xref: /freebsd/sys/dev/bwn/if_bwn.c (revision 9f9b430b197226a589e2b9725b02a9245b066dc3)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2009-2010 Weongyo Jeong <weongyo@freebsd.org>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer,
12  *    without modification.
13  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
14  *    similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
15  *    redistribution must be conditioned upon including a substantially
16  *    similar Disclaimer requirement for further binary redistribution.
17  *
18  * NO WARRANTY
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
22  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
23  * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
24  * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
27  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
29  * THE POSSIBILITY OF SUCH DAMAGES.
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 /*
36  * The Broadcom Wireless LAN controller driver.
37  */
38 
39 #include "opt_bwn.h"
40 #include "opt_wlan.h"
41 
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/malloc.h>
46 #include <sys/module.h>
47 #include <sys/endian.h>
48 #include <sys/errno.h>
49 #include <sys/firmware.h>
50 #include <sys/lock.h>
51 #include <sys/mutex.h>
52 #include <machine/bus.h>
53 #include <machine/resource.h>
54 #include <sys/bus.h>
55 #include <sys/rman.h>
56 #include <sys/socket.h>
57 #include <sys/sockio.h>
58 
59 #include <net/ethernet.h>
60 #include <net/if.h>
61 #include <net/if_var.h>
62 #include <net/if_arp.h>
63 #include <net/if_dl.h>
64 #include <net/if_llc.h>
65 #include <net/if_media.h>
66 #include <net/if_types.h>
67 
68 #include <dev/pci/pcivar.h>
69 #include <dev/pci/pcireg.h>
70 
71 #include <net80211/ieee80211_var.h>
72 #include <net80211/ieee80211_radiotap.h>
73 #include <net80211/ieee80211_regdomain.h>
74 #include <net80211/ieee80211_phy.h>
75 #include <net80211/ieee80211_ratectl.h>
76 
77 #include <dev/bwn/if_bwn_siba.h>
78 
79 #include <dev/bwn/if_bwnreg.h>
80 #include <dev/bwn/if_bwnvar.h>
81 
82 #include <dev/bwn/if_bwn_debug.h>
83 #include <dev/bwn/if_bwn_misc.h>
84 #include <dev/bwn/if_bwn_util.h>
85 #include <dev/bwn/if_bwn_phy_common.h>
86 #include <dev/bwn/if_bwn_phy_g.h>
87 #include <dev/bwn/if_bwn_phy_lp.h>
88 #include <dev/bwn/if_bwn_phy_n.h>
89 
90 static SYSCTL_NODE(_hw, OID_AUTO, bwn, CTLFLAG_RD, 0,
91     "Broadcom driver parameters");
92 
93 /*
94  * Tunable & sysctl variables.
95  */
96 
97 #ifdef BWN_DEBUG
98 static	int bwn_debug = 0;
99 SYSCTL_INT(_hw_bwn, OID_AUTO, debug, CTLFLAG_RWTUN, &bwn_debug, 0,
100     "Broadcom debugging printfs");
101 #endif
102 
103 static int	bwn_bfp = 0;		/* use "Bad Frames Preemption" */
104 SYSCTL_INT(_hw_bwn, OID_AUTO, bfp, CTLFLAG_RW, &bwn_bfp, 0,
105     "uses Bad Frames Preemption");
106 static int	bwn_bluetooth = 1;
107 SYSCTL_INT(_hw_bwn, OID_AUTO, bluetooth, CTLFLAG_RW, &bwn_bluetooth, 0,
108     "turns on Bluetooth Coexistence");
109 static int	bwn_hwpctl = 0;
110 SYSCTL_INT(_hw_bwn, OID_AUTO, hwpctl, CTLFLAG_RW, &bwn_hwpctl, 0,
111     "uses H/W power control");
112 static int	bwn_msi_disable = 0;		/* MSI disabled  */
113 TUNABLE_INT("hw.bwn.msi_disable", &bwn_msi_disable);
114 static int	bwn_usedma = 1;
115 SYSCTL_INT(_hw_bwn, OID_AUTO, usedma, CTLFLAG_RD, &bwn_usedma, 0,
116     "uses DMA");
117 TUNABLE_INT("hw.bwn.usedma", &bwn_usedma);
118 static int	bwn_wme = 1;
119 SYSCTL_INT(_hw_bwn, OID_AUTO, wme, CTLFLAG_RW, &bwn_wme, 0,
120     "uses WME support");
121 
122 static void	bwn_attach_pre(struct bwn_softc *);
123 static int	bwn_attach_post(struct bwn_softc *);
124 static void	bwn_sprom_bugfixes(device_t);
125 static int	bwn_init(struct bwn_softc *);
126 static void	bwn_parent(struct ieee80211com *);
127 static void	bwn_start(struct bwn_softc *);
128 static int	bwn_transmit(struct ieee80211com *, struct mbuf *);
129 static int	bwn_attach_core(struct bwn_mac *);
130 static int	bwn_phy_getinfo(struct bwn_mac *, int);
131 static int	bwn_chiptest(struct bwn_mac *);
132 static int	bwn_setup_channels(struct bwn_mac *, int, int);
133 static void	bwn_shm_ctlword(struct bwn_mac *, uint16_t,
134 		    uint16_t);
135 static void	bwn_addchannels(struct ieee80211_channel [], int, int *,
136 		    const struct bwn_channelinfo *, const uint8_t []);
137 static int	bwn_raw_xmit(struct ieee80211_node *, struct mbuf *,
138 		    const struct ieee80211_bpf_params *);
139 static void	bwn_updateslot(struct ieee80211com *);
140 static void	bwn_update_promisc(struct ieee80211com *);
141 static void	bwn_wme_init(struct bwn_mac *);
142 static int	bwn_wme_update(struct ieee80211com *);
143 static void	bwn_wme_clear(struct bwn_softc *);
144 static void	bwn_wme_load(struct bwn_mac *);
145 static void	bwn_wme_loadparams(struct bwn_mac *,
146 		    const struct wmeParams *, uint16_t);
147 static void	bwn_scan_start(struct ieee80211com *);
148 static void	bwn_scan_end(struct ieee80211com *);
149 static void	bwn_set_channel(struct ieee80211com *);
150 static struct ieee80211vap *bwn_vap_create(struct ieee80211com *,
151 		    const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
152 		    const uint8_t [IEEE80211_ADDR_LEN],
153 		    const uint8_t [IEEE80211_ADDR_LEN]);
154 static void	bwn_vap_delete(struct ieee80211vap *);
155 static void	bwn_stop(struct bwn_softc *);
156 static int	bwn_core_init(struct bwn_mac *);
157 static void	bwn_core_start(struct bwn_mac *);
158 static void	bwn_core_exit(struct bwn_mac *);
159 static void	bwn_bt_disable(struct bwn_mac *);
160 static int	bwn_chip_init(struct bwn_mac *);
161 static void	bwn_set_txretry(struct bwn_mac *, int, int);
162 static void	bwn_rate_init(struct bwn_mac *);
163 static void	bwn_set_phytxctl(struct bwn_mac *);
164 static void	bwn_spu_setdelay(struct bwn_mac *, int);
165 static void	bwn_bt_enable(struct bwn_mac *);
166 static void	bwn_set_macaddr(struct bwn_mac *);
167 static void	bwn_crypt_init(struct bwn_mac *);
168 static void	bwn_chip_exit(struct bwn_mac *);
169 static int	bwn_fw_fillinfo(struct bwn_mac *);
170 static int	bwn_fw_loaducode(struct bwn_mac *);
171 static int	bwn_gpio_init(struct bwn_mac *);
172 static int	bwn_fw_loadinitvals(struct bwn_mac *);
173 static int	bwn_phy_init(struct bwn_mac *);
174 static void	bwn_set_txantenna(struct bwn_mac *, int);
175 static void	bwn_set_opmode(struct bwn_mac *);
176 static void	bwn_rate_write(struct bwn_mac *, uint16_t, int);
177 static uint8_t	bwn_plcp_getcck(const uint8_t);
178 static uint8_t	bwn_plcp_getofdm(const uint8_t);
179 static void	bwn_pio_init(struct bwn_mac *);
180 static uint16_t	bwn_pio_idx2base(struct bwn_mac *, int);
181 static void	bwn_pio_set_txqueue(struct bwn_mac *, struct bwn_pio_txqueue *,
182 		    int);
183 static void	bwn_pio_setupqueue_rx(struct bwn_mac *,
184 		    struct bwn_pio_rxqueue *, int);
185 static void	bwn_destroy_queue_tx(struct bwn_pio_txqueue *);
186 static uint16_t	bwn_pio_read_2(struct bwn_mac *, struct bwn_pio_txqueue *,
187 		    uint16_t);
188 static void	bwn_pio_cancel_tx_packets(struct bwn_pio_txqueue *);
189 static int	bwn_pio_rx(struct bwn_pio_rxqueue *);
190 static uint8_t	bwn_pio_rxeof(struct bwn_pio_rxqueue *);
191 static void	bwn_pio_handle_txeof(struct bwn_mac *,
192 		    const struct bwn_txstatus *);
193 static uint16_t	bwn_pio_rx_read_2(struct bwn_pio_rxqueue *, uint16_t);
194 static uint32_t	bwn_pio_rx_read_4(struct bwn_pio_rxqueue *, uint16_t);
195 static void	bwn_pio_rx_write_2(struct bwn_pio_rxqueue *, uint16_t,
196 		    uint16_t);
197 static void	bwn_pio_rx_write_4(struct bwn_pio_rxqueue *, uint16_t,
198 		    uint32_t);
199 static int	bwn_pio_tx_start(struct bwn_mac *, struct ieee80211_node *,
200 		    struct mbuf *);
201 static struct bwn_pio_txqueue *bwn_pio_select(struct bwn_mac *, uint8_t);
202 static uint32_t	bwn_pio_write_multi_4(struct bwn_mac *,
203 		    struct bwn_pio_txqueue *, uint32_t, const void *, int);
204 static void	bwn_pio_write_4(struct bwn_mac *, struct bwn_pio_txqueue *,
205 		    uint16_t, uint32_t);
206 static uint16_t	bwn_pio_write_multi_2(struct bwn_mac *,
207 		    struct bwn_pio_txqueue *, uint16_t, const void *, int);
208 static uint16_t	bwn_pio_write_mbuf_2(struct bwn_mac *,
209 		    struct bwn_pio_txqueue *, uint16_t, struct mbuf *);
210 static struct bwn_pio_txqueue *bwn_pio_parse_cookie(struct bwn_mac *,
211 		    uint16_t, struct bwn_pio_txpkt **);
212 static void	bwn_dma_init(struct bwn_mac *);
213 static void	bwn_dma_rxdirectfifo(struct bwn_mac *, int, uint8_t);
214 static int	bwn_dma_mask2type(uint64_t);
215 static uint64_t	bwn_dma_mask(struct bwn_mac *);
216 static uint16_t	bwn_dma_base(int, int);
217 static void	bwn_dma_ringfree(struct bwn_dma_ring **);
218 static void	bwn_dma_32_getdesc(struct bwn_dma_ring *,
219 		    int, struct bwn_dmadesc_generic **,
220 		    struct bwn_dmadesc_meta **);
221 static void	bwn_dma_32_setdesc(struct bwn_dma_ring *,
222 		    struct bwn_dmadesc_generic *, bus_addr_t, uint16_t, int,
223 		    int, int);
224 static void	bwn_dma_32_start_transfer(struct bwn_dma_ring *, int);
225 static void	bwn_dma_32_suspend(struct bwn_dma_ring *);
226 static void	bwn_dma_32_resume(struct bwn_dma_ring *);
227 static int	bwn_dma_32_get_curslot(struct bwn_dma_ring *);
228 static void	bwn_dma_32_set_curslot(struct bwn_dma_ring *, int);
229 static void	bwn_dma_64_getdesc(struct bwn_dma_ring *,
230 		    int, struct bwn_dmadesc_generic **,
231 		    struct bwn_dmadesc_meta **);
232 static void	bwn_dma_64_setdesc(struct bwn_dma_ring *,
233 		    struct bwn_dmadesc_generic *, bus_addr_t, uint16_t, int,
234 		    int, int);
235 static void	bwn_dma_64_start_transfer(struct bwn_dma_ring *, int);
236 static void	bwn_dma_64_suspend(struct bwn_dma_ring *);
237 static void	bwn_dma_64_resume(struct bwn_dma_ring *);
238 static int	bwn_dma_64_get_curslot(struct bwn_dma_ring *);
239 static void	bwn_dma_64_set_curslot(struct bwn_dma_ring *, int);
240 static int	bwn_dma_allocringmemory(struct bwn_dma_ring *);
241 static void	bwn_dma_setup(struct bwn_dma_ring *);
242 static void	bwn_dma_free_ringmemory(struct bwn_dma_ring *);
243 static void	bwn_dma_cleanup(struct bwn_dma_ring *);
244 static void	bwn_dma_free_descbufs(struct bwn_dma_ring *);
245 static int	bwn_dma_tx_reset(struct bwn_mac *, uint16_t, int);
246 static void	bwn_dma_rx(struct bwn_dma_ring *);
247 static int	bwn_dma_rx_reset(struct bwn_mac *, uint16_t, int);
248 static void	bwn_dma_free_descbuf(struct bwn_dma_ring *,
249 		    struct bwn_dmadesc_meta *);
250 static void	bwn_dma_set_redzone(struct bwn_dma_ring *, struct mbuf *);
251 static int	bwn_dma_gettype(struct bwn_mac *);
252 static void	bwn_dma_ring_addr(void *, bus_dma_segment_t *, int, int);
253 static int	bwn_dma_freeslot(struct bwn_dma_ring *);
254 static int	bwn_dma_nextslot(struct bwn_dma_ring *, int);
255 static void	bwn_dma_rxeof(struct bwn_dma_ring *, int *);
256 static int	bwn_dma_newbuf(struct bwn_dma_ring *,
257 		    struct bwn_dmadesc_generic *, struct bwn_dmadesc_meta *,
258 		    int);
259 static void	bwn_dma_buf_addr(void *, bus_dma_segment_t *, int,
260 		    bus_size_t, int);
261 static uint8_t	bwn_dma_check_redzone(struct bwn_dma_ring *, struct mbuf *);
262 static void	bwn_ratectl_tx_complete(const struct ieee80211_node *,
263 		    const struct bwn_txstatus *);
264 static void	bwn_dma_handle_txeof(struct bwn_mac *,
265 		    const struct bwn_txstatus *);
266 static int	bwn_dma_tx_start(struct bwn_mac *, struct ieee80211_node *,
267 		    struct mbuf *);
268 static int	bwn_dma_getslot(struct bwn_dma_ring *);
269 static struct bwn_dma_ring *bwn_dma_select(struct bwn_mac *,
270 		    uint8_t);
271 static int	bwn_dma_attach(struct bwn_mac *);
272 static struct bwn_dma_ring *bwn_dma_ringsetup(struct bwn_mac *,
273 		    int, int, int);
274 static struct bwn_dma_ring *bwn_dma_parse_cookie(struct bwn_mac *,
275 		    const struct bwn_txstatus *, uint16_t, int *);
276 static void	bwn_dma_free(struct bwn_mac *);
277 static int	bwn_fw_gets(struct bwn_mac *, enum bwn_fwtype);
278 static int	bwn_fw_get(struct bwn_mac *, enum bwn_fwtype,
279 		    const char *, struct bwn_fwfile *);
280 static void	bwn_release_firmware(struct bwn_mac *);
281 static void	bwn_do_release_fw(struct bwn_fwfile *);
282 static uint16_t	bwn_fwcaps_read(struct bwn_mac *);
283 static int	bwn_fwinitvals_write(struct bwn_mac *,
284 		    const struct bwn_fwinitvals *, size_t, size_t);
285 static uint16_t	bwn_ant2phy(int);
286 static void	bwn_mac_write_bssid(struct bwn_mac *);
287 static void	bwn_mac_setfilter(struct bwn_mac *, uint16_t,
288 		    const uint8_t *);
289 static void	bwn_key_dowrite(struct bwn_mac *, uint8_t, uint8_t,
290 		    const uint8_t *, size_t, const uint8_t *);
291 static void	bwn_key_macwrite(struct bwn_mac *, uint8_t,
292 		    const uint8_t *);
293 static void	bwn_key_write(struct bwn_mac *, uint8_t, uint8_t,
294 		    const uint8_t *);
295 static void	bwn_phy_exit(struct bwn_mac *);
296 static void	bwn_core_stop(struct bwn_mac *);
297 static int	bwn_switch_band(struct bwn_softc *,
298 		    struct ieee80211_channel *);
299 static void	bwn_phy_reset(struct bwn_mac *);
300 static int	bwn_newstate(struct ieee80211vap *, enum ieee80211_state, int);
301 static void	bwn_set_pretbtt(struct bwn_mac *);
302 static int	bwn_intr(void *);
303 static void	bwn_intrtask(void *, int);
304 static void	bwn_restart(struct bwn_mac *, const char *);
305 static void	bwn_intr_ucode_debug(struct bwn_mac *);
306 static void	bwn_intr_tbtt_indication(struct bwn_mac *);
307 static void	bwn_intr_atim_end(struct bwn_mac *);
308 static void	bwn_intr_beacon(struct bwn_mac *);
309 static void	bwn_intr_pmq(struct bwn_mac *);
310 static void	bwn_intr_noise(struct bwn_mac *);
311 static void	bwn_intr_txeof(struct bwn_mac *);
312 static void	bwn_hwreset(void *, int);
313 static void	bwn_handle_fwpanic(struct bwn_mac *);
314 static void	bwn_load_beacon0(struct bwn_mac *);
315 static void	bwn_load_beacon1(struct bwn_mac *);
316 static uint32_t	bwn_jssi_read(struct bwn_mac *);
317 static void	bwn_noise_gensample(struct bwn_mac *);
318 static void	bwn_handle_txeof(struct bwn_mac *,
319 		    const struct bwn_txstatus *);
320 static void	bwn_rxeof(struct bwn_mac *, struct mbuf *, const void *);
321 static void	bwn_phy_txpower_check(struct bwn_mac *, uint32_t);
322 static int	bwn_tx_start(struct bwn_softc *, struct ieee80211_node *,
323 		    struct mbuf *);
324 static int	bwn_tx_isfull(struct bwn_softc *, struct mbuf *);
325 static int	bwn_set_txhdr(struct bwn_mac *,
326 		    struct ieee80211_node *, struct mbuf *, struct bwn_txhdr *,
327 		    uint16_t);
328 static void	bwn_plcp_genhdr(struct bwn_plcp4 *, const uint16_t,
329 		    const uint8_t);
330 static uint8_t	bwn_antenna_sanitize(struct bwn_mac *, uint8_t);
331 static uint8_t	bwn_get_fbrate(uint8_t);
332 static void	bwn_txpwr(void *, int);
333 static void	bwn_tasks(void *);
334 static void	bwn_task_15s(struct bwn_mac *);
335 static void	bwn_task_30s(struct bwn_mac *);
336 static void	bwn_task_60s(struct bwn_mac *);
337 static int	bwn_plcp_get_ofdmrate(struct bwn_mac *, struct bwn_plcp6 *,
338 		    uint8_t);
339 static int	bwn_plcp_get_cckrate(struct bwn_mac *, struct bwn_plcp6 *);
340 static void	bwn_rx_radiotap(struct bwn_mac *, struct mbuf *,
341 		    const struct bwn_rxhdr4 *, struct bwn_plcp6 *, int,
342 		    int, int);
343 static void	bwn_tsf_read(struct bwn_mac *, uint64_t *);
344 static void	bwn_set_slot_time(struct bwn_mac *, uint16_t);
345 static void	bwn_watchdog(void *);
346 static void	bwn_dma_stop(struct bwn_mac *);
347 static void	bwn_pio_stop(struct bwn_mac *);
348 static void	bwn_dma_ringstop(struct bwn_dma_ring **);
349 static void	bwn_led_attach(struct bwn_mac *);
350 static void	bwn_led_newstate(struct bwn_mac *, enum ieee80211_state);
351 static void	bwn_led_event(struct bwn_mac *, int);
352 static void	bwn_led_blink_start(struct bwn_mac *, int, int);
353 static void	bwn_led_blink_next(void *);
354 static void	bwn_led_blink_end(void *);
355 static void	bwn_rfswitch(void *);
356 static void	bwn_rf_turnon(struct bwn_mac *);
357 static void	bwn_rf_turnoff(struct bwn_mac *);
358 static void	bwn_sysctl_node(struct bwn_softc *);
359 
360 static struct resource_spec bwn_res_spec_legacy[] = {
361 	{ SYS_RES_IRQ,		0,		RF_ACTIVE | RF_SHAREABLE },
362 	{ -1,			0,		0 }
363 };
364 
365 static struct resource_spec bwn_res_spec_msi[] = {
366 	{ SYS_RES_IRQ,		1,		RF_ACTIVE },
367 	{ -1,			0,		0 }
368 };
369 
370 static const struct bwn_channelinfo bwn_chantable_bg = {
371 	.channels = {
372 		{ 2412,  1, 30 }, { 2417,  2, 30 }, { 2422,  3, 30 },
373 		{ 2427,  4, 30 }, { 2432,  5, 30 }, { 2437,  6, 30 },
374 		{ 2442,  7, 30 }, { 2447,  8, 30 }, { 2452,  9, 30 },
375 		{ 2457, 10, 30 }, { 2462, 11, 30 }, { 2467, 12, 30 },
376 		{ 2472, 13, 30 }, { 2484, 14, 30 } },
377 	.nchannels = 14
378 };
379 
380 static const struct bwn_channelinfo bwn_chantable_a = {
381 	.channels = {
382 		{ 5170,  34, 30 }, { 5180,  36, 30 }, { 5190,  38, 30 },
383 		{ 5200,  40, 30 }, { 5210,  42, 30 }, { 5220,  44, 30 },
384 		{ 5230,  46, 30 }, { 5240,  48, 30 }, { 5260,  52, 30 },
385 		{ 5280,  56, 30 }, { 5300,  60, 30 }, { 5320,  64, 30 },
386 		{ 5500, 100, 30 }, { 5520, 104, 30 }, { 5540, 108, 30 },
387 		{ 5560, 112, 30 }, { 5580, 116, 30 }, { 5600, 120, 30 },
388 		{ 5620, 124, 30 }, { 5640, 128, 30 }, { 5660, 132, 30 },
389 		{ 5680, 136, 30 }, { 5700, 140, 30 }, { 5745, 149, 30 },
390 		{ 5765, 153, 30 }, { 5785, 157, 30 }, { 5805, 161, 30 },
391 		{ 5825, 165, 30 }, { 5920, 184, 30 }, { 5940, 188, 30 },
392 		{ 5960, 192, 30 }, { 5980, 196, 30 }, { 6000, 200, 30 },
393 		{ 6020, 204, 30 }, { 6040, 208, 30 }, { 6060, 212, 30 },
394 		{ 6080, 216, 30 } },
395 	.nchannels = 37
396 };
397 
398 #if 0
399 static const struct bwn_channelinfo bwn_chantable_n = {
400 	.channels = {
401 		{ 5160,  32, 30 }, { 5170,  34, 30 }, { 5180,  36, 30 },
402 		{ 5190,  38, 30 }, { 5200,  40, 30 }, { 5210,  42, 30 },
403 		{ 5220,  44, 30 }, { 5230,  46, 30 }, { 5240,  48, 30 },
404 		{ 5250,  50, 30 }, { 5260,  52, 30 }, { 5270,  54, 30 },
405 		{ 5280,  56, 30 }, { 5290,  58, 30 }, { 5300,  60, 30 },
406 		{ 5310,  62, 30 }, { 5320,  64, 30 }, { 5330,  66, 30 },
407 		{ 5340,  68, 30 }, { 5350,  70, 30 }, { 5360,  72, 30 },
408 		{ 5370,  74, 30 }, { 5380,  76, 30 }, { 5390,  78, 30 },
409 		{ 5400,  80, 30 }, { 5410,  82, 30 }, { 5420,  84, 30 },
410 		{ 5430,  86, 30 }, { 5440,  88, 30 }, { 5450,  90, 30 },
411 		{ 5460,  92, 30 }, { 5470,  94, 30 }, { 5480,  96, 30 },
412 		{ 5490,  98, 30 }, { 5500, 100, 30 }, { 5510, 102, 30 },
413 		{ 5520, 104, 30 }, { 5530, 106, 30 }, { 5540, 108, 30 },
414 		{ 5550, 110, 30 }, { 5560, 112, 30 }, { 5570, 114, 30 },
415 		{ 5580, 116, 30 }, { 5590, 118, 30 }, { 5600, 120, 30 },
416 		{ 5610, 122, 30 }, { 5620, 124, 30 }, { 5630, 126, 30 },
417 		{ 5640, 128, 30 }, { 5650, 130, 30 }, { 5660, 132, 30 },
418 		{ 5670, 134, 30 }, { 5680, 136, 30 }, { 5690, 138, 30 },
419 		{ 5700, 140, 30 }, { 5710, 142, 30 }, { 5720, 144, 30 },
420 		{ 5725, 145, 30 }, { 5730, 146, 30 }, { 5735, 147, 30 },
421 		{ 5740, 148, 30 }, { 5745, 149, 30 }, { 5750, 150, 30 },
422 		{ 5755, 151, 30 }, { 5760, 152, 30 }, { 5765, 153, 30 },
423 		{ 5770, 154, 30 }, { 5775, 155, 30 }, { 5780, 156, 30 },
424 		{ 5785, 157, 30 }, { 5790, 158, 30 }, { 5795, 159, 30 },
425 		{ 5800, 160, 30 }, { 5805, 161, 30 }, { 5810, 162, 30 },
426 		{ 5815, 163, 30 }, { 5820, 164, 30 }, { 5825, 165, 30 },
427 		{ 5830, 166, 30 }, { 5840, 168, 30 }, { 5850, 170, 30 },
428 		{ 5860, 172, 30 }, { 5870, 174, 30 }, { 5880, 176, 30 },
429 		{ 5890, 178, 30 }, { 5900, 180, 30 }, { 5910, 182, 30 },
430 		{ 5920, 184, 30 }, { 5930, 186, 30 }, { 5940, 188, 30 },
431 		{ 5950, 190, 30 }, { 5960, 192, 30 }, { 5970, 194, 30 },
432 		{ 5980, 196, 30 }, { 5990, 198, 30 }, { 6000, 200, 30 },
433 		{ 6010, 202, 30 }, { 6020, 204, 30 }, { 6030, 206, 30 },
434 		{ 6040, 208, 30 }, { 6050, 210, 30 }, { 6060, 212, 30 },
435 		{ 6070, 214, 30 }, { 6080, 216, 30 }, { 6090, 218, 30 },
436 		{ 6100, 220, 30 }, { 6110, 222, 30 }, { 6120, 224, 30 },
437 		{ 6130, 226, 30 }, { 6140, 228, 30 } },
438 	.nchannels = 110
439 };
440 #endif
441 
442 #define	VENDOR_LED_ACT(vendor)				\
443 {							\
444 	.vid = PCI_VENDOR_##vendor,			\
445 	.led_act = { BWN_VENDOR_LED_ACT_##vendor }	\
446 }
447 
448 static const struct {
449 	uint16_t	vid;
450 	uint8_t		led_act[BWN_LED_MAX];
451 } bwn_vendor_led_act[] = {
452 	VENDOR_LED_ACT(COMPAQ),
453 	VENDOR_LED_ACT(ASUSTEK)
454 };
455 
456 static const uint8_t bwn_default_led_act[BWN_LED_MAX] =
457 	{ BWN_VENDOR_LED_ACT_DEFAULT };
458 
459 #undef VENDOR_LED_ACT
460 
461 static const struct {
462 	int		on_dur;
463 	int		off_dur;
464 } bwn_led_duration[109] = {
465 	[0]	= { 400, 100 },
466 	[2]	= { 150, 75 },
467 	[4]	= { 90, 45 },
468 	[11]	= { 66, 34 },
469 	[12]	= { 53, 26 },
470 	[18]	= { 42, 21 },
471 	[22]	= { 35, 17 },
472 	[24]	= { 32, 16 },
473 	[36]	= { 21, 10 },
474 	[48]	= { 16, 8 },
475 	[72]	= { 11, 5 },
476 	[96]	= { 9, 4 },
477 	[108]	= { 7, 3 }
478 };
479 
480 static const uint16_t bwn_wme_shm_offsets[] = {
481 	[0] = BWN_WME_BESTEFFORT,
482 	[1] = BWN_WME_BACKGROUND,
483 	[2] = BWN_WME_VOICE,
484 	[3] = BWN_WME_VIDEO,
485 };
486 
487 static const struct siba_devid bwn_devs[] = {
488 	SIBA_DEV(BROADCOM, 80211, 5, "Revision 5"),
489 	SIBA_DEV(BROADCOM, 80211, 6, "Revision 6"),
490 	SIBA_DEV(BROADCOM, 80211, 7, "Revision 7"),
491 	SIBA_DEV(BROADCOM, 80211, 9, "Revision 9"),
492 	SIBA_DEV(BROADCOM, 80211, 10, "Revision 10"),
493 	SIBA_DEV(BROADCOM, 80211, 11, "Revision 11"),
494 	SIBA_DEV(BROADCOM, 80211, 12, "Revision 12"),
495 	SIBA_DEV(BROADCOM, 80211, 13, "Revision 13"),
496 	SIBA_DEV(BROADCOM, 80211, 15, "Revision 15"),
497 	SIBA_DEV(BROADCOM, 80211, 16, "Revision 16")
498 };
499 
500 static const struct bwn_bus_ops *
501 bwn_get_bus_ops(device_t dev)
502 {
503 #if BWN_USE_SIBA
504 	return (NULL);
505 #else
506 	devclass_t	bus_cls;
507 
508 	bus_cls = device_get_devclass(device_get_parent(dev));
509 	if (bus_cls == devclass_find("bhnd"))
510 		return (&bwn_bhnd_bus_ops);
511 	else
512 		return (&bwn_siba_bus_ops);
513 #endif
514 }
515 
516 static int
517 bwn_probe(device_t dev)
518 {
519 	struct bwn_softc	*sc;
520 	int			 i;
521 
522 	sc = device_get_softc(dev);
523 	sc->sc_bus_ops = bwn_get_bus_ops(dev);
524 
525 	for (i = 0; i < nitems(bwn_devs); i++) {
526 		if (siba_get_vendor(dev) == bwn_devs[i].sd_vendor &&
527 		    siba_get_device(dev) == bwn_devs[i].sd_device &&
528 		    siba_get_revid(dev) == bwn_devs[i].sd_rev)
529 			return (BUS_PROBE_DEFAULT);
530 	}
531 
532 	return (ENXIO);
533 }
534 
535 int
536 bwn_attach(device_t dev)
537 {
538 	struct bwn_mac *mac;
539 	struct bwn_softc *sc = device_get_softc(dev);
540 	int error, i, msic, reg;
541 
542 	sc->sc_dev = dev;
543 #ifdef BWN_DEBUG
544 	sc->sc_debug = bwn_debug;
545 #endif
546 
547 	sc->sc_bus_ops = bwn_get_bus_ops(dev);
548 	if ((error = BWN_BUS_OPS_ATTACH(dev))) {
549 		device_printf(sc->sc_dev,
550 		    "bus-specific initialization failed (%d)\n", error);
551 		return (error);
552 	}
553 
554 	if ((sc->sc_flags & BWN_FLAG_ATTACHED) == 0) {
555 		bwn_attach_pre(sc);
556 		bwn_sprom_bugfixes(dev);
557 		sc->sc_flags |= BWN_FLAG_ATTACHED;
558 	}
559 
560 	if (!TAILQ_EMPTY(&sc->sc_maclist)) {
561 		if (siba_get_pci_device(dev) != 0x4313 &&
562 		    siba_get_pci_device(dev) != 0x431a &&
563 		    siba_get_pci_device(dev) != 0x4321) {
564 			device_printf(sc->sc_dev,
565 			    "skip 802.11 cores\n");
566 			return (ENODEV);
567 		}
568 	}
569 
570 	mac = malloc(sizeof(*mac), M_DEVBUF, M_WAITOK | M_ZERO);
571 	mac->mac_sc = sc;
572 	mac->mac_status = BWN_MAC_STATUS_UNINIT;
573 	if (bwn_bfp != 0)
574 		mac->mac_flags |= BWN_MAC_FLAG_BADFRAME_PREEMP;
575 
576 	TASK_INIT(&mac->mac_hwreset, 0, bwn_hwreset, mac);
577 	TASK_INIT(&mac->mac_intrtask, 0, bwn_intrtask, mac);
578 	TASK_INIT(&mac->mac_txpower, 0, bwn_txpwr, mac);
579 
580 	error = bwn_attach_core(mac);
581 	if (error)
582 		goto fail0;
583 	bwn_led_attach(mac);
584 
585 	device_printf(sc->sc_dev, "WLAN (chipid %#x rev %u) "
586 	    "PHY (analog %d type %d rev %d) RADIO (manuf %#x ver %#x rev %d)\n",
587 	    siba_get_chipid(sc->sc_dev), siba_get_revid(sc->sc_dev),
588 	    mac->mac_phy.analog, mac->mac_phy.type, mac->mac_phy.rev,
589 	    mac->mac_phy.rf_manuf, mac->mac_phy.rf_ver,
590 	    mac->mac_phy.rf_rev);
591 	if (mac->mac_flags & BWN_MAC_FLAG_DMA)
592 		device_printf(sc->sc_dev, "DMA (%d bits)\n",
593 		    mac->mac_method.dma.dmatype);
594 	else
595 		device_printf(sc->sc_dev, "PIO\n");
596 
597 #ifdef	BWN_GPL_PHY
598 	device_printf(sc->sc_dev,
599 	    "Note: compiled with BWN_GPL_PHY; includes GPLv2 code\n");
600 #endif
601 
602 	/*
603 	 * setup PCI resources and interrupt.
604 	 */
605 	if (pci_find_cap(dev, PCIY_EXPRESS, &reg) == 0) {
606 		msic = pci_msi_count(dev);
607 		if (bootverbose)
608 			device_printf(sc->sc_dev, "MSI count : %d\n", msic);
609 	} else
610 		msic = 0;
611 
612 	mac->mac_intr_spec = bwn_res_spec_legacy;
613 	if (msic == BWN_MSI_MESSAGES && bwn_msi_disable == 0) {
614 		if (pci_alloc_msi(dev, &msic) == 0) {
615 			device_printf(sc->sc_dev,
616 			    "Using %d MSI messages\n", msic);
617 			mac->mac_intr_spec = bwn_res_spec_msi;
618 			mac->mac_msi = 1;
619 		}
620 	}
621 
622 	error = bus_alloc_resources(dev, mac->mac_intr_spec,
623 	    mac->mac_res_irq);
624 	if (error) {
625 		device_printf(sc->sc_dev,
626 		    "couldn't allocate IRQ resources (%d)\n", error);
627 		goto fail1;
628 	}
629 
630 	if (mac->mac_msi == 0)
631 		error = bus_setup_intr(dev, mac->mac_res_irq[0],
632 		    INTR_TYPE_NET | INTR_MPSAFE, bwn_intr, NULL, mac,
633 		    &mac->mac_intrhand[0]);
634 	else {
635 		for (i = 0; i < BWN_MSI_MESSAGES; i++) {
636 			error = bus_setup_intr(dev, mac->mac_res_irq[i],
637 			    INTR_TYPE_NET | INTR_MPSAFE, bwn_intr, NULL, mac,
638 			    &mac->mac_intrhand[i]);
639 			if (error != 0) {
640 				device_printf(sc->sc_dev,
641 				    "couldn't setup interrupt (%d)\n", error);
642 				break;
643 			}
644 		}
645 	}
646 
647 	TAILQ_INSERT_TAIL(&sc->sc_maclist, mac, mac_list);
648 
649 	/*
650 	 * calls attach-post routine
651 	 */
652 	if ((sc->sc_flags & BWN_FLAG_ATTACHED) != 0)
653 		bwn_attach_post(sc);
654 
655 	return (0);
656 fail1:
657 	if (msic == BWN_MSI_MESSAGES && bwn_msi_disable == 0)
658 		pci_release_msi(dev);
659 fail0:
660 	BWN_BUS_OPS_DETACH(dev);
661 	free(mac, M_DEVBUF);
662 	return (error);
663 }
664 
665 static int
666 bwn_is_valid_ether_addr(uint8_t *addr)
667 {
668 	char zero_addr[6] = { 0, 0, 0, 0, 0, 0 };
669 
670 	if ((addr[0] & 1) || (!bcmp(addr, zero_addr, ETHER_ADDR_LEN)))
671 		return (FALSE);
672 
673 	return (TRUE);
674 }
675 
676 static int
677 bwn_attach_post(struct bwn_softc *sc)
678 {
679 	struct ieee80211com *ic = &sc->sc_ic;
680 
681 	ic->ic_softc = sc;
682 	ic->ic_name = device_get_nameunit(sc->sc_dev);
683 	/* XXX not right but it's not used anywhere important */
684 	ic->ic_phytype = IEEE80211_T_OFDM;
685 	ic->ic_opmode = IEEE80211_M_STA;
686 	ic->ic_caps =
687 		  IEEE80211_C_STA		/* station mode supported */
688 		| IEEE80211_C_MONITOR		/* monitor mode */
689 		| IEEE80211_C_AHDEMO		/* adhoc demo mode */
690 		| IEEE80211_C_SHPREAMBLE	/* short preamble supported */
691 		| IEEE80211_C_SHSLOT		/* short slot time supported */
692 		| IEEE80211_C_WME		/* WME/WMM supported */
693 		| IEEE80211_C_WPA		/* capable of WPA1+WPA2 */
694 #if 0
695 		| IEEE80211_C_BGSCAN		/* capable of bg scanning */
696 #endif
697 		| IEEE80211_C_TXPMGT		/* capable of txpow mgt */
698 		;
699 
700 	ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;	/* s/w bmiss */
701 
702 	IEEE80211_ADDR_COPY(ic->ic_macaddr,
703 	    bwn_is_valid_ether_addr(siba_sprom_get_mac_80211a(sc->sc_dev)) ?
