1 /* $OpenBSD: if_iwm.c,v 1.39 2015/03/23 00:35:19 jsg Exp $ */ 2 3 /* 4 * Copyright (c) 2014 genua mbh <info@genua.de> 5 * Copyright (c) 2014 Fixup Software Ltd. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /*- 21 * Based on BSD-licensed source modules in the Linux iwlwifi driver, 22 * which were used as the reference documentation for this implementation. 23 * 24 * Driver version we are currently based off of is 25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 26 * 27 *********************************************************************** 28 * 29 * This file is provided under a dual BSD/GPLv2 license. When using or 30 * redistributing this file, you may do so under either license. 31 * 32 * GPL LICENSE SUMMARY 33 * 34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 35 * 36 * This program is free software; you can redistribute it and/or modify 37 * it under the terms of version 2 of the GNU General Public License as 38 * published by the Free Software Foundation. 39 * 40 * This program is distributed in the hope that it will be useful, but 41 * WITHOUT ANY WARRANTY; without even the implied warranty of 42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 43 * General Public License for more details. 44 * 45 * You should have received a copy of the GNU General Public License 46 * along with this program; if not, write to the Free Software 47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 48 * USA 49 * 50 * The full GNU General Public License is included in this distribution 51 * in the file called COPYING. 52 * 53 * Contact Information: 54 * Intel Linux Wireless <ilw@linux.intel.com> 55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 56 * 57 * 58 * BSD LICENSE 59 * 60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 61 * All rights reserved. 62 * 63 * Redistribution and use in source and binary forms, with or without 64 * modification, are permitted provided that the following conditions 65 * are met: 66 * 67 * * Redistributions of source code must retain the above copyright 68 * notice, this list of conditions and the following disclaimer. 69 * * Redistributions in binary form must reproduce the above copyright 70 * notice, this list of conditions and the following disclaimer in 71 * the documentation and/or other materials provided with the 72 * distribution. 73 * * Neither the name Intel Corporation nor the names of its 74 * contributors may be used to endorse or promote products derived 75 * from this software without specific prior written permission. 76 * 77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 88 */ 89 90 /*- 91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 92 * 93 * Permission to use, copy, modify, and distribute this software for any 94 * purpose with or without fee is hereby granted, provided that the above 95 * copyright notice and this permission notice appear in all copies. 96 * 97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 104 */ 105 #include <sys/cdefs.h> 106 __FBSDID("$FreeBSD$"); 107 108 #include "opt_wlan.h" 109 110 #include <sys/param.h> 111 #include <sys/bus.h> 112 #include <sys/conf.h> 113 #include <sys/endian.h> 114 #include <sys/firmware.h> 115 #include <sys/kernel.h> 116 #include <sys/malloc.h> 117 #include <sys/mbuf.h> 118 #include <sys/mutex.h> 119 #include <sys/module.h> 120 #include <sys/proc.h> 121 #include <sys/rman.h> 122 #include <sys/socket.h> 123 #include <sys/sockio.h> 124 #include <sys/sysctl.h> 125 #include <sys/linker.h> 126 127 #include <machine/bus.h> 128 #include <machine/endian.h> 129 #include <machine/resource.h> 130 131 #include <dev/pci/pcivar.h> 132 #include <dev/pci/pcireg.h> 133 134 #include <net/bpf.h> 135 136 #include <net/if.h> 137 #include <net/if_var.h> 138 #include <net/if_arp.h> 139 #include <net/if_dl.h> 140 #include <net/if_media.h> 141 #include <net/if_types.h> 142 143 #include <netinet/in.h> 144 #include <netinet/in_systm.h> 145 #include <netinet/if_ether.h> 146 #include <netinet/ip.h> 147 148 #include <net80211/ieee80211_var.h> 149 #include <net80211/ieee80211_regdomain.h> 150 #include <net80211/ieee80211_ratectl.h> 151 #include <net80211/ieee80211_radiotap.h> 152 153 #include <dev/iwm/if_iwmreg.h> 154 #include <dev/iwm/if_iwmvar.h> 155 #include <dev/iwm/if_iwm_debug.h> 156 #include <dev/iwm/if_iwm_util.h> 157 #include <dev/iwm/if_iwm_binding.h> 158 #include <dev/iwm/if_iwm_phy_db.h> 159 #include <dev/iwm/if_iwm_mac_ctxt.h> 160 #include <dev/iwm/if_iwm_phy_ctxt.h> 161 #include <dev/iwm/if_iwm_time_event.h> 162 #include <dev/iwm/if_iwm_power.h> 163 #include <dev/iwm/if_iwm_scan.h> 164 165 #include <dev/iwm/if_iwm_pcie_trans.h> 166 #include <dev/iwm/if_iwm_led.h> 167 168 const uint8_t iwm_nvm_channels[] = { 169 /* 2.4 GHz */ 170 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 171 /* 5 GHz */ 172 36, 40, 44, 48, 52, 56, 60, 64, 173 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 174 149, 153, 157, 161, 165 175 }; 176 #define IWM_NUM_2GHZ_CHANNELS 14 177 178 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS, 179 "IWM_NUM_CHANNELS is too small"); 180 181 /* 182 * XXX For now, there's simply a fixed set of rate table entries 183 * that are populated. 184 */ 185 const struct iwm_rate { 186 uint8_t rate; 187 uint8_t plcp; 188 } iwm_rates[] = { 189 { 2, IWM_RATE_1M_PLCP }, 190 { 4, IWM_RATE_2M_PLCP }, 191 { 11, IWM_RATE_5M_PLCP }, 192 { 22, IWM_RATE_11M_PLCP }, 193 { 12, IWM_RATE_6M_PLCP }, 194 { 18, IWM_RATE_9M_PLCP }, 195 { 24, IWM_RATE_12M_PLCP }, 196 { 36, IWM_RATE_18M_PLCP }, 197 { 48, IWM_RATE_24M_PLCP }, 198 { 72, IWM_RATE_36M_PLCP }, 199 { 96, IWM_RATE_48M_PLCP }, 200 { 108, IWM_RATE_54M_PLCP }, 201 }; 202 #define IWM_RIDX_CCK 0 203 #define IWM_RIDX_OFDM 4 204 #define IWM_RIDX_MAX (nitems(iwm_rates)-1) 205 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 206 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 207 208 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t); 209 static int iwm_firmware_store_section(struct iwm_softc *, 210 enum iwm_ucode_type, 211 const uint8_t *, size_t); 212 static int iwm_set_default_calib(struct iwm_softc *, const void *); 213 static void iwm_fw_info_free(struct iwm_fw_info *); 214 static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type); 215 static void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int); 216 static int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *, 217 bus_size_t, bus_size_t); 218 static void iwm_dma_contig_free(struct iwm_dma_info *); 219 static int iwm_alloc_fwmem(struct iwm_softc *); 220 static void iwm_free_fwmem(struct iwm_softc *); 221 static int iwm_alloc_sched(struct iwm_softc *); 222 static void iwm_free_sched(struct iwm_softc *); 223 static int iwm_alloc_kw(struct iwm_softc *); 224 static void iwm_free_kw(struct iwm_softc *); 225 static int iwm_alloc_ict(struct iwm_softc *); 226 static void iwm_free_ict(struct iwm_softc *); 227 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 228 static void iwm_disable_rx_dma(struct iwm_softc *); 229 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 230 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 231 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, 232 int); 233 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 234 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 235 static void iwm_enable_interrupts(struct iwm_softc *); 236 static void iwm_restore_interrupts(struct iwm_softc *); 237 static void iwm_disable_interrupts(struct iwm_softc *); 238 static void iwm_ict_reset(struct iwm_softc *); 239 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *); 240 static void iwm_stop_device(struct iwm_softc *); 241 static void iwm_mvm_nic_config(struct iwm_softc *); 242 static int iwm_nic_rx_init(struct iwm_softc *); 243 static int iwm_nic_tx_init(struct iwm_softc *); 244 static int iwm_nic_init(struct iwm_softc *); 245 static void iwm_enable_txq(struct iwm_softc *, int, int); 246 static int iwm_post_alive(struct iwm_softc *); 247 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, 248 uint16_t, uint8_t *, uint16_t *); 249 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 250 uint16_t *); 251 static uint32_t iwm_eeprom_channel_flags(uint16_t); 252 static void iwm_add_channel_band(struct iwm_softc *, 253 struct ieee80211_channel[], int, int *, int, int, 254 const uint8_t[]); 255 static void iwm_init_channel_map(struct ieee80211com *, int, int *, 256 struct ieee80211_channel[]); 257 static int iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 258 const uint16_t *, const uint16_t *, uint8_t, 259 uint8_t); 260 struct iwm_nvm_section; 261 static int iwm_parse_nvm_sections(struct iwm_softc *, 262 struct iwm_nvm_section *); 263 static int iwm_nvm_init(struct iwm_softc *); 264 static int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t, 265 const uint8_t *, uint32_t); 266 static int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type); 267 static int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type); 268 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 269 static int iwm_send_phy_cfg_cmd(struct iwm_softc *); 270 static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *, 271 enum iwm_ucode_type); 272 static int iwm_run_init_mvm_ucode(struct iwm_softc *, int); 273 static int iwm_rx_addbuf(struct iwm_softc *, int, int); 274 static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *); 275 static int iwm_mvm_get_signal_strength(struct iwm_softc *, 276 struct iwm_rx_phy_info *); 277 static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *, 278 struct iwm_rx_packet *, 279 struct iwm_rx_data *); 280 static int iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *); 281 static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *, 282 struct iwm_rx_data *); 283 static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *, 284 struct iwm_rx_packet *, 285 struct iwm_node *); 286 static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *, 287 struct iwm_rx_data *); 288 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *); 289 #if 0 290 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, 291 uint16_t); 292 #endif 293 static const struct iwm_rate * 294 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 295 struct ieee80211_frame *, struct iwm_tx_cmd *); 296 static int iwm_tx(struct iwm_softc *, struct mbuf *, 297 struct ieee80211_node *, int); 298 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *, 299 const struct ieee80211_bpf_params *); 300 static void iwm_mvm_add_sta_cmd_v6_to_v5(struct iwm_mvm_add_sta_cmd_v6 *, 301 struct iwm_mvm_add_sta_cmd_v5 *); 302 static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *, 303 struct iwm_mvm_add_sta_cmd_v6 *, 304 int *); 305 static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *, 306 int); 307 static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *); 308 static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *); 309 static int iwm_mvm_add_int_sta_common(struct iwm_softc *, 310 struct iwm_int_sta *, 311 const uint8_t *, uint16_t, uint16_t); 312 static int iwm_mvm_add_aux_sta(struct iwm_softc *); 313 static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *); 314 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *); 315 static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *); 316 static int iwm_release(struct iwm_softc *, struct iwm_node *); 317 static struct ieee80211_node * 318 iwm_node_alloc(struct ieee80211vap *, 319 const uint8_t[IEEE80211_ADDR_LEN]); 320 static void iwm_setrates(struct iwm_softc *, struct iwm_node *); 321 static int iwm_media_change(struct ifnet *); 322 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int); 323 static void iwm_endscan_cb(void *, int); 324 static int iwm_init_hw(struct iwm_softc *); 325 static void iwm_init(struct iwm_softc *); 326 static void iwm_start(struct iwm_softc *); 327 static void iwm_stop(struct iwm_softc *); 328 static void iwm_watchdog(void *); 329 static void iwm_parent(struct ieee80211com *); 330 #ifdef IWM_DEBUG 331 static const char * 332 iwm_desc_lookup(uint32_t); 333 static void iwm_nic_error(struct iwm_softc *); 334 #endif 335 static void iwm_notif_intr(struct iwm_softc *); 336 static void iwm_intr(void *); 337 static int iwm_attach(device_t); 338 static void iwm_preinit(void *); 339 static int iwm_detach_local(struct iwm_softc *sc, int); 340 static void iwm_init_task(void *); 341 static void iwm_radiotap_attach(struct iwm_softc *); 342 static struct ieee80211vap * 343 iwm_vap_create(struct ieee80211com *, 344 const char [IFNAMSIZ], int, 345 enum ieee80211_opmode, int, 346 const uint8_t [IEEE80211_ADDR_LEN], 347 const uint8_t [IEEE80211_ADDR_LEN]); 348 static void iwm_vap_delete(struct ieee80211vap *); 349 static void iwm_scan_start(struct ieee80211com *); 350 static void iwm_scan_end(struct ieee80211com *); 351 static void iwm_update_mcast(struct ieee80211com *); 352 static void iwm_set_channel(struct ieee80211com *); 353 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long); 354 static void iwm_scan_mindwell(struct ieee80211_scan_state *); 355 static int iwm_detach(device_t); 356 357 /* 358 * Firmware parser. 