xref: /freebsd/sys/dev/ath/if_ath_rx_edma.c (revision c19fb1f963e3dc88a82b20d1b17f94a4cd321e74)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2012 Adrian Chadd <adrian@FreeBSD.org>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer,
12  *    without modification.
13  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
14  *    similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
15  *    redistribution must be conditioned upon including a substantially
16  *    similar Disclaimer requirement for further binary redistribution.
17  *
18  * NO WARRANTY
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
22  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
23  * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
24  * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
27  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
29  * THE POSSIBILITY OF SUCH DAMAGES.
30  */
31 
32 #include <sys/cdefs.h>
33 /*
34  * Driver for the Atheros Wireless LAN controller.
35  *
36  * This software is derived from work of Atsushi Onoe; his contribution
37  * is greatly appreciated.
38  */
39 
40 #include "opt_inet.h"
41 #include "opt_ath.h"
42 /*
43  * This is needed for register operations which are performed
44  * by the driver - eg, calls to ath_hal_gettsf32().
45  *
46  * It's also required for any AH_DEBUG checks in here, eg the
47  * module dependencies.
48  */
49 #include "opt_ah.h"
50 #include "opt_wlan.h"
51 
52 #include <sys/param.h>
53 #include <sys/systm.h>
54 #include <sys/sysctl.h>
55 #include <sys/mbuf.h>
56 #include <sys/malloc.h>
57 #include <sys/lock.h>
58 #include <sys/mutex.h>
59 #include <sys/kernel.h>
60 #include <sys/socket.h>
61 #include <sys/sockio.h>
62 #include <sys/errno.h>
63 #include <sys/callout.h>
64 #include <sys/bus.h>
65 #include <sys/endian.h>
66 #include <sys/kthread.h>
67 #include <sys/taskqueue.h>
68 #include <sys/priv.h>
69 #include <sys/module.h>
70 #include <sys/ktr.h>
71 #include <sys/smp.h>	/* for mp_ncpus */
72 
73 #include <machine/bus.h>
74 
75 #include <net/if.h>
76 #include <net/if_var.h>
77 #include <net/if_dl.h>
78 #include <net/if_media.h>
79 #include <net/if_types.h>
80 #include <net/if_arp.h>
81 #include <net/ethernet.h>
82 #include <net/if_llc.h>
83 
84 #include <net80211/ieee80211_var.h>
85 #include <net80211/ieee80211_regdomain.h>
86 #ifdef IEEE80211_SUPPORT_SUPERG
87 #include <net80211/ieee80211_superg.h>
88 #endif
89 #ifdef IEEE80211_SUPPORT_TDMA
90 #include <net80211/ieee80211_tdma.h>
91 #endif
92 
93 #include <net/bpf.h>
94 
95 #ifdef INET
96 #include <netinet/in.h>
97 #include <netinet/if_ether.h>
98 #endif
99 
100 #include <dev/ath/if_athvar.h>
101 #include <dev/ath/ath_hal/ah_devid.h>		/* XXX for softled */
102 #include <dev/ath/ath_hal/ah_diagcodes.h>
103 
104 #include <dev/ath/if_ath_debug.h>
105 #include <dev/ath/if_ath_misc.h>
106 #include <dev/ath/if_ath_tsf.h>
107 #include <dev/ath/if_ath_tx.h>
108 #include <dev/ath/if_ath_sysctl.h>
109 #include <dev/ath/if_ath_led.h>
110 #include <dev/ath/if_ath_keycache.h>
111 #include <dev/ath/if_ath_rx.h>
112 #include <dev/ath/if_ath_beacon.h>
113 #include <dev/ath/if_athdfs.h>
114 #include <dev/ath/if_ath_descdma.h>
115 
116 #ifdef ATH_TX99_DIAG
117 #include <dev/ath/ath_tx99/ath_tx99.h>
118 #endif
119 
120 #include <dev/ath/if_ath_rx_edma.h>
121 
122 #ifdef	ATH_DEBUG_ALQ
123 #include <dev/ath/if_ath_alq.h>
124 #endif
125 
126 /*
127  * some general macros
128   */
129 #define	INCR(_l, _sz)		(_l) ++; (_l) &= ((_sz) - 1)
130 #define	DECR(_l, _sz)		(_l) --; (_l) &= ((_sz) - 1)
131 
132 MALLOC_DECLARE(M_ATHDEV);
133 
134 /*
135  * XXX TODO:
136  *
137  * + Make sure the FIFO is correctly flushed and reinitialised
138  *   through a reset;
139  * + Verify multi-descriptor frames work!
140  * + There's a "memory use after free" which needs to be tracked down
141  *   and fixed ASAP.  I've seen this in the legacy path too, so it
142  *   may be a generic RX path issue.
143  */
144 
145 /*
146  * XXX shuffle the function orders so these pre-declarations aren't
147  * required!
