1 /*- 2 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer, 10 * without modification. 11 * 2. Redistributions in binary form must reproduce at minimum a disclaimer 12 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any 13 * redistribution must be conditioned upon including a substantially 14 * similar Disclaimer requirement for further binary redistribution. 15 * 16 * NO WARRANTY 17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY 20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 21 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, 22 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 25 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 27 * THE POSSIBILITY OF SUCH DAMAGES. 28 */ 29 30 #include <sys/cdefs.h> 31 __FBSDID("$FreeBSD$"); 32 33 /* 34 * Driver for the Atheros Wireless LAN controller. 35 * 36 * This software is derived from work of Atsushi Onoe; his contribution 37 * is greatly appreciated. 38 */ 39 40 #include "opt_inet.h" 41 #include "opt_ath.h" 42 /* 43 * This is needed for register operations which are performed 44 * by the driver - eg, calls to ath_hal_gettsf32(). 45 * 46 * It's also required for any AH_DEBUG checks in here, eg the 47 * module dependencies. 48 */ 49 #include "opt_ah.h" 50 #include "opt_wlan.h" 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/sysctl.h> 55 #include <sys/mbuf.h> 56 #include <sys/malloc.h> 57 #include <sys/lock.h> 58 #include <sys/mutex.h> 59 #include <sys/kernel.h> 60 #include <sys/socket.h> 61 #include <sys/sockio.h> 62 #include <sys/errno.h> 63 #include <sys/callout.h> 64 #include <sys/bus.h> 65 #include <sys/endian.h> 66 #include <sys/kthread.h> 67 #include <sys/taskqueue.h> 68 #include <sys/priv.h> 69 #include <sys/module.h> 70 #include <sys/ktr.h> 71 #include <sys/smp.h> /* for mp_ncpus */ 72 73 #include <machine/bus.h> 74 75 #include <net/if.h> 76 #include <net/if_var.h> 77 #include <net/if_dl.h> 78 #include <net/if_media.h> 79 #include <net/if_types.h> 80 #include <net/if_arp.h> 81 #include <net/ethernet.h> 82 #include <net/if_llc.h> 83 84 #include <net80211/ieee80211_var.h> 85 #include <net80211/ieee80211_regdomain.h> 86 #ifdef IEEE80211_SUPPORT_SUPERG 87 #include <net80211/ieee80211_superg.h> 88 #endif 89 #ifdef IEEE80211_SUPPORT_TDMA 90 #include <net80211/ieee80211_tdma.h> 91 #endif 92 93 #include <net/bpf.h> 94 95 #ifdef INET 96 #include <netinet/in.h> 97 #include <netinet/if_ether.h> 98 #endif 99 100 #include <dev/ath/if_athvar.h> 101 #include <dev/ath/ath_hal/ah_devid.h> /* XXX for softled */ 102 #include <dev/ath/ath_hal/ah_diagcodes.h> 103 104 #include <dev/ath/if_ath_debug.h> 105 #include <dev/ath/if_ath_misc.h> 106 #include <dev/ath/if_ath_tsf.h> 107 #include <dev/ath/if_ath_tx.h> 108 #include <dev/ath/if_ath_sysctl.h> 109 #include <dev/ath/if_ath_led.h> 110 #include <dev/ath/if_ath_keycache.h> 111 #include <dev/ath/if_ath_rx.h> 112 #include <dev/ath/if_ath_beacon.h> 113 #include <dev/ath/if_athdfs.h> 114 115 #ifdef ATH_TX99_DIAG 116 #include <dev/ath/ath_tx99/ath_tx99.h> 117 #endif 118 119 #ifdef ATH_DEBUG_ALQ 120 #include <dev/ath/if_ath_alq.h> 121 #endif 122 123 #include <dev/ath/if_ath_lna_div.h> 124 125 /* 126 * Calculate the receive filter according to the 127 * operating mode and state: 128 * 129 * o always accept unicast, broadcast, and multicast traffic 130 * o accept PHY error frames when hardware doesn't have MIB support 131 * to count and we need them for ANI (sta mode only until recently) 132 * and we are not scanning (ANI is disabled) 133 * NB: older hal's add rx filter bits out of sight and we need to 134 * blindly preserve them 135 * o probe request frames are accepted only when operating in 136 * hostap, adhoc, mesh, or monitor modes 137 * o enable promiscuous mode 138 * - when in monitor mode 139 * - if interface marked PROMISC (assumes bridge setting is filtered) 140 * o accept beacons: 141 * - when operating in station mode for collecting rssi data when 142 * the station is otherwise quiet, or 143 * - when operating in adhoc mode so the 802.11 layer creates 144 * node table entries for peers, 145 * - when scanning 146 * - when doing s/w beacon miss (e.g. for ap+sta) 147 * - when operating in ap mode in 11g to detect overlapping bss that 148 * require protection 149 * - when operating in mesh mode to detect neighbors 150 * o accept control frames: 151 * - when in monitor mode 152 * XXX HT protection for 11n 153 */ 154 u_int32_t 155 ath_calcrxfilter(struct ath_softc *sc) 156 { 157 struct ifnet *ifp = sc->sc_ifp; 158 struct ieee80211com *ic = ifp->if_l2com; 159 u_int32_t rfilt; 160 161 rfilt = HAL_RX_FILTER_UCAST | HAL_RX_FILTER_BCAST | HAL_RX_FILTER_MCAST; 162 if (!sc->sc_needmib && !sc->sc_scanning) 163 rfilt |= HAL_RX_FILTER_PHYERR; 164 if (ic->ic_opmode != IEEE80211_M_STA) 165 rfilt |= HAL_RX_FILTER_PROBEREQ; 166 /* XXX ic->ic_monvaps != 0? */ 167 if (ic->ic_opmode == IEEE80211_M_MONITOR || (ifp->if_flags & IFF_PROMISC)) 168 rfilt |= HAL_RX_FILTER_PROM; 169 170 /* 171 * Only listen to all beacons if we're scanning. 172 * 173 * Otherwise we only really need to hear beacons from 174 * our own BSSID. 