359 */ 360 361 static int 362 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen) 363 { 364 const struct iwm_fw_cscheme_list *l = (const void *)data; 365 366 if (dlen < sizeof(*l) || 367 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 368 return EINVAL; 369 370 /* we don't actually store anything for now, always use s/w crypto */ 371 372 return 0; 373 } 374 375 static int 376 iwm_firmware_store_section(struct iwm_softc *sc, 377 enum iwm_ucode_type type, const uint8_t *data, size_t dlen) 378 { 379 struct iwm_fw_sects *fws; 380 struct iwm_fw_onesect *fwone; 381 382 if (type >= IWM_UCODE_TYPE_MAX) 383 return EINVAL; 384 if (dlen < sizeof(uint32_t)) 385 return EINVAL; 386 387 fws = &sc->sc_fw.fw_sects[type]; 388 if (fws->fw_count >= IWM_UCODE_SECT_MAX) 389 return EINVAL; 390 391 fwone = &fws->fw_sect[fws->fw_count]; 392 393 /* first 32bit are device load offset */ 394 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t)); 395 396 /* rest is data */ 397 fwone->fws_data = data + sizeof(uint32_t); 398 fwone->fws_len = dlen - sizeof(uint32_t); 399 400 fws->fw_count++; 401 fws->fw_totlen += fwone->fws_len; 402 403 return 0; 404 } 405 406 /* iwlwifi: iwl-drv.c */ 407 struct iwm_tlv_calib_data { 408 uint32_t ucode_type; 409 struct iwm_tlv_calib_ctrl calib; 410 } __packed; 411 412 static int 413 iwm_set_default_calib(struct iwm_softc *sc, const void *data) 414 { 415 const struct iwm_tlv_calib_data *def_calib = data; 416 uint32_t ucode_type = le32toh(def_calib->ucode_type); 417 418 if (ucode_type >= IWM_UCODE_TYPE_MAX) { 419 device_printf(sc->sc_dev, 420 "Wrong ucode_type %u for default " 421 "calibration.\n", ucode_type); 422 return EINVAL; 423 } 424 425 sc->sc_default_calib[ucode_type].flow_trigger = 426 def_calib->calib.flow_trigger; 427 sc->sc_default_calib[ucode_type].event_trigger = 428 def_calib->calib.event_trigger; 429 430 return 0; 431 } 432 433 static void 434 iwm_fw_info_free(struct iwm_fw_info *fw) 435 { 436 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD); 437 fw->fw_fp = NULL; 438 /* don't touch fw->fw_status */ 439 memset(fw->fw_sects, 0, sizeof(fw->fw_sects)); 440 } 441 442 static int 443 iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 444 { 445 struct iwm_fw_info *fw = &sc->sc_fw; 446 const struct iwm_tlv_ucode_header *uhdr; 447 struct iwm_ucode_tlv tlv; 448 enum iwm_ucode_tlv_type tlv_type; 449 const struct firmware *fwp; 450 const uint8_t *data; 451 int error = 0; 452 size_t len; 453 454 if (fw->fw_status == IWM_FW_STATUS_DONE && 455 ucode_type != IWM_UCODE_TYPE_INIT) 456 return 0; 457 458 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) 459 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0); 460 fw->fw_status = IWM_FW_STATUS_INPROGRESS; 461 462 if (fw->fw_fp != NULL) 463 iwm_fw_info_free(fw); 464 465 /* 466 * Load firmware into driver memory. 467 * fw_fp will be set. 468 */ 469 IWM_UNLOCK(sc); 470 fwp = firmware_get(sc->sc_fwname); 471 IWM_LOCK(sc); 472 if (fwp == NULL) { 473 device_printf(sc->sc_dev, 474 "could not read firmware %s (error %d)\n", 475 sc->sc_fwname, error); 476 goto out; 477 } 478 fw->fw_fp = fwp; 479 480 /* 481 * Parse firmware contents 482 */ 483 484 uhdr = (const void *)fw->fw_fp->data; 485 if (*(const uint32_t *)fw->fw_fp->data != 0 486 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 487 device_printf(sc->sc_dev, "invalid firmware %s\n", 488 sc->sc_fwname); 489 error = EINVAL; 490 goto out; 491 } 492 493 sc->sc_fwver = le32toh(uhdr->ver); 494 data = uhdr->data; 495 len = fw->fw_fp->datasize - sizeof(*uhdr); 496 497 while (len >= sizeof(tlv)) { 498 size_t tlv_len; 499 const void *tlv_data; 500 501 memcpy(&tlv, data, sizeof(tlv)); 502 tlv_len = le32toh(tlv.length); 503 tlv_type = le32toh(tlv.type); 504 505 len -= sizeof(tlv); 506 data += sizeof(tlv); 507 tlv_data = data; 508 509 if (len < tlv_len) { 510 device_printf(sc->sc_dev, 511 "firmware too short: %zu bytes\n", 512 len); 513 error = EINVAL; 514 goto parse_out; 515 } 516 517 switch ((int)tlv_type) { 518 case IWM_UCODE_TLV_PROBE_MAX_LEN: 519 if (tlv_len < sizeof(uint32_t)) { 520 device_printf(sc->sc_dev, 521 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n", 522 __func__, 523 (int) tlv_len); 524 error = EINVAL; 525 goto parse_out; 526 } 527 sc->sc_capa_max_probe_len 528 = le32toh(*(const uint32_t *)tlv_data); 529 /* limit it to something sensible */ 530 if (sc->sc_capa_max_probe_len > (1<<16)) { 531 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 532 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN " 533 "ridiculous\n", __func__); 534 error = EINVAL; 535 goto parse_out; 536 } 537 break; 538 case IWM_UCODE_TLV_PAN: 539 if (tlv_len) { 540 device_printf(sc->sc_dev, 541 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n", 542 __func__, 543 (int) tlv_len); 544 error = EINVAL; 545 goto parse_out; 546 } 547 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN; 548 break; 549 case IWM_UCODE_TLV_FLAGS: 550 if (tlv_len < sizeof(uint32_t)) { 551 device_printf(sc->sc_dev, 552 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n", 553 __func__, 554 (int) tlv_len); 555 error = EINVAL; 556 goto parse_out; 557 } 558 /* 559 * Apparently there can be many flags, but Linux driver 560 * parses only the first one, and so do we. 561 * 562 * XXX: why does this override IWM_UCODE_TLV_PAN? 563 * Intentional or a bug? Observations from 564 * current firmware file: 565 * 1) TLV_PAN is parsed first 566 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 567 * ==> this resets TLV_PAN to itself... hnnnk 568 */ 569 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data); 570 break; 571 case IWM_UCODE_TLV_CSCHEME: 572 if ((error = iwm_store_cscheme(sc, 573 tlv_data, tlv_len)) != 0) { 574 device_printf(sc->sc_dev, 575 "%s: iwm_store_cscheme(): returned %d\n", 576 __func__, 577 error); 578 goto parse_out; 579 } 580 break; 581 case IWM_UCODE_TLV_NUM_OF_CPU: 582 if (tlv_len != sizeof(uint32_t)) { 583 device_printf(sc->sc_dev, 584 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n", 585 __func__, 586 (int) tlv_len); 587 error = EINVAL; 588 goto parse_out; 589 } 590 if (le32toh(*(const uint32_t*)tlv_data) != 1) { 591 device_printf(sc->sc_dev, 592 "%s: driver supports " 593 "only TLV_NUM_OF_CPU == 1", 594 __func__); 595 error = EINVAL; 596 goto parse_out; 597 } 598 break; 599 case IWM_UCODE_TLV_SEC_RT: 600 if ((error = iwm_firmware_store_section(sc, 601 IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len)) != 0) { 602 device_printf(sc->sc_dev, 603 "%s: IWM_UCODE_TYPE_REGULAR: iwm_firmware_store_section() failed; %d\n", 604 __func__, 605 error); 606 goto parse_out; 607 } 608 break; 609 case IWM_UCODE_TLV_SEC_INIT: 610 if ((error = iwm_firmware_store_section(sc, 611 IWM_UCODE_TYPE_INIT, tlv_data, tlv_len)) != 0) { 612 device_printf(sc->sc_dev, 613 "%s: IWM_UCODE_TYPE_INIT: iwm_firmware_store_section() failed; %d\n", 614 __func__, 615 error); 616 goto parse_out; 617 } 618 break; 619 case IWM_UCODE_TLV_SEC_WOWLAN: 620 if ((error = iwm_firmware_store_section(sc, 621 IWM_UCODE_TYPE_WOW, tlv_data, tlv_len)) != 0) { 622 device_printf(sc->sc_dev, 623 "%s: IWM_UCODE_TYPE_WOW: iwm_firmware_store_section() failed; %d\n", 624 __func__, 625 error); 626 goto parse_out; 627 } 628 break; 629 case IWM_UCODE_TLV_DEF_CALIB: 630 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 631 device_printf(sc->sc_dev, 632 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n", 633 __func__, 634 (int) tlv_len, 635 (int) sizeof(struct iwm_tlv_calib_data)); 636 error = EINVAL; 637 goto parse_out; 638 } 639 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) { 640 device_printf(sc->sc_dev, 641 "%s: iwm_set_default_calib() failed: %d\n", 642 __func__, 643 error); 644 goto parse_out; 645 } 646 break; 647 case IWM_UCODE_TLV_PHY_SKU: 648 if (tlv_len != sizeof(uint32_t)) { 649 error = EINVAL; 650 device_printf(sc->sc_dev, 651 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n", 652 __func__, 653 (int) tlv_len); 654 goto parse_out; 655 } 656 sc->sc_fw_phy_config = 657 le32toh(*(const uint32_t *)tlv_data); 658 break; 659 660 case IWM_UCODE_TLV_API_CHANGES_SET: 661 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: 662 /* ignore, not used by current driver */ 663 break; 664 665 default: 666 device_printf(sc->sc_dev, 667 "%s: unknown firmware section %d, abort\n", 668 __func__, tlv_type); 669 error = EINVAL; 670 goto parse_out; 671 } 672 673 len -= roundup(tlv_len, 4); 674 data += roundup(tlv_len, 4); 675 } 676 677 KASSERT(error == 0, ("unhandled error")); 678 679 parse_out: 680 if (error) { 681 device_printf(sc->sc_dev, "firmware parse error %d, " 682 "section type %d\n", error, tlv_type); 683 } 684 685 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) { 686 device_printf(sc->sc_dev, 687 "device uses unsupported power ops\n"); 688 error = ENOTSUP; 689 } 690 691 out: 692 if (error) { 693 fw->fw_status = IWM_FW_STATUS_NONE; 694 if (fw->fw_fp != NULL) 695 iwm_fw_info_free(fw); 696 } else 697 fw->fw_status = IWM_FW_STATUS_DONE; 698 wakeup(&sc->sc_fw); 699 700 return error; 701 } 702 703 /* 704 * DMA resource routines 705 */ 706 707 static void 708 iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 709 { 710 if (error != 0) 711 return; 712 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 713 *(bus_addr_t *)arg = segs[0].ds_addr; 714 } 715 716 static int 717 iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma, 718 bus_size_t size, bus_size_t alignment) 719 { 720 int error; 721 722 dma->tag = NULL; 723 dma->size = size; 724 725 error = bus_dma_tag_create(tag, alignment, 726 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 727 1, size, 0, NULL, NULL, &dma->tag); 728 if (error != 0) 729 goto fail; 730 731 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 732 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 733 if (error != 0) 734 goto fail; 735 736 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 737 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 738 if (error != 0) 739 goto fail; 740 741 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 742 743 return 0; 744 745 fail: iwm_dma_contig_free(dma); 746 return error; 747 } 748 749 static void 750 iwm_dma_contig_free(struct iwm_dma_info *dma) 751 { 752 if (dma->map != NULL) { 753 if (dma->vaddr != NULL) { 754 bus_dmamap_sync(dma->tag, dma->map, 755 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 756 bus_dmamap_unload(dma->tag, dma->map); 757 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 758 dma->vaddr = NULL; 759 } 760 bus_dmamap_destroy(dma->tag, dma->map); 761 dma->map = NULL; 762 } 763 if (dma->tag != NULL) { 764 bus_dma_tag_destroy(dma->tag); 765 dma->tag = NULL; 766 } 767 768 } 769 770 /* fwmem is used to load firmware onto the card */ 771 static int 772 iwm_alloc_fwmem(struct iwm_softc *sc) 773 { 774 /* Must be aligned on a 16-byte boundary. */ 775 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 776 sc->sc_fwdmasegsz, 16); 777 } 778 779 static void 780 iwm_free_fwmem(struct iwm_softc *sc) 781 { 782 iwm_dma_contig_free(&sc->fw_dma); 783 } 784 785 /* tx scheduler rings. not used? */ 786 static int 787 iwm_alloc_sched(struct iwm_softc *sc) 788 { 789 int rv; 790 791 /* TX scheduler rings must be aligned on a 1KB boundary. */ 792 rv = iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 793 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 794 return rv; 795 } 796 797 static void 798 iwm_free_sched(struct iwm_softc *sc) 799 { 800 iwm_dma_contig_free(&sc->sched_dma); 801 } 802 803 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */ 804 static int 805 iwm_alloc_kw(struct iwm_softc *sc) 806 { 807 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 808 } 809 810 static void 811 iwm_free_kw(struct iwm_softc *sc) 812 { 813 iwm_dma_contig_free(&sc->kw_dma); 814 } 815 816 /* interrupt cause table */ 817 static int 818 iwm_alloc_ict(struct iwm_softc *sc) 819 { 820 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 821 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 822 } 823 824 static void 825 iwm_free_ict(struct iwm_softc *sc) 826 { 827 iwm_dma_contig_free(&sc->ict_dma); 828 } 829 830 static int 831 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 832 { 833 bus_size_t size; 834 int i, error; 835 836 ring->cur = 0; 837 838 /* Allocate RX descriptors (256-byte aligned). */ 839 size = IWM_RX_RING_COUNT * sizeof(uint32_t); 840 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 841 if (error != 0) { 842 device_printf(sc->sc_dev, 843 "could not allocate RX ring DMA memory\n"); 844 goto fail; 845 } 846 ring->desc = ring->desc_dma.vaddr; 847 848 /* Allocate RX status area (16-byte aligned). */ 849 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 850 sizeof(*ring->stat), 16); 851 if (error != 0) { 852 device_printf(sc->sc_dev, 853 "could not allocate RX status DMA memory\n"); 854 goto fail; 855 } 856 ring->stat = ring->stat_dma.vaddr; 857 858 /* Create RX buffer DMA tag. */ 859 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 860 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 861 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat); 862 if (error != 0) { 863 device_printf(sc->sc_dev, 864 "%s: could not create RX buf DMA tag, error %d\n", 865 __func__, error); 866 goto fail; 867 } 868 869 /* 870 * Allocate and map RX buffers. 