1 /*- 2 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer, 10 * without modification. 11 * 2. Redistributions in binary form must reproduce at minimum a disclaimer 12 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any 13 * redistribution must be conditioned upon including a substantially 14 * similar Disclaimer requirement for further binary redistribution. 15 * 16 * NO WARRANTY 17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY 20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 21 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, 22 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 25 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 27 * THE POSSIBILITY OF SUCH DAMAGES. 28 */ 29 30 #include <sys/cdefs.h> 31 __FBSDID("$FreeBSD$"); 32 33 /* 34 * Driver for the Atheros Wireless LAN controller. 35 * 36 * This software is derived from work of Atsushi Onoe; his contribution 37 * is greatly appreciated. 38 */ 39 40 #include "opt_inet.h" 41 #include "opt_ath.h" 42 /* 43 * This is needed for register operations which are performed 44 * by the driver - eg, calls to ath_hal_gettsf32(). 45 * 46 * It's also required for any AH_DEBUG checks in here, eg the 47 * module dependencies. 48 */ 49 #include "opt_ah.h" 50 #include "opt_wlan.h" 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/sysctl.h> 55 #include <sys/mbuf.h> 56 #include <sys/malloc.h> 57 #include <sys/lock.h> 58 #include <sys/mutex.h> 59 #include <sys/kernel.h> 60 #include <sys/socket.h> 61 #include <sys/sockio.h> 62 #include <sys/errno.h> 63 #include <sys/callout.h> 64 #include <sys/bus.h> 65 #include <sys/endian.h> 66 #include <sys/kthread.h> 67 #include <sys/taskqueue.h> 68 #include <sys/priv.h> 69 #include <sys/module.h> 70 #include <sys/ktr.h> 71 #include <sys/smp.h> /* for mp_ncpus */ 72 73 #include <machine/bus.h> 74 75 #include <net/if.h> 76 #include <net/if_dl.h> 77 #include <net/if_media.h> 78 #include <net/if_types.h> 79 #include <net/if_arp.h> 80 #include <net/ethernet.h> 81 #include <net/if_llc.h> 82 83 #include <net80211/ieee80211_var.h> 84 #include <net80211/ieee80211_regdomain.h> 85 #ifdef IEEE80211_SUPPORT_SUPERG 86 #include <net80211/ieee80211_superg.h> 87 #endif 88 #ifdef IEEE80211_SUPPORT_TDMA 89 #include <net80211/ieee80211_tdma.h> 90 #endif 91 92 #include <net/bpf.h> 93 94 #ifdef INET 95 #include <netinet/in.h> 96 #include <netinet/if_ether.h> 97 #endif 98 99 #include <dev/ath/if_athvar.h> 100 #include <dev/ath/ath_hal/ah_devid.h> /* XXX for softled */ 101 #include <dev/ath/ath_hal/ah_diagcodes.h> 102 103 #include <dev/ath/if_ath_debug.h> 104 #include <dev/ath/if_ath_misc.h> 105 #include <dev/ath/if_ath_tsf.h> 106 #include <dev/ath/if_ath_tx.h> 107 #include <dev/ath/if_ath_sysctl.h> 108 #include <dev/ath/if_ath_led.h> 109 #include <dev/ath/if_ath_keycache.h> 110 #include <dev/ath/if_ath_rx.h> 111 #include <dev/ath/if_ath_beacon.h> 112 #include <dev/ath/if_athdfs.h> 113 114 #ifdef ATH_TX99_DIAG 115 #include <dev/ath/ath_tx99/ath_tx99.h> 116 #endif 117 118 #define ATH_KTR_INTR KTR_SPARE4 119 #define ATH_KTR_ERR KTR_SPARE3 120 121 /* 122 * Calculate the receive filter according to the 123 * operating mode and state: 124 * 125 * o always accept unicast, broadcast, and multicast traffic 126 * o accept PHY error frames when hardware doesn't have MIB support 127 * to count and we need them for ANI (sta mode only until recently) 128 * and we are not scanning (ANI is disabled) 129 * NB: older hal's add rx filter bits out of sight and we need to 130 * blindly preserve them 131 * o probe request frames are accepted only when operating in 132 * hostap, adhoc, mesh, or monitor modes 133 * o enable promiscuous mode 134 * - when in monitor mode 135 * - if interface marked PROMISC (assumes bridge setting is filtered) 136 * o accept beacons: 137 * - when operating