704 	    siba_sprom_get_mac_80211a(sc->sc_dev) :
705 	    siba_sprom_get_mac_80211bg(sc->sc_dev));
706 
707 	/* call MI attach routine. */
708 	ieee80211_ifattach(ic);
709 
710 	ic->ic_headroom = sizeof(struct bwn_txhdr);
711 
712 	/* override default methods */
713 	ic->ic_raw_xmit = bwn_raw_xmit;
714 	ic->ic_updateslot = bwn_updateslot;
715 	ic->ic_update_promisc = bwn_update_promisc;
716 	ic->ic_wme.wme_update = bwn_wme_update;
717 	ic->ic_scan_start = bwn_scan_start;
718 	ic->ic_scan_end = bwn_scan_end;
719 	ic->ic_set_channel = bwn_set_channel;
720 	ic->ic_vap_create = bwn_vap_create;
721 	ic->ic_vap_delete = bwn_vap_delete;
722 	ic->ic_transmit = bwn_transmit;
723 	ic->ic_parent = bwn_parent;
724 
725 	ieee80211_radiotap_attach(ic,
726 	    &sc->sc_tx_th.wt_ihdr, sizeof(sc->sc_tx_th),
727 	    BWN_TX_RADIOTAP_PRESENT,
728 	    &sc->sc_rx_th.wr_ihdr, sizeof(sc->sc_rx_th),
729 	    BWN_RX_RADIOTAP_PRESENT);
730 
731 	bwn_sysctl_node(sc);
732 
733 	if (bootverbose)
734 		ieee80211_announce(ic);
735 	return (0);
736 }
737 
738 static void
739 bwn_phy_detach(struct bwn_mac *mac)
740 {
741 
742 	if (mac->mac_phy.detach != NULL)
743 		mac->mac_phy.detach(mac);
744 }
745 
746 int
747 bwn_detach(device_t dev)
748 {
749 	struct bwn_softc *sc = device_get_softc(dev);
750 	struct bwn_mac *mac = sc->sc_curmac;
751 	struct ieee80211com *ic = &sc->sc_ic;
752 	int i;
753 
754 	sc->sc_flags |= BWN_FLAG_INVALID;
755 
756 	if (device_is_attached(sc->sc_dev)) {
757 		BWN_LOCK(sc);
758 		bwn_stop(sc);
759 		BWN_UNLOCK(sc);
760 		bwn_dma_free(mac);
761 		callout_drain(&sc->sc_led_blink_ch);
762 		callout_drain(&sc->sc_rfswitch_ch);
763 		callout_drain(&sc->sc_task_ch);
764 		callout_drain(&sc->sc_watchdog_ch);
765 		bwn_phy_detach(mac);
766 		ieee80211_draintask(ic, &mac->mac_hwreset);
767 		ieee80211_draintask(ic, &mac->mac_txpower);
768 		ieee80211_ifdetach(ic);
769 	}
770 	taskqueue_drain(sc->sc_tq, &mac->mac_intrtask);
771 	taskqueue_free(sc->sc_tq);
772 
773 	for (i = 0; i < BWN_MSI_MESSAGES; i++) {
774 		if (mac->mac_intrhand[i] != NULL) {
775 			bus_teardown_intr(dev, mac->mac_res_irq[i],
776 			    mac->mac_intrhand[i]);
777 			mac->mac_intrhand[i] = NULL;
778 		}
779 	}
780 	bus_release_resources(dev, mac->mac_intr_spec, mac->mac_res_irq);
781 	if (mac->mac_msi != 0)
782 		pci_release_msi(dev);
783 	mbufq_drain(&sc->sc_snd);
784 	bwn_release_firmware(mac);
785 	BWN_LOCK_DESTROY(sc);
786 	BWN_BUS_OPS_DETACH(dev);
787 	return (0);
788 }
789 
790 static void
791 bwn_attach_pre(struct bwn_softc *sc)
792 {
793 
794 	BWN_LOCK_INIT(sc);
795 	TAILQ_INIT(&sc->sc_maclist);
796 	callout_init_mtx(&sc->sc_rfswitch_ch, &sc->sc_mtx, 0);
797 	callout_init_mtx(&sc->sc_task_ch, &sc->sc_mtx, 0);
798 	callout_init_mtx(&sc->sc_watchdog_ch, &sc->sc_mtx, 0);
799 	mbufq_init(&sc->sc_snd, ifqmaxlen);
800 	sc->sc_tq = taskqueue_create_fast("bwn_taskq", M_NOWAIT,
801 		taskqueue_thread_enqueue, &sc->sc_tq);
802 	taskqueue_start_threads(&sc->sc_tq, 1, PI_NET,
803 		"%s taskq", device_get_nameunit(sc->sc_dev));
804 }
805 
806 static void
807 bwn_sprom_bugfixes(device_t dev)
808 {
809 #define	BWN_ISDEV(_vendor, _device, _subvendor, _subdevice)		\
810 	((siba_get_pci_vendor(dev) == PCI_VENDOR_##_vendor) &&		\
811 	 (siba_get_pci_device(dev) == _device) &&			\
812 	 (siba_get_pci_subvendor(dev) == PCI_VENDOR_##_subvendor) &&	\
813 	 (siba_get_pci_subdevice(dev) == _subdevice))
814 
815 	if (siba_get_pci_subvendor(dev) == PCI_VENDOR_APPLE &&
816 	    siba_get_pci_subdevice(dev) == 0x4e &&
817 	    siba_get_pci_revid(dev) > 0x40)
818 		siba_sprom_set_bf_lo(dev,
819 		    siba_sprom_get_bf_lo(dev) | BWN_BFL_PACTRL);
820 	if (siba_get_pci_subvendor(dev) == SIBA_BOARDVENDOR_DELL &&
821 	    siba_get_chipid(dev) == 0x4301 && siba_get_pci_revid(dev) == 0x74)
822 		siba_sprom_set_bf_lo(dev,
823 		    siba_sprom_get_bf_lo(dev) | BWN_BFL_BTCOEXIST);
824 	if (siba_get_type(dev) == SIBA_TYPE_PCI) {
825 		if (BWN_ISDEV(BROADCOM, 0x4318, ASUSTEK, 0x100f) ||
826 		    BWN_ISDEV(BROADCOM, 0x4320, DELL, 0x0003) ||
827 		    BWN_ISDEV(BROADCOM, 0x4320, HP, 0x12f8) ||
828 		    BWN_ISDEV(BROADCOM, 0x4320, LINKSYS, 0x0013) ||
829 		    BWN_ISDEV(BROADCOM, 0x4320, LINKSYS, 0x0014) ||
830 		    BWN_ISDEV(BROADCOM, 0x4320, LINKSYS, 0x0015) ||
831 		    BWN_ISDEV(BROADCOM, 0x4320, MOTOROLA, 0x7010))
832 			siba_sprom_set_bf_lo(dev,
833 			    siba_sprom_get_bf_lo(dev) & ~BWN_BFL_BTCOEXIST);
834 	}
835 #undef	BWN_ISDEV
836 }
837 
838 static void
839 bwn_parent(struct ieee80211com *ic)
840 {
841 	struct bwn_softc *sc = ic->ic_softc;
842 	int startall = 0;
843 
844 	BWN_LOCK(sc);
845 	if (ic->ic_nrunning > 0) {
846 		if ((sc->sc_flags & BWN_FLAG_RUNNING) == 0) {
847 			bwn_init(sc);
848 			startall = 1;
849 		} else
850 			bwn_update_promisc(ic);
851 	} else if (sc->sc_flags & BWN_FLAG_RUNNING)
852 		bwn_stop(sc);
853 	BWN_UNLOCK(sc);
854 
855 	if (startall)
856 		ieee80211_start_all(ic);
857 }
858 
859 static int
860 bwn_transmit(struct ieee80211com *ic, struct mbuf *m)
861 {
862 	struct bwn_softc *sc = ic->ic_softc;
863 	int error;
864 
865 	BWN_LOCK(sc);
866 	if ((sc->sc_flags & BWN_FLAG_RUNNING) == 0) {
867 		BWN_UNLOCK(sc);
868 		return (ENXIO);
869 	}
870 	error = mbufq_enqueue(&sc->sc_snd, m);
871 	if (error) {
872 		BWN_UNLOCK(sc);
873 		return (error);
874 	}
875 	bwn_start(sc);
876 	BWN_UNLOCK(sc);
877 	return (0);
878 }
879 
880 static void
881 bwn_start(struct bwn_softc *sc)
882 {
883 	struct bwn_mac *mac = sc->sc_curmac;
884 	struct ieee80211_frame *wh;
885 	struct ieee80211_node *ni;
886 	struct ieee80211_key *k;
887 	struct mbuf *m;
888 
889 	BWN_ASSERT_LOCKED(sc);
890 
891 	if ((sc->sc_flags & BWN_FLAG_RUNNING) == 0 || mac == NULL ||
892 	    mac->mac_status < BWN_MAC_STATUS_STARTED)
893 		return;
894 
895 	while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
896 		if (bwn_tx_isfull(sc, m))
897 			break;
898 		ni = (struct ieee80211_node *) m->m_pkthdr.rcvif;
899 		if (ni == NULL) {
900 			device_printf(sc->sc_dev, "unexpected NULL ni\n");
901 			m_freem(m);
902 			counter_u64_add(sc->sc_ic.ic_oerrors, 1);
903 			continue;
904 		}
905 		wh = mtod(m, struct ieee80211_frame *);
906 		if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
907 			k = ieee80211_crypto_encap(ni, m);
908 			if (k == NULL) {
909 				if_inc_counter(ni->ni_vap->iv_ifp,
910 				    IFCOUNTER_OERRORS, 1);
911 				ieee80211_free_node(ni);
912 				m_freem(m);
913 				continue;
914 			}
915 		}
916 		wh = NULL;	/* Catch any invalid use */
917 		if (bwn_tx_start(sc, ni, m) != 0) {
918 			if (ni != NULL) {
919 				if_inc_counter(ni->ni_vap->iv_ifp,
920 				    IFCOUNTER_OERRORS, 1);
921 				ieee80211_free_node(ni);
922 			}
923 			continue;
924 		}
925 		sc->sc_watchdog_timer = 5;
926 	}
927 }
928 
929 static int
930 bwn_tx_isfull(struct bwn_softc *sc, struct mbuf *m)
931 {
932 	struct bwn_dma_ring *dr;
933 	struct bwn_mac *mac = sc->sc_curmac;
934 	struct bwn_pio_txqueue *tq;
935 	int pktlen = roundup(m->m_pkthdr.len + BWN_HDRSIZE(mac), 4);
936 
937 	BWN_ASSERT_LOCKED(sc);
938 
939 	if (mac->mac_flags & BWN_MAC_FLAG_DMA) {
940 		dr = bwn_dma_select(mac, M_WME_GETAC(m));
941 		if (dr->dr_stop == 1 ||
942 		    bwn_dma_freeslot(dr) < BWN_TX_SLOTS_PER_FRAME) {
943 			dr->dr_stop = 1;
944 			goto full;
945 		}
946 	} else {
947 		tq = bwn_pio_select(mac, M_WME_GETAC(m));
948 		if (tq->tq_free == 0 || pktlen > tq->tq_size ||
949 		    pktlen > (tq->tq_size - tq->tq_used))
950 			goto full;
951 	}
952 	return (0);
953 full:
954 	mbufq_prepend(&sc->sc_snd, m);
955 	return (1);
956 }
957 
958 static int
959 bwn_tx_start(struct bwn_softc *sc, struct ieee80211_node *ni, struct mbuf *m)
960 {
961 	struct bwn_mac *mac = sc->sc_curmac;
962 	int error;
963 
964 	BWN_ASSERT_LOCKED(sc);
965 
966 	if (m->m_pkthdr.len < IEEE80211_MIN_LEN || mac == NULL) {
967 		m_freem(m);
968 		return (ENXIO);
969 	}
970 
971 	error = (mac->mac_flags & BWN_MAC_FLAG_DMA) ?
972 	    bwn_dma_tx_start(mac, ni, m) : bwn_pio_tx_start(mac, ni, m);
973 	if (error) {
974 		m_freem(m);
975 		return (error);
976 	}
977 	return (0);
978 }
979 
980 static int
981 bwn_pio_tx_start(struct bwn_mac *mac, struct ieee80211_node *ni, struct mbuf *m)
982 {
983 	struct bwn_pio_txpkt *tp;
984 	struct bwn_pio_txqueue *tq = bwn_pio_select(mac, M_WME_GETAC(m));
985 	struct bwn_softc *sc = mac->mac_sc;
986 	struct bwn_txhdr txhdr;
987 	struct mbuf *m_new;
988 	uint32_t ctl32;
989 	int error;
990 	uint16_t ctl16;
991 
992 	BWN_ASSERT_LOCKED(sc);
993 
994 	/* XXX TODO send packets after DTIM */
995 
996 	KASSERT(!TAILQ_EMPTY(&tq->tq_pktlist), ("%s: fail", __func__));
997 	tp = TAILQ_FIRST(&tq->tq_pktlist);
998 	tp->tp_ni = ni;
999 	tp->tp_m = m;
1000 
1001 	error = bwn_set_txhdr(mac, ni, m, &txhdr, BWN_PIO_COOKIE(tq, tp));
1002 	if (error) {
1003 		device_printf(sc->sc_dev, "tx fail\n");
1004 		return (error);
1005 	}
1006 
1007 	TAILQ_REMOVE(&tq->tq_pktlist, tp, tp_list);
1008 	tq->tq_used += roundup(m->m_pkthdr.len + BWN_HDRSIZE(mac), 4);
1009 	tq->tq_free--;
1010 
1011 	if (siba_get_revid(sc->sc_dev) >= 8) {
1012 		/*
1013 		 * XXX please removes m_defrag(9)
1014 		 */
1015 		m_new = m_defrag(m, M_NOWAIT);
1016 		if (m_new == NULL) {
1017 			device_printf(sc->sc_dev,
1018 			    "%s: can't defrag TX buffer\n",
1019 			    __func__);
1020 			return (ENOBUFS);
1021 		}
1022 		if (m_new->m_next != NULL)
1023 			device_printf(sc->sc_dev,
1024 			    "TODO: fragmented packets for PIO\n");
1025 		tp->tp_m = m_new;
1026 
1027 		/* send HEADER */
1028 		ctl32 = bwn_pio_write_multi_4(mac, tq,
1029 		    (BWN_PIO_READ_4(mac, tq, BWN_PIO8_TXCTL) |
1030 			BWN_PIO8_TXCTL_FRAMEREADY) & ~BWN_PIO8_TXCTL_EOF,
1031 		    (const uint8_t *)&txhdr, BWN_HDRSIZE(mac));
1032 		/* send BODY */
1033 		ctl32 = bwn_pio_write_multi_4(mac, tq, ctl32,
1034 		    mtod(m_new, const void *), m_new->m_pkthdr.len);
1035 		bwn_pio_write_4(mac, tq, BWN_PIO_TXCTL,
1036 		    ctl32 | BWN_PIO8_TXCTL_EOF);
1037 	} else {
1038 		ctl16 = bwn_pio_write_multi_2(mac, tq,
1039 		    (bwn_pio_read_2(mac, tq, BWN_PIO_TXCTL) |
1040 			BWN_PIO_TXCTL_FRAMEREADY) & ~BWN_PIO_TXCTL_EOF,
1041 		    (const uint8_t *)&txhdr, BWN_HDRSIZE(mac));
1042 		ctl16 = bwn_pio_write_mbuf_2(mac, tq, ctl16, m);
1043 		BWN_PIO_WRITE_2(mac, tq, BWN_PIO_TXCTL,
1044 		    ctl16 | BWN_PIO_TXCTL_EOF);
1045 	}
1046 
1047 	return (0);
1048 }
1049 
1050 static struct bwn_pio_txqueue *
1051 bwn_pio_select(struct bwn_mac *mac, uint8_t prio)
1052 {
1053 
1054 	if ((mac->mac_flags & BWN_MAC_FLAG_WME) == 0)
1055 		return (&mac->mac_method.pio.wme[WME_AC_BE]);
1056 
1057 	switch (prio) {
1058 	case 0:
1059 		return (&mac->mac_method.pio.wme[WME_AC_BE]);
1060 	case 1:
1061 		return (&mac->mac_method.pio.wme[WME_AC_BK]);
1062 	case 2:
1063 		return (&mac->mac_method.pio.wme[WME_AC_VI]);
1064 	case 3:
1065 		return (&mac->mac_method.pio.wme[WME_AC_VO]);
1066 	}
1067 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
1068 	return (NULL);
1069 }
1070 
1071 static int
1072 bwn_dma_tx_start(struct bwn_mac *mac, struct ieee80211_node *ni, struct mbuf *m)
1073 {
1074 #define	BWN_GET_TXHDRCACHE(slot)					\
1075 	&(txhdr_cache[(slot / BWN_TX_SLOTS_PER_FRAME) * BWN_HDRSIZE(mac)])
1076 	struct bwn_dma *dma = &mac->mac_method.dma;
1077 	struct bwn_dma_ring *dr = bwn_dma_select(mac, M_WME_GETAC(m));
1078 	struct bwn_dmadesc_generic *desc;
1079 	struct bwn_dmadesc_meta *mt;
1080 	struct bwn_softc *sc = mac->mac_sc;
1081 	uint8_t *txhdr_cache = (uint8_t *)dr->dr_txhdr_cache;
1082 	int error, slot, backup[2] = { dr->dr_curslot, dr->dr_usedslot };
1083 
1084 	BWN_ASSERT_LOCKED(sc);
1085 	KASSERT(!dr->dr_stop, ("%s:%d: fail", __func__, __LINE__));
1086 
1087 	/* XXX send after DTIM */
1088 
1089 	slot = bwn_dma_getslot(dr);
1090 	dr->getdesc(dr, slot, &desc, &mt);
1091 	KASSERT(mt->mt_txtype == BWN_DMADESC_METATYPE_HEADER,
1092 	    ("%s:%d: fail", __func__, __LINE__));
1093 
1094 	error = bwn_set_txhdr(dr->dr_mac, ni, m,
1095 	    (struct bwn_txhdr *)BWN_GET_TXHDRCACHE(slot),
1096 	    BWN_DMA_COOKIE(dr, slot));
1097 	if (error)
1098 		goto fail;
1099 	error = bus_dmamap_load(dr->dr_txring_dtag, mt->mt_dmap,
1100 	    BWN_GET_TXHDRCACHE(slot), BWN_HDRSIZE(mac), bwn_dma_ring_addr,
1101 	    &mt->mt_paddr, BUS_DMA_NOWAIT);
1102 	if (error) {
1103 		device_printf(sc->sc_dev, "%s: can't load TX buffer (1) %d\n",
1104 		    __func__, error);
1105 		goto fail;
1106 	}
1107 	bus_dmamap_sync(dr->dr_txring_dtag, mt->mt_dmap,
1108 	    BUS_DMASYNC_PREWRITE);
1109 	dr->setdesc(dr, desc, mt->mt_paddr, BWN_HDRSIZE(mac), 1, 0, 0);
1110 	bus_dmamap_sync(dr->dr_ring_dtag, dr->dr_ring_dmap,
1111 	    BUS_DMASYNC_PREWRITE);
1112 
1113 	slot = bwn_dma_getslot(dr);
1114 	dr->getdesc(dr, slot, &desc, &mt);
1115 	KASSERT(mt->mt_txtype == BWN_DMADESC_METATYPE_BODY &&
1116 	    mt->mt_islast == 1, ("%s:%d: fail", __func__, __LINE__));
1117 	mt->mt_m = m;
1118 	mt->mt_ni = ni;
1119 
1120 	error = bus_dmamap_load_mbuf(dma->txbuf_dtag, mt->mt_dmap, m,
1121 	    bwn_dma_buf_addr, &mt->mt_paddr, BUS_DMA_NOWAIT);
1122 	if (error && error != EFBIG) {
1123 		device_printf(sc->sc_dev, "%s: can't load TX buffer (1) %d\n",
1124 		    __func__, error);
1125 		goto fail;
1126 	}
1127 	if (error) {    /* error == EFBIG */
1128 		struct mbuf *m_new;
1129 
1130 		m_new = m_defrag(m, M_NOWAIT);
1131 		if (m_new == NULL) {
1132 			device_printf(sc->sc_dev,
1133 			    "%s: can't defrag TX buffer\n",
1134 			    __func__);
1135 			error = ENOBUFS;
1136 			goto fail;
1137 		} else {
1138 			m = m_new;
1139 		}
1140 
1141 		mt->mt_m = m;
1142 		error = bus_dmamap_load_mbuf(dma->txbuf_dtag, mt->mt_dmap,
1143 		    m, bwn_dma_buf_addr, &mt->mt_paddr, BUS_DMA_NOWAIT);
1144 		if (error) {
1145 			device_printf(sc->sc_dev,
1146 			    "%s: can't load TX buffer (2) %d\n",
1147 			    __func__, error);
1148 			goto fail;
1149 		}
1150 	}
1151 	bus_dmamap_sync(dma->txbuf_dtag, mt->mt_dmap, BUS_DMASYNC_PREWRITE);
1152 	dr->setdesc(dr, desc, mt->mt_paddr, m->m_pkthdr.len, 0, 1, 1);
1153 	bus_dmamap_sync(dr->dr_ring_dtag, dr->dr_ring_dmap,
1154 	    BUS_DMASYNC_PREWRITE);
1155 
1156 	/* XXX send after DTIM */
1157 
1158 	dr->start_transfer(dr, bwn_dma_nextslot(dr, slot));
1159 	return (0);
1160 fail:
1161 	dr->dr_curslot = backup[0];
1162 	dr->dr_usedslot = backup[1];
1163 	return (error);
1164 #undef BWN_GET_TXHDRCACHE
1165 }
1166 
1167 static void
1168 bwn_watchdog(void *arg)
1169 {
1170 	struct bwn_softc *sc = arg;
1171 
1172 	if (sc->sc_watchdog_timer != 0 && --sc->sc_watchdog_timer == 0) {
1173 		device_printf(sc->sc_dev, "device timeout\n");
1174 		counter_u64_add(sc->sc_ic.ic_oerrors, 1);
1175 	}
1176 	callout_schedule(&sc->sc_watchdog_ch, hz);
1177 }
1178 
1179 static int
1180 bwn_attach_core(struct bwn_mac *mac)
1181 {
1182 	struct bwn_softc *sc = mac->mac_sc;
1183 	int error, have_bg = 0, have_a = 0;
1184 	uint32_t high;
1185 
1186 	KASSERT(siba_get_revid(sc->sc_dev) >= 5,
1187 	    ("unsupported revision %d", siba_get_revid(sc->sc_dev)));
1188 
1189 	siba_powerup(sc->sc_dev, 0);
1190 	high = siba_read_4(sc->sc_dev, SIBA_TGSHIGH);
1191 	have_a = (high & BWN_TGSHIGH_HAVE_5GHZ) ? 1 : 0;
1192 	have_bg = (high & BWN_TGSHIGH_HAVE_2GHZ) ? 1 : 0;
1193 	if (high & BWN_TGSHIGH_DUALPHY) {
1194 		have_bg = 1;
1195 		have_a = 1;
1196 	}
1197 
1198 #if 0
1199 	device_printf(sc->sc_dev, "%s: high=0x%08x, have_a=%d, have_bg=%d,"
1200 	    " deviceid=0x%04x, siba_deviceid=0x%04x\n",
1201 	    __func__,
1202 	    high,
1203 	    have_a,
1204 	    have_bg,
1205 	    siba_get_pci_device(sc->sc_dev),
1206 	    siba_get_chipid(sc->sc_dev));
1207 #endif
1208 
1209 	/*
1210 	 * Guess at whether it has A-PHY or G-PHY.
1211 	 * This is just used for resetting the core to probe things;
1212 	 * we will re-guess once it's all up and working.
1213 	 */
1214 	bwn_reset_core(mac, have_bg);
1215 
1216 	/*
1217 	 * Get the PHY version.
1218 	 */
1219 	error = bwn_phy_getinfo(mac, have_bg);
1220 	if (error)
1221 		goto fail;
1222 
1223 	/*
1224 	 * This is the whitelist of devices which we "believe"
1225 	 * the SPROM PHY config from.  The rest are "guessed".
1226 	 */
1227 	if (siba_get_pci_device(sc->sc_dev) != 0x4312 &&
1228 	    siba_get_pci_device(sc->sc_dev) != 0x4315 &&
1229 	    siba_get_pci_device(sc->sc_dev) != 0x4319 &&
1230 	    siba_get_pci_device(sc->sc_dev) != 0x4324 &&
1231 	    siba_get_pci_device(sc->sc_dev) != 0x4328 &&
1232 	    siba_get_pci_device(sc->sc_dev) != 0x432b) {
1233 		have_a = have_bg = 0;
1234 		if (mac->mac_phy.type == BWN_PHYTYPE_A)
1235 			have_a = 1;
1236 		else if (mac->mac_phy.type == BWN_PHYTYPE_G ||
1237 		    mac->mac_phy.type == BWN_PHYTYPE_N ||
1238 		    mac->mac_phy.type == BWN_PHYTYPE_LP)
1239 			have_bg = 1;
1240 		else
1241 			KASSERT(0 == 1, ("%s: unknown phy type (%d)", __func__,
1242 			    mac->mac_phy.type));
1243 	}
1244 
1245 	/*
1246 	 * XXX The PHY-G support doesn't do 5GHz operation.
1247 	 */
1248 	if (mac->mac_phy.type != BWN_PHYTYPE_LP &&
1249 	    mac->mac_phy.type != BWN_PHYTYPE_N) {
1250 		device_printf(sc->sc_dev,
1251 		    "%s: forcing 2GHz only; no dual-band support for PHY\n",
1252 		    __func__);
1253 		have_a = 0;
1254 		have_bg = 1;
1255 	}
1256 
1257 	mac->mac_phy.phy_n = NULL;
1258 
1259 	if (mac->mac_phy.type == BWN_PHYTYPE_G) {
1260 		mac->mac_phy.attach = bwn_phy_g_attach;
1261 		mac->mac_phy.detach = bwn_phy_g_detach;
1262 		mac->mac_phy.prepare_hw = bwn_phy_g_prepare_hw;
1263 		mac->mac_phy.init_pre = bwn_phy_g_init_pre;
1264 		mac->mac_phy.init = bwn_phy_g_init;
1265 		mac->mac_phy.exit = bwn_phy_g_exit;
1266 		mac->mac_phy.phy_read = bwn_phy_g_read;
1267 		mac->mac_phy.phy_write = bwn_phy_g_write;
1268 		mac->mac_phy.rf_read = bwn_phy_g_rf_read;
1269 		mac->mac_phy.rf_write = bwn_phy_g_rf_write;
1270 		mac->mac_phy.use_hwpctl = bwn_phy_g_hwpctl;
1271 		mac->mac_phy.rf_onoff = bwn_phy_g_rf_onoff;
1272 		mac->mac_phy.switch_analog = bwn_phy_switch_analog;
1273 		mac->mac_phy.switch_channel = bwn_phy_g_switch_channel;
1274 		mac->mac_phy.get_default_chan = bwn_phy_g_get_default_chan;
1275 		mac->mac_phy.set_antenna = bwn_phy_g_set_antenna;
1276 		mac->mac_phy.set_im = bwn_phy_g_im;
1277 		mac->mac_phy.recalc_txpwr = bwn_phy_g_recalc_txpwr;
1278 		mac->mac_phy.set_txpwr = bwn_phy_g_set_txpwr;
1279 		mac->mac_phy.task_15s = bwn_phy_g_task_15s;
1280 		mac->mac_phy.task_60s = bwn_phy_g_task_60s;
1281 	} else if (mac->mac_phy.type == BWN_PHYTYPE_LP) {
1282 		mac->mac_phy.init_pre = bwn_phy_lp_init_pre;
1283 		mac->mac_phy.init = bwn_phy_lp_init;
1284 		mac->mac_phy.phy_read = bwn_phy_lp_read;
1285 		mac->mac_phy.phy_write = bwn_phy_lp_write;
1286 		mac->mac_phy.phy_maskset = bwn_phy_lp_maskset;
1287 		mac->mac_phy.rf_read = bwn_phy_lp_rf_read;
1288 		mac->mac_phy.rf_write = bwn_phy_lp_rf_write;
1289 		mac->mac_phy.rf_onoff = bwn_phy_lp_rf_onoff;
1290 		mac->mac_phy.switch_analog = bwn_phy_lp_switch_analog;
1291 		mac->mac_phy.switch_channel = bwn_phy_lp_switch_channel;
1292 		mac->mac_phy.get_default_chan = bwn_phy_lp_get_default_chan;
1293 		mac->mac_phy.set_antenna = bwn_phy_lp_set_antenna;
1294 		mac->mac_phy.task_60s = bwn_phy_lp_task_60s;
1295 	} else if (mac->mac_phy.type == BWN_PHYTYPE_N) {
1296 		mac->mac_phy.attach = bwn_phy_n_attach;
1297 		mac->mac_phy.detach = bwn_phy_n_detach;
1298 		mac->mac_phy.prepare_hw = bwn_phy_n_prepare_hw;
1299 		mac->mac_phy.init_pre = bwn_phy_n_init_pre;
1300 		mac->mac_phy.init = bwn_phy_n_init;
1301 		mac->mac_phy.exit = bwn_phy_n_exit;
1302 		mac->mac_phy.phy_read = bwn_phy_n_read;
1303 		mac->mac_phy.phy_write = bwn_phy_n_write;
1304 		mac->mac_phy.rf_read = bwn_phy_n_rf_read;
1305 		mac->mac_phy.rf_write = bwn_phy_n_rf_write;
1306 		mac->mac_phy.use_hwpctl = bwn_phy_n_hwpctl;
1307 		mac->mac_phy.rf_onoff = bwn_phy_n_rf_onoff;
1308 		mac->mac_phy.switch_analog = bwn_phy_n_switch_analog;
1309 		mac->mac_phy.switch_channel = bwn_phy_n_switch_channel;
1310 		mac->mac_phy.get_default_chan = bwn_phy_n_get_default_chan;
1311 		mac->mac_phy.set_antenna = bwn_phy_n_set_antenna;
1312 		mac->mac_phy.set_im = bwn_phy_n_im;
1313 		mac->mac_phy.recalc_txpwr = bwn_phy_n_recalc_txpwr;
1314 		mac->mac_phy.set_txpwr = bwn_phy_n_set_txpwr;
1315 		mac->mac_phy.task_15s = bwn_phy_n_task_15s;
1316 		mac->mac_phy.task_60s = bwn_phy_n_task_60s;
1317 	} else {
1318 		device_printf(sc->sc_dev, "unsupported PHY type (%d)\n",
1319 		    mac->mac_phy.type);
1320 		error = ENXIO;
1321 		goto fail;
1322 	}
1323 
1324 	mac->mac_phy.gmode = have_bg;
1325 	if (mac->mac_phy.attach != NULL) {
1326 		error = mac->mac_phy.attach(mac);
1327 		if (error) {
1328 			device_printf(sc->sc_dev, "failed\n");
1329 			goto fail;
1330 		}
1331 	}
1332 
1333 	bwn_reset_core(mac, have_bg);
1334 
1335 	error = bwn_chiptest(mac);
1336 	if (error)
1337 		goto fail;
1338 	error = bwn_setup_channels(mac, have_bg, have_a);
1339 	if (error) {
1340 		device_printf(sc->sc_dev, "failed to setup channels\n");
1341 		goto fail;
1342 	}
1343 
1344 	if (sc->sc_curmac == NULL)
1345 		sc->sc_curmac = mac;
1346 
1347 	error = bwn_dma_attach(mac);
1348 	if (error != 0) {
1349 		device_printf(sc->sc_dev, "failed to initialize DMA\n");
1350 		goto fail;
1351 	}
1352 
1353 	mac->mac_phy.switch_analog(mac, 0);
1354 
1355 	siba_dev_down(sc->sc_dev, 0);
1356 fail:
1357 	siba_powerdown(sc->sc_dev);
1358 	bwn_release_firmware(mac);
1359 	return (error);
1360 }
1361 
1362 /*
1363  * Reset - SIBA.
1364  */
1365 void
1366 bwn_reset_core(struct bwn_mac *mac, int g_mode)
1367 {
1368 	struct bwn_softc *sc = mac->mac_sc;
1369 	uint32_t low, ctl;
1370 	uint32_t flags = 0;
1371 
1372 	DPRINTF(sc, BWN_DEBUG_RESET, "%s: g_mode=%d\n", __func__, g_mode);
1373 
1374 	flags |= (BWN_TGSLOW_PHYCLOCK_ENABLE | BWN_TGSLOW_PHYRESET);
1375 	if (g_mode)
1376 		flags |= BWN_TGSLOW_SUPPORT_G;
1377 
1378 	/* XXX N-PHY only; and hard-code to 20MHz for now */
1379 	if (mac->mac_phy.type == BWN_PHYTYPE_N)
1380 		flags |= BWN_TGSLOW_PHY_BANDWIDTH_20MHZ;
1381 
1382 	siba_dev_up(sc->sc_dev, flags);
1383 	DELAY(2000);
1384 
1385 	/* Take PHY out of reset */
1386 	low = (siba_read_4(sc->sc_dev, SIBA_TGSLOW) | SIBA_TGSLOW_FGC) &
1387 	    ~(BWN_TGSLOW_PHYRESET | BWN_TGSLOW_PHYCLOCK_ENABLE);
1388 	siba_write_4(sc->sc_dev, SIBA_TGSLOW, low);
1389 	siba_read_4(sc->sc_dev, SIBA_TGSLOW);
1390 	DELAY(2000);
1391 	low &= ~SIBA_TGSLOW_FGC;
1392 	low |= BWN_TGSLOW_PHYCLOCK_ENABLE;
1393 	siba_write_4(sc->sc_dev, SIBA_TGSLOW, low);
1394 	siba_read_4(sc->sc_dev, SIBA_TGSLOW);
1395 	DELAY(2000);
1396 
1397 	if (mac->mac_phy.switch_analog != NULL)
1398 		mac->mac_phy.switch_analog(mac, 1);
1399 
1400 	ctl = BWN_READ_4(mac, BWN_MACCTL) & ~BWN_MACCTL_GMODE;
1401 	if (g_mode)
1402 		ctl |= BWN_MACCTL_GMODE;
1403 	BWN_WRITE_4(mac, BWN_MACCTL, ctl | BWN_MACCTL_IHR_ON);
1404 }
1405 
1406 static int
1407 bwn_phy_getinfo(struct bwn_mac *mac, int gmode)
1408 {
1409 	struct bwn_phy *phy = &mac->mac_phy;
1410 	struct bwn_softc *sc = mac->mac_sc;
1411 	uint32_t tmp;
1412 
1413 	/* PHY */
1414 	tmp = BWN_READ_2(mac, BWN_PHYVER);
1415 	phy->gmode = gmode;
1416 	phy->rf_on = 1;
1417 	phy->analog = (tmp & BWN_PHYVER_ANALOG) >> 12;
1418 	phy->type = (tmp & BWN_PHYVER_TYPE) >> 8;
1419 	phy->rev = (tmp & BWN_PHYVER_VERSION);
1420 	if ((phy->type == BWN_PHYTYPE_A && phy->rev >= 4) ||
1421 	    (phy->type == BWN_PHYTYPE_B && phy->rev != 2 &&
1422 		phy->rev != 4 && phy->rev != 6 && phy->rev != 7) ||
1423 	    (phy->type == BWN_PHYTYPE_G && phy->rev > 9) ||
1424 	    (phy->type == BWN_PHYTYPE_N && phy->rev > 6) ||
1425 	    (phy->type == BWN_PHYTYPE_LP && phy->rev > 2))
1426 		goto unsupphy;
1427 
1428 	/* RADIO */
1429 	if (siba_get_chipid(sc->sc_dev) == 0x4317) {
1430 		if (siba_get_chiprev(sc->sc_dev) == 0)
1431 			tmp = 0x3205017f;
1432 		else if (siba_get_chiprev(sc->sc_dev) == 1)
1433 			tmp = 0x4205017f;
1434 		else
1435 			tmp = 0x5205017f;
1436 	} else {
1437 		BWN_WRITE_2(mac, BWN_RFCTL, BWN_RFCTL_ID);
1438 		tmp = BWN_READ_2(mac, BWN_RFDATALO);
1439 		BWN_WRITE_2(mac, BWN_RFCTL, BWN_RFCTL_ID);
1440 		tmp |= (uint32_t)BWN_READ_2(mac, BWN_RFDATAHI) << 16;
1441 	}
1442 	phy->rf_rev = (tmp & 0xf0000000) >> 28;
1443 	phy->rf_ver = (tmp & 0x0ffff000) >> 12;
1444 	phy->rf_manuf = (tmp & 0x00000fff);
1445 
1446 	/*
1447 	 * For now, just always do full init (ie, what bwn has traditionally
1448 	 * done)
1449 	 */
1450 	phy->phy_do_full_init = 1;
1451 
1452 	if (phy->rf_manuf != 0x17f)	/* 0x17f is broadcom */
1453 		goto unsupradio;
1454 	if ((phy->type == BWN_PHYTYPE_A && (phy->rf_ver != 0x2060 ||
1455 	     phy->rf_rev != 1 || phy->rf_manuf != 0x17f)) ||
1456 	    (phy->type == BWN_PHYTYPE_B && (phy->rf_ver & 0xfff0) != 0x2050) ||
1457 	    (phy->type == BWN_PHYTYPE_G && phy->rf_ver != 0x2050) ||
1458 	    (phy->type == BWN_PHYTYPE_N &&
1459 	     phy->rf_ver != 0x2055 && phy->rf_ver != 0x2056) ||
1460 	    (phy->type == BWN_PHYTYPE_LP &&
1461 	     phy->rf_ver != 0x2062 && phy->rf_ver != 0x2063))
1462 		goto unsupradio;
1463 
1464 	return (0);
1465 unsupphy:
1466 	device_printf(sc->sc_dev, "unsupported PHY (type %#x, rev %#x, "
1467 	    "analog %#x)\n",
1468 	    phy->type, phy->rev, phy->analog);
1469 	return (ENXIO);
1470 unsupradio:
1471 	device_printf(sc->sc_dev, "unsupported radio (manuf %#x, ver %#x, "
1472 	    "rev %#x)\n",
1473 	    phy->rf_manuf, phy->rf_ver, phy->rf_rev);
1474 	return (ENXIO);
1475 }
1476 
1477 static int
1478 bwn_chiptest(struct bwn_mac *mac)
1479 {
1480 #define	TESTVAL0	0x55aaaa55
1481 #define	TESTVAL1	0xaa5555aa
1482 	struct bwn_softc *sc = mac->mac_sc;
1483 	uint32_t v, backup;
1484 
1485 	BWN_LOCK(sc);
1486 
1487 	backup = bwn_shm_read_4(mac, BWN_SHARED, 0);
1488 
1489 	bwn_shm_write_4(mac, BWN_SHARED, 0, TESTVAL0);
1490 	if (bwn_shm_read_4(mac, BWN_SHARED, 0) != TESTVAL0)
1491 		goto error;
1492 	bwn_shm_write_4(mac, BWN_SHARED, 0, TESTVAL1);
1493 	if (bwn_shm_read_4(mac, BWN_SHARED, 0) != TESTVAL1)
1494 		goto error;
1495 
1496 	bwn_shm_write_4(mac, BWN_SHARED, 0, backup);
1497 
1498 	if ((siba_get_revid(sc->sc_dev) >= 3) &&
1499 	    (siba_get_revid(sc->sc_dev) <= 10)) {
1500 		BWN_WRITE_2(mac, BWN_TSF_CFP_START, 0xaaaa);
1501 		BWN_WRITE_4(mac, BWN_TSF_CFP_START, 0xccccbbbb);
1502 		if (BWN_READ_2(mac, BWN_TSF_CFP_START_LOW) != 0xbbbb)
1503 			goto error;
1504 		if (BWN_READ_2(mac, BWN_TSF_CFP_START_HIGH) != 0xcccc)
1505 			goto error;
1506 	}
1507 	BWN_WRITE_4(mac, BWN_TSF_CFP_START, 0);
1508 
1509 	v = BWN_READ_4(mac, BWN_MACCTL) | BWN_MACCTL_GMODE;
1510 	if (v != (BWN_MACCTL_GMODE | BWN_MACCTL_IHR_ON))
1511 		goto error;
1512 
1513 	BWN_UNLOCK(sc);
1514 	return (0);
1515 error:
1516 	BWN_UNLOCK(sc);
1517 	device_printf(sc->sc_dev, "failed to validate the chipaccess\n");
1518 	return (ENODEV);
1519 }
1520 
1521 static int
1522 bwn_setup_channels(struct bwn_mac *mac, int have_bg, int have_a)
1523 {
1524 	struct bwn_softc *sc = mac->mac_sc;
1525 	struct ieee80211com *ic = &sc->sc_ic;
1526 	uint8_t bands[IEEE80211_MODE_BYTES];
1527 
1528 	memset(ic->ic_channels, 0, sizeof(ic->ic_channels));
1529 	ic->ic_nchans = 0;
1530 
1531 	DPRINTF(sc, BWN_DEBUG_EEPROM, "%s: called; bg=%d, a=%d\n",
1532 	    __func__,
1533 	    have_bg,
1534 	    have_a);
1535 
1536 	if (have_bg) {
1537 		memset(bands, 0, sizeof(bands));
1538 		setbit(bands, IEEE80211_MODE_11B);
1539 		setbit(bands, IEEE80211_MODE_11G);
1540 		bwn_addchannels(ic->ic_channels, IEEE80211_CHAN_MAX,
1541 		    &ic->ic_nchans, &bwn_chantable_bg, bands);
1542 	}
1543 
1544 	if (have_a) {
1545 		memset(bands, 0, sizeof(bands));
1546 		setbit(bands, IEEE80211_MODE_11A);
1547 		bwn_addchannels(ic->ic_channels, IEEE80211_CHAN_MAX,
1548 		    &ic->ic_nchans, &bwn_chantable_a, bands);
1549 	}
1550 
1551 	mac->mac_phy.supports_2ghz = have_bg;
1552 	mac->mac_phy.supports_5ghz = have_a;
1553 
1554 	return (ic->ic_nchans == 0 ? ENXIO : 0);
1555 }
1556 
1557 uint32_t
1558 bwn_shm_read_4(struct bwn_mac *mac, uint16_t way, uint16_t offset)
1559 {
1560 	uint32_t ret;
1561 
1562 	BWN_ASSERT_LOCKED(mac->mac_sc);
1563 
1564 	if (way == BWN_SHARED) {
1565 		KASSERT((offset & 0x0001) == 0,
1566 		    ("%s:%d warn", __func__, __LINE__));
1567 		if (offset & 0x0003) {
1568 			bwn_shm_ctlword(mac, way, offset >> 2);
1569 			ret = BWN_READ_2(mac, BWN_SHM_DATA_UNALIGNED);
1570 			ret <<= 16;
1571 			bwn_shm_ctlword(mac, way, (offset >> 2) + 1);
1572 			ret |= BWN_READ_2(mac, BWN_SHM_DATA);
1573 			goto out;
1574 		}
1575 		offset >>= 2;
1576 	}
1577 	bwn_shm_ctlword(mac, way, offset);
1578 	ret = BWN_READ_4(mac, BWN_SHM_DATA);
1579 out:
1580 	return (ret);
1581 }
1582 
1583 uint16_t
1584 bwn_shm_read_2(struct bwn_mac *mac, uint16_t way, uint16_t offset)
1585 {
1586 	uint16_t ret;
1587 
1588 	BWN_ASSERT_LOCKED(mac->mac_sc);
1589 
1590 	if (way == BWN_SHARED) {
1591 		KASSERT((offset & 0x0001) == 0,
1592 		    ("%s:%d warn", __func__, __LINE__));
1593 		if (offset & 0x0003) {
1594 			bwn_shm_ctlword(mac, way, offset >> 2);
1595 			ret = BWN_READ_2(mac, BWN_SHM_DATA_UNALIGNED);
1596 			goto out;
1597 		}
1598 		offset >>= 2;
1599 	}
1600 	bwn_shm_ctlword(mac, way, offset);
1601 	ret = BWN_READ_2(mac, BWN_SHM_DATA);
1602 out:
1603 
1604 	return (ret);
1605 }
1606 
1607 static void
1608 bwn_shm_ctlword(struct bwn_mac *mac, uint16_t way,
1609     uint16_t offset)
1610 {
1611 	uint32_t control;
1612 
1613 	control = way;
1614 	control <<= 16;
1615 	control |= offset;
1616 	BWN_WRITE_4(mac, BWN_SHM_CONTROL, control);
1617 }
1618 
1619 void
1620 bwn_shm_write_4(struct bwn_mac *mac, uint16_t way, uint16_t offset,
1621     uint32_t value)
1622 {
1623 	BWN_ASSERT_LOCKED(mac->mac_sc);
1624 
1625 	if (way == BWN_SHARED) {
1626 		KASSERT((offset & 0x0001) == 0,
1627 		    ("%s:%d warn", __func__, __LINE__));
1628 		if (offset & 0x0003) {
1629 			bwn_shm_ctlword(mac, way, offset >> 2);
1630 			BWN_WRITE_2(mac, BWN_SHM_DATA_UNALIGNED,
1631 				    (value >> 16) & 0xffff);
1632 			bwn_shm_ctlword(mac, way, (offset >> 2) + 1);
1633 			BWN_WRITE_2(mac, BWN_SHM_DATA, value & 0xffff);
1634 			return;
1635 		}
1636 		offset >>= 2;
1637 	}
1638 	bwn_shm_ctlword(mac, way, offset);
1639 	BWN_WRITE_4(mac, BWN_SHM_DATA, value);
1640 }
1641 
1642 void
1643 bwn_shm_write_2(struct bwn_mac *mac, uint16_t way, uint16_t offset,
1644     uint16_t value)
1645 {
1646 	BWN_ASSERT_LOCKED(mac->mac_sc);
1647 
1648 	if (way == BWN_SHARED) {
1649 		KASSERT((offset & 0x0001) == 0,
1650 		    ("%s:%d warn", __func__, __LINE__));
1651 		if (offset & 0x0003) {
1652 			bwn_shm_ctlword(mac, way, offset >> 2);
1653 			BWN_WRITE_2(mac, BWN_SHM_DATA_UNALIGNED, value);
1654 			return;
1655 		}
1656 		offset >>= 2;
1657 	}
1658 	bwn_shm_ctlword(mac, way, offset);
1659 	BWN_WRITE_2(mac, BWN_SHM_DATA, value);
1660 }
1661 
1662 static void
1663 bwn_addchannels(struct ieee80211_channel chans[], int maxchans, int *nchans,
1664     const struct bwn_channelinfo *ci, const uint8_t bands[])
1665 {
1666 	int i, error;
1667 
1668 	for (i = 0, error = 0; i < ci->nchannels && error == 0; i++) {
1669 		const struct bwn_channel *hc = &ci->channels[i];
1670 
1671 		error = ieee80211_add_channel(chans, maxchans, nchans,
1672 		    hc->ieee, hc->freq, hc->maxTxPow, 0, bands);
1673 	}
1674 }
1675 
1676 static int
1677 bwn_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
1678 	const struct ieee80211_bpf_params *params)
1679 {
1680 	struct ieee80211com *ic = ni->ni_ic;
1681 	struct bwn_softc *sc = ic->ic_softc;
1682 	struct bwn_mac *mac = sc->sc_curmac;
1683 	int error;
1684 
1685 	if ((sc->sc_flags & BWN_FLAG_RUNNING) == 0 ||
1686 	    mac->mac_status < BWN_MAC_STATUS_STARTED) {
1687 		m_freem(m);
1688 		return (ENETDOWN);
1689 	}
1690 
1691 	BWN_LOCK(sc);
1692 	if (bwn_tx_isfull(sc, m)) {
1693 		m_freem(m);
1694 		BWN_UNLOCK(sc);
1695 		return (ENOBUFS);
1696 	}
1697 
1698 	error = bwn_tx_start(sc, ni, m);
1699 	if (error == 0)
1700 		sc->sc_watchdog_timer = 5;
1701 	BWN_UNLOCK(sc);
1702 	return (error);
1703 }
1704 
1705 /*
1706  * Callback from the 802.11 layer to update the slot time
1707  * based on the current setting.  We use it to notify the
1708  * firmware of ERP changes and the f/w takes care of things
1709  * like slot time and preamble.