871 */ 872 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 873 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) { 874 goto fail; 875 } 876 } 877 return 0; 878 879 fail: iwm_free_rx_ring(sc, ring); 880 return error; 881 } 882 883 static void 884 iwm_disable_rx_dma(struct iwm_softc *sc) 885 { 886 887 /* XXX print out if we can't lock the NIC? */ 888 if (iwm_nic_lock(sc)) { 889 /* XXX handle if RX stop doesn't finish? */ 890 (void) iwm_pcie_rx_stop(sc); 891 iwm_nic_unlock(sc); 892 } 893 } 894 895 static void 896 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 897 { 898 /* Reset the ring state */ 899 ring->cur = 0; 900 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 901 } 902 903 static void 904 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 905 { 906 int i; 907 908 iwm_dma_contig_free(&ring->desc_dma); 909 iwm_dma_contig_free(&ring->stat_dma); 910 911 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 912 struct iwm_rx_data *data = &ring->data[i]; 913 914 if (data->m != NULL) { 915 bus_dmamap_sync(ring->data_dmat, data->map, 916 BUS_DMASYNC_POSTREAD); 917 bus_dmamap_unload(ring->data_dmat, data->map); 918 m_freem(data->m); 919 data->m = NULL; 920 } 921 if (data->map != NULL) { 922 bus_dmamap_destroy(ring->data_dmat, data->map); 923 data->map = NULL; 924 } 925 } 926 if (ring->data_dmat != NULL) { 927 bus_dma_tag_destroy(ring->data_dmat); 928 ring->data_dmat = NULL; 929 } 930 } 931 932 static int 933 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 934 { 935 bus_addr_t paddr; 936 bus_size_t size; 937 int i, error; 938 939 ring->qid = qid; 940 ring->queued = 0; 941 ring->cur = 0; 942 943 /* Allocate TX descriptors (256-byte aligned). */ 944 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 945 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 946 if (error != 0) { 947 device_printf(sc->sc_dev, 948 "could not allocate TX ring DMA memory\n"); 949 goto fail; 950 } 951 ring->desc = ring->desc_dma.vaddr; 952 953 /* 954 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need 955 * to allocate commands space for other rings. 956 */ 957 if (qid > IWM_MVM_CMD_QUEUE) 958 return 0; 959 960 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 961 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 962 if (error != 0) { 963 device_printf(sc->sc_dev, 964 "could not allocate TX cmd DMA memory\n"); 965 goto fail; 966 } 967 ring->cmd = ring->cmd_dma.vaddr; 968 969 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 970 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 971 IWM_MAX_SCATTER - 2, MCLBYTES, 0, NULL, NULL, &ring->data_dmat); 972 if (error != 0) { 973 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n"); 974 goto fail; 975 } 976 977 paddr = ring->cmd_dma.paddr; 978 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 979 struct iwm_tx_data *data = &ring->data[i]; 980 981 data->cmd_paddr = paddr; 982 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 983 + offsetof(struct iwm_tx_cmd, scratch); 984 paddr += sizeof(struct iwm_device_cmd); 985 986 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 987 if (error != 0) { 988 device_printf(sc->sc_dev, 989 "could not create TX buf DMA map\n"); 990 goto fail; 991 } 992 } 993 KASSERT(paddr == ring->cmd_dma.paddr + size, 994 ("invalid physical address")); 995 return 0; 996 997 fail: iwm_free_tx_ring(sc, ring); 998 return error; 999 } 1000 1001 static void 1002 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1003 { 1004 int i; 1005 1006 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1007 struct iwm_tx_data *data = &ring->data[i]; 1008 1009 if (data->m != NULL) { 1010 bus_dmamap_sync(ring->data_dmat, data->map, 1011 BUS_DMASYNC_POSTWRITE); 1012 bus_dmamap_unload(ring->data_dmat, data->map); 1013 m_freem(data->m); 1014 data->m = NULL; 1015 } 1016 } 1017 /* Clear TX descriptors. */ 1018 memset(ring->desc, 0, ring->desc_dma.size); 1019 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1020 BUS_DMASYNC_PREWRITE); 1021 sc->qfullmsk &= ~(1 << ring->qid); 1022 ring->queued = 0; 1023 ring->cur = 0; 1024 } 1025 1026 static void 1027 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1028 { 1029 int i; 1030 1031 iwm_dma_contig_free(&ring->desc_dma); 1032 iwm_dma_contig_free(&ring->cmd_dma); 1033 1034 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1035 struct iwm_tx_data *data = &ring->data[i]; 1036 1037 if (data->m != NULL) { 1038 bus_dmamap_sync(ring->data_dmat, data->map, 1039 BUS_DMASYNC_POSTWRITE); 1040 bus_dmamap_unload(ring->data_dmat, data->map); 1041 m_freem(data->m); 1042 data->m = NULL; 1043 } 1044 if (data->map != NULL) { 1045 bus_dmamap_destroy(ring->data_dmat, data->map); 1046 data->map = NULL; 1047 } 1048 } 1049 if (ring->data_dmat != NULL) { 1050 bus_dma_tag_destroy(ring->data_dmat); 1051 ring->data_dmat = NULL; 1052 } 1053 } 1054 1055 /* 1056 * High-level hardware frobbing routines 1057 */ 1058 1059 static void 1060 iwm_enable_interrupts(struct iwm_softc *sc) 1061 { 1062 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1063 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1064 } 1065 1066 static void 1067 iwm_restore_interrupts(struct iwm_softc *sc) 1068 { 1069 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1070 } 1071 1072 static void 1073 iwm_disable_interrupts(struct iwm_softc *sc) 1074 { 1075 /* disable interrupts */ 1076 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1077 1078 /* acknowledge all interrupts */ 1079 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1080 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1081 } 1082 1083 static void 1084 iwm_ict_reset(struct iwm_softc *sc) 1085 { 1086 iwm_disable_interrupts(sc); 1087 1088 /* Reset ICT table. */ 1089 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1090 sc->ict_cur = 0; 1091 1092 /* Set physical address of ICT table (4KB aligned). */ 1093 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1094 IWM_CSR_DRAM_INT_TBL_ENABLE 1095 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1096 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1097 1098 /* Switch to ICT interrupt mode in driver. */ 1099 sc->sc_flags |= IWM_FLAG_USE_ICT; 1100 1101 /* Re-enable interrupts. */ 1102 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1103 iwm_enable_interrupts(sc); 1104 } 1105 1106 /* iwlwifi pcie/trans.c */ 1107 1108 /* 1109 * Since this .. hard-resets things, it's time to actually 1110 * mark the first vap (if any) as having no mac context. 1111 * It's annoying, but since the driver is potentially being 1112 * stop/start'ed whilst active (thanks openbsd port!) we 1113 * have to correctly track this. 1114 */ 1115 static void 1116 iwm_stop_device(struct iwm_softc *sc) 1117 { 1118 struct ieee80211com *ic = &sc->sc_ic; 1119 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1120 int chnl, ntries; 1121 int qid; 1122 1123 /* tell the device to stop sending interrupts */ 1124 iwm_disable_interrupts(sc); 1125 1126 /* 1127 * FreeBSD-local: mark the first vap as not-uploaded, 1128 * so the next transition through auth/assoc 1129 * will correctly populate the MAC context. 1130 */ 1131 if (vap) { 1132 struct iwm_vap *iv = IWM_VAP(vap); 1133 iv->is_uploaded = 0; 1134 } 1135 1136 /* device going down, Stop using ICT table */ 1137 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 1138 1139 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */ 1140 1141 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1142 1143 /* Stop all DMA channels. */ 1144 if (iwm_nic_lock(sc)) { 1145 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1146 IWM_WRITE(sc, 1147 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 1148 for (ntries = 0; ntries < 200; ntries++) { 1149 uint32_t r; 1150 1151 r = IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG); 1152 if (r & IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE( 1153 chnl)) 1154 break; 1155 DELAY(20); 1156 } 1157 } 1158 iwm_nic_unlock(sc); 1159 } 1160 iwm_disable_rx_dma(sc); 1161 1162 /* Stop RX ring. */ 1163 iwm_reset_rx_ring(sc, &sc->rxq); 1164 1165 /* Reset all TX rings. */ 1166 for (qid = 0; qid < nitems(sc->txq); qid++) 1167 iwm_reset_tx_ring(sc, &sc->txq[qid]); 1168 1169 /* 1170 * Power-down device's busmaster DMA clocks 1171 */ 1172 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1173 DELAY(5); 1174 1175 /* Make sure (redundant) we've released our request to stay awake */ 1176 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1177 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1178 1179 /* Stop the device, and put it in low power state */ 1180 iwm_apm_stop(sc); 1181 1182 /* Upon stop, the APM issues an interrupt if HW RF kill is set. 1183 * Clean again the interrupt here 1184 */ 1185 iwm_disable_interrupts(sc); 1186 /* stop and reset the on-board processor */ 1187 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_NEVO_RESET); 1188 1189 /* 1190 * Even if we stop the HW, we still want the RF kill 1191 * interrupt 1192 */ 1193 iwm_enable_rfkill_int(sc); 1194 iwm_check_rfkill(sc); 1195 } 1196 1197 /* iwlwifi: mvm/ops.c */ 1198 static void 1199 iwm_mvm_nic_config(struct iwm_softc *sc) 1200 { 1201 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 1202 uint32_t reg_val = 0; 1203 1204 radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 1205 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 1206 radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 1207 IWM_FW_PHY_CFG_RADIO_STEP_POS; 1208 radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 1209 IWM_FW_PHY_CFG_RADIO_DASH_POS; 1210 1211 /* SKU control */ 1212 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 1213 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 1214 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 1215 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 1216 1217 /* radio configuration */ 1218 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 1219 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 1220 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 1221 1222 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val); 1223 1224 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1225 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 1226 radio_cfg_step, radio_cfg_dash); 1227 1228 /* 1229 * W/A : NIC is stuck in a reset state after Early PCIe power off 1230 * (PCIe power is lost before PERST# is asserted), causing ME FW 1231 * to lose ownership and not being able to obtain it back. 1232 */ 1233 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 1234 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 1235 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 1236 } 1237 1238 static int 1239 iwm_nic_rx_init(struct iwm_softc *sc) 1240 { 1241 if (!iwm_nic_lock(sc)) 1242 return EBUSY; 1243 1244 /* 1245 * Initialize RX ring. This is from the iwn driver. 1246 */ 1247 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1248 1249 /* stop DMA */ 1250 iwm_disable_rx_dma(sc); 1251 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 1252 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 1253 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 1254 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 1255 1256 /* Set physical address of RX ring (256-byte aligned). */ 1257 IWM_WRITE(sc, 1258 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8); 1259 1260 /* Set physical address of RX status (16-byte aligned). */ 1261 IWM_WRITE(sc, 1262 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 1263 1264 /* Enable RX. */ 1265 /* 1266 * Note: Linux driver also sets this: 1267 * (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 1268 * 1269 * It causes weird behavior. YMMV. 1270 */ 1271 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 1272 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 1273 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 1274 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 1275 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 1276 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 1277 1278 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1279 1280 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 1281 if (sc->host_interrupt_operation_mode) 1282 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 1283 1284 /* 1285 * Thus sayeth el jefe (iwlwifi) via a comment: 1286 * 1287 * This value should initially be 0 (before preparing any 1288 * RBs), should be 8 after preparing the first 8 RBs (for example) 1289 */ 1290 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 1291 1292 iwm_nic_unlock(sc); 1293 1294 return 0; 1295 } 1296 1297 static int 1298 iwm_nic_tx_init(struct iwm_softc *sc) 1299 { 1300 int qid; 1301 1302 if (!iwm_nic_lock(sc)) 1303 return EBUSY; 1304 1305 /* Deactivate TX scheduler. */ 1306 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1307 1308 /* Set physical address of "keep warm" page (16-byte aligned). */ 1309 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 1310 1311 /* Initialize TX rings. */ 1312 for (qid = 0; qid < nitems(sc->txq); qid++) { 1313 struct iwm_tx_ring *txq = &sc->txq[qid]; 1314 1315 /* Set physical address of TX ring (256-byte aligned). */ 1316 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 1317 txq->desc_dma.paddr >> 8); 1318 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1319 "%s: loading ring %d descriptors (%p) at %lx\n", 1320 __func__, 1321 qid, txq->desc, 1322 (unsigned long) (txq->desc_dma.paddr >> 8)); 1323 } 1324 iwm_nic_unlock(sc); 1325 1326 return 0; 1327 } 1328 1329 static int 1330 iwm_nic_init(struct iwm_softc *sc) 1331 { 1332 int error; 1333 1334 iwm_apm_init(sc); 1335 iwm_set_pwr(sc); 1336 1337 iwm_mvm_nic_config(sc); 1338 1339 if ((error = iwm_nic_rx_init(sc)) != 0) 1340 return error; 1341 1342 /* 1343 * Ditto for TX, from iwn 1344 */ 1345 if ((error = iwm_nic_tx_init(sc)) != 0) 1346 return error; 1347 1348 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1349 "%s: shadow registers enabled\n", __func__); 1350 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 1351 1352 return 0; 1353 } 1354 1355 const uint8_t iwm_mvm_ac_to_tx_fifo[] = { 1356 IWM_MVM_TX_FIFO_VO, 1357 IWM_MVM_TX_FIFO_VI, 1358 IWM_MVM_TX_FIFO_BE, 1359 IWM_MVM_TX_FIFO_BK, 1360 }; 1361 1362 static void 1363 iwm_enable_txq(struct iwm_softc *sc, int qid, int fifo) 1364 { 1365 if (!iwm_nic_lock(sc)) { 1366 device_printf(sc->sc_dev, 1367 "%s: cannot enable txq %d\n", 1368 __func__, 1369 qid); 1370 return; /* XXX return EBUSY */ 1371 } 1372 1373 /* unactivate before configuration */ 1374 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1375 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) 1376 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 1377 1378 if (qid != IWM_MVM_CMD_QUEUE) { 1379 iwm_set_bits_prph(sc, IWM_SCD_QUEUECHAIN_SEL, (1 << qid)); 1380 } 1381 1382 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid)); 1383 1384 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 1385 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 1386 1387 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 1388 /* Set scheduler window size and frame limit. */ 1389 iwm_write_mem32(sc, 1390 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 1391 sizeof(uint32_t), 1392 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 1393 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 1394 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 1395 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 1396 1397 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1398 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1399 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 1400 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 1401 IWM_SCD_QUEUE_STTS_REG_MSK); 1402 1403 iwm_nic_unlock(sc); 1404 1405 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1406 "%s: enabled txq %d FIFO %d\n", 1407 __func__, qid, fifo); 1408 } 1409 1410 static int 1411 iwm_post_alive(struct iwm_softc *sc) 1412 { 1413 int nwords; 1414 int error, chnl; 1415 1416 if (!iwm_nic_lock(sc)) 1417 return EBUSY; 1418 1419 if (sc->sched_base != iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR)) { 1420 device_printf(sc->sc_dev, 1421 "%s: sched addr mismatch", 1422 __func__); 1423 error = EINVAL; 1424 goto out; 1425 } 1426 1427 iwm_ict_reset(sc); 1428 1429 /* Clear TX scheduler state in SRAM. */ 1430 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 1431 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) 1432 / sizeof(uint32_t); 1433 error = iwm_write_mem(sc, 1434 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 1435 NULL, nwords); 1436 if (error) 1437 goto out; 1438 1439 /* Set physical address of TX scheduler rings (1KB aligned). */ 1440 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 1441 1442 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 1443 1444 /* enable command channel */ 1445 iwm_enable_txq(sc, IWM_MVM_CMD_QUEUE, 7); 1446 1447 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 1448 1449 /* Enable DMA channels. */ 1450 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1451 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 1452 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1453 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 1454 } 1455 1456 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 1457 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 1458 1459 /* Enable L1-Active */ 1460 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1461 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1462 1463 out: 1464 iwm_nic_unlock(sc); 1465 return error; 1466 } 1467 1468 /* 1469 * NVM read access and content parsing. We do not support 1470 * external NVM or writing NVM. 1471 * iwlwifi/mvm/nvm.c 1472 */ 1473 1474 /* list of NVM sections we are allowed/need to read */ 1475 const int nvm_to_read[] = { 1476 IWM_NVM_SECTION_TYPE_HW, 1477 IWM_NVM_SECTION_TYPE_SW, 1478 IWM_NVM_SECTION_TYPE_CALIBRATION, 1479 IWM_NVM_SECTION_TYPE_PRODUCTION, 1480 }; 1481 1482 /* Default NVM size to read */ 1483 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 1484 #define IWM_MAX_NVM_SECTION_SIZE 7000 1485 1486 #define IWM_NVM_WRITE_OPCODE 1 1487 #define IWM_NVM_READ_OPCODE 0 1488 1489 static int 1490 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, 1491 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len) 1492 { 1493 offset = 0; 1494 struct iwm_nvm_access_cmd nvm_access_cmd = { 1495 .offset = htole16(offset), 1496 .length = htole16(length), 1497 .type = htole16(section), 1498 .op_code = IWM_NVM_READ_OPCODE, 1499 }; 1500 struct iwm_nvm_access_resp *nvm_resp; 1501 struct iwm_rx_packet *pkt; 1502 struct iwm_host_cmd cmd = { 1503 .id = IWM_NVM_ACCESS_CMD, 1504 .flags = IWM_CMD_SYNC | IWM_CMD_WANT_SKB | 1505 IWM_CMD_SEND_IN_RFKILL, 1506 .data = { &nvm_access_cmd, }, 1507 }; 1508 int ret, bytes_read, offset_read; 1509 uint8_t *resp_data; 1510 1511 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 1512 1513 ret = iwm_send_cmd(sc, &cmd); 1514 if (ret) 1515 return ret; 1516 1517 pkt = cmd.resp_pkt; 1518 if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) { 1519 device_printf(sc->sc_dev, 1520 "%s: Bad return from IWM_NVM_ACCES_COMMAND (0x%08X)\n", 1521 __func__, pkt->hdr.flags); 1522 ret = EIO; 1523 goto exit; 1524 } 1525 1526 /* Extract NVM response */ 1527 nvm_resp = (void *)pkt->data; 1528 1529 ret = le16toh(nvm_resp->status); 1530 bytes_read = le16toh(nvm_resp->length); 1531 offset_read = le16toh(nvm_resp->offset); 1532 resp_data = nvm_resp->data; 1533 if (ret) { 1534 device_printf(sc->sc_dev, 1535 "%s: NVM access command failed with status %d\n", 1536 __func__, ret); 1537 ret = EINVAL; 1538 goto exit; 1539 } 1540 1541 if (offset_read != offset) { 1542 device_printf(sc->sc_dev, 1543 "%s: NVM ACCESS response with invalid offset %d\n", 1544 __func__, offset_read); 1545 ret = EINVAL; 1546 goto exit; 1547 } 1548 1549 memcpy(data + offset, resp_data, bytes_read); 1550 *len = bytes_read; 1551 1552 exit: 1553 iwm_free_resp(sc, &cmd); 1554 return ret; 1555 } 1556 1557 /* 1558 * Reads an NVM section completely. 1559 * NICs prior to 7000 family doesn't have a real NVM, but just read 1560 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 1561 * by uCode, we need to manually check in this case that we don't 1562 * overflow and try to read more than the EEPROM size. 1563 * For 7000 family NICs, we supply the maximal size we can read, and 1564 * the uCode fills the response with as much data as we can, 1565 * without overflowing, so no check is needed. 1566 */ 1567 static int 1568 iwm_nvm_read_section(struct iwm_softc *sc, 1569 uint16_t section, uint8_t *data, uint16_t *len) 1570 { 1571 uint16_t length, seglen; 1572 int error; 1573 1574 /* Set nvm section read length */ 1575 length = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE; 1576 *len = 0; 1577 1578 /* Read the NVM until exhausted (reading less than requested) */ 1579 while (seglen == length) { 1580 error = iwm_nvm_read_chunk(sc, 1581 section, *len, length, data, &seglen); 1582 if (error) { 1583 device_printf(sc->sc_dev, 1584 "Cannot read NVM from section " 1585 "%d offset %d, length %d\n", 1586 section, *len, length); 1587 return error; 1588 } 1589 *len += seglen; 1590 } 1591 1592 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1593 "NVM section %d read completed\n", section); 1594 return 0; 1595 } 1596 1597 /* 1598 * BEGIN IWM_NVM_PARSE 1599 */ 1600 1601 /* iwlwifi/iwl-nvm-parse.c */ 1602 1603 /* NVM offsets (in words) definitions */ 1604 enum wkp_nvm_offsets { 1605 /* NVM HW-Section offset (in words) definitions */ 1606 IWM_HW_ADDR = 0x15, 1607 1608 /* NVM SW-Section offset (in words) definitions */ 1609 IWM_NVM_SW_SECTION = 0x1C0, 1610 IWM_NVM_VERSION = 0, 1611 IWM_RADIO_CFG = 1, 1612 IWM_SKU = 2, 1613 IWM_N_HW_ADDRS = 3, 1614 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION, 1615 1616 /* NVM calibration section offset (in words) definitions */ 1617 IWM_NVM_CALIB_SECTION = 0x2B8, 1618 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION 1619 }; 1620 1621 /* SKU Capabilities (actual values from NVM definition) */ 1622 enum nvm_sku_bits { 1623 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0), 1624 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1), 1625 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2), 1626 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3), 1627 }; 1628 1629 /* radio config bits (actual values from NVM definition) */ 1630 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */ 1631 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */ 1632 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */ 1633 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */ 1634 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */ 1635 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */ 1636 1637 #define DEFAULT_MAX_TX_POWER 16 1638 1639 /** 1640 * enum iwm_nvm_channel_flags - channel flags in NVM 1641 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo 1642 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel 1643 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed 1644 * @IWM_NVM_CHANNEL_RADAR: radar detection required 1645 * XXX cannot find this (DFS) flag in iwl-nvm-parse.c 1646 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate 1647 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?) 1648 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?) 1649 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?) 1650 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?) 1651 */ 1652 enum iwm_nvm_channel_flags { 1653 IWM_NVM_CHANNEL_VALID = (1 << 0), 1654 IWM_NVM_CHANNEL_IBSS = (1 << 1), 1655 IWM_NVM_CHANNEL_ACTIVE = (1 << 3), 1656 IWM_NVM_CHANNEL_RADAR = (1 << 4), 1657 IWM_NVM_CHANNEL_DFS = (1 << 7), 1658 IWM_NVM_CHANNEL_WIDE = (1 << 8), 1659 IWM_NVM_CHANNEL_40MHZ = (1 << 9), 1660 IWM_NVM_CHANNEL_80MHZ = (1 << 10), 1661 IWM_NVM_CHANNEL_160MHZ = (1 << 11), 1662 }; 1663 1664 /* 1665 * Translate EEPROM flags to net80211. 1666 */ 1667 static uint32_t 1668 iwm_eeprom_channel_flags(uint16_t ch_flags) 1669 { 1670 uint32_t nflags; 1671 1672 nflags = 0; 1673 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0) 1674 nflags |= IEEE80211_CHAN_PASSIVE; 1675 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0) 1676 nflags |= IEEE80211_CHAN_NOADHOC; 1677 if (ch_flags & IWM_NVM_CHANNEL_RADAR) { 1678 nflags |= IEEE80211_CHAN_DFS; 1679 /* Just in case. */ 1680 nflags |= IEEE80211_CHAN_NOADHOC; 1681 } 1682 1683 return (nflags); 1684 } 1685 1686 static void 1687 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[], 1688 int maxchans, int *nchans, int ch_idx, int ch_num, const uint8_t bands[]) 1689 { 1690 const uint16_t * const nvm_ch_flags = sc->sc_nvm.nvm_ch_flags; 1691 uint32_t nflags; 1692 uint16_t ch_flags; 1693 uint8_t ieee; 1694 int error; 1695 1696 for (; ch_idx < ch_num; ch_idx++) { 1697 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 1698 ieee = iwm_nvm_channels[ch_idx]; 1699 1700 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) { 1701 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1702 "Ch. %d Flags %x [%sGHz] - No traffic\n", 1703 ieee, ch_flags, 1704 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1705 "5.2" : "2.4"); 1706 continue; 1707 } 1708 1709 nflags = iwm_eeprom_channel_flags(ch_flags); 1710 error = ieee80211_add_channel(chans, maxchans, nchans, 1711 ieee, 0, 0, nflags, bands); 1712 if (error != 0) 1713 break; 1714 1715 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1716 "Ch. %d Flags %x [%sGHz] - Added\n", 1717 ieee, ch_flags, 1718 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1719 "5.2" : "2.4"); 1720 } 1721 } 1722 1723 static void 1724 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans, 1725 struct ieee80211_channel chans[]) 1726 { 1727 struct iwm_softc *sc = ic->ic_softc; 1728 struct iwm_nvm_data *data = &sc->sc_nvm; 1729 uint8_t bands[IEEE80211_MODE_BYTES]; 1730 1731 memset(bands, 0, sizeof(bands)); 1732 /* 1-13: 11b/g channels. */ 1733 setbit(bands, IEEE80211_MODE_11B); 1734 setbit(bands, IEEE80211_MODE_11G); 1735 iwm_add_channel_band(sc, chans, maxchans, nchans, 0, 1736 IWM_NUM_2GHZ_CHANNELS - 1, bands); 1737 1738 /* 14: 11b channel only. */ 1739 clrbit(bands, IEEE80211_MODE_11G); 1740 iwm_add_channel_band(sc, chans, maxchans, nchans, 1741 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands); 1742 1743 if (data->sku_cap_band_52GHz_enable) { 1744 memset(bands, 0, sizeof(bands)); 1745 setbit(bands, IEEE80211_MODE_11A); 1746 iwm_add_channel_band(sc, chans, maxchans, nchans, 1747 IWM_NUM_2GHZ_CHANNELS, nitems(iwm_nvm_channels), bands); 1748 } 1749 } 1750 1751 static int 1752 iwm_parse_nvm_data(struct iwm_softc *sc, 1753 const uint16_t *nvm_hw, const uint16_t *nvm_sw, 1754 const uint16_t *nvm_calib, uint8_t tx_chains, uint8_t rx_chains) 1755 { 1756 struct iwm_nvm_data *data = &sc->sc_nvm; 1757 uint8_t hw_addr[IEEE80211_ADDR_LEN]; 1758 uint16_t radio_cfg, sku; 1759 1760 data->nvm_version = le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 1761 1762 radio_cfg = le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 1763 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 1764 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 1765 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 1766 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 1767 1768 sku = le16_to_cpup(nvm_sw + IWM_SKU); 1769 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 1770 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 1771 data->sku_cap_11n_enable = 0; 1772 1773 data->n_hw_addrs = le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 1774 1775 data->xtal_calib[0] = *(nvm_calib + IWM_XTAL_CALIB); 1776 data->xtal_calib[1] = *(nvm_calib + IWM_XTAL_CALIB + 1); 1777 1778 /* The byte order is little endian 16 bit, meaning 214365 */ 1779 IEEE80211_ADDR_COPY(hw_addr, nvm_hw + IWM_HW_ADDR); 1780 data->hw_addr[0] = hw_addr[1]; 1781 data->hw_addr[1] = hw_addr[0]; 1782 data->hw_addr[2] = hw_addr[3]; 1783 data->hw_addr[3] = hw_addr[2]; 1784 data->hw_addr[4] = hw_addr[5]; 1785 data->hw_addr[5] = hw_addr[4]; 