148  */
149 static	int ath_edma_rxfifo_alloc(struct ath_softc *sc, HAL_RX_QUEUE qtype,
150 	    int nbufs);
151 static	int ath_edma_rxfifo_flush(struct ath_softc *sc, HAL_RX_QUEUE qtype);
152 static	void ath_edma_rxbuf_free(struct ath_softc *sc, struct ath_buf *bf);
153 static	void ath_edma_recv_proc_queue(struct ath_softc *sc,
154 	    HAL_RX_QUEUE qtype, int dosched);
155 static	int ath_edma_recv_proc_deferred_queue(struct ath_softc *sc,
156 	    HAL_RX_QUEUE qtype, int dosched);
157 
158 static void
159 ath_edma_stoprecv(struct ath_softc *sc, int dodelay)
160 {
161 	struct ath_hal *ah = sc->sc_ah;
162 
163 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: called, dodelay=%d\n",
164 	    __func__, dodelay);
165 
166 	ATH_RX_LOCK(sc);
167 
168 	ath_hal_stoppcurecv(ah);
169 	ath_hal_setrxfilter(ah, 0);
170 
171 	/*
172 	 *
173 	 */
174 	if (ath_hal_stopdmarecv(ah) == AH_TRUE)
175 		sc->sc_rx_stopped = 1;
176 
177 	/*
178 	 * Give the various bus FIFOs (not EDMA descriptor FIFO)
179 	 * time to finish flushing out data.
180 	 */
181 	DELAY(3000);
182 
183 	/* Flush RX pending for each queue */
184 	/* XXX should generic-ify this */
185 	if (sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending) {
186 		m_freem(sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending);
187 		sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending = NULL;
188 	}
189 
190 	if (sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending) {
191 		m_freem(sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending);
192 		sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending = NULL;
193 	}
194 	ATH_RX_UNLOCK(sc);
195 
196 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: done\n", __func__);
197 }
198 
199 /*
200  * Re-initialise the FIFO given the current buffer contents.
201  * Specifically, walk from head -> tail, pushing the FIFO contents
202  * back into the FIFO.
203  */
204 static void
205 ath_edma_reinit_fifo(struct ath_softc *sc, HAL_RX_QUEUE qtype)
206 {
207 	struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
208 	struct ath_buf *bf;
209 	int i, j;
210 
211 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: called\n", __func__);
212 
213 	ATH_RX_LOCK_ASSERT(sc);
214 
215 	i = re->m_fifo_head;
216 	for (j = 0; j < re->m_fifo_depth; j++) {
217 		bf = re->m_fifo[i];
218 		DPRINTF(sc, ATH_DEBUG_EDMA_RX,
219 		    "%s: Q%d: pos=%i, addr=0x%jx\n",
220 		    __func__,
221 		    qtype,
222 		    i,
223 		    (uintmax_t)bf->bf_daddr);
224 		ath_hal_putrxbuf(sc->sc_ah, bf->bf_daddr, qtype);
225 		INCR(i, re->m_fifolen);
226 	}
227 
228 	/* Ensure this worked out right */
229 	if (i != re->m_fifo_tail) {
230 		device_printf(sc->sc_dev, "%s: i (%d) != tail! (%d)\n",
231 		    __func__,
232 		    i,
233 		    re->m_fifo_tail);
234 	}
235 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: done\n", __func__);
236 }
237 
238 /*
239  * Start receive.
240  */
241 static int
242 ath_edma_startrecv(struct ath_softc *sc)
243 {
244 	struct ath_hal *ah = sc->sc_ah;
245 
246 	DPRINTF(sc, ATH_DEBUG_EDMA_RX,
247 	    "%s: called; resetted=%d, stopped=%d\n", __func__,
248 	    sc->sc_rx_resetted, sc->sc_rx_stopped);
249 
250 	ATH_RX_LOCK(sc);
251 
252 	/*
253 	 * Sanity check - are we being called whilst RX
254 	 * isn't stopped?  If so, we may end up pushing
255 	 * too many entries into the RX FIFO and
256 	 * badness occurs.
257 	 */
258 
259 	/* Enable RX FIFO */
260 	ath_hal_rxena(ah);
261 
262 	/*
263 	 * In theory the hardware has been initialised, right?
264 	 */
265 	if (sc->sc_rx_resetted == 1 || sc->sc_rx_stopped == 1) {
266 		DPRINTF(sc, ATH_DEBUG_EDMA_RX,
267 		    "%s: Re-initing HP FIFO\n", __func__);
268 		ath_edma_reinit_fifo(sc, HAL_RX_QUEUE_HP);
269 		DPRINTF(sc, ATH_DEBUG_EDMA_RX,
270 		    "%s: Re-initing LP FIFO\n", __func__);
271 		ath_edma_reinit_fifo(sc, HAL_RX_QUEUE_LP);
272 		sc->sc_rx_resetted = 0;
273 	} else {
274 		device_printf(sc->sc_dev,
275 		    "%s: called without resetting chip? "
276 		    "resetted=%d, stopped=%d\n",
277 		    __func__,
278 		    sc->sc_rx_resetted,
279 		    sc->sc_rx_stopped);
280 	}
281 
282 	/* Add up to m_fifolen entries in each queue */
283 	/*
284 	 * These must occur after the above write so the FIFO buffers
285 	 * are pushed/tracked in the same order as the hardware will
286 	 * process them.