1710  */
1711 static void
1712 bwn_updateslot(struct ieee80211com *ic)
1713 {
1714 	struct bwn_softc *sc = ic->ic_softc;
1715 	struct bwn_mac *mac;
1716 
1717 	BWN_LOCK(sc);
1718 	if (sc->sc_flags & BWN_FLAG_RUNNING) {
1719 		mac = (struct bwn_mac *)sc->sc_curmac;
1720 		bwn_set_slot_time(mac, IEEE80211_GET_SLOTTIME(ic));
1721 	}
1722 	BWN_UNLOCK(sc);
1723 }
1724 
1725 /*
1726  * Callback from the 802.11 layer after a promiscuous mode change.
1727  * Note this interface does not check the operating mode as this
1728  * is an internal callback and we are expected to honor the current
1729  * state (e.g. this is used for setting the interface in promiscuous
1730  * mode when operating in hostap mode to do ACS).
1731  */
1732 static void
1733 bwn_update_promisc(struct ieee80211com *ic)
1734 {
1735 	struct bwn_softc *sc = ic->ic_softc;
1736 	struct bwn_mac *mac = sc->sc_curmac;
1737 
1738 	BWN_LOCK(sc);
1739 	mac = sc->sc_curmac;
1740 	if (mac != NULL && mac->mac_status >= BWN_MAC_STATUS_INITED) {
1741 		if (ic->ic_promisc > 0)
1742 			sc->sc_filters |= BWN_MACCTL_PROMISC;
1743 		else
1744 			sc->sc_filters &= ~BWN_MACCTL_PROMISC;
1745 		bwn_set_opmode(mac);
1746 	}
1747 	BWN_UNLOCK(sc);
1748 }
1749 
1750 /*
1751  * Callback from the 802.11 layer to update WME parameters.
1752  */
1753 static int
1754 bwn_wme_update(struct ieee80211com *ic)
1755 {
1756 	struct bwn_softc *sc = ic->ic_softc;
1757 	struct bwn_mac *mac = sc->sc_curmac;
1758 	struct wmeParams *wmep;
1759 	int i;
1760 
1761 	BWN_LOCK(sc);
1762 	mac = sc->sc_curmac;
1763 	if (mac != NULL && mac->mac_status >= BWN_MAC_STATUS_INITED) {
1764 		bwn_mac_suspend(mac);
1765 		for (i = 0; i < N(sc->sc_wmeParams); i++) {
1766 			wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[i];
1767 			bwn_wme_loadparams(mac, wmep, bwn_wme_shm_offsets[i]);
1768 		}
1769 		bwn_mac_enable(mac);
1770 	}
1771 	BWN_UNLOCK(sc);
1772 	return (0);
1773 }
1774 
1775 static void
1776 bwn_scan_start(struct ieee80211com *ic)
1777 {
1778 	struct bwn_softc *sc = ic->ic_softc;
1779 	struct bwn_mac *mac;
1780 
1781 	BWN_LOCK(sc);
1782 	mac = sc->sc_curmac;
1783 	if (mac != NULL && mac->mac_status >= BWN_MAC_STATUS_INITED) {
1784 		sc->sc_filters |= BWN_MACCTL_BEACON_PROMISC;
1785 		bwn_set_opmode(mac);
1786 		/* disable CFP update during scan */
1787 		bwn_hf_write(mac, bwn_hf_read(mac) | BWN_HF_SKIP_CFP_UPDATE);
1788 	}
1789 	BWN_UNLOCK(sc);
1790 }
1791 
1792 static void
1793 bwn_scan_end(struct ieee80211com *ic)
1794 {
1795 	struct bwn_softc *sc = ic->ic_softc;
1796 	struct bwn_mac *mac;
1797 
1798 	BWN_LOCK(sc);
1799 	mac = sc->sc_curmac;
1800 	if (mac != NULL && mac->mac_status >= BWN_MAC_STATUS_INITED) {
1801 		sc->sc_filters &= ~BWN_MACCTL_BEACON_PROMISC;
1802 		bwn_set_opmode(mac);
1803 		bwn_hf_write(mac, bwn_hf_read(mac) & ~BWN_HF_SKIP_CFP_UPDATE);
1804 	}
1805 	BWN_UNLOCK(sc);
1806 }
1807 
1808 static void
1809 bwn_set_channel(struct ieee80211com *ic)
1810 {
1811 	struct bwn_softc *sc = ic->ic_softc;
1812 	struct bwn_mac *mac = sc->sc_curmac;
1813 	struct bwn_phy *phy = &mac->mac_phy;
1814 	int chan, error;
1815 
1816 	BWN_LOCK(sc);
1817 
1818 	error = bwn_switch_band(sc, ic->ic_curchan);
1819 	if (error)
1820 		goto fail;
1821 	bwn_mac_suspend(mac);
1822 	bwn_set_txretry(mac, BWN_RETRY_SHORT, BWN_RETRY_LONG);
1823 	chan = ieee80211_chan2ieee(ic, ic->ic_curchan);
1824 	if (chan != phy->chan)
1825 		bwn_switch_channel(mac, chan);
1826 
1827 	/* TX power level */
1828 	if (ic->ic_curchan->ic_maxpower != 0 &&
1829 	    ic->ic_curchan->ic_maxpower != phy->txpower) {
1830 		phy->txpower = ic->ic_curchan->ic_maxpower / 2;
1831 		bwn_phy_txpower_check(mac, BWN_TXPWR_IGNORE_TIME |
1832 		    BWN_TXPWR_IGNORE_TSSI);
1833 	}
1834 
1835 	bwn_set_txantenna(mac, BWN_ANT_DEFAULT);
1836 	if (phy->set_antenna)
1837 		phy->set_antenna(mac, BWN_ANT_DEFAULT);
1838 
1839 	if (sc->sc_rf_enabled != phy->rf_on) {
1840 		if (sc->sc_rf_enabled) {
1841 			bwn_rf_turnon(mac);
1842 			if (!(mac->mac_flags & BWN_MAC_FLAG_RADIO_ON))
1843 				device_printf(sc->sc_dev,
1844 				    "please turn on the RF switch\n");
1845 		} else
1846 			bwn_rf_turnoff(mac);
1847 	}
1848 
1849 	bwn_mac_enable(mac);
1850 
1851 fail:
1852 	/*
1853 	 * Setup radio tap channel freq and flags
1854 	 */
1855 	sc->sc_tx_th.wt_chan_freq = sc->sc_rx_th.wr_chan_freq =
1856 		htole16(ic->ic_curchan->ic_freq);
1857 	sc->sc_tx_th.wt_chan_flags = sc->sc_rx_th.wr_chan_flags =
1858 		htole16(ic->ic_curchan->ic_flags & 0xffff);
1859 
1860 	BWN_UNLOCK(sc);
1861 }
1862 
1863 static struct ieee80211vap *
1864 bwn_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
1865     enum ieee80211_opmode opmode, int flags,
1866     const uint8_t bssid[IEEE80211_ADDR_LEN],
1867     const uint8_t mac[IEEE80211_ADDR_LEN])
1868 {
1869 	struct ieee80211vap *vap;
1870 	struct bwn_vap *bvp;
1871 
1872 	switch (opmode) {
1873 	case IEEE80211_M_HOSTAP:
1874 	case IEEE80211_M_MBSS:
1875 	case IEEE80211_M_STA:
1876 	case IEEE80211_M_WDS:
1877 	case IEEE80211_M_MONITOR:
1878 	case IEEE80211_M_IBSS:
1879 	case IEEE80211_M_AHDEMO:
1880 		break;
1881 	default:
1882 		return (NULL);
1883 	}
1884 
1885 	bvp = malloc(sizeof(struct bwn_vap), M_80211_VAP, M_WAITOK | M_ZERO);
1886 	vap = &bvp->bv_vap;
1887 	ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
1888 	/* override with driver methods */
1889 	bvp->bv_newstate = vap->iv_newstate;
1890 	vap->iv_newstate = bwn_newstate;
1891 
1892 	/* override max aid so sta's cannot assoc when we're out of sta id's */
1893 	vap->iv_max_aid = BWN_STAID_MAX;
1894 
1895 	ieee80211_ratectl_init(vap);
1896 
1897 	/* complete setup */
1898 	ieee80211_vap_attach(vap, ieee80211_media_change,
1899 	    ieee80211_media_status, mac);
1900 	return (vap);
1901 }
1902 
1903 static void
1904 bwn_vap_delete(struct ieee80211vap *vap)
1905 {
1906 	struct bwn_vap *bvp = BWN_VAP(vap);
1907 
1908 	ieee80211_ratectl_deinit(vap);
1909 	ieee80211_vap_detach(vap);
1910 	free(bvp, M_80211_VAP);
1911 }
1912 
1913 static int
1914 bwn_init(struct bwn_softc *sc)
1915 {
1916 	struct bwn_mac *mac;
1917 	int error;
1918 
1919 	BWN_ASSERT_LOCKED(sc);
1920 
1921 	DPRINTF(sc, BWN_DEBUG_RESET, "%s: called\n", __func__);
1922 
1923 	bzero(sc->sc_bssid, IEEE80211_ADDR_LEN);
1924 	sc->sc_flags |= BWN_FLAG_NEED_BEACON_TP;
1925 	sc->sc_filters = 0;
1926 	bwn_wme_clear(sc);
1927 	sc->sc_beacons[0] = sc->sc_beacons[1] = 0;
1928 	sc->sc_rf_enabled = 1;
1929 
1930 	mac = sc->sc_curmac;
1931 	if (mac->mac_status == BWN_MAC_STATUS_UNINIT) {
1932 		error = bwn_core_init(mac);
1933 		if (error != 0)
1934 			return (error);
1935 	}
1936 	if (mac->mac_status == BWN_MAC_STATUS_INITED)
1937 		bwn_core_start(mac);
1938 
1939 	bwn_set_opmode(mac);
1940 	bwn_set_pretbtt(mac);
1941 	bwn_spu_setdelay(mac, 0);
1942 	bwn_set_macaddr(mac);
1943 
1944 	sc->sc_flags |= BWN_FLAG_RUNNING;
1945 	callout_reset(&sc->sc_rfswitch_ch, hz, bwn_rfswitch, sc);
1946 	callout_reset(&sc->sc_watchdog_ch, hz, bwn_watchdog, sc);
1947 
1948 	return (0);
1949 }
1950 
1951 static void
1952 bwn_stop(struct bwn_softc *sc)
1953 {
1954 	struct bwn_mac *mac = sc->sc_curmac;
1955 
1956 	BWN_ASSERT_LOCKED(sc);
1957 
1958 	DPRINTF(sc, BWN_DEBUG_RESET, "%s: called\n", __func__);
1959 
1960 	if (mac->mac_status >= BWN_MAC_STATUS_INITED) {
1961 		/* XXX FIXME opmode not based on VAP */
1962 		bwn_set_opmode(mac);
1963 		bwn_set_macaddr(mac);
1964 	}
1965 
1966 	if (mac->mac_status >= BWN_MAC_STATUS_STARTED)
1967 		bwn_core_stop(mac);
1968 
1969 	callout_stop(&sc->sc_led_blink_ch);
1970 	sc->sc_led_blinking = 0;
1971 
1972 	bwn_core_exit(mac);
1973 	sc->sc_rf_enabled = 0;
1974 
1975 	sc->sc_flags &= ~BWN_FLAG_RUNNING;
1976 }
1977 
1978 static void
1979 bwn_wme_clear(struct bwn_softc *sc)
1980 {
1981 #define	MS(_v, _f)	(((_v) & _f) >> _f##_S)
1982 	struct wmeParams *p;
1983 	unsigned int i;
1984 
1985 	KASSERT(N(bwn_wme_shm_offsets) == N(sc->sc_wmeParams),
1986 	    ("%s:%d: fail", __func__, __LINE__));
1987 
1988 	for (i = 0; i < N(sc->sc_wmeParams); i++) {
1989 		p = &(sc->sc_wmeParams[i]);
1990 
1991 		switch (bwn_wme_shm_offsets[i]) {
1992 		case BWN_WME_VOICE:
1993 			p->wmep_txopLimit = 0;
1994 			p->wmep_aifsn = 2;
1995 			/* XXX FIXME: log2(cwmin) */
1996 			p->wmep_logcwmin = MS(0x0001, WME_PARAM_LOGCWMIN);
1997 			p->wmep_logcwmax = MS(0x0001, WME_PARAM_LOGCWMAX);
1998 			break;
1999 		case BWN_WME_VIDEO:
2000 			p->wmep_txopLimit = 0;
2001 			p->wmep_aifsn = 2;
2002 			/* XXX FIXME: log2(cwmin) */
2003 			p->wmep_logcwmin = MS(0x0001, WME_PARAM_LOGCWMIN);
2004 			p->wmep_logcwmax = MS(0x0001, WME_PARAM_LOGCWMAX);
2005 			break;
2006 		case BWN_WME_BESTEFFORT:
2007 			p->wmep_txopLimit = 0;
2008 			p->wmep_aifsn = 3;
2009 			/* XXX FIXME: log2(cwmin) */
2010 			p->wmep_logcwmin = MS(0x0001, WME_PARAM_LOGCWMIN);
2011 			p->wmep_logcwmax = MS(0x03ff, WME_PARAM_LOGCWMAX);
2012 			break;
2013 		case BWN_WME_BACKGROUND:
2014 			p->wmep_txopLimit = 0;
2015 			p->wmep_aifsn = 7;
2016 			/* XXX FIXME: log2(cwmin) */
2017 			p->wmep_logcwmin = MS(0x0001, WME_PARAM_LOGCWMIN);
2018 			p->wmep_logcwmax = MS(0x03ff, WME_PARAM_LOGCWMAX);
2019 			break;
2020 		default:
2021 			KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
2022 		}
2023 	}
2024 }
2025 
2026 static int
2027 bwn_core_init(struct bwn_mac *mac)
2028 {
2029 	struct bwn_softc *sc = mac->mac_sc;
2030 	uint64_t hf;
2031 	int error;
2032 
2033 	KASSERT(mac->mac_status == BWN_MAC_STATUS_UNINIT,
2034 	    ("%s:%d: fail", __func__, __LINE__));
2035 
2036 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: called\n", __func__);
2037 
2038 	siba_powerup(sc->sc_dev, 0);
2039 	if (!siba_dev_isup(sc->sc_dev))
2040 		bwn_reset_core(mac, mac->mac_phy.gmode);
2041 
2042 	mac->mac_flags &= ~BWN_MAC_FLAG_DFQVALID;
2043 	mac->mac_flags |= BWN_MAC_FLAG_RADIO_ON;
2044 	mac->mac_phy.hwpctl = (bwn_hwpctl) ? 1 : 0;
2045 	BWN_GETTIME(mac->mac_phy.nexttime);
2046 	mac->mac_phy.txerrors = BWN_TXERROR_MAX;
2047 	bzero(&mac->mac_stats, sizeof(mac->mac_stats));
2048 	mac->mac_stats.link_noise = -95;
2049 	mac->mac_reason_intr = 0;
2050 	bzero(mac->mac_reason, sizeof(mac->mac_reason));
2051 	mac->mac_intr_mask = BWN_INTR_MASKTEMPLATE;
2052 #ifdef BWN_DEBUG
2053 	if (sc->sc_debug & BWN_DEBUG_XMIT)
2054 		mac->mac_intr_mask &= ~BWN_INTR_PHY_TXERR;
2055 #endif
2056 	mac->mac_suspended = 1;
2057 	mac->mac_task_state = 0;
2058 	memset(&mac->mac_noise, 0, sizeof(mac->mac_noise));
2059 
2060 	mac->mac_phy.init_pre(mac);
2061 
2062 	siba_pcicore_intr(sc->sc_dev);
2063 
2064 	siba_fix_imcfglobug(sc->sc_dev);
2065 	bwn_bt_disable(mac);
2066 	if (mac->mac_phy.prepare_hw) {
2067 		error = mac->mac_phy.prepare_hw(mac);
2068 		if (error)
2069 			goto fail0;
2070 	}
2071 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: chip_init\n", __func__);
2072 	error = bwn_chip_init(mac);
2073 	if (error)
2074 		goto fail0;
2075 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_COREREV,
2076 	    siba_get_revid(sc->sc_dev));
2077 	hf = bwn_hf_read(mac);
2078 	if (mac->mac_phy.type == BWN_PHYTYPE_G) {
2079 		hf |= BWN_HF_GPHY_SYM_WORKAROUND;
2080 		if (siba_sprom_get_bf_lo(sc->sc_dev) & BWN_BFL_PACTRL)
2081 			hf |= BWN_HF_PAGAINBOOST_OFDM_ON;
2082 		if (mac->mac_phy.rev == 1)
2083 			hf |= BWN_HF_GPHY_DC_CANCELFILTER;
2084 	}
2085 	if (mac->mac_phy.rf_ver == 0x2050) {
2086 		if (mac->mac_phy.rf_rev < 6)
2087 			hf |= BWN_HF_FORCE_VCO_RECALC;
2088 		if (mac->mac_phy.rf_rev == 6)
2089 			hf |= BWN_HF_4318_TSSI;
2090 	}
2091 	if (siba_sprom_get_bf_lo(sc->sc_dev) & BWN_BFL_CRYSTAL_NOSLOW)
2092 		hf |= BWN_HF_SLOWCLOCK_REQ_OFF;
2093 	if ((siba_get_type(sc->sc_dev) == SIBA_TYPE_PCI) &&
2094 	    (siba_get_pcicore_revid(sc->sc_dev) <= 10))
2095 		hf |= BWN_HF_PCI_SLOWCLOCK_WORKAROUND;
2096 	hf &= ~BWN_HF_SKIP_CFP_UPDATE;
2097 	bwn_hf_write(mac, hf);
2098 
2099 	/* Tell the firmware about the MAC capabilities */
2100 	if (siba_get_revid(sc->sc_dev) >= 13) {
2101 		uint32_t cap;
2102 		cap = BWN_READ_4(mac, BWN_MAC_HW_CAP);
2103 		DPRINTF(sc, BWN_DEBUG_RESET,
2104 		    "%s: hw capabilities: 0x%08x\n",
2105 		    __func__, cap);
2106 		bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_MACHW_L,
2107 		    cap & 0xffff);
2108 		bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_MACHW_H,
2109 		    (cap >> 16) & 0xffff);
2110 	}
2111 
2112 	bwn_set_txretry(mac, BWN_RETRY_SHORT, BWN_RETRY_LONG);
2113 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_SHORT_RETRY_FALLBACK, 3);
2114 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_LONG_RETRY_FALLBACK, 2);
2115 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_PROBE_RESP_MAXTIME, 1);
2116 
2117 	bwn_rate_init(mac);
2118 	bwn_set_phytxctl(mac);
2119 
2120 	bwn_shm_write_2(mac, BWN_SCRATCH, BWN_SCRATCH_CONT_MIN,
2121 	    (mac->mac_phy.type == BWN_PHYTYPE_B) ? 0x1f : 0xf);
2122 	bwn_shm_write_2(mac, BWN_SCRATCH, BWN_SCRATCH_CONT_MAX, 0x3ff);
2123 
2124 	if (siba_get_type(sc->sc_dev) == SIBA_TYPE_PCMCIA || bwn_usedma == 0)
2125 		bwn_pio_init(mac);
2126 	else
2127 		bwn_dma_init(mac);
2128 	bwn_wme_init(mac);
2129 	bwn_spu_setdelay(mac, 1);
2130 	bwn_bt_enable(mac);
2131 
2132 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: powerup\n", __func__);
2133 	siba_powerup(sc->sc_dev,
2134 	    !(siba_sprom_get_bf_lo(sc->sc_dev) & BWN_BFL_CRYSTAL_NOSLOW));
2135 	bwn_set_macaddr(mac);
2136 	bwn_crypt_init(mac);
2137 
2138 	/* XXX LED initializatin */
2139 
2140 	mac->mac_status = BWN_MAC_STATUS_INITED;
2141 
2142 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: done\n", __func__);
2143 	return (error);
2144 
2145 fail0:
2146 	siba_powerdown(sc->sc_dev);
2147 	KASSERT(mac->mac_status == BWN_MAC_STATUS_UNINIT,
2148 	    ("%s:%d: fail", __func__, __LINE__));
2149 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: fail\n", __func__);
2150 	return (error);
2151 }
2152 
2153 static void
2154 bwn_core_start(struct bwn_mac *mac)
2155 {
2156 	struct bwn_softc *sc = mac->mac_sc;
2157 	uint32_t tmp;
2158 
2159 	KASSERT(mac->mac_status == BWN_MAC_STATUS_INITED,
2160 	    ("%s:%d: fail", __func__, __LINE__));
2161 
2162 	if (siba_get_revid(sc->sc_dev) < 5)
2163 		return;
2164 
2165 	while (1) {
2166 		tmp = BWN_READ_4(mac, BWN_XMITSTAT_0);
2167 		if (!(tmp & 0x00000001))
2168 			break;
2169 		tmp = BWN_READ_4(mac, BWN_XMITSTAT_1);
2170 	}
2171 
2172 	bwn_mac_enable(mac);
2173 	BWN_WRITE_4(mac, BWN_INTR_MASK, mac->mac_intr_mask);
2174 	callout_reset(&sc->sc_task_ch, hz * 15, bwn_tasks, mac);
2175 
2176 	mac->mac_status = BWN_MAC_STATUS_STARTED;
2177 }
2178 
2179 static void
2180 bwn_core_exit(struct bwn_mac *mac)
2181 {
2182 	struct bwn_softc *sc = mac->mac_sc;
2183 	uint32_t macctl;
2184 
2185 	BWN_ASSERT_LOCKED(mac->mac_sc);
2186 
2187 	KASSERT(mac->mac_status <= BWN_MAC_STATUS_INITED,
2188 	    ("%s:%d: fail", __func__, __LINE__));
2189 
2190 	if (mac->mac_status != BWN_MAC_STATUS_INITED)
2191 		return;
2192 	mac->mac_status = BWN_MAC_STATUS_UNINIT;
2193 
2194 	macctl = BWN_READ_4(mac, BWN_MACCTL);
2195 	macctl &= ~BWN_MACCTL_MCODE_RUN;
2196 	macctl |= BWN_MACCTL_MCODE_JMP0;
2197 	BWN_WRITE_4(mac, BWN_MACCTL, macctl);
2198 
2199 	bwn_dma_stop(mac);
2200 	bwn_pio_stop(mac);
2201 	bwn_chip_exit(mac);
2202 	mac->mac_phy.switch_analog(mac, 0);
2203 	siba_dev_down(sc->sc_dev, 0);
2204 	siba_powerdown(sc->sc_dev);
2205 }
2206 
2207 static void
2208 bwn_bt_disable(struct bwn_mac *mac)
2209 {
2210 	struct bwn_softc *sc = mac->mac_sc;
2211 
2212 	(void)sc;
2213 	/* XXX do nothing yet */
2214 }
2215 
2216 static int
2217 bwn_chip_init(struct bwn_mac *mac)
2218 {
2219 	struct bwn_softc *sc = mac->mac_sc;
2220 	struct bwn_phy *phy = &mac->mac_phy;
2221 	uint32_t macctl;
2222 	int error;
2223 
2224 	macctl = BWN_MACCTL_IHR_ON | BWN_MACCTL_SHM_ON | BWN_MACCTL_STA;
2225 	if (phy->gmode)
2226 		macctl |= BWN_MACCTL_GMODE;
2227 	BWN_WRITE_4(mac, BWN_MACCTL, macctl);
2228 
2229 	error = bwn_fw_fillinfo(mac);
2230 	if (error)
2231 		return (error);
2232 	error = bwn_fw_loaducode(mac);
2233 	if (error)
2234 		return (error);
2235 
2236 	error = bwn_gpio_init(mac);
2237 	if (error)
2238 		return (error);
2239 
2240 	error = bwn_fw_loadinitvals(mac);
2241 	if (error) {
2242 		siba_gpio_set(sc->sc_dev, 0);
2243 		return (error);
2244 	}
2245 	phy->switch_analog(mac, 1);
2246 	error = bwn_phy_init(mac);
2247 	if (error) {
2248 		siba_gpio_set(sc->sc_dev, 0);
2249 		return (error);
2250 	}
2251 	if (phy->set_im)
2252 		phy->set_im(mac, BWN_IMMODE_NONE);
2253 	if (phy->set_antenna)
2254 		phy->set_antenna(mac, BWN_ANT_DEFAULT);
2255 	bwn_set_txantenna(mac, BWN_ANT_DEFAULT);
2256 
2257 	if (phy->type == BWN_PHYTYPE_B)
2258 		BWN_WRITE_2(mac, 0x005e, BWN_READ_2(mac, 0x005e) | 0x0004);
2259 	BWN_WRITE_4(mac, 0x0100, 0x01000000);
2260 	if (siba_get_revid(sc->sc_dev) < 5)
2261 		BWN_WRITE_4(mac, 0x010c, 0x01000000);
2262 
2263 	BWN_WRITE_4(mac, BWN_MACCTL,
2264 	    BWN_READ_4(mac, BWN_MACCTL) & ~BWN_MACCTL_STA);
2265 	BWN_WRITE_4(mac, BWN_MACCTL,
2266 	    BWN_READ_4(mac, BWN_MACCTL) | BWN_MACCTL_STA);
2267 	bwn_shm_write_2(mac, BWN_SHARED, 0x0074, 0x0000);
2268 
2269 	bwn_set_opmode(mac);
2270 	if (siba_get_revid(sc->sc_dev) < 3) {
2271 		BWN_WRITE_2(mac, 0x060e, 0x0000);
2272 		BWN_WRITE_2(mac, 0x0610, 0x8000);
2273 		BWN_WRITE_2(mac, 0x0604, 0x0000);
2274 		BWN_WRITE_2(mac, 0x0606, 0x0200);
2275 	} else {
2276 		BWN_WRITE_4(mac, 0x0188, 0x80000000);
2277 		BWN_WRITE_4(mac, 0x018c, 0x02000000);
2278 	}
2279 	BWN_WRITE_4(mac, BWN_INTR_REASON, 0x00004000);
2280 	BWN_WRITE_4(mac, BWN_DMA0_INTR_MASK, 0x0001dc00);
2281 	BWN_WRITE_4(mac, BWN_DMA1_INTR_MASK, 0x0000dc00);
2282 	BWN_WRITE_4(mac, BWN_DMA2_INTR_MASK, 0x0000dc00);
2283 	BWN_WRITE_4(mac, BWN_DMA3_INTR_MASK, 0x0001dc00);
2284 	BWN_WRITE_4(mac, BWN_DMA4_INTR_MASK, 0x0000dc00);
2285 	BWN_WRITE_4(mac, BWN_DMA5_INTR_MASK, 0x0000dc00);
2286 
2287 	bwn_mac_phy_clock_set(mac, true);
2288 
2289 	/* SIBA powerup */
2290 	BWN_WRITE_2(mac, BWN_POWERUP_DELAY, siba_get_cc_powerdelay(sc->sc_dev));
2291 	return (error);
2292 }
2293 
2294 /* read hostflags */
2295 uint64_t
2296 bwn_hf_read(struct bwn_mac *mac)
2297 {
2298 	uint64_t ret;
2299 
2300 	ret = bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_HFHI);
2301 	ret <<= 16;
2302 	ret |= bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_HFMI);
2303 	ret <<= 16;
2304 	ret |= bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_HFLO);
2305 	return (ret);
2306 }
2307 
2308 void
2309 bwn_hf_write(struct bwn_mac *mac, uint64_t value)
2310 {
2311 
2312 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_HFLO,
2313 	    (value & 0x00000000ffffull));
2314 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_HFMI,
2315 	    (value & 0x0000ffff0000ull) >> 16);
2316 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_HFHI,
2317 	    (value & 0xffff00000000ULL) >> 32);
2318 }
2319 
2320 static void
2321 bwn_set_txretry(struct bwn_mac *mac, int s, int l)
2322 {
2323 
2324 	bwn_shm_write_2(mac, BWN_SCRATCH, BWN_SCRATCH_SHORT_RETRY, MIN(s, 0xf));
2325 	bwn_shm_write_2(mac, BWN_SCRATCH, BWN_SCRATCH_LONG_RETRY, MIN(l, 0xf));
2326 }
2327 
2328 static void
2329 bwn_rate_init(struct bwn_mac *mac)
2330 {
2331 
2332 	switch (mac->mac_phy.type) {
2333 	case BWN_PHYTYPE_A:
2334 	case BWN_PHYTYPE_G:
2335 	case BWN_PHYTYPE_LP:
2336 	case BWN_PHYTYPE_N:
2337 		bwn_rate_write(mac, BWN_OFDM_RATE_6MB, 1);
2338 		bwn_rate_write(mac, BWN_OFDM_RATE_12MB, 1);
2339 		bwn_rate_write(mac, BWN_OFDM_RATE_18MB, 1);
2340 		bwn_rate_write(mac, BWN_OFDM_RATE_24MB, 1);
2341 		bwn_rate_write(mac, BWN_OFDM_RATE_36MB, 1);
2342 		bwn_rate_write(mac, BWN_OFDM_RATE_48MB, 1);
2343 		bwn_rate_write(mac, BWN_OFDM_RATE_54MB, 1);
2344 		if (mac->mac_phy.type == BWN_PHYTYPE_A)
2345 			break;
2346 		/* FALLTHROUGH */
2347 	case BWN_PHYTYPE_B:
2348 		bwn_rate_write(mac, BWN_CCK_RATE_1MB, 0);
2349 		bwn_rate_write(mac, BWN_CCK_RATE_2MB, 0);
2350 		bwn_rate_write(mac, BWN_CCK_RATE_5MB, 0);
2351 		bwn_rate_write(mac, BWN_CCK_RATE_11MB, 0);
2352 		break;
2353 	default:
2354 		KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
2355 	}
2356 }
2357 
2358 static void
2359 bwn_rate_write(struct bwn_mac *mac, uint16_t rate, int ofdm)
2360 {
2361 	uint16_t offset;
2362 
2363 	if (ofdm) {
2364 		offset = 0x480;
2365 		offset += (bwn_plcp_getofdm(rate) & 0x000f) * 2;
2366 	} else {
2367 		offset = 0x4c0;
2368 		offset += (bwn_plcp_getcck(rate) & 0x000f) * 2;
2369 	}
2370 	bwn_shm_write_2(mac, BWN_SHARED, offset + 0x20,
2371 	    bwn_shm_read_2(mac, BWN_SHARED, offset));
2372 }
2373 
2374 static uint8_t
2375 bwn_plcp_getcck(const uint8_t bitrate)
2376 {
2377 
2378 	switch (bitrate) {
2379 	case BWN_CCK_RATE_1MB:
2380 		return (0x0a);
2381 	case BWN_CCK_RATE_2MB:
2382 		return (0x14);
2383 	case BWN_CCK_RATE_5MB:
2384 		return (0x37);
2385 	case BWN_CCK_RATE_11MB:
2386 		return (0x6e);
2387 	}
2388 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
2389 	return (0);
2390 }
2391 
2392 static uint8_t
2393 bwn_plcp_getofdm(const uint8_t bitrate)
2394 {
2395 
2396 	switch (bitrate) {
2397 	case BWN_OFDM_RATE_6MB:
2398 		return (0xb);
2399 	case BWN_OFDM_RATE_9MB:
2400 		return (0xf);
2401 	case BWN_OFDM_RATE_12MB:
2402 		return (0xa);
2403 	case BWN_OFDM_RATE_18MB:
2404 		return (0xe);
2405 	case BWN_OFDM_RATE_24MB:
2406 		return (0x9);
2407 	case BWN_OFDM_RATE_36MB:
2408 		return (0xd);
2409 	case BWN_OFDM_RATE_48MB:
2410 		return (0x8);
2411 	case BWN_OFDM_RATE_54MB:
2412 		return (0xc);
2413 	}
2414 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
2415 	return (0);
2416 }
2417 
2418 static void
2419 bwn_set_phytxctl(struct bwn_mac *mac)
2420 {
2421 	uint16_t ctl;
2422 
2423 	ctl = (BWN_TX_PHY_ENC_CCK | BWN_TX_PHY_ANT01AUTO |
2424 	    BWN_TX_PHY_TXPWR);
2425 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_BEACON_PHYCTL, ctl);
2426 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_ACKCTS_PHYCTL, ctl);
2427 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_PROBE_RESP_PHYCTL, ctl);
2428 }
2429 
2430 static void
2431 bwn_pio_init(struct bwn_mac *mac)
2432 {
2433 	struct bwn_pio *pio = &mac->mac_method.pio;
2434 
2435 	BWN_WRITE_4(mac, BWN_MACCTL, BWN_READ_4(mac, BWN_MACCTL)
2436 	    & ~BWN_MACCTL_BIGENDIAN);
2437 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_RX_PADOFFSET, 0);
2438 
2439 	bwn_pio_set_txqueue(mac, &pio->wme[WME_AC_BK], 0);
2440 	bwn_pio_set_txqueue(mac, &pio->wme[WME_AC_BE], 1);
2441 	bwn_pio_set_txqueue(mac, &pio->wme[WME_AC_VI], 2);
2442 	bwn_pio_set_txqueue(mac, &pio->wme[WME_AC_VO], 3);
2443 	bwn_pio_set_txqueue(mac, &pio->mcast, 4);
2444 	bwn_pio_setupqueue_rx(mac, &pio->rx, 0);
2445 }
2446 
2447 static void
2448 bwn_pio_set_txqueue(struct bwn_mac *mac, struct bwn_pio_txqueue *tq,
2449     int index)
2450 {
2451 	struct bwn_pio_txpkt *tp;
2452 	struct bwn_softc *sc = mac->mac_sc;
2453 	unsigned int i;
2454 
2455 	tq->tq_base = bwn_pio_idx2base(mac, index) + BWN_PIO_TXQOFFSET(mac);
2456 	tq->tq_index = index;
2457 
2458 	tq->tq_free = BWN_PIO_MAX_TXPACKETS;
2459 	if (siba_get_revid(sc->sc_dev) >= 8)
2460 		tq->tq_size = 1920;
2461 	else {
2462 		tq->tq_size = bwn_pio_read_2(mac, tq, BWN_PIO_TXQBUFSIZE);
2463 		tq->tq_size -= 80;
2464 	}
2465 
2466 	TAILQ_INIT(&tq->tq_pktlist);
2467 	for (i = 0; i < N(tq->tq_pkts); i++) {
2468 		tp = &(tq->tq_pkts[i]);
2469 		tp->tp_index = i;
2470 		tp->tp_queue = tq;
2471 		TAILQ_INSERT_TAIL(&tq->tq_pktlist, tp, tp_list);
2472 	}
2473 }
2474 
2475 static uint16_t
2476 bwn_pio_idx2base(struct bwn_mac *mac, int index)
2477 {
2478 	struct bwn_softc *sc = mac->mac_sc;
2479 	static const uint16_t bases[] = {
2480 		BWN_PIO_BASE0,
2481 		BWN_PIO_BASE1,
2482 		BWN_PIO_BASE2,
2483 		BWN_PIO_BASE3,
2484 		BWN_PIO_BASE4,
2485 		BWN_PIO_BASE5,
2486 		BWN_PIO_BASE6,
2487 		BWN_PIO_BASE7,
2488 	};
2489 	static const uint16_t bases_rev11[] = {
2490 		BWN_PIO11_BASE0,
2491 		BWN_PIO11_BASE1,
2492 		BWN_PIO11_BASE2,
2493 		BWN_PIO11_BASE3,
2494 		BWN_PIO11_BASE4,
2495 		BWN_PIO11_BASE5,
2496 	};
2497 
2498 	if (siba_get_revid(sc->sc_dev) >= 11) {
2499 		if (index >= N(bases_rev11))
2500 			device_printf(sc->sc_dev, "%s: warning\n", __func__);
2501 		return (bases_rev11[index]);
2502 	}
2503 	if (index >= N(bases))
2504 		device_printf(sc->sc_dev, "%s: warning\n", __func__);
2505 	return (bases[index]);
2506 }
2507 
2508 static void
2509 bwn_pio_setupqueue_rx(struct bwn_mac *mac, struct bwn_pio_rxqueue *prq,
2510     int index)
2511 {
2512 	struct bwn_softc *sc = mac->mac_sc;
2513 
2514 	prq->prq_mac = mac;
2515 	prq->prq_rev = siba_get_revid(sc->sc_dev);
2516 	prq->prq_base = bwn_pio_idx2base(mac, index) + BWN_PIO_RXQOFFSET(mac);
2517 	bwn_dma_rxdirectfifo(mac, index, 1);
2518 }
2519 
2520 static void
2521 bwn_destroy_pioqueue_tx(struct bwn_pio_txqueue *tq)
2522 {
2523 	if (tq == NULL)
2524 		return;
2525 	bwn_pio_cancel_tx_packets(tq);
2526 }
2527 
2528 static void
2529 bwn_destroy_queue_tx(struct bwn_pio_txqueue *pio)
2530 {
2531 
2532 	bwn_destroy_pioqueue_tx(pio);
2533 }
2534 
2535 static uint16_t
2536 bwn_pio_read_2(struct bwn_mac *mac, struct bwn_pio_txqueue *tq,
2537     uint16_t offset)
2538 {
2539 
2540 	return (BWN_READ_2(mac, tq->tq_base + offset));
2541 }
2542 
2543 static void
2544 bwn_dma_rxdirectfifo(struct bwn_mac *mac, int idx, uint8_t enable)
2545 {
2546 	uint32_t ctl;
2547 	int type;
2548 	uint16_t base;
2549 
2550 	type = bwn_dma_mask2type(bwn_dma_mask(mac));
2551 	base = bwn_dma_base(type, idx);
2552 	if (type == BWN_DMA_64BIT) {
2553 		ctl = BWN_READ_4(mac, base + BWN_DMA64_RXCTL);
2554 		ctl &= ~BWN_DMA64_RXDIRECTFIFO;
2555 		if (enable)
2556 			ctl |= BWN_DMA64_RXDIRECTFIFO;
2557 		BWN_WRITE_4(mac, base + BWN_DMA64_RXCTL, ctl);
2558 	} else {
2559 		ctl = BWN_READ_4(mac, base + BWN_DMA32_RXCTL);
2560 		ctl &= ~BWN_DMA32_RXDIRECTFIFO;
2561 		if (enable)
2562 			ctl |= BWN_DMA32_RXDIRECTFIFO;
2563 		BWN_WRITE_4(mac, base + BWN_DMA32_RXCTL, ctl);
2564 	}
2565 }
2566 
2567 static uint64_t
2568 bwn_dma_mask(struct bwn_mac *mac)
2569 {
2570 	uint32_t tmp;
2571 	uint16_t base;
2572 
2573 	tmp = BWN_READ_4(mac, SIBA_TGSHIGH);
2574 	if (tmp & SIBA_TGSHIGH_DMA64)
2575 		return (BWN_DMA_BIT_MASK(64));
2576 	base = bwn_dma_base(0, 0);
2577 	BWN_WRITE_4(mac, base + BWN_DMA32_TXCTL, BWN_DMA32_TXADDREXT_MASK);
2578 	tmp = BWN_READ_4(mac, base + BWN_DMA32_TXCTL);
2579 	if (tmp & BWN_DMA32_TXADDREXT_MASK)
2580 		return (BWN_DMA_BIT_MASK(32));
2581 
2582 	return (BWN_DMA_BIT_MASK(30));
2583 }
2584 
2585 static int
2586 bwn_dma_mask2type(uint64_t dmamask)
2587 {
2588 
2589 	if (dmamask == BWN_DMA_BIT_MASK(30))
2590 		return (BWN_DMA_30BIT);
2591 	if (dmamask == BWN_DMA_BIT_MASK(32))
2592 		return (BWN_DMA_32BIT);
2593 	if (dmamask == BWN_DMA_BIT_MASK(64))
2594 		return (BWN_DMA_64BIT);
2595 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
2596 	return (BWN_DMA_30BIT);
2597 }
2598 
2599 static void
2600 bwn_pio_cancel_tx_packets(struct bwn_pio_txqueue *tq)
2601 {
2602 	struct bwn_pio_txpkt *tp;
2603 	unsigned int i;
2604 
2605 	for (i = 0; i < N(tq->tq_pkts); i++) {
2606 		tp = &(tq->tq_pkts[i]);
2607 		if (tp->tp_m) {
2608 			m_freem(tp->tp_m);
2609 			tp->tp_m = NULL;
2610 		}
2611 	}
2612 }
2613 
2614 static uint16_t
2615 bwn_dma_base(int type, int controller_idx)
2616 {
2617 	static const uint16_t map64[] = {
2618 		BWN_DMA64_BASE0,
2619 		BWN_DMA64_BASE1,
2620 		BWN_DMA64_BASE2,
2621 		BWN_DMA64_BASE3,
2622 		BWN_DMA64_BASE4,
2623 		BWN_DMA64_BASE5,
2624 	};
2625 	static const uint16_t map32[] = {
2626 		BWN_DMA32_BASE0,
2627 		BWN_DMA32_BASE1,
2628 		BWN_DMA32_BASE2,
2629 		BWN_DMA32_BASE3,
2630 		BWN_DMA32_BASE4,
2631 		BWN_DMA32_BASE5,
2632 	};
2633 
2634 	if (type == BWN_DMA_64BIT) {
2635 		KASSERT(controller_idx >= 0 && controller_idx < N(map64),
2636 		    ("%s:%d: fail", __func__, __LINE__));
2637 		return (map64[controller_idx]);
2638 	}
2639 	KASSERT(controller_idx >= 0 && controller_idx < N(map32),
2640 	    ("%s:%d: fail", __func__, __LINE__));
2641 	return (map32[controller_idx]);
2642 }
2643 
2644 static void
2645 bwn_dma_init(struct bwn_mac *mac)
2646 {
2647 	struct bwn_dma *dma = &mac->mac_method.dma;
2648 
2649 	/* setup TX DMA channels. */
2650 	bwn_dma_setup(dma->wme[WME_AC_BK]);
2651 	bwn_dma_setup(dma->wme[WME_AC_BE]);
2652 	bwn_dma_setup(dma->wme[WME_AC_VI]);
2653 	bwn_dma_setup(dma->wme[WME_AC_VO]);
2654 	bwn_dma_setup(dma->mcast);
2655 	/* setup RX DMA channel. */
2656 	bwn_dma_setup(dma->rx);
2657 }
2658 
2659 static struct bwn_dma_ring *
2660 bwn_dma_ringsetup(struct bwn_mac *mac, int controller_index,
2661     int for_tx, int type)
2662 {
2663 	struct bwn_dma *dma = &mac->mac_method.dma;
2664 	struct bwn_dma_ring *dr;
2665 	struct bwn_dmadesc_generic *desc;
2666 	struct bwn_dmadesc_meta *mt;
2667 	struct bwn_softc *sc = mac->mac_sc;
2668 	int error, i;
2669 
2670 	dr = malloc(sizeof(*dr), M_DEVBUF, M_NOWAIT | M_ZERO);
2671 	if (dr == NULL)
2672 		goto out;
2673 	dr->dr_numslots = BWN_RXRING_SLOTS;
2674 	if (for_tx)
2675 		dr->dr_numslots = BWN_TXRING_SLOTS;
2676 
2677 	dr->dr_meta = malloc(dr->dr_numslots * sizeof(struct bwn_dmadesc_meta),
2678 	    M_DEVBUF, M_NOWAIT | M_ZERO);
2679 	if (dr->dr_meta == NULL)
2680 		goto fail0;
2681 
2682 	dr->dr_type = type;
2683 	dr->dr_mac = mac;
2684 	dr->dr_base = bwn_dma_base(type, controller_index);
2685 	dr->dr_index = controller_index;
2686 	if (type == BWN_DMA_64BIT) {
2687 		dr->getdesc = bwn_dma_64_getdesc;
2688 		dr->setdesc = bwn_dma_64_setdesc;
2689 		dr->start_transfer = bwn_dma_64_start_transfer;
2690 		dr->suspend = bwn_dma_64_suspend;
2691 		dr->resume = bwn_dma_64_resume;
2692 		dr->get_curslot = bwn_dma_64_get_curslot;
2693 		dr->set_curslot = bwn_dma_64_set_curslot;
2694 	} else {
2695 		dr->getdesc = bwn_dma_32_getdesc;
2696 		dr->setdesc = bwn_dma_32_setdesc;
2697 		dr->start_transfer = bwn_dma_32_start_transfer;
2698 		dr->suspend = bwn_dma_32_suspend;
2699 		dr->resume = bwn_dma_32_resume;
2700 		dr->get_curslot = bwn_dma_32_get_curslot;
2701 		dr->set_curslot = bwn_dma_32_set_curslot;
2702 	}
2703 	if (for_tx) {
2704 		dr->dr_tx = 1;
2705 		dr->dr_curslot = -1;
2706 	} else {
2707 		if (dr->dr_index == 0) {
2708 			switch (mac->mac_fw.fw_hdr_format) {
2709 			case BWN_FW_HDR_351:
2710 			case BWN_FW_HDR_410:
2711 				dr->dr_rx_bufsize =
