_t *mp = NULL; int uret = USB_SUCCESS; bzero(&req, sizeof (req)); req.bmRequestType = type; req.bRequest = request; req.wValue = value; req.wIndex = index; req.wLength = length; req.attrs = USB_ATTRS_NONE; if (type & USB_DEV_REQ_DEV_TO_HOST) { req.attrs = USB_ATTRS_AUTOCLEARING; uret = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp, &cr, &cf, 0); if (mp == NULL) return (EIO); if (uret == USB_SUCCESS) bcopy(mp->b_rptr, data, length); } else { if ((mp = allocb(length, BPRI_HI)) == NULL) return (ENOMEM); bcopy(data, mp->b_wptr, length); mp->b_wptr += length; uret = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp, &cr, &cf, 0); } if (mp) freemsg(mp); return (uret == USB_SUCCESS ? 0 : EIO); } static int atu_get_mib(struct atu_softc *sc, uint8_t type, uint8_t size, uint8_t index, uint8_t *buf) { return atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x033, type << 8, index, size, buf); } static int atu_get_cmd_status(struct atu_softc *sc, uint8_t cmd, uint8_t *status) { /* * all other drivers (including Windoze) request 40 bytes of status * and get a short-xfer of just 6 bytes. we can save 34 bytes of * buffer if we just request those 6 bytes in the first place :) */ return atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x22, cmd, 0x0000, 6, status); } static uint8_t atu_get_dfu_state(struct atu_softc *sc) { uint8_t state; if (atu_usb_request(sc, DFU_GETSTATE, 0, 0, 1, &state)) return (DFUState_DFUError); return (state); } static int atu_get_opmode(struct atu_softc *sc, uint8_t *mode) { return atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x33, 0x0001, 0x0000, 1, mode); } static int atu_get_config(struct atu_softc *sc) { struct ieee80211com *ic = &sc->sc_ic; struct atu_rfmd_conf rfmd_conf; struct atu_intersil_conf intersil_conf; int err; switch (sc->sc_radio) { case RadioRFMD: case RadioRFMD2958: case RadioRFMD2958_SMC: case AT76C503_RFMD_ACC: case AT76C505_RFMD: err = atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x33, 0x0a02, 0x0000, sizeof (rfmd_conf), (uint8_t *)&rfmd_conf); if (err) { cmn_err(CE_WARN, "%s: get RFMD config failed\n", sc->sc_name); return (err); } bcopy(rfmd_conf.MACAddr, ic->ic_macaddr, IEEE80211_ADDR_LEN); break; case RadioIntersil: case AT76C503_i3863: err = atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x33, 0x0902, 0x0000, sizeof (intersil_conf), (uint8_t *)&intersil_conf); if (err) { cmn_err(CE_WARN, "%s: get Intersil config failed\n", sc->sc_name); return (err); } bcopy(intersil_conf.MACAddr, ic->ic_macaddr, IEEE80211_ADDR_LEN); break; } return (0); } static int atu_wait_completion(struct atu_softc *sc, uint8_t cmd, uint8_t *status) { uint8_t statusreq[6]; int idle_count = 0, err; while ((err = atu_get_cmd_status(sc, cmd, statusreq)) == 0) { if ((statusreq[5] != STATUS_IN_PROGRESS) && (statusreq[5] != STATUS_IDLE)) { if (status != NULL) *status = statusreq[5]; return (0); } else if (idle_count++ > 60) { cmn_err(CE_WARN, "%s: command (0x%02x) timeout\n", sc->sc_name, cmd); return (ETIME); } drv_usecwait(10 * 1000); } return (err); } static int atu_send_command(struct atu_softc *sc, uint8_t *command, int size) { return atu_usb_request(sc, ATU_VENDOR_DEV_OUT, 0x0e, 0x0000, 0x0000, size, command); } static int atu_send_mib(struct atu_softc *sc, uint8_t type, uint8_t size, uint8_t index, void *data) { struct atu_cmd_set_mib request; int err; bzero(&request, sizeof (request)); request.AtCmd = CMD_SET_MIB; request.AtSize = size + 4; request.MIBType = type; request.MIBSize = size; request.MIBIndex = index; request.MIBReserved = 0; /* * For 1 and 2 byte requests we assume a direct value, * everything bigger than 2 bytes we assume a pointer to the data */ switch (size) { case 0: break; case 1: request.data[0] = (long)data & 0x000000ff; break; case 2: request.data[0] = (long)data & 0x000000ff; request.data[1] = (long)data >> 8; break; default: bcopy(data, request.data, size); break; } err = atu_usb_request(sc, ATU_VENDOR_DEV_OUT, 0x0e, 0x0000, 0x0000, size+8, (uint8_t *)&request); if (err) return (err); return (atu_wait_completion(sc, CMD_SET_MIB, NULL)); } static int atu_switch_radio(struct atu_softc *sc, boolean_t on) { struct atu_cmd radio; boolean_t ostate; int err; /* Intersil doesn't seem to support radio switch */ if (sc->sc_radio == RadioIntersil) return (0); ostate = ATU_RADIO_ON(sc) ? B_TRUE : B_FALSE; if (on != ostate) { bzero(&radio, sizeof (radio)); radio.Cmd = on ? CMD_RADIO_ON : CMD_RADIO_OFF; err = atu_send_command(sc, (uint8_t *)&radio, sizeof (radio)); if (err) return (err); err = atu_wait_completion(sc, radio.Cmd, NULL); if (err) return (err); if (on) sc->sc_flags |= ATU_FLAG_RADIO_ON; else sc->sc_flags &= ~ATU_FLAG_RADIO_ON; } return (0); } static int atu_config(struct atu_softc *sc) { struct ieee80211com *ic = &sc->sc_ic; struct ieee80211_key *k; struct atu_cmd_card_config cmd; uint8_t rates[4] = {0x82, 0x84, 0x8B, 0x96}; int err, i; err = atu_send_mib(sc, MIB_MAC_ADDR_STA, ic->ic_macaddr); if (err) { cmn_err(CE_WARN, "%s: setting MAC address failed\n", sc->sc_name); return (err); } bzero(&cmd, sizeof (cmd)); cmd.Cmd = CMD_STARTUP; cmd.Reserved = 0; cmd.Size = sizeof (cmd) - 4; cmd.Channel = ATU_DEF_CHAN; cmd.ShortRetryLimit = 7; cmd.RTS_Threshold = 2347; cmd.FragThreshold = 2346; cmd.PromiscuousMode = 1; cmd.AutoRateFallback = 1; bcopy(rates, cmd.BasicRateSet, 4); if (ic->ic_flags & IEEE80211_F_PRIVACY) { k = ic->ic_nw_keys + ic->ic_def_txkey; switch (k->wk_keylen) { case 5: cmd.EncryptionType = ATU_ENC_WEP40; break; case 13: cmd.EncryptionType = ATU_ENC_WEP104; break; default: cmn_err(CE_WARN, "%s: key invalid (%d bytes)\n", sc->sc_name, k->wk_keylen); goto nowep; } cmd.PrivacyInvoked = 1; cmd.ExcludeUnencrypted = 1; cmd.WEP_DefaultKeyID = ic->ic_def_txkey; for (i = 0; i < IEEE80211_WEP_NKID; i++) { k = ic->ic_nw_keys + i; if (k->wk_keylen == 0) continue; bcopy(k->wk_key, cmd.WEP_DefaultKey + i, k->wk_keylen); } } else { nowep: cmd.EncryptionType = ATU_ENC_NONE; } bcopy(ic->ic_des_essid, cmd.SSID, ic->ic_des_esslen); cmd.SSID_Len = ic->ic_des_esslen; cmd.BeaconPeriod = 100; err = atu_send_command(sc, (uint8_t *)&cmd, sizeof (cmd)); if (err) return (err); err = atu_wait_completion(sc, CMD_STARTUP, NULL); if (err) return (err); err = atu_switch_radio(sc, B_TRUE); if (err) return (err); err = atu_send_mib(sc, MIB_MAC_MGMT_POWER_MODE, (void *)ATU_POWER_ACTIVE); if (err) return (err); return (0); } static int atu_start_scan(struct atu_softc *sc) { struct ieee80211com *ic = &sc->sc_ic; struct atu_cmd_do_scan scan; int err; if (!ATU_RUNNING(sc)) return (EIO); bzero(&scan, sizeof (scan)); scan.Cmd = CMD_START_SCAN; scan.Reserved = 0; scan.Size = sizeof (scan) - 4; (void) memset(scan.BSSID, 0xff, sizeof (scan.BSSID)); bcopy(ic->ic_des_essid, scan.SSID, ic->ic_des_esslen); scan.SSID_Len = ic->ic_des_esslen; scan.ScanType = ATU_SCAN_ACTIVE; scan.Channel = ieee80211_chan2ieee(ic, ic->ic_curchan); scan.ProbeDelay = 0; scan.MinChannelTime = 20; scan.MaxChannelTime = 40; scan.InternationalScan = 0; err = atu_send_command(sc, (uint8_t *)&scan, sizeof (scan)); if (err) { cmn_err(CE_WARN, "%s: SCAN command failed\n", sc->sc_name); return (err); } err = atu_wait_completion(sc, CMD_START_SCAN, NULL); if (err) { cmn_err(CE_WARN, "%s: SCAN completion failed\n", sc->sc_name); return (err); } return (0); } static int atu_join(struct atu_softc *sc, struct ieee80211_node *node) { struct atu_cmd_join join; uint8_t status; int err; bzero(&join, sizeof (join)); join.Cmd = CMD_JOIN; join.Reserved = 0x00; join.Size = sizeof (join) - 4; bcopy(node->in_bssid, join.bssid, IEEE80211_ADDR_LEN); bcopy(node->in_essid, join.essid, node->in_esslen); join.essid_size = node->in_esslen; if (node->in_capinfo & IEEE80211_CAPINFO_IBSS) join.bss_type = ATU_MODE_IBSS; else join.bss_type = ATU_MODE_STA; join.channel = ieee80211_chan2ieee(&sc->sc_ic, node->in_chan); join.timeout = ATU_JOIN_TIMEOUT; join.reserved = 0x00; err = atu_send_command(sc, (uint8_t *)&join, sizeof (join)); if (err) { cmn_err(CE_WARN, "%s: JOIN command failed\n", sc->sc_name); return (err); } err = atu_wait_completion(sc, CMD_JOIN, &status); if (err) return (err); if (status != STATUS_COMPLETE) { cmn_err(CE_WARN, "%s: incorrect JOIN state (0x%02x)\n", sc->sc_name, status); return (EIO); } return (0); } static int atu_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) { struct atu_softc *sc = (struct atu_softc *)ic; enum ieee80211_state ostate = ic->ic_state; int err = 0; ATU_LOCK(sc); if (sc->sc_scan_timer != 0) { ATU_UNLOCK(sc); (void) untimeout(sc->sc_scan_timer); ATU_LOCK(sc); sc->sc_scan_timer = 0; } ostate = ic->ic_state; switch (nstate) { case IEEE80211_S_SCAN: switch (ostate) { case IEEE80211_S_SCAN: case IEEE80211_S_AUTH: case IEEE80211_S_ASSOC: case IEEE80211_S_RUN: ATU_UNLOCK(sc); sc->sc_newstate(ic, nstate, arg); ATU_LOCK(sc); if ((err = atu_start_scan(sc)) != 0) { ATU_UNLOCK(sc); ieee80211_cancel_scan(ic); return (err); } sc->sc_scan_timer = timeout( (void (*) (void*))ieee80211_next_scan, (void *)&sc->sc_ic, 0); ATU_UNLOCK(sc); return (err); default: break; } break; case IEEE80211_S_AUTH: switch (ostate) { case IEEE80211_S_INIT: case IEEE80211_S_SCAN: err = atu_join(sc, ic->ic_bss); if (err) { ATU_UNLOCK(sc); return (err); } break; default: break; } default: break; } ATU_UNLOCK(sc); err = sc->sc_newstate(ic, nstate, arg); return (err); } static int atu_open_pipes(struct atu_softc *sc) { usb_ep_data_t *ep; usb_pipe_policy_t policy = {0}; int uret; ep = usb_lookup_ep_data(sc->sc_dip, sc->sc_udev, 0, 0, 0, USB_EP_ATTR_BULK, USB_EP_DIR_OUT); policy.pp_max_async_reqs = ATU_TX_LIST_CNT; uret = usb_pipe_open(sc->sc_dip, &ep->ep_descr, &policy, USB_FLAGS_SLEEP, &sc->sc_tx_pipe); if (uret != USB_SUCCESS) goto fail; ep = usb_lookup_ep_data(sc->sc_dip, sc->sc_udev, 0, 0, 0, USB_EP_ATTR_BULK, USB_EP_DIR_IN); policy.pp_max_async_reqs = ATU_RX_LIST_CNT + 32; uret = usb_pipe_open(sc->sc_dip, &ep->ep_descr, &policy, USB_FLAGS_SLEEP, &sc->sc_rx_pipe); if (uret != USB_SUCCESS) goto fail; return (0); fail: if (sc->sc_rx_pipe != NULL) { usb_pipe_close(sc->sc_dip, sc->sc_rx_pipe, USB_FLAGS_SLEEP, NULL, 0); sc->sc_rx_pipe = NULL; } if (sc->sc_tx_pipe != NULL) { usb_pipe_close(sc->sc_dip, sc->sc_tx_pipe, USB_FLAGS_SLEEP, NULL, 0); sc->sc_tx_pipe = NULL; } return (EIO); } static void atu_close_pipes(struct atu_softc *sc) { usb_flags_t flags = USB_FLAGS_SLEEP; if (sc->sc_rx_pipe != NULL) { usb_pipe_reset(sc->sc_dip, sc->sc_rx_pipe, flags, NULL, 0); usb_pipe_close(sc->sc_dip, sc->sc_rx_pipe, flags, NULL, 0); sc->sc_rx_pipe = NULL; } if (sc->sc_tx_pipe != NULL) { usb_pipe_reset(sc->sc_dip, sc->sc_tx_pipe, flags, NULL, 0); usb_pipe_close(sc->sc_dip, sc->sc_tx_pipe, flags, NULL, 0); sc->sc_tx_pipe = NULL; } } static int atu_rx_trigger(struct atu_softc *sc); /*ARGSUSED*/ static void atu_rxeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req) { struct atu_softc *sc = (struct atu_softc *)req->bulk_client_private; struct ieee80211com *ic = &sc->sc_ic; struct ieee80211_node *ni; struct atu_rx_hdr *h; struct ieee80211_frame *wh; mblk_t *mp = req->bulk_data; int len, pktlen; req->bulk_data = NULL; if (req->bulk_completion_reason != USB_CR_OK) { sc->sc_rx_err++; goto fail; } len = msgdsize(mp); if (len < ATU_RX_HDRLEN + ATU_MIN_FRAMELEN) { cmn_err(CE_CONT, "%s: fragment (%d bytes)\n", sc->sc_name, len); sc->sc_rx_err++; goto fail; } h = (struct atu_rx_hdr *)mp->b_rptr; pktlen = h->length - 4; if (pktlen + ATU_RX_HDRLEN + 4 != len) { cmn_err(CE_CONT, "%s: jumbo (%d bytes -> %d bytes)\n", sc->sc_name, len, pktlen); sc->sc_rx_err++; goto fail; } mp->b_rptr += ATU_RX_HDRLEN; mp->b_wptr = mp->b_rptr + pktlen; wh = (struct ieee80211_frame *)mp->b_rptr; if (wh->i_fc[1] & IEEE80211_FC1_WEP) wh->i_fc[1] &= ~IEEE80211_FC1_WEP; ni = ieee80211_find_rxnode(ic, wh); (void) ieee80211_input(ic, mp, ni, h->rssi, h->rx_time); ieee80211_free_node(ni); done: usb_free_bulk_req(req); mutex_enter(&sc->sc_rxlock); sc->rx_queued--; mutex_exit(&sc->sc_rxlock); if (ATU_RUNNING(sc)) (void) atu_rx_trigger(sc); return; fail: freemsg(mp); goto done; } /*ARGSUSED*/ static void atu_txeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req) { struct atu_softc *sc = (struct atu_softc *)req->bulk_client_private; struct ieee80211com *ic = &sc->sc_ic; if (req->bulk_completion_reason != USB_CR_OK) ic->ic_stats.is_tx_failed++; usb_free_bulk_req(req); mutex_enter(&sc->sc_txlock); sc->tx_queued--; if (sc->sc_need_sched) { sc->sc_need_sched = 0; mac_tx_update(ic->ic_mach); } mutex_exit(&sc->sc_txlock); } static int atu_rx_trigger(struct atu_softc *sc) { usb_bulk_req_t *req; int uret; req = usb_alloc_bulk_req(sc->sc_dip, ATU_RX_BUFSZ, USB_FLAGS_SLEEP); if (req == NULL) return (ENOMEM); req->bulk_len = ATU_RX_BUFSZ; req->bulk_client_private = (usb_opaque_t)sc; req->bulk_timeout = 0; req->bulk_attributes = USB_ATTRS_SHORT_XFER_OK | USB_ATTRS_AUTOCLEARING; req->bulk_cb = atu_rxeof; req->bulk_exc_cb = atu_rxeof; req->bulk_completion_reason = 0; req->bulk_cb_flags = 0; uret = usb_pipe_bulk_xfer(sc->sc_rx_pipe, req, 0); if (uret != USB_SUCCESS) { usb_free_bulk_req(req); return (EIO); } mutex_enter(&sc->sc_rxlock); sc->rx_queued++; mutex_exit(&sc->sc_rxlock); return (0); } static int atu_tx_trigger(struct atu_softc *sc, mblk_t *mp) { usb_bulk_req_t *req; int uret; req = usb_alloc_bulk_req(sc->sc_dip, 0, USB_FLAGS_SLEEP); if (req == NULL) return (EIO); req->bulk_len = msgdsize(mp); req->bulk_data = mp; req->bulk_client_private = (usb_opaque_t)sc; req->bulk_timeout = 10; req->bulk_attributes = USB_ATTRS_AUTOCLEARING; req->bulk_cb = atu_txeof; req->bulk_exc_cb = atu_txeof; req->bulk_completion_reason = 0; req->bulk_cb_flags = 0; uret = usb_pipe_bulk_xfer(sc->sc_tx_pipe, req, 0); if (uret != USB_SUCCESS) { req->bulk_data = NULL; usb_free_bulk_req(req); return (EIO); } mutex_enter(&sc->sc_txlock); sc->tx_queued++; mutex_exit(&sc->sc_txlock); return (0); } static int atu_init_rx_queue(struct atu_softc *sc) { int err, i; mutex_enter(&sc->sc_rxlock); sc->rx_queued = 0; mutex_exit(&sc->sc_rxlock); for (i = 0; i < ATU_RX_LIST_CNT; i++) { err = atu_rx_trigger(sc); if (err) return (err); } return (0); } static void atu_init_tx_queue(struct atu_softc *sc) { mutex_enter(&sc->sc_txlock); sc->tx_queued = 0; mutex_exit(&sc->sc_txlock); } static int atu_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type) { struct atu_softc *sc = (struct atu_softc *)ic; struct ieee80211_node *ni = NULL; struct atu_tx_hdr *desc; struct ieee80211_frame *wh; mblk_t *m; int pktlen = msgdsize(mp), err = 0; mutex_enter(&sc->sc_txlock); if (sc->tx_queued > ATU_TX_LIST_CNT) { sc->sc_tx_nobuf++; mutex_exit(&sc->sc_txlock); err = ENOMEM; goto fail; } mutex_exit(&sc->sc_txlock); m = allocb(ATU_TX_BUFSZ, BPRI_MED); if (m == NULL) { sc->sc_tx_nobuf++; err = ENOMEM; goto fail; } /* reserve tx header space */ m->b_rptr += ATU_TX_HDRLEN; m->b_wptr += ATU_TX_HDRLEN; /* copy and (implicitly) free old data */ mcopymsg(mp, m->b_wptr); m->b_wptr += pktlen; wh = (struct ieee80211_frame *)m->b_rptr; ni = ieee80211_find_txnode(ic, wh->i_addr1); if (ni == NULL) { ic->ic_stats.is_tx_failed++; freemsg(m); err = ENXIO; goto fail; } if (type == IEEE80211_FC0_TYPE_DATA) (void) ieee80211_encap(ic, m, ni); /* full WEP in device, prune WEP fields (IV, KID) */ if (wh->i_fc[1] & IEEE80211_FC1_WEP) { (void) memmove(m->b_rptr + IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, m->b_rptr, sizeof (struct ieee80211_frame)); m->b_rptr += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; } pktlen = msgdsize(m); m->b_rptr -= ATU_TX_HDRLEN; /* setup tx header */ desc = (struct atu_tx_hdr *)m->b_rptr; bzero(desc, ATU_TX_HDRLEN); desc->length = (uint16_t)pktlen; desc->tx_rate = ATU_DEF_TX_RATE; err = atu_tx_trigger(sc, m); if (!err) { ic->ic_stats.is_tx_frags++; ic->ic_stats.is_tx_bytes += pktlen; } else { ic->ic_stats.is_tx_failed++; freemsg(m); } fail: if (ni != NULL) ieee80211_free_node(ni); return (err); } static int atu_stop(struct atu_softc *sc) { sc->sc_flags &= ~ATU_FLAG_RUNNING; atu_close_pipes(sc); return (atu_switch_radio(sc, B_FALSE)); } static int atu_init(struct atu_softc *sc) { int err; err = atu_stop(sc); if (err) return (err); err = atu_open_pipes(sc); if (err) goto fail; err = atu_config(sc); if (err) { cmn_err(CE_WARN, "%s: startup config failed\n", sc->sc_name); goto fail; } atu_init_tx_queue(sc); err = atu_init_rx_queue(sc); if (err) { cmn_err(CE_WARN, "%s: rx queue init failed\n", sc->sc_name); goto fail; } sc->sc_flags |= ATU_FLAG_RUNNING; return (0); fail: (void) atu_stop(sc); return (err); } static void atu_watchdog(void *arg) { struct atu_softc *sc = arg; struct ieee80211com *ic = &sc->sc_ic; ieee80211_stop_watchdog(ic); ATU_LOCK(sc); if (!ATU_RUNNING(sc)) { ATU_UNLOCK(sc); return; } ATU_UNLOCK(sc); switch (ic->ic_state) { case IEEE80211_S_AUTH: case IEEE80211_S_ASSOC: if (ic->ic_bss->in_fails > 0) ieee80211_new_state(ic, IEEE80211_S_INIT, -1); else ieee80211_watchdog(ic); break; } } static int atu_dfu_stage1(void *arg) { struct atu_softc *sc = arg; uint8_t state, *ptr = NULL, status[6]; int block_size, bytes_left = 0, block = 0, err, i, count = 0; /* * Uploading firmware is done with the DFU (Device Firmware Upgrade) * interface. See "Universal Serial Bus - Device Class Specification * for Device Firmware Upgrade" pdf for details of the protocol. * Maybe this could be moved to a separate 'firmware driver' once more * device drivers need it... For now we'll just do it here. * * Just for your information, the Atmel's DFU descriptor looks like * this: * * 07 size * 21 type * 01 capabilities : only firmware download, *need* reset * after download * 13 05 detach timeout : max 1299ms between DFU_DETACH and * reset * 00 04 max bytes of firmware per transaction : 1024 */ for (i = 0; i < sizeof (atu_fw_table) / sizeof (atu_fw_table[0]); i++) if (sc->sc_radio == atu_fw_table[i].atur_type) { ptr = atu_fw_table[i].atur_int; bytes_left = atu_fw_table[i].atur_int_size; } state = atu_get_dfu_state(sc); while (block >= 0 && state > 0) { switch (state) { case DFUState_DnLoadSync: /* get DFU status */ err = atu_usb_request(sc, DFU_GETSTATUS, 0, 0, 6, status); if (err) { cmn_err(CE_WARN, "%s: DFU get status failed\n", sc->sc_name); return (err); } /* success means state => DnLoadIdle */ state = DFUState_DnLoadIdle; continue; case DFUState_DFUIdle: case DFUState_DnLoadIdle: if (bytes_left >= DFU_MaxBlockSize) block_size = DFU_MaxBlockSize; else block_size = bytes_left; err = atu_usb_request(sc, DFU_DNLOAD, block++, 0, block_size, ptr); if (err) { cmn_err(CE_WARN, "%s: DFU download failed\n", sc->sc_name); return (err); } ptr += block_size; bytes_left -= block_size; if (block_size == 0) block = -1; break; case DFUState_DFUError: cmn_err(CE_WARN, "%s: DFU state error\n", sc->sc_name); return (EIO); default: drv_usecwait(10*1000); if (++count > 100) { cmn_err(CE_WARN, "%s: DFU timeout\n", sc->sc_name); return (ETIME); } break; } state = atu_get_dfu_state(sc); } if (state != DFUState_ManifestSync) cmn_err(CE_WARN, "%s: DFU state (%d) != ManifestSync\n", sc->sc_name, state); err = atu_usb_request(sc, DFU_GETSTATUS, 0, 0, 6, status); if (err) { cmn_err(CE_WARN, "%s: DFU get status failed\n", sc->sc_name); return (err); } err = atu_usb_request(sc, DFU_REMAP, 0, 0, 0, NULL); if (err && !(sc->sc_quirk & ATU_QUIRK_NO_REMAP)) { cmn_err(CE_WARN, "%s: DFU remap failed\n", sc->sc_name); return (err); } /* * after a lot of trying and measuring I found out the device needs * about 56 miliseconds after sending the remap command before * it's ready to communicate again. So we'll wait just a little bit * longer than that to be sure... */ drv_usecwait((56+100)*1000); return (0); } static int atu_dfu_stage2(void *arg) { struct atu_softc *sc = arg; uint8_t *ptr = NULL; int block_size, bytes_left = 0, block = 0, err, i; for (i = 0; i < sizeof (atu_fw_table) / sizeof (atu_fw_table[0]); i++) if (sc->sc_radio == atu_fw_table[i].atur_type) { ptr = atu_fw_table[i].atur_ext; bytes_left = atu_fw_table[i].atur_ext_size; } while (bytes_left) { if (bytes_left > 1024) block_size = 1024; else block_size = bytes_left; err = atu_usb_request(sc, ATU_VENDOR_DEV_OUT, 0x0e, 0x0802, block, block_size, ptr); if (err) { cmn_err(CE_WARN, "%s: stage2 firmware load failed\n", sc->sc_name); return (err); } ptr += block_size; block++; bytes_left -= block_size; } err = atu_usb_request(sc, ATU_VENDOR_DEV_OUT, 0x0e, 0x0802, block, 0, NULL); if (err) { cmn_err(CE_WARN, "%s: zero-length block load failed\n", sc->sc_name); return (err); } /* * The SMC2662w V.4 seems to require some time to do its thing with * the stage2 firmware... 