in station mode for collecting rssi data when 138 * the station is otherwise quiet, or 139 * - when operating in adhoc mode so the 802.11 layer creates 140 * node table entries for peers, 141 * - when scanning 142 * - when doing s/w beacon miss (e.g. for ap+sta) 143 * - when operating in ap mode in 11g to detect overlapping bss that 144 * require protection 145 * - when operating in mesh mode to detect neighbors 146 * o accept control frames: 147 * - when in monitor mode 148 * XXX HT protection for 11n 149 */ 150 u_int32_t 151 ath_calcrxfilter(struct ath_softc *sc) 152 { 153 struct ifnet *ifp = sc->sc_ifp; 154 struct ieee80211com *ic = ifp->if_l2com; 155 u_int32_t rfilt; 156 157 rfilt = HAL_RX_FILTER_UCAST | HAL_RX_FILTER_BCAST | HAL_RX_FILTER_MCAST; 158 if (!sc->sc_needmib && !sc->sc_scanning) 159 rfilt |= HAL_RX_FILTER_PHYERR; 160 if (ic->ic_opmode != IEEE80211_M_STA) 161 rfilt |= HAL_RX_FILTER_PROBEREQ; 162 /* XXX ic->ic_monvaps != 0? */ 163 if (ic->ic_opmode == IEEE80211_M_MONITOR || (ifp->if_flags & IFF_PROMISC)) 164 rfilt |= HAL_RX_FILTER_PROM; 165 if (ic->ic_opmode == IEEE80211_M_STA || 166 ic->ic_opmode == IEEE80211_M_IBSS || 167 sc->sc_swbmiss || sc->sc_scanning) 168 rfilt |= HAL_RX_FILTER_BEACON; 169 /* 170 * NB: We don't recalculate the rx filter when 171 * ic_protmode changes; otherwise we could do 172 * this only when ic_protmode != NONE. 173 */ 174 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 175 IEEE80211_IS_CHAN_ANYG(ic->ic_curchan)) 176 rfilt |= HAL_RX_FILTER_BEACON; 177 178 /* 179 * Enable hardware PS-POLL RX only for hostap mode; 180 * STA mode sends PS-POLL frames but never 181 * receives them. 182 */ 183 if (ath_hal_getcapability(sc->sc_ah, HAL_CAP_PSPOLL, 184 0, NULL) == HAL_OK && 185 ic->ic_opmode == IEEE80211_M_HOSTAP) 186 rfilt |= HAL_RX_FILTER_PSPOLL; 187 188 if (sc->sc_nmeshvaps) { 189 rfilt |= HAL_RX_FILTER_BEACON; 190 if (sc->sc_hasbmatch) 191 rfilt |= HAL_RX_FILTER_BSSID; 192 else 193 rfilt |= HAL_RX_FILTER_PROM; 194 } 195 if (ic->ic_opmode == IEEE80211_M_MONITOR) 196 rfilt |= HAL_RX_FILTER_CONTROL; 197 198 /* 199 * Enable RX of compressed BAR frames only when doing 200 * 802.11n. Required for A-MPDU. 201 */ 202 if (IEEE80211_IS_CHAN_HT(ic->ic_curchan)) 203 rfilt |= HAL_RX_FILTER_COMPBAR; 204 205 /* 206 * Enable radar PHY errors if requested by the 207 * DFS module. 208 */ 209 if (sc->sc_dodfs) 210 rfilt |= HAL_RX_FILTER_PHYRADAR; 211 212 DPRINTF(sc, ATH_DEBUG_MODE, "%s: RX filter 0x%x, %s if_flags 0x%x\n", 213 __func__, rfilt, ieee80211_opmode_name[ic->ic_opmode], ifp->if_flags); 214 return rfilt; 215 } 216 217 int 218 ath_rxbuf_init(struct ath_softc *sc, struct ath_buf *bf) 219 { 220 struct ath_hal *ah = sc->sc_ah; 221 int error; 222 struct mbuf *m; 223 struct ath_desc *ds; 224 225 m = bf->bf_m; 226 if (m == NULL) { 227 /* 228 * NB: by assigning a page to the rx dma buffer we 229 * implicitly satisfy the Atheros requirement that 230 * this buffer be cache-line-aligned and sized to be 231 * multiple of the cache line size. Not doing this 232 * causes weird stuff to happen (for the 5210 at least). 233 */ 234 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 235 if (m == NULL) { 236 DPRINTF(sc, ATH_DEBUG_ANY, 237 "%s: no mbuf/cluster\n", __func__); 238 sc->sc_stats.ast_rx_nombuf++; 239 return ENOMEM; 240 } 241 m->m_pkthdr.len = m->m_len = m->m_ext.ext_size; 242 243 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, 244 bf->bf_dmamap, m, 245 bf->bf_segs, &bf->bf_nseg, 246 BUS_DMA_NOWAIT); 247 if (error != 0) { 248 DPRINTF(sc, ATH_DEBUG_ANY, 249 "%s: bus_dmamap_load_mbuf_sg failed; error %d\n", 250 __func__, error); 251 sc->sc_stats.ast_rx_busdma++; 252 m_freem(m); 253 return error; 254 } 255 KASSERT(bf->bf_nseg == 1, 256 ("multi-segment packet; nseg %u", bf->bf_nseg)); 257 bf->bf_m = m; 258 } 259 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_PREREAD); 260 261 /* 262 * Setup descriptors. For receive we always terminate 263 * the descriptor list with a self-linked entry so we'll 264 * not get overrun under high load (as can happen with a 265 * 5212 when ANI processing enables PHY error frames). 