175 */ 176 if (ic->ic_opmode == IEEE80211_M_STA || 177 ic->ic_opmode == IEEE80211_M_IBSS || sc->sc_swbmiss) { 178 if (sc->sc_do_mybeacon && ! sc->sc_scanning) { 179 rfilt |= HAL_RX_FILTER_MYBEACON; 180 } else { /* scanning, non-mybeacon chips */ 181 rfilt |= HAL_RX_FILTER_BEACON; 182 } 183 } 184 185 /* 186 * NB: We don't recalculate the rx filter when 187 * ic_protmode changes; otherwise we could do 188 * this only when ic_protmode != NONE. 189 */ 190 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 191 IEEE80211_IS_CHAN_ANYG(ic->ic_curchan)) 192 rfilt |= HAL_RX_FILTER_BEACON; 193 194 /* 195 * Enable hardware PS-POLL RX only for hostap mode; 196 * STA mode sends PS-POLL frames but never 197 * receives them. 198 */ 199 if (ath_hal_getcapability(sc->sc_ah, HAL_CAP_PSPOLL, 200 0, NULL) == HAL_OK && 201 ic->ic_opmode == IEEE80211_M_HOSTAP) 202 rfilt |= HAL_RX_FILTER_PSPOLL; 203 204 if (sc->sc_nmeshvaps) { 205 rfilt |= HAL_RX_FILTER_BEACON; 206 if (sc->sc_hasbmatch) 207 rfilt |= HAL_RX_FILTER_BSSID; 208 else 209 rfilt |= HAL_RX_FILTER_PROM; 210 } 211 if (ic->ic_opmode == IEEE80211_M_MONITOR) 212 rfilt |= HAL_RX_FILTER_CONTROL; 213 214 /* 215 * Enable RX of compressed BAR frames only when doing 216 * 802.11n. Required for A-MPDU. 217 */ 218 if (IEEE80211_IS_CHAN_HT(ic->ic_curchan)) 219 rfilt |= HAL_RX_FILTER_COMPBAR; 220 221 /* 222 * Enable radar PHY errors if requested by the 223 * DFS module. 224 */ 225 if (sc->sc_dodfs) 226 rfilt |= HAL_RX_FILTER_PHYRADAR; 227 228 /* 229 * Enable spectral PHY errors if requested by the 230 * spectral module. 231 */ 232 if (sc->sc_dospectral) 233 rfilt |= HAL_RX_FILTER_PHYRADAR; 234 235 DPRINTF(sc, ATH_DEBUG_MODE, "%s: RX filter 0x%x, %s if_flags 0x%x\n", 236 __func__, rfilt, ieee80211_opmode_name[ic->ic_opmode], ifp->if_flags); 237 return rfilt; 238 } 239 240 static int 241 ath_legacy_rxbuf_init(struct ath_softc *sc, struct ath_buf *bf) 242 { 243 struct ath_hal *ah = sc->sc_ah; 244 int error; 245 struct mbuf *m; 246 struct ath_desc *ds; 247 248 /* XXX TODO: ATH_RX_LOCK_ASSERT(sc); */ 249 250 m = bf->bf_m; 251 if (m == NULL) { 252 /* 253 * NB: by assigning a page to the rx dma buffer we 254 * implicitly satisfy the Atheros requirement that 255 * this buffer be cache-line-aligned and sized to be 256 * multiple of the cache line size. Not doing this 257 * causes weird stuff to happen (for the 5210 at least). 258 */ 259 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 260 if (m == NULL) { 261 DPRINTF(sc, ATH_DEBUG_ANY, 262 "%s: no mbuf/cluster\n", __func__); 263 sc->sc_stats.ast_rx_nombuf++; 264 return ENOMEM; 265 } 266 m->m_pkthdr.len = m->m_len = m->m_ext.ext_size; 267 268 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, 269 bf->bf_dmamap, m, 270 bf->bf_segs, &bf->bf_nseg, 271 BUS_DMA_NOWAIT); 272 if (error != 0) { 273 DPRINTF(sc, ATH_DEBUG_ANY, 274 "%s: bus_dmamap_load_mbuf_sg failed; error %d\n", 275 __func__, error); 276 sc->sc_stats.ast_rx_busdma++; 277 m_freem(m); 278 return error; 279 } 280 KASSERT(bf->bf_nseg == 1, 281 ("multi-segment packet; nseg %u", bf->bf_nseg)); 282 bf->bf_m = m; 283 } 284 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_PREREAD); 285 286 /* 287 * Setup descriptors. For receive we always terminate 288 * the descriptor list with a self-linked entry so we'll 289 * not get overrun under high load (as can happen with a 290 * 5212 when ANI processing enables PHY error frames). 291 * 292 * To insure the last descriptor is self-linked we create 293 * each descriptor as self-linked and add it to the end. As 294 * each additional descriptor is added the previous self-linked 295 * entry is ``fixed'' naturally. This should be safe even 296 * if DMA is happening. When processing RX interrupts we 297 * never remove/process the last, self-linked, entry on the 298 * descriptor list. This insures the hardware always has 299 * someplace to write a new frame. 300 */ 301 /* 302 * 11N: we can no longer afford to self link the last descriptor. 303 * MAC acknowledges BA status as long as it copies frames to host 304 * buffer (or rx fifo). This can incorrectly acknowledge packets 305 * to a sender if last desc is self-linked. 306 */ 307 ds = bf->bf_desc; 308 if (sc->sc_rxslink) 309 ds->ds_link = bf->bf_daddr; /* link to self */ 310 else 311 ds->ds_link = 0; /* terminate the list */ 312 ds->ds_data = bf->bf_segs[0].ds_addr; 313 ath_hal_setuprxdesc(ah, ds 314 , m->m_len /* buffer size */ 315 , 0 316 ); 317 318 if (sc->sc_rxlink != NULL) 319 *sc->sc_rxlink = bf->bf_daddr; 320 sc->sc_rxlink = &ds->ds_link; 321 return 0; 322 } 323 324 /* 325 * Intercept management frames to collect beacon rssi data 326 * and to do ibss merges. 327 */ 328 void 329 ath_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, 330 int subtype, int rssi, int nf) 331 { 332 struct ieee80211vap *vap = ni->ni_vap; 333 struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc; 334 uint64_t tsf_beacon_old, tsf_beacon; 335 uint64_t nexttbtt; 336 int64_t tsf_delta; 337 int32_t tsf_delta_bmiss; 338 int32_t tsf_remainder; 339 uint64_t tsf_beacon_target; 340 int tsf_intval; 341 342 tsf_beacon_old = ((uint64_t) LE_READ_4(ni->ni_tstamp.data + 4)) << 32; 343 tsf_beacon_old |= LE_READ_4(ni->ni_tstamp.data); 344 345 #define TU_TO_TSF(_tu) (((u_int64_t)(_tu)) << 10) 346 tsf_intval = 1; 347 if (ni->ni_intval > 0) { 348 tsf_intval = TU_TO_TSF(ni->ni_intval); 349 } 350 #undef TU_TO_TSF 351 352 /* 353 * Call up first so subsequent work can use information 354 * potentially stored in the node (e.g. for ibss merge). 355 */ 356 ATH_VAP(vap)->av_recv_mgmt(ni, m, subtype, rssi, nf); 357 switch (subtype) { 358 case IEEE80211_FC0_SUBTYPE_BEACON: 359 /* update rssi statistics for use by the hal */ 360 /* XXX unlocked check against vap->iv_bss? */ 361 ATH_RSSI_LPF(sc->sc_halstats.ns_avgbrssi, rssi); 362 363 tsf_beacon = ((uint64_t) LE_READ_4(ni->ni_tstamp.data + 4)) << 32; 364 tsf_beacon |= LE_READ_4(ni->ni_tstamp.data); 365 366 nexttbtt = ath_hal_getnexttbtt(sc->sc_ah); 367 368 /* 369 * Let's calculate the delta and remainder, so we can see 370 * if the beacon timer from the AP is varying by more than 371 * a few TU. (Which would be a huge, huge problem.) 