20 ms isn't enough, but 21 ms works 100 * times out of 100 tries. We'll wait a bit longer just to be sure */ if (sc->sc_quirk & ATU_QUIRK_FW_DELAY) drv_usecwait((21 + 100) * 1000); return (0); } static int atu_load_microcode(struct atu_softc *sc, boolean_t attach) { usb_dev_reset_lvl_t reset; uint8_t mode, chan; int err; reset = attach ? USB_RESET_LVL_REATTACH : USB_RESET_LVL_DEFAULT; err = atu_get_opmode(sc, &mode); if (!err) { if (mode == ATU_DEV_READY) return (0); /* * Opmode of SMC2662 V.4 does not change after stage2 * firmware download. If succeeded reading the channel * number, stage2 firmware is already running. */ if (sc->sc_radio != RadioIntersil && atu_get_mib(sc, MIB_PHY_CHANNEL, &chan) == 0) return (0); if (mode == ATU_DEV_STAGE2) stage2: return (atu_dfu_stage2(sc)); } err = atu_dfu_stage1(sc); if (err) return (err); if (usb_reset_device(sc->sc_dip, reset) != USB_SUCCESS) return (EIO); if (attach) return (EAGAIN); else goto stage2; } static int atu_disconnect(dev_info_t *dip) { struct atu_softc *sc; struct ieee80211com *ic; sc = ddi_get_soft_state(atu_soft_state_p, ddi_get_instance(dip)); ic = &sc->sc_ic; ieee80211_new_state(ic, IEEE80211_S_INIT, -1); ieee80211_stop_watchdog(ic); ATU_LOCK(sc); if (sc->sc_scan_timer != 0) { ATU_UNLOCK(sc); (void) untimeout(sc->sc_scan_timer); ATU_LOCK(sc); sc->sc_scan_timer = 0; } sc->sc_flags &= ~(ATU_FLAG_RUNNING | ATU_FLAG_RADIO_ON); atu_close_pipes(sc); ATU_UNLOCK(sc); return (0); } static int atu_reconnect(dev_info_t *dip) { struct atu_softc *sc; int err; sc = ddi_get_soft_state(atu_soft_state_p, ddi_get_instance(dip)); if (usb_check_same_device(sc->sc_dip, NULL, USB_LOG_L2, -1, USB_CHK_BASIC, NULL) != USB_SUCCESS) return (DDI_FAILURE); ATU_LOCK(sc); err = atu_load_microcode(sc, B_FALSE); if (!err) err = atu_init(sc); ATU_UNLOCK(sc); return (err ? DDI_FAILURE : DDI_SUCCESS); } static int atu_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) { struct atu_softc *sc; struct ieee80211com *ic; mac_register_t *macp; wifi_data_t wd = {0}; int instance, i, err; switch (cmd) { case DDI_ATTACH: break; case DDI_RESUME: sc = ddi_get_soft_state(atu_soft_state_p, ddi_get_instance(dip)); if (usb_check_same_device(sc->sc_dip, NULL, USB_LOG_L2, -1, USB_CHK_BASIC, NULL) != USB_SUCCESS) return (DDI_SUCCESS); if (atu_load_microcode(sc, B_FALSE) == 0) (void) atu_init(sc); return (DDI_SUCCESS); default: return (DDI_FAILURE); } instance = ddi_get_instance(dip); if (ddi_soft_state_zalloc(atu_soft_state_p, instance) != DDI_SUCCESS) return (DDI_FAILURE); sc = ddi_get_soft_state(atu_soft_state_p, instance); ic = &sc->sc_ic; sc->sc_dip = dip; (void) snprintf(sc->sc_name, sizeof (sc->sc_name), "%s%d", "atu", instance); err = usb_client_attach(dip, USBDRV_VERSION, 0); if (err != USB_SUCCESS) goto fail1; err = usb_get_dev_data(dip, &sc->sc_udev, USB_PARSE_LVL_ALL, 0); if (err != USB_SUCCESS) { sc->sc_udev = NULL; goto fail2; } for (i = 0; i < sizeof (atu_dev_table)/sizeof (atu_dev_table[0]); i++) { struct atu_dev_type *t = &atu_dev_table[i]; if (sc->sc_udev->dev_descr->idVendor == t->atu_vid && sc->sc_udev->dev_descr->idProduct == t->atu_pid) { sc->sc_radio = t->atu_radio; sc->sc_quirk = t->atu_quirk; } } err = atu_load_microcode(sc, B_TRUE); if (err == EAGAIN) { sc->sc_flags |= ATU_FLAG_REATTACH; /* reattaching */ return (DDI_SUCCESS); } else if (err) { goto fail2; } sc->sc_flags &= ~ATU_FLAG_REATTACH; /* read device config & MAC address */ err = atu_get_config(sc); if (err) { cmn_err(CE_WARN, "%s: read device config failed\n", sc->sc_name); goto fail2; } mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL); mutex_init(&sc->sc_txlock, NULL, MUTEX_DRIVER, NULL); mutex_init(&sc->sc_rxlock, NULL, MUTEX_DRIVER, NULL); ic->ic_phytype = IEEE80211_T_DS; ic->ic_opmode = IEEE80211_M_STA; ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_WEP; ic->ic_sup_rates[IEEE80211_MODE_11B] = atu_rateset; ic->ic_maxrssi = atu_fw_table[sc->sc_radio].max_rssi; ic->ic_state = IEEE80211_S_INIT; for (i = 1; i <= 14; i++) { ic->ic_sup_channels[i].ich_freq = ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_PASSIVE; } ic->ic_xmit = atu_send; ieee80211_attach(ic); sc->sc_newstate = ic->ic_newstate; ic->ic_newstate = atu_newstate; ic->ic_watchdog = atu_watchdog; ieee80211_media_init(ic); ic->ic_def_txkey = 0; wd.wd_opmode = ic->ic_opmode; wd.wd_secalloc = WIFI_SEC_NONE; IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid); macp = mac_alloc(MAC_VERSION); if (macp == NULL) goto fail3; macp->m_type_ident = MAC_PLUGIN_IDENT_WIFI; macp->m_driver = sc; macp->m_dip = dip; macp->m_src_addr = ic->ic_macaddr; macp->m_callbacks = &atu_m_callbacks; macp->m_min_sdu = 0; macp->m_max_sdu = IEEE80211_MTU; macp->m_pdata = &wd; macp->m_pdata_size = sizeof (wd); err = mac_register(macp, &ic->ic_mach); mac_free(macp); if (err) goto fail3; err = usb_register_hotplug_cbs(sc->sc_dip, atu_disconnect, atu_reconnect); if (err != USB_SUCCESS) goto fail4; err = ddi_create_minor_node(dip, sc->sc_name, S_IFCHR, instance + 1, DDI_NT_NET_WIFI, 0); if (err != DDI_SUCCESS) cmn_err(CE_WARN, "%s: minor node creation failed\n", sc->sc_name); mac_link_update(ic->ic_mach, LINK_STATE_DOWN); return (DDI_SUCCESS); fail4: (void) mac_unregister(ic->ic_mach); fail3: mutex_destroy(&sc->sc_genlock); mutex_destroy(&sc->sc_rxlock); mutex_destroy(&sc->sc_txlock); fail2: usb_client_detach(sc->sc_dip, sc->sc_udev); fail1: ddi_soft_state_free(atu_soft_state_p, instance); return (DDI_FAILURE); } static int atu_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) { struct atu_softc *sc; int err; sc = ddi_get_soft_state(atu_soft_state_p, ddi_get_instance(dip)); switch (cmd) { case DDI_DETACH: break; case DDI_SUSPEND: ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); ieee80211_stop_watchdog(&sc->sc_ic); ATU_LOCK(sc); if (sc->sc_scan_timer != 0) { ATU_UNLOCK(sc); (void) untimeout(sc->sc_scan_timer); ATU_LOCK(sc); sc->sc_scan_timer = 0; } (void) atu_stop(sc); ATU_UNLOCK(sc); return (DDI_SUCCESS); default: return (DDI_FAILURE); } if (!ATU_REATTACH(sc)) { err = mac_disable(sc->sc_ic.ic_mach); if (err) return (DDI_FAILURE); (void) atu_stop(sc); usb_unregister_hotplug_cbs(dip); (void) mac_unregister(sc->sc_ic.ic_mach); ieee80211_detach(&sc->sc_ic); mutex_destroy(&sc->sc_genlock); mutex_destroy(&sc->sc_txlock); mutex_destroy(&sc->sc_rxlock); ddi_remove_minor_node(dip, NULL); } usb_client_detach(dip, sc->sc_udev); ddi_soft_state_free(atu_soft_state_p, ddi_get_instance(dip)); return (DDI_SUCCESS); } DDI_DEFINE_STREAM_OPS(atu_dev_ops, nulldev, nulldev, atu_attach, atu_detach, nodev, NULL, D_MP, NULL, ddi_quiesce_not_needed); static struct modldrv atu_modldrv = { &mod_driverops, "atu driver v1.1", &atu_dev_ops }; static struct modlinkage modlinkage = { MODREV_1, (void *)&atu_modldrv, NULL }; int _info(struct modinfo *modinfop) { return (mod_info(&modlinkage, modinfop)); } int _init(void) { int status; status = ddi_soft_state_init(&atu_soft_state_p, sizeof (struct atu_softc), 1); if (status != 0) return (status); mac_init_ops(&atu_dev_ops, "atu"); status = mod_install(&modlinkage); if (status != 0) { mac_fini_ops(&atu_dev_ops); ddi_soft_state_fini(&atu_soft_state_p); } return (status); } int _fini(void) { int status; status = mod_remove(&modlinkage); if (status == 0) { mac_fini_ops(&atu_dev_ops); ddi_soft_state_fini(&atu_soft_state_p); } return (status); } static int atu_m_start(void *arg) { struct atu_softc *sc = (struct atu_softc *)arg; int err; ATU_LOCK(sc); err = atu_init(sc); ATU_UNLOCK(sc); return (err); } static void atu_m_stop(void *arg) { struct atu_softc *sc = (struct atu_softc *)arg; struct ieee80211com *ic = &sc->sc_ic; ieee80211_new_state(ic, IEEE80211_S_INIT, -1); ieee80211_stop_watchdog(ic); ATU_LOCK(sc); if (sc->sc_scan_timer != 0) { ATU_UNLOCK(sc); (void) untimeout(sc->sc_scan_timer); ATU_LOCK(sc); sc->sc_scan_timer = 