1786 1787 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS], 1788 sizeof(data->nvm_ch_flags)); 1789 data->calib_version = 255; /* TODO: 1790 this value will prevent some checks from 1791 failing, we need to check if this 1792 field is still needed, and if it does, 1793 where is it in the NVM */ 1794 1795 return 0; 1796 } 1797 1798 /* 1799 * END NVM PARSE 1800 */ 1801 1802 struct iwm_nvm_section { 1803 uint16_t length; 1804 const uint8_t *data; 1805 }; 1806 1807 static int 1808 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 1809 { 1810 const uint16_t *hw, *sw, *calib; 1811 1812 /* Checking for required sections */ 1813 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 1814 !sections[IWM_NVM_SECTION_TYPE_HW].data) { 1815 device_printf(sc->sc_dev, 1816 "%s: Can't parse empty NVM sections\n", 1817 __func__); 1818 return ENOENT; 1819 } 1820 1821 hw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_HW].data; 1822 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 1823 calib = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 1824 return iwm_parse_nvm_data(sc, hw, sw, calib, 1825 IWM_FW_VALID_TX_ANT(sc), IWM_FW_VALID_RX_ANT(sc)); 1826 } 1827 1828 static int 1829 iwm_nvm_init(struct iwm_softc *sc) 1830 { 1831 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS]; 1832 int i, section, error; 1833 uint16_t len; 1834 uint8_t *nvm_buffer, *temp; 1835 1836 /* Read From FW NVM */ 1837 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1838 "%s: Read NVM\n", 1839 __func__); 1840 1841 /* TODO: find correct NVM max size for a section */ 1842 nvm_buffer = malloc(IWM_OTP_LOW_IMAGE_SIZE, M_DEVBUF, M_NOWAIT); 1843 if (nvm_buffer == NULL) 1844 return (ENOMEM); 1845 for (i = 0; i < nitems(nvm_to_read); i++) { 1846 section = nvm_to_read[i]; 1847 KASSERT(section <= nitems(nvm_sections), 1848 ("too many sections")); 1849 1850 error = iwm_nvm_read_section(sc, section, nvm_buffer, &len); 1851 if (error) 1852 break; 1853 1854 temp = malloc(len, M_DEVBUF, M_NOWAIT); 1855 if (temp == NULL) { 1856 error = ENOMEM; 1857 break; 1858 } 1859 memcpy(temp, nvm_buffer, len); 1860 nvm_sections[section].data = temp; 1861 nvm_sections[section].length = len; 1862 } 1863 free(nvm_buffer, M_DEVBUF); 1864 if (error) 1865 return error; 1866 1867 return iwm_parse_nvm_sections(sc, nvm_sections); 1868 } 1869 1870 /* 1871 * Firmware loading gunk. This is kind of a weird hybrid between the 1872 * iwn driver and the Linux iwlwifi driver. 1873 */ 1874 1875 static int 1876 iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr, 1877 const uint8_t *section, uint32_t byte_cnt) 1878 { 1879 struct iwm_dma_info *dma = &sc->fw_dma; 1880 int error; 1881 1882 /* Copy firmware section into pre-allocated DMA-safe memory. */ 1883 memcpy(dma->vaddr, section, byte_cnt); 1884 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 1885 1886 if (!iwm_nic_lock(sc)) 1887 return EBUSY; 1888 1889 sc->sc_fw_chunk_done = 0; 1890 1891 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 1892 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 1893 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 1894 dst_addr); 1895 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 1896 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 1897 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 1898 (iwm_get_dma_hi_addr(dma->paddr) 1899 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 1900 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 1901 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 1902 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 1903 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 1904 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 1905 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1906 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 1907 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 1908 1909 iwm_nic_unlock(sc); 1910 1911 /* wait 1s for this segment to load */ 1912 while (!sc->sc_fw_chunk_done) 1913 if ((error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz)) != 0) 1914 break; 1915 1916 return error; 1917 } 1918 1919 static int 1920 iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 1921 { 1922 struct iwm_fw_sects *fws; 1923 int error, i, w; 1924 const void *data; 1925 uint32_t dlen; 1926 uint32_t offset; 1927 1928 sc->sc_uc.uc_intr = 0; 1929 1930 fws = &sc->sc_fw.fw_sects[ucode_type]; 1931 for (i = 0; i < fws->fw_count; i++) { 1932 data = fws->fw_sect[i].fws_data; 1933 dlen = fws->fw_sect[i].fws_len; 1934 offset = fws->fw_sect[i].fws_devoff; 1935 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 1936 "LOAD FIRMWARE type %d offset %u len %d\n", 1937 ucode_type, offset, dlen); 1938 error = iwm_firmware_load_chunk(sc, offset, data, dlen); 1939 if (error) { 1940 device_printf(sc->sc_dev, 1941 "%s: chunk %u of %u returned error %02d\n", 1942 __func__, i, fws->fw_count, error); 1943 return error; 1944 } 1945 } 1946 1947 /* wait for the firmware to load */ 1948 IWM_WRITE(sc, IWM_CSR_RESET, 0); 1949 1950 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) { 1951 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10); 1952 } 1953 1954 return error; 1955 } 1956 1957 /* iwlwifi: pcie/trans.c */ 1958 static int 1959 iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 1960 { 1961 int error; 1962 1963 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1964 1965 if ((error = iwm_nic_init(sc)) != 0) { 1966 device_printf(sc->sc_dev, "unable to init nic\n"); 1967 return error; 1968 } 1969 1970 /* make sure rfkill handshake bits are cleared */ 1971 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 1972 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 1973 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 1974 1975 /* clear (again), then enable host interrupts */ 1976 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1977 iwm_enable_interrupts(sc); 1978 1979 /* really make sure rfkill handshake bits are cleared */ 1980 /* maybe we should write a few times more? just to make sure */ 1981 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 1982 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 1983 1984 /* Load the given image to the HW */ 1985 return iwm_load_firmware(sc, ucode_type); 1986 } 1987 1988 static int 1989 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 1990 { 1991 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 1992 .valid = htole32(valid_tx_ant), 1993 }; 1994 1995 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 1996 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd); 1997 } 1998 1999 /* iwlwifi: mvm/fw.c */ 2000 static int 2001 iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 2002 { 2003 struct iwm_phy_cfg_cmd phy_cfg_cmd; 2004 enum iwm_ucode_type ucode_type = sc->sc_uc_current; 2005 2006 /* Set parameters */ 2007 phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config); 2008 phy_cfg_cmd.calib_control.event_trigger = 2009 sc->sc_default_calib[ucode_type].event_trigger; 2010 phy_cfg_cmd.calib_control.flow_trigger = 2011 sc->sc_default_calib[ucode_type].flow_trigger; 2012 2013 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET, 2014 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg); 2015 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC, 2016 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 2017 } 2018 2019 static int 2020 iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc, 2021 enum iwm_ucode_type ucode_type) 2022 { 2023 enum iwm_ucode_type old_type = sc->sc_uc_current; 2024 int error; 2025 2026 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) 2027 return error; 2028 2029 sc->sc_uc_current = ucode_type; 2030 error = iwm_start_fw(sc, ucode_type); 2031 if (error) { 2032 sc->sc_uc_current = old_type; 2033 return error; 2034 } 2035 2036 return iwm_post_alive(sc); 2037 } 2038 2039 /* 2040 * mvm misc bits 2041 */ 2042 2043 /* 2044 * follows iwlwifi/fw.c 2045 */ 2046 static int 2047 iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm) 2048 { 2049 int error; 2050 2051 /* do not operate with rfkill switch turned on */ 2052 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 2053 device_printf(sc->sc_dev, 2054 "radio is disabled by hardware switch\n"); 2055 return EPERM; 2056 } 2057 2058 sc->sc_init_complete = 0; 2059 if ((error = iwm_mvm_load_ucode_wait_alive(sc, 2060 IWM_UCODE_TYPE_INIT)) != 0) { 2061 device_printf(sc->sc_dev, "failed to load init firmware\n"); 2062 return error; 2063 } 2064 2065 if (justnvm) { 2066 if ((error = iwm_nvm_init(sc)) != 0) { 2067 device_printf(sc->sc_dev, "failed to read nvm\n"); 2068 return error; 2069 } 2070 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->sc_nvm.hw_addr); 2071 2072 sc->sc_scan_cmd_len = sizeof(struct iwm_scan_cmd) 2073 + sc->sc_capa_max_probe_len 2074 + IWM_MAX_NUM_SCAN_CHANNELS 2075 * sizeof(struct iwm_scan_channel); 2076 sc->sc_scan_cmd = malloc(sc->sc_scan_cmd_len, M_DEVBUF, 2077 M_NOWAIT); 2078 if (sc->sc_scan_cmd == NULL) 2079 return (ENOMEM); 2080 2081 return 0; 2082 } 2083 2084 /* Send TX valid antennas before triggering calibrations */ 2085 if ((error = iwm_send_tx_ant_cfg(sc, IWM_FW_VALID_TX_ANT(sc))) != 0) 2086 return error; 2087 2088 /* 2089 * Send phy configurations command to init uCode 2090 * to start the 16.0 uCode init image internal calibrations. 2091 */ 2092 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0 ) { 2093 device_printf(sc->sc_dev, 2094 "%s: failed to run internal calibration: %d\n", 2095 __func__, error); 2096 return error; 2097 } 2098 2099 /* 2100 * Nothing to do but wait for the init complete notification 2101 * from the firmware 2102 */ 2103 while (!sc->sc_init_complete) 2104 if ((error = msleep(&sc->sc_init_complete, &sc->sc_mtx, 2105 0, "iwminit", 2*hz)) != 0) 2106 break; 2107 2108 return error; 2109 } 2110 2111 /* 2112 * receive side 2113 */ 2114 2115 /* (re)stock rx ring, called at init-time and at runtime */ 2116 static int 2117 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 2118 { 2119 struct iwm_rx_ring *ring = &sc->rxq; 2120 struct iwm_rx_data *data = &ring->data[idx]; 2121 struct mbuf *m; 2122 int error; 2123 bus_addr_t paddr; 2124 2125 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE); 2126 if (m == NULL) 2127 return ENOBUFS; 2128 2129 if (data->m != NULL) 2130 bus_dmamap_unload(ring->data_dmat, data->map); 2131 2132 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 2133 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 2134 if (error != 0) { 2135 device_printf(sc->sc_dev, 2136 "%s: could not create RX buf DMA map, error %d\n", 2137 __func__, error); 2138 goto fail; 2139 } 2140 data->m = m; 2141 error = bus_dmamap_load(ring->data_dmat, data->map, 2142 mtod(data->m, void *), IWM_RBUF_SIZE, iwm_dma_map_addr, 2143 &paddr, BUS_DMA_NOWAIT); 2144 if (error != 0 && error != EFBIG) { 2145 device_printf(sc->sc_dev, 2146 "%s: can't not map mbuf, error %d\n", __func__, 2147 error); 2148 goto fail; 2149 } 2150 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD); 2151 2152 /* Update RX descriptor. */ 2153 ring->desc[idx] = htole32(paddr >> 8); 2154 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2155 BUS_DMASYNC_PREWRITE); 2156 2157 return 0; 2158 fail: 2159 return error; 2160 } 2161 2162 /* iwlwifi: mvm/rx.c */ 2163 #define IWM_RSSI_OFFSET 50 2164 static int 2165 iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2166 { 2167 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm; 2168 uint32_t agc_a, agc_b; 2169 uint32_t val; 2170 2171 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]); 2172 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS; 2173 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS; 2174 2175 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]); 2176 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS; 2177 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS; 2178 2179 /* 2180 * dBm = rssi dB - agc dB - constant. 2181 * Higher AGC (higher radio gain) means lower signal. 2182 */ 2183 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a; 2184 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b; 2185 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm); 2186 2187 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2188 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n", 2189 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b); 2190 2191 return max_rssi_dbm; 2192 } 2193 2194 /* iwlwifi: mvm/rx.c */ 2195 /* 2196 * iwm_mvm_get_signal_strength - use new rx PHY INFO API 2197 * values are reported by the fw as positive values - need to negate 2198 * to obtain their dBM. Account for missing antennas by replacing 0 2199 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 2200 */ 2201 static int 2202 iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2203 { 2204 int energy_a, energy_b, energy_c, max_energy; 2205 uint32_t val; 2206 2207 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 2208 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 2209 IWM_RX_INFO_ENERGY_ANT_A_POS; 2210 energy_a = energy_a ? -energy_a : -256; 2211 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 2212 IWM_RX_INFO_ENERGY_ANT_B_POS; 2213 energy_b = energy_b ? -energy_b : -256; 2214 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 2215 IWM_RX_INFO_ENERGY_ANT_C_POS; 2216 energy_c = energy_c ? -energy_c : -256; 2217 max_energy = MAX(energy_a, energy_b); 2218 max_energy = MAX(max_energy, energy_c); 2219 2220 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2221 "energy In A %d B %d C %d , and max %d\n", 2222 energy_a, energy_b, energy_c, max_energy); 2223 2224 return max_energy; 2225 } 2226 2227 static void 2228 iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc, 2229 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 2230 { 2231 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 2232 2233 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n"); 2234 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 2235 2236 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 2237 } 2238 2239 /* 2240 * Retrieve the average noise (in dBm) among receivers. 