287 	 *
288 	 * XXX TODO: is this really necessary? We should've stopped
289 	 * the hardware already and reinitialised it, so it's a no-op.
290 	 */
291 	ath_edma_rxfifo_alloc(sc, HAL_RX_QUEUE_HP,
292 	    sc->sc_rxedma[HAL_RX_QUEUE_HP].m_fifolen);
293 
294 	ath_edma_rxfifo_alloc(sc, HAL_RX_QUEUE_LP,
295 	    sc->sc_rxedma[HAL_RX_QUEUE_LP].m_fifolen);
296 
297 	ath_mode_init(sc);
298 	ath_hal_startpcurecv(ah, (!! sc->sc_scanning));
299 
300 	/*
301 	 * We're now doing RX DMA!
302 	 */
303 	sc->sc_rx_stopped = 0;
304 
305 	ATH_RX_UNLOCK(sc);
306 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: ready\n", __func__);
307 
308 	return (0);
309 }
310 
311 static void
312 ath_edma_recv_sched_queue(struct ath_softc *sc, HAL_RX_QUEUE qtype,
313     int dosched)
314 {
315 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: called; qtype=%d, dosched=%d\n",
316 	    __func__, qtype, dosched);
317 
318 	ATH_LOCK(sc);
319 	ath_power_set_power_state(sc, HAL_PM_AWAKE);
320 	ATH_UNLOCK(sc);
321 
322 	ath_edma_recv_proc_queue(sc, qtype, dosched);
323 
324 	ATH_LOCK(sc);
325 	ath_power_restore_power_state(sc);
326 	ATH_UNLOCK(sc);
327 
328 	/* XXX TODO: methodize */
329 	taskqueue_enqueue(sc->sc_tq, &sc->sc_rxtask);
330 
331 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: done\n", __func__);
332 }
333 
334 static void
335 ath_edma_recv_sched(struct ath_softc *sc, int dosched)
336 {
337 
338 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: called; dosched=%d\n",
339 	    __func__, dosched);
340 
341 	ATH_LOCK(sc);
342 	ath_power_set_power_state(sc, HAL_PM_AWAKE);
343 	ATH_UNLOCK(sc);
344 
345 	ath_edma_recv_proc_queue(sc, HAL_RX_QUEUE_HP, dosched);
346 	ath_edma_recv_proc_queue(sc, HAL_RX_QUEUE_LP, dosched);
347 
348 	ATH_LOCK(sc);
349 	ath_power_restore_power_state(sc);
350 	ATH_UNLOCK(sc);
351 
352 	/* XXX TODO: methodize */
353 	taskqueue_enqueue(sc->sc_tq, &sc->sc_rxtask);
354 
355 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: done\n", __func__);
356 }
357 
358 static void
359 ath_edma_recv_flush(struct ath_softc *sc)
360 {
361 
362 	DPRINTF(sc, ATH_DEBUG_RECV | ATH_DEBUG_EDMA_RX, "%s: called\n", __func__);
363 
364 	ATH_PCU_LOCK(sc);
365 	sc->sc_rxproc_cnt++;
366 	ATH_PCU_UNLOCK(sc);
367 
368 	// XXX TODO: methodize; make it an RX stop/block
369 	while (taskqueue_cancel(sc->sc_tq, &sc->sc_rxtask, NULL) != 0) {
370 		taskqueue_drain(sc->sc_tq, &sc->sc_rxtask);
371 	}
372 
373 	ATH_LOCK(sc);
374 	ath_power_set_power_state(sc, HAL_PM_AWAKE);
375 	ATH_UNLOCK(sc);
376 
377 	/*
378 	 * Flush any active frames from FIFO -> deferred list
379 	 */
380 	ath_edma_recv_proc_queue(sc, HAL_RX_QUEUE_HP, 0);
381 	ath_edma_recv_proc_queue(sc, HAL_RX_QUEUE_LP, 0);
382 
383 	/*
384 	 * Process what's in the deferred queue
385 	 */
386 	/*
387 	 * XXX: If we read the tsf/channoise here and then pass it in,
388 	 * we could restore the power state before processing
389 	 * the deferred queue.
390 	 */
391 	ath_edma_recv_proc_deferred_queue(sc, HAL_RX_QUEUE_HP, 0);
392 	ath_edma_recv_proc_deferred_queue(sc, HAL_RX_QUEUE_LP, 0);
393 
394 	ATH_LOCK(sc);
395 	ath_power_restore_power_state(sc);
396 	ATH_UNLOCK(sc);
397 
398 	ATH_PCU_LOCK(sc);
399 	sc->sc_rxproc_cnt--;
400 	ATH_PCU_UNLOCK(sc);
401 
402 	DPRINTF(sc, ATH_DEBUG_RECV | ATH_DEBUG_EDMA_RX, "%s: done\n", __func__);
403 }
404 
405 /*
406  * Process frames from the current queue into the deferred queue.