0; } (void) atu_stop(sc); ATU_UNLOCK(sc); } /*ARGSUSED*/ static int atu_m_unicst(void *arg, const uint8_t *macaddr) { return (ENOTSUP); } /*ARGSUSED*/ static int atu_m_multicst(void *arg, boolean_t add, const uint8_t *mca) { return (ENOTSUP); } /*ARGSUSED*/ static int atu_m_promisc(void *arg, boolean_t on) { return (0); } static int atu_m_setprop(void *arg, const char *name, mac_prop_id_t id, uint_t len, const void *buf) { struct atu_softc *sc = (struct atu_softc *)arg; struct ieee80211com *ic = &sc->sc_ic; int err; err = ieee80211_setprop(ic, name, id, len, buf); if (err != ENETRESET) return (err); if (ic->ic_des_esslen == 0) return (0); ATU_LOCK(sc); if (ATU_RUNNING(sc)) { if (sc->sc_scan_timer != 0) { ATU_UNLOCK(sc); (void) untimeout(sc->sc_scan_timer); ATU_LOCK(sc); sc->sc_scan_timer = 0; } err = atu_init(sc); ATU_UNLOCK(sc); if (err) return (err); ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); ATU_LOCK(sc); } ATU_UNLOCK(sc); return (0); } static int atu_m_getprop(void *arg, const char *name, mac_prop_id_t id, uint_t length, void *buf) { struct atu_softc *sc = (struct atu_softc *)arg; struct ieee80211com *ic = &sc->sc_ic; return (ieee80211_getprop(ic, name, id, length, buf)); } static void atu_m_propinfo(void *arg, const char *name, mac_prop_id_t id, mac_prop_info_handle_t mph) { struct atu_softc *sc = (struct atu_softc *)arg; struct ieee80211com *ic = &sc->sc_ic; ieee80211_propinfo(ic, name, id, mph); } static void atu_m_ioctl(void* arg, queue_t *wq, mblk_t *mp) { struct atu_softc *sc = (struct atu_softc *)arg; struct ieee80211com *ic = &sc->sc_ic; int err; err = ieee80211_ioctl(ic, wq, mp); if (err != ENETRESET || ic->ic_des_esslen == 0) return; ATU_LOCK(sc); if (ATU_RUNNING(sc)) { if (sc->sc_scan_timer != 0) { ATU_UNLOCK(sc); (void) untimeout(sc->sc_scan_timer); ATU_LOCK(sc); sc->sc_scan_timer = 0; } err = atu_init(sc); ATU_UNLOCK(sc); if (err) return; ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); ATU_LOCK(sc); } ATU_UNLOCK(sc); } static mblk_t * atu_m_tx(void *arg, mblk_t *mp) { struct atu_softc *sc = (struct atu_softc *)arg; struct ieee80211com *ic = &sc->sc_ic; mblk_t *next; if (ic->ic_state != IEEE80211_S_RUN) { freemsgchain(mp); return (NULL); } while (mp != NULL) { next = mp->b_next; mp->b_next = NULL; if (atu_send(ic, mp, IEEE80211_FC0_TYPE_DATA) == ENOMEM) { mutex_enter(&sc->sc_txlock); sc->sc_need_sched = 1; mutex_exit(&sc->sc_txlock); mp->b_next = next; return (mp); } mp = next; } return (mp); } static int atu_m_stat(void *arg, uint_t stat, uint64_t *val) { struct atu_softc *sc = (struct atu_softc *)arg; ieee80211com_t *ic = &sc->sc_ic; ieee80211_node_t *in; ATU_LOCK(sc); switch (stat) { case MAC_STAT_IFSPEED: in = ic->ic_bss; *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ? IEEE80211_RATE(in->in_txrate) : ic->ic_fixed_rate) / 2 * 1000000; break; case MAC_STAT_NOXMTBUF: *val = sc->sc_tx_nobuf; break; case MAC_STAT_NORCVBUF: *val = sc->sc_rx_nobuf; break; case MAC_STAT_IERRORS: *val = sc->sc_rx_err; break; case MAC_STAT_RBYTES: *val = ic->ic_stats.is_rx_bytes; break; case MAC_STAT_IPACKETS: *val = ic->ic_stats.is_rx_frags; break; case MAC_STAT_OBYTES: *val = ic->ic_stats.is_tx_bytes; break; case MAC_STAT_OPACKETS: *val = ic->ic_stats.is_tx_frags; break; case MAC_STAT_OERRORS: *val = ic->ic_stats.is_tx_failed; break; case WIFI_STAT_TX_FRAGS: case WIFI_STAT_MCAST_TX: case WIFI_STAT_TX_FAILED: case WIFI_STAT_TX_RETRANS: case WIFI_STAT_TX_RERETRANS: case WIFI_STAT_RTS_SUCCESS: case WIFI_STAT_RTS_FAILURE: case WIFI_STAT_ACK_FAILURE: case WIFI_STAT_RX_FRAGS: case WIFI_STAT_MCAST_RX: case WIFI_STAT_FCS_ERRORS: case WIFI_STAT_WEP_ERRORS: case WIFI_STAT_RX_DUPS: ATU_UNLOCK(sc); return (ieee80211_stat(ic, stat, val)); default: ATU_UNLOCK(sc); return (ENOTSUP); } ATU_UNLOCK(sc); return (0); } static mac_callbacks_t atu_m_callbacks = { MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO, atu_m_stat, atu_m_start, atu_m_stop, atu_m_promisc, atu_m_multicst, atu_m_unicst, atu_m_tx, NULL, atu_m_ioctl, NULL, NULL, NULL, atu_m_setprop, atu_m_getprop, atu_m_propinfo };