266 * 267 * To insure the last descriptor is self-linked we create 268 * each descriptor as self-linked and add it to the end. As 269 * each additional descriptor is added the previous self-linked 270 * entry is ``fixed'' naturally. This should be safe even 271 * if DMA is happening. When processing RX interrupts we 272 * never remove/process the last, self-linked, entry on the 273 * descriptor list. This insures the hardware always has 274 * someplace to write a new frame. 275 */ 276 /* 277 * 11N: we can no longer afford to self link the last descriptor. 278 * MAC acknowledges BA status as long as it copies frames to host 279 * buffer (or rx fifo). This can incorrectly acknowledge packets 280 * to a sender if last desc is self-linked. 281 */ 282 ds = bf->bf_desc; 283 if (sc->sc_rxslink) 284 ds->ds_link = bf->bf_daddr; /* link to self */ 285 else 286 ds->ds_link = 0; /* terminate the list */ 287 ds->ds_data = bf->bf_segs[0].ds_addr; 288 ath_hal_setuprxdesc(ah, ds 289 , m->m_len /* buffer size */ 290 , 0 291 ); 292 293 if (sc->sc_rxlink != NULL) 294 *sc->sc_rxlink = bf->bf_daddr; 295 sc->sc_rxlink = &ds->ds_link; 296 return 0; 297 } 298 299 /* 300 * Intercept management frames to collect beacon rssi data 301 * and to do ibss merges. 302 */ 303 void 304 ath_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, 305 int subtype, int rssi, int nf) 306 { 307 struct ieee80211vap *vap = ni->ni_vap; 308 struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc; 309 310 /* 311 * Call up first so subsequent work can use information 312 * potentially stored in the node (e.g. for ibss merge). 313 */ 314 ATH_VAP(vap)->av_recv_mgmt(ni, m, subtype, rssi, nf); 315 switch (subtype) { 316 case IEEE80211_FC0_SUBTYPE_BEACON: 317 /* update rssi statistics for use by the hal */ 318 /* XXX unlocked check against vap->iv_bss? */ 319 ATH_RSSI_LPF(sc->sc_halstats.ns_avgbrssi, rssi); 320 if (sc->sc_syncbeacon && 321 ni == vap->iv_bss && vap->iv_state == IEEE80211_S_RUN) { 322 /* 323 * Resync beacon timers using the tsf of the beacon 324 * frame we just received. 325 */ 326 ath_beacon_config(sc, vap); 327 } 328 /* fall thru... */ 329 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 330 if (vap->iv_opmode == IEEE80211_M_IBSS && 331 vap->iv_state == IEEE80211_S_RUN) { 332 uint32_t rstamp = sc->sc_lastrs->rs_tstamp; 333 uint64_t tsf = ath_extend_tsf(sc, rstamp, 334 ath_hal_gettsf64(sc->sc_ah)); 335 /* 336 * Handle ibss merge as needed; check the tsf on the 337 * frame before attempting the merge. The 802.11 spec 338 * says the station should change it's bssid to match 339 * the oldest station with the same ssid, where oldest 340 * is determined by the tsf. Note that hardware 341 * reconfiguration happens through callback to 342 * ath_newstate as the state machine will go from 343 * RUN -> RUN when this happens. 344 */ 345 if (le64toh(ni->ni_tstamp.tsf) >= tsf) { 346 DPRINTF(sc, ATH_DEBUG_STATE, 347 "ibss merge, rstamp %u tsf %ju " 348 "tstamp %ju\n", rstamp, (uintmax_t)tsf, 349 (uintmax_t)ni->ni_tstamp.tsf); 350 (void) ieee80211_ibss_merge(ni); 351 } 352 } 353 break; 354 } 355 } 356 357 static void 358 ath_rx_tap(struct ifnet *ifp, struct mbuf *m, 359 const struct ath_rx_status *rs, u_int64_t tsf, int16_t nf) 360 { 361 #define CHAN_HT20 htole32(IEEE80211_CHAN_HT20) 362 #define CHAN_HT40U htole32(IEEE80211_CHAN_HT40U) 363 #define CHAN_HT40D htole32(IEEE80211_CHAN_HT40D) 364 #define CHAN_HT (CHAN_HT20|CHAN_HT40U|CHAN_HT40D) 365 struct ath_softc *sc = ifp->if_softc; 366 const HAL_RATE_TABLE *rt; 367 