2712 				    BWN_DMA0_RX_BUFFERSIZE_FW351;
2713 				dr->dr_frameoffset =
2714 				    BWN_DMA0_RX_FRAMEOFFSET_FW351;
2715 				break;
2716 			case BWN_FW_HDR_598:
2717 				dr->dr_rx_bufsize =
2718 				    BWN_DMA0_RX_BUFFERSIZE_FW598;
2719 				dr->dr_frameoffset =
2720 				    BWN_DMA0_RX_FRAMEOFFSET_FW598;
2721 				break;
2722 			}
2723 		} else
2724 			KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
2725 	}
2726 
2727 	error = bwn_dma_allocringmemory(dr);
2728 	if (error)
2729 		goto fail2;
2730 
2731 	if (for_tx) {
2732 		/*
2733 		 * Assumption: BWN_TXRING_SLOTS can be divided by
2734 		 * BWN_TX_SLOTS_PER_FRAME
2735 		 */
2736 		KASSERT(BWN_TXRING_SLOTS % BWN_TX_SLOTS_PER_FRAME == 0,
2737 		    ("%s:%d: fail", __func__, __LINE__));
2738 
2739 		dr->dr_txhdr_cache = contigmalloc(
2740 		    (dr->dr_numslots / BWN_TX_SLOTS_PER_FRAME) *
2741 		    BWN_MAXTXHDRSIZE, M_DEVBUF, M_ZERO,
2742 		    0, BUS_SPACE_MAXADDR, 8, 0);
2743 		if (dr->dr_txhdr_cache == NULL) {
2744 			device_printf(sc->sc_dev,
2745 			    "can't allocate TX header DMA memory\n");
2746 			goto fail1;
2747 		}
2748 
2749 		/*
2750 		 * Create TX ring DMA stuffs
2751 		 */
2752 		error = bus_dma_tag_create(dma->parent_dtag,
2753 				    BWN_ALIGN, 0,
2754 				    BUS_SPACE_MAXADDR,
2755 				    BUS_SPACE_MAXADDR,
2756 				    NULL, NULL,
2757 				    BWN_HDRSIZE(mac),
2758 				    1,
2759 				    BUS_SPACE_MAXSIZE_32BIT,
2760 				    0,
2761 				    NULL, NULL,
2762 				    &dr->dr_txring_dtag);
2763 		if (error) {
2764 			device_printf(sc->sc_dev,
2765 			    "can't create TX ring DMA tag: TODO frees\n");
2766 			goto fail2;
2767 		}
2768 
2769 		for (i = 0; i < dr->dr_numslots; i += 2) {
2770 			dr->getdesc(dr, i, &desc, &mt);
2771 
2772 			mt->mt_txtype = BWN_DMADESC_METATYPE_HEADER;
2773 			mt->mt_m = NULL;
2774 			mt->mt_ni = NULL;
2775 			mt->mt_islast = 0;
2776 			error = bus_dmamap_create(dr->dr_txring_dtag, 0,
2777 			    &mt->mt_dmap);
2778 			if (error) {
2779 				device_printf(sc->sc_dev,
2780 				     "can't create RX buf DMA map\n");
2781 				goto fail2;
2782 			}
2783 
2784 			dr->getdesc(dr, i + 1, &desc, &mt);
2785 
2786 			mt->mt_txtype = BWN_DMADESC_METATYPE_BODY;
2787 			mt->mt_m = NULL;
2788 			mt->mt_ni = NULL;
2789 			mt->mt_islast = 1;
2790 			error = bus_dmamap_create(dma->txbuf_dtag, 0,
2791 			    &mt->mt_dmap);
2792 			if (error) {
2793 				device_printf(sc->sc_dev,
2794 				     "can't create RX buf DMA map\n");
2795 				goto fail2;
2796 			}
2797 		}
2798 	} else {
2799 		error = bus_dmamap_create(dma->rxbuf_dtag, 0,
2800 		    &dr->dr_spare_dmap);
2801 		if (error) {
2802 			device_printf(sc->sc_dev,
2803 			    "can't create RX buf DMA map\n");
2804 			goto out;		/* XXX wrong! */
2805 		}
2806 
2807 		for (i = 0; i < dr->dr_numslots; i++) {
2808 			dr->getdesc(dr, i, &desc, &mt);
2809 
2810 			error = bus_dmamap_create(dma->rxbuf_dtag, 0,
2811 			    &mt->mt_dmap);
2812 			if (error) {
2813 				device_printf(sc->sc_dev,
2814 				    "can't create RX buf DMA map\n");
2815 				goto out;	/* XXX wrong! */
2816 			}
2817 			error = bwn_dma_newbuf(dr, desc, mt, 1);
2818 			if (error) {
2819 				device_printf(sc->sc_dev,
2820 				    "failed to allocate RX buf\n");
2821 				goto out;	/* XXX wrong! */
2822 			}
2823 		}
2824 
2825 		bus_dmamap_sync(dr->dr_ring_dtag, dr->dr_ring_dmap,
2826 		    BUS_DMASYNC_PREWRITE);
2827 
2828 		dr->dr_usedslot = dr->dr_numslots;
2829 	}
2830 
2831       out:
2832 	return (dr);
2833 
2834 fail2:
2835 	if (dr->dr_txhdr_cache != NULL) {
2836 		contigfree(dr->dr_txhdr_cache,
2837 		    (dr->dr_numslots / BWN_TX_SLOTS_PER_FRAME) *
2838 		    BWN_MAXTXHDRSIZE, M_DEVBUF);
2839 	}
2840 fail1:
2841 	free(dr->dr_meta, M_DEVBUF);
2842 fail0:
2843 	free(dr, M_DEVBUF);
2844 	return (NULL);
2845 }
2846 
2847 static void
2848 bwn_dma_ringfree(struct bwn_dma_ring **dr)
2849 {
2850 
2851 	if (dr == NULL)
2852 		return;
2853 
2854 	bwn_dma_free_descbufs(*dr);
2855 	bwn_dma_free_ringmemory(*dr);
2856 
2857 	if ((*dr)->dr_txhdr_cache != NULL) {
2858 		contigfree((*dr)->dr_txhdr_cache,
2859 		    ((*dr)->dr_numslots / BWN_TX_SLOTS_PER_FRAME) *
2860 		    BWN_MAXTXHDRSIZE, M_DEVBUF);
2861 	}
2862 	free((*dr)->dr_meta, M_DEVBUF);
2863 	free(*dr, M_DEVBUF);
2864 
2865 	*dr = NULL;
2866 }
2867 
2868 static void
2869 bwn_dma_32_getdesc(struct bwn_dma_ring *dr, int slot,
2870     struct bwn_dmadesc_generic **gdesc, struct bwn_dmadesc_meta **meta)
2871 {
2872 	struct bwn_dmadesc32 *desc;
2873 
2874 	*meta = &(dr->dr_meta[slot]);
2875 	desc = dr->dr_ring_descbase;
2876 	desc = &(desc[slot]);
2877 
2878 	*gdesc = (struct bwn_dmadesc_generic *)desc;
2879 }
2880 
2881 static void
2882 bwn_dma_32_setdesc(struct bwn_dma_ring *dr,
2883     struct bwn_dmadesc_generic *desc, bus_addr_t dmaaddr, uint16_t bufsize,
2884     int start, int end, int irq)
2885 {
2886 	struct bwn_dmadesc32 *descbase = dr->dr_ring_descbase;
2887 	struct bwn_softc *sc = dr->dr_mac->mac_sc;
2888 	uint32_t addr, addrext, ctl;
2889 	int slot;
2890 
2891 	slot = (int)(&(desc->dma.dma32) - descbase);
2892 	KASSERT(slot >= 0 && slot < dr->dr_numslots,
2893 	    ("%s:%d: fail", __func__, __LINE__));
2894 
2895 	addr = (uint32_t) (dmaaddr & ~SIBA_DMA_TRANSLATION_MASK);
2896 	addrext = (uint32_t) (dmaaddr & SIBA_DMA_TRANSLATION_MASK) >> 30;
2897 	addr |= siba_dma_translation(sc->sc_dev);
2898 	ctl = bufsize & BWN_DMA32_DCTL_BYTECNT;
2899 	if (slot == dr->dr_numslots - 1)
2900 		ctl |= BWN_DMA32_DCTL_DTABLEEND;
2901 	if (start)
2902 		ctl |= BWN_DMA32_DCTL_FRAMESTART;
2903 	if (end)
2904 		ctl |= BWN_DMA32_DCTL_FRAMEEND;
2905 	if (irq)
2906 		ctl |= BWN_DMA32_DCTL_IRQ;
2907 	ctl |= (addrext << BWN_DMA32_DCTL_ADDREXT_SHIFT)
2908 	    & BWN_DMA32_DCTL_ADDREXT_MASK;
2909 
2910 	desc->dma.dma32.control = htole32(ctl);
2911 	desc->dma.dma32.address = htole32(addr);
2912 }
2913 
2914 static void
2915 bwn_dma_32_start_transfer(struct bwn_dma_ring *dr, int slot)
2916 {
2917 
2918 	BWN_DMA_WRITE(dr, BWN_DMA32_TXINDEX,
2919 	    (uint32_t)(slot * sizeof(struct bwn_dmadesc32)));
2920 }
2921 
2922 static void
2923 bwn_dma_32_suspend(struct bwn_dma_ring *dr)
2924 {
2925 
2926 	BWN_DMA_WRITE(dr, BWN_DMA32_TXCTL,
2927 	    BWN_DMA_READ(dr, BWN_DMA32_TXCTL) | BWN_DMA32_TXSUSPEND);
2928 }
2929 
2930 static void
2931 bwn_dma_32_resume(struct bwn_dma_ring *dr)
2932 {
2933 
2934 	BWN_DMA_WRITE(dr, BWN_DMA32_TXCTL,
2935 	    BWN_DMA_READ(dr, BWN_DMA32_TXCTL) & ~BWN_DMA32_TXSUSPEND);
2936 }
2937 
2938 static int
2939 bwn_dma_32_get_curslot(struct bwn_dma_ring *dr)
2940 {
2941 	uint32_t val;
2942 
2943 	val = BWN_DMA_READ(dr, BWN_DMA32_RXSTATUS);
2944 	val &= BWN_DMA32_RXDPTR;
2945 
2946 	return (val / sizeof(struct bwn_dmadesc32));
2947 }
2948 
2949 static void
2950 bwn_dma_32_set_curslot(struct bwn_dma_ring *dr, int slot)
2951 {
2952 
2953 	BWN_DMA_WRITE(dr, BWN_DMA32_RXINDEX,
2954 	    (uint32_t) (slot * sizeof(struct bwn_dmadesc32)));
2955 }
2956 
2957 static void
2958 bwn_dma_64_getdesc(struct bwn_dma_ring *dr, int slot,
2959     struct bwn_dmadesc_generic **gdesc, struct bwn_dmadesc_meta **meta)
2960 {
2961 	struct bwn_dmadesc64 *desc;
2962 
2963 	*meta = &(dr->dr_meta[slot]);
2964 	desc = dr->dr_ring_descbase;
2965 	desc = &(desc[slot]);
2966 
2967 	*gdesc = (struct bwn_dmadesc_generic *)desc;
2968 }
2969 
2970 static void
2971 bwn_dma_64_setdesc(struct bwn_dma_ring *dr,
2972     struct bwn_dmadesc_generic *desc, bus_addr_t dmaaddr, uint16_t bufsize,
2973     int start, int end, int irq)
2974 {
2975 	struct bwn_dmadesc64 *descbase = dr->dr_ring_descbase;
2976 	struct bwn_softc *sc = dr->dr_mac->mac_sc;
2977 	int slot;
2978 	uint32_t ctl0 = 0, ctl1 = 0;
2979 	uint32_t addrlo, addrhi;
2980 	uint32_t addrext;
2981 
2982 	slot = (int)(&(desc->dma.dma64) - descbase);
2983 	KASSERT(slot >= 0 && slot < dr->dr_numslots,
2984 	    ("%s:%d: fail", __func__, __LINE__));
2985 
2986 	addrlo = (uint32_t) (dmaaddr & 0xffffffff);
2987 	addrhi = (((uint64_t) dmaaddr >> 32) & ~SIBA_DMA_TRANSLATION_MASK);
2988 	addrext = (((uint64_t) dmaaddr >> 32) & SIBA_DMA_TRANSLATION_MASK) >>
2989 	    30;
2990 	addrhi |= (siba_dma_translation(sc->sc_dev) << 1);
2991 	if (slot == dr->dr_numslots - 1)
2992 		ctl0 |= BWN_DMA64_DCTL0_DTABLEEND;
2993 	if (start)
2994 		ctl0 |= BWN_DMA64_DCTL0_FRAMESTART;
2995 	if (end)
2996 		ctl0 |= BWN_DMA64_DCTL0_FRAMEEND;
2997 	if (irq)
2998 		ctl0 |= BWN_DMA64_DCTL0_IRQ;
2999 	ctl1 |= bufsize & BWN_DMA64_DCTL1_BYTECNT;
3000 	ctl1 |= (addrext << BWN_DMA64_DCTL1_ADDREXT_SHIFT)
3001 	    & BWN_DMA64_DCTL1_ADDREXT_MASK;
3002 
3003 	desc->dma.dma64.control0 = htole32(ctl0);
3004 	desc->dma.dma64.control1 = htole32(ctl1);
3005 	desc->dma.dma64.address_low = htole32(addrlo);
3006 	desc->dma.dma64.address_high = htole32(addrhi);
3007 }
3008 
3009 static void
3010 bwn_dma_64_start_transfer(struct bwn_dma_ring *dr, int slot)
3011 {
3012 
3013 	BWN_DMA_WRITE(dr, BWN_DMA64_TXINDEX,
3014 	    (uint32_t)(slot * sizeof(struct bwn_dmadesc64)));
3015 }
3016 
3017 static void
3018 bwn_dma_64_suspend(struct bwn_dma_ring *dr)
3019 {
3020 
3021 	BWN_DMA_WRITE(dr, BWN_DMA64_TXCTL,
3022 	    BWN_DMA_READ(dr, BWN_DMA64_TXCTL) | BWN_DMA64_TXSUSPEND);
3023 }
3024 
3025 static void
3026 bwn_dma_64_resume(struct bwn_dma_ring *dr)
3027 {
3028 
3029 	BWN_DMA_WRITE(dr, BWN_DMA64_TXCTL,
3030 	    BWN_DMA_READ(dr, BWN_DMA64_TXCTL) & ~BWN_DMA64_TXSUSPEND);
3031 }
3032 
3033 static int
3034 bwn_dma_64_get_curslot(struct bwn_dma_ring *dr)
3035 {
3036 	uint32_t val;
3037 
3038 	val = BWN_DMA_READ(dr, BWN_DMA64_RXSTATUS);
3039 	val &= BWN_DMA64_RXSTATDPTR;
3040 
3041 	return (val / sizeof(struct bwn_dmadesc64));
3042 }
3043 
3044 static void
3045 bwn_dma_64_set_curslot(struct bwn_dma_ring *dr, int slot)
3046 {
3047 
3048 	BWN_DMA_WRITE(dr, BWN_DMA64_RXINDEX,
3049 	    (uint32_t)(slot * sizeof(struct bwn_dmadesc64)));
3050 }
3051 
3052 static int
3053 bwn_dma_allocringmemory(struct bwn_dma_ring *dr)
3054 {
3055 	struct bwn_mac *mac = dr->dr_mac;
3056 	struct bwn_dma *dma = &mac->mac_method.dma;
3057 	struct bwn_softc *sc = mac->mac_sc;
3058 	int error;
3059 
3060 	error = bus_dma_tag_create(dma->parent_dtag,
3061 			    BWN_ALIGN, 0,
3062 			    BUS_SPACE_MAXADDR,
3063 			    BUS_SPACE_MAXADDR,
3064 			    NULL, NULL,
3065 			    BWN_DMA_RINGMEMSIZE,
3066 			    1,
3067 			    BUS_SPACE_MAXSIZE_32BIT,
3068 			    0,
3069 			    NULL, NULL,
3070 			    &dr->dr_ring_dtag);
3071 	if (error) {
3072 		device_printf(sc->sc_dev,
3073 		    "can't create TX ring DMA tag: TODO frees\n");
3074 		return (-1);
3075 	}
3076 
3077 	error = bus_dmamem_alloc(dr->dr_ring_dtag,
3078 	    &dr->dr_ring_descbase, BUS_DMA_WAITOK | BUS_DMA_ZERO,
3079 	    &dr->dr_ring_dmap);
3080 	if (error) {
3081 		device_printf(sc->sc_dev,
3082 		    "can't allocate DMA mem: TODO frees\n");
3083 		return (-1);
3084 	}
3085 	error = bus_dmamap_load(dr->dr_ring_dtag, dr->dr_ring_dmap,
3086 	    dr->dr_ring_descbase, BWN_DMA_RINGMEMSIZE,
3087 	    bwn_dma_ring_addr, &dr->dr_ring_dmabase, BUS_DMA_NOWAIT);
3088 	if (error) {
3089 		device_printf(sc->sc_dev,
3090 		    "can't load DMA mem: TODO free\n");
3091 		return (-1);
3092 	}
3093 
3094 	return (0);
3095 }
3096 
3097 static void
3098 bwn_dma_setup(struct bwn_dma_ring *dr)
3099 {
3100 	struct bwn_softc *sc = dr->dr_mac->mac_sc;
3101 	uint64_t ring64;
3102 	uint32_t addrext, ring32, value;
3103 	uint32_t trans = siba_dma_translation(sc->sc_dev);
3104 
3105 	if (dr->dr_tx) {
3106 		dr->dr_curslot = -1;
3107 
3108 		if (dr->dr_type == BWN_DMA_64BIT) {
3109 			ring64 = (uint64_t)(dr->dr_ring_dmabase);
3110 			addrext = ((ring64 >> 32) & SIBA_DMA_TRANSLATION_MASK)
3111 			    >> 30;
3112 			value = BWN_DMA64_TXENABLE;
3113 			value |= BWN_DMA64_TXPARITY_DISABLE;
3114 			value |= (addrext << BWN_DMA64_TXADDREXT_SHIFT)
3115 			    & BWN_DMA64_TXADDREXT_MASK;
3116 			BWN_DMA_WRITE(dr, BWN_DMA64_TXCTL, value);
3117 			BWN_DMA_WRITE(dr, BWN_DMA64_TXRINGLO,
3118 			    (ring64 & 0xffffffff));
3119 			BWN_DMA_WRITE(dr, BWN_DMA64_TXRINGHI,
3120 			    ((ring64 >> 32) &
3121 			    ~SIBA_DMA_TRANSLATION_MASK) | (trans << 1));
3122 		} else {
3123 			ring32 = (uint32_t)(dr->dr_ring_dmabase);
3124 			addrext = (ring32 & SIBA_DMA_TRANSLATION_MASK) >> 30;
3125 			value = BWN_DMA32_TXENABLE;
3126 			value |= BWN_DMA32_TXPARITY_DISABLE;
3127 			value |= (addrext << BWN_DMA32_TXADDREXT_SHIFT)
3128 			    & BWN_DMA32_TXADDREXT_MASK;
3129 			BWN_DMA_WRITE(dr, BWN_DMA32_TXCTL, value);
3130 			BWN_DMA_WRITE(dr, BWN_DMA32_TXRING,
3131 			    (ring32 & ~SIBA_DMA_TRANSLATION_MASK) | trans);
3132 		}
3133 		return;
3134 	}
3135 
3136 	/*
3137 	 * set for RX
3138 	 */
3139 	dr->dr_usedslot = dr->dr_numslots;
3140 
3141 	if (dr->dr_type == BWN_DMA_64BIT) {
3142 		ring64 = (uint64_t)(dr->dr_ring_dmabase);
3143 		addrext = ((ring64 >> 32) & SIBA_DMA_TRANSLATION_MASK) >> 30;
3144 		value = (dr->dr_frameoffset << BWN_DMA64_RXFROFF_SHIFT);
3145 		value |= BWN_DMA64_RXENABLE;
3146 		value |= BWN_DMA64_RXPARITY_DISABLE;
3147 		value |= (addrext << BWN_DMA64_RXADDREXT_SHIFT)
3148 		    & BWN_DMA64_RXADDREXT_MASK;
3149 		BWN_DMA_WRITE(dr, BWN_DMA64_RXCTL, value);
3150 		BWN_DMA_WRITE(dr, BWN_DMA64_RXRINGLO, (ring64 & 0xffffffff));
3151 		BWN_DMA_WRITE(dr, BWN_DMA64_RXRINGHI,
3152 		    ((ring64 >> 32) & ~SIBA_DMA_TRANSLATION_MASK)
3153 		    | (trans << 1));
3154 		BWN_DMA_WRITE(dr, BWN_DMA64_RXINDEX, dr->dr_numslots *
3155 		    sizeof(struct bwn_dmadesc64));
3156 	} else {
3157 		ring32 = (uint32_t)(dr->dr_ring_dmabase);
3158 		addrext = (ring32 & SIBA_DMA_TRANSLATION_MASK) >> 30;
3159 		value = (dr->dr_frameoffset << BWN_DMA32_RXFROFF_SHIFT);
3160 		value |= BWN_DMA32_RXENABLE;
3161 		value |= BWN_DMA32_RXPARITY_DISABLE;
3162 		value |= (addrext << BWN_DMA32_RXADDREXT_SHIFT)
3163 		    & BWN_DMA32_RXADDREXT_MASK;
3164 		BWN_DMA_WRITE(dr, BWN_DMA32_RXCTL, value);
3165 		BWN_DMA_WRITE(dr, BWN_DMA32_RXRING,
3166 		    (ring32 & ~SIBA_DMA_TRANSLATION_MASK) | trans);
3167 		BWN_DMA_WRITE(dr, BWN_DMA32_RXINDEX, dr->dr_numslots *
3168 		    sizeof(struct bwn_dmadesc32));
3169 	}
3170 }
3171 
3172 static void
3173 bwn_dma_free_ringmemory(struct bwn_dma_ring *dr)
3174 {
3175 
3176 	bus_dmamap_unload(dr->dr_ring_dtag, dr->dr_ring_dmap);
3177 	bus_dmamem_free(dr->dr_ring_dtag, dr->dr_ring_descbase,
3178 	    dr->dr_ring_dmap);
3179 }
3180 
3181 static void
3182 bwn_dma_cleanup(struct bwn_dma_ring *dr)
3183 {
3184 
3185 	if (dr->dr_tx) {
3186 		bwn_dma_tx_reset(dr->dr_mac, dr->dr_base, dr->dr_type);
3187 		if (dr->dr_type == BWN_DMA_64BIT) {
3188 			BWN_DMA_WRITE(dr, BWN_DMA64_TXRINGLO, 0);
3189 			BWN_DMA_WRITE(dr, BWN_DMA64_TXRINGHI, 0);
3190 		} else
3191 			BWN_DMA_WRITE(dr, BWN_DMA32_TXRING, 0);
3192 	} else {
3193 		bwn_dma_rx_reset(dr->dr_mac, dr->dr_base, dr->dr_type);
3194 		if (dr->dr_type == BWN_DMA_64BIT) {
3195 			BWN_DMA_WRITE(dr, BWN_DMA64_RXRINGLO, 0);
3196 			BWN_DMA_WRITE(dr, BWN_DMA64_RXRINGHI, 0);
3197 		} else
3198 			BWN_DMA_WRITE(dr, BWN_DMA32_RXRING, 0);
3199 	}
3200 }
3201 
3202 static void
3203 bwn_dma_free_descbufs(struct bwn_dma_ring *dr)
3204 {
3205 	struct bwn_dmadesc_generic *desc;
3206 	struct bwn_dmadesc_meta *meta;
3207 	struct bwn_mac *mac = dr->dr_mac;
3208 	struct bwn_dma *dma = &mac->mac_method.dma;
3209 	struct bwn_softc *sc = mac->mac_sc;
3210 	int i;
3211 
3212 	if (!dr->dr_usedslot)
3213 		return;
3214 	for (i = 0; i < dr->dr_numslots; i++) {
3215 		dr->getdesc(dr, i, &desc, &meta);
3216 
3217 		if (meta->mt_m == NULL) {
3218 			if (!dr->dr_tx)
3219 				device_printf(sc->sc_dev, "%s: not TX?\n",
3220 				    __func__);
3221 			continue;
3222 		}
3223 		if (dr->dr_tx) {
3224 			if (meta->mt_txtype == BWN_DMADESC_METATYPE_HEADER)
3225 				bus_dmamap_unload(dr->dr_txring_dtag,
3226 				    meta->mt_dmap);
3227 			else if (meta->mt_txtype == BWN_DMADESC_METATYPE_BODY)
3228 				bus_dmamap_unload(dma->txbuf_dtag,
3229 				    meta->mt_dmap);
3230 		} else
3231 			bus_dmamap_unload(dma->rxbuf_dtag, meta->mt_dmap);
3232 		bwn_dma_free_descbuf(dr, meta);
3233 	}
3234 }
3235 
3236 static int
3237 bwn_dma_tx_reset(struct bwn_mac *mac, uint16_t base,
3238     int type)
3239 {
3240 	struct bwn_softc *sc = mac->mac_sc;
3241 	uint32_t value;
3242 	int i;
3243 	uint16_t offset;
3244 
3245 	for (i = 0; i < 10; i++) {
3246 		offset = (type == BWN_DMA_64BIT) ? BWN_DMA64_TXSTATUS :
3247 		    BWN_DMA32_TXSTATUS;
3248 		value = BWN_READ_4(mac, base + offset);
3249 		if (type == BWN_DMA_64BIT) {
3250 			value &= BWN_DMA64_TXSTAT;
3251 			if (value == BWN_DMA64_TXSTAT_DISABLED ||
3252 			    value == BWN_DMA64_TXSTAT_IDLEWAIT ||
3253 			    value == BWN_DMA64_TXSTAT_STOPPED)
3254 				break;
3255 		} else {
3256 			value &= BWN_DMA32_TXSTATE;
3257 			if (value == BWN_DMA32_TXSTAT_DISABLED ||
3258 			    value == BWN_DMA32_TXSTAT_IDLEWAIT ||
3259 			    value == BWN_DMA32_TXSTAT_STOPPED)
3260 				break;
3261 		}
3262 		DELAY(1000);
3263 	}
3264 	offset = (type == BWN_DMA_64BIT) ? BWN_DMA64_TXCTL : BWN_DMA32_TXCTL;
3265 	BWN_WRITE_4(mac, base + offset, 0);
3266 	for (i = 0; i < 10; i++) {
3267 		offset = (type == BWN_DMA_64BIT) ? BWN_DMA64_TXSTATUS :
3268 						   BWN_DMA32_TXSTATUS;
3269 		value = BWN_READ_4(mac, base + offset);
3270 		if (type == BWN_DMA_64BIT) {
3271 			value &= BWN_DMA64_TXSTAT;
3272 			if (value == BWN_DMA64_TXSTAT_DISABLED) {
3273 				i = -1;
3274 				break;
3275 			}
3276 		} else {
3277 			value &= BWN_DMA32_TXSTATE;
3278 			if (value == BWN_DMA32_TXSTAT_DISABLED) {
3279 				i = -1;
3280 				break;
3281 			}
3282 		}
3283 		DELAY(1000);
3284 	}
3285 	if (i != -1) {
3286 		device_printf(sc->sc_dev, "%s: timed out\n", __func__);
3287 		return (ENODEV);
3288 	}
3289 	DELAY(1000);
3290 
3291 	return (0);
3292 }
3293 
3294 static int
3295 bwn_dma_rx_reset(struct bwn_mac *mac, uint16_t base,
3296     int type)
3297 {
3298 	struct bwn_softc *sc = mac->mac_sc;
3299 	uint32_t value;
3300 	int i;
3301 	uint16_t offset;
3302 
3303 	offset = (type == BWN_DMA_64BIT) ? BWN_DMA64_RXCTL : BWN_DMA32_RXCTL;
3304 	BWN_WRITE_4(mac, base + offset, 0);
3305 	for (i = 0; i < 10; i++) {
3306 		offset = (type == BWN_DMA_64BIT) ? BWN_DMA64_RXSTATUS :
3307 		    BWN_DMA32_RXSTATUS;
3308 		value = BWN_READ_4(mac, base + offset);
3309 		if (type == BWN_DMA_64BIT) {
3310 			value &= BWN_DMA64_RXSTAT;
3311 			if (value == BWN_DMA64_RXSTAT_DISABLED) {
3312 				i = -1;
3313 				break;
3314 			}
3315 		} else {
3316 			value &= BWN_DMA32_RXSTATE;
3317 			if (value == BWN_DMA32_RXSTAT_DISABLED) {
3318 				i = -1;
3319 				break;
3320 			}
3321 		}
3322 		DELAY(1000);
3323 	}
3324 	if (i != -1) {
3325 		device_printf(sc->sc_dev, "%s: timed out\n", __func__);
3326 		return (ENODEV);
3327 	}
3328 
3329 	return (0);
3330 }
3331 
3332 static void
3333 bwn_dma_free_descbuf(struct bwn_dma_ring *dr,
3334     struct bwn_dmadesc_meta *meta)
3335 {
3336 
3337 	if (meta->mt_m != NULL) {
3338 		m_freem(meta->mt_m);
3339 		meta->mt_m = NULL;
3340 	}
3341 	if (meta->mt_ni != NULL) {
3342 		ieee80211_free_node(meta->mt_ni);
3343 		meta->mt_ni = NULL;
3344 	}
3345 }
3346 
3347 static void
3348 bwn_dma_set_redzone(struct bwn_dma_ring *dr, struct mbuf *m)
3349 {
3350 	struct bwn_rxhdr4 *rxhdr;
3351 	unsigned char *frame;
3352 
3353 	rxhdr = mtod(m, struct bwn_rxhdr4 *);
3354 	rxhdr->frame_len = 0;
3355 
3356 	KASSERT(dr->dr_rx_bufsize >= dr->dr_frameoffset +
3357 	    sizeof(struct bwn_plcp6) + 2,
3358 	    ("%s:%d: fail", __func__, __LINE__));
3359 	frame = mtod(m, char *) + dr->dr_frameoffset;
3360 	memset(frame, 0xff, sizeof(struct bwn_plcp6) + 2 /* padding */);
3361 }
3362 
3363 static uint8_t
3364 bwn_dma_check_redzone(struct bwn_dma_ring *dr, struct mbuf *m)
3365 {
3366 	unsigned char *f = mtod(m, char *) + dr->dr_frameoffset;
3367 
3368 	return ((f[0] & f[1] & f[2] & f[3] & f[4] & f[5] & f[6] & f[7])
3369 	    == 0xff);
3370 }
3371 
3372 static void
3373 bwn_wme_init(struct bwn_mac *mac)
3374 {
3375 
3376 	bwn_wme_load(mac);
3377 
3378 	/* enable WME support. */
3379 	bwn_hf_write(mac, bwn_hf_read(mac) | BWN_HF_EDCF);
3380 	BWN_WRITE_2(mac, BWN_IFSCTL, BWN_READ_2(mac, BWN_IFSCTL) |
3381 	    BWN_IFSCTL_USE_EDCF);
3382 }
3383 
3384 static void
3385 bwn_spu_setdelay(struct bwn_mac *mac, int idle)
3386 {
3387 	struct bwn_softc *sc = mac->mac_sc;
3388 	struct ieee80211com *ic = &sc->sc_ic;
3389 	uint16_t delay;	/* microsec */
3390 
3391 	delay = (mac->mac_phy.type == BWN_PHYTYPE_A) ? 3700 : 1050;
3392 	if (ic->ic_opmode == IEEE80211_M_IBSS || idle)
3393 		delay = 500;
3394 	if ((mac->mac_phy.rf_ver == 0x2050) && (mac->mac_phy.rf_rev == 8))
3395 		delay = max(delay, (uint16_t)2400);
3396 
3397 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_SPU_WAKEUP, delay);
3398 }
3399 
3400 static void
3401 bwn_bt_enable(struct bwn_mac *mac)
3402 {
3403 	struct bwn_softc *sc = mac->mac_sc;
3404 	uint64_t hf;
3405 
3406 	if (bwn_bluetooth == 0)
3407 		return;
3408 	if ((siba_sprom_get_bf_lo(sc->sc_dev) & BWN_BFL_BTCOEXIST) == 0)
3409 		return;
3410 	if (mac->mac_phy.type != BWN_PHYTYPE_B && !mac->mac_phy.gmode)
3411 		return;
3412 
3413 	hf = bwn_hf_read(mac);
3414 	if (siba_sprom_get_bf_lo(sc->sc_dev) & BWN_BFL_BTCMOD)
3415 		hf |= BWN_HF_BT_COEXISTALT;
3416 	else
3417 		hf |= BWN_HF_BT_COEXIST;
3418 	bwn_hf_write(mac, hf);
3419 }
3420 
3421 static void
3422 bwn_set_macaddr(struct bwn_mac *mac)
3423 {
3424 
3425 	bwn_mac_write_bssid(mac);
3426 	bwn_mac_setfilter(mac, BWN_MACFILTER_SELF,
3427 	    mac->mac_sc->sc_ic.ic_macaddr);
3428 }
3429 
3430 static void
3431 bwn_clear_keys(struct bwn_mac *mac)
3432 {
3433 	int i;
3434 
3435 	for (i = 0; i < mac->mac_max_nr_keys; i++) {
3436 		KASSERT(i >= 0 && i < mac->mac_max_nr_keys,
3437 		    ("%s:%d: fail", __func__, __LINE__));
3438 
3439 		bwn_key_dowrite(mac, i, BWN_SEC_ALGO_NONE,
3440 		    NULL, BWN_SEC_KEYSIZE, NULL);
3441 		if ((i <= 3) && !BWN_SEC_NEWAPI(mac)) {
3442 			bwn_key_dowrite(mac, i + 4, BWN_SEC_ALGO_NONE,
3443 			    NULL, BWN_SEC_KEYSIZE, NULL);
3444 		}
3445 		mac->mac_key[i].keyconf = NULL;
3446 	}
3447 }
3448 
3449 static void
3450 bwn_crypt_init(struct bwn_mac *mac)
3451 {
3452 	struct bwn_softc *sc = mac->mac_sc;
3453 
3454 	mac->mac_max_nr_keys = (siba_get_revid(sc->sc_dev) >= 5) ? 58 : 20;
3455 	KASSERT(mac->mac_max_nr_keys <= N(mac->mac_key),
3456 	    ("%s:%d: fail", __func__, __LINE__));
3457 	mac->mac_ktp = bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_KEY_TABLEP);
3458 	mac->mac_ktp *= 2;
3459 	if (siba_get_revid(sc->sc_dev) >= 5)
3460 		BWN_WRITE_2(mac, BWN_RCMTA_COUNT, mac->mac_max_nr_keys - 8);
3461 	bwn_clear_keys(mac);
3462 }
3463 
3464 static void
3465 bwn_chip_exit(struct bwn_mac *mac)
3466 {
3467 	struct bwn_softc *sc = mac->mac_sc;
3468 
3469 	bwn_phy_exit(mac);
3470 	siba_gpio_set(sc->sc_dev, 0);
3471 }
3472 
3473 static int
3474 bwn_fw_fillinfo(struct bwn_mac *mac)
3475 {
3476 	int error;
3477 
3478 	error = bwn_fw_gets(mac, BWN_FWTYPE_DEFAULT);
3479 	if (error == 0)
3480 		return (0);
3481 	error = bwn_fw_gets(mac, BWN_FWTYPE_OPENSOURCE);
3482 	if (error == 0)
3483 		return (0);
3484 	return (error);
3485 }
3486 
3487 static int
3488 bwn_gpio_init(struct bwn_mac *mac)
3489 {
3490 	struct bwn_softc *sc = mac->mac_sc;
3491 	uint32_t mask = 0x1f, set = 0xf, value;
3492 
3493 	BWN_WRITE_4(mac, BWN_MACCTL,
3494 	    BWN_READ_4(mac, BWN_MACCTL) & ~BWN_MACCTL_GPOUT_MASK);
3495 	BWN_WRITE_2(mac, BWN_GPIO_MASK,
3496 	    BWN_READ_2(mac, BWN_GPIO_MASK) | 0x000f);
3497 
3498 	if (siba_get_chipid(sc->sc_dev) == 0x4301) {
3499 		mask |= 0x0060;
3500 		set |= 0x0060;
3501 	}
3502 	if (siba_sprom_get_bf_lo(sc->sc_dev) & BWN_BFL_PACTRL) {
3503 		BWN_WRITE_2(mac, BWN_GPIO_MASK,
3504 		    BWN_READ_2(mac, BWN_GPIO_MASK) | 0x0200);
3505 		mask |= 0x0200;
3506 		set |= 0x0200;
3507 	}
3508 	if (siba_get_revid(sc->sc_dev) >= 2)
3509 		mask |= 0x0010;
3510 
3511 	value = siba_gpio_get(sc->sc_dev);
3512 	if (value == -1)
3513 		return (0);
3514 	siba_gpio_set(sc->sc_dev, (value & mask) | set);
3515 
3516 	return (0);
3517 }
3518 
3519 static int
3520 bwn_fw_loadinitvals(struct bwn_mac *mac)
3521 {
3522 #define	GETFWOFFSET(fwp, offset)				\
3523 	((const struct bwn_fwinitvals *)((const char *)fwp.fw->data + offset))
3524 	const size_t hdr_len = sizeof(struct bwn_fwhdr);
3525 	const struct bwn_fwhdr *hdr;
3526 	struct bwn_fw *fw = &mac->mac_fw;
3527 	int error;
3528 
3529 	hdr = (const struct bwn_fwhdr *)(fw->initvals.fw->data);
3530 	error = bwn_fwinitvals_write(mac, GETFWOFFSET(fw->initvals, hdr_len),
3531 	    be32toh(hdr->size), fw->initvals.fw->datasize - hdr_len);
3532 	if (error)
3533 		return (error);
3534 	if (fw->initvals_band.fw) {
3535 		hdr = (const struct bwn_fwhdr *)(fw->initvals_band.fw->data);
3536 		error = bwn_fwinitvals_write(mac,
3537 		    GETFWOFFSET(fw->initvals_band, hdr_len),
3538 		    be32toh(hdr->size),
3539 		    fw->initvals_band.fw->datasize - hdr_len);
3540 	}
3541 	return (error);
3542 #undef GETFWOFFSET
3543 }
3544 
3545 static int
3546 bwn_phy_init(struct bwn_mac *mac)
3547 {
3548 	struct bwn_softc *sc = mac->mac_sc;
3549 	int error;
3550 
3551 	mac->mac_phy.chan = mac->mac_phy.get_default_chan(mac);
3552 	mac->mac_phy.rf_onoff(mac, 1);
3553 	error = mac->mac_phy.init(mac);
3554 	if (error) {
3555 		device_printf(sc->sc_dev, "PHY init failed\n");
3556 		goto fail0;
3557 	}
3558 	error = bwn_switch_channel(mac,
3559 	    mac->mac_phy.get_default_chan(mac));
3560 	if (error) {
3561 		device_printf(sc->sc_dev,
3562 		    "failed to switch default channel\n");
3563 		goto fail1;
3564 	}
3565 	return (0);
3566 fail1:
3567 	if (mac->mac_phy.exit)
3568 		mac->mac_phy.exit(mac);
3569 fail0:
3570 	mac->mac_phy.rf_onoff(mac, 0);
3571 
3572 	return (error);
3573 }
3574 
3575 static void
3576 bwn_set_txantenna(struct bwn_mac *mac, int antenna)
3577 {
3578 	uint16_t ant;
3579 	uint16_t tmp;
3580 
3581 	ant = bwn_ant2phy(antenna);
3582 
3583 	/* For ACK/CTS */
3584 	tmp = bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_ACKCTS_PHYCTL);
3585 	tmp = (tmp & ~BWN_TX_PHY_ANT) | ant;
3586 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_ACKCTS_PHYCTL, tmp);
3587 	/* For Probe Resposes */
3588 	tmp = bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_PROBE_RESP_PHYCTL);
3589 	tmp = (tmp & ~BWN_TX_PHY_ANT) | ant;
3590 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_PROBE_RESP_PHYCTL, tmp);
3591 }
3592 
3593 static void
3594 bwn_set_opmode(struct bwn_mac *mac)
3595 {
3596 	struct bwn_softc *sc = mac->mac_sc;
3597 	struct ieee80211com *ic = &sc->sc_ic;
3598 	uint32_t ctl;
3599 	uint16_t cfp_pretbtt;
3600 
3601 	ctl = BWN_READ_4(mac, BWN_MACCTL);
3602 	ctl &= ~(BWN_MACCTL_HOSTAP | BWN_MACCTL_PASS_CTL |
3603 	    BWN_MACCTL_PASS_BADPLCP | BWN_MACCTL_PASS_BADFCS |
3604 	    BWN_MACCTL_PROMISC | BWN_MACCTL_BEACON_PROMISC);
3605 	ctl |= BWN_MACCTL_STA;
3606 
3607 	if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
3608 	    ic->ic_opmode == IEEE80211_M_MBSS)
3609 		ctl |= BWN_MACCTL_HOSTAP;
3610 	else if (ic->ic_opmode == IEEE80211_M_IBSS)
3611 		ctl &= ~BWN_MACCTL_STA;
3612 	ctl |= sc->sc_filters;
3613 
3614 	if (siba_get_revid(sc->sc_dev) <= 4)
3615 		ctl |= BWN_MACCTL_PROMISC;
3616 
3617 	BWN_WRITE_4(mac, BWN_MACCTL, ctl);
3618 
3619 	cfp_pretbtt = 2;
3620 	if ((ctl & BWN_MACCTL_STA) && !(ctl & BWN_MACCTL_HOSTAP)) {
3621 		if (siba_get_chipid(sc->sc_dev) == 0x4306 &&
3622 		    siba_get_chiprev(sc->sc_dev) == 3)
3623 			cfp_pretbtt = 100;
3624 		else
3625 			cfp_pretbtt = 50;
3626 	}
3627 	BWN_WRITE_2(mac, 0x612, cfp_pretbtt);
3628 }
3629 
3630 static int
3631 bwn_dma_gettype(struct bwn_mac *mac)
3632 {
3633 	uint32_t tmp;
3634 	uint16_t base;
3635 
3636 	tmp = BWN_READ_4(mac, SIBA_TGSHIGH);
3637 	if (tmp & SIBA_TGSHIGH_DMA64)
3638 		return (BWN_DMA_64BIT);
3639 	base = bwn_dma_base(0, 0);
3640 	BWN_WRITE_4(mac, base + BWN_DMA32_TXCTL, BWN_DMA32_TXADDREXT_MASK);
3641 	tmp = BWN_READ_4(mac, base + BWN_DMA32_TXCTL);
3642 	if (tmp & BWN_DMA32_TXADDREXT_MASK)
3643 		return (BWN_DMA_32BIT);
3644 
3645 	return (BWN_DMA_30BIT);
3646 }
3647 
3648 static void
3649 bwn_dma_ring_addr(void *arg, bus_dma_segment_t *seg, int nseg, int error)
3650 {
3651 	if (!error) {
3652 		KASSERT(nseg == 1, ("too many segments(%d)\n", nseg));
3653 		*((bus_addr_t *)arg) = seg->ds_addr;
3654 	}
3655 }
3656 
3657 void
3658 bwn_dummy_transmission(struct bwn_mac *mac, int ofdm, int paon)
3659 {
3660 	struct bwn_phy *phy = &mac->mac_phy;
3661 	struct bwn_softc *sc = mac->mac_sc;
3662 	unsigned int i, max_loop;
3663 	uint16_t value;
3664 	uint32_t buffer[5] = {
3665 		0x00000000, 0x00d40000, 0x00000000, 0x01000000, 0x00000000
3666 	};
3667 
3668 	if (ofdm) {
3669 		max_loop = 0x1e;
3670 		buffer[0] = 0x000201cc;
3671 	} else {
3672 		max_loop = 0xfa;
3673 		buffer[0] = 0x000b846e;
3674 	}
3675 
3676 	BWN_ASSERT_LOCKED(mac->mac_sc);
3677 
3678 	for (i = 0; i < 5; i++)
3679 		bwn_ram_write(mac, i * 4, buffer[i]);
3680 
3681 	BWN_WRITE_2(mac, 0x0568, 0x0000);
3682 	BWN_WRITE_2(mac, 0x07c0,
3683 	    (siba_get_revid(sc->sc_dev) < 11) ? 0x0000 : 0x0100);
3684 
3685 	value = (ofdm ? 0x41 : 0x40);
3686 	BWN_WRITE_2(mac, 0x050c, value);
3687 
3688 	if (phy->type == BWN_PHYTYPE_N || phy->type == BWN_PHYTYPE_LP ||
3689 	    phy->type == BWN_PHYTYPE_LCN)
3690 		BWN_WRITE_2(mac, 0x0514, 0x1a02);
3691 	BWN_WRITE_2(mac, 0x0508, 0x0000);
3692 	BWN_WRITE_2(mac, 0x050a, 0x0000);
3693 	BWN_WRITE_2(mac, 0x054c, 0x0000);
3694 	BWN_WRITE_2(mac, 0x056a, 0x0014);
3695 	BWN_WRITE_2(mac, 0x0568, 0x0826);
3696 	BWN_WRITE_2(mac, 0x0500, 0x0000);
3697 
3698 	/* XXX TODO: n phy pa override? */
3699 
3700 	switch (phy->type) {
3701 	case BWN_PHYTYPE_N:
3702 	case BWN_PHYTYPE_LCN:
3703 		BWN_WRITE_2(mac, 0x0502, 0x00d0);
3704 		break;
3705 	case BWN_PHYTYPE_LP:
3706 		BWN_WRITE_2(mac, 0x0502, 0x0050);
3707 		break;
3708 	default:
3709 		BWN_WRITE_2(mac, 0x0502, 0x0030);
3710 		break;
3711 	}
3712 
3713 	/* flush */
3714 	BWN_READ_2(mac, 0x0502);
3715 
3716 	if (phy->rf_ver == 0x2050 && phy->rf_rev <= 0x5)
3717 		BWN_RF_WRITE(mac, 0x0051, 0x0017);
3718 	for (i = 0x00; i < max_loop; i++) {
3719 		value = BWN_READ_2(mac, 0x050e);
3720 		if (value & 0x0080)
3721 			break;
3722 		DELAY(10);
3723 	}
3724 	for (i = 0x00; i < 0x0a; i++) {
3725 		value = BWN_READ_2(mac, 0x050e);
3726 		if (value & 0x0400)