372 */ 373 tsf_delta = (long long) tsf_beacon - (long long) tsf_beacon_old; 374 375 tsf_delta_bmiss = tsf_delta / tsf_intval; 376 377 /* 378 * If our delta is greater than half the beacon interval, 379 * let's round the bmiss value up to the next beacon 380 * interval. Ie, we're running really, really early 381 * on the next beacon. 382 */ 383 if (tsf_delta % tsf_intval > (tsf_intval / 2)) 384 tsf_delta_bmiss ++; 385 386 tsf_beacon_target = tsf_beacon_old + 387 (((unsigned long long) tsf_delta_bmiss) * (long long) tsf_intval); 388 389 /* 390 * The remainder using '%' is between 0 .. intval-1. 391 * If we're actually running too fast, then the remainder 392 * will be some large number just under intval-1. 393 * So we need to look at whether we're running 394 * before or after the target beacon interval 395 * and if we are, modify how we do the remainder 396 * calculation. 397 */ 398 if (tsf_beacon < tsf_beacon_target) { 399 tsf_remainder = 400 -(tsf_intval - ((tsf_beacon - tsf_beacon_old) % tsf_intval)); 401 } else { 402 tsf_remainder = (tsf_beacon - tsf_beacon_old) % tsf_intval; 403 } 404 405 DPRINTF(sc, ATH_DEBUG_BEACON, "%s: old_tsf=%llu, new_tsf=%llu, target_tsf=%llu, delta=%lld, bmiss=%d, remainder=%d\n", 406 __func__, 407 (unsigned long long) tsf_beacon_old, 408 (unsigned long long) tsf_beacon, 409 (unsigned long long) tsf_beacon_target, 410 (long long) tsf_delta, 411 tsf_delta_bmiss, 412 tsf_remainder); 413 414 DPRINTF(sc, ATH_DEBUG_BEACON, "%s: tsf=%llu, nexttbtt=%llu, delta=%d\n", 415 __func__, 416 (unsigned long long) tsf_beacon, 417 (unsigned long long) nexttbtt, 418 (int32_t) tsf_beacon - (int32_t) nexttbtt + tsf_intval); 419 420 if (sc->sc_syncbeacon && 421 ni == vap->iv_bss && 422 (vap->iv_state == IEEE80211_S_RUN || vap->iv_state == IEEE80211_S_SLEEP)) { 423 DPRINTF(sc, ATH_DEBUG_BEACON, 424 "%s: syncbeacon=1; syncing\n", 425 __func__); 426 /* 427 * Resync beacon timers using the tsf of the beacon 428 * frame we just received. 429 */ 430 ath_beacon_config(sc, vap); 431 sc->sc_syncbeacon = 0; 432 } 433 434 435 /* fall thru... */ 436 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 437 if (vap->iv_opmode == IEEE80211_M_IBSS && 438 vap->iv_state == IEEE80211_S_RUN) { 439 uint32_t rstamp = sc->sc_lastrs->rs_tstamp; 440 uint64_t tsf = ath_extend_tsf(sc, rstamp, 441 ath_hal_gettsf64(sc->sc_ah)); 442 /* 443 * Handle ibss merge as needed; check the tsf on the 444 * frame before attempting the merge. The 802.11 spec 445 * says the station should change it's bssid to match 446 * the oldest station with the same ssid, where oldest 447 * is determined by the tsf. Note that hardware 448 * reconfiguration happens through callback to 449 * ath_newstate as the state machine will go from 450 * RUN -> RUN when this happens. 451 */ 452 if (le64toh(ni->ni_tstamp.tsf) >= tsf) { 453 DPRINTF(sc, ATH_DEBUG_STATE, 454 "ibss merge, rstamp %u tsf %ju " 455 "tstamp %ju\n", rstamp, (uintmax_t)tsf, 456 (uintmax_t)ni->ni_tstamp.tsf); 457 (void) ieee80211_ibss_merge(ni); 458 } 459 } 460 break; 461 } 462 } 463 464 #ifdef ATH_ENABLE_RADIOTAP_VENDOR_EXT 465 static void 466 ath_rx_tap_vendor(struct ifnet *ifp, struct mbuf *m, 467 const struct ath_rx_status *rs, u_int64_t tsf, int16_t nf) 468 { 469 struct ath_softc *sc = ifp->if_softc; 470 471 /* Fill in the extension bitmap */ 472 sc->sc_rx_th.wr_ext_bitmap = htole32(1 << ATH_RADIOTAP_VENDOR_HEADER); 473 474 /* Fill in the vendor header */ 475 sc->sc_rx_th.wr_vh.vh_oui[0] = 0x7f; 476 sc->sc_rx_th.wr_vh.vh_oui[1] = 0x03; 477 sc->sc_rx_th.wr_vh.vh_oui[2] = 0x00; 478 479 /* XXX what should this be? */ 480 sc->sc_rx_th.wr_vh.vh_sub_ns = 0; 481 sc->sc_rx_th.wr_vh.vh_skip_len = 482 htole16(sizeof(struct ath_radiotap_vendor_hdr)); 483 484 /* General version info */ 485 sc->sc_rx_th.wr_v.vh_version = 1; 486 487 sc->sc_rx_th.wr_v.vh_rx_chainmask = sc->sc_rxchainmask; 488 489 /* rssi */ 490 sc->sc_rx_th.wr_v.rssi_ctl[0] = rs->rs_rssi_ctl[0]; 491 sc->sc_rx_th.wr_v.rssi_ctl[1] = rs->rs_rssi_ctl[1]; 492 sc->sc_rx_th.wr_v.rssi_ctl[2] = rs->rs_rssi_ctl[2]; 493 sc->sc_rx_th.wr_v.rssi_ext[0] = rs->rs_rssi_ext[0]; 494 sc->sc_rx_th.wr_v.rssi_ext[1] = rs->rs_rssi_ext[1]; 495 sc->sc_rx_th.wr_v.rssi_ext[2] = rs->rs_rssi_ext[2]; 496 497 /* evm */ 498 sc->sc_rx_th.wr_v.evm[0] = rs->rs_evm0; 499 sc->sc_rx_th.wr_v.evm[1] = rs->rs_evm1; 500 sc->sc_rx_th.wr_v.evm[2] = rs->rs_evm2; 501 /* These are only populated from the AR9300 or later */ 502 sc->sc_rx_th.wr_v.evm[3] = rs->rs_evm3; 503 sc->sc_rx_th.wr_v.evm[4] = rs->rs_evm4; 504 505 /* direction */ 506 sc->sc_rx_th.wr_v.vh_flags = ATH_VENDOR_PKT_RX; 507 508 /* RX rate */ 509 sc->sc_rx_th.wr_v.vh_rx_hwrate = rs->rs_rate; 510 511 /* RX flags */ 512 sc->sc_rx_th.wr_v.vh_rs_flags = rs->rs_flags; 513 514 if (rs->rs_isaggr) 515 sc->sc_rx_th.wr_v.vh_flags |= ATH_VENDOR_PKT_ISAGGR; 516 if (rs->rs_moreaggr) 517 sc->sc_rx_th.wr_v.vh_flags |= ATH_VENDOR_PKT_MOREAGGR; 518 519 /* phyerr info */ 520 if (rs->rs_status & HAL_RXERR_PHY) { 521 sc->sc_rx_th.wr_v.vh_phyerr_code = rs->rs_phyerr; 522 sc->sc_rx_th.wr_v.vh_flags |= ATH_VENDOR_PKT_RXPHYERR; 523 } else { 524 sc->sc_rx_th.wr_v.vh_phyerr_code = 0xff; 525 } 526 sc->sc_rx_th.wr_v.vh_rs_status = rs->rs_status; 527 sc->sc_rx_th.wr_v.vh_rssi = rs->rs_rssi; 528 } 529 #endif /* ATH_ENABLE_RADIOTAP_VENDOR_EXT */ 530 531 static void 532 ath_rx_tap(struct ifnet *ifp, struct mbuf *m, 533 const struct ath_rx_status *rs, u_int64_t tsf, int16_t nf) 534 { 535 #define CHAN_HT20 htole32(IEEE80211_CHAN_HT20) 536 #define CHAN_HT40U htole32(IEEE80211_CHAN_HT40U) 537 #define CHAN_HT40D htole32(IEEE80211_CHAN_HT40D) 538 #define CHAN_HT (CHAN_HT20|CHAN_HT40U|CHAN_HT40D) 539 struct ath_softc *sc = ifp->if_softc; 540 const HAL_RATE_TABLE *rt; 541 uint8_t rix; 542 543 rt = sc->sc_currates; 544 KASSERT(rt != NULL, ("no rate table, mode %u", sc->sc_curmode)); 545 rix = rt->rateCodeToIndex[rs->rs_rate]; 546 sc->sc_rx_th.wr_rate = sc->sc_hwmap[rix].ieeerate; 547 sc->sc_rx_th.wr_flags = sc->sc_hwmap[rix].rxflags; 548 #ifdef AH_SUPPORT_AR5416 549 sc->sc_rx_th.wr_chan_flags &= ~CHAN_HT; 550 if (rs->rs_status & HAL_RXERR_PHY) { 551 /* 552 * PHY error - make sure the channel flags 553 * reflect the actual channel configuration, 554 * not the received frame. 