uint8_t rix; 368 369 rt = sc->sc_currates; 370 KASSERT(rt != NULL, ("no rate table, mode %u", sc->sc_curmode)); 371 rix = rt->rateCodeToIndex[rs->rs_rate]; 372 sc->sc_rx_th.wr_rate = sc->sc_hwmap[rix].ieeerate; 373 sc->sc_rx_th.wr_flags = sc->sc_hwmap[rix].rxflags; 374 #ifdef AH_SUPPORT_AR5416 375 sc->sc_rx_th.wr_chan_flags &= ~CHAN_HT; 376 if (sc->sc_rx_th.wr_rate & IEEE80211_RATE_MCS) { /* HT rate */ 377 struct ieee80211com *ic = ifp->if_l2com; 378 379 if ((rs->rs_flags & HAL_RX_2040) == 0) 380 sc->sc_rx_th.wr_chan_flags |= CHAN_HT20; 381 else if (IEEE80211_IS_CHAN_HT40U(ic->ic_curchan)) 382 sc->sc_rx_th.wr_chan_flags |= CHAN_HT40U; 383 else 384 sc->sc_rx_th.wr_chan_flags |= CHAN_HT40D; 385 if ((rs->rs_flags & HAL_RX_GI) == 0) 386 sc->sc_rx_th.wr_flags |= IEEE80211_RADIOTAP_F_SHORTGI; 387 } 388 #endif 389 sc->sc_rx_th.wr_tsf = htole64(ath_extend_tsf(sc, rs->rs_tstamp, tsf)); 390 if (rs->rs_status & HAL_RXERR_CRC) 391 sc->sc_rx_th.wr_flags |= IEEE80211_RADIOTAP_F_BADFCS; 392 /* XXX propagate other error flags from descriptor */ 393 sc->sc_rx_th.wr_antnoise = nf; 394 sc->sc_rx_th.wr_antsignal = nf + rs->rs_rssi; 395 sc->sc_rx_th.wr_antenna = rs->rs_antenna; 396 #undef CHAN_HT 397 #undef CHAN_HT20 398 #undef CHAN_HT40U 399 #undef CHAN_HT40D 400 } 401 402 static void 403 ath_handle_micerror(struct ieee80211com *ic, 404 struct ieee80211_frame *wh, int keyix) 405 { 406 struct ieee80211_node *ni; 407 408 /* XXX recheck MIC to deal w/ chips that lie */ 409 /* XXX discard MIC errors on !data frames */ 410 ni = ieee80211_find_rxnode(ic, (const struct ieee80211_frame_min *) wh); 411 if (ni != NULL) { 412 ieee80211_notify_michael_failure(ni->ni_vap, wh, keyix); 413 ieee80211_free_node(ni); 414 } 415 } 416 417 /* 418 * Only run the RX proc if it's not already running. 419 * Since this may get run as part of the reset/flush path, 420 * the task can't clash with an existing, running tasklet. 421 */ 422 void 423 ath_rx_tasklet(void *arg, int npending) 424 { 425 struct ath_softc *sc = arg; 426 427 CTR1(ATH_KTR_INTR, "ath_rx_proc: pending=%d", npending); 428 DPRINTF(sc, ATH_DEBUG_RX_PROC, "%s: pending %u\n", __func__, npending); 429 ATH_PCU_LOCK(sc); 430 if (sc->sc_inreset_cnt > 0) { 431 device_printf(sc->sc_dev, 432 "%s: sc_inreset_cnt > 0; skipping\n", __func__); 433 ATH_PCU_UNLOCK(sc); 434 return; 435 } 436 ATH_PCU_UNLOCK(sc); 437 ath_rx_proc(sc, 1); 438 } 439 440 static int 441 ath_rx_pkt(struct ath_softc *sc, struct ath_rx_status *rs, HAL_STATUS status, 442 uint64_t tsf, int nf, struct ath_buf *bf) 443 { 444 struct ath_hal *ah = sc->sc_ah; 445 struct mbuf *m = bf->bf_m; 446 uint64_t rstamp; 447 int len, type; 448 struct ifnet *ifp = sc->sc_ifp; 449 struct ieee80211com *ic = ifp->if_l2com; 450 struct ieee80211_node *ni; 451 int is_good = 0; 452 453 /* 454 * Calculate the correct 64 bit TSF given 455 * the TSF64 register value and rs_tstamp. 456 */ 457 rstamp = ath_extend_tsf(sc, rs->rs_tstamp, tsf); 458 459 /* These aren't specifically errors */ 460 #ifdef AH_SUPPORT_AR5416 461 if (rs->rs_flags & HAL_RX_GI) 462 sc->sc_stats.ast_rx_halfgi++; 463 if (rs->rs_flags & HAL_RX_2040) 464 sc->sc_stats.ast_rx_2040++; 465 if (rs->rs_flags & HAL_RX_DELIM_CRC_PRE) 466 sc->sc_stats.ast_rx_pre_crc_err++; 467 if (rs->rs_flags & HAL_RX_DELIM_CRC_POST) 468 sc->sc_stats.ast_rx_post_crc_err++; 469 if (rs->rs_flags & HAL_RX_DECRYPT_BUSY) 470 sc->sc_stats.ast_rx_decrypt_busy_err++; 471 if (rs->rs_flags & HAL_RX_HI_RX_CHAIN) 472 sc->sc_stats.ast_rx_hi_rx_chain++; 473 #endif /* AH_SUPPORT_AR5416 */ 474 475 if (rs->rs_status != 0) { 476 if (rs->rs_status & HAL_RXERR_CRC) 477 sc->sc_stats.ast_rx_crcerr++; 478 if (rs->rs_status & HAL_RXERR_FIFO) 479 sc->sc_stats.ast_rx_fifoerr++; 480 if (rs->rs_status & HAL_RXERR_PHY) { 481 sc->sc_stats.ast_rx_phyerr++; 482 /* Process DFS radar events */ 483 if ((rs->rs_phyerr == HAL_PHYERR_RADAR) || 484 (rs->rs_phyerr == HAL_PHYERR_FALSE_RADAR_EXT)) { 485 /* Since we're touching the frame data, sync it */ 486 bus_dmamap_sync(sc->sc_dmat, 487 bf->bf_dmamap, 488 BUS_DMASYNC_POSTREAD); 489 /* Now pass it to the radar processing code */ 490 ath_dfs_process_phy_err(sc, mtod(m, char *), rstamp, rs); 491 } 492 493 /* Be suitably paranoid about receiving phy errors out of the stats array bounds */ 494 if (rs->rs_phyerr < 64) 495 sc->sc_stats.ast_rx_phy[rs->rs_phyerr]++; 496 goto rx_error; /* NB: don't count in ierrors */ 497 } 498 if (rs->rs_status & HAL_RXERR_DECRYPT) { 499 /* 500 * Decrypt error. If the error occurred 501 * because there was no hardware key, then 502 * let the frame through so the upper layers 503 * can process it. This is necessary for 5210 504 * parts which have no way to setup a ``clear'' 505 * key cache entry. 506 * 507 * XXX do key cache faulting 508 */ 509 if (rs->rs_keyix == HAL_RXKEYIX_INVALID) 510 goto rx_accept; 511 sc->sc_stats.ast_rx_badcrypt++; 512 } 513 if (rs->rs_status & HAL_RXERR_MIC) { 514 sc->sc_stats.ast_rx_badmic++; 515 /* 516 * Do minimal work required to hand off 517 * the 802.11 header for notification. 518 */ 519 /* XXX frag's and qos frames */ 520 len = rs->rs_datalen; 521 if (len >= sizeof (struct ieee80211_frame)) { 522 bus_dmamap_sync(sc->sc_dmat, 523 bf->bf_dmamap, 524 BUS_DMASYNC_POSTREAD); 525 ath_handle_micerror(ic, 526 mtod(m, struct ieee80211_frame *), 527 sc->sc_splitmic ? 528 rs->rs_keyix-32 : rs->rs_keyix); 529 } 530 } 531 ifp->if_ierrors++; 532 rx_error: 533 /* 534 * Cleanup any pending partial frame. 535 */ 536 if (sc->sc_rxpending != NULL) { 537 m_freem(sc->sc_rxpending); 538 sc->sc_rxpending = NULL; 539 } 540 /* 541 * When a tap is present pass error frames 542 * that have been requested. By default we 543 * pass decrypt+mic errors but others may be 544 * interesting (e.g. crc). 545 */ 546 if (ieee80211_radiotap_active(ic) && 547 (rs->rs_status & sc->sc_monpass)) { 548 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, 549 BUS_DMASYNC_POSTREAD); 550 /* NB: bpf needs the mbuf length setup */ 551 len = rs->rs_datalen; 552 m->m_pkthdr.len = m->m_len = len; 553 bf->bf_m = NULL; 554 ath_rx_tap(ifp, m, rs, rstamp, nf); 555 ieee80211_radiotap_rx_all(ic, m); 556 m_freem(m); 557 } 558 /* XXX pass MIC errors up for s/w reclaculation */ 559 goto rx_next; 560 } 561 rx_accept: 562 /* 563 * Sync and unmap the frame. At this point we're 564 * committed to passing the mbuf somewhere so clear 565 * bf_m; this means a new mbuf must be allocated 566 * when the rx descriptor is setup again to receive 567 * another frame. 568 */ 569 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_POSTREAD); 570 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap); 571 bf->bf_m = NULL; 572 573 len = rs->rs_datalen; 574 m->m_len = len; 575 576 if (rs->rs_more) { 577 /* 578 * Frame spans multiple descriptors; save 579 * it for the next completed descriptor, it 580 * will be used to construct a jumbogram. 581 */ 582 if (sc->sc_rxpending != NULL) { 583 /* NB: max frame size is currently 2 clusters */ 584 sc->sc_stats.ast_rx_toobig++; 585 m_freem(sc->sc_rxpending); 586 } 587 m->m_pkthdr.rcvif = ifp; 588 m->m_pkthdr.len = len; 589 sc->sc_rxpending = m; 590 goto rx_next; 591 } else if (sc->sc_rxpending != NULL) { 592 /* 593 * This is the second part of a jumbogram, 594 * chain it to the first mbuf, adjust the 595 * frame length, and clear the rxpending state. 596 */ 597 sc->sc_rxpending->m_next = m; 598 sc->sc_rxpending->m_pkthdr.len += len; 599 m = sc->sc_rxpending; 600 sc->sc_rxpending = NULL; 601 } else { 602 /* 603 * Normal single-descriptor receive; setup 604 * the rcvif and packet length. 605 */ 606 m->m_pkthdr.rcvif = ifp; 607 m->m_pkthdr.len = len; 608 } 609 610 /* 611 * Validate rs->rs_antenna. 