3727 			break;
3728 		DELAY(10);
3729 	}
3730 	for (i = 0x00; i < 0x19; i++) {
3731 		value = BWN_READ_2(mac, 0x0690);
3732 		if (!(value & 0x0100))
3733 			break;
3734 		DELAY(10);
3735 	}
3736 	if (phy->rf_ver == 0x2050 && phy->rf_rev <= 0x5)
3737 		BWN_RF_WRITE(mac, 0x0051, 0x0037);
3738 }
3739 
3740 void
3741 bwn_ram_write(struct bwn_mac *mac, uint16_t offset, uint32_t val)
3742 {
3743 	uint32_t macctl;
3744 
3745 	KASSERT(offset % 4 == 0, ("%s:%d: fail", __func__, __LINE__));
3746 
3747 	macctl = BWN_READ_4(mac, BWN_MACCTL);
3748 	if (macctl & BWN_MACCTL_BIGENDIAN)
3749 		printf("TODO: need swap\n");
3750 
3751 	BWN_WRITE_4(mac, BWN_RAM_CONTROL, offset);
3752 	BWN_BARRIER(mac, BUS_SPACE_BARRIER_WRITE);
3753 	BWN_WRITE_4(mac, BWN_RAM_DATA, val);
3754 }
3755 
3756 void
3757 bwn_mac_suspend(struct bwn_mac *mac)
3758 {
3759 	struct bwn_softc *sc = mac->mac_sc;
3760 	int i;
3761 	uint32_t tmp;
3762 
3763 	KASSERT(mac->mac_suspended >= 0,
3764 	    ("%s:%d: fail", __func__, __LINE__));
3765 
3766 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: suspended=%d\n",
3767 	    __func__, mac->mac_suspended);
3768 
3769 	if (mac->mac_suspended == 0) {
3770 		bwn_psctl(mac, BWN_PS_AWAKE);
3771 		BWN_WRITE_4(mac, BWN_MACCTL,
3772 			    BWN_READ_4(mac, BWN_MACCTL)
3773 			    & ~BWN_MACCTL_ON);
3774 		BWN_READ_4(mac, BWN_MACCTL);
3775 		for (i = 35; i; i--) {
3776 			tmp = BWN_READ_4(mac, BWN_INTR_REASON);
3777 			if (tmp & BWN_INTR_MAC_SUSPENDED)
3778 				goto out;
3779 			DELAY(10);
3780 		}
3781 		for (i = 40; i; i--) {
3782 			tmp = BWN_READ_4(mac, BWN_INTR_REASON);
3783 			if (tmp & BWN_INTR_MAC_SUSPENDED)
3784 				goto out;
3785 			DELAY(1000);
3786 		}
3787 		device_printf(sc->sc_dev, "MAC suspend failed\n");
3788 	}
3789 out:
3790 	mac->mac_suspended++;
3791 }
3792 
3793 void
3794 bwn_mac_enable(struct bwn_mac *mac)
3795 {
3796 	struct bwn_softc *sc = mac->mac_sc;
3797 	uint16_t state;
3798 
3799 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: suspended=%d\n",
3800 	    __func__, mac->mac_suspended);
3801 
3802 	state = bwn_shm_read_2(mac, BWN_SHARED,
3803 	    BWN_SHARED_UCODESTAT);
3804 	if (state != BWN_SHARED_UCODESTAT_SUSPEND &&
3805 	    state != BWN_SHARED_UCODESTAT_SLEEP) {
3806 		DPRINTF(sc, BWN_DEBUG_FW,
3807 		    "%s: warn: firmware state (%d)\n",
3808 		    __func__, state);
3809 	}
3810 
3811 	mac->mac_suspended--;
3812 	KASSERT(mac->mac_suspended >= 0,
3813 	    ("%s:%d: fail", __func__, __LINE__));
3814 	if (mac->mac_suspended == 0) {
3815 		BWN_WRITE_4(mac, BWN_MACCTL,
3816 		    BWN_READ_4(mac, BWN_MACCTL) | BWN_MACCTL_ON);
3817 		BWN_WRITE_4(mac, BWN_INTR_REASON, BWN_INTR_MAC_SUSPENDED);
3818 		BWN_READ_4(mac, BWN_MACCTL);
3819 		BWN_READ_4(mac, BWN_INTR_REASON);
3820 		bwn_psctl(mac, 0);
3821 	}
3822 }
3823 
3824 void
3825 bwn_psctl(struct bwn_mac *mac, uint32_t flags)
3826 {
3827 	struct bwn_softc *sc = mac->mac_sc;
3828 	int i;
3829 	uint16_t ucstat;
3830 
3831 	KASSERT(!((flags & BWN_PS_ON) && (flags & BWN_PS_OFF)),
3832 	    ("%s:%d: fail", __func__, __LINE__));
3833 	KASSERT(!((flags & BWN_PS_AWAKE) && (flags & BWN_PS_ASLEEP)),
3834 	    ("%s:%d: fail", __func__, __LINE__));
3835 
3836 	/* XXX forcibly awake and hwps-off */
3837 
3838 	BWN_WRITE_4(mac, BWN_MACCTL,
3839 	    (BWN_READ_4(mac, BWN_MACCTL) | BWN_MACCTL_AWAKE) &
3840 	    ~BWN_MACCTL_HWPS);
3841 	BWN_READ_4(mac, BWN_MACCTL);
3842 	if (siba_get_revid(sc->sc_dev) >= 5) {
3843 		for (i = 0; i < 100; i++) {
3844 			ucstat = bwn_shm_read_2(mac, BWN_SHARED,
3845 			    BWN_SHARED_UCODESTAT);
3846 			if (ucstat != BWN_SHARED_UCODESTAT_SLEEP)
3847 				break;
3848 			DELAY(10);
3849 		}
3850 	}
3851 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: ucstat=%d\n", __func__,
3852 	    ucstat);
3853 }
3854 
3855 static int
3856 bwn_fw_gets(struct bwn_mac *mac, enum bwn_fwtype type)
3857 {
3858 	struct bwn_softc *sc = mac->mac_sc;
3859 	struct bwn_fw *fw = &mac->mac_fw;
3860 	const uint8_t rev = siba_get_revid(sc->sc_dev);
3861 	const char *filename;
3862 	uint32_t high;
3863 	int error;
3864 
3865 	/* microcode */
3866 	filename = NULL;
3867 	switch (rev) {
3868 	case 42:
3869 		if (mac->mac_phy.type == BWN_PHYTYPE_AC)
3870 			filename = "ucode42";
3871 		break;
3872 	case 40:
3873 		if (mac->mac_phy.type == BWN_PHYTYPE_AC)
3874 			filename = "ucode40";
3875 		break;
3876 	case 33:
3877 		if (mac->mac_phy.type == BWN_PHYTYPE_LCN40)
3878 			filename = "ucode33_lcn40";
3879 		break;
3880 	case 30:
3881 		if (mac->mac_phy.type == BWN_PHYTYPE_N)
3882 			filename = "ucode30_mimo";
3883 		break;
3884 	case 29:
3885 		if (mac->mac_phy.type == BWN_PHYTYPE_HT)
3886 			filename = "ucode29_mimo";
3887 		break;
3888 	case 26:
3889 		if (mac->mac_phy.type == BWN_PHYTYPE_HT)
3890 			filename = "ucode26_mimo";
3891 		break;
3892 	case 28:
3893 	case 25:
3894 		if (mac->mac_phy.type == BWN_PHYTYPE_N)
3895 			filename = "ucode25_mimo";
3896 		else if (mac->mac_phy.type == BWN_PHYTYPE_LCN)
3897 			filename = "ucode25_lcn";
3898 		break;
3899 	case 24:
3900 		if (mac->mac_phy.type == BWN_PHYTYPE_LCN)
3901 			filename = "ucode24_lcn";
3902 		break;
3903 	case 23:
3904 		if (mac->mac_phy.type == BWN_PHYTYPE_N)
3905 			filename = "ucode16_mimo";
3906 		break;
3907 	case 16:
3908 	case 17:
3909 	case 18:
3910 	case 19:
3911 		if (mac->mac_phy.type == BWN_PHYTYPE_N)
3912 			filename = "ucode16_mimo";
3913 		else if (mac->mac_phy.type == BWN_PHYTYPE_LP)
3914 			filename = "ucode16_lp";
3915 		break;
3916 	case 15:
3917 		filename = "ucode15";
3918 		break;
3919 	case 14:
3920 		filename = "ucode14";
3921 		break;
3922 	case 13:
3923 		filename = "ucode13";
3924 		break;
3925 	case 12:
3926 	case 11:
3927 		filename = "ucode11";
3928 		break;
3929 	case 10:
3930 	case 9:
3931 	case 8:
3932 	case 7:
3933 	case 6:
3934 	case 5:
3935 		filename = "ucode5";
3936 		break;
3937 	default:
3938 		device_printf(sc->sc_dev, "no ucode for rev %d\n", rev);
3939 		bwn_release_firmware(mac);
3940 		return (EOPNOTSUPP);
3941 	}
3942 
3943 	device_printf(sc->sc_dev, "ucode fw: %s\n", filename);
3944 	error = bwn_fw_get(mac, type, filename, &fw->ucode);
3945 	if (error) {
3946 		bwn_release_firmware(mac);
3947 		return (error);
3948 	}
3949 
3950 	/* PCM */
3951 	KASSERT(fw->no_pcmfile == 0, ("%s:%d fail", __func__, __LINE__));
3952 	if (rev >= 5 && rev <= 10) {
3953 		error = bwn_fw_get(mac, type, "pcm5", &fw->pcm);
3954 		if (error == ENOENT)
3955 			fw->no_pcmfile = 1;
3956 		else if (error) {
3957 			bwn_release_firmware(mac);
3958 			return (error);
3959 		}
3960 	} else if (rev < 11) {
3961 		device_printf(sc->sc_dev, "no PCM for rev %d\n", rev);
3962 		bwn_release_firmware(mac);
3963 		return (EOPNOTSUPP);
3964 	}
3965 
3966 	/* initvals */
3967 	high = siba_read_4(sc->sc_dev, SIBA_TGSHIGH);
3968 	switch (mac->mac_phy.type) {
3969 	case BWN_PHYTYPE_A:
3970 		if (rev < 5 || rev > 10)
3971 			goto fail1;
3972 		if (high & BWN_TGSHIGH_HAVE_2GHZ)
3973 			filename = "a0g1initvals5";
3974 		else
3975 			filename = "a0g0initvals5";
3976 		break;
3977 	case BWN_PHYTYPE_G:
3978 		if (rev >= 5 && rev <= 10)
3979 			filename = "b0g0initvals5";
3980 		else if (rev >= 13)
3981 			filename = "b0g0initvals13";
3982 		else
3983 			goto fail1;
3984 		break;
3985 	case BWN_PHYTYPE_LP:
3986 		if (rev == 13)
3987 			filename = "lp0initvals13";
3988 		else if (rev == 14)
3989 			filename = "lp0initvals14";
3990 		else if (rev >= 15)
3991 			filename = "lp0initvals15";
3992 		else
3993 			goto fail1;
3994 		break;
3995 	case BWN_PHYTYPE_N:
3996 		if (rev == 30)
3997 			filename = "n16initvals30";
3998 		else if (rev == 28 || rev == 25)
3999 			filename = "n0initvals25";
4000 		else if (rev == 24)
4001 			filename = "n0initvals24";
4002 		else if (rev == 23)
4003 			filename = "n0initvals16";
4004 		else if (rev >= 16 && rev <= 18)
4005 			filename = "n0initvals16";
4006 		else if (rev >= 11 && rev <= 12)
4007 			filename = "n0initvals11";
4008 		else
4009 			goto fail1;
4010 		break;
4011 	default:
4012 		goto fail1;
4013 	}
4014 	error = bwn_fw_get(mac, type, filename, &fw->initvals);
4015 	if (error) {
4016 		bwn_release_firmware(mac);
4017 		return (error);
4018 	}
4019 
4020 	/* bandswitch initvals */
4021 	switch (mac->mac_phy.type) {
4022 	case BWN_PHYTYPE_A:
4023 		if (rev >= 5 && rev <= 10) {
4024 			if (high & BWN_TGSHIGH_HAVE_2GHZ)
4025 				filename = "a0g1bsinitvals5";
4026 			else
4027 				filename = "a0g0bsinitvals5";
4028 		} else if (rev >= 11)
4029 			filename = NULL;
4030 		else
4031 			goto fail1;
4032 		break;
4033 	case BWN_PHYTYPE_G:
4034 		if (rev >= 5 && rev <= 10)
4035 			filename = "b0g0bsinitvals5";
4036 		else if (rev >= 11)
4037 			filename = NULL;
4038 		else
4039 			goto fail1;
4040 		break;
4041 	case BWN_PHYTYPE_LP:
4042 		if (rev == 13)
4043 			filename = "lp0bsinitvals13";
4044 		else if (rev == 14)
4045 			filename = "lp0bsinitvals14";
4046 		else if (rev >= 15)
4047 			filename = "lp0bsinitvals15";
4048 		else
4049 			goto fail1;
4050 		break;
4051 	case BWN_PHYTYPE_N:
4052 		if (rev == 30)
4053 			filename = "n16bsinitvals30";
4054 		else if (rev == 28 || rev == 25)
4055 			filename = "n0bsinitvals25";
4056 		else if (rev == 24)
4057 			filename = "n0bsinitvals24";
4058 		else if (rev == 23)
4059 			filename = "n0bsinitvals16";
4060 		else if (rev >= 16 && rev <= 18)
4061 			filename = "n0bsinitvals16";
4062 		else if (rev >= 11 && rev <= 12)
4063 			filename = "n0bsinitvals11";
4064 		else
4065 			goto fail1;
4066 		break;
4067 	default:
4068 		device_printf(sc->sc_dev, "unknown phy (%d)\n",
4069 		    mac->mac_phy.type);
4070 		goto fail1;
4071 	}
4072 	error = bwn_fw_get(mac, type, filename, &fw->initvals_band);
4073 	if (error) {
4074 		bwn_release_firmware(mac);
4075 		return (error);
4076 	}
4077 	return (0);
4078 fail1:
4079 	device_printf(sc->sc_dev, "no INITVALS for rev %d, phy.type %d\n",
4080 	    rev, mac->mac_phy.type);
4081 	bwn_release_firmware(mac);
4082 	return (EOPNOTSUPP);
4083 }
4084 
4085 static int
4086 bwn_fw_get(struct bwn_mac *mac, enum bwn_fwtype type,
4087     const char *name, struct bwn_fwfile *bfw)
4088 {
4089 	const struct bwn_fwhdr *hdr;
4090 	struct bwn_softc *sc = mac->mac_sc;
4091 	const struct firmware *fw;
4092 	char namebuf[64];
4093 
4094 	if (name == NULL) {
4095 		bwn_do_release_fw(bfw);
4096 		return (0);
4097 	}
4098 	if (bfw->filename != NULL) {
4099 		if (bfw->type == type && (strcmp(bfw->filename, name) == 0))
4100 			return (0);
4101 		bwn_do_release_fw(bfw);
4102 	}
4103 
4104 	snprintf(namebuf, sizeof(namebuf), "bwn%s_v4_%s%s",
4105 	    (type == BWN_FWTYPE_OPENSOURCE) ? "-open" : "",
4106 	    (mac->mac_phy.type == BWN_PHYTYPE_LP) ? "lp_" : "", name);
4107 	/* XXX Sleeping on "fwload" with the non-sleepable locks held */
4108 	fw = firmware_get(namebuf);
4109 	if (fw == NULL) {
4110 		device_printf(sc->sc_dev, "the fw file(%s) not found\n",
4111 		    namebuf);
4112 		return (ENOENT);
4113 	}
4114 	if (fw->datasize < sizeof(struct bwn_fwhdr))
4115 		goto fail;
4116 	hdr = (const struct bwn_fwhdr *)(fw->data);
4117 	switch (hdr->type) {
4118 	case BWN_FWTYPE_UCODE:
4119 	case BWN_FWTYPE_PCM:
4120 		if (be32toh(hdr->size) !=
4121 		    (fw->datasize - sizeof(struct bwn_fwhdr)))
4122 			goto fail;
4123 		/* FALLTHROUGH */
4124 	case BWN_FWTYPE_IV:
4125 		if (hdr->ver != 1)
4126 			goto fail;
4127 		break;
4128 	default:
4129 		goto fail;
4130 	}
4131 	bfw->filename = name;
4132 	bfw->fw = fw;
4133 	bfw->type = type;
4134 	return (0);
4135 fail:
4136 	device_printf(sc->sc_dev, "the fw file(%s) format error\n", namebuf);
4137 	if (fw != NULL)
4138 		firmware_put(fw, FIRMWARE_UNLOAD);
4139 	return (EPROTO);
4140 }
4141 
4142 static void
4143 bwn_release_firmware(struct bwn_mac *mac)
4144 {
4145 
4146 	bwn_do_release_fw(&mac->mac_fw.ucode);
4147 	bwn_do_release_fw(&mac->mac_fw.pcm);
4148 	bwn_do_release_fw(&mac->mac_fw.initvals);
4149 	bwn_do_release_fw(&mac->mac_fw.initvals_band);
4150 }
4151 
4152 static void
4153 bwn_do_release_fw(struct bwn_fwfile *bfw)
4154 {
4155 
4156 	if (bfw->fw != NULL)
4157 		firmware_put(bfw->fw, FIRMWARE_UNLOAD);
4158 	bfw->fw = NULL;
4159 	bfw->filename = NULL;
4160 }
4161 
4162 static int
4163 bwn_fw_loaducode(struct bwn_mac *mac)
4164 {
4165 #define	GETFWOFFSET(fwp, offset)	\
4166 	((const uint32_t *)((const char *)fwp.fw->data + offset))
4167 #define	GETFWSIZE(fwp, offset)	\
4168 	((fwp.fw->datasize - offset) / sizeof(uint32_t))
4169 	struct bwn_softc *sc = mac->mac_sc;
4170 	const uint32_t *data;
4171 	unsigned int i;
4172 	uint32_t ctl;
4173 	uint16_t date, fwcaps, time;
4174 	int error = 0;
4175 
4176 	ctl = BWN_READ_4(mac, BWN_MACCTL);
4177 	ctl |= BWN_MACCTL_MCODE_JMP0;
4178 	KASSERT(!(ctl & BWN_MACCTL_MCODE_RUN), ("%s:%d: fail", __func__,
4179 	    __LINE__));
4180 	BWN_WRITE_4(mac, BWN_MACCTL, ctl);
4181 	for (i = 0; i < 64; i++)
4182 		bwn_shm_write_2(mac, BWN_SCRATCH, i, 0);
4183 	for (i = 0; i < 4096; i += 2)
4184 		bwn_shm_write_2(mac, BWN_SHARED, i, 0);
4185 
4186 	data = GETFWOFFSET(mac->mac_fw.ucode, sizeof(struct bwn_fwhdr));
4187 	bwn_shm_ctlword(mac, BWN_UCODE | BWN_SHARED_AUTOINC, 0x0000);
4188 	for (i = 0; i < GETFWSIZE(mac->mac_fw.ucode, sizeof(struct bwn_fwhdr));
4189 	     i++) {
4190 		BWN_WRITE_4(mac, BWN_SHM_DATA, be32toh(data[i]));
4191 		DELAY(10);
4192 	}
4193 
4194 	if (mac->mac_fw.pcm.fw) {
4195 		data = GETFWOFFSET(mac->mac_fw.pcm, sizeof(struct bwn_fwhdr));
4196 		bwn_shm_ctlword(mac, BWN_HW, 0x01ea);
4197 		BWN_WRITE_4(mac, BWN_SHM_DATA, 0x00004000);
4198 		bwn_shm_ctlword(mac, BWN_HW, 0x01eb);
4199 		for (i = 0; i < GETFWSIZE(mac->mac_fw.pcm,
4200 		    sizeof(struct bwn_fwhdr)); i++) {
4201 			BWN_WRITE_4(mac, BWN_SHM_DATA, be32toh(data[i]));
4202 			DELAY(10);
4203 		}
4204 	}
4205 
4206 	BWN_WRITE_4(mac, BWN_INTR_REASON, BWN_INTR_ALL);
4207 	BWN_WRITE_4(mac, BWN_MACCTL,
4208 	    (BWN_READ_4(mac, BWN_MACCTL) & ~BWN_MACCTL_MCODE_JMP0) |
4209 	    BWN_MACCTL_MCODE_RUN);
4210 
4211 	for (i = 0; i < 21; i++) {
4212 		if (BWN_READ_4(mac, BWN_INTR_REASON) == BWN_INTR_MAC_SUSPENDED)
4213 			break;
4214 		if (i >= 20) {
4215 			device_printf(sc->sc_dev, "ucode timeout\n");
4216 			error = ENXIO;
4217 			goto error;
4218 		}
4219 		DELAY(50000);
4220 	}
4221 	BWN_READ_4(mac, BWN_INTR_REASON);
4222 
4223 	mac->mac_fw.rev = bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_UCODE_REV);
4224 	if (mac->mac_fw.rev <= 0x128) {
4225 		device_printf(sc->sc_dev, "the firmware is too old\n");
4226 		error = EOPNOTSUPP;
4227 		goto error;
4228 	}
4229 
4230 	/*
4231 	 * Determine firmware header version; needed for TX/RX packet
4232 	 * handling.
4233 	 */
4234 	if (mac->mac_fw.rev >= 598)
4235 		mac->mac_fw.fw_hdr_format = BWN_FW_HDR_598;
4236 	else if (mac->mac_fw.rev >= 410)
4237 		mac->mac_fw.fw_hdr_format = BWN_FW_HDR_410;
4238 	else
4239 		mac->mac_fw.fw_hdr_format = BWN_FW_HDR_351;
4240 
4241 	/*
4242 	 * We don't support rev 598 or later; that requires
4243 	 * another round of changes to the TX/RX descriptor
4244 	 * and status layout.
4245 	 *
4246 	 * So, complain this is the case and exit out, rather
4247 	 * than attaching and then failing.
4248 	 */
4249 #if 0
4250 	if (mac->mac_fw.fw_hdr_format == BWN_FW_HDR_598) {
4251 		device_printf(sc->sc_dev,
4252 		    "firmware is too new (>=598); not supported\n");
4253 		error = EOPNOTSUPP;
4254 		goto error;
4255 	}
4256 #endif
4257 
4258 	mac->mac_fw.patch = bwn_shm_read_2(mac, BWN_SHARED,
4259 	    BWN_SHARED_UCODE_PATCH);
4260 	date = bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_UCODE_DATE);
4261 	mac->mac_fw.opensource = (date == 0xffff);
4262 	if (bwn_wme != 0)
4263 		mac->mac_flags |= BWN_MAC_FLAG_WME;
4264 	mac->mac_flags |= BWN_MAC_FLAG_HWCRYPTO;
4265 
4266 	time = bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_UCODE_TIME);
4267 	if (mac->mac_fw.opensource == 0) {
4268 		device_printf(sc->sc_dev,
4269 		    "firmware version (rev %u patch %u date %#x time %#x)\n",
4270 		    mac->mac_fw.rev, mac->mac_fw.patch, date, time);
4271 		if (mac->mac_fw.no_pcmfile)
4272 			device_printf(sc->sc_dev,
4273 			    "no HW crypto acceleration due to pcm5\n");
4274 	} else {
4275 		mac->mac_fw.patch = time;
4276 		fwcaps = bwn_fwcaps_read(mac);
4277 		if (!(fwcaps & BWN_FWCAPS_HWCRYPTO) || mac->mac_fw.no_pcmfile) {
4278 			device_printf(sc->sc_dev,
4279 			    "disabling HW crypto acceleration\n");
4280 			mac->mac_flags &= ~BWN_MAC_FLAG_HWCRYPTO;
4281 		}
4282 		if (!(fwcaps & BWN_FWCAPS_WME)) {
4283 			device_printf(sc->sc_dev, "disabling WME support\n");
4284 			mac->mac_flags &= ~BWN_MAC_FLAG_WME;
4285 		}
4286 	}
4287 
4288 	if (BWN_ISOLDFMT(mac))
4289 		device_printf(sc->sc_dev, "using old firmware image\n");
4290 
4291 	return (0);
4292 
4293 error:
4294 	BWN_WRITE_4(mac, BWN_MACCTL,
4295 	    (BWN_READ_4(mac, BWN_MACCTL) & ~BWN_MACCTL_MCODE_RUN) |
4296 	    BWN_MACCTL_MCODE_JMP0);
4297 
4298 	return (error);
4299 #undef GETFWSIZE
4300 #undef GETFWOFFSET
4301 }
4302 
4303 /* OpenFirmware only */
4304 static uint16_t
4305 bwn_fwcaps_read(struct bwn_mac *mac)
4306 {
4307 
4308 	KASSERT(mac->mac_fw.opensource == 1,
4309 	    ("%s:%d: fail", __func__, __LINE__));
4310 	return (bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_FWCAPS));
4311 }
4312 
4313 static int
4314 bwn_fwinitvals_write(struct bwn_mac *mac, const struct bwn_fwinitvals *ivals,
4315     size_t count, size_t array_size)
4316 {
4317 #define	GET_NEXTIV16(iv)						\
4318 	((const struct bwn_fwinitvals *)((const uint8_t *)(iv) +	\
4319 	    sizeof(uint16_t) + sizeof(uint16_t)))
4320 #define	GET_NEXTIV32(iv)						\
4321 	((const struct bwn_fwinitvals *)((const uint8_t *)(iv) +	\
4322 	    sizeof(uint16_t) + sizeof(uint32_t)))
4323 	struct bwn_softc *sc = mac->mac_sc;
4324 	const struct bwn_fwinitvals *iv;
4325 	uint16_t offset;
4326 	size_t i;
4327 	uint8_t bit32;
4328 
4329 	KASSERT(sizeof(struct bwn_fwinitvals) == 6,
4330 	    ("%s:%d: fail", __func__, __LINE__));
4331 	iv = ivals;
4332 	for (i = 0; i < count; i++) {
4333 		if (array_size < sizeof(iv->offset_size))
4334 			goto fail;
4335 		array_size -= sizeof(iv->offset_size);
4336 		offset = be16toh(iv->offset_size);
4337 		bit32 = (offset & BWN_FWINITVALS_32BIT) ? 1 : 0;
4338 		offset &= BWN_FWINITVALS_OFFSET_MASK;
4339 		if (offset >= 0x1000)
4340 			goto fail;
4341 		if (bit32) {
4342 			if (array_size < sizeof(iv->data.d32))
4343 				goto fail;
4344 			array_size -= sizeof(iv->data.d32);
4345 			BWN_WRITE_4(mac, offset, be32toh(iv->data.d32));
4346 			iv = GET_NEXTIV32(iv);
4347 		} else {
4348 
4349 			if (array_size < sizeof(iv->data.d16))
4350 				goto fail;
4351 			array_size -= sizeof(iv->data.d16);
4352 			BWN_WRITE_2(mac, offset, be16toh(iv->data.d16));
4353 
4354 			iv = GET_NEXTIV16(iv);
4355 		}
4356 	}
4357 	if (array_size != 0)
4358 		goto fail;
4359 	return (0);
4360 fail:
4361 	device_printf(sc->sc_dev, "initvals: invalid format\n");
4362 	return (EPROTO);
4363 #undef GET_NEXTIV16
4364 #undef GET_NEXTIV32
4365 }
4366 
4367 int
4368 bwn_switch_channel(struct bwn_mac *mac, int chan)
4369 {
4370 	struct bwn_phy *phy = &(mac->mac_phy);
4371 	struct bwn_softc *sc = mac->mac_sc;
4372 	struct ieee80211com *ic = &sc->sc_ic;
4373 	uint16_t channelcookie, savedcookie;
4374 	int error;
4375 
4376 	if (chan == 0xffff)
4377 		chan = phy->get_default_chan(mac);
4378 
4379 	channelcookie = chan;
4380 	if (IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan))
4381 		channelcookie |= 0x100;
4382 	savedcookie = bwn_shm_read_2(mac, BWN_SHARED, BWN_SHARED_CHAN);
4383 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_CHAN, channelcookie);
4384 	error = phy->switch_channel(mac, chan);
4385 	if (error)
4386 		goto fail;
4387 
4388 	mac->mac_phy.chan = chan;
4389 	DELAY(8000);
4390 	return (0);
4391 fail:
4392 	device_printf(sc->sc_dev, "failed to switch channel\n");
4393 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_CHAN, savedcookie);
4394 	return (error);
4395 }
4396 
4397 static uint16_t
4398 bwn_ant2phy(int antenna)
4399 {
4400 
4401 	switch (antenna) {
4402 	case BWN_ANT0:
4403 		return (BWN_TX_PHY_ANT0);
4404 	case BWN_ANT1:
4405 		return (BWN_TX_PHY_ANT1);
4406 	case BWN_ANT2:
4407 		return (BWN_TX_PHY_ANT2);
4408 	case BWN_ANT3:
4409 		return (BWN_TX_PHY_ANT3);
4410 	case BWN_ANTAUTO:
4411 		return (BWN_TX_PHY_ANT01AUTO);
4412 	}
4413 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
4414 	return (0);
4415 }
4416 
4417 static void
4418 bwn_wme_load(struct bwn_mac *mac)
4419 {
4420 	struct bwn_softc *sc = mac->mac_sc;
4421 	int i;
4422 
4423 	KASSERT(N(bwn_wme_shm_offsets) == N(sc->sc_wmeParams),
4424 	    ("%s:%d: fail", __func__, __LINE__));
4425 
4426 	bwn_mac_suspend(mac);
4427 	for (i = 0; i < N(sc->sc_wmeParams); i++)
4428 		bwn_wme_loadparams(mac, &(sc->sc_wmeParams[i]),
4429 		    bwn_wme_shm_offsets[i]);
4430 	bwn_mac_enable(mac);
4431 }
4432 
4433 static void
4434 bwn_wme_loadparams(struct bwn_mac *mac,
4435     const struct wmeParams *p, uint16_t shm_offset)
4436 {
4437 #define	SM(_v, _f)      (((_v) << _f##_S) & _f)
4438 	struct bwn_softc *sc = mac->mac_sc;
4439 	uint16_t params[BWN_NR_WMEPARAMS];
4440 	int slot, tmp;
4441 	unsigned int i;
4442 
4443 	slot = BWN_READ_2(mac, BWN_RNG) &
4444 	    SM(p->wmep_logcwmin, WME_PARAM_LOGCWMIN);
4445 
4446 	memset(&params, 0, sizeof(params));
4447 
4448 	DPRINTF(sc, BWN_DEBUG_WME, "wmep_txopLimit %d wmep_logcwmin %d "
4449 	    "wmep_logcwmax %d wmep_aifsn %d\n", p->wmep_txopLimit,
4450 	    p->wmep_logcwmin, p->wmep_logcwmax, p->wmep_aifsn);
4451 
4452 	params[BWN_WMEPARAM_TXOP] = p->wmep_txopLimit * 32;
4453 	params[BWN_WMEPARAM_CWMIN] = SM(p->wmep_logcwmin, WME_PARAM_LOGCWMIN);
4454 	params[BWN_WMEPARAM_CWMAX] = SM(p->wmep_logcwmax, WME_PARAM_LOGCWMAX);
4455 	params[BWN_WMEPARAM_CWCUR] = SM(p->wmep_logcwmin, WME_PARAM_LOGCWMIN);
4456 	params[BWN_WMEPARAM_AIFS] = p->wmep_aifsn;
4457 	params[BWN_WMEPARAM_BSLOTS] = slot;
4458 	params[BWN_WMEPARAM_REGGAP] = slot + p->wmep_aifsn;
4459 
4460 	for (i = 0; i < N(params); i++) {
4461 		if (i == BWN_WMEPARAM_STATUS) {
4462 			tmp = bwn_shm_read_2(mac, BWN_SHARED,
4463 			    shm_offset + (i * 2));
4464 			tmp |= 0x100;
4465 			bwn_shm_write_2(mac, BWN_SHARED, shm_offset + (i * 2),
4466 			    tmp);
4467 		} else {
4468 			bwn_shm_write_2(mac, BWN_SHARED, shm_offset + (i * 2),
4469 			    params[i]);
4470 		}
4471 	}
4472 }
4473 
4474 static void
4475 bwn_mac_write_bssid(struct bwn_mac *mac)
4476 {
4477 	struct bwn_softc *sc = mac->mac_sc;
4478 	uint32_t tmp;
4479 	int i;
4480 	uint8_t mac_bssid[IEEE80211_ADDR_LEN * 2];
4481 
4482 	bwn_mac_setfilter(mac, BWN_MACFILTER_BSSID, sc->sc_bssid);
4483 	memcpy(mac_bssid, sc->sc_ic.ic_macaddr, IEEE80211_ADDR_LEN);
4484 	memcpy(mac_bssid + IEEE80211_ADDR_LEN, sc->sc_bssid,
4485 	    IEEE80211_ADDR_LEN);
4486 
4487 	for (i = 0; i < N(mac_bssid); i += sizeof(uint32_t)) {
4488 		tmp = (uint32_t) (mac_bssid[i + 0]);
4489 		tmp |= (uint32_t) (mac_bssid[i + 1]) << 8;
4490 		tmp |= (uint32_t) (mac_bssid[i + 2]) << 16;
4491 		tmp |= (uint32_t) (mac_bssid[i + 3]) << 24;
4492 		bwn_ram_write(mac, 0x20 + i, tmp);
4493 	}
4494 }
4495 
4496 static void
4497 bwn_mac_setfilter(struct bwn_mac *mac, uint16_t offset,
4498     const uint8_t *macaddr)
4499 {
4500 	static const uint8_t zero[IEEE80211_ADDR_LEN] = { 0 };
4501 	uint16_t data;
4502 
4503 	if (!mac)
4504 		macaddr = zero;
4505 
4506 	offset |= 0x0020;
4507 	BWN_WRITE_2(mac, BWN_MACFILTER_CONTROL, offset);
4508 
4509 	data = macaddr[0];
4510 	data |= macaddr[1] << 8;
4511 	BWN_WRITE_2(mac, BWN_MACFILTER_DATA, data);
4512 	data = macaddr[2];
4513 	data |= macaddr[3] << 8;
4514 	BWN_WRITE_2(mac, BWN_MACFILTER_DATA, data);
4515 	data = macaddr[4];
4516 	data |= macaddr[5] << 8;
4517 	BWN_WRITE_2(mac, BWN_MACFILTER_DATA, data);
4518 }
4519 
4520 static void
4521 bwn_key_dowrite(struct bwn_mac *mac, uint8_t index, uint8_t algorithm,
4522     const uint8_t *key, size_t key_len, const uint8_t *mac_addr)
4523 {
4524 	uint8_t buf[BWN_SEC_KEYSIZE] = { 0, };
4525 	uint8_t per_sta_keys_start = 8;
4526 
4527 	if (BWN_SEC_NEWAPI(mac))
4528 		per_sta_keys_start = 4;
4529 
4530 	KASSERT(index < mac->mac_max_nr_keys,
4531 	    ("%s:%d: fail", __func__, __LINE__));
4532 	KASSERT(key_len <= BWN_SEC_KEYSIZE,
4533 	    ("%s:%d: fail", __func__, __LINE__));
4534 
4535 	if (index >= per_sta_keys_start)
4536 		bwn_key_macwrite(mac, index, NULL);
4537 	if (key)
4538 		memcpy(buf, key, key_len);
4539 	bwn_key_write(mac, index, algorithm, buf);
4540 	if (index >= per_sta_keys_start)
4541 		bwn_key_macwrite(mac, index, mac_addr);
4542 
4543 	mac->mac_key[index].algorithm = algorithm;
4544 }
4545 
4546 static void
4547 bwn_key_macwrite(struct bwn_mac *mac, uint8_t index, const uint8_t *addr)
4548 {
4549 	struct bwn_softc *sc = mac->mac_sc;
4550 	uint32_t addrtmp[2] = { 0, 0 };
4551 	uint8_t start = 8;
4552 
4553 	if (BWN_SEC_NEWAPI(mac))
4554 		start = 4;
4555 
4556 	KASSERT(index >= start,
4557 	    ("%s:%d: fail", __func__, __LINE__));
4558 	index -= start;
4559 
4560 	if (addr) {
4561 		addrtmp[0] = addr[0];
4562 		addrtmp[0] |= ((uint32_t) (addr[1]) << 8);
4563 		addrtmp[0] |= ((uint32_t) (addr[2]) << 16);
4564 		addrtmp[0] |= ((uint32_t) (addr[3]) << 24);
4565 		addrtmp[1] = addr[4];
4566 		addrtmp[1] |= ((uint32_t) (addr[5]) << 8);
4567 	}
4568 
4569 	if (siba_get_revid(sc->sc_dev) >= 5) {
4570 		bwn_shm_write_4(mac, BWN_RCMTA, (index * 2) + 0, addrtmp[0]);
4571 		bwn_shm_write_2(mac, BWN_RCMTA, (index * 2) + 1, addrtmp[1]);
4572 	} else {
4573 		if (index >= 8) {
4574 			bwn_shm_write_4(mac, BWN_SHARED,
4575 			    BWN_SHARED_PSM + (index * 6) + 0, addrtmp[0]);
4576 			bwn_shm_write_2(mac, BWN_SHARED,
4577 			    BWN_SHARED_PSM + (index * 6) + 4, addrtmp[1]);
4578 		}
4579 	}
4580 }
4581 
4582 static void
4583 bwn_key_write(struct bwn_mac *mac, uint8_t index, uint8_t algorithm,
4584     const uint8_t *key)
4585 {
4586 	unsigned int i;
4587 	uint32_t offset;
4588 	uint16_t kidx, value;
4589 
4590 	kidx = BWN_SEC_KEY2FW(mac, index);
4591 	bwn_shm_write_2(mac, BWN_SHARED,
4592 	    BWN_SHARED_KEYIDX_BLOCK + (kidx * 2), (kidx << 4) | algorithm);
4593 
4594 	offset = mac->mac_ktp + (index * BWN_SEC_KEYSIZE);
4595 	for (i = 0; i < BWN_SEC_KEYSIZE; i += 2) {
4596 		value = key[i];
4597 		value |= (uint16_t)(key[i + 1]) << 8;
4598 		bwn_shm_write_2(mac, BWN_SHARED, offset + i, value);
4599 	}
4600 }
4601 
4602 static void
4603 bwn_phy_exit(struct bwn_mac *mac)
4604 {
4605 
4606 	mac->mac_phy.rf_onoff(mac, 0);
4607 	if (mac->mac_phy.exit != NULL)
4608 		mac->mac_phy.exit(mac);
4609 }
4610 
4611 static void
4612 bwn_dma_free(struct bwn_mac *mac)
4613 {
4614 	struct bwn_dma *dma;
4615 
4616 	if ((mac->mac_flags & BWN_MAC_FLAG_DMA) == 0)
4617 		return;
4618 	dma = &mac->mac_method.dma;
4619 
4620 	bwn_dma_ringfree(&dma->rx);
4621 	bwn_dma_ringfree(&dma->wme[WME_AC_BK]);
4622 	bwn_dma_ringfree(&dma->wme[WME_AC_BE]);
4623 	bwn_dma_ringfree(&dma->wme[WME_AC_VI]);
4624 	bwn_dma_ringfree(&dma->wme[WME_AC_VO]);
4625 	bwn_dma_ringfree(&dma->mcast);
4626 }
4627 
4628 static void
4629 bwn_core_stop(struct bwn_mac *mac)
4630 {
4631 	struct bwn_softc *sc = mac->mac_sc;
4632 
4633 	BWN_ASSERT_LOCKED(sc);
4634 
4635 	if (mac->mac_status < BWN_MAC_STATUS_STARTED)
4636 		return;
4637 
4638 	callout_stop(&sc->sc_rfswitch_ch);
4639 	callout_stop(&sc->sc_task_ch);
4640 	callout_stop(&sc->sc_watchdog_ch);
4641 	sc->sc_watchdog_timer = 0;
4642 	BWN_WRITE_4(mac, BWN_INTR_MASK, 0);
4643 	BWN_READ_4(mac, BWN_INTR_MASK);
4644 	bwn_mac_suspend(mac);
4645 
4646 	mac->mac_status = BWN_MAC_STATUS_INITED;
4647 }
4648 
4649 static int
4650 bwn_switch_band(struct bwn_softc *sc, struct ieee80211_channel *chan)
4651 {
4652 	struct bwn_mac *up_dev = NULL;
4653 	struct bwn_mac *down_dev;
4654 	struct bwn_mac *mac;
4655 	int err, status;
4656 	uint8_t gmode;
4657 
4658 	BWN_ASSERT_LOCKED(sc);
4659 
4660 	TAILQ_FOREACH(mac, &sc->sc_maclist, mac_list) {
4661 		if (IEEE80211_IS_CHAN_2GHZ(chan) &&
4662 		    mac->mac_phy.supports_2ghz) {
4663 			up_dev = mac;
4664 			gmode = 1;
4665 		} else if (IEEE80211_IS_CHAN_5GHZ(chan) &&
4666 		    mac->mac_phy.supports_5ghz) {
4667 			up_dev = mac;
4668 			gmode = 0;
4669 		} else {
4670 			KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
4671 			return (EINVAL);
4672 		}
4673 		if (up_dev != NULL)
4674 			break;
4675 	}
4676 	if (up_dev == NULL) {
4677 		device_printf(sc->sc_dev, "Could not find a device\n");
4678 		return (ENODEV);
4679 	}
4680 	if (up_dev == sc->sc_curmac && sc->sc_curmac->mac_phy.gmode == gmode)
4681 		return (0);
4682 
4683 	DPRINTF(sc, BWN_DEBUG_RF | BWN_DEBUG_PHY | BWN_DEBUG_RESET,
4684 	    "switching to %s-GHz band\n",
4685 	    IEEE80211_IS_CHAN_2GHZ(chan) ? "2" : "5");
4686 
4687 	down_dev = sc->sc_curmac;
4688 	status = down_dev->mac_status;
4689 	if (status >= BWN_MAC_STATUS_STARTED)
4690 		bwn_core_stop(down_dev);
4691 	if (status >= BWN_MAC_STATUS_INITED)
4692 		bwn_core_exit(down_dev);
4693 
4694 	if (down_dev != up_dev)
4695 		bwn_phy_reset(down_dev);
4696 
4697 	up_dev->mac_phy.gmode = gmode;
4698 	if (status >= BWN_MAC_STATUS_INITED) {
4699 		err = bwn_core_init(up_dev);
4700 		if (err) {
4701 			device_printf(sc->sc_dev,
4702 			    "fatal: failed to initialize for %s-GHz\n",
4703 			    IEEE80211_IS_CHAN_2GHZ(chan) ? "2" : "5");
4704 			goto fail;
4705 		}
4706 	}
4707 	if (status >= BWN_MAC_STATUS_STARTED)
4708 		bwn_core_start(up_dev);
4709 	KASSERT(up_dev->mac_status == status, ("%s: fail", __func__));
4710 	sc->sc_curmac = up_dev;
4711 
4712 	return (0);
4713 fail:
4714 	sc->sc_curmac = NULL;
4715 	return (err);
4716 }
4717 
4718 static void
4719 bwn_rf_turnon(struct bwn_mac *mac)
4720 {
4721 
4722 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: called\n", __func__);
4723 
4724 	bwn_mac_suspend(mac);
4725 	mac->mac_phy.rf_onoff(mac, 1);
4726 	mac->mac_phy.rf_on = 1;
4727 	bwn_mac_enable(mac);
4728 }
4729 
4730 static void
4731 bwn_rf_turnoff(struct bwn_mac *mac)
4732 {
4733 
4734 	DPRINTF(mac->mac_sc, BWN_DEBUG_RESET, "%s: called\n", __func__);
4735 
4736 	bwn_mac_suspend(mac);
4737 	mac->mac_phy.rf_onoff(mac, 0);
4738 	mac->mac_phy.rf_on = 0;
4739 	bwn_mac_enable(mac);
4740 }
4741 
4742 /*
4743  * PHY reset.