555 */ 556 if (IEEE80211_IS_CHAN_HT40U(sc->sc_curchan)) 557 sc->sc_rx_th.wr_chan_flags |= CHAN_HT40U; 558 else if (IEEE80211_IS_CHAN_HT40D(sc->sc_curchan)) 559 sc->sc_rx_th.wr_chan_flags |= CHAN_HT40D; 560 else if (IEEE80211_IS_CHAN_HT20(sc->sc_curchan)) 561 sc->sc_rx_th.wr_chan_flags |= CHAN_HT20; 562 } else if (sc->sc_rx_th.wr_rate & IEEE80211_RATE_MCS) { /* HT rate */ 563 struct ieee80211com *ic = ifp->if_l2com; 564 565 if ((rs->rs_flags & HAL_RX_2040) == 0) 566 sc->sc_rx_th.wr_chan_flags |= CHAN_HT20; 567 else if (IEEE80211_IS_CHAN_HT40U(ic->ic_curchan)) 568 sc->sc_rx_th.wr_chan_flags |= CHAN_HT40U; 569 else 570 sc->sc_rx_th.wr_chan_flags |= CHAN_HT40D; 571 if ((rs->rs_flags & HAL_RX_GI) == 0) 572 sc->sc_rx_th.wr_flags |= IEEE80211_RADIOTAP_F_SHORTGI; 573 } 574 575 #endif 576 sc->sc_rx_th.wr_tsf = htole64(ath_extend_tsf(sc, rs->rs_tstamp, tsf)); 577 if (rs->rs_status & HAL_RXERR_CRC) 578 sc->sc_rx_th.wr_flags |= IEEE80211_RADIOTAP_F_BADFCS; 579 /* XXX propagate other error flags from descriptor */ 580 sc->sc_rx_th.wr_antnoise = nf; 581 sc->sc_rx_th.wr_antsignal = nf + rs->rs_rssi; 582 sc->sc_rx_th.wr_antenna = rs->rs_antenna; 583 #undef CHAN_HT 584 #undef CHAN_HT20 585 #undef CHAN_HT40U 586 #undef CHAN_HT40D 587 } 588 589 static void 590 ath_handle_micerror(struct ieee80211com *ic, 591 struct ieee80211_frame *wh, int keyix) 592 { 593 struct ieee80211_node *ni; 594 595 /* XXX recheck MIC to deal w/ chips that lie */ 596 /* XXX discard MIC errors on !data frames */ 597 ni = ieee80211_find_rxnode(ic, (const struct ieee80211_frame_min *) wh); 598 if (ni != NULL) { 599 ieee80211_notify_michael_failure(ni->ni_vap, wh, keyix); 600 ieee80211_free_node(ni); 601 } 602 } 603 604 /* 605 * Process a single packet. 606 * 607 * The mbuf must already be synced, unmapped and removed from bf->bf_m 608 * by this stage. 609 * 610 * The mbuf must be consumed by this routine - either passed up the 611 * net80211 stack, put on the holding queue, or freed. 612 */ 613 int 614 ath_rx_pkt(struct ath_softc *sc, struct ath_rx_status *rs, HAL_STATUS status, 615 uint64_t tsf, int nf, HAL_RX_QUEUE qtype, struct ath_buf *bf, 616 struct mbuf *m) 617 { 618 uint64_t rstamp; 619 int len, type; 620 struct ifnet *ifp = sc->sc_ifp; 621 struct ieee80211com *ic = ifp->if_l2com; 622 struct ieee80211_node *ni; 623 int is_good = 0; 624 struct ath_rx_edma *re = &sc->sc_rxedma[qtype]; 625 626 /* 627 * Calculate the correct 64 bit TSF given 628 * the TSF64 register value and rs_tstamp. 629 */ 630 rstamp = ath_extend_tsf(sc, rs->rs_tstamp, tsf); 631 632 /* These aren't specifically errors */ 633 #ifdef AH_SUPPORT_AR5416 634 if (rs->rs_flags & HAL_RX_GI) 635 sc->sc_stats.ast_rx_halfgi++; 636 if (rs->rs_flags & HAL_RX_2040) 637 sc->sc_stats.ast_rx_2040++; 638 if (rs->rs_flags & HAL_RX_DELIM_CRC_PRE) 639 sc->sc_stats.ast_rx_pre_crc_err++; 640 if (rs->rs_flags & HAL_RX_DELIM_CRC_POST) 641 sc->sc_stats.ast_rx_post_crc_err++; 642 if (rs->rs_flags & HAL_RX_DECRYPT_BUSY) 643 sc->sc_stats.ast_rx_decrypt_busy_err++; 644 if (rs->rs_flags & HAL_RX_HI_RX_CHAIN) 645 sc->sc_stats.ast_rx_hi_rx_chain++; 646 if (rs->rs_flags & HAL_RX_STBC) 647 sc->sc_stats.ast_rx_stbc++; 648 #endif /* AH_SUPPORT_AR5416 */ 649 650 if (rs->rs_status != 0) { 651 if (rs->rs_status & HAL_RXERR_CRC) 652 sc->sc_stats.ast_rx_crcerr++; 653 if (rs->rs_status & HAL_RXERR_FIFO) 654 sc->sc_stats.ast_rx_fifoerr++; 655 if (rs->rs_status & HAL_RXERR_PHY) { 656 sc->sc_stats.ast_rx_phyerr++; 657 /* Process DFS radar events */ 658 if ((rs->rs_phyerr == HAL_PHYERR_RADAR) || 659 (rs->rs_phyerr == HAL_PHYERR_FALSE_RADAR_EXT)) { 660 /* Now pass it to the radar processing code */ 661 ath_dfs_process_phy_err(sc, m, rstamp, rs); 662 } 663 664 /* Be suitably paranoid about receiving phy errors out of the stats array bounds */ 665 if (rs->rs_phyerr < 64) 666 sc->sc_stats.ast_rx_phy[rs->rs_phyerr]++; 667 goto rx_error; /* NB: don't count in ierrors */ 668 } 669 if (rs->rs_status & HAL_RXERR_DECRYPT) { 670 /* 671 * Decrypt error. If the error occurred 672 * because there was no hardware key, then 673 * let the frame through so the upper layers 674 * can process it. This is necessary for 5210 675 * parts which have no way to setup a ``clear'' 676 * key cache entry. 677 * 678 * XXX do key cache faulting 679 */ 680 if (rs->rs_keyix == HAL_RXKEYIX_INVALID) 681 goto rx_accept; 682 sc->sc_stats.ast_rx_badcrypt++; 683 } 684 /* 685 * Similar as above - if the failure was a keymiss 686 * just punt it up to the upper layers for now. 687 */ 688 if (rs->rs_status & HAL_RXERR_KEYMISS) { 689 sc->sc_stats.ast_rx_keymiss++; 690 goto rx_accept; 691 } 692 if (rs->rs_status & HAL_RXERR_MIC) { 693 sc->sc_stats.ast_rx_badmic++; 694 /* 695 * Do minimal work required to hand off 696 * the 802.11 header for notification. 697 */ 698 /* XXX frag's and qos frames */ 699 len = rs->rs_datalen; 700 if (len >= sizeof (struct ieee80211_frame)) { 701 ath_handle_micerror(ic, 702 mtod(m, struct ieee80211_frame *), 703 sc->sc_splitmic ? 704 rs->rs_keyix-32 : rs->rs_keyix); 705 } 706 } 707 ifp->if_ierrors++; 708 rx_error: 709 /* 710 * Cleanup any pending partial frame. 