612 * 613 * Some users w/ AR9285 NICs have reported crashes 614 * here because rs_antenna field is bogusly large. 615 * Let's enforce the maximum antenna limit of 8 616 * (and it shouldn't be hard coded, but that's a 617 * separate problem) and if there's an issue, print 618 * out an error and adjust rs_antenna to something 619 * sensible. 620 * 621 * This code should be removed once the actual 622 * root cause of the issue has been identified. 623 * For example, it may be that the rs_antenna 624 * field is only valid for the lsat frame of 625 * an aggregate and it just happens that it is 626 * "mostly" right. (This is a general statement - 627 * the majority of the statistics are only valid 628 * for the last frame in an aggregate. 629 */ 630 if (rs->rs_antenna > 7) { 631 device_printf(sc->sc_dev, "%s: rs_antenna > 7 (%d)\n", 632 __func__, rs->rs_antenna); 633 #ifdef ATH_DEBUG 634 ath_printrxbuf(sc, bf, 0, status == HAL_OK); 635 #endif /* ATH_DEBUG */ 636 rs->rs_antenna = 0; /* XXX better than nothing */ 637 } 638 639 ifp->if_ipackets++; 640 sc->sc_stats.ast_ant_rx[rs->rs_antenna]++; 641 642 /* 643 * Populate the rx status block. When there are bpf 644 * listeners we do the additional work to provide 645 * complete status. Otherwise we fill in only the 646 * material required by ieee80211_input. Note that 647 * noise setting is filled in above. 648 */ 649 if (ieee80211_radiotap_active(ic)) 650 ath_rx_tap(ifp, m, rs, rstamp, nf); 651 652 /* 653 * From this point on we assume the frame is at least 654 * as large as ieee80211_frame_min; verify that. 655 */ 656 if (len < IEEE80211_MIN_LEN) { 657 if (!ieee80211_radiotap_active(ic)) { 658 DPRINTF(sc, ATH_DEBUG_RECV, 659 "%s: short packet %d\n", __func__, len); 660 sc->sc_stats.ast_rx_tooshort++; 661 } else { 662 /* NB: in particular this captures ack's */ 663 ieee80211_radiotap_rx_all(ic, m); 664 } 665 m_freem(m); 666 goto rx_next; 667 } 668 669 if (IFF_DUMPPKTS(sc, ATH_DEBUG_RECV)) { 670 const HAL_RATE_TABLE *rt = sc->sc_currates; 671 uint8_t rix = rt->rateCodeToIndex[rs->rs_rate]; 672 673 ieee80211_dump_pkt(ic, mtod(m, caddr_t), len, 674 sc->sc_hwmap[rix].ieeerate, rs->rs_rssi); 675 } 676 677 m_adj(m, -IEEE80211_CRC_LEN); 678 679 /* 680 * Locate the node for sender, track state, and then 681 * pass the (referenced) node up to the 802.11 layer 682 * for its use. 683 */ 684 ni = ieee80211_find_rxnode_withkey(ic, 685 mtod(m, const struct ieee80211_frame_min *), 686 rs->rs_keyix == HAL_RXKEYIX_INVALID ? 687 IEEE80211_KEYIX_NONE : rs->rs_keyix); 688 sc->sc_lastrs = rs; 689 690 #ifdef AH_SUPPORT_AR5416 691 if (rs->rs_isaggr) 692 sc->sc_stats.ast_rx_agg++; 693 #endif /* AH_SUPPORT_AR5416 */ 694 695 if (ni != NULL) { 696 /* 697 * Only punt packets for ampdu reorder processing for 698 * 11n nodes; net80211 enforces that M_AMPDU is only 699 * set for 11n nodes. 700 */ 701 if (ni->ni_flags & IEEE80211_NODE_HT) 702 m->m_flags |= M_AMPDU; 703 704 /* 705 * Sending station is known, dispatch directly. 706 */ 707 type = ieee80211_input(ni, m, rs->rs_rssi, nf); 708 ieee80211_free_node(ni); 709 /* 710 * Arrange to update the last rx timestamp only for 711 * frames from our ap when operating in station mode. 712 * This assumes the rx key is always setup when 713 * associated. 714 */ 715 if (ic->ic_opmode == IEEE80211_M_STA && 716 rs->rs_keyix != HAL_RXKEYIX_INVALID) 717 is_good = 1; 718 } else { 719 type = ieee80211_input_all(ic, m, rs->rs_rssi, nf); 720 } 721 /* 722 * Track rx rssi and do any rx antenna management. 