4744  */
4745 static void
4746 bwn_phy_reset(struct bwn_mac *mac)
4747 {
4748 	struct bwn_softc *sc = mac->mac_sc;
4749 
4750 	siba_write_4(sc->sc_dev, SIBA_TGSLOW,
4751 	    ((siba_read_4(sc->sc_dev, SIBA_TGSLOW) & ~BWN_TGSLOW_SUPPORT_G) |
4752 	     BWN_TGSLOW_PHYRESET) | SIBA_TGSLOW_FGC);
4753 	DELAY(1000);
4754 	siba_write_4(sc->sc_dev, SIBA_TGSLOW,
4755 	    (siba_read_4(sc->sc_dev, SIBA_TGSLOW) & ~SIBA_TGSLOW_FGC));
4756 	DELAY(1000);
4757 }
4758 
4759 static int
4760 bwn_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
4761 {
4762 	struct bwn_vap *bvp = BWN_VAP(vap);
4763 	struct ieee80211com *ic= vap->iv_ic;
4764 	enum ieee80211_state ostate = vap->iv_state;
4765 	struct bwn_softc *sc = ic->ic_softc;
4766 	struct bwn_mac *mac = sc->sc_curmac;
4767 	int error;
4768 
4769 	DPRINTF(sc, BWN_DEBUG_STATE, "%s: %s -> %s\n", __func__,
4770 	    ieee80211_state_name[vap->iv_state],
4771 	    ieee80211_state_name[nstate]);
4772 
4773 	error = bvp->bv_newstate(vap, nstate, arg);
4774 	if (error != 0)
4775 		return (error);
4776 
4777 	BWN_LOCK(sc);
4778 
4779 	bwn_led_newstate(mac, nstate);
4780 
4781 	/*
4782 	 * Clear the BSSID when we stop a STA
4783 	 */
4784 	if (vap->iv_opmode == IEEE80211_M_STA) {
4785 		if (ostate == IEEE80211_S_RUN && nstate != IEEE80211_S_RUN) {
4786 			/*
4787 			 * Clear out the BSSID.  If we reassociate to
4788 			 * the same AP, this will reinialize things
4789 			 * correctly...
4790 			 */
4791 			if (ic->ic_opmode == IEEE80211_M_STA &&
4792 			    (sc->sc_flags & BWN_FLAG_INVALID) == 0) {
4793 				memset(sc->sc_bssid, 0, IEEE80211_ADDR_LEN);
4794 				bwn_set_macaddr(mac);
4795 			}
4796 		}
4797 	}
4798 
4799 	if (vap->iv_opmode == IEEE80211_M_MONITOR ||
4800 	    vap->iv_opmode == IEEE80211_M_AHDEMO) {
4801 		/* XXX nothing to do? */
4802 	} else if (nstate == IEEE80211_S_RUN) {
4803 		memcpy(sc->sc_bssid, vap->iv_bss->ni_bssid, IEEE80211_ADDR_LEN);
4804 		bwn_set_opmode(mac);
4805 		bwn_set_pretbtt(mac);
4806 		bwn_spu_setdelay(mac, 0);
4807 		bwn_set_macaddr(mac);
4808 	}
4809 
4810 	BWN_UNLOCK(sc);
4811 
4812 	return (error);
4813 }
4814 
4815 static void
4816 bwn_set_pretbtt(struct bwn_mac *mac)
4817 {
4818 	struct bwn_softc *sc = mac->mac_sc;
4819 	struct ieee80211com *ic = &sc->sc_ic;
4820 	uint16_t pretbtt;
4821 
4822 	if (ic->ic_opmode == IEEE80211_M_IBSS)
4823 		pretbtt = 2;
4824 	else
4825 		pretbtt = (mac->mac_phy.type == BWN_PHYTYPE_A) ? 120 : 250;
4826 	bwn_shm_write_2(mac, BWN_SHARED, BWN_SHARED_PRETBTT, pretbtt);
4827 	BWN_WRITE_2(mac, BWN_TSF_CFP_PRETBTT, pretbtt);
4828 }
4829 
4830 static int
4831 bwn_intr(void *arg)
4832 {
4833 	struct bwn_mac *mac = arg;
4834 	struct bwn_softc *sc = mac->mac_sc;
4835 	uint32_t reason;
4836 
4837 	if (mac->mac_status < BWN_MAC_STATUS_STARTED ||
4838 	    (sc->sc_flags & BWN_FLAG_INVALID))
4839 		return (FILTER_STRAY);
4840 
4841 	DPRINTF(sc, BWN_DEBUG_INTR, "%s: called\n", __func__);
4842 
4843 	reason = BWN_READ_4(mac, BWN_INTR_REASON);
4844 	if (reason == 0xffffffff)	/* shared IRQ */
4845 		return (FILTER_STRAY);
4846 	reason &= mac->mac_intr_mask;
4847 	if (reason == 0)
4848 		return (FILTER_HANDLED);
4849 	DPRINTF(sc, BWN_DEBUG_INTR, "%s: reason=0x%08x\n", __func__, reason);
4850 
4851 	mac->mac_reason[0] = BWN_READ_4(mac, BWN_DMA0_REASON) & 0x0001dc00;
4852 	mac->mac_reason[1] = BWN_READ_4(mac, BWN_DMA1_REASON) & 0x0000dc00;
4853 	mac->mac_reason[2] = BWN_READ_4(mac, BWN_DMA2_REASON) & 0x0000dc00;
4854 	mac->mac_reason[3] = BWN_READ_4(mac, BWN_DMA3_REASON) & 0x0001dc00;
4855 	mac->mac_reason[4] = BWN_READ_4(mac, BWN_DMA4_REASON) & 0x0000dc00;
4856 	BWN_WRITE_4(mac, BWN_INTR_REASON, reason);
4857 	BWN_WRITE_4(mac, BWN_DMA0_REASON, mac->mac_reason[0]);
4858 	BWN_WRITE_4(mac, BWN_DMA1_REASON, mac->mac_reason[1]);
4859 	BWN_WRITE_4(mac, BWN_DMA2_REASON, mac->mac_reason[2]);
4860 	BWN_WRITE_4(mac, BWN_DMA3_REASON, mac->mac_reason[3]);
4861 	BWN_WRITE_4(mac, BWN_DMA4_REASON, mac->mac_reason[4]);
4862 
4863 	/* Disable interrupts. */
4864 	BWN_WRITE_4(mac, BWN_INTR_MASK, 0);
4865 
4866 	mac->mac_reason_intr = reason;
4867 
4868 	BWN_BARRIER(mac, BUS_SPACE_BARRIER_READ);
4869 	BWN_BARRIER(mac, BUS_SPACE_BARRIER_WRITE);
4870 
4871 	taskqueue_enqueue(sc->sc_tq, &mac->mac_intrtask);
4872 	return (FILTER_HANDLED);
4873 }
4874 
4875 static void
4876 bwn_intrtask(void *arg, int npending)
4877 {
4878 	struct bwn_mac *mac = arg;
4879 	struct bwn_softc *sc = mac->mac_sc;
4880 	uint32_t merged = 0;
4881 	int i, tx = 0, rx = 0;
4882 
4883 	BWN_LOCK(sc);
4884 	if (mac->mac_status < BWN_MAC_STATUS_STARTED ||
4885 	    (sc->sc_flags & BWN_FLAG_INVALID)) {
4886 		BWN_UNLOCK(sc);
4887 		return;
4888 	}
4889 
4890 	for (i = 0; i < N(mac->mac_reason); i++)
4891 		merged |= mac->mac_reason[i];
4892 
4893 	if (mac->mac_reason_intr & BWN_INTR_MAC_TXERR)
4894 		device_printf(sc->sc_dev, "MAC trans error\n");
4895 
4896 	if (mac->mac_reason_intr & BWN_INTR_PHY_TXERR) {
4897 		DPRINTF(sc, BWN_DEBUG_INTR, "%s: PHY trans error\n", __func__);
4898 		mac->mac_phy.txerrors--;
4899 		if (mac->mac_phy.txerrors == 0) {
4900 			mac->mac_phy.txerrors = BWN_TXERROR_MAX;
4901 			bwn_restart(mac, "PHY TX errors");
4902 		}
4903 	}
4904 
4905 	if (merged & (BWN_DMAINTR_FATALMASK | BWN_DMAINTR_NONFATALMASK)) {
4906 		if (merged & BWN_DMAINTR_FATALMASK) {
4907 			device_printf(sc->sc_dev,
4908 			    "Fatal DMA error: %#x %#x %#x %#x %#x %#x\n",
4909 			    mac->mac_reason[0], mac->mac_reason[1],
4910 			    mac->mac_reason[2], mac->mac_reason[3],
4911 			    mac->mac_reason[4], mac->mac_reason[5]);
4912 			bwn_restart(mac, "DMA error");
4913 			BWN_UNLOCK(sc);
4914 			return;
4915 		}
4916 		if (merged & BWN_DMAINTR_NONFATALMASK) {
4917 			device_printf(sc->sc_dev,
4918 			    "DMA error: %#x %#x %#x %#x %#x %#x\n",
4919 			    mac->mac_reason[0], mac->mac_reason[1],
4920 			    mac->mac_reason[2], mac->mac_reason[3],
4921 			    mac->mac_reason[4], mac->mac_reason[5]);
4922 		}
4923 	}
4924 
4925 	if (mac->mac_reason_intr & BWN_INTR_UCODE_DEBUG)
4926 		bwn_intr_ucode_debug(mac);
4927 	if (mac->mac_reason_intr & BWN_INTR_TBTT_INDI)
4928 		bwn_intr_tbtt_indication(mac);
4929 	if (mac->mac_reason_intr & BWN_INTR_ATIM_END)
4930 		bwn_intr_atim_end(mac);
4931 	if (mac->mac_reason_intr & BWN_INTR_BEACON)
4932 		bwn_intr_beacon(mac);
4933 	if (mac->mac_reason_intr & BWN_INTR_PMQ)
4934 		bwn_intr_pmq(mac);
4935 	if (mac->mac_reason_intr & BWN_INTR_NOISESAMPLE_OK)
4936 		bwn_intr_noise(mac);
4937 
4938 	if (mac->mac_flags & BWN_MAC_FLAG_DMA) {
4939 		if (mac->mac_reason[0] & BWN_DMAINTR_RX_DONE) {
4940 			bwn_dma_rx(mac->mac_method.dma.rx);
4941 			rx = 1;
4942 		}
4943 	} else
4944 		rx = bwn_pio_rx(&mac->mac_method.pio.rx);
4945 
4946 	KASSERT(!(mac->mac_reason[1] & BWN_DMAINTR_RX_DONE), ("%s", __func__));
4947 	KASSERT(!(mac->mac_reason[2] & BWN_DMAINTR_RX_DONE), ("%s", __func__));
4948 	KASSERT(!(mac->mac_reason[3] & BWN_DMAINTR_RX_DONE), ("%s", __func__));
4949 	KASSERT(!(mac->mac_reason[4] & BWN_DMAINTR_RX_DONE), ("%s", __func__));
4950 	KASSERT(!(mac->mac_reason[5] & BWN_DMAINTR_RX_DONE), ("%s", __func__));
4951 
4952 	if (mac->mac_reason_intr & BWN_INTR_TX_OK) {
4953 		bwn_intr_txeof(mac);
4954 		tx = 1;
4955 	}
4956 
4957 	BWN_WRITE_4(mac, BWN_INTR_MASK, mac->mac_intr_mask);
4958 
4959 	if (sc->sc_blink_led != NULL && sc->sc_led_blink) {
4960 		int evt = BWN_LED_EVENT_NONE;
4961 
4962 		if (tx && rx) {
4963 			if (sc->sc_rx_rate > sc->sc_tx_rate)
4964 				evt = BWN_LED_EVENT_RX;
4965 			else
4966 				evt = BWN_LED_EVENT_TX;
4967 		} else if (tx) {
4968 			evt = BWN_LED_EVENT_TX;
4969 		} else if (rx) {
4970 			evt = BWN_LED_EVENT_RX;
4971 		} else if (rx == 0) {
4972 			evt = BWN_LED_EVENT_POLL;
4973 		}
4974 
4975 		if (evt != BWN_LED_EVENT_NONE)
4976 			bwn_led_event(mac, evt);
4977        }
4978 
4979 	if (mbufq_first(&sc->sc_snd) != NULL)
4980 		bwn_start(sc);
4981 
4982 	BWN_BARRIER(mac, BUS_SPACE_BARRIER_READ);
4983 	BWN_BARRIER(mac, BUS_SPACE_BARRIER_WRITE);
4984 
4985 	BWN_UNLOCK(sc);
4986 }
4987 
4988 static void
4989 bwn_restart(struct bwn_mac *mac, const char *msg)
4990 {
4991 	struct bwn_softc *sc = mac->mac_sc;
4992 	struct ieee80211com *ic = &sc->sc_ic;
4993 
4994 	if (mac->mac_status < BWN_MAC_STATUS_INITED)
4995 		return;
4996 
4997 	device_printf(sc->sc_dev, "HW reset: %s\n", msg);
4998 	ieee80211_runtask(ic, &mac->mac_hwreset);
4999 }
5000 
5001 static void
5002 bwn_intr_ucode_debug(struct bwn_mac *mac)
5003 {
5004 	struct bwn_softc *sc = mac->mac_sc;
5005 	uint16_t reason;
5006 
5007 	if (mac->mac_fw.opensource == 0)
5008 		return;
5009 
5010 	reason = bwn_shm_read_2(mac, BWN_SCRATCH, BWN_DEBUGINTR_REASON_REG);
5011 	switch (reason) {
5012 	case BWN_DEBUGINTR_PANIC:
5013 		bwn_handle_fwpanic(mac);
5014 		break;
5015 	case BWN_DEBUGINTR_DUMP_SHM:
5016 		device_printf(sc->sc_dev, "BWN_DEBUGINTR_DUMP_SHM\n");
5017 		break;
5018 	case BWN_DEBUGINTR_DUMP_REGS:
5019 		device_printf(sc->sc_dev, "BWN_DEBUGINTR_DUMP_REGS\n");
5020 		break;
5021 	case BWN_DEBUGINTR_MARKER:
5022 		device_printf(sc->sc_dev, "BWN_DEBUGINTR_MARKER\n");
5023 		break;
5024 	default:
5025 		device_printf(sc->sc_dev,
5026 		    "ucode debug unknown reason: %#x\n", reason);
5027 	}
5028 
5029 	bwn_shm_write_2(mac, BWN_SCRATCH, BWN_DEBUGINTR_REASON_REG,
5030 	    BWN_DEBUGINTR_ACK);
5031 }
5032 
5033 static void
5034 bwn_intr_tbtt_indication(struct bwn_mac *mac)
5035 {
5036 	struct bwn_softc *sc = mac->mac_sc;
5037 	struct ieee80211com *ic = &sc->sc_ic;
5038 
5039 	if (ic->ic_opmode != IEEE80211_M_HOSTAP)
5040 		bwn_psctl(mac, 0);
5041 	if (ic->ic_opmode == IEEE80211_M_IBSS)
5042 		mac->mac_flags |= BWN_MAC_FLAG_DFQVALID;
5043 }
5044 
5045 static void
5046 bwn_intr_atim_end(struct bwn_mac *mac)
5047 {
5048 
5049 	if (mac->mac_flags & BWN_MAC_FLAG_DFQVALID) {
5050 		BWN_WRITE_4(mac, BWN_MACCMD,
5051 		    BWN_READ_4(mac, BWN_MACCMD) | BWN_MACCMD_DFQ_VALID);
5052 		mac->mac_flags &= ~BWN_MAC_FLAG_DFQVALID;
5053 	}
5054 }
5055 
5056 static void
5057 bwn_intr_beacon(struct bwn_mac *mac)
5058 {
5059 	struct bwn_softc *sc = mac->mac_sc;
5060 	struct ieee80211com *ic = &sc->sc_ic;
5061 	uint32_t cmd, beacon0, beacon1;
5062 
5063 	if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5064 	    ic->ic_opmode == IEEE80211_M_MBSS)
5065 		return;
5066 
5067 	mac->mac_intr_mask &= ~BWN_INTR_BEACON;
5068 
5069 	cmd = BWN_READ_4(mac, BWN_MACCMD);
5070 	beacon0 = (cmd & BWN_MACCMD_BEACON0_VALID);
5071 	beacon1 = (cmd & BWN_MACCMD_BEACON1_VALID);
5072 
5073 	if (beacon0 && beacon1) {
5074 		BWN_WRITE_4(mac, BWN_INTR_REASON, BWN_INTR_BEACON);
5075 		mac->mac_intr_mask |= BWN_INTR_BEACON;
5076 		return;
5077 	}
5078 
5079 	if (sc->sc_flags & BWN_FLAG_NEED_BEACON_TP) {
5080 		sc->sc_flags &= ~BWN_FLAG_NEED_BEACON_TP;
5081 		bwn_load_beacon0(mac);
5082 		bwn_load_beacon1(mac);
5083 		cmd = BWN_READ_4(mac, BWN_MACCMD);
5084 		cmd |= BWN_MACCMD_BEACON0_VALID;
5085 		BWN_WRITE_4(mac, BWN_MACCMD, cmd);
5086 	} else {
5087 		if (!beacon0) {
5088 			bwn_load_beacon0(mac);
5089 			cmd = BWN_READ_4(mac, BWN_MACCMD);
5090 			cmd |= BWN_MACCMD_BEACON0_VALID;
5091 			BWN_WRITE_4(mac, BWN_MACCMD, cmd);
5092 		} else if (!beacon1) {
5093 			bwn_load_beacon1(mac);
5094 			cmd = BWN_READ_4(mac, BWN_MACCMD);
5095 			cmd |= BWN_MACCMD_BEACON1_VALID;
5096 			BWN_WRITE_4(mac, BWN_MACCMD, cmd);
5097 		}
5098 	}
5099 }
5100 
5101 static void
5102 bwn_intr_pmq(struct bwn_mac *mac)
5103 {
5104 	uint32_t tmp;
5105 
5106 	while (1) {
5107 		tmp = BWN_READ_4(mac, BWN_PS_STATUS);
5108 		if (!(tmp & 0x00000008))
5109 			break;
5110 	}
5111 	BWN_WRITE_2(mac, BWN_PS_STATUS, 0x0002);
5112 }
5113 
5114 static void
5115 bwn_intr_noise(struct bwn_mac *mac)
5116 {
5117 	struct bwn_phy_g *pg = &mac->mac_phy.phy_g;
5118 	uint16_t tmp;
5119 	uint8_t noise[4];
5120 	uint8_t i, j;
5121 	int32_t average;
5122 
5123 	if (mac->mac_phy.type != BWN_PHYTYPE_G)
5124 		return;
5125 
5126 	KASSERT(mac->mac_noise.noi_running, ("%s: fail", __func__));
5127 	*((uint32_t *)noise) = htole32(bwn_jssi_read(mac));
5128 	if (noise[0] == 0x7f || noise[1] == 0x7f || noise[2] == 0x7f ||
5129 	    noise[3] == 0x7f)
5130 		goto new;
5131 
5132 	KASSERT(mac->mac_noise.noi_nsamples < 8,
5133 	    ("%s:%d: fail", __func__, __LINE__));
5134 	i = mac->mac_noise.noi_nsamples;
5135 	noise[0] = MIN(MAX(noise[0], 0), N(pg->pg_nrssi_lt) - 1);
5136 	noise[1] = MIN(MAX(noise[1], 0), N(pg->pg_nrssi_lt) - 1);
5137 	noise[2] = MIN(MAX(noise[2], 0), N(pg->pg_nrssi_lt) - 1);
5138 	noise[3] = MIN(MAX(noise[3], 0), N(pg->pg_nrssi_lt) - 1);
5139 	mac->mac_noise.noi_samples[i][0] = pg->pg_nrssi_lt[noise[0]];
5140 	mac->mac_noise.noi_samples[i][1] = pg->pg_nrssi_lt[noise[1]];
5141 	mac->mac_noise.noi_samples[i][2] = pg->pg_nrssi_lt[noise[2]];
5142 	mac->mac_noise.noi_samples[i][3] = pg->pg_nrssi_lt[noise[3]];
5143 	mac->mac_noise.noi_nsamples++;
5144 	if (mac->mac_noise.noi_nsamples == 8) {
5145 		average = 0;
5146 		for (i = 0; i < 8; i++) {
5147 			for (j = 0; j < 4; j++)
5148 				average += mac->mac_noise.noi_samples[i][j];
5149 		}
5150 		average = (((average / 32) * 125) + 64) / 128;
5151 		tmp = (bwn_shm_read_2(mac, BWN_SHARED, 0x40c) / 128) & 0x1f;
5152 		if (tmp >= 8)
5153 			average += 2;
5154 		else
5155 			average -= 25;
5156 		average -= (tmp == 8) ? 72 : 48;
5157 
5158 		mac->mac_stats.link_noise = average;
5159 		mac->mac_noise.noi_running = 0;
5160 		return;
5161 	}
5162 new:
5163 	bwn_noise_gensample(mac);
5164 }
5165 
5166 static int
5167 bwn_pio_rx(struct bwn_pio_rxqueue *prq)
5168 {
5169 	struct bwn_mac *mac = prq->prq_mac;
5170 	struct bwn_softc *sc = mac->mac_sc;
5171 	unsigned int i;
5172 
5173 	BWN_ASSERT_LOCKED(sc);
5174 
5175 	if (mac->mac_status < BWN_MAC_STATUS_STARTED)
5176 		return (0);
5177 
5178 	for (i = 0; i < 5000; i++) {
5179 		if (bwn_pio_rxeof(prq) == 0)
5180 			break;
5181 	}
5182 	if (i >= 5000)
5183 		device_printf(sc->sc_dev, "too many RX frames in PIO mode\n");
5184 	return ((i > 0) ? 1 : 0);
5185 }
5186 
5187 static void
5188 bwn_dma_rx(struct bwn_dma_ring *dr)
5189 {
5190 	int slot, curslot;
5191 
5192 	KASSERT(!dr->dr_tx, ("%s:%d: fail", __func__, __LINE__));
5193 	curslot = dr->get_curslot(dr);
5194 	KASSERT(curslot >= 0 && curslot < dr->dr_numslots,
5195 	    ("%s:%d: fail", __func__, __LINE__));
5196 
5197 	slot = dr->dr_curslot;
5198 	for (; slot != curslot; slot = bwn_dma_nextslot(dr, slot))
5199 		bwn_dma_rxeof(dr, &slot);
5200 
5201 	bus_dmamap_sync(dr->dr_ring_dtag, dr->dr_ring_dmap,
5202 	    BUS_DMASYNC_PREWRITE);
5203 
5204 	dr->set_curslot(dr, slot);
5205 	dr->dr_curslot = slot;
5206 }
5207 
5208 static void
5209 bwn_intr_txeof(struct bwn_mac *mac)
5210 {
5211 	struct bwn_txstatus stat;
5212 	uint32_t stat0, stat1;
5213 	uint16_t tmp;
5214 
5215 	BWN_ASSERT_LOCKED(mac->mac_sc);
5216 
5217 	while (1) {
5218 		stat0 = BWN_READ_4(mac, BWN_XMITSTAT_0);
5219 		if (!(stat0 & 0x00000001))
5220 			break;
5221 		stat1 = BWN_READ_4(mac, BWN_XMITSTAT_1);
5222 
5223 		DPRINTF(mac->mac_sc, BWN_DEBUG_XMIT,
5224 		    "%s: stat0=0x%08x, stat1=0x%08x\n",
5225 		    __func__,
5226 		    stat0,
5227 		    stat1);
5228 
5229 		stat.cookie = (stat0 >> 16);
5230 		stat.seq = (stat1 & 0x0000ffff);
5231 		stat.phy_stat = ((stat1 & 0x00ff0000) >> 16);
5232 		tmp = (stat0 & 0x0000ffff);
5233 		stat.framecnt = ((tmp & 0xf000) >> 12);
5234 		stat.rtscnt = ((tmp & 0x0f00) >> 8);
5235 		stat.sreason = ((tmp & 0x001c) >> 2);
5236 		stat.pm = (tmp & 0x0080) ? 1 : 0;
5237 		stat.im = (tmp & 0x0040) ? 1 : 0;
5238 		stat.ampdu = (tmp & 0x0020) ? 1 : 0;
5239 		stat.ack = (tmp & 0x0002) ? 1 : 0;
5240 
5241 		DPRINTF(mac->mac_sc, BWN_DEBUG_XMIT,
5242 		    "%s: cookie=%d, seq=%d, phystat=0x%02x, framecnt=%d, "
5243 		    "rtscnt=%d, sreason=%d, pm=%d, im=%d, ampdu=%d, ack=%d\n",
5244 		    __func__,
5245 		    stat.cookie,
5246 		    stat.seq,
5247 		    stat.phy_stat,
5248 		    stat.framecnt,
5249 		    stat.rtscnt,
5250 		    stat.sreason,
5251 		    stat.pm,
5252 		    stat.im,
5253 		    stat.ampdu,
5254 		    stat.ack);
5255 
5256 		bwn_handle_txeof(mac, &stat);
5257 	}
5258 }
5259 
5260 static void
5261 bwn_hwreset(void *arg, int npending)
5262 {
5263 	struct bwn_mac *mac = arg;
5264 	struct bwn_softc *sc = mac->mac_sc;
5265 	int error = 0;
5266 	int prev_status;
5267 
5268 	BWN_LOCK(sc);
5269 
5270 	prev_status = mac->mac_status;
5271 	if (prev_status >= BWN_MAC_STATUS_STARTED)
5272 		bwn_core_stop(mac);
5273 	if (prev_status >= BWN_MAC_STATUS_INITED)
5274 		bwn_core_exit(mac);
5275 
5276 	if (prev_status >= BWN_MAC_STATUS_INITED) {
5277 		error = bwn_core_init(mac);
5278 		if (error)
5279 			goto out;
5280 	}
5281 	if (prev_status >= BWN_MAC_STATUS_STARTED)
5282 		bwn_core_start(mac);
5283 out:
5284 	if (error) {
5285 		device_printf(sc->sc_dev, "%s: failed (%d)\n", __func__, error);
5286 		sc->sc_curmac = NULL;
5287 	}
5288 	BWN_UNLOCK(sc);
5289 }
5290 
5291 static void
5292 bwn_handle_fwpanic(struct bwn_mac *mac)
5293 {
5294 	struct bwn_softc *sc = mac->mac_sc;
5295 	uint16_t reason;
5296 
5297 	reason = bwn_shm_read_2(mac, BWN_SCRATCH, BWN_FWPANIC_REASON_REG);
5298 	device_printf(sc->sc_dev,"fw panic (%u)\n", reason);
5299 
5300 	if (reason == BWN_FWPANIC_RESTART)
5301 		bwn_restart(mac, "ucode panic");
5302 }
5303 
5304 static void
5305 bwn_load_beacon0(struct bwn_mac *mac)
5306 {
5307 
5308 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
5309 }
5310 
5311 static void
5312 bwn_load_beacon1(struct bwn_mac *mac)
5313 {
5314 
5315 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
5316 }
5317 
5318 static uint32_t
5319 bwn_jssi_read(struct bwn_mac *mac)
5320 {
5321 	uint32_t val = 0;
5322 
5323 	val = bwn_shm_read_2(mac, BWN_SHARED, 0x08a);
5324 	val <<= 16;
5325 	val |= bwn_shm_read_2(mac, BWN_SHARED, 0x088);
5326 
5327 	return (val);
5328 }
5329 
5330 static void
5331 bwn_noise_gensample(struct bwn_mac *mac)
5332 {
5333 	uint32_t jssi = 0x7f7f7f7f;
5334 
5335 	bwn_shm_write_2(mac, BWN_SHARED, 0x088, (jssi & 0x0000ffff));
5336 	bwn_shm_write_2(mac, BWN_SHARED, 0x08a, (jssi & 0xffff0000) >> 16);
5337 	BWN_WRITE_4(mac, BWN_MACCMD,
5338 	    BWN_READ_4(mac, BWN_MACCMD) | BWN_MACCMD_BGNOISE);
5339 }
5340 
5341 static int
5342 bwn_dma_freeslot(struct bwn_dma_ring *dr)
5343 {
5344 	BWN_ASSERT_LOCKED(dr->dr_mac->mac_sc);
5345 
5346 	return (dr->dr_numslots - dr->dr_usedslot);
5347 }
5348 
5349 static int
5350 bwn_dma_nextslot(struct bwn_dma_ring *dr, int slot)
5351 {
5352 	BWN_ASSERT_LOCKED(dr->dr_mac->mac_sc);
5353 
5354 	KASSERT(slot >= -1 && slot <= dr->dr_numslots - 1,
5355 	    ("%s:%d: fail", __func__, __LINE__));
5356 	if (slot == dr->dr_numslots - 1)
5357 		return (0);
5358 	return (slot + 1);
5359 }
5360 
5361 static void
5362 bwn_dma_rxeof(struct bwn_dma_ring *dr, int *slot)
5363 {
5364 	struct bwn_mac *mac = dr->dr_mac;
5365 	struct bwn_softc *sc = mac->mac_sc;
5366 	struct bwn_dma *dma = &mac->mac_method.dma;
5367 	struct bwn_dmadesc_generic *desc;
5368 	struct bwn_dmadesc_meta *meta;
5369 	struct bwn_rxhdr4 *rxhdr;
5370 	struct mbuf *m;
5371 	uint32_t macstat;
5372 	int32_t tmp;
5373 	int cnt = 0;
5374 	uint16_t len;
5375 
5376 	dr->getdesc(dr, *slot, &desc, &meta);
5377 
5378 	bus_dmamap_sync(dma->rxbuf_dtag, meta->mt_dmap, BUS_DMASYNC_POSTREAD);
5379 	m = meta->mt_m;
5380 
5381 	if (bwn_dma_newbuf(dr, desc, meta, 0)) {
5382 		counter_u64_add(sc->sc_ic.ic_ierrors, 1);
5383 		return;
5384 	}
5385 
5386 	rxhdr = mtod(m, struct bwn_rxhdr4 *);
5387 	len = le16toh(rxhdr->frame_len);
5388 	if (len <= 0) {
5389 		counter_u64_add(sc->sc_ic.ic_ierrors, 1);
5390 		return;
5391 	}
5392 	if (bwn_dma_check_redzone(dr, m)) {
5393 		device_printf(sc->sc_dev, "redzone error.\n");
5394 		bwn_dma_set_redzone(dr, m);
5395 		bus_dmamap_sync(dma->rxbuf_dtag, meta->mt_dmap,
5396 		    BUS_DMASYNC_PREWRITE);
5397 		return;
5398 	}
5399 	if (len > dr->dr_rx_bufsize) {
5400 		tmp = len;
5401 		while (1) {
5402 			dr->getdesc(dr, *slot, &desc, &meta);
5403 			bwn_dma_set_redzone(dr, meta->mt_m);
5404 			bus_dmamap_sync(dma->rxbuf_dtag, meta->mt_dmap,
5405 			    BUS_DMASYNC_PREWRITE);
5406 			*slot = bwn_dma_nextslot(dr, *slot);
5407 			cnt++;
5408 			tmp -= dr->dr_rx_bufsize;
5409 			if (tmp <= 0)
5410 				break;
5411 		}
5412 		device_printf(sc->sc_dev, "too small buffer "
5413 		       "(len %u buffer %u dropped %d)\n",
5414 		       len, dr->dr_rx_bufsize, cnt);
5415 		return;
5416 	}
5417 
5418 	switch (mac->mac_fw.fw_hdr_format) {
5419 	case BWN_FW_HDR_351:
5420 	case BWN_FW_HDR_410:
5421 		macstat = le32toh(rxhdr->ps4.r351.mac_status);
5422 		break;
5423 	case BWN_FW_HDR_598:
5424 		macstat = le32toh(rxhdr->ps4.r598.mac_status);
5425 		break;
5426 	}
5427 
5428 	if (macstat & BWN_RX_MAC_FCSERR) {
5429 		if (!(mac->mac_sc->sc_filters & BWN_MACCTL_PASS_BADFCS)) {
5430 			device_printf(sc->sc_dev, "RX drop\n");
5431 			return;
5432 		}
5433 	}
5434 
5435 	m->m_len = m->m_pkthdr.len = len + dr->dr_frameoffset;
5436 	m_adj(m, dr->dr_frameoffset);
5437 
5438 	bwn_rxeof(dr->dr_mac, m, rxhdr);
5439 }
5440 
5441 static void
5442 bwn_handle_txeof(struct bwn_mac *mac, const struct bwn_txstatus *status)
5443 {
5444 	struct bwn_softc *sc = mac->mac_sc;
5445 	struct bwn_stats *stats = &mac->mac_stats;
5446 
5447 	BWN_ASSERT_LOCKED(mac->mac_sc);
5448 
5449 	if (status->im)
5450 		device_printf(sc->sc_dev, "TODO: STATUS IM\n");
5451 	if (status->ampdu)
5452 		device_printf(sc->sc_dev, "TODO: STATUS AMPDU\n");
5453 	if (status->rtscnt) {
5454 		if (status->rtscnt == 0xf)
5455 			stats->rtsfail++;
5456 		else
5457 			stats->rts++;
5458 	}
5459 
5460 	if (mac->mac_flags & BWN_MAC_FLAG_DMA) {
5461 		bwn_dma_handle_txeof(mac, status);
5462 	} else {
5463 		bwn_pio_handle_txeof(mac, status);
5464 	}
5465 
5466 	bwn_phy_txpower_check(mac, 0);
5467 }
5468 
5469 static uint8_t
5470 bwn_pio_rxeof(struct bwn_pio_rxqueue *prq)
5471 {
5472 	struct bwn_mac *mac = prq->prq_mac;
5473 	struct bwn_softc *sc = mac->mac_sc;
5474 	struct bwn_rxhdr4 rxhdr;
5475 	struct mbuf *m;
5476 	uint32_t ctl32, macstat, v32;
5477 	unsigned int i, padding;
5478 	uint16_t ctl16, len, totlen, v16;
5479 	unsigned char *mp;
5480 	char *data;
5481 
5482 	memset(&rxhdr, 0, sizeof(rxhdr));
5483 
5484 	if (prq->prq_rev >= 8) {
5485 		ctl32 = bwn_pio_rx_read_4(prq, BWN_PIO8_RXCTL);
5486 		if (!(ctl32 & BWN_PIO8_RXCTL_FRAMEREADY))
5487 			return (0);
5488 		bwn_pio_rx_write_4(prq, BWN_PIO8_RXCTL,
5489 		    BWN_PIO8_RXCTL_FRAMEREADY);
5490 		for (i = 0; i < 10; i++) {
5491 			ctl32 = bwn_pio_rx_read_4(prq, BWN_PIO8_RXCTL);
5492 			if (ctl32 & BWN_PIO8_RXCTL_DATAREADY)
5493 				goto ready;
5494 			DELAY(10);
5495 		}
5496 	} else {
5497 		ctl16 = bwn_pio_rx_read_2(prq, BWN_PIO_RXCTL);
5498 		if (!(ctl16 & BWN_PIO_RXCTL_FRAMEREADY))
5499 			return (0);
5500 		bwn_pio_rx_write_2(prq, BWN_PIO_RXCTL,
5501 		    BWN_PIO_RXCTL_FRAMEREADY);
5502 		for (i = 0; i < 10; i++) {
5503 			ctl16 = bwn_pio_rx_read_2(prq, BWN_PIO_RXCTL);
5504 			if (ctl16 & BWN_PIO_RXCTL_DATAREADY)
5505 				goto ready;
5506 			DELAY(10);
5507 		}
5508 	}
5509 	device_printf(sc->sc_dev, "%s: timed out\n", __func__);
5510 	return (1);
5511 ready:
5512 	if (prq->prq_rev >= 8)
5513 		siba_read_multi_4(sc->sc_dev, &rxhdr, sizeof(rxhdr),
5514 		    prq->prq_base + BWN_PIO8_RXDATA);
5515 	else
5516 		siba_read_multi_2(sc->sc_dev, &rxhdr, sizeof(rxhdr),
5517 		    prq->prq_base + BWN_PIO_RXDATA);
5518 	len = le16toh(rxhdr.frame_len);
5519 	if (len > 0x700) {
5520 		device_printf(sc->sc_dev, "%s: len is too big\n", __func__);
5521 		goto error;
5522 	}
5523 	if (len == 0) {
5524 		device_printf(sc->sc_dev, "%s: len is 0\n", __func__);
5525 		goto error;
5526 	}
5527 
5528 	switch (mac->mac_fw.fw_hdr_format) {
5529 	case BWN_FW_HDR_351:
5530 	case BWN_FW_HDR_410:
5531 		macstat = le32toh(rxhdr.ps4.r351.mac_status);
5532 		break;
5533 	case BWN_FW_HDR_598:
5534 		macstat = le32toh(rxhdr.ps4.r598.mac_status);
5535 		break;
5536 	}
5537 
5538 	if (macstat & BWN_RX_MAC_FCSERR) {
5539 		if (!(mac->mac_sc->sc_filters & BWN_MACCTL_PASS_BADFCS)) {
5540 			device_printf(sc->sc_dev, "%s: FCS error", __func__);
5541 			goto error;
5542 		}
5543 	}
5544 
5545 	padding = (macstat & BWN_RX_MAC_PADDING) ? 2 : 0;
5546 	totlen = len + padding;
5547 	KASSERT(totlen <= MCLBYTES, ("too big..\n"));
5548 	m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
5549 	if (m == NULL) {
5550 		device_printf(sc->sc_dev, "%s: out of memory", __func__);
5551 		goto error;
5552 	}
5553 	mp = mtod(m, unsigned char *);
5554 	if (prq->prq_rev >= 8) {
5555 		siba_read_multi_4(sc->sc_dev, mp, (totlen & ~3),
5556 		    prq->prq_base + BWN_PIO8_RXDATA);
5557 		if (totlen & 3) {
5558 			v32 = bwn_pio_rx_read_4(prq, BWN_PIO8_RXDATA);
5559 			data = &(mp[totlen - 1]);
5560 			switch (totlen & 3) {
5561 			case 3:
5562 				*data = (v32 >> 16);
5563 				data--;
5564 			case 2:
5565 				*data = (v32 >> 8);
5566 				data--;
5567 			case 1:
5568 				*data = v32;
5569 			}
5570 		}
5571 	} else {
5572 		siba_read_multi_2(sc->sc_dev, mp, (totlen & ~1),
5573 		    prq->prq_base + BWN_PIO_RXDATA);
5574 		if (totlen & 1) {
5575 			v16 = bwn_pio_rx_read_2(prq, BWN_PIO_RXDATA);
5576 			mp[totlen - 1] = v16;
5577 		}
5578 	}
5579 
5580 	m->m_len = m->m_pkthdr.len = totlen;
5581 
5582 	bwn_rxeof(prq->prq_mac, m, &rxhdr);
5583 
5584 	return (1);
5585 error:
5586 	if (prq->prq_rev >= 8)
5587 		bwn_pio_rx_write_4(prq, BWN_PIO8_RXCTL,
5588 		    BWN_PIO8_RXCTL_DATAREADY);
5589 	else
5590 		bwn_pio_rx_write_2(prq, BWN_PIO_RXCTL, BWN_PIO_RXCTL_DATAREADY);
5591 	return (1);
5592 }
5593 
5594 static int
5595 bwn_dma_newbuf(struct bwn_dma_ring *dr, struct bwn_dmadesc_generic *desc,
5596     struct bwn_dmadesc_meta *meta, int init)
5597 {
5598 	struct bwn_mac *mac = dr->dr_mac;
5599 	struct bwn_dma *dma = &mac->mac_method.dma;
5600 	struct bwn_rxhdr4 *hdr;
5601 	bus_dmamap_t map;
5602 	bus_addr_t paddr;
5603 	struct mbuf *m;
5604 	int error;
5605 
5606 	m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
5607 	if (m == NULL) {
5608 		error = ENOBUFS;
5609 
5610 		/*
5611 		 * If the NIC is up and running, we need to:
5612 		 * - Clear RX buffer's header.