711 */ 712 if (re->m_rxpending != NULL) { 713 m_freem(re->m_rxpending); 714 re->m_rxpending = NULL; 715 } 716 /* 717 * When a tap is present pass error frames 718 * that have been requested. By default we 719 * pass decrypt+mic errors but others may be 720 * interesting (e.g. crc). 721 */ 722 if (ieee80211_radiotap_active(ic) && 723 (rs->rs_status & sc->sc_monpass)) { 724 /* NB: bpf needs the mbuf length setup */ 725 len = rs->rs_datalen; 726 m->m_pkthdr.len = m->m_len = len; 727 ath_rx_tap(ifp, m, rs, rstamp, nf); 728 #ifdef ATH_ENABLE_RADIOTAP_VENDOR_EXT 729 ath_rx_tap_vendor(ifp, m, rs, rstamp, nf); 730 #endif /* ATH_ENABLE_RADIOTAP_VENDOR_EXT */ 731 ieee80211_radiotap_rx_all(ic, m); 732 } 733 /* XXX pass MIC errors up for s/w reclaculation */ 734 m_freem(m); m = NULL; 735 goto rx_next; 736 } 737 rx_accept: 738 len = rs->rs_datalen; 739 m->m_len = len; 740 741 if (rs->rs_more) { 742 /* 743 * Frame spans multiple descriptors; save 744 * it for the next completed descriptor, it 745 * will be used to construct a jumbogram. 746 */ 747 if (re->m_rxpending != NULL) { 748 /* NB: max frame size is currently 2 clusters */ 749 sc->sc_stats.ast_rx_toobig++; 750 m_freem(re->m_rxpending); 751 } 752 m->m_pkthdr.rcvif = ifp; 753 m->m_pkthdr.len = len; 754 re->m_rxpending = m; 755 m = NULL; 756 goto rx_next; 757 } else if (re->m_rxpending != NULL) { 758 /* 759 * This is the second part of a jumbogram, 760 * chain it to the first mbuf, adjust the 761 * frame length, and clear the rxpending state. 762 */ 763 re->m_rxpending->m_next = m; 764 re->m_rxpending->m_pkthdr.len += len; 765 m = re->m_rxpending; 766 re->m_rxpending = NULL; 767 } else { 768 /* 769 * Normal single-descriptor receive; setup 770 * the rcvif and packet length. 771 */ 772 m->m_pkthdr.rcvif = ifp; 773 m->m_pkthdr.len = len; 774 } 775 776 /* 777 * Validate rs->rs_antenna. 778 * 779 * Some users w/ AR9285 NICs have reported crashes 780 * here because rs_antenna field is bogusly large. 781 * Let's enforce the maximum antenna limit of 8 782 * (and it shouldn't be hard coded, but that's a 783 * separate problem) and if there's an issue, print 784 * out an error and adjust rs_antenna to something 785 * sensible. 786 * 787 * This code should be removed once the actual 788 * root cause of the issue has been identified. 789 * For example, it may be that the rs_antenna 790 * field is only valid for the lsat frame of 791 * an aggregate and it just happens that it is 792 * "mostly" right. (This is a general statement - 793 * the majority of the statistics are only valid 794 * for the last frame in an aggregate. 795 */ 796 if (rs->rs_antenna > 7) { 797 device_printf(sc->sc_dev, "%s: rs_antenna > 7 (%d)\n", 798 __func__, rs->rs_antenna); 799 #ifdef ATH_DEBUG 800 ath_printrxbuf(sc, bf, 0, status == HAL_OK); 801 #endif /* ATH_DEBUG */ 802 rs->rs_antenna = 0; /* XXX better than nothing */ 803 } 804 805 /* 806 * If this is an AR9285/AR9485, then the receive and LNA 807 * configuration is stored in RSSI[2] / EXTRSSI[2]. 808 * We can extract this out to build a much better 809 * receive antenna profile. 810 * 811 * Yes, this just blurts over the above RX antenna field 812 * for now. It's fine, the AR9285 doesn't really use 813 * that. 814 * 815 * Later on we should store away the fine grained LNA 816 * information and keep separate counters just for 817 * that. It'll help when debugging the AR9285/AR9485 818 * combined diversity code. 819 */ 820 if (sc->sc_rx_lnamixer) { 821 rs->rs_antenna = 0; 822 823 /* Bits 0:1 - the LNA configuration used */ 824 rs->rs_antenna |= 825 ((rs->rs_rssi_ctl[2] & HAL_RX_LNA_CFG_USED) 826 >> HAL_RX_LNA_CFG_USED_S); 827 828 /* Bit 2 - the external RX antenna switch */ 829 if (rs->rs_rssi_ctl[2] & HAL_RX_LNA_EXTCFG) 830 rs->rs_antenna |= 0x4; 831 } 832 833 ifp->if_ipackets++; 834 sc->sc_stats.ast_ant_rx[rs->rs_antenna]++; 835 836 /* 837 * Populate the rx status block. When there are bpf 838 * listeners we do the additional work to provide 839 * complete status. Otherwise we fill in only the 840 * material required by ieee80211_input. Note that 841 * noise setting is filled in above. 842 */ 843 if (ieee80211_radiotap_active(ic)) { 844 ath_rx_tap(ifp, m, rs, rstamp, nf); 845 #ifdef ATH_ENABLE_RADIOTAP_VENDOR_EXT 846 ath_rx_tap_vendor(ifp, m, rs, rstamp, nf); 847 #endif /* ATH_ENABLE_RADIOTAP_VENDOR_EXT */ 848 } 849 850 /* 851 * From this point on we assume the frame is at least 852 * as large as ieee80211_frame_min; verify that. 853 */ 854 if (len < IEEE80211_MIN_LEN) { 855 if (!ieee80211_radiotap_active(ic)) { 856 DPRINTF(sc, ATH_DEBUG_RECV, 857 "%s: short packet %d\n", __func__, len); 858 sc->sc_stats.ast_rx_tooshort++; 859 } else { 860 /* NB: in particular this captures ack's */ 861 ieee80211_radiotap_rx_all(ic, m); 862 } 863 m_freem(m); m = NULL; 864 goto rx_next; 865 } 866 867 if (IFF_DUMPPKTS(sc, ATH_DEBUG_RECV)) { 868 const HAL_RATE_TABLE *rt = sc->sc_currates; 869 uint8_t rix = rt->rateCodeToIndex[rs->rs_rate]; 870 871 ieee80211_dump_pkt(ic, mtod(m, caddr_t), len, 872 sc->sc_hwmap[rix].ieeerate, rs->rs_rssi); 873 } 874 875 m_adj(m, -IEEE80211_CRC_LEN); 876 877 /* 878 * Locate the node for sender, track state, and then 879 * pass the (referenced) node up to the 802.11 layer 880 * for its use. 881 */ 882 ni = ieee80211_find_rxnode_withkey(ic, 883 mtod(m, const struct ieee80211_frame_min *), 884 rs->rs_keyix == HAL_RXKEYIX_INVALID ? 885 IEEE80211_KEYIX_NONE : rs->rs_keyix); 886 sc->sc_lastrs = rs; 887 888 #ifdef AH_SUPPORT_AR5416 889 if (rs->rs_isaggr) 890 sc->sc_stats.ast_rx_agg++; 891 #endif /* AH_SUPPORT_AR5416 */ 892 893 if (ni != NULL) { 894 /* 895 * Only punt packets for ampdu reorder processing for 896 * 11n nodes; net80211 enforces that M_AMPDU is only 897 * set for 11n nodes. 