723 */ 724 ATH_RSSI_LPF(sc->sc_halstats.ns_avgrssi, rs->rs_rssi); 725 if (sc->sc_diversity) { 726 /* 727 * When using fast diversity, change the default rx 728 * antenna if diversity chooses the other antenna 3 729 * times in a row. 730 */ 731 if (sc->sc_defant != rs->rs_antenna) { 732 if (++sc->sc_rxotherant >= 3) 733 ath_setdefantenna(sc, rs->rs_antenna); 734 } else 735 sc->sc_rxotherant = 0; 736 } 737 738 /* Newer school diversity - kite specific for now */ 739 /* XXX perhaps migrate the normal diversity code to this? */ 740 if ((ah)->ah_rxAntCombDiversity) 741 (*(ah)->ah_rxAntCombDiversity)(ah, rs, ticks, hz); 742 743 if (sc->sc_softled) { 744 /* 745 * Blink for any data frame. Otherwise do a 746 * heartbeat-style blink when idle. The latter 747 * is mainly for station mode where we depend on 748 * periodic beacon frames to trigger the poll event. 749 */ 750 if (type == IEEE80211_FC0_TYPE_DATA) { 751 const HAL_RATE_TABLE *rt = sc->sc_currates; 752 ath_led_event(sc, 753 rt->rateCodeToIndex[rs->rs_rate]); 754 } else if (ticks - sc->sc_ledevent >= sc->sc_ledidle) 755 ath_led_event(sc, 0); 756 } 757 rx_next: 758 return (is_good); 759 } 760 761 void 762 ath_rx_proc(struct ath_softc *sc, int resched) 763 { 764 #define PA2DESC(_sc, _pa) \ 765 ((struct ath_desc *)((caddr_t)(_sc)->sc_rxdma.dd_desc + \ 766 ((_pa) - (_sc)->sc_rxdma.dd_desc_paddr))) 767 struct ath_buf *bf; 768 struct ifnet *ifp = sc->sc_ifp; 769 struct ath_hal *ah = sc->sc_ah; 770 #ifdef IEEE80211_SUPPORT_SUPERG 771 struct ieee80211com *ic = ifp->if_l2com; 772 #endif 773 struct ath_desc *ds; 774 struct ath_rx_status *rs; 775 struct mbuf *m; 776 int ngood; 777 HAL_STATUS status; 778 int16_t nf; 779 u_int64_t tsf; 780 int npkts = 0; 781 782 /* XXX we must not hold the ATH_LOCK here */ 783 ATH_UNLOCK_ASSERT(sc); 784 ATH_PCU_UNLOCK_ASSERT(sc); 785 786 ATH_PCU_LOCK(sc); 787 sc->sc_rxproc_cnt++; 788 ATH_PCU_UNLOCK(sc); 789 790 DPRINTF(sc, ATH_DEBUG_RX_PROC, "%s: called\n", __func__); 791 ngood = 0; 792 nf = ath_hal_getchannoise(ah, sc->sc_curchan); 793 sc->sc_stats.ast_rx_noise = nf; 794 tsf = ath_hal_gettsf64(ah); 795 do { 796 bf = TAILQ_FIRST(&sc->sc_rxbuf); 797 if (sc->sc_rxslink && bf == NULL) { /* NB: shouldn't happen */ 798 if_printf(ifp, "%s: no buffer!\n", __func__); 799 break; 800 } else if (bf == NULL) { 801 /* 802 * End of List: 803 * this can happen for non-self-linked RX chains 804 */ 805 sc->sc_stats.ast_rx_hitqueueend++; 806 break; 807 } 808 m = bf->bf_m; 809 if (m == NULL) { /* NB: shouldn't happen */ 810 /* 811 * If mbuf allocation failed previously there 812 * will be no mbuf; try again to re-populate it. 813 */ 814 /* XXX make debug msg */ 815 if_printf(ifp, "%s: no mbuf!\n", __func__); 816 TAILQ_REMOVE(&sc->sc_rxbuf, bf, bf_list); 817 goto rx_proc_next; 818 } 819 ds = bf->bf_desc; 820 if (ds->ds_link == bf->bf_daddr) { 821 /* NB: never process the self-linked entry at the end */ 822 sc->sc_stats.ast_rx_hitqueueend++; 823 break; 824 } 825 /* XXX sync descriptor memory */ 826 /* 827 * Must provide the virtual address of the current 828 * descriptor, the physical address, and the virtual 829 * address of the next descriptor in the h/w chain. 830 * This allows the HAL to look ahead to see if the 831 * hardware is done with a descriptor by checking the 832 * done bit in the following descriptor and the address 833 * of the current descriptor the DMA engine is working 834 * on. All this is necessary because of our use of 835 * a self-linked list to avoid rx overruns. 836 */ 837 rs = &bf->bf_status.ds_rxstat; 838 status = ath_hal_rxprocdesc(ah, ds, 839 bf->bf_daddr, PA2DESC(sc, ds->ds_link), rs); 840 #ifdef ATH_DEBUG 841 if (sc->sc_debug & ATH_DEBUG_RECV_DESC) 842 ath_printrxbuf(sc, bf, 0, status == HAL_OK); 843 #endif 844 if (status == HAL_EINPROGRESS) 845 break; 846 847 TAILQ_REMOVE(&sc->sc_rxbuf, bf, bf_list); 848 npkts++; 849 850 /* 851 * Process a single frame. 