407  */
408 static void
409 ath_edma_recv_proc_queue(struct ath_softc *sc, HAL_RX_QUEUE qtype,
410     int dosched)
411 {
412 	struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
413 	struct ath_rx_status *rs;
414 	struct ath_desc *ds;
415 	struct ath_buf *bf;
416 	struct mbuf *m;
417 	struct ath_hal *ah = sc->sc_ah;
418 	uint64_t tsf;
419 	uint16_t nf;
420 	int npkts = 0;
421 
422 	tsf = ath_hal_gettsf64(ah);
423 	nf = ath_hal_getchannoise(ah, sc->sc_curchan);
424 	sc->sc_stats.ast_rx_noise = nf;
425 
426 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: called; qtype=%d, dosched=%d\n", __func__, qtype, dosched);
427 
428 	ATH_RX_LOCK(sc);
429 
430 #if 1
431 	if (sc->sc_rx_resetted == 1) {
432 		/*
433 		 * XXX We shouldn't ever be scheduled if
434 		 * receive has been stopped - so complain
435 		 * loudly!
436 		 */
437 		device_printf(sc->sc_dev,
438 		    "%s: sc_rx_resetted=1! Bad!\n",
439 		    __func__);
440 		ATH_RX_UNLOCK(sc);
441 		return;
442 	}
443 #endif
444 
445 	do {
446 		bf = re->m_fifo[re->m_fifo_head];
447 		/* This shouldn't occur! */
448 		if (bf == NULL) {
449 			device_printf(sc->sc_dev, "%s: Q%d: NULL bf?\n",
450 			    __func__,
451 			    qtype);
452 			break;
453 		}
454 		m = bf->bf_m;
455 		ds = bf->bf_desc;
456 
457 		/*
458 		 * Sync descriptor memory - this also syncs the buffer for us.
459 		 * EDMA descriptors are in cached memory.
460 		 */
461 		bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap,
462 		    BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
463 		rs = &bf->bf_status.ds_rxstat;
464 		bf->bf_rxstatus = ath_hal_rxprocdesc(ah, ds, bf->bf_daddr,
465 		    NULL, rs);
466 		if (bf->bf_rxstatus == HAL_EINPROGRESS)
467 			break;
468 #ifdef	ATH_DEBUG
469 		if (sc->sc_debug & ATH_DEBUG_RECV_DESC)
470 			ath_printrxbuf(sc, bf, 0, bf->bf_rxstatus == HAL_OK);
471 #endif /* ATH_DEBUG */
472 #ifdef	ATH_DEBUG_ALQ
473 		if (if_ath_alq_checkdebug(&sc->sc_alq, ATH_ALQ_EDMA_RXSTATUS))
474 			if_ath_alq_post(&sc->sc_alq, ATH_ALQ_EDMA_RXSTATUS,
475 			    sc->sc_rx_statuslen, (char *) ds);
476 #endif /* ATH_DEBUG */
477 
478 		/*
479 		 * Completed descriptor.
480 		 */
481 		DPRINTF(sc, ATH_DEBUG_EDMA_RX,
482 		    "%s: Q%d: completed!\n", __func__, qtype);
483 		npkts++;
484 
485 		/*
486 		 * We've been synced already, so unmap.
487 		 */
488 		bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
489 
490 		/*
491 		 * Remove the FIFO entry and place it on the completion
492 		 * queue.
493 		 */
494 		re->m_fifo[re->m_fifo_head] = NULL;
495 		TAILQ_INSERT_TAIL(&sc->sc_rx_rxlist[qtype], bf, bf_list);
496 
497 		/* Bump the descriptor FIFO stats */
498 		INCR(re->m_fifo_head, re->m_fifolen);
499 		re->m_fifo_depth--;
500 		/* XXX check it doesn't fall below 0 */
501 	} while (re->m_fifo_depth > 0);
502 
503 	/* Append some more fresh frames to the FIFO */
504 	if (dosched)
505 		ath_edma_rxfifo_alloc(sc, qtype, re->m_fifolen);
506 
507 	ATH_RX_UNLOCK(sc);
508 
509 	/* rx signal state monitoring */
510 	ath_hal_rxmonitor(ah, &sc->sc_halstats, sc->sc_curchan);
511 
512 	ATH_KTR(sc, ATH_KTR_INTERRUPTS, 1,
513 	    "ath edma rx proc: npkts=%d\n",
514 	    npkts);
515 
516 	return;
517 }
518 
519 /*
520  * Flush the deferred queue.
521  *
522  * This destructively flushes the deferred queue - it doesn't
523  * call the wireless stack on each mbuf.