898 */ 899 if (ni->ni_flags & IEEE80211_NODE_HT) 900 m->m_flags |= M_AMPDU; 901 902 /* 903 * Sending station is known, dispatch directly. 904 */ 905 type = ieee80211_input(ni, m, rs->rs_rssi, nf); 906 ieee80211_free_node(ni); 907 m = NULL; 908 /* 909 * Arrange to update the last rx timestamp only for 910 * frames from our ap when operating in station mode. 911 * This assumes the rx key is always setup when 912 * associated. 913 */ 914 if (ic->ic_opmode == IEEE80211_M_STA && 915 rs->rs_keyix != HAL_RXKEYIX_INVALID) 916 is_good = 1; 917 } else { 918 type = ieee80211_input_all(ic, m, rs->rs_rssi, nf); 919 m = NULL; 920 } 921 922 /* 923 * At this point we have passed the frame up the stack; thus 924 * the mbuf is no longer ours. 925 */ 926 927 /* 928 * Track rx rssi and do any rx antenna management. 929 */ 930 ATH_RSSI_LPF(sc->sc_halstats.ns_avgrssi, rs->rs_rssi); 931 if (sc->sc_diversity) { 932 /* 933 * When using fast diversity, change the default rx 934 * antenna if diversity chooses the other antenna 3 935 * times in a row. 936 */ 937 if (sc->sc_defant != rs->rs_antenna) { 938 if (++sc->sc_rxotherant >= 3) 939 ath_setdefantenna(sc, rs->rs_antenna); 940 } else 941 sc->sc_rxotherant = 0; 942 } 943 944 /* Handle slow diversity if enabled */ 945 if (sc->sc_dolnadiv) { 946 ath_lna_rx_comb_scan(sc, rs, ticks, hz); 947 } 948 949 if (sc->sc_softled) { 950 /* 951 * Blink for any data frame. Otherwise do a 952 * heartbeat-style blink when idle. The latter 953 * is mainly for station mode where we depend on 954 * periodic beacon frames to trigger the poll event. 955 */ 956 if (type == IEEE80211_FC0_TYPE_DATA) { 957 const HAL_RATE_TABLE *rt = sc->sc_currates; 958 ath_led_event(sc, 959 rt->rateCodeToIndex[rs->rs_rate]); 960 } else if (ticks - sc->sc_ledevent >= sc->sc_ledidle) 961 ath_led_event(sc, 0); 962 } 963 rx_next: 964 /* 965 * Debugging - complain if we didn't NULL the mbuf pointer 966 * here. 967 */ 968 if (m != NULL) { 969 device_printf(sc->sc_dev, 970 "%s: mbuf %p should've been freed!\n", 971 __func__, 972 m); 973 } 974 return (is_good); 975 } 976 977 #define ATH_RX_MAX 128 978 979 /* 980 * XXX TODO: break out the "get buffers" from "call ath_rx_pkt()" like 981 * the EDMA code does. 982 * 983 * XXX TODO: then, do all of the RX list management stuff inside 984 * ATH_RX_LOCK() so we don't end up potentially racing. The EDMA 985 * code is doing it right. 986 */ 987 static void 988 ath_rx_proc(struct ath_softc *sc, int resched) 989 { 990 #define PA2DESC(_sc, _pa) \ 991 ((struct ath_desc *)((caddr_t)(_sc)->sc_rxdma.dd_desc + \ 992 ((_pa) - (_sc)->sc_rxdma.dd_desc_paddr))) 993 struct ath_buf *bf; 994 struct ifnet *ifp = sc->sc_ifp; 995 struct ath_hal *ah = sc->sc_ah; 996 #ifdef IEEE80211_SUPPORT_SUPERG 997 struct ieee80211com *ic = ifp->if_l2com; 998 #endif 999 struct ath_desc *ds; 1000 struct ath_rx_status *rs; 1001 struct mbuf *m; 1002 int ngood; 1003 HAL_STATUS status; 1004 int16_t nf; 1005 u_int64_t tsf; 1006 int npkts = 0; 1007 int kickpcu = 0; 1008 int ret; 1009 1010 /* XXX we must not hold the ATH_LOCK here */ 1011 ATH_UNLOCK_ASSERT(sc); 1012 ATH_PCU_UNLOCK_ASSERT(sc); 1013 1014 ATH_PCU_LOCK(sc); 1015 sc->sc_rxproc_cnt++; 1016 kickpcu = sc->sc_kickpcu; 1017 ATH_PCU_UNLOCK(sc); 1018 1019 ATH_LOCK(sc); 1020 ath_power_set_power_state(sc, HAL_PM_AWAKE); 1021 ATH_UNLOCK(sc); 1022 1023 DPRINTF(sc, ATH_DEBUG_RX_PROC, "%s: called\n", __func__); 1024 ngood = 0; 1025 nf = ath_hal_getchannoise(ah, sc->sc_curchan); 1026 sc->sc_stats.ast_rx_noise = nf; 1027 tsf = ath_hal_gettsf64(ah); 1028 do { 1029 /* 1030 * Don't process too many packets at a time; give the 1031 * TX thread time to also run - otherwise the TX 1032 * latency can jump by quite a bit, causing throughput 1033 * degredation. 1034 */ 1035 if (!kickpcu && npkts >= ATH_RX_MAX) 1036 break; 1037 1038 bf = TAILQ_FIRST(&sc->sc_rxbuf); 1039 if (sc->sc_rxslink && bf == NULL) { /* NB: shouldn't happen */ 1040 if_printf(ifp, "%s: no buffer!\n", __func__); 1041 break; 1042 } else if (bf == NULL) { 1043 /* 1044 * End of List: 1045 * this can happen for non-self-linked RX chains 1046 */ 1047 sc->sc_stats.ast_rx_hitqueueend++; 1048 break; 1049 } 1050 m = bf->bf_m; 1051 if (m == NULL) { /* NB: shouldn't happen */ 1052 /* 1053 * If mbuf allocation failed previously there 1054 * will be no mbuf; try again to re-populate it. 1055 */ 1056 /* XXX make debug msg */ 1057 if_printf(ifp, "%s: no mbuf!\n", __func__); 1058 TAILQ_REMOVE(&sc->sc_rxbuf, bf, bf_list); 1059 goto rx_proc_next; 1060 } 1061 ds = bf->bf_desc; 1062 if (ds->ds_link == bf->bf_daddr) { 1063 /* NB: never process the self-linked entry at the end */ 1064 sc->sc_stats.ast_rx_hitqueueend++; 1065 break; 1066 } 1067 /* XXX sync descriptor memory */ 1068 /* 1069 * Must provide the virtual address of the current 1070 * descriptor, the physical address, and the virtual 1071 * address of the next descriptor in the h/w chain. 1072 * This allows the HAL to look ahead to see if the 1073 * hardware is done with a descriptor by checking the 1074 * done bit in the following descriptor and the address 1075 * of the current descriptor the DMA engine is working 1076 * on. All this is necessary because of our use of 1077 * a self-linked list to avoid rx overruns. 