852 */ 853 if (ath_rx_pkt(sc, rs, status, tsf, nf, bf)) 854 ngood++; 855 rx_proc_next: 856 TAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list); 857 } while (ath_rxbuf_init(sc, bf) == 0); 858 859 /* rx signal state monitoring */ 860 ath_hal_rxmonitor(ah, &sc->sc_halstats, sc->sc_curchan); 861 if (ngood) 862 sc->sc_lastrx = tsf; 863 864 CTR2(ATH_KTR_INTR, "ath_rx_proc: npkts=%d, ngood=%d", npkts, ngood); 865 /* Queue DFS tasklet if needed */ 866 if (resched && ath_dfs_tasklet_needed(sc, sc->sc_curchan)) 867 taskqueue_enqueue(sc->sc_tq, &sc->sc_dfstask); 868 869 /* 870 * Now that all the RX frames were handled that 871 * need to be handled, kick the PCU if there's 872 * been an RXEOL condition. 873 */ 874 ATH_PCU_LOCK(sc); 875 if (resched && sc->sc_kickpcu) { 876 CTR0(ATH_KTR_ERR, "ath_rx_proc: kickpcu"); 877 device_printf(sc->sc_dev, "%s: kickpcu; handled %d packets\n", 878 __func__, npkts); 879 880 /* XXX rxslink? */ 881 /* 882 * XXX can we hold the PCU lock here? 883 * Are there any net80211 buffer calls involved? 884 */ 885 bf = TAILQ_FIRST(&sc->sc_rxbuf); 886 ath_hal_putrxbuf(ah, bf->bf_daddr); 887 ath_hal_rxena(ah); /* enable recv descriptors */ 888 ath_mode_init(sc); /* set filters, etc. */ 889 ath_hal_startpcurecv(ah); /* re-enable PCU/DMA engine */ 890 891 ath_hal_intrset(ah, sc->sc_imask); 892 sc->sc_kickpcu = 0; 893 } 894 ATH_PCU_UNLOCK(sc); 895 896 /* XXX check this inside of IF_LOCK? */ 897 if (resched && (ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) { 898 #ifdef IEEE80211_SUPPORT_SUPERG 899 ieee80211_ff_age_all(ic, 100); 900 #endif 901 if (!IFQ_IS_EMPTY(&ifp->if_snd)) 902 ath_tx_tasklet(sc, 1); 903 //ath_start(ifp); 904 } 905 #undef PA2DESC 906 907 ATH_PCU_LOCK(sc); 908 sc->sc_rxproc_cnt--; 909 ATH_PCU_UNLOCK(sc); 910 } 911 912 /* 913 * Disable the receive h/w in preparation for a reset. 914 */ 915 void 916 ath_stoprecv(struct ath_softc *sc, int dodelay) 917 { 918 #define PA2DESC(_sc, _pa) \ 919 ((struct ath_desc *)((caddr_t)(_sc)->sc_rxdma.dd_desc + \ 920 ((_pa) - (_sc)->sc_rxdma.dd_desc_paddr))) 921 struct ath_hal *ah = sc->sc_ah; 922 923 ath_hal_stoppcurecv(ah); /* disable PCU */ 924 ath_hal_setrxfilter(ah, 0); /* clear recv filter */ 925 ath_hal_stopdmarecv(ah); /* disable DMA engine */ 926 /* 927 * TODO: see if this particular DELAY() is required; it may be 928 * masking some missing FIFO flush or DMA sync. 929 */ 930 #if 0 931 if (dodelay) 932 #endif 933 DELAY(3000); /* 3ms is long enough for 1 frame */ 934 #ifdef ATH_DEBUG 935 if (sc->sc_debug & (ATH_DEBUG_RESET | ATH_DEBUG_FATAL)) { 936 struct ath_buf *bf; 937 u_int ix; 938 939 device_printf(sc->sc_dev, 940 "%s: rx queue %p, link %p\n", 941 __func__, 942 (caddr_t)(uintptr_t) ath_hal_getrxbuf(ah), 943 sc->sc_rxlink); 944 ix = 0; 945 TAILQ_FOREACH(bf, &sc->sc_rxbuf, bf_list) { 946 struct ath_desc *ds = bf->bf_desc; 947 struct ath_rx_status *rs = &bf->bf_status.ds_rxstat; 948 HAL_STATUS status = ath_hal_rxprocdesc(ah, ds, 949 bf->bf_daddr, PA2DESC(sc, ds->ds_link), rs); 950 if (status == HAL_OK || (sc->sc_debug & ATH_DEBUG_FATAL)) 951 ath_printrxbuf(sc, bf, ix, status == HAL_OK); 952 ix++; 953 } 954 } 955 #endif 956 if (sc->sc_rxpending != NULL) { 957 m_freem(sc->sc_rxpending); 958 sc->sc_rxpending = NULL; 959 } 960 sc->sc_rxlink = NULL; /* just in case */ 961 #undef PA2DESC 962 } 963 964 /* 965 * Enable the receive h/w following a reset. 966 */ 967 int 968 ath_startrecv(struct ath_softc *sc) 969 { 970 struct ath_hal *ah = sc->sc_ah; 971 struct ath_buf *bf; 972 973 sc->sc_rxlink = NULL; 974 sc->sc_rxpending = NULL; 975 TAILQ_FOREACH(bf, &sc->sc_rxbuf, bf_list) { 976 int error = ath_rxbuf_init(sc, bf); 977 if (error != 0) { 978 DPRINTF(sc, ATH_DEBUG_RECV, 979 "%s: ath_rxbuf_init failed %d\n", 980 __func__, error); 981 return error; 982 } 983 } 984 985 bf = TAILQ_FIRST(&sc->sc_rxbuf); 986 ath_hal_putrxbuf(ah, bf->bf_daddr); 987 ath_hal_rxena(ah); /* enable recv descriptors */ 988 ath_mode_init(sc); /* set filters, etc. */ 989 ath_hal_startpcurecv(ah); /* re-enable PCU/DMA engine */ 990 return 0; 991 } 992