2241 */ 2242 static int 2243 iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *stats) 2244 { 2245 int i, total, nbant, noise; 2246 2247 total = nbant = noise = 0; 2248 for (i = 0; i < 3; i++) { 2249 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff; 2250 if (noise) { 2251 total += noise; 2252 nbant++; 2253 } 2254 } 2255 2256 /* There should be at least one antenna but check anyway. */ 2257 return (nbant == 0) ? -127 : (total / nbant) - 107; 2258 } 2259 2260 /* 2261 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler 2262 * 2263 * Handles the actual data of the Rx packet from the fw 2264 */ 2265 static void 2266 iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, 2267 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 2268 { 2269 struct ieee80211com *ic = &sc->sc_ic; 2270 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2271 struct ieee80211_frame *wh; 2272 struct ieee80211_node *ni; 2273 struct ieee80211_rx_stats rxs; 2274 struct mbuf *m; 2275 struct iwm_rx_phy_info *phy_info; 2276 struct iwm_rx_mpdu_res_start *rx_res; 2277 uint32_t len; 2278 uint32_t rx_pkt_status; 2279 int rssi; 2280 2281 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 2282 2283 phy_info = &sc->sc_last_phy_info; 2284 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data; 2285 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res)); 2286 len = le16toh(rx_res->byte_count); 2287 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len)); 2288 2289 m = data->m; 2290 m->m_data = pkt->data + sizeof(*rx_res); 2291 m->m_pkthdr.len = m->m_len = len; 2292 2293 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 2294 device_printf(sc->sc_dev, 2295 "dsp size out of range [0,20]: %d\n", 2296 phy_info->cfg_phy_cnt); 2297 return; 2298 } 2299 2300 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 2301 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 2302 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2303 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 2304 return; /* drop */ 2305 } 2306 2307 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) { 2308 rssi = iwm_mvm_get_signal_strength(sc, phy_info); 2309 } else { 2310 rssi = iwm_mvm_calc_rssi(sc, phy_info); 2311 } 2312 rssi = (0 - IWM_MIN_DBM) + rssi; /* normalize */ 2313 rssi = MIN(rssi, sc->sc_max_rssi); /* clip to max. 100% */ 2314 2315 /* replenish ring for the buffer we're going to feed to the sharks */ 2316 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 2317 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 2318 __func__); 2319 return; 2320 } 2321 2322 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 2323 2324 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2325 "%s: phy_info: channel=%d, flags=0x%08x\n", 2326 __func__, 2327 le16toh(phy_info->channel), 2328 le16toh(phy_info->phy_flags)); 2329 2330 /* 2331 * Populate an RX state struct with the provided information. 2332 */ 2333 bzero(&rxs, sizeof(rxs)); 2334 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 2335 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 2336 rxs.c_ieee = le16toh(phy_info->channel); 2337 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) { 2338 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 2339 } else { 2340 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ); 2341 } 2342 rxs.rssi = rssi - sc->sc_noise; 2343 rxs.nf = sc->sc_noise; 2344 2345 if (ieee80211_radiotap_active_vap(vap)) { 2346 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 2347 2348 tap->wr_flags = 0; 2349 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE)) 2350 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2351 tap->wr_chan_freq = htole16(rxs.c_freq); 2352 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 2353 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2354 tap->wr_dbm_antsignal = (int8_t)rssi; 2355 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 2356 tap->wr_tsft = phy_info->system_timestamp; 2357 switch (phy_info->rate) { 2358 /* CCK rates. */ 2359 case 10: tap->wr_rate = 2; break; 2360 case 20: tap->wr_rate = 4; break; 2361 case 55: tap->wr_rate = 11; break; 2362 case 110: tap->wr_rate = 22; break; 2363 /* OFDM rates. */ 2364 case 0xd: tap->wr_rate = 12; break; 2365 case 0xf: tap->wr_rate = 18; break; 2366 case 0x5: tap->wr_rate = 24; break; 2367 case 0x7: tap->wr_rate = 36; break; 2368 case 0x9: tap->wr_rate = 48; break; 2369 case 0xb: tap->wr_rate = 72; break; 2370 case 0x1: tap->wr_rate = 96; break; 2371 case 0x3: tap->wr_rate = 108; break; 2372 /* Unknown rate: should not happen. */ 2373 default: tap->wr_rate = 0; 2374 } 2375 } 2376 2377 IWM_UNLOCK(sc); 2378 if (ni != NULL) { 2379 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m); 2380 ieee80211_input_mimo(ni, m, &rxs); 2381 ieee80211_free_node(ni); 2382 } else { 2383 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m); 2384 ieee80211_input_mimo_all(ic, m, &rxs); 2385 } 2386 IWM_LOCK(sc); 2387 } 2388 2389 static int 2390 iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 2391 struct iwm_node *in) 2392 { 2393 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data; 2394 struct ieee80211_node *ni = &in->in_ni; 2395 struct ieee80211vap *vap = ni->ni_vap; 2396 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 2397 int failack = tx_resp->failure_frame; 2398 2399 KASSERT(tx_resp->frame_count == 1, ("too many frames")); 2400 2401 /* Update rate control statistics. */ 2402 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n", 2403 __func__, 2404 (int) le16toh(tx_resp->status.status), 2405 (int) le16toh(tx_resp->status.sequence), 2406 tx_resp->frame_count, 2407 tx_resp->bt_kill_count, 2408 tx_resp->failure_rts, 2409 tx_resp->failure_frame, 2410 le32toh(tx_resp->initial_rate), 2411 (int) le16toh(tx_resp->wireless_media_time)); 2412 2413 if (status != IWM_TX_STATUS_SUCCESS && 2414 status != IWM_TX_STATUS_DIRECT_DONE) { 2415 ieee80211_ratectl_tx_complete(vap, ni, 2416 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL); 2417 return (1); 2418 } else { 2419 ieee80211_ratectl_tx_complete(vap, ni, 2420 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL); 2421 return (0); 2422 } 2423 } 2424 2425 static void 2426 iwm_mvm_rx_tx_cmd(struct iwm_softc *sc, 2427 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 2428 { 2429 struct iwm_cmd_header *cmd_hdr = &pkt->hdr; 2430 int idx = cmd_hdr->idx; 2431 int qid = cmd_hdr->qid; 2432 struct iwm_tx_ring *ring = &sc->txq[qid]; 2433 struct iwm_tx_data *txd = &ring->data[idx]; 2434 struct iwm_node *in = txd->in; 2435 struct mbuf *m = txd->m; 2436 int status; 2437 2438 KASSERT(txd->done == 0, ("txd not done")); 2439 KASSERT(txd->in != NULL, ("txd without node")); 2440 KASSERT(txd->m != NULL, ("txd without mbuf")); 2441 2442 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 2443 2444 sc->sc_tx_timer = 0; 2445 2446 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in); 2447 2448 /* Unmap and free mbuf. */ 2449 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE); 2450 bus_dmamap_unload(ring->data_dmat, txd->map); 2451 2452 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 2453 "free txd %p, in %p\n", txd, txd->in); 2454 txd->done = 1; 2455 txd->m = NULL; 2456 txd->in = NULL; 2457 2458 ieee80211_tx_complete(&in->in_ni, m, status); 2459 2460 if (--ring->queued < IWM_TX_RING_LOMARK) { 2461 sc->qfullmsk &= ~(1 << ring->qid); 2462 if (sc->qfullmsk == 0) { 2463 /* 2464 * Well, we're in interrupt context, but then again 2465 * I guess net80211 does all sorts of stunts in 2466 * interrupt context, so maybe this is no biggie. 2467 */ 2468 iwm_start(sc); 2469 } 2470 } 2471 } 2472 2473 /* 2474 * transmit side 2475 */ 2476 2477 /* 2478 * Process a "command done" firmware notification. This is where we wakeup 2479 * processes waiting for a synchronous command completion. 2480 * from if_iwn 2481 */ 2482 static void 2483 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 2484 { 2485 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE]; 2486 struct iwm_tx_data *data; 2487 2488 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) { 2489 return; /* Not a command ack. */ 2490 } 2491 2492 data = &ring->data[pkt->hdr.idx]; 2493 2494 /* If the command was mapped in an mbuf, free it. */ 2495 if (data->m != NULL) { 2496 bus_dmamap_sync(ring->data_dmat, data->map, 2497 BUS_DMASYNC_POSTWRITE); 2498 bus_dmamap_unload(ring->data_dmat, data->map); 2499 m_freem(data->m); 2500 data->m = NULL; 2501 } 2502 wakeup(&ring->desc[pkt->hdr.idx]); 2503 } 2504 2505 #if 0 2506 /* 2507 * necessary only for block ack mode 2508 */ 2509 void 2510 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 2511 uint16_t len) 2512 { 2513 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 2514 uint16_t w_val; 2515 2516 scd_bc_tbl = sc->sched_dma.vaddr; 2517 2518 len += 8; /* magic numbers came naturally from paris */ 2519 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE) 2520 len = roundup(len, 4) / 4; 2521 2522 w_val = htole16(sta_id << 12 | len); 2523 2524 /* Update TX scheduler. */ 2525 scd_bc_tbl[qid].tfd_offset[idx] = w_val; 2526 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 2527 BUS_DMASYNC_PREWRITE); 2528 2529 /* I really wonder what this is ?!? */ 2530 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) { 2531 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val; 2532 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 2533 BUS_DMASYNC_PREWRITE); 2534 } 2535 } 2536 #endif 2537 2538 /* 2539 * Take an 802.11 (non-n) rate, find the relevant rate 2540 * table entry. return the index into in_ridx[]. 2541 * 2542 * The caller then uses that index back into in_ridx 2543 * to figure out the rate index programmed /into/ 2544 * the firmware for this given node. 2545 */ 2546 static int 2547 iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in, 2548 uint8_t rate) 2549 { 2550 int i; 2551 uint8_t r; 2552 2553 for (i = 0; i < nitems(in->in_ridx); i++) { 2554 r = iwm_rates[in->in_ridx[i]].rate; 2555 if (rate == r) 2556 return (i); 2557 } 2558 /* XXX Return the first */ 2559 /* XXX TODO: have it return the /lowest/ */ 2560 return (0); 2561 } 2562 2563 /* 2564 * Fill in the rate related information for a transmit command. 2565 */ 2566 static const struct iwm_rate * 2567 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 2568 struct ieee80211_frame *wh, struct iwm_tx_cmd *tx) 2569 { 2570 struct ieee80211com *ic = &sc->sc_ic; 2571 struct ieee80211_node *ni = &in->in_ni; 2572 const struct iwm_rate *rinfo; 2573 int type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2574 int ridx, rate_flags; 2575 2576 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 2577 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY; 2578 2579 /* 2580 * XXX TODO: everything about the rate selection here is terrible! 2581 */ 2582 2583 if (type == IEEE80211_FC0_TYPE_DATA) { 2584 int i; 2585 /* for data frames, use RS table */ 2586 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2587 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate); 2588 ridx = in->in_ridx[i]; 2589 2590 /* This is the index into the programmed table */ 2591 tx->initial_rate_index = i; 2592 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 2593 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 2594 "%s: start with i=%d, txrate %d\n", 2595 __func__, i, iwm_rates[ridx].rate); 2596 } else { 2597 /* 2598 * For non-data, use the lowest supported rate for the given 2599 * operational mode. 2600 * 2601 * Note: there may not be any rate control information available. 2602 * This driver currently assumes if we're transmitting data 2603 * frames, use the rate control table. Grr. 2604 * 2605 * XXX TODO: use the configured rate for the traffic type! 2606 * XXX TODO: this should be per-vap, not curmode; as we later 2607 * on we'll want to handle off-channel stuff (eg TDLS). 