524  */
525 static void
526 ath_edma_flush_deferred_queue(struct ath_softc *sc)
527 {
528 	struct ath_buf *bf;
529 
530 	ATH_RX_LOCK_ASSERT(sc);
531 
532 	/* Free in one set, inside the lock */
533 	while (! TAILQ_EMPTY(&sc->sc_rx_rxlist[HAL_RX_QUEUE_LP])) {
534 		bf = TAILQ_FIRST(&sc->sc_rx_rxlist[HAL_RX_QUEUE_LP]);
535 		TAILQ_REMOVE(&sc->sc_rx_rxlist[HAL_RX_QUEUE_LP], bf, bf_list);
536 		/* Free the buffer/mbuf */
537 		ath_edma_rxbuf_free(sc, bf);
538 	}
539 	while (! TAILQ_EMPTY(&sc->sc_rx_rxlist[HAL_RX_QUEUE_HP])) {
540 		bf = TAILQ_FIRST(&sc->sc_rx_rxlist[HAL_RX_QUEUE_HP]);
541 		TAILQ_REMOVE(&sc->sc_rx_rxlist[HAL_RX_QUEUE_HP], bf, bf_list);
542 		/* Free the buffer/mbuf */
543 		ath_edma_rxbuf_free(sc, bf);
544 	}
545 }
546 
547 static int
548 ath_edma_recv_proc_deferred_queue(struct ath_softc *sc, HAL_RX_QUEUE qtype,
549     int dosched)
550 {
551 	int ngood = 0;
552 	uint64_t tsf;
553 	struct ath_buf *bf, *next;
554 	struct ath_rx_status *rs;
555 	int16_t nf;
556 	ath_bufhead rxlist;
557 	struct mbuf *m;
558 
559 	TAILQ_INIT(&rxlist);
560 
561 	nf = ath_hal_getchannoise(sc->sc_ah, sc->sc_curchan);
562 	/*
563 	 * XXX TODO: the NF/TSF should be stamped on the bufs themselves,
564 	 * otherwise we may end up adding in the wrong values if this
565 	 * is delayed too far..
566 	 */
567 	tsf = ath_hal_gettsf64(sc->sc_ah);
568 
569 	/* Copy the list over */
570 	ATH_RX_LOCK(sc);
571 	TAILQ_CONCAT(&rxlist, &sc->sc_rx_rxlist[qtype], bf_list);
572 	ATH_RX_UNLOCK(sc);
573 
574 	/* Handle the completed descriptors */
575 	/*
576 	 * XXX is this SAFE call needed? The ath_buf entries
577 	 * aren't modified by ath_rx_pkt, right?
578 	 */
579 	TAILQ_FOREACH_SAFE(bf, &rxlist, bf_list, next) {
580 		/*
581 		 * Skip the RX descriptor status - start at the data offset
582 		 */
583 		m_adj(bf->bf_m, sc->sc_rx_statuslen);
584 
585 		/* Handle the frame */
586 
587 		rs = &bf->bf_status.ds_rxstat;
588 		m = bf->bf_m;
589 		bf->bf_m = NULL;
590 		if (ath_rx_pkt(sc, rs, bf->bf_rxstatus, tsf, nf, qtype, bf, m))
591 			ngood++;
592 	}
593 
594 	if (ngood) {
595 		sc->sc_lastrx = tsf;
596 	}
597 
598 	ATH_KTR(sc, ATH_KTR_INTERRUPTS, 1,
599 	    "ath edma rx deferred proc: ngood=%d\n",
600 	    ngood);
601 
602 	/* Free in one set, inside the lock */
603 	ATH_RX_LOCK(sc);
604 	while (! TAILQ_EMPTY(&rxlist)) {
605 		bf = TAILQ_FIRST(&rxlist);
606 		TAILQ_REMOVE(&rxlist, bf, bf_list);
607 		/* Free the buffer/mbuf */
608 		ath_edma_rxbuf_free(sc, bf);
609 	}
610 	ATH_RX_UNLOCK(sc);
611 
612 	return (ngood);
613 }
614 
615 static void
616 ath_edma_recv_tasklet(void *arg, int npending)
617 {
618 	struct ath_softc *sc = (struct ath_softc *) arg;
619 #ifdef	IEEE80211_SUPPORT_SUPERG
620 	struct ieee80211com *ic = &sc->sc_ic;
621 #endif
622 
623 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: called; npending=%d\n",
624 	    __func__,
625 	    npending);
626 
627 	ATH_PCU_LOCK(sc);
628 	if (sc->sc_inreset_cnt > 0) {
629 		device_printf(sc->sc_dev, "%s: sc_inreset_cnt > 0; skipping\n",
630 		    __func__);
631 		ATH_PCU_UNLOCK(sc);
632 		return;
633 	}
634 	sc->sc_rxproc_cnt++;
635 	ATH_PCU_UNLOCK(sc);
636 
637 	ATH_LOCK(sc);
638 	ath_power_set_power_state(sc, HAL_PM_AWAKE);
639 	ATH_UNLOCK(sc);
640 
641 	ath_edma_recv_proc_deferred_queue(sc, HAL_RX_QUEUE_HP, 1);
642 	ath_edma_recv_proc_deferred_queue(sc, HAL_RX_QUEUE_LP, 1);
643 
644 	/*
645 	 * XXX: If we read the tsf/channoise here and then pass it in,
646 	 * we could restore the power state before processing
647 	 * the deferred queue.