1078 */ 1079 rs = &bf->bf_status.ds_rxstat; 1080 status = ath_hal_rxprocdesc(ah, ds, 1081 bf->bf_daddr, PA2DESC(sc, ds->ds_link), rs); 1082 #ifdef ATH_DEBUG 1083 if (sc->sc_debug & ATH_DEBUG_RECV_DESC) 1084 ath_printrxbuf(sc, bf, 0, status == HAL_OK); 1085 #endif 1086 1087 #ifdef ATH_DEBUG_ALQ 1088 if (if_ath_alq_checkdebug(&sc->sc_alq, ATH_ALQ_EDMA_RXSTATUS)) 1089 if_ath_alq_post(&sc->sc_alq, ATH_ALQ_EDMA_RXSTATUS, 1090 sc->sc_rx_statuslen, (char *) ds); 1091 #endif /* ATH_DEBUG_ALQ */ 1092 1093 if (status == HAL_EINPROGRESS) 1094 break; 1095 1096 TAILQ_REMOVE(&sc->sc_rxbuf, bf, bf_list); 1097 npkts++; 1098 1099 /* 1100 * Process a single frame. 1101 */ 1102 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_POSTREAD); 1103 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap); 1104 bf->bf_m = NULL; 1105 if (ath_rx_pkt(sc, rs, status, tsf, nf, HAL_RX_QUEUE_HP, bf, m)) 1106 ngood++; 1107 rx_proc_next: 1108 /* 1109 * If there's a holding buffer, insert that onto 1110 * the RX list; the hardware is now definitely not pointing 1111 * to it now. 1112 */ 1113 ret = 0; 1114 if (sc->sc_rxedma[HAL_RX_QUEUE_HP].m_holdbf != NULL) { 1115 TAILQ_INSERT_TAIL(&sc->sc_rxbuf, 1116 sc->sc_rxedma[HAL_RX_QUEUE_HP].m_holdbf, 1117 bf_list); 1118 ret = ath_rxbuf_init(sc, 1119 sc->sc_rxedma[HAL_RX_QUEUE_HP].m_holdbf); 1120 } 1121 /* 1122 * Next, throw our buffer into the holding entry. The hardware 1123 * may use the descriptor to read the link pointer before 1124 * DMAing the next descriptor in to write out a packet. 1125 */ 1126 sc->sc_rxedma[HAL_RX_QUEUE_HP].m_holdbf = bf; 1127 } while (ret == 0); 1128 1129 /* rx signal state monitoring */ 1130 ath_hal_rxmonitor(ah, &sc->sc_halstats, sc->sc_curchan); 1131 if (ngood) 1132 sc->sc_lastrx = tsf; 1133 1134 ATH_KTR(sc, ATH_KTR_RXPROC, 2, "ath_rx_proc: npkts=%d, ngood=%d", npkts, ngood); 1135 /* Queue DFS tasklet if needed */ 1136 if (resched && ath_dfs_tasklet_needed(sc, sc->sc_curchan)) 1137 taskqueue_enqueue(sc->sc_tq, &sc->sc_dfstask); 1138 1139 /* 1140 * Now that all the RX frames were handled that 1141 * need to be handled, kick the PCU if there's 1142 * been an RXEOL condition. 1143 */ 1144 if (resched && kickpcu) { 1145 ATH_PCU_LOCK(sc); 1146 ATH_KTR(sc, ATH_KTR_ERROR, 0, "ath_rx_proc: kickpcu"); 1147 device_printf(sc->sc_dev, "%s: kickpcu; handled %d packets\n", 1148 __func__, npkts); 1149 1150 /* 1151 * Go through the process of fully tearing down 1152 * the RX buffers and reinitialising them. 1153 * 1154 * There's a hardware bug that causes the RX FIFO 1155 * to get confused under certain conditions and 1156 * constantly write over the same frame, leading 1157 * the RX driver code here to get heavily confused. 1158 */ 1159 /* 1160 * XXX Has RX DMA stopped enough here to just call 1161 * ath_startrecv()? 1162 * XXX Do we need to use the holding buffer to restart 1163 * RX DMA by appending entries to the final 1164 * descriptor? Quite likely. 1165 */ 1166 #if 1 1167 ath_startrecv(sc); 1168 #else 1169 /* 1170 * Disabled for now - it'd be nice to be able to do 1171 * this in order to limit the amount of CPU time spent 1172 * reinitialising the RX side (and thus minimise RX 1173 * drops) however there's a hardware issue that 1174 * causes things to get too far out of whack. 1175 */ 1176 /* 1177 * XXX can we hold the PCU lock here? 1178 * Are there any net80211 buffer calls involved? 1179 */ 1180 bf = TAILQ_FIRST(&sc->sc_rxbuf); 1181 ath_hal_putrxbuf(ah, bf->bf_daddr, HAL_RX_QUEUE_HP); 1182 ath_hal_rxena(ah); /* enable recv descriptors */ 1183 ath_mode_init(sc); /* set filters, etc. */ 1184 ath_hal_startpcurecv(ah); /* re-enable PCU/DMA engine */ 1185 #endif 1186 1187 ath_hal_intrset(ah, sc->sc_imask); 1188 sc->sc_kickpcu = 0; 1189 ATH_PCU_UNLOCK(sc); 1190 } 1191 1192 /* XXX check this inside of IF_LOCK? */ 1193 if (resched && (ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) { 1194 #ifdef IEEE80211_SUPPORT_SUPERG 1195 ieee80211_ff_age_all(ic, 100); 1196 #endif 1197 if (!IFQ_IS_EMPTY(&ifp->if_snd)) 1198 ath_tx_kick(sc); 1199 } 1200 #undef PA2DESC 1201 1202 /* 1203 * Put the hardware to sleep again if we're done with it. 1204 */ 1205 ATH_LOCK(sc); 1206 ath_power_restore_power_state(sc); 1207 ATH_UNLOCK(sc); 1208 1209 /* 1210 * If we hit the maximum number of frames in this round, 1211 * reschedule for another immediate pass. This gives 1212 * the TX and TX completion routines time to run, which 1213 * will reduce latency. 1214 */ 1215 if (npkts >= ATH_RX_MAX) 1216 sc->sc_rx.recv_sched(sc, resched); 1217 1218 ATH_PCU_LOCK(sc); 1219 sc->sc_rxproc_cnt--; 1220 ATH_PCU_UNLOCK(sc); 1221 } 1222 1223 #undef ATH_RX_MAX 1224 1225 /* 1226 * Only run the RX proc if it's not already running. 1227 * Since this may get run as part of the reset/flush path, 1228 * the task can't clash with an existing, running tasklet. 1229 */ 1230 static void 1231 ath_legacy_rx_tasklet(void *arg, int npending) 1232 { 1233 struct ath_softc *sc = arg; 1234 1235 ATH_KTR(sc, ATH_KTR_RXPROC, 1, "ath_rx_proc: pending=%d", npending); 1236 DPRINTF(sc, ATH_DEBUG_RX_PROC, "%s: pending %u\n", __func__, npending); 1237 ATH_PCU_LOCK(sc); 1238 if (sc->sc_inreset_cnt > 0) { 1239 device_printf(sc->sc_dev, 1240 "%s: sc_inreset_cnt > 0; skipping\n", __func__); 1241 ATH_PCU_UNLOCK(sc); 1242 return; 1243 } 1244 ATH_PCU_UNLOCK(sc); 1245 1246 ath_rx_proc(sc, 1); 1247 } 1248 1249 static void 1250 ath_legacy_flushrecv(struct ath_softc *sc) 1251 { 1252 1253 ath_rx_proc(sc, 0); 1254 } 1255 1256 static void 1257 ath_legacy_flush_rxpending(struct ath_softc *sc) 1258 { 1259 1260 /* XXX ATH_RX_LOCK_ASSERT(sc); */ 1261 1262 if (sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending != NULL) { 1263 m_freem(sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending); 1264 sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending = NULL; 1265 } 1266 if (sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending != NULL) { 1267 m_freem(sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending); 1268 sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending = NULL; 1269 } 1270 } 1271 1272 static int 1273 ath_legacy_flush_rxholdbf(struct ath_softc *sc) 1274 { 1275 struct ath_buf *bf; 1276 1277 /* XXX ATH_RX_LOCK_ASSERT(sc); */ 1278 /* 1279 * If there are RX holding buffers, free them here and return 1280 * them to the list. 1281 * 1282 * XXX should just verify that bf->bf_m is NULL, as it must 1283 * be at this point! 