2608 */ 2609 if (ic->ic_curmode == IEEE80211_MODE_11A) { 2610 /* 2611 * XXX this assumes the mode is either 11a or not 11a; 2612 * definitely won't work for 11n. 2613 */ 2614 ridx = IWM_RIDX_OFDM; 2615 } else { 2616 ridx = IWM_RIDX_CCK; 2617 } 2618 } 2619 2620 rinfo = &iwm_rates[ridx]; 2621 2622 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n", 2623 __func__, ridx, 2624 rinfo->rate, 2625 !! (IWM_RIDX_IS_CCK(ridx)) 2626 ); 2627 2628 /* XXX TODO: hard-coded TX antenna? */ 2629 rate_flags = 1 << IWM_RATE_MCS_ANT_POS; 2630 if (IWM_RIDX_IS_CCK(ridx)) 2631 rate_flags |= IWM_RATE_MCS_CCK_MSK; 2632 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 2633 2634 return rinfo; 2635 } 2636 2637 #define TB0_SIZE 16 2638 static int 2639 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 2640 { 2641 struct ieee80211com *ic = &sc->sc_ic; 2642 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2643 struct iwm_node *in = IWM_NODE(ni); 2644 struct iwm_tx_ring *ring; 2645 struct iwm_tx_data *data; 2646 struct iwm_tfd *desc; 2647 struct iwm_device_cmd *cmd; 2648 struct iwm_tx_cmd *tx; 2649 struct ieee80211_frame *wh; 2650 struct ieee80211_key *k = NULL; 2651 struct mbuf *m1; 2652 const struct iwm_rate *rinfo; 2653 uint32_t flags; 2654 u_int hdrlen; 2655 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER]; 2656 int nsegs; 2657 uint8_t tid, type; 2658 int i, totlen, error, pad; 2659 2660 wh = mtod(m, struct ieee80211_frame *); 2661 hdrlen = ieee80211_anyhdrsize(wh); 2662 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2663 tid = 0; 2664 ring = &sc->txq[ac]; 2665 desc = &ring->desc[ring->cur]; 2666 memset(desc, 0, sizeof(*desc)); 2667 data = &ring->data[ring->cur]; 2668 2669 /* Fill out iwm_tx_cmd to send to the firmware */ 2670 cmd = &ring->cmd[ring->cur]; 2671 cmd->hdr.code = IWM_TX_CMD; 2672 cmd->hdr.flags = 0; 2673 cmd->hdr.qid = ring->qid; 2674 cmd->hdr.idx = ring->cur; 2675 2676 tx = (void *)cmd->data; 2677 memset(tx, 0, sizeof(*tx)); 2678 2679 rinfo = iwm_tx_fill_cmd(sc, in, wh, tx); 2680 2681 /* Encrypt the frame if need be. */ 2682 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2683 /* Retrieve key for TX && do software encryption. */ 2684 k = ieee80211_crypto_encap(ni, m); 2685 if (k == NULL) { 2686 m_freem(m); 2687 return (ENOBUFS); 2688 } 2689 /* 802.11 header may have moved. */ 2690 wh = mtod(m, struct ieee80211_frame *); 2691 } 2692 2693 if (ieee80211_radiotap_active_vap(vap)) { 2694 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 2695 2696 tap->wt_flags = 0; 2697 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 2698 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 2699 tap->wt_rate = rinfo->rate; 2700 if (k != NULL) 2701 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2702 ieee80211_radiotap_tx(vap, m); 2703 } 2704 2705 2706 totlen = m->m_pkthdr.len; 2707 2708 flags = 0; 2709 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2710 flags |= IWM_TX_CMD_FLG_ACK; 2711 } 2712 2713 if (type != IEEE80211_FC0_TYPE_DATA 2714 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) 2715 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2716 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 2717 } 2718 2719 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2720 type != IEEE80211_FC0_TYPE_DATA) 2721 tx->sta_id = sc->sc_aux_sta.sta_id; 2722 else 2723 tx->sta_id = IWM_STATION_ID; 2724 2725 if (type == IEEE80211_FC0_TYPE_MGT) { 2726 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2727 2728 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2729 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2730 tx->pm_frame_timeout = htole16(3); 2731 else 2732 tx->pm_frame_timeout = htole16(2); 2733 } else { 2734 tx->pm_frame_timeout = htole16(0); 2735 } 2736 2737 if (hdrlen & 3) { 2738 /* First segment length must be a multiple of 4. */ 2739 flags |= IWM_TX_CMD_FLG_MH_PAD; 2740 pad = 4 - (hdrlen & 3); 2741 } else 2742 pad = 0; 2743 2744 tx->driver_txop = 0; 2745 tx->next_frame_len = 0; 2746 2747 tx->len = htole16(totlen); 2748 tx->tid_tspec = tid; 2749 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 2750 2751 /* Set physical address of "scratch area". */ 2752 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 2753 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 2754 2755 /* Copy 802.11 header in TX command. */ 2756 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 2757 2758 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL; 2759 2760 tx->sec_ctl = 0; 2761 tx->tx_flags |= htole32(flags); 2762 2763 /* Trim 802.11 header. */ 2764 m_adj(m, hdrlen); 2765 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 2766 segs, &nsegs, BUS_DMA_NOWAIT); 2767 if (error != 0) { 2768 if (error != EFBIG) { 2769 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 2770 error); 2771 m_freem(m); 2772 return error; 2773 } 2774 /* Too many DMA segments, linearize mbuf. */ 2775 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2); 2776 if (m1 == NULL) { 2777 device_printf(sc->sc_dev, 2778 "%s: could not defrag mbuf\n", __func__); 2779 m_freem(m); 2780 return (ENOBUFS); 2781 } 2782 m = m1; 2783 2784 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 2785 segs, &nsegs, BUS_DMA_NOWAIT); 2786 if (error != 0) { 2787 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 2788 error); 2789 m_freem(m); 2790 return error; 2791 } 2792 } 2793 data->m = m; 2794 data->in = in; 2795 data->done = 0; 2796 2797 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 2798 "sending txd %p, in %p\n", data, data->in); 2799 KASSERT(data->in != NULL, ("node is NULL")); 2800 2801 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 2802 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%d\n", 2803 ring->qid, ring->cur, totlen, nsegs, 2804 le32toh(tx->tx_flags), 2805 le32toh(tx->rate_n_flags), 2806 (int) tx->initial_rate_index 2807 ); 2808 2809 /* Fill TX descriptor. */ 2810 desc->num_tbs = 2 + nsegs; 2811 2812 desc->tbs[0].lo = htole32(data->cmd_paddr); 2813 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 2814 (TB0_SIZE << 4); 2815 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 2816 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 2817 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) 2818 + hdrlen + pad - TB0_SIZE) << 4); 2819 2820 /* Other DMA segments are for data payload. */ 2821 for (i = 0; i < nsegs; i++) { 2822 seg = &segs[i]; 2823 desc->tbs[i+2].lo = htole32(seg->ds_addr); 2824 desc->tbs[i+2].hi_n_len = \ 2825 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) 2826 | ((seg->ds_len) << 4); 2827 } 2828 2829 bus_dmamap_sync(ring->data_dmat, data->map, 2830 BUS_DMASYNC_PREWRITE); 2831 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map, 2832 BUS_DMASYNC_PREWRITE); 2833 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2834 BUS_DMASYNC_PREWRITE); 2835 2836 #if 0 2837 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len)); 2838 #endif 2839 2840 /* Kick TX ring. */ 2841 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 2842 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 2843 2844 /* Mark TX ring as full if we reach a certain threshold. */ 2845 if (++ring->queued > IWM_TX_RING_HIMARK) { 2846 sc->qfullmsk |= 1 << ring->qid; 2847 } 2848 2849 return 0; 2850 } 2851 2852 static int 2853 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2854 const struct ieee80211_bpf_params *params) 2855 { 2856 struct ieee80211com *ic = ni->ni_ic; 2857 struct iwm_softc *sc = ic->ic_softc; 2858 int error = 0; 2859 2860 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 2861 "->%s begin\n", __func__); 2862 2863 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 2864 m_freem(m); 2865 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 2866 "<-%s not RUNNING\n", __func__); 2867 return (ENETDOWN); 2868 } 2869 2870 IWM_LOCK(sc); 2871 /* XXX fix this */ 2872 if (params == NULL) { 2873 error = iwm_tx(sc, m, ni, 0); 2874 } else { 2875 error = iwm_tx(sc, m, ni, 0); 2876 } 2877 sc->sc_tx_timer = 5; 2878 IWM_UNLOCK(sc); 2879 2880 return (error); 2881 } 2882 2883 /* 2884 * mvm/tx.c 2885 */ 2886 2887 #if 0 2888 /* 2889 * Note that there are transports that buffer frames before they reach 2890 * the firmware. This means that after flush_tx_path is called, the 2891 * queue might not be empty. The race-free way to handle this is to: 2892 * 1) set the station as draining 2893 * 2) flush the Tx path 2894 * 3) wait for the transport queues to be empty 2895 */ 2896 int 2897 iwm_mvm_flush_tx_path(struct iwm_softc *sc, int tfd_msk, int sync) 2898 { 2899 struct iwm_tx_path_flush_cmd flush_cmd = { 2900 .queues_ctl = htole32(tfd_msk), 2901 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH), 2902 }; 2903 int ret; 2904 2905 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, 2906 sync ? IWM_CMD_SYNC : IWM_CMD_ASYNC, 2907 sizeof(flush_cmd), &flush_cmd); 2908 if (ret) 2909 device_printf(sc->sc_dev, 2910 "Flushing tx queue failed: %d\n", ret); 2911 return ret; 2912 } 2913 #endif 2914 2915 /* 2916 * BEGIN mvm/sta.c 2917 */ 2918 2919 static void 2920 iwm_mvm_add_sta_cmd_v6_to_v5(struct iwm_mvm_add_sta_cmd_v6 *cmd_v6, 2921 struct iwm_mvm_add_sta_cmd_v5 *cmd_v5) 2922 { 2923 memset(cmd_v5, 0, sizeof(*cmd_v5)); 2924 2925 cmd_v5->add_modify = cmd_v6->add_modify; 2926 cmd_v5->tid_disable_tx = cmd_v6->tid_disable_tx; 2927 cmd_v5->mac_id_n_color = cmd_v6->mac_id_n_color; 2928 IEEE80211_ADDR_COPY(cmd_v5->addr, cmd_v6->addr); 2929 cmd_v5->sta_id = cmd_v6->sta_id; 2930 cmd_v5->modify_mask = cmd_v6->modify_mask; 2931 cmd_v5->station_flags = cmd_v6->station_flags; 2932 cmd_v5->station_flags_msk = cmd_v6->station_flags_msk; 2933 cmd_v5->add_immediate_ba_tid = cmd_v6->add_immediate_ba_tid; 2934 cmd_v5->remove_immediate_ba_tid = cmd_v6->remove_immediate_ba_tid; 2935 cmd_v5->add_immediate_ba_ssn = cmd_v6->add_immediate_ba_ssn; 2936 cmd_v5->sleep_tx_count = cmd_v6->sleep_tx_count; 2937 cmd_v5->sleep_state_flags = cmd_v6->sleep_state_flags; 2938 cmd_v5->assoc_id = cmd_v6->assoc_id; 2939 cmd_v5->beamform_flags = cmd_v6->beamform_flags; 2940 cmd_v5->tfd_queue_msk = cmd_v6->tfd_queue_msk; 2941 } 2942 2943 static int 2944 iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc, 2945 struct iwm_mvm_add_sta_cmd_v6 *cmd, int *status) 2946 { 2947 struct iwm_mvm_add_sta_cmd_v5 cmd_v5; 2948 2949 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_STA_KEY_CMD) { 2950 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, 2951 sizeof(*cmd), cmd, status); 2952 } 2953 2954 iwm_mvm_add_sta_cmd_v6_to_v5(cmd, &cmd_v5); 2955 2956 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(cmd_v5), 2957 &cmd_v5, status); 2958 } 2959 2960 /* send station add/update command to firmware */ 2961 static int 2962 iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update) 2963 { 2964 struct iwm_mvm_add_sta_cmd_v6 add_sta_cmd; 2965 int ret; 2966 uint32_t status; 2967 2968 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd)); 2969 2970 add_sta_cmd.sta_id = IWM_STATION_ID; 2971 add_sta_cmd.mac_id_n_color 2972 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID, 2973 IWM_DEFAULT_COLOR)); 2974 if (!update) { 2975 add_sta_cmd.tfd_queue_msk = htole32(0xf); 2976 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid); 2977 } 2978 add_sta_cmd.add_modify = update ? 1 : 0; 2979 add_sta_cmd.station_flags_msk 2980 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK); 2981 2982 status = IWM_ADD_STA_SUCCESS; 2983 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status); 2984 if (ret) 2985 return ret; 2986 2987 switch (status) { 2988 case IWM_ADD_STA_SUCCESS: 2989 break; 2990 default: 2991 ret = EIO; 2992 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n"); 2993 break; 2994 } 2995 2996 return ret; 2997 } 2998 2999 static int 3000 iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in) 3001 { 3002 return iwm_mvm_sta_send_to_fw(sc, in, 0); 3003 } 3004 3005 static int 3006 iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in) 3007 { 3008 return iwm_mvm_sta_send_to_fw(sc, in, 1); 3009 } 3010 3011 static int 3012 iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta, 3013 const uint8_t *addr, uint16_t mac_id, uint16_t color) 3014 { 3015 struct iwm_mvm_add_sta_cmd_v6 cmd; 3016 int ret; 3017 uint32_t status; 3018 3019 memset(&cmd, 0, sizeof(cmd)); 3020 cmd.sta_id = sta->sta_id; 3021 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color)); 3022 3023 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk); 3024 3025 if (addr) 3026 IEEE80211_ADDR_COPY(cmd.addr, addr); 3027 3028 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status); 3029 if (ret) 3030 return ret; 3031 3032 switch (status) { 3033 case IWM_ADD_STA_SUCCESS: 3034 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 3035 "%s: Internal station added.\n", __func__); 3036 return 0; 3037 default: 3038 device_printf(sc->sc_dev, 3039 "%s: Add internal station failed, status=0x%x\n", 3040 __func__, status); 3041 ret = EIO; 3042 break; 3043 } 3044 return ret; 3045 } 3046 3047 static int 3048 iwm_mvm_add_aux_sta(struct iwm_softc *sc) 3049 { 3050 int ret; 3051 3052 sc->sc_aux_sta.sta_id = 3; 3053 sc->sc_aux_sta.tfd_queue_msk = 0; 3054 3055 ret = iwm_mvm_add_int_sta_common(sc, 3056 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0); 3057 3058 if (ret) 3059 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta)); 3060 return ret; 3061 } 3062 3063 /* 3064 * END mvm/sta.c 3065 */ 3066 3067 /* 3068 * BEGIN mvm/quota.c 3069 */ 3070 3071 static int 3072 iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in) 3073 { 3074 struct iwm_time_quota_cmd cmd; 3075 int i, idx, ret, num_active_macs, quota, quota_rem; 3076 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 3077 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 3078 uint16_t id; 3079 3080 memset(&cmd, 0, sizeof(cmd)); 3081 3082 /* currently, PHY ID == binding ID */ 3083 if (in) { 3084 id = in->in_phyctxt->id; 3085 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id")); 3086 colors[id] = in->in_phyctxt->color; 3087 3088 if (1) 3089 n_ifs[id] = 1; 3090 } 3091 3092 /* 3093 * The FW's scheduling session consists of 3094 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments 3095 * equally between all the bindings that require quota 3096 */ 3097 num_active_macs = 0; 3098 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 3099 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 3100 num_active_macs += n_ifs[i]; 3101 } 3102 3103 quota = 0; 3104 quota_rem = 0; 3105 if (num_active_macs) { 3106 quota = IWM_MVM_MAX_QUOTA / num_active_macs; 3107 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs; 3108 } 3109 3110 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 3111 if (colors[i] < 0) 3112 continue; 3113 3114 cmd.quotas[idx].id_and_color = 3115 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 3116 3117 if (n_ifs[i] <= 0) { 3118 cmd.quotas[idx].quota = htole32(0); 3119 cmd.quotas[idx].max_duration = htole32(0); 3120 } else { 3121 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 3122 cmd.quotas[idx].max_duration = htole32(0); 3123 } 3124 idx++; 3125 } 3126 3127 /* Give the remainder of the session to the first binding */ 3128 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 3129 3130 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC, 3131 sizeof(cmd), &cmd); 3132 if (ret) 3133 device_printf(sc->sc_dev, 3134 "%s: Failed to send quota: %d\n", __func__, ret); 3135 return ret; 3136 } 3137 3138 /* 3139 * END mvm/quota.c 3140 */ 3141 3142 /* 3143 * ieee80211 routines 3144 */ 3145 3146 /* 3147 * Change to AUTH state in 80211 state machine. Roughly matches what 3148 * Linux does in bss_info_changed(). 