648 	 */
649 	ATH_LOCK(sc);
650 	ath_power_restore_power_state(sc);
651 	ATH_UNLOCK(sc);
652 
653 #ifdef	IEEE80211_SUPPORT_SUPERG
654 	ieee80211_ff_age_all(ic, 100);
655 #endif
656 	if (ath_dfs_tasklet_needed(sc, sc->sc_curchan))
657 		taskqueue_enqueue(sc->sc_tq, &sc->sc_dfstask);
658 
659 	ATH_PCU_LOCK(sc);
660 	sc->sc_rxproc_cnt--;
661 	ATH_PCU_UNLOCK(sc);
662 
663 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: called; done!\n", __func__);
664 }
665 
666 /*
667  * Allocate an RX mbuf for the given ath_buf and initialise
668  * it for EDMA.
669  *
670  * + Allocate a 4KB mbuf;
671  * + Setup the DMA map for the given buffer;
672  * + Return that.
673  */
674 static int
675 ath_edma_rxbuf_init(struct ath_softc *sc, struct ath_buf *bf)
676 {
677 
678 	struct mbuf *m;
679 	int error;
680 	int len;
681 
682 	ATH_RX_LOCK_ASSERT(sc);
683 
684 	m = m_getm(NULL, sc->sc_edma_bufsize, M_NOWAIT, MT_DATA);
685 	if (! m)
686 		return (ENOBUFS);		/* XXX ?*/
687 
688 	/* XXX warn/enforce alignment */
689 
690 	len = m->m_ext.ext_size;
691 #if 0
692 	device_printf(sc->sc_dev, "%s: called: m=%p, size=%d, mtod=%p\n",
693 	    __func__,
694 	    m,
695 	    len,
696 	    mtod(m, char *));
697 #endif
698 
699 	m->m_pkthdr.len = m->m_len = m->m_ext.ext_size;
700 
701 	/*
702 	 * Populate ath_buf fields.
703 	 */
704 	bf->bf_desc = mtod(m, struct ath_desc *);
705 	bf->bf_lastds = bf->bf_desc;	/* XXX only really for TX? */
706 	bf->bf_m = m;
707 
708 	/*
709 	 * Zero the descriptor and ensure it makes it out to the
710 	 * bounce buffer if one is required.
711 	 *
712 	 * XXX PREWRITE will copy the whole buffer; we only needed it
713 	 * to sync the first 32 DWORDS.  Oh well.
714 	 */
715 	memset(bf->bf_desc, '\0', sc->sc_rx_statuslen);
716 
717 	/*
718 	 * Create DMA mapping.
719 	 */
720 	error = bus_dmamap_load_mbuf_sg(sc->sc_dmat,
721 	    bf->bf_dmamap, m, bf->bf_segs, &bf->bf_nseg, BUS_DMA_NOWAIT);
722 
723 	if (error != 0) {
724 		device_printf(sc->sc_dev, "%s: failed; error=%d\n",
725 		    __func__,
726 		    error);
727 		m_freem(m);
728 		return (error);
729 	}
730 
731 	/*
732 	 * Set daddr to the physical mapping page.
733 	 */
734 	bf->bf_daddr = bf->bf_segs[0].ds_addr;
735 
736 	/*
737 	 * Prepare for the upcoming read.
738 	 *
739 	 * We need to both sync some data into the buffer (the zero'ed
740 	 * descriptor payload) and also prepare for the read that's going
741 	 * to occur.
742 	 */
743 	bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap,
744 	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
745 
746 	/* Finish! */
747 	return (0);
748 }
749 
750 /*
751  * Allocate a RX buffer.
752  */
753 static struct ath_buf *
754 ath_edma_rxbuf_alloc(struct ath_softc *sc)
755 {
756 	struct ath_buf *bf;
757 	int error;
758 
759 	ATH_RX_LOCK_ASSERT(sc);
760 
761 	/* Allocate buffer */
762 	bf = TAILQ_FIRST(&sc->sc_rxbuf);
763 	/* XXX shouldn't happen upon startup? */
764 	if (bf == NULL) {
765 		DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: nothing on rxbuf?!\n",
766 		    __func__);
767 		return (NULL);
768 	}
769 
770 	/* Remove it from the free list */
771 	TAILQ_REMOVE(&sc->sc_rxbuf, bf, bf_list);
772 
773 	/* Assign RX mbuf to it */
774 	error = ath_edma_rxbuf_init(sc, bf);
775 	if (error != 0) {
776 		device_printf(sc->sc_dev,
777 		    "%s: bf=%p, rxbuf alloc failed! error=%d\n",
778 		    __func__,
779 		    bf,
780 		    error);
781 		TAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list);
782 		return (NULL);
783 	}
784 
785 	return (bf);
786 }
787 
788 static void
789 ath_edma_rxbuf_free(struct ath_softc *sc, struct ath_buf *bf)
790 {
791 
792 	ATH_RX_LOCK_ASSERT(sc);
793 
794 	/*
795 	 * Only unload the frame if we haven't consumed
796 	 * the mbuf via ath_rx_pkt().