1284 */ 1285 bf = sc->sc_rxedma[HAL_RX_QUEUE_HP].m_holdbf; 1286 if (bf != NULL) { 1287 if (bf->bf_m != NULL) 1288 m_freem(bf->bf_m); 1289 bf->bf_m = NULL; 1290 TAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list); 1291 (void) ath_rxbuf_init(sc, bf); 1292 } 1293 sc->sc_rxedma[HAL_RX_QUEUE_HP].m_holdbf = NULL; 1294 1295 bf = sc->sc_rxedma[HAL_RX_QUEUE_LP].m_holdbf; 1296 if (bf != NULL) { 1297 if (bf->bf_m != NULL) 1298 m_freem(bf->bf_m); 1299 bf->bf_m = NULL; 1300 TAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list); 1301 (void) ath_rxbuf_init(sc, bf); 1302 } 1303 sc->sc_rxedma[HAL_RX_QUEUE_LP].m_holdbf = NULL; 1304 1305 return (0); 1306 } 1307 1308 /* 1309 * Disable the receive h/w in preparation for a reset. 1310 */ 1311 static void 1312 ath_legacy_stoprecv(struct ath_softc *sc, int dodelay) 1313 { 1314 #define PA2DESC(_sc, _pa) \ 1315 ((struct ath_desc *)((caddr_t)(_sc)->sc_rxdma.dd_desc + \ 1316 ((_pa) - (_sc)->sc_rxdma.dd_desc_paddr))) 1317 struct ath_hal *ah = sc->sc_ah; 1318 1319 ATH_RX_LOCK(sc); 1320 1321 ath_hal_stoppcurecv(ah); /* disable PCU */ 1322 ath_hal_setrxfilter(ah, 0); /* clear recv filter */ 1323 ath_hal_stopdmarecv(ah); /* disable DMA engine */ 1324 /* 1325 * TODO: see if this particular DELAY() is required; it may be 1326 * masking some missing FIFO flush or DMA sync. 1327 */ 1328 #if 0 1329 if (dodelay) 1330 #endif 1331 DELAY(3000); /* 3ms is long enough for 1 frame */ 1332 #ifdef ATH_DEBUG 1333 if (sc->sc_debug & (ATH_DEBUG_RESET | ATH_DEBUG_FATAL)) { 1334 struct ath_buf *bf; 1335 u_int ix; 1336 1337 device_printf(sc->sc_dev, 1338 "%s: rx queue %p, link %p\n", 1339 __func__, 1340 (caddr_t)(uintptr_t) ath_hal_getrxbuf(ah, HAL_RX_QUEUE_HP), 1341 sc->sc_rxlink); 1342 ix = 0; 1343 TAILQ_FOREACH(bf, &sc->sc_rxbuf, bf_list) { 1344 struct ath_desc *ds = bf->bf_desc; 1345 struct ath_rx_status *rs = &bf->bf_status.ds_rxstat; 1346 HAL_STATUS status = ath_hal_rxprocdesc(ah, ds, 1347 bf->bf_daddr, PA2DESC(sc, ds->ds_link), rs); 1348 if (status == HAL_OK || (sc->sc_debug & ATH_DEBUG_FATAL)) 1349 ath_printrxbuf(sc, bf, ix, status == HAL_OK); 1350 ix++; 1351 } 1352 } 1353 #endif 1354 1355 (void) ath_legacy_flush_rxpending(sc); 1356 (void) ath_legacy_flush_rxholdbf(sc); 1357 1358 sc->sc_rxlink = NULL; /* just in case */ 1359 1360 ATH_RX_UNLOCK(sc); 1361 #undef PA2DESC 1362 } 1363 1364 /* 1365 * XXX TODO: something was calling startrecv without calling 1366 * stoprecv. Let's figure out what/why. It was showing up 1367 * as a mbuf leak (rxpending) and ath_buf leak (holdbf.) 1368 */ 1369 1370 /* 1371 * Enable the receive h/w following a reset. 1372 */ 1373 static int 1374 ath_legacy_startrecv(struct ath_softc *sc) 1375 { 1376 struct ath_hal *ah = sc->sc_ah; 1377 struct ath_buf *bf; 1378 1379 ATH_RX_LOCK(sc); 1380 1381 /* 1382 * XXX should verify these are already all NULL! 1383 */ 1384 sc->sc_rxlink = NULL; 1385 (void) ath_legacy_flush_rxpending(sc); 1386 (void) ath_legacy_flush_rxholdbf(sc); 1387 1388 /* 1389 * Re-chain all of the buffers in the RX buffer list. 1390 */ 1391 TAILQ_FOREACH(bf, &sc->sc_rxbuf, bf_list) { 1392 int error = ath_rxbuf_init(sc, bf); 1393 if (error != 0) { 1394 DPRINTF(sc, ATH_DEBUG_RECV, 1395 "%s: ath_rxbuf_init failed %d\n", 1396 __func__, error); 1397 return error; 1398 } 1399 } 1400 1401 bf = TAILQ_FIRST(&sc->sc_rxbuf); 1402 ath_hal_putrxbuf(ah, bf->bf_daddr, HAL_RX_QUEUE_HP); 1403 ath_hal_rxena(ah); /* enable recv descriptors */ 1404 ath_mode_init(sc); /* set filters, etc. */ 1405 ath_hal_startpcurecv(ah); /* re-enable PCU/DMA engine */ 1406 1407 ATH_RX_UNLOCK(sc); 1408 return 0; 1409 } 1410 1411 static int 1412 ath_legacy_dma_rxsetup(struct ath_softc *sc) 1413 { 1414 int error; 1415 1416 error = ath_descdma_setup(sc, &sc->sc_rxdma, &sc->sc_rxbuf, 1417 "rx", sizeof(struct ath_desc), ath_rxbuf, 1); 1418 if (error != 0) 1419 return (error); 1420 1421 return (0); 1422 } 1423 1424 static int 1425 ath_legacy_dma_rxteardown(struct ath_softc *sc) 1426 { 1427 1428 if (sc->sc_rxdma.dd_desc_len != 0) 1429 ath_descdma_cleanup(sc, &sc->sc_rxdma, &sc->sc_rxbuf); 1430 return (0); 1431 } 1432 1433 static void 1434 ath_legacy_recv_sched(struct ath_softc *sc, int dosched) 1435 { 1436 1437 taskqueue_enqueue(sc->sc_tq, &sc->sc_rxtask); 1438 } 1439 1440 static void 1441 ath_legacy_recv_sched_queue(struct ath_softc *sc, HAL_RX_QUEUE q, 1442 int dosched) 1443 { 1444 1445 taskqueue_enqueue(sc->sc_tq, &sc->sc_rxtask); 1446 } 1447 1448 void 1449 ath_recv_setup_legacy(struct ath_softc *sc) 1450 { 1451 1452 /* Sensible legacy defaults */ 1453 /* 1454 * XXX this should be changed to properly support the 1455 * exact RX descriptor size for each HAL. 1456 */ 1457 sc->sc_rx_statuslen = sizeof(struct ath_desc); 1458 1459 sc->sc_rx.recv_start = ath_legacy_startrecv; 1460 sc->sc_rx.recv_stop = ath_legacy_stoprecv; 1461 sc->sc_rx.recv_flush = ath_legacy_flushrecv; 1462 sc->sc_rx.recv_tasklet = ath_legacy_rx_tasklet; 1463 sc->sc_rx.recv_rxbuf_init = ath_legacy_rxbuf_init; 1464 1465 sc->sc_rx.recv_setup = ath_legacy_dma_rxsetup; 1466 sc->sc_rx.recv_teardown = ath_legacy_dma_rxteardown; 1467 sc->sc_rx.recv_sched = ath_legacy_recv_sched; 1468 sc->sc_rx.recv_sched_queue = ath_legacy_recv_sched_queue; 1469 } 1470