5613 		 * - Restore RX descriptor settings.
5614 		 */
5615 		if (init)
5616 			return (error);
5617 		else
5618 			goto back;
5619 	}
5620 	m->m_len = m->m_pkthdr.len = MCLBYTES;
5621 
5622 	bwn_dma_set_redzone(dr, m);
5623 
5624 	/*
5625 	 * Try to load RX buf into temporary DMA map
5626 	 */
5627 	error = bus_dmamap_load_mbuf(dma->rxbuf_dtag, dr->dr_spare_dmap, m,
5628 	    bwn_dma_buf_addr, &paddr, BUS_DMA_NOWAIT);
5629 	if (error) {
5630 		m_freem(m);
5631 
5632 		/*
5633 		 * See the comment above
5634 		 */
5635 		if (init)
5636 			return (error);
5637 		else
5638 			goto back;
5639 	}
5640 
5641 	if (!init)
5642 		bus_dmamap_unload(dma->rxbuf_dtag, meta->mt_dmap);
5643 	meta->mt_m = m;
5644 	meta->mt_paddr = paddr;
5645 
5646 	/*
5647 	 * Swap RX buf's DMA map with the loaded temporary one
5648 	 */
5649 	map = meta->mt_dmap;
5650 	meta->mt_dmap = dr->dr_spare_dmap;
5651 	dr->dr_spare_dmap = map;
5652 
5653 back:
5654 	/*
5655 	 * Clear RX buf header
5656 	 */
5657 	hdr = mtod(meta->mt_m, struct bwn_rxhdr4 *);
5658 	bzero(hdr, sizeof(*hdr));
5659 	bus_dmamap_sync(dma->rxbuf_dtag, meta->mt_dmap,
5660 	    BUS_DMASYNC_PREWRITE);
5661 
5662 	/*
5663 	 * Setup RX buf descriptor
5664 	 */
5665 	dr->setdesc(dr, desc, meta->mt_paddr, meta->mt_m->m_len -
5666 	    sizeof(*hdr), 0, 0, 0);
5667 	return (error);
5668 }
5669 
5670 static void
5671 bwn_dma_buf_addr(void *arg, bus_dma_segment_t *seg, int nseg,
5672 		 bus_size_t mapsz __unused, int error)
5673 {
5674 
5675 	if (!error) {
5676 		KASSERT(nseg == 1, ("too many segments(%d)\n", nseg));
5677 		*((bus_addr_t *)arg) = seg->ds_addr;
5678 	}
5679 }
5680 
5681 static int
5682 bwn_hwrate2ieeerate(int rate)
5683 {
5684 
5685 	switch (rate) {
5686 	case BWN_CCK_RATE_1MB:
5687 		return (2);
5688 	case BWN_CCK_RATE_2MB:
5689 		return (4);
5690 	case BWN_CCK_RATE_5MB:
5691 		return (11);
5692 	case BWN_CCK_RATE_11MB:
5693 		return (22);
5694 	case BWN_OFDM_RATE_6MB:
5695 		return (12);
5696 	case BWN_OFDM_RATE_9MB:
5697 		return (18);
5698 	case BWN_OFDM_RATE_12MB:
5699 		return (24);
5700 	case BWN_OFDM_RATE_18MB:
5701 		return (36);
5702 	case BWN_OFDM_RATE_24MB:
5703 		return (48);
5704 	case BWN_OFDM_RATE_36MB:
5705 		return (72);
5706 	case BWN_OFDM_RATE_48MB:
5707 		return (96);
5708 	case BWN_OFDM_RATE_54MB:
5709 		return (108);
5710 	default:
5711 		printf("Ooops\n");
5712 		return (0);
5713 	}
5714 }
5715 
5716 /*
5717  * Post process the RX provided RSSI.
5718  *
5719  * Valid for A, B, G, LP PHYs.
5720  */
5721 static int8_t
5722 bwn_rx_rssi_calc(struct bwn_mac *mac, uint8_t in_rssi,
5723     int ofdm, int adjust_2053, int adjust_2050)
5724 {
5725 	struct bwn_phy *phy = &mac->mac_phy;
5726 	struct bwn_phy_g *gphy = &phy->phy_g;
5727 	int tmp;
5728 
5729 	switch (phy->rf_ver) {
5730 	case 0x2050:
5731 		if (ofdm) {
5732 			tmp = in_rssi;
5733 			if (tmp > 127)
5734 				tmp -= 256;
5735 			tmp = tmp * 73 / 64;
5736 			if (adjust_2050)
5737 				tmp += 25;
5738 			else
5739 				tmp -= 3;
5740 		} else {
5741 			if (siba_sprom_get_bf_lo(mac->mac_sc->sc_dev)
5742 			    & BWN_BFL_RSSI) {
5743 				if (in_rssi > 63)
5744 					in_rssi = 63;
5745 				tmp = gphy->pg_nrssi_lt[in_rssi];
5746 				tmp = (31 - tmp) * -131 / 128 - 57;
5747 			} else {
5748 				tmp = in_rssi;
5749 				tmp = (31 - tmp) * -149 / 128 - 68;
5750 			}
5751 			if (phy->type == BWN_PHYTYPE_G && adjust_2050)
5752 				tmp += 25;
5753 		}
5754 		break;
5755 	case 0x2060:
5756 		if (in_rssi > 127)
5757 			tmp = in_rssi - 256;
5758 		else
5759 			tmp = in_rssi;
5760 		break;
5761 	default:
5762 		tmp = in_rssi;
5763 		tmp = (tmp - 11) * 103 / 64;
5764 		if (adjust_2053)
5765 			tmp -= 109;
5766 		else
5767 			tmp -= 83;
5768 	}
5769 
5770 	return (tmp);
5771 }
5772 
5773 static void
5774 bwn_rxeof(struct bwn_mac *mac, struct mbuf *m, const void *_rxhdr)
5775 {
5776 	const struct bwn_rxhdr4 *rxhdr = _rxhdr;
5777 	struct bwn_plcp6 *plcp;
5778 	struct bwn_softc *sc = mac->mac_sc;
5779 	struct ieee80211_frame_min *wh;
5780 	struct ieee80211_node *ni;
5781 	struct ieee80211com *ic = &sc->sc_ic;
5782 	uint32_t macstat;
5783 	int padding, rate, rssi = 0, noise = 0, type;
5784 	uint16_t phytype, phystat0, phystat3, chanstat;
5785 	unsigned char *mp = mtod(m, unsigned char *);
5786 	static int rx_mac_dec_rpt = 0;
5787 
5788 	BWN_ASSERT_LOCKED(sc);
5789 
5790 	phystat0 = le16toh(rxhdr->phy_status0);
5791 
5792 	/*
5793 	 * XXX Note: phy_status3 doesn't exist for HT-PHY; it's only
5794 	 * used for LP-PHY.
5795 	 */
5796 	phystat3 = le16toh(rxhdr->ps3.lp.phy_status3);
5797 
5798 	switch (mac->mac_fw.fw_hdr_format) {
5799 	case BWN_FW_HDR_351:
5800 	case BWN_FW_HDR_410:
5801 		macstat = le32toh(rxhdr->ps4.r351.mac_status);
5802 		chanstat = le16toh(rxhdr->ps4.r351.channel);
5803 		break;
5804 	case BWN_FW_HDR_598:
5805 		macstat = le32toh(rxhdr->ps4.r598.mac_status);
5806 		chanstat = le16toh(rxhdr->ps4.r598.channel);
5807 		break;
5808 	}
5809 
5810 
5811 	phytype = chanstat & BWN_RX_CHAN_PHYTYPE;
5812 
5813 	if (macstat & BWN_RX_MAC_FCSERR)
5814 		device_printf(sc->sc_dev, "TODO RX: RX_FLAG_FAILED_FCS_CRC\n");
5815 	if (phystat0 & (BWN_RX_PHYST0_PLCPHCF | BWN_RX_PHYST0_PLCPFV))
5816 		device_printf(sc->sc_dev, "TODO RX: RX_FLAG_FAILED_PLCP_CRC\n");
5817 	if (macstat & BWN_RX_MAC_DECERR)
5818 		goto drop;
5819 
5820 	padding = (macstat & BWN_RX_MAC_PADDING) ? 2 : 0;
5821 	if (m->m_pkthdr.len < (sizeof(struct bwn_plcp6) + padding)) {
5822 		device_printf(sc->sc_dev, "frame too short (length=%d)\n",
5823 		    m->m_pkthdr.len);
5824 		goto drop;
5825 	}
5826 	plcp = (struct bwn_plcp6 *)(mp + padding);
5827 	m_adj(m, sizeof(struct bwn_plcp6) + padding);
5828 	if (m->m_pkthdr.len < IEEE80211_MIN_LEN) {
5829 		device_printf(sc->sc_dev, "frame too short (length=%d)\n",
5830 		    m->m_pkthdr.len);
5831 		goto drop;
5832 	}
5833 	wh = mtod(m, struct ieee80211_frame_min *);
5834 
5835 	if (macstat & BWN_RX_MAC_DEC && rx_mac_dec_rpt++ < 50)
5836 		device_printf(sc->sc_dev,
5837 		    "RX decryption attempted (old %d keyidx %#x)\n",
5838 		    BWN_ISOLDFMT(mac),
5839 		    (macstat & BWN_RX_MAC_KEYIDX) >> BWN_RX_MAC_KEYIDX_SHIFT);
5840 
5841 	if (phystat0 & BWN_RX_PHYST0_OFDM)
5842 		rate = bwn_plcp_get_ofdmrate(mac, plcp,
5843 		    phytype == BWN_PHYTYPE_A);
5844 	else
5845 		rate = bwn_plcp_get_cckrate(mac, plcp);
5846 	if (rate == -1) {
5847 		if (!(mac->mac_sc->sc_filters & BWN_MACCTL_PASS_BADPLCP))
5848 			goto drop;
5849 	}
5850 	sc->sc_rx_rate = bwn_hwrate2ieeerate(rate);
5851 
5852 	/* rssi/noise */
5853 	switch (phytype) {
5854 	case BWN_PHYTYPE_A:
5855 	case BWN_PHYTYPE_B:
5856 	case BWN_PHYTYPE_G:
5857 	case BWN_PHYTYPE_LP:
5858 		rssi = bwn_rx_rssi_calc(mac, rxhdr->phy.abg.rssi,
5859 		    !! (phystat0 & BWN_RX_PHYST0_OFDM),
5860 		    !! (phystat0 & BWN_RX_PHYST0_GAINCTL),
5861 		    !! (phystat3 & BWN_RX_PHYST3_TRSTATE));
5862 		break;
5863 	case BWN_PHYTYPE_N:
5864 		/* Broadcom has code for min/avg, but always used max */
5865 		if (rxhdr->phy.n.power0 == 16 || rxhdr->phy.n.power0 == 32)
5866 			rssi = max(rxhdr->phy.n.power1, rxhdr->ps2.n.power2);
5867 		else
5868 			rssi = max(rxhdr->phy.n.power0, rxhdr->phy.n.power1);
5869 #if 0
5870 		DPRINTF(mac->mac_sc, BWN_DEBUG_RECV,
5871 		    "%s: power0=%d, power1=%d, power2=%d\n",
5872 		    __func__,
5873 		    rxhdr->phy.n.power0,
5874 		    rxhdr->phy.n.power1,
5875 		    rxhdr->ps2.n.power2);
5876 #endif
5877 		break;
5878 	default:
5879 		/* XXX TODO: implement rssi for other PHYs */
5880 		break;
5881 	}
5882 
5883 	/*
5884 	 * RSSI here is absolute, not relative to the noise floor.
5885 	 */
5886 	noise = mac->mac_stats.link_noise;
5887 	rssi = rssi - noise;
5888 
5889 	/* RX radio tap */
5890 	if (ieee80211_radiotap_active(ic))
5891 		bwn_rx_radiotap(mac, m, rxhdr, plcp, rate, rssi, noise);
5892 	m_adj(m, -IEEE80211_CRC_LEN);
5893 
5894 	BWN_UNLOCK(sc);
5895 
5896 	ni = ieee80211_find_rxnode(ic, wh);
5897 	if (ni != NULL) {
5898 		type = ieee80211_input(ni, m, rssi, noise);
5899 		ieee80211_free_node(ni);
5900 	} else
5901 		type = ieee80211_input_all(ic, m, rssi, noise);
5902 
5903 	BWN_LOCK(sc);
5904 	return;
5905 drop:
5906 	device_printf(sc->sc_dev, "%s: dropped\n", __func__);
5907 }
5908 
5909 static void
5910 bwn_ratectl_tx_complete(const struct ieee80211_node *ni,
5911     const struct bwn_txstatus *status)
5912 {
5913 	struct ieee80211_ratectl_tx_status txs;
5914 	int retrycnt = 0;
5915 
5916 	/*
5917 	 * If we don't get an ACK, then we should log the
5918 	 * full framecnt.  That may be 0 if it's a PHY
5919 	 * failure, so ensure that gets logged as some
5920 	 * retry attempt.
5921 	 */
5922 	txs.flags = IEEE80211_RATECTL_STATUS_LONG_RETRY;
5923 	if (status->ack) {
5924 		txs.status = IEEE80211_RATECTL_TX_SUCCESS;
5925 		retrycnt = status->framecnt - 1;
5926 	} else {
5927 		txs.status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED;
5928 		retrycnt = status->framecnt;
5929 		if (retrycnt == 0)
5930 			retrycnt = 1;
5931 	}
5932 	txs.long_retries = retrycnt;
5933 	ieee80211_ratectl_tx_complete(ni, &txs);
5934 }
5935 
5936 static void
5937 bwn_dma_handle_txeof(struct bwn_mac *mac,
5938     const struct bwn_txstatus *status)
5939 {
5940 	struct bwn_dma *dma = &mac->mac_method.dma;
5941 	struct bwn_dma_ring *dr;
5942 	struct bwn_dmadesc_generic *desc;
5943 	struct bwn_dmadesc_meta *meta;
5944 	struct bwn_softc *sc = mac->mac_sc;
5945 	int slot;
5946 
5947 	BWN_ASSERT_LOCKED(sc);
5948 
5949 	dr = bwn_dma_parse_cookie(mac, status, status->cookie, &slot);
5950 	if (dr == NULL) {
5951 		device_printf(sc->sc_dev, "failed to parse cookie\n");
5952 		return;
5953 	}
5954 	KASSERT(dr->dr_tx, ("%s:%d: fail", __func__, __LINE__));
5955 
5956 	while (1) {
5957 		KASSERT(slot >= 0 && slot < dr->dr_numslots,
5958 		    ("%s:%d: fail", __func__, __LINE__));
5959 		dr->getdesc(dr, slot, &desc, &meta);
5960 
5961 		if (meta->mt_txtype == BWN_DMADESC_METATYPE_HEADER)
5962 			bus_dmamap_unload(dr->dr_txring_dtag, meta->mt_dmap);
5963 		else if (meta->mt_txtype == BWN_DMADESC_METATYPE_BODY)
5964 			bus_dmamap_unload(dma->txbuf_dtag, meta->mt_dmap);
5965 
5966 		if (meta->mt_islast) {
5967 			KASSERT(meta->mt_m != NULL,
5968 			    ("%s:%d: fail", __func__, __LINE__));
5969 
5970 			bwn_ratectl_tx_complete(meta->mt_ni, status);
5971 			ieee80211_tx_complete(meta->mt_ni, meta->mt_m, 0);
5972 			meta->mt_ni = NULL;
5973 			meta->mt_m = NULL;
5974 		} else
5975 			KASSERT(meta->mt_m == NULL,
5976 			    ("%s:%d: fail", __func__, __LINE__));
5977 
5978 		dr->dr_usedslot--;
5979 		if (meta->mt_islast)
5980 			break;
5981 		slot = bwn_dma_nextslot(dr, slot);
5982 	}
5983 	sc->sc_watchdog_timer = 0;
5984 	if (dr->dr_stop) {
5985 		KASSERT(bwn_dma_freeslot(dr) >= BWN_TX_SLOTS_PER_FRAME,
5986 		    ("%s:%d: fail", __func__, __LINE__));
5987 		dr->dr_stop = 0;
5988 	}
5989 }
5990 
5991 static void
5992 bwn_pio_handle_txeof(struct bwn_mac *mac,
5993     const struct bwn_txstatus *status)
5994 {
5995 	struct bwn_pio_txqueue *tq;
5996 	struct bwn_pio_txpkt *tp = NULL;
5997 	struct bwn_softc *sc = mac->mac_sc;
5998 
5999 	BWN_ASSERT_LOCKED(sc);
6000 
6001 	tq = bwn_pio_parse_cookie(mac, status->cookie, &tp);
6002 	if (tq == NULL)
6003 		return;
6004 
6005 	tq->tq_used -= roundup(tp->tp_m->m_pkthdr.len + BWN_HDRSIZE(mac), 4);
6006 	tq->tq_free++;
6007 
6008 	/* XXX ieee80211_tx_complete()? */
6009 	if (tp->tp_ni != NULL) {
6010 		/*
6011 		 * Do any tx complete callback.  Note this must
6012 		 * be done before releasing the node reference.
6013 		 */
6014 
6015 		bwn_ratectl_tx_complete(tp->tp_ni, status);
6016 		if (tp->tp_m->m_flags & M_TXCB)
6017 			ieee80211_process_callback(tp->tp_ni, tp->tp_m, 0);
6018 		ieee80211_free_node(tp->tp_ni);
6019 		tp->tp_ni = NULL;
6020 	}
6021 	m_freem(tp->tp_m);
6022 	tp->tp_m = NULL;
6023 	TAILQ_INSERT_TAIL(&tq->tq_pktlist, tp, tp_list);
6024 
6025 	sc->sc_watchdog_timer = 0;
6026 }
6027 
6028 static void
6029 bwn_phy_txpower_check(struct bwn_mac *mac, uint32_t flags)
6030 {
6031 	struct bwn_softc *sc = mac->mac_sc;
6032 	struct bwn_phy *phy = &mac->mac_phy;
6033 	struct ieee80211com *ic = &sc->sc_ic;
6034 	unsigned long now;
6035 	bwn_txpwr_result_t result;
6036 
6037 	BWN_GETTIME(now);
6038 
6039 	if (!(flags & BWN_TXPWR_IGNORE_TIME) && ieee80211_time_before(now, phy->nexttime))
6040 		return;
6041 	phy->nexttime = now + 2 * 1000;
6042 
6043 	if (siba_get_pci_subvendor(sc->sc_dev) == SIBA_BOARDVENDOR_BCM &&
6044 	    siba_get_pci_subdevice(sc->sc_dev) == SIBA_BOARD_BU4306)
6045 		return;
6046 
6047 	if (phy->recalc_txpwr != NULL) {
6048 		result = phy->recalc_txpwr(mac,
6049 		    (flags & BWN_TXPWR_IGNORE_TSSI) ? 1 : 0);
6050 		if (result == BWN_TXPWR_RES_DONE)
6051 			return;
6052 		KASSERT(result == BWN_TXPWR_RES_NEED_ADJUST,
6053 		    ("%s: fail", __func__));
6054 		KASSERT(phy->set_txpwr != NULL, ("%s: fail", __func__));
6055 
6056 		ieee80211_runtask(ic, &mac->mac_txpower);
6057 	}
6058 }
6059 
6060 static uint16_t
6061 bwn_pio_rx_read_2(struct bwn_pio_rxqueue *prq, uint16_t offset)
6062 {
6063 
6064 	return (BWN_READ_2(prq->prq_mac, prq->prq_base + offset));
6065 }
6066 
6067 static uint32_t
6068 bwn_pio_rx_read_4(struct bwn_pio_rxqueue *prq, uint16_t offset)
6069 {
6070 
6071 	return (BWN_READ_4(prq->prq_mac, prq->prq_base + offset));
6072 }
6073 
6074 static void
6075 bwn_pio_rx_write_2(struct bwn_pio_rxqueue *prq, uint16_t offset, uint16_t value)
6076 {
6077 
6078 	BWN_WRITE_2(prq->prq_mac, prq->prq_base + offset, value);
6079 }
6080 
6081 static void
6082 bwn_pio_rx_write_4(struct bwn_pio_rxqueue *prq, uint16_t offset, uint32_t value)
6083 {
6084 
6085 	BWN_WRITE_4(prq->prq_mac, prq->prq_base + offset, value);
6086 }
6087 
6088 static int
6089 bwn_ieeerate2hwrate(struct bwn_softc *sc, int rate)
6090 {
6091 
6092 	switch (rate) {
6093 	/* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
6094 	case 12:
6095 		return (BWN_OFDM_RATE_6MB);
6096 	case 18:
6097 		return (BWN_OFDM_RATE_9MB);
6098 	case 24:
6099 		return (BWN_OFDM_RATE_12MB);
6100 	case 36:
6101 		return (BWN_OFDM_RATE_18MB);
6102 	case 48:
6103 		return (BWN_OFDM_RATE_24MB);
6104 	case 72:
6105 		return (BWN_OFDM_RATE_36MB);
6106 	case 96:
6107 		return (BWN_OFDM_RATE_48MB);
6108 	case 108:
6109 		return (BWN_OFDM_RATE_54MB);
6110 	/* CCK rates (NB: not IEEE std, device-specific) */
6111 	case 2:
6112 		return (BWN_CCK_RATE_1MB);
6113 	case 4:
6114 		return (BWN_CCK_RATE_2MB);
6115 	case 11:
6116 		return (BWN_CCK_RATE_5MB);
6117 	case 22:
6118 		return (BWN_CCK_RATE_11MB);
6119 	}
6120 
6121 	device_printf(sc->sc_dev, "unsupported rate %d\n", rate);
6122 	return (BWN_CCK_RATE_1MB);
6123 }
6124 
6125 static uint16_t
6126 bwn_set_txhdr_phyctl1(struct bwn_mac *mac, uint8_t bitrate)
6127 {
6128 	struct bwn_phy *phy = &mac->mac_phy;
6129 	uint16_t control = 0;
6130 	uint16_t bw;
6131 
6132 	/* XXX TODO: this is for LP phy, what about N-PHY, etc? */
6133 	bw = BWN_TXH_PHY1_BW_20;
6134 
6135 	if (BWN_ISCCKRATE(bitrate) && phy->type != BWN_PHYTYPE_LP) {
6136 		control = bw;
6137 	} else {
6138 		control = bw;
6139 		/* Figure out coding rate and modulation */
6140 		/* XXX TODO: table-ize, for MCS transmit */
6141 		/* Note: this is BWN_*_RATE values */
6142 		switch (bitrate) {
6143 		case BWN_CCK_RATE_1MB:
6144 			control |= 0;
6145 			break;
6146 		case BWN_CCK_RATE_2MB:
6147 			control |= 1;
6148 			break;
6149 		case BWN_CCK_RATE_5MB:
6150 			control |= 2;
6151 			break;
6152 		case BWN_CCK_RATE_11MB:
6153 			control |= 3;
6154 			break;
6155 		case BWN_OFDM_RATE_6MB:
6156 			control |= BWN_TXH_PHY1_CRATE_1_2;
6157 			control |= BWN_TXH_PHY1_MODUL_BPSK;
6158 			break;
6159 		case BWN_OFDM_RATE_9MB:
6160 			control |= BWN_TXH_PHY1_CRATE_3_4;
6161 			control |= BWN_TXH_PHY1_MODUL_BPSK;
6162 			break;
6163 		case BWN_OFDM_RATE_12MB:
6164 			control |= BWN_TXH_PHY1_CRATE_1_2;
6165 			control |= BWN_TXH_PHY1_MODUL_QPSK;
6166 			break;
6167 		case BWN_OFDM_RATE_18MB:
6168 			control |= BWN_TXH_PHY1_CRATE_3_4;
6169 			control |= BWN_TXH_PHY1_MODUL_QPSK;
6170 			break;
6171 		case BWN_OFDM_RATE_24MB:
6172 			control |= BWN_TXH_PHY1_CRATE_1_2;
6173 			control |= BWN_TXH_PHY1_MODUL_QAM16;
6174 			break;
6175 		case BWN_OFDM_RATE_36MB:
6176 			control |= BWN_TXH_PHY1_CRATE_3_4;
6177 			control |= BWN_TXH_PHY1_MODUL_QAM16;
6178 			break;
6179 		case BWN_OFDM_RATE_48MB:
6180 			control |= BWN_TXH_PHY1_CRATE_1_2;
6181 			control |= BWN_TXH_PHY1_MODUL_QAM64;
6182 			break;
6183 		case BWN_OFDM_RATE_54MB:
6184 			control |= BWN_TXH_PHY1_CRATE_3_4;
6185 			control |= BWN_TXH_PHY1_MODUL_QAM64;
6186 			break;
6187 		default:
6188 			break;
6189 		}
6190 		control |= BWN_TXH_PHY1_MODE_SISO;
6191 	}
6192 
6193 	return control;
6194 }
6195 
6196 static int
6197 bwn_set_txhdr(struct bwn_mac *mac, struct ieee80211_node *ni,
6198     struct mbuf *m, struct bwn_txhdr *txhdr, uint16_t cookie)
6199 {
6200 	const struct bwn_phy *phy = &mac->mac_phy;
6201 	struct bwn_softc *sc = mac->mac_sc;
6202 	struct ieee80211_frame *wh;
6203 	struct ieee80211_frame *protwh;
6204 	struct ieee80211_frame_cts *cts;
6205 	struct ieee80211_frame_rts *rts;
6206 	const struct ieee80211_txparam *tp = ni->ni_txparms;
6207 	struct ieee80211vap *vap = ni->ni_vap;
6208 	struct ieee80211com *ic = &sc->sc_ic;
6209 	struct mbuf *mprot;
6210 	unsigned int len;
6211 	uint32_t macctl = 0;
6212 	int protdur, rts_rate, rts_rate_fb, ismcast, isshort, rix, type;
6213 	uint16_t phyctl = 0;
6214 	uint8_t rate, rate_fb;
6215 	int fill_phy_ctl1 = 0;
6216 
6217 	wh = mtod(m, struct ieee80211_frame *);
6218 	memset(txhdr, 0, sizeof(*txhdr));
6219 
6220 	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
6221 	ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1);
6222 	isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
6223 
6224 	if ((phy->type == BWN_PHYTYPE_N) || (phy->type == BWN_PHYTYPE_LP)
6225 	    || (phy->type == BWN_PHYTYPE_HT))
6226 		fill_phy_ctl1 = 1;
6227 
6228 	/*
6229 	 * Find TX rate
6230 	 */
6231 	if (type != IEEE80211_FC0_TYPE_DATA || (m->m_flags & M_EAPOL))
6232 		rate = rate_fb = tp->mgmtrate;
6233 	else if (ismcast)
6234 		rate = rate_fb = tp->mcastrate;
6235 	else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
6236 		rate = rate_fb = tp->ucastrate;
6237 	else {
6238 		rix = ieee80211_ratectl_rate(ni, NULL, 0);
6239 		rate = ni->ni_txrate;
6240 
6241 		if (rix > 0)
6242 			rate_fb = ni->ni_rates.rs_rates[rix - 1] &
6243 			    IEEE80211_RATE_VAL;
6244 		else
6245 			rate_fb = rate;
6246 	}
6247 
6248 	sc->sc_tx_rate = rate;
6249 
6250 	/* Note: this maps the select ieee80211 rate to hardware rate */
6251 	rate = bwn_ieeerate2hwrate(sc, rate);
6252 	rate_fb = bwn_ieeerate2hwrate(sc, rate_fb);
6253 
6254 	txhdr->phyrate = (BWN_ISOFDMRATE(rate)) ? bwn_plcp_getofdm(rate) :
6255 	    bwn_plcp_getcck(rate);
6256 	bcopy(wh->i_fc, txhdr->macfc, sizeof(txhdr->macfc));
6257 	bcopy(wh->i_addr1, txhdr->addr1, IEEE80211_ADDR_LEN);
6258 
6259 	/* XXX rate/rate_fb is the hardware rate */
6260 	if ((rate_fb == rate) ||
6261 	    (*(u_int16_t *)wh->i_dur & htole16(0x8000)) ||
6262 	    (*(u_int16_t *)wh->i_dur == htole16(0)))
6263 		txhdr->dur_fb = *(u_int16_t *)wh->i_dur;
6264 	else
6265 		txhdr->dur_fb = ieee80211_compute_duration(ic->ic_rt,
6266 		    m->m_pkthdr.len, rate, isshort);
6267 
6268 	/* XXX TX encryption */
6269 
6270 	switch (mac->mac_fw.fw_hdr_format) {
6271 	case BWN_FW_HDR_351:
6272 		bwn_plcp_genhdr((struct bwn_plcp4 *)(&txhdr->body.r351.plcp),
6273 		    m->m_pkthdr.len + IEEE80211_CRC_LEN, rate);
6274 		break;
6275 	case BWN_FW_HDR_410:
6276 		bwn_plcp_genhdr((struct bwn_plcp4 *)(&txhdr->body.r410.plcp),
6277 		    m->m_pkthdr.len + IEEE80211_CRC_LEN, rate);
6278 		break;
6279 	case BWN_FW_HDR_598:
6280 		bwn_plcp_genhdr((struct bwn_plcp4 *)(&txhdr->body.r598.plcp),
6281 		    m->m_pkthdr.len + IEEE80211_CRC_LEN, rate);
6282 		break;
6283 	}
6284 
6285 	bwn_plcp_genhdr((struct bwn_plcp4 *)(&txhdr->plcp_fb),
6286 	    m->m_pkthdr.len + IEEE80211_CRC_LEN, rate_fb);
6287 
6288 	txhdr->eftypes |= (BWN_ISOFDMRATE(rate_fb)) ? BWN_TX_EFT_FB_OFDM :
6289 	    BWN_TX_EFT_FB_CCK;
6290 	txhdr->chan = phy->chan;
6291 	phyctl |= (BWN_ISOFDMRATE(rate)) ? BWN_TX_PHY_ENC_OFDM :
6292 	    BWN_TX_PHY_ENC_CCK;
6293 	/* XXX preamble? obey net80211 */
6294 	if (isshort && (rate == BWN_CCK_RATE_2MB || rate == BWN_CCK_RATE_5MB ||
6295 	     rate == BWN_CCK_RATE_11MB))
6296 		phyctl |= BWN_TX_PHY_SHORTPRMBL;
6297 
6298 	if (! phy->gmode)
6299 		macctl |= BWN_TX_MAC_5GHZ;
6300 
6301 	/* XXX TX antenna selection */
6302 
6303 	switch (bwn_antenna_sanitize(mac, 0)) {
6304 	case 0:
6305 		phyctl |= BWN_TX_PHY_ANT01AUTO;
6306 		break;
6307 	case 1:
6308 		phyctl |= BWN_TX_PHY_ANT0;
6309 		break;
6310 	case 2:
6311 		phyctl |= BWN_TX_PHY_ANT1;
6312 		break;
6313 	case 3:
6314 		phyctl |= BWN_TX_PHY_ANT2;
6315 		break;
6316 	case 4:
6317 		phyctl |= BWN_TX_PHY_ANT3;
6318 		break;
6319 	default:
6320 		KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
6321 	}
6322 
6323 	if (!ismcast)
6324 		macctl |= BWN_TX_MAC_ACK;
6325 
6326 	macctl |= (BWN_TX_MAC_HWSEQ | BWN_TX_MAC_START_MSDU);
6327 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
6328 	    m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold)
6329 		macctl |= BWN_TX_MAC_LONGFRAME;
6330 
6331 	if (ic->ic_flags & IEEE80211_F_USEPROT) {
6332 		/* Note: don't fall back to CCK rates for 5G */
6333 		if (phy->gmode)
6334 			rts_rate = BWN_CCK_RATE_1MB;
6335 		else
6336 			rts_rate = BWN_OFDM_RATE_6MB;
6337 		rts_rate_fb = bwn_get_fbrate(rts_rate);
6338 
6339 		/* XXX 'rate' here is hardware rate now, not the net80211 rate */
6340 		protdur = ieee80211_compute_duration(ic->ic_rt,
6341 		    m->m_pkthdr.len, rate, isshort) +
6342 		    + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
6343 
6344 		if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) {
6345 
6346 			switch (mac->mac_fw.fw_hdr_format) {
6347 			case BWN_FW_HDR_351:
6348 				cts = (struct ieee80211_frame_cts *)
6349 				    txhdr->body.r351.rts_frame;
6350 				break;
6351 			case BWN_FW_HDR_410:
6352 				cts = (struct ieee80211_frame_cts *)
6353 				    txhdr->body.r410.rts_frame;
6354 				break;
6355 			case BWN_FW_HDR_598:
6356 				cts = (struct ieee80211_frame_cts *)
6357 				    txhdr->body.r598.rts_frame;
6358 				break;
6359 			}
6360 
6361 			mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr,
6362 			    protdur);
6363 			KASSERT(mprot != NULL, ("failed to alloc mbuf\n"));
6364 			bcopy(mtod(mprot, uint8_t *), (uint8_t *)cts,
6365 			    mprot->m_pkthdr.len);
6366 			m_freem(mprot);
6367 			macctl |= BWN_TX_MAC_SEND_CTSTOSELF;
6368 			len = sizeof(struct ieee80211_frame_cts);
6369 		} else {
6370 			switch (mac->mac_fw.fw_hdr_format) {
6371 			case BWN_FW_HDR_351:
6372 				rts = (struct ieee80211_frame_rts *)
6373 				    txhdr->body.r351.rts_frame;
6374 				break;
6375 			case BWN_FW_HDR_410:
6376 				rts = (struct ieee80211_frame_rts *)
6377 				    txhdr->body.r410.rts_frame;
6378 				break;
6379 			case BWN_FW_HDR_598:
6380 				rts = (struct ieee80211_frame_rts *)
6381 				    txhdr->body.r598.rts_frame;
6382 				break;
6383 			}
6384 
6385 			/* XXX rate/rate_fb is the hardware rate */
6386 			protdur += ieee80211_ack_duration(ic->ic_rt, rate,
6387 			    isshort);
6388 			mprot = ieee80211_alloc_rts(ic, wh->i_addr1,
6389 			    wh->i_addr2, protdur);
6390 			KASSERT(mprot != NULL, ("failed to alloc mbuf\n"));
6391 			bcopy(mtod(mprot, uint8_t *), (uint8_t *)rts,
6392 			    mprot->m_pkthdr.len);
6393 			m_freem(mprot);
6394 			macctl |= BWN_TX_MAC_SEND_RTSCTS;
6395 			len = sizeof(struct ieee80211_frame_rts);
6396 		}
6397 		len += IEEE80211_CRC_LEN;
6398 
6399 		switch (mac->mac_fw.fw_hdr_format) {
6400 		case BWN_FW_HDR_351:
6401 			bwn_plcp_genhdr((struct bwn_plcp4 *)
6402 			    &txhdr->body.r351.rts_plcp, len, rts_rate);
6403 			break;
6404 		case BWN_FW_HDR_410:
6405 			bwn_plcp_genhdr((struct bwn_plcp4 *)
6406 			    &txhdr->body.r410.rts_plcp, len, rts_rate);
6407 			break;
6408 		case BWN_FW_HDR_598:
6409 			bwn_plcp_genhdr((struct bwn_plcp4 *)
6410 			    &txhdr->body.r598.rts_plcp, len, rts_rate);
6411 			break;
6412 		}
6413 
6414 		bwn_plcp_genhdr((struct bwn_plcp4 *)&txhdr->rts_plcp_fb, len,
6415 		    rts_rate_fb);
6416 
6417 		switch (mac->mac_fw.fw_hdr_format) {
6418 		case BWN_FW_HDR_351:
6419 			protwh = (struct ieee80211_frame *)
6420 			    &txhdr->body.r351.rts_frame;
6421 			break;
6422 		case BWN_FW_HDR_410:
6423 			protwh = (struct ieee80211_frame *)
6424 			    &txhdr->body.r410.rts_frame;
6425 			break;
6426 		case BWN_FW_HDR_598:
6427 			protwh = (struct ieee80211_frame *)
6428 			    &txhdr->body.r598.rts_frame;
6429 			break;
6430 		}
6431 
6432 		txhdr->rts_dur_fb = *(u_int16_t *)protwh->i_dur;
6433 
6434 		if (BWN_ISOFDMRATE(rts_rate)) {
6435 			txhdr->eftypes |= BWN_TX_EFT_RTS_OFDM;
6436 			txhdr->phyrate_rts = bwn_plcp_getofdm(rts_rate);
6437 		} else {
6438 			txhdr->eftypes |= BWN_TX_EFT_RTS_CCK;
6439 			txhdr->phyrate_rts = bwn_plcp_getcck(rts_rate);
6440 		}
6441 		txhdr->eftypes |= (BWN_ISOFDMRATE(rts_rate_fb)) ?