797 	 */
798 	if (bf->bf_m) {
799 		bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
800 		m_freem(bf->bf_m);
801 		bf->bf_m = NULL;
802 	}
803 
804 	/* XXX lock? */
805 	TAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list);
806 }
807 
808 /*
809  * Allocate up to 'n' entries and push them onto the hardware FIFO.
810  *
811  * Return how many entries were successfully pushed onto the
812  * FIFO.
813  */
814 static int
815 ath_edma_rxfifo_alloc(struct ath_softc *sc, HAL_RX_QUEUE qtype, int nbufs)
816 {
817 	struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
818 	struct ath_buf *bf;
819 	int i;
820 
821 	ATH_RX_LOCK_ASSERT(sc);
822 
823 	/*
824 	 * Allocate buffers until the FIFO is full or nbufs is reached.
825 	 */
826 	for (i = 0; i < nbufs && re->m_fifo_depth < re->m_fifolen; i++) {
827 		/* Ensure the FIFO is already blank, complain loudly! */
828 		if (re->m_fifo[re->m_fifo_tail] != NULL) {
829 			device_printf(sc->sc_dev,
830 			    "%s: Q%d: fifo[%d] != NULL (%p)\n",
831 			    __func__,
832 			    qtype,
833 			    re->m_fifo_tail,
834 			    re->m_fifo[re->m_fifo_tail]);
835 
836 			/* Free the slot */
837 			ath_edma_rxbuf_free(sc, re->m_fifo[re->m_fifo_tail]);
838 			re->m_fifo_depth--;
839 			/* XXX check it's not < 0 */
840 			re->m_fifo[re->m_fifo_tail] = NULL;
841 		}
842 
843 		bf = ath_edma_rxbuf_alloc(sc);
844 		/* XXX should ensure the FIFO is not NULL? */
845 		if (bf == NULL) {
846 			DPRINTF(sc, ATH_DEBUG_EDMA_RX,
847 			    "%s: Q%d: alloc failed: i=%d, nbufs=%d?\n",
848 			    __func__,
849 			    qtype,
850 			    i,
851 			    nbufs);
852 			break;
853 		}
854 
855 		re->m_fifo[re->m_fifo_tail] = bf;
856 
857 		/* Write to the RX FIFO */
858 		DPRINTF(sc, ATH_DEBUG_EDMA_RX,
859 		    "%s: Q%d: putrxbuf=%p (0x%jx)\n",
860 		    __func__,
861 		    qtype,
862 		    bf->bf_desc,
863 		    (uintmax_t) bf->bf_daddr);
864 		ath_hal_putrxbuf(sc->sc_ah, bf->bf_daddr, qtype);
865 
866 		re->m_fifo_depth++;
867 		INCR(re->m_fifo_tail, re->m_fifolen);
868 	}
869 
870 	/*
871 	 * Return how many were allocated.
872 	 */
873 	DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: Q%d: nbufs=%d, nalloced=%d\n",
874 	    __func__,
875 	    qtype,
876 	    nbufs,
877 	    i);
878 	return (i);
879 }
880 
881 static int
882 ath_edma_rxfifo_flush(struct ath_softc *sc, HAL_RX_QUEUE qtype)
883 {
884 	struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
885 	int i;
886 
887 	ATH_RX_LOCK_ASSERT(sc);
888 
889 	for (i = 0; i < re->m_fifolen; i++) {
890 		if (re->m_fifo[i] != NULL) {
891 #ifdef	ATH_DEBUG
892 			struct ath_buf *bf = re->m_fifo[i];
893 
894 			if (sc->sc_debug & ATH_DEBUG_RECV_DESC)
895 				ath_printrxbuf(sc, bf, 0, HAL_OK);
896 #endif
897 			ath_edma_rxbuf_free(sc, re->m_fifo[i]);
898 			re->m_fifo[i] = NULL;
899 			re->m_fifo_depth--;
900 		}
901 	}
902 
903 	if (re->m_rxpending != NULL) {
904 		m_freem(re->m_rxpending);
905 		re->m_rxpending = NULL;
906 	}
907 	re->m_fifo_head = re->m_fifo_tail = re->m_fifo_depth = 0;
908 
909 	return (0);
910 }
911 
912 /*
913  * Setup the initial RX FIFO structure.