6442 		    BWN_TX_EFT_RTS_FBOFDM : BWN_TX_EFT_RTS_FBCCK;
6443 
6444 		if (fill_phy_ctl1) {
6445 			txhdr->phyctl_1rts = htole16(bwn_set_txhdr_phyctl1(mac, rts_rate));
6446 			txhdr->phyctl_1rtsfb = htole16(bwn_set_txhdr_phyctl1(mac, rts_rate_fb));
6447 		}
6448 	}
6449 
6450 	if (fill_phy_ctl1) {
6451 		txhdr->phyctl_1 = htole16(bwn_set_txhdr_phyctl1(mac, rate));
6452 		txhdr->phyctl_1fb = htole16(bwn_set_txhdr_phyctl1(mac, rate_fb));
6453 	}
6454 
6455 	switch (mac->mac_fw.fw_hdr_format) {
6456 	case BWN_FW_HDR_351:
6457 		txhdr->body.r351.cookie = htole16(cookie);
6458 		break;
6459 	case BWN_FW_HDR_410:
6460 		txhdr->body.r410.cookie = htole16(cookie);
6461 		break;
6462 	case BWN_FW_HDR_598:
6463 		txhdr->body.r598.cookie = htole16(cookie);
6464 		break;
6465 	}
6466 
6467 	txhdr->macctl = htole32(macctl);
6468 	txhdr->phyctl = htole16(phyctl);
6469 
6470 	/*
6471 	 * TX radio tap
6472 	 */
6473 	if (ieee80211_radiotap_active_vap(vap)) {
6474 		sc->sc_tx_th.wt_flags = 0;
6475 		if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)
6476 			sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_WEP;
6477 		if (isshort &&
6478 		    (rate == BWN_CCK_RATE_2MB || rate == BWN_CCK_RATE_5MB ||
6479 		     rate == BWN_CCK_RATE_11MB))
6480 			sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
6481 		sc->sc_tx_th.wt_rate = rate;
6482 
6483 		ieee80211_radiotap_tx(vap, m);
6484 	}
6485 
6486 	return (0);
6487 }
6488 
6489 static void
6490 bwn_plcp_genhdr(struct bwn_plcp4 *plcp, const uint16_t octets,
6491     const uint8_t rate)
6492 {
6493 	uint32_t d, plen;
6494 	uint8_t *raw = plcp->o.raw;
6495 
6496 	if (BWN_ISOFDMRATE(rate)) {
6497 		d = bwn_plcp_getofdm(rate);
6498 		KASSERT(!(octets & 0xf000),
6499 		    ("%s:%d: fail", __func__, __LINE__));
6500 		d |= (octets << 5);
6501 		plcp->o.data = htole32(d);
6502 	} else {
6503 		plen = octets * 16 / rate;
6504 		if ((octets * 16 % rate) > 0) {
6505 			plen++;
6506 			if ((rate == BWN_CCK_RATE_11MB)
6507 			    && ((octets * 8 % 11) < 4)) {
6508 				raw[1] = 0x84;
6509 			} else
6510 				raw[1] = 0x04;
6511 		} else
6512 			raw[1] = 0x04;
6513 		plcp->o.data |= htole32(plen << 16);
6514 		raw[0] = bwn_plcp_getcck(rate);
6515 	}
6516 }
6517 
6518 static uint8_t
6519 bwn_antenna_sanitize(struct bwn_mac *mac, uint8_t n)
6520 {
6521 	struct bwn_softc *sc = mac->mac_sc;
6522 	uint8_t mask;
6523 
6524 	if (n == 0)
6525 		return (0);
6526 	if (mac->mac_phy.gmode)
6527 		mask = siba_sprom_get_ant_bg(sc->sc_dev);
6528 	else
6529 		mask = siba_sprom_get_ant_a(sc->sc_dev);
6530 	if (!(mask & (1 << (n - 1))))
6531 		return (0);
6532 	return (n);
6533 }
6534 
6535 /*
6536  * Return a fallback rate for the given rate.
6537  *
6538  * Note: Don't fall back from OFDM to CCK.
6539  */
6540 static uint8_t
6541 bwn_get_fbrate(uint8_t bitrate)
6542 {
6543 	switch (bitrate) {
6544 	/* CCK */
6545 	case BWN_CCK_RATE_1MB:
6546 		return (BWN_CCK_RATE_1MB);
6547 	case BWN_CCK_RATE_2MB:
6548 		return (BWN_CCK_RATE_1MB);
6549 	case BWN_CCK_RATE_5MB:
6550 		return (BWN_CCK_RATE_2MB);
6551 	case BWN_CCK_RATE_11MB:
6552 		return (BWN_CCK_RATE_5MB);
6553 
6554 	/* OFDM */
6555 	case BWN_OFDM_RATE_6MB:
6556 		return (BWN_OFDM_RATE_6MB);
6557 	case BWN_OFDM_RATE_9MB:
6558 		return (BWN_OFDM_RATE_6MB);
6559 	case BWN_OFDM_RATE_12MB:
6560 		return (BWN_OFDM_RATE_9MB);
6561 	case BWN_OFDM_RATE_18MB:
6562 		return (BWN_OFDM_RATE_12MB);
6563 	case BWN_OFDM_RATE_24MB:
6564 		return (BWN_OFDM_RATE_18MB);
6565 	case BWN_OFDM_RATE_36MB:
6566 		return (BWN_OFDM_RATE_24MB);
6567 	case BWN_OFDM_RATE_48MB:
6568 		return (BWN_OFDM_RATE_36MB);
6569 	case BWN_OFDM_RATE_54MB:
6570 		return (BWN_OFDM_RATE_48MB);
6571 	}
6572 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
6573 	return (0);
6574 }
6575 
6576 static uint32_t
6577 bwn_pio_write_multi_4(struct bwn_mac *mac, struct bwn_pio_txqueue *tq,
6578     uint32_t ctl, const void *_data, int len)
6579 {
6580 	struct bwn_softc *sc = mac->mac_sc;
6581 	uint32_t value = 0;
6582 	const uint8_t *data = _data;
6583 
6584 	ctl |= BWN_PIO8_TXCTL_0_7 | BWN_PIO8_TXCTL_8_15 |
6585 	    BWN_PIO8_TXCTL_16_23 | BWN_PIO8_TXCTL_24_31;
6586 	bwn_pio_write_4(mac, tq, BWN_PIO8_TXCTL, ctl);
6587 
6588 	siba_write_multi_4(sc->sc_dev, data, (len & ~3),
6589 	    tq->tq_base + BWN_PIO8_TXDATA);
6590 	if (len & 3) {
6591 		ctl &= ~(BWN_PIO8_TXCTL_8_15 | BWN_PIO8_TXCTL_16_23 |
6592 		    BWN_PIO8_TXCTL_24_31);
6593 		data = &(data[len - 1]);
6594 		switch (len & 3) {
6595 		case 3:
6596 			ctl |= BWN_PIO8_TXCTL_16_23;
6597 			value |= (uint32_t)(*data) << 16;
6598 			data--;
6599 		case 2:
6600 			ctl |= BWN_PIO8_TXCTL_8_15;
6601 			value |= (uint32_t)(*data) << 8;
6602 			data--;
6603 		case 1:
6604 			value |= (uint32_t)(*data);
6605 		}
6606 		bwn_pio_write_4(mac, tq, BWN_PIO8_TXCTL, ctl);
6607 		bwn_pio_write_4(mac, tq, BWN_PIO8_TXDATA, value);
6608 	}
6609 
6610 	return (ctl);
6611 }
6612 
6613 static void
6614 bwn_pio_write_4(struct bwn_mac *mac, struct bwn_pio_txqueue *tq,
6615     uint16_t offset, uint32_t value)
6616 {
6617 
6618 	BWN_WRITE_4(mac, tq->tq_base + offset, value);
6619 }
6620 
6621 static uint16_t
6622 bwn_pio_write_multi_2(struct bwn_mac *mac, struct bwn_pio_txqueue *tq,
6623     uint16_t ctl, const void *_data, int len)
6624 {
6625 	struct bwn_softc *sc = mac->mac_sc;
6626 	const uint8_t *data = _data;
6627 
6628 	ctl |= BWN_PIO_TXCTL_WRITELO | BWN_PIO_TXCTL_WRITEHI;
6629 	BWN_PIO_WRITE_2(mac, tq, BWN_PIO_TXCTL, ctl);
6630 
6631 	siba_write_multi_2(sc->sc_dev, data, (len & ~1),
6632 	    tq->tq_base + BWN_PIO_TXDATA);
6633 	if (len & 1) {
6634 		ctl &= ~BWN_PIO_TXCTL_WRITEHI;
6635 		BWN_PIO_WRITE_2(mac, tq, BWN_PIO_TXCTL, ctl);
6636 		BWN_PIO_WRITE_2(mac, tq, BWN_PIO_TXDATA, data[len - 1]);
6637 	}
6638 
6639 	return (ctl);
6640 }
6641 
6642 static uint16_t
6643 bwn_pio_write_mbuf_2(struct bwn_mac *mac, struct bwn_pio_txqueue *tq,
6644     uint16_t ctl, struct mbuf *m0)
6645 {
6646 	int i, j = 0;
6647 	uint16_t data = 0;
6648 	const uint8_t *buf;
6649 	struct mbuf *m = m0;
6650 
6651 	ctl |= BWN_PIO_TXCTL_WRITELO | BWN_PIO_TXCTL_WRITEHI;
6652 	BWN_PIO_WRITE_2(mac, tq, BWN_PIO_TXCTL, ctl);
6653 
6654 	for (; m != NULL; m = m->m_next) {
6655 		buf = mtod(m, const uint8_t *);
6656 		for (i = 0; i < m->m_len; i++) {
6657 			if (!((j++) % 2))
6658 				data |= buf[i];
6659 			else {
6660 				data |= (buf[i] << 8);
6661 				BWN_PIO_WRITE_2(mac, tq, BWN_PIO_TXDATA, data);
6662 				data = 0;
6663 			}
6664 		}
6665 	}
6666 	if (m0->m_pkthdr.len % 2) {
6667 		ctl &= ~BWN_PIO_TXCTL_WRITEHI;
6668 		BWN_PIO_WRITE_2(mac, tq, BWN_PIO_TXCTL, ctl);
6669 		BWN_PIO_WRITE_2(mac, tq, BWN_PIO_TXDATA, data);
6670 	}
6671 
6672 	return (ctl);
6673 }
6674 
6675 static void
6676 bwn_set_slot_time(struct bwn_mac *mac, uint16_t time)
6677 {
6678 
6679 	/* XXX should exit if 5GHz band .. */
6680 	if (mac->mac_phy.type != BWN_PHYTYPE_G)
6681 		return;
6682 
6683 	BWN_WRITE_2(mac, 0x684, 510 + time);
6684 	/* Disabled in Linux b43, can adversely effect performance */
6685 #if 0
6686 	bwn_shm_write_2(mac, BWN_SHARED, 0x0010, time);
6687 #endif
6688 }
6689 
6690 static struct bwn_dma_ring *
6691 bwn_dma_select(struct bwn_mac *mac, uint8_t prio)
6692 {
6693 
6694 	if ((mac->mac_flags & BWN_MAC_FLAG_WME) == 0)
6695 		return (mac->mac_method.dma.wme[WME_AC_BE]);
6696 
6697 	switch (prio) {
6698 	case 3:
6699 		return (mac->mac_method.dma.wme[WME_AC_VO]);
6700 	case 2:
6701 		return (mac->mac_method.dma.wme[WME_AC_VI]);
6702 	case 0:
6703 		return (mac->mac_method.dma.wme[WME_AC_BE]);
6704 	case 1:
6705 		return (mac->mac_method.dma.wme[WME_AC_BK]);
6706 	}
6707 	KASSERT(0 == 1, ("%s:%d: fail", __func__, __LINE__));
6708 	return (NULL);
6709 }
6710 
6711 static int
6712 bwn_dma_getslot(struct bwn_dma_ring *dr)
6713 {
6714 	int slot;
6715 
6716 	BWN_ASSERT_LOCKED(dr->dr_mac->mac_sc);
6717 
6718 	KASSERT(dr->dr_tx, ("%s:%d: fail", __func__, __LINE__));
6719 	KASSERT(!(dr->dr_stop), ("%s:%d: fail", __func__, __LINE__));
6720 	KASSERT(bwn_dma_freeslot(dr) != 0, ("%s:%d: fail", __func__, __LINE__));
6721 
6722 	slot = bwn_dma_nextslot(dr, dr->dr_curslot);
6723 	KASSERT(!(slot & ~0x0fff), ("%s:%d: fail", __func__, __LINE__));
6724 	dr->dr_curslot = slot;
6725 	dr->dr_usedslot++;
6726 
6727 	return (slot);
6728 }
6729 
6730 static struct bwn_pio_txqueue *
6731 bwn_pio_parse_cookie(struct bwn_mac *mac, uint16_t cookie,
6732     struct bwn_pio_txpkt **pack)
6733 {
6734 	struct bwn_pio *pio = &mac->mac_method.pio;
6735 	struct bwn_pio_txqueue *tq = NULL;
6736 	unsigned int index;
6737 
6738 	switch (cookie & 0xf000) {
6739 	case 0x1000:
6740 		tq = &pio->wme[WME_AC_BK];
6741 		break;
6742 	case 0x2000:
6743 		tq = &pio->wme[WME_AC_BE];
6744 		break;
6745 	case 0x3000:
6746 		tq = &pio->wme[WME_AC_VI];
6747 		break;
6748 	case 0x4000:
6749 		tq = &pio->wme[WME_AC_VO];
6750 		break;
6751 	case 0x5000:
6752 		tq = &pio->mcast;
6753 		break;
6754 	}
6755 	KASSERT(tq != NULL, ("%s:%d: fail", __func__, __LINE__));
6756 	if (tq == NULL)
6757 		return (NULL);
6758 	index = (cookie & 0x0fff);
6759 	KASSERT(index < N(tq->tq_pkts), ("%s:%d: fail", __func__, __LINE__));
6760 	if (index >= N(tq->tq_pkts))
6761 		return (NULL);
6762 	*pack = &tq->tq_pkts[index];
6763 	KASSERT(*pack != NULL, ("%s:%d: fail", __func__, __LINE__));
6764 	return (tq);
6765 }
6766 
6767 static void
6768 bwn_txpwr(void *arg, int npending)
6769 {
6770 	struct bwn_mac *mac = arg;
6771 	struct bwn_softc *sc;
6772 
6773 	if (mac == NULL)
6774 		return;
6775 
6776 	sc = mac->mac_sc;
6777 
6778 	BWN_LOCK(sc);
6779 	if (mac->mac_status >= BWN_MAC_STATUS_STARTED &&
6780 	    mac->mac_phy.set_txpwr != NULL)
6781 		mac->mac_phy.set_txpwr(mac);
6782 	BWN_UNLOCK(sc);
6783 }
6784 
6785 static void
6786 bwn_task_15s(struct bwn_mac *mac)
6787 {
6788 	uint16_t reg;
6789 
6790 	if (mac->mac_fw.opensource) {
6791 		reg = bwn_shm_read_2(mac, BWN_SCRATCH, BWN_WATCHDOG_REG);
6792 		if (reg) {
6793 			bwn_restart(mac, "fw watchdog");
6794 			return;
6795 		}
6796 		bwn_shm_write_2(mac, BWN_SCRATCH, BWN_WATCHDOG_REG, 1);
6797 	}
6798 	if (mac->mac_phy.task_15s)
6799 		mac->mac_phy.task_15s(mac);
6800 
6801 	mac->mac_phy.txerrors = BWN_TXERROR_MAX;
6802 }
6803 
6804 static void
6805 bwn_task_30s(struct bwn_mac *mac)
6806 {
6807 
6808 	if (mac->mac_phy.type != BWN_PHYTYPE_G || mac->mac_noise.noi_running)
6809 		return;
6810 	mac->mac_noise.noi_running = 1;
6811 	mac->mac_noise.noi_nsamples = 0;
6812 
6813 	bwn_noise_gensample(mac);
6814 }
6815 
6816 static void
6817 bwn_task_60s(struct bwn_mac *mac)
6818 {
6819 
6820 	if (mac->mac_phy.task_60s)
6821 		mac->mac_phy.task_60s(mac);
6822 	bwn_phy_txpower_check(mac, BWN_TXPWR_IGNORE_TIME);
6823 }
6824 
6825 static void
6826 bwn_tasks(void *arg)
6827 {
6828 	struct bwn_mac *mac = arg;
6829 	struct bwn_softc *sc = mac->mac_sc;
6830 
6831 	BWN_ASSERT_LOCKED(sc);
6832 	if (mac->mac_status != BWN_MAC_STATUS_STARTED)
6833 		return;
6834 
6835 	if (mac->mac_task_state % 4 == 0)
6836 		bwn_task_60s(mac);
6837 	if (mac->mac_task_state % 2 == 0)
6838 		bwn_task_30s(mac);
6839 	bwn_task_15s(mac);
6840 
6841 	mac->mac_task_state++;
6842 	callout_reset(&sc->sc_task_ch, hz * 15, bwn_tasks, mac);
6843 }
6844 
6845 static int
6846 bwn_plcp_get_ofdmrate(struct bwn_mac *mac, struct bwn_plcp6 *plcp, uint8_t a)
6847 {
6848 	struct bwn_softc *sc = mac->mac_sc;
6849 
6850 	KASSERT(a == 0, ("not support APHY\n"));
6851 
6852 	switch (plcp->o.raw[0] & 0xf) {
6853 	case 0xb:
6854 		return (BWN_OFDM_RATE_6MB);
6855 	case 0xf:
6856 		return (BWN_OFDM_RATE_9MB);
6857 	case 0xa:
6858 		return (BWN_OFDM_RATE_12MB);
6859 	case 0xe:
6860 		return (BWN_OFDM_RATE_18MB);
6861 	case 0x9:
6862 		return (BWN_OFDM_RATE_24MB);
6863 	case 0xd:
6864 		return (BWN_OFDM_RATE_36MB);
6865 	case 0x8:
6866 		return (BWN_OFDM_RATE_48MB);
6867 	case 0xc:
6868 		return (BWN_OFDM_RATE_54MB);
6869 	}
6870 	device_printf(sc->sc_dev, "incorrect OFDM rate %d\n",
6871 	    plcp->o.raw[0] & 0xf);
6872 	return (-1);
6873 }
6874 
6875 static int
6876 bwn_plcp_get_cckrate(struct bwn_mac *mac, struct bwn_plcp6 *plcp)
6877 {
6878 	struct bwn_softc *sc = mac->mac_sc;
6879 
6880 	switch (plcp->o.raw[0]) {
6881 	case 0x0a:
6882 		return (BWN_CCK_RATE_1MB);
6883 	case 0x14:
6884 		return (BWN_CCK_RATE_2MB);
6885 	case 0x37:
6886 		return (BWN_CCK_RATE_5MB);
6887 	case 0x6e:
6888 		return (BWN_CCK_RATE_11MB);
6889 	}
6890 	device_printf(sc->sc_dev, "incorrect CCK rate %d\n", plcp->o.raw[0]);
6891 	return (-1);
6892 }
6893 
6894 static void
6895 bwn_rx_radiotap(struct bwn_mac *mac, struct mbuf *m,
6896     const struct bwn_rxhdr4 *rxhdr, struct bwn_plcp6 *plcp, int rate,
6897     int rssi, int noise)
6898 {
6899 	struct bwn_softc *sc = mac->mac_sc;
6900 	const struct ieee80211_frame_min *wh;
6901 	uint64_t tsf;
6902 	uint16_t low_mactime_now;
6903 	uint16_t mt;
6904 
6905 	if (htole16(rxhdr->phy_status0) & BWN_RX_PHYST0_SHORTPRMBL)
6906 		sc->sc_rx_th.wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
6907 
6908 	wh = mtod(m, const struct ieee80211_frame_min *);
6909 	if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)
6910 		sc->sc_rx_th.wr_flags |= IEEE80211_RADIOTAP_F_WEP;
6911 
6912 	bwn_tsf_read(mac, &tsf);
6913 	low_mactime_now = tsf;
6914 	tsf = tsf & ~0xffffULL;
6915 
6916 	switch (mac->mac_fw.fw_hdr_format) {
6917 	case BWN_FW_HDR_351:
6918 	case BWN_FW_HDR_410:
6919 		mt = le16toh(rxhdr->ps4.r351.mac_time);
6920 		break;
6921 	case BWN_FW_HDR_598:
6922 		mt = le16toh(rxhdr->ps4.r598.mac_time);
6923 		break;
6924 	}
6925 
6926 	tsf += mt;
6927 	if (low_mactime_now < mt)
6928 		tsf -= 0x10000;
6929 
6930 	sc->sc_rx_th.wr_tsf = tsf;
6931 	sc->sc_rx_th.wr_rate = rate;
6932 	sc->sc_rx_th.wr_antsignal = rssi;
6933 	sc->sc_rx_th.wr_antnoise = noise;
6934 }
6935 
6936 static void
6937 bwn_tsf_read(struct bwn_mac *mac, uint64_t *tsf)
6938 {
6939 	uint32_t low, high;
6940 
6941 	KASSERT(siba_get_revid(mac->mac_sc->sc_dev) >= 3,
6942 	    ("%s:%d: fail", __func__, __LINE__));
6943 
6944 	low = BWN_READ_4(mac, BWN_REV3PLUS_TSF_LOW);
6945 	high = BWN_READ_4(mac, BWN_REV3PLUS_TSF_HIGH);
6946 	*tsf = high;
6947 	*tsf <<= 32;
6948 	*tsf |= low;
6949 }
6950 
6951 static int
6952 bwn_dma_attach(struct bwn_mac *mac)
6953 {
6954 	struct bwn_dma *dma = &mac->mac_method.dma;
6955 	struct bwn_softc *sc = mac->mac_sc;
6956 	bus_addr_t lowaddr = 0;
6957 	int error;
6958 
6959 	if (siba_get_type(sc->sc_dev) == SIBA_TYPE_PCMCIA || bwn_usedma == 0)
6960 		return (0);
6961 
6962 	KASSERT(siba_get_revid(sc->sc_dev) >= 5, ("%s: fail", __func__));
6963 
6964 	mac->mac_flags |= BWN_MAC_FLAG_DMA;
6965 
6966 	dma->dmatype = bwn_dma_gettype(mac);
6967 	if (dma->dmatype == BWN_DMA_30BIT)
6968 		lowaddr = BWN_BUS_SPACE_MAXADDR_30BIT;
6969 	else if (dma->dmatype == BWN_DMA_32BIT)
6970 		lowaddr = BUS_SPACE_MAXADDR_32BIT;
6971 	else
6972 		lowaddr = BUS_SPACE_MAXADDR;
6973 
6974 	/*
6975 	 * Create top level DMA tag
6976 	 */
6977 	error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev),	/* parent */
6978 			       BWN_ALIGN, 0,		/* alignment, bounds */
6979 			       lowaddr,			/* lowaddr */
6980 			       BUS_SPACE_MAXADDR,	/* highaddr */
6981 			       NULL, NULL,		/* filter, filterarg */
6982 			       BUS_SPACE_MAXSIZE,	/* maxsize */
6983 			       BUS_SPACE_UNRESTRICTED,	/* nsegments */
6984 			       BUS_SPACE_MAXSIZE,	/* maxsegsize */
6985 			       0,			/* flags */
6986 			       NULL, NULL,		/* lockfunc, lockarg */
6987 			       &dma->parent_dtag);
6988 	if (error) {
6989 		device_printf(sc->sc_dev, "can't create parent DMA tag\n");
6990 		return (error);
6991 	}
6992 
6993 	/*
6994 	 * Create TX/RX mbuf DMA tag
6995 	 */
6996 	error = bus_dma_tag_create(dma->parent_dtag,
6997 				1,
6998 				0,
6999 				BUS_SPACE_MAXADDR,
7000 				BUS_SPACE_MAXADDR,
7001 				NULL, NULL,
7002 				MCLBYTES,
7003 				1,
7004 				BUS_SPACE_MAXSIZE_32BIT,
7005 				0,
7006 				NULL, NULL,
7007 				&dma->rxbuf_dtag);
7008 	if (error) {
7009 		device_printf(sc->sc_dev, "can't create mbuf DMA tag\n");
7010 		goto fail0;
7011 	}
7012 	error = bus_dma_tag_create(dma->parent_dtag,
7013 				1,
7014 				0,
7015 				BUS_SPACE_MAXADDR,
7016 				BUS_SPACE_MAXADDR,
7017 				NULL, NULL,
7018 				MCLBYTES,
7019 				1,
7020 				BUS_SPACE_MAXSIZE_32BIT,
7021 				0,
7022 				NULL, NULL,
7023 				&dma->txbuf_dtag);
7024 	if (error) {
7025 		device_printf(sc->sc_dev, "can't create mbuf DMA tag\n");
7026 		goto fail1;
7027 	}
7028 
7029 	dma->wme[WME_AC_BK] = bwn_dma_ringsetup(mac, 0, 1, dma->dmatype);
7030 	if (!dma->wme[WME_AC_BK])
7031 		goto fail2;
7032 
7033 	dma->wme[WME_AC_BE] = bwn_dma_ringsetup(mac, 1, 1, dma->dmatype);
7034 	if (!dma->wme[WME_AC_BE])
7035 		goto fail3;
7036 
7037 	dma->wme[WME_AC_VI] = bwn_dma_ringsetup(mac, 2, 1, dma->dmatype);
7038 	if (!dma->wme[WME_AC_VI])
7039 		goto fail4;
7040 
7041 	dma->wme[WME_AC_VO] = bwn_dma_ringsetup(mac, 3, 1, dma->dmatype);
7042 	if (!dma->wme[WME_AC_VO])
7043 		goto fail5;
7044 
7045 	dma->mcast = bwn_dma_ringsetup(mac, 4, 1, dma->dmatype);
7046 	if (!dma->mcast)
7047 		goto fail6;
7048 	dma->rx = bwn_dma_ringsetup(mac, 0, 0, dma->dmatype);
7049 	if (!dma->rx)
7050 		goto fail7;
7051 
7052 	return (error);
7053 
7054 fail7:	bwn_dma_ringfree(&dma->mcast);
7055 fail6:	bwn_dma_ringfree(&dma->wme[WME_AC_VO]);
7056 fail5:	bwn_dma_ringfree(&dma->wme[WME_AC_VI]);
7057 fail4:	bwn_dma_ringfree(&dma->wme[WME_AC_BE]);
7058 fail3:	bwn_dma_ringfree(&dma->wme[WME_AC_BK]);
7059 fail2:	bus_dma_tag_destroy(dma->txbuf_dtag);
7060 fail1:	bus_dma_tag_destroy(dma->rxbuf_dtag);
7061 fail0:	bus_dma_tag_destroy(dma->parent_dtag);
7062 	return (error);
7063 }
7064 
7065 static struct bwn_dma_ring *
7066 bwn_dma_parse_cookie(struct bwn_mac *mac, const struct bwn_txstatus *status,
7067     uint16_t cookie, int *slot)
7068 {
7069 	struct bwn_dma *dma = &mac->mac_method.dma;
7070 	struct bwn_dma_ring *dr;
7071 	struct bwn_softc *sc = mac->mac_sc;
7072 
7073 	BWN_ASSERT_LOCKED(mac->mac_sc);
7074 
7075 	switch (cookie & 0xf000) {
7076 	case 0x1000:
7077 		dr = dma->wme[WME_AC_BK];
7078 		break;
7079 	case 0x2000:
7080 		dr = dma->wme[WME_AC_BE];
7081 		break;
7082 	case 0x3000:
7083 		dr = dma->wme[WME_AC_VI];
7084 		break;
7085 	case 0x4000:
7086 		dr = dma->wme[WME_AC_VO];
7087 		break;
7088 	case 0x5000:
7089 		dr = dma->mcast;
7090 		break;
7091 	default:
7092 		dr = NULL;
7093 		KASSERT(0 == 1,
7094 		    ("invalid cookie value %d", cookie & 0xf000));
7095 	}
7096 	*slot = (cookie & 0x0fff);
7097 	if (*slot < 0 || *slot >= dr->dr_numslots) {
7098 		/*
7099 		 * XXX FIXME: sometimes H/W returns TX DONE events duplicately
7100 		 * that it occurs events which have same H/W sequence numbers.
7101 		 * When it's occurred just prints a WARNING msgs and ignores.
7102 		 */
7103 		KASSERT(status->seq == dma->lastseq,
7104 		    ("%s:%d: fail", __func__, __LINE__));
7105 		device_printf(sc->sc_dev,
7106 		    "out of slot ranges (0 < %d < %d)\n", *slot,
7107 		    dr->dr_numslots);
7108 		return (NULL);
7109 	}
7110 	dma->lastseq = status->seq;
7111 	return (dr);
7112 }
7113 
7114 static void
7115 bwn_dma_stop(struct bwn_mac *mac)
7116 {
7117 	struct bwn_dma *dma;
7118 
7119 	if ((mac->mac_flags & BWN_MAC_FLAG_DMA) == 0)
7120 		return;
7121 	dma = &mac->mac_method.dma;
7122 
7123 	bwn_dma_ringstop(&dma->rx);
7124 	bwn_dma_ringstop(&dma->wme[WME_AC_BK]);
7125 	bwn_dma_ringstop(&dma->wme[WME_AC_BE]);
7126 	bwn_dma_ringstop(&dma->wme[WME_AC_VI]);
7127 	bwn_dma_ringstop(&dma->wme[WME_AC_VO]);
7128 	bwn_dma_ringstop(&dma->mcast);
7129 }
7130 
7131 static void
7132 bwn_dma_ringstop(struct bwn_dma_ring **dr)
7133 {
7134 
7135 	if (dr == NULL)
7136 		return;
7137 
7138 	bwn_dma_cleanup(*dr);
7139 }
7140 
7141 static void
7142 bwn_pio_stop(struct bwn_mac *mac)
7143 {
7144 	struct bwn_pio *pio;
7145 
7146 	if (mac->mac_flags & BWN_MAC_FLAG_DMA)
7147 		return;
7148 	pio = &mac->mac_method.pio;
7149 
7150 	bwn_destroy_queue_tx(&pio->mcast);
7151 	bwn_destroy_queue_tx(&pio->wme[WME_AC_VO]);
7152 	bwn_destroy_queue_tx(&pio->wme[WME_AC_VI]);
7153 	bwn_destroy_queue_tx(&pio->wme[WME_AC_BE]);
7154 	bwn_destroy_queue_tx(&pio->wme[WME_AC_BK]);
7155 }
7156 
7157 static void
7158 bwn_led_attach(struct bwn_mac *mac)
7159 {
7160 	struct bwn_softc *sc = mac->mac_sc;
7161 	const uint8_t *led_act = NULL;
7162 	uint16_t val[BWN_LED_MAX];
7163 	int i;
7164 
7165 	sc->sc_led_idle = (2350 * hz) / 1000;
7166 	sc->sc_led_blink = 1;
7167 
7168 	for (i = 0; i < N(bwn_vendor_led_act); ++i) {
7169 		if (siba_get_pci_subvendor(sc->sc_dev) ==
7170 		    bwn_vendor_led_act[i].vid) {
7171 			led_act = bwn_vendor_led_act[i].led_act;
7172 			break;
7173 		}
7174 	}
7175 	if (led_act == NULL)
7176 		led_act = bwn_default_led_act;
7177 
7178 	val[0] = siba_sprom_get_gpio0(sc->sc_dev);
7179 	val[1] = siba_sprom_get_gpio1(sc->sc_dev);
7180 	val[2] = siba_sprom_get_gpio2(sc->sc_dev);
7181 	val[3] = siba_sprom_get_gpio3(sc->sc_dev);
7182 
7183 	for (i = 0; i < BWN_LED_MAX; ++i) {
7184 		struct bwn_led *led = &sc->sc_leds[i];
7185 
7186 		if (val[i] == 0xff) {
7187 			led->led_act = led_act[i];
7188 		} else {
7189 			if (val[i] & BWN_LED_ACT_LOW)
7190 				led->led_flags |= BWN_LED_F_ACTLOW;
7191 			led->led_act = val[i] & BWN_LED_ACT_MASK;
7192 		}
7193 		led->led_mask = (1 << i);
7194 
7195 		if (led->led_act == BWN_LED_ACT_BLINK_SLOW ||
7196 		    led->led_act == BWN_LED_ACT_BLINK_POLL ||
7197 		    led->led_act == BWN_LED_ACT_BLINK) {
7198 			led->led_flags |= BWN_LED_F_BLINK;
7199 			if (led->led_act == BWN_LED_ACT_BLINK_POLL)
7200 				led->led_flags |= BWN_LED_F_POLLABLE;
7201 			else if (led->led_act == BWN_LED_ACT_BLINK_SLOW)
7202 				led->led_flags |= BWN_LED_F_SLOW;
7203 
7204 			if (sc->sc_blink_led == NULL) {
7205 				sc->sc_blink_led = led;
7206 				if (led->led_flags & BWN_LED_F_SLOW)
7207 					BWN_LED_SLOWDOWN(sc->sc_led_idle);
7208 			}
7209 		}
7210 
7211 		DPRINTF(sc, BWN_DEBUG_LED,
7212 		    "%dth led, act %d, lowact %d\n", i,
7213 		    led->led_act, led->led_flags & BWN_LED_F_ACTLOW);
7214 	}
7215 	callout_init_mtx(&sc->sc_led_blink_ch, &sc->sc_mtx, 0);
7216 }
7217 
7218 static __inline uint16_t
7219 bwn_led_onoff(const struct bwn_led *led, uint16_t val, int on)
7220 {
7221 
7222 	if (led->led_flags & BWN_LED_F_ACTLOW)
7223 		on = !on;
7224 	if (on)
7225 		val |= led->led_mask;
7226 	else
7227 		val &= ~led->led_mask;
7228 	return val;
7229 }
7230 
7231 static void
7232 bwn_led_newstate(struct bwn_mac *mac, enum ieee80211_state nstate)
7233 {
7234 	struct bwn_softc *sc = mac->mac_sc;
7235 	struct ieee80211com *ic = &sc->sc_ic;
7236 	uint16_t val;
7237 	int i;
7238 
7239 	if (nstate == IEEE80211_S_INIT) {
7240 		callout_stop(&sc->sc_led_blink_ch);
7241 		sc->sc_led_blinking = 0;
7242 	}
7243 
7244 	if ((sc->sc_flags & BWN_FLAG_RUNNING) == 0)
7245 		return;
7246 
7247 	val = BWN_READ_2(mac, BWN_GPIO_CONTROL);
7248 	for (i = 0; i < BWN_LED_MAX; ++i) {
7249 		struct bwn_led *led = &sc->sc_leds[i];
7250 		int on;
7251 
7252 		if (led->led_act == BWN_LED_ACT_UNKN ||
7253 		    led->led_act == BWN_LED_ACT_NULL)
7254 			continue;
7255 
7256 		if ((led->led_flags & BWN_LED_F_BLINK) &&
7257 		    nstate != IEEE80211_S_INIT)
7258 			continue;
7259 
7260 		switch (led->led_act) {
7261 		case BWN_LED_ACT_ON:    /* Always on */
7262 			on = 1;
7263 			break;
7264 		case BWN_LED_ACT_OFF:   /* Always off */
7265 		case BWN_LED_ACT_5GHZ:  /* TODO: 11A */
7266 			on = 0;
7267 			break;
7268 		default:
7269 			on = 1;
7270 			switch (nstate) {
7271 			case IEEE80211_S_INIT:
7272 				on = 0;
7273 				break;
7274 			case IEEE80211_S_RUN:
7275 				if (led->led_act == BWN_LED_ACT_11G &&
7276 				    ic->ic_curmode != IEEE80211_MODE_11G)
7277 					on = 0;
7278 				break;
7279 			default:
7280 				if (led->led_act == BWN_LED_ACT_ASSOC)
7281 					on = 0;
7282 				break;
7283 			}
7284 			break;
7285 		}
7286 
7287 		val = bwn_led_onoff(led, val, on);
7288 	}
7289 	BWN_WRITE_2(mac, BWN_GPIO_CONTROL, val);
7290 }
7291 
7292 static void
7293 bwn_led_event(struct bwn_mac *mac, int event)
7294 {
7295 	struct bwn_softc *sc = mac->mac_sc;
7296 	struct bwn_led *led = sc->sc_blink_led;
7297 	int rate;
7298 
7299 	if (event == BWN_LED_EVENT_POLL) {
7300 		if ((led->led_flags & BWN_LED_F_POLLABLE) == 0)
7301 			return;
7302 		if (ticks - sc->sc_led_ticks < sc->sc_led_idle)
7303 			return;
7304 	}
7305 
7306 	sc->sc_led_ticks = ticks;
7307 	if (sc->sc_led_blinking)
7308 		return;
7309 
7310 	switch (event) {
7311 	case BWN_LED_EVENT_RX:
7312 		rate = sc->sc_rx_rate;
7313 		break;
7314 	case BWN_LED_EVENT_TX:
7315 		rate = sc->sc_tx_rate;
7316 		break;
7317 	case BWN_LED_EVENT_POLL:
7318 		rate = 0;
7319 		break;
7320 	default:
7321 		panic("unknown LED event %d\n", event);
7322 		break;
7323 	}
7324 	bwn_led_blink_start(mac, bwn_led_duration[rate].on_dur,
7325 	    bwn_led_duration[rate].off_dur);
7326 }
7327 
7328 static void
7329 bwn_led_blink_start(struct bwn_mac *mac, int on_dur, int off_dur)
7330 {
7331 	struct bwn_softc *sc = mac->mac_sc;
7332 	struct bwn_led *led = sc->sc_blink_led;
7333 	uint16_t val;
7334 
7335 	val = BWN_READ_2(mac, BWN_GPIO_CONTROL);
7336 	val = bwn_led_onoff(led, val, 1);
7337 	BWN_WRITE_2(mac, BWN_GPIO_CONTROL, val);
7338 
7339 	if (led->led_flags & BWN_LED_F_SLOW) {
7340 		BWN_LED_SLOWDOWN(on_dur);
7341 		BWN_LED_SLOWDOWN(off_dur);
7342 	}
7343 
7344 	sc->sc_led_blinking = 1;
7345 	sc->sc_led_blink_offdur = off_dur;
7346 
7347 	callout_reset(&sc->sc_led_blink_ch, on_dur, bwn_led_blink_next, mac);
7348 }
7349 
7350 static void
7351 bwn_led_blink_next(void *arg)
7352 {
7353 	struct bwn_mac *mac = arg;
7354 	struct bwn_softc *sc = mac->mac_sc;
7355 	uint16_t val;
7356 
7357 	val = BWN_READ_2(mac, BWN_GPIO_CONTROL);
7358 	val = bwn_led_onoff(sc->sc_blink_led, val, 0);
7359 	BWN_WRITE_2(mac, BWN_GPIO_CONTROL, val);
7360 
7361 	callout_reset(&sc->sc_led_blink_ch, sc->sc_led_blink_offdur,
7362 	    bwn_led_blink_end, mac);
7363 }
7364 
7365 static void
7366 bwn_led_blink_end(void *arg)
7367 {
7368 	struct bwn_mac *mac = arg;
7369 	struct bwn_softc *sc = mac->mac_sc;
7370 
7371 	sc->sc_led_blinking = 0;
7372 }
7373 
7374 static int
7375 bwn_suspend(device_t dev)
7376 {
7377 	struct bwn_softc *sc = device_get_softc(dev);
7378 
7379 	BWN_LOCK(sc);
7380 	bwn_stop(sc);
7381 	BWN_UNLOCK(sc);
7382 	return (0);
7383 }
7384 
7385 static int
7386 bwn_resume(device_t dev)
7387 {
7388 	struct bwn_softc *sc = device_get_softc(dev);
7389 	int error = EDOOFUS;
7390 
7391 	BWN_LOCK(sc);
7392 	if (sc->sc_ic.ic_nrunning > 0)
7393 		error = bwn_init(sc);
7394 	BWN_UNLOCK(sc);
7395 	if (error == 0)
7396 		ieee80211_start_all(&sc->sc_ic);
7397 	return (0);
7398 }
7399 
7400 static void
7401 bwn_rfswitch(void *arg)
7402 {
7403 	struct bwn_softc *sc = arg;
7404 	struct bwn_mac *mac = sc->sc_curmac;
7405 	int cur = 0, prev = 0;
7406 
7407 	KASSERT(mac->mac_status >= BWN_MAC_STATUS_STARTED,
7408 	    ("%s: invalid MAC status %d", __func__, mac->mac_status));
7409 
7410 	if (mac->mac_phy.rev >= 3 || mac->mac_phy.type == BWN_PHYTYPE_LP
7411 	    || mac->mac_phy.type == BWN_PHYTYPE_N) {
7412 		if (!(BWN_READ_4(mac, BWN_RF_HWENABLED_HI)
7413 			& BWN_RF_HWENABLED_HI_MASK))
7414 			cur = 1;
7415 	} else {
7416 		if (BWN_READ_2(mac, BWN_RF_HWENABLED_LO)
7417 		    & BWN_RF_HWENABLED_LO_MASK)
7418 			cur = 1;
7419 	}
7420 
7421 	if (mac->mac_flags & BWN_MAC_FLAG_RADIO_ON)
7422 		prev = 1;
7423 
7424 	DPRINTF(sc, BWN_DEBUG_RESET, "%s: called; cur=%d, prev=%d\n",
7425 	    __func__, cur, prev);
7426 
7427 	if (cur != prev) {
7428 		if (cur)
7429 			mac->mac_flags |= BWN_MAC_FLAG_RADIO_ON;
7430 		else
7431 			mac->mac_flags &= ~BWN_MAC_FLAG_RADIO_ON;
7432 
7433 		device_printf(sc->sc_dev,
7434 		    "status of RF switch is changed to %s\n",
7435 		    cur ? "ON" : "OFF");
7436 		if (cur != mac->mac_phy.rf_on) {
7437 			if (cur)
7438 				bwn_rf_turnon(mac);
7439 			else
7440 				bwn_rf_turnoff(mac);
7441 		}
7442 	}
7443 
7444 	callout_schedule(&sc->sc_rfswitch_ch, hz);
7445 }
7446 
7447 static void
7448 bwn_sysctl_node(struct bwn_softc *sc)
7449 {
7450 	device_t dev = sc->sc_dev;
7451 	struct bwn_mac *mac;
7452 	struct bwn_stats *stats;
7453 
7454 	/* XXX assume that count of MAC is only 1. */
7455 
7456 	if ((mac = sc->sc_curmac) == NULL)
7457 		return;
7458 	stats = &mac->mac_stats;
7459 
7460 	SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
7461 	    SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO,
7462 	    "linknoise", CTLFLAG_RW, &stats->rts, 0, "Noise level");
7463 	SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
7464 	    SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO,
7465 	    "rts", CTLFLAG_RW, &stats->rts, 0, "RTS");
7466 	SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
7467 	    SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO,
7468 	    "rtsfail", CTLFLAG_RW, &stats->rtsfail, 0, "RTS failed to send");
7469 
7470 #ifdef BWN_DEBUG
7471 	SYSCTL_ADD_UINT(device_get_sysctl_ctx(dev),
7472 	    SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO,
7473 	    "debug", CTLFLAG_RW, &sc->sc_debug, 0, "Debug flags");
7474 #endif
7475 }
7476 
7477 static device_method_t bwn_methods[] = {
7478 	/* Device interface */
7479 	DEVMETHOD(device_probe,		bwn_probe),
7480 	DEVMETHOD(device_attach,	bwn_attach),
7481 	DEVMETHOD(device_detach,	bwn_detach),
7482 	DEVMETHOD(device_suspend,	bwn_suspend),
7483 	DEVMETHOD(device_resume,	bwn_resume),
7484 	DEVMETHOD_END
7485 };
7486 driver_t bwn_driver = {
7487 	"bwn",
7488 	bwn_methods,
7489 	sizeof(struct bwn_softc)
7490 };
7491 static devclass_t bwn_devclass;
7492 DRIVER_MODULE(bwn, siba_bwn, bwn_driver, bwn_devclass, 0, 0);
7493 MODULE_DEPEND(bwn, siba_bwn, 1, 1, 1);
7494 MODULE_DEPEND(bwn, gpiobus, 1, 1, 1);
7495 MODULE_DEPEND(bwn, wlan, 1, 1, 1);		/* 802.11 media layer */
7496 MODULE_DEPEND(bwn, firmware, 1, 1, 1);		/* firmware support */
7497 MODULE_DEPEND(bwn, wlan_amrr, 1, 1, 1);
7498 MODULE_VERSION(bwn, 1);
7499