914  */
915 static int
916 ath_edma_setup_rxfifo(struct ath_softc *sc, HAL_RX_QUEUE qtype)
917 {
918 	struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
919 
920 	ATH_RX_LOCK_ASSERT(sc);
921 
922 	if (! ath_hal_getrxfifodepth(sc->sc_ah, qtype, &re->m_fifolen)) {
923 		device_printf(sc->sc_dev, "%s: qtype=%d, failed\n",
924 		    __func__,
925 		    qtype);
926 		return (-EINVAL);
927 	}
928 
929 	if (bootverbose)
930 		device_printf(sc->sc_dev,
931 		    "%s: type=%d, FIFO depth = %d entries\n",
932 		    __func__,
933 		    qtype,
934 		    re->m_fifolen);
935 
936 	/* Allocate ath_buf FIFO array, pre-zero'ed */
937 	re->m_fifo = malloc(sizeof(struct ath_buf *) * re->m_fifolen,
938 	    M_ATHDEV,
939 	    M_NOWAIT | M_ZERO);
940 	if (re->m_fifo == NULL) {
941 		device_printf(sc->sc_dev, "%s: malloc failed\n",
942 		    __func__);
943 		return (-ENOMEM);
944 	}
945 
946 	/*
947 	 * Set initial "empty" state.
948 	 */
949 	re->m_rxpending = NULL;
950 	re->m_fifo_head = re->m_fifo_tail = re->m_fifo_depth = 0;
951 
952 	return (0);
953 }
954 
955 static int
956 ath_edma_rxfifo_free(struct ath_softc *sc, HAL_RX_QUEUE qtype)
957 {
958 	struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
959 
960 	device_printf(sc->sc_dev, "%s: called; qtype=%d\n",
961 	    __func__,
962 	    qtype);
963 
964 	free(re->m_fifo, M_ATHDEV);
965 
966 	return (0);
967 }
968 
969 static int
970 ath_edma_dma_rxsetup(struct ath_softc *sc)
971 {
972 	int error;
973 
974 	/*
975 	 * Create RX DMA tag and buffers.
976 	 */
977 	error = ath_descdma_setup_rx_edma(sc, &sc->sc_rxdma, &sc->sc_rxbuf,
978 	    "rx", ath_rxbuf, sc->sc_rx_statuslen);
979 	if (error != 0)
980 		return error;
981 
982 	ATH_RX_LOCK(sc);
983 	(void) ath_edma_setup_rxfifo(sc, HAL_RX_QUEUE_HP);
984 	(void) ath_edma_setup_rxfifo(sc, HAL_RX_QUEUE_LP);
985 	ATH_RX_UNLOCK(sc);
986 
987 	return (0);
988 }
989 
990 static int
991 ath_edma_dma_rxteardown(struct ath_softc *sc)
992 {
993 
994 	ATH_RX_LOCK(sc);
995 	ath_edma_flush_deferred_queue(sc);
996 	ath_edma_rxfifo_flush(sc, HAL_RX_QUEUE_HP);
997 	ath_edma_rxfifo_free(sc, HAL_RX_QUEUE_HP);
998 
999 	ath_edma_rxfifo_flush(sc, HAL_RX_QUEUE_LP);
1000 	ath_edma_rxfifo_free(sc, HAL_RX_QUEUE_LP);
1001 	ATH_RX_UNLOCK(sc);
1002 
1003 	/* Free RX ath_buf */
1004 	/* Free RX DMA tag */
1005 	if (sc->sc_rxdma.dd_desc_len != 0)
1006 		ath_descdma_cleanup(sc, &sc->sc_rxdma, &sc->sc_rxbuf);
1007 
1008 	return (0);
1009 }
1010 
1011 void
1012 ath_recv_setup_edma(struct ath_softc *sc)
1013 {
1014 
1015 	/* Set buffer size to 4k */
1016 	sc->sc_edma_bufsize = 4096;
1017 
1018 	/* Fetch EDMA field and buffer sizes */
1019 	(void) ath_hal_getrxstatuslen(sc->sc_ah, &sc->sc_rx_statuslen);
1020 
1021 	/* Configure the hardware with the RX buffer size */
1022 	(void) ath_hal_setrxbufsize(sc->sc_ah, sc->sc_edma_bufsize -
1023 	    sc->sc_rx_statuslen);
1024 
1025 	if (bootverbose) {
1026 		device_printf(sc->sc_dev, "RX status length: %d\n",
1027 		    sc->sc_rx_statuslen);
1028 		device_printf(sc->sc_dev, "RX buffer size: %d\n",
1029 		    sc->sc_edma_bufsize);
1030 	}
1031 
1032 	sc->sc_rx.recv_stop = ath_edma_stoprecv;
1033 	sc->sc_rx.recv_start = ath_edma_startrecv;
1034 	sc->sc_rx.recv_flush = ath_edma_recv_flush;
1035 	sc->sc_rx.recv_tasklet = ath_edma_recv_tasklet;
1036 	sc->sc_rx.recv_rxbuf_init = ath_edma_rxbuf_init;
1037 
1038 	sc->sc_rx.recv_setup = ath_edma_dma_rxsetup;
1039 	sc->sc_rx.recv_teardown = ath_edma_dma_rxteardown;
1040 
1041 	sc->sc_rx.recv_sched = ath_edma_recv_sched;
1042 	sc->sc_rx.recv_sched_queue = ath_edma_recv_sched_queue;
1043 }
1044