3149 */ 3150 static int 3151 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc) 3152 { 3153 struct ieee80211_node *ni; 3154 struct iwm_node *in; 3155 struct iwm_vap *iv = IWM_VAP(vap); 3156 uint32_t duration; 3157 int error; 3158 3159 /* 3160 * XXX i have a feeling that the vap node is being 3161 * freed from underneath us. Grr. 3162 */ 3163 ni = ieee80211_ref_node(vap->iv_bss); 3164 in = IWM_NODE(ni); 3165 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE, 3166 "%s: called; vap=%p, bss ni=%p\n", 3167 __func__, 3168 vap, 3169 ni); 3170 3171 in->in_assoc = 0; 3172 3173 error = iwm_allow_mcast(vap, sc); 3174 if (error) { 3175 device_printf(sc->sc_dev, 3176 "%s: failed to set multicast\n", __func__); 3177 goto out; 3178 } 3179 3180 /* 3181 * This is where it deviates from what Linux does. 3182 * 3183 * Linux iwlwifi doesn't reset the nic each time, nor does it 3184 * call ctxt_add() here. Instead, it adds it during vap creation, 3185 * and always does does a mac_ctx_changed(). 3186 * 3187 * The openbsd port doesn't attempt to do that - it reset things 3188 * at odd states and does the add here. 3189 * 3190 * So, until the state handling is fixed (ie, we never reset 3191 * the NIC except for a firmware failure, which should drag 3192 * the NIC back to IDLE, re-setup and re-add all the mac/phy 3193 * contexts that are required), let's do a dirty hack here. 3194 */ 3195 if (iv->is_uploaded) { 3196 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 3197 device_printf(sc->sc_dev, 3198 "%s: failed to update MAC\n", __func__); 3199 goto out; 3200 } 3201 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 3202 in->in_ni.ni_chan, 1, 1)) != 0) { 3203 device_printf(sc->sc_dev, 3204 "%s: failed update phy ctxt\n", __func__); 3205 goto out; 3206 } 3207 in->in_phyctxt = &sc->sc_phyctxt[0]; 3208 3209 if ((error = iwm_mvm_binding_update(sc, in)) != 0) { 3210 device_printf(sc->sc_dev, 3211 "%s: binding update cmd\n", __func__); 3212 goto out; 3213 } 3214 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 3215 device_printf(sc->sc_dev, 3216 "%s: failed to update sta\n", __func__); 3217 goto out; 3218 } 3219 } else { 3220 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) { 3221 device_printf(sc->sc_dev, 3222 "%s: failed to add MAC\n", __func__); 3223 goto out; 3224 } 3225 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 3226 in->in_ni.ni_chan, 1, 1)) != 0) { 3227 device_printf(sc->sc_dev, 3228 "%s: failed add phy ctxt!\n", __func__); 3229 error = ETIMEDOUT; 3230 goto out; 3231 } 3232 in->in_phyctxt = &sc->sc_phyctxt[0]; 3233 3234 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) { 3235 device_printf(sc->sc_dev, 3236 "%s: binding add cmd\n", __func__); 3237 goto out; 3238 } 3239 if ((error = iwm_mvm_add_sta(sc, in)) != 0) { 3240 device_printf(sc->sc_dev, 3241 "%s: failed to add sta\n", __func__); 3242 goto out; 3243 } 3244 } 3245 3246 /* 3247 * Prevent the FW from wandering off channel during association 3248 * by "protecting" the session with a time event. 3249 */ 3250 /* XXX duration is in units of TU, not MS */ 3251 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS; 3252 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */); 3253 DELAY(100); 3254 3255 error = 0; 3256 out: 3257 ieee80211_free_node(ni); 3258 return (error); 3259 } 3260 3261 static int 3262 iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc) 3263 { 3264 struct iwm_node *in = IWM_NODE(vap->iv_bss); 3265 int error; 3266 3267 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 3268 device_printf(sc->sc_dev, 3269 "%s: failed to update STA\n", __func__); 3270 return error; 3271 } 3272 3273 in->in_assoc = 1; 3274 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 3275 device_printf(sc->sc_dev, 3276 "%s: failed to update MAC\n", __func__); 3277 return error; 3278 } 3279 3280 return 0; 3281 } 3282 3283 static int 3284 iwm_release(struct iwm_softc *sc, struct iwm_node *in) 3285 { 3286 /* 3287 * Ok, so *technically* the proper set of calls for going 3288 * from RUN back to SCAN is: 3289 * 3290 * iwm_mvm_power_mac_disable(sc, in); 3291 * iwm_mvm_mac_ctxt_changed(sc, in); 3292 * iwm_mvm_rm_sta(sc, in); 3293 * iwm_mvm_update_quotas(sc, NULL); 3294 * iwm_mvm_mac_ctxt_changed(sc, in); 3295 * iwm_mvm_binding_remove_vif(sc, in); 3296 * iwm_mvm_mac_ctxt_remove(sc, in); 3297 * 3298 * However, that freezes the device not matter which permutations 3299 * and modifications are attempted. Obviously, this driver is missing 3300 * something since it works in the Linux driver, but figuring out what 3301 * is missing is a little more complicated. Now, since we're going 3302 * back to nothing anyway, we'll just do a complete device reset. 3303 * Up your's, device! 3304 */ 3305 //iwm_mvm_flush_tx_path(sc, 0xf, 1); 3306 iwm_stop_device(sc); 3307 iwm_init_hw(sc); 3308 if (in) 3309 in->in_assoc = 0; 3310 return 0; 3311 3312 #if 0 3313 int error; 3314 3315 iwm_mvm_power_mac_disable(sc, in); 3316 3317 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 3318 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error); 3319 return error; 3320 } 3321 3322 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) { 3323 device_printf(sc->sc_dev, "sta remove fail %d\n", error); 3324 return error; 3325 } 3326 error = iwm_mvm_rm_sta(sc, in); 3327 in->in_assoc = 0; 3328 iwm_mvm_update_quotas(sc, NULL); 3329 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 3330 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error); 3331 return error; 3332 } 3333 iwm_mvm_binding_remove_vif(sc, in); 3334 3335 iwm_mvm_mac_ctxt_remove(sc, in); 3336 3337 return error; 3338 #endif 3339 } 3340 3341 static struct ieee80211_node * 3342 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 3343 { 3344 return malloc(sizeof (struct iwm_node), M_80211_NODE, 3345 M_NOWAIT | M_ZERO); 3346 } 3347 3348 static void 3349 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in) 3350 { 3351 struct ieee80211_node *ni = &in->in_ni; 3352 struct iwm_lq_cmd *lq = &in->in_lq; 3353 int nrates = ni->ni_rates.rs_nrates; 3354 int i, ridx, tab = 0; 3355 int txant = 0; 3356 3357 if (nrates > nitems(lq->rs_table)) { 3358 device_printf(sc->sc_dev, 3359 "%s: node supports %d rates, driver handles " 3360 "only %zu\n", __func__, nrates, nitems(lq->rs_table)); 3361 return; 3362 } 3363 if (nrates == 0) { 3364 device_printf(sc->sc_dev, 3365 "%s: node supports 0 rates, odd!\n", __func__); 3366 return; 3367 } 3368 3369 /* 3370 * XXX .. and most of iwm_node is not initialised explicitly; 3371 * it's all just 0x0 passed to the firmware. 3372 */ 3373 3374 /* first figure out which rates we should support */ 3375 /* XXX TODO: this isn't 11n aware /at all/ */ 3376 memset(&in->in_ridx, -1, sizeof(in->in_ridx)); 3377 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3378 "%s: nrates=%d\n", __func__, nrates); 3379 3380 /* 3381 * Loop over nrates and populate in_ridx from the highest 3382 * rate to the lowest rate. Remember, in_ridx[] has 3383 * IEEE80211_RATE_MAXSIZE entries! 3384 */ 3385 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) { 3386 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL; 3387 3388 /* Map 802.11 rate to HW rate index. */ 3389 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++) 3390 if (iwm_rates[ridx].rate == rate) 3391 break; 3392 if (ridx > IWM_RIDX_MAX) { 3393 device_printf(sc->sc_dev, 3394 "%s: WARNING: device rate for %d not found!\n", 3395 __func__, rate); 3396 } else { 3397 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3398 "%s: rate: i: %d, rate=%d, ridx=%d\n", 3399 __func__, 3400 i, 3401 rate, 3402 ridx); 3403 in->in_ridx[i] = ridx; 3404 } 3405 } 3406 3407 /* then construct a lq_cmd based on those */ 3408 memset(lq, 0, sizeof(*lq)); 3409 lq->sta_id = IWM_STATION_ID; 3410 3411 /* 3412 * are these used? (we don't do SISO or MIMO) 3413 * need to set them to non-zero, though, or we get an error. 3414 */ 3415 lq->single_stream_ant_msk = 1; 3416 lq->dual_stream_ant_msk = 1; 3417 3418 /* 3419 * Build the actual rate selection table. 3420 * The lowest bits are the rates. Additionally, 3421 * CCK needs bit 9 to be set. The rest of the bits 3422 * we add to the table select the tx antenna 3423 * Note that we add the rates in the highest rate first 3424 * (opposite of ni_rates). 3425 */ 3426 /* 3427 * XXX TODO: this should be looping over the min of nrates 3428 * and LQ_MAX_RETRY_NUM. Sigh. 3429 */ 3430 for (i = 0; i < nrates; i++) { 3431 int nextant; 3432 3433 if (txant == 0) 3434 txant = IWM_FW_VALID_TX_ANT(sc); 3435 nextant = 1<<(ffs(txant)-1); 3436 txant &= ~nextant; 3437 3438 /* 3439 * Map the rate id into a rate index into 3440 * our hardware table containing the 3441 * configuration to use for this rate. 3442 */ 3443 ridx = in->in_ridx[i]; 3444 tab = iwm_rates[ridx].plcp; 3445 tab |= nextant << IWM_RATE_MCS_ANT_POS; 3446 if (IWM_RIDX_IS_CCK(ridx)) 3447 tab |= IWM_RATE_MCS_CCK_MSK; 3448 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3449 "station rate i=%d, rate=%d, hw=%x\n", 3450 i, iwm_rates[ridx].rate, tab); 3451 lq->rs_table[i] = htole32(tab); 3452 } 3453 /* then fill the rest with the lowest possible rate */ 3454 for (i = nrates; i < nitems(lq->rs_table); i++) { 3455 KASSERT(tab != 0, ("invalid tab")); 3456 lq->rs_table[i] = htole32(tab); 3457 } 3458 } 3459 3460 static int 3461 iwm_media_change(struct ifnet *ifp) 3462 { 3463 struct ieee80211vap *vap = ifp->if_softc; 3464 struct ieee80211com *ic = vap->iv_ic; 3465 struct iwm_softc *sc = ic->ic_softc; 3466 int error; 3467 3468 error = ieee80211_media_change(ifp); 3469 if (error != ENETRESET) 3470 return error; 3471 3472 IWM_LOCK(sc); 3473 if (ic->ic_nrunning > 0) { 3474 iwm_stop(sc); 3475 iwm_init(sc); 3476 } 3477 IWM_UNLOCK(sc); 3478 return error; 3479 } 3480 3481 3482 static int 3483 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 3484 { 3485 struct iwm_vap *ivp = IWM_VAP(vap); 3486 struct ieee80211com *ic = vap->iv_ic; 3487 struct iwm_softc *sc = ic->ic_softc; 3488 struct iwm_node *in; 3489 int error; 3490 3491 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 3492 "switching state %s -> %s\n", 3493 ieee80211_state_name[vap->iv_state], 3494 ieee80211_state_name[nstate]); 3495 IEEE80211_UNLOCK(ic); 3496 IWM_LOCK(sc); 3497 3498 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state) 3499 iwm_led_blink_stop(sc); 3500 3501 /* disable beacon filtering if we're hopping out of RUN */ 3502 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) { 3503 iwm_mvm_disable_beacon_filter(sc); 3504 3505 if (((in = IWM_NODE(vap->iv_bss)) != NULL)) 3506 in->in_assoc = 0; 3507 3508 iwm_release(sc, NULL); 3509 3510 /* 3511 * It's impossible to directly go RUN->SCAN. If we iwm_release() 3512 * above then the card will be completely reinitialized, 3513 * so the driver must do everything necessary to bring the card 3514 * from INIT to SCAN. 3515 * 3516 * Additionally, upon receiving deauth frame from AP, 3517 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH 3518 * state. This will also fail with this driver, so bring the FSM 3519 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well. 3520 * 3521 * XXX TODO: fix this for FreeBSD! 3522 */ 3523 if (nstate == IEEE80211_S_SCAN || 3524 nstate == IEEE80211_S_AUTH || 3525 nstate == IEEE80211_S_ASSOC) { 3526 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 3527 "Force transition to INIT; MGT=%d\n", arg); 3528 IWM_UNLOCK(sc); 3529 IEEE80211_LOCK(ic); 3530 vap->iv_newstate(vap, IEEE80211_S_INIT, arg); 3531 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 3532 "Going INIT->SCAN\n"); 3533 nstate = IEEE80211_S_SCAN; 3534 IEEE80211_UNLOCK(ic); 3535 IWM_LOCK(sc); 3536 } 3537 } 3538 3539 switch (nstate) { 3540 case IEEE80211_S_INIT: 3541 sc->sc_scanband = 0; 3542 break; 3543 3544 case IEEE80211_S_AUTH: 3545 if ((error = iwm_auth(vap, sc)) != 0) { 3546 device_printf(sc->sc_dev, 3547 "%s: could not move to auth state: %d\n", 3548 __func__, error); 3549 break; 3550 } 3551 break; 3552 3553 case IEEE80211_S_ASSOC: 3554 if ((error = iwm_assoc(vap, sc)) != 0) { 3555 device_printf(sc->sc_dev, 3556 "%s: failed to associate: %d\n", __func__, 3557 error); 3558 break; 3559 } 3560 break; 3561 3562 case IEEE80211_S_RUN: 3563 { 3564 struct iwm_host_cmd cmd = { 3565 .id = IWM_LQ_CMD, 3566 .len = { sizeof(in->in_lq), }, 3567 .flags = IWM_CMD_SYNC, 3568 }; 3569 3570 /* Update the association state, now we have it all */ 3571 /* (eg associd comes in at this point */ 3572 error = iwm_assoc(vap, sc); 3573 if (error != 0) { 3574 device_printf(sc->sc_dev, 3575 "%s: failed to update association state: %d\n", 3576 __func__, 3577 error); 3578 break; 3579 } 3580 3581 in = IWM_NODE(vap->iv_bss); 3582 iwm_mvm_power_mac_update_mode(sc, in); 3583 iwm_mvm_enable_beacon_filter(sc, in); 3584 iwm_mvm_update_quotas(sc, in); 3585 iwm_setrates(sc, in); 3586 3587 cmd.data[0] = &in->in_lq; 3588 if ((error = iwm_send_cmd(sc, &cmd)) != 0) { 3589 device_printf(sc->sc_dev, 3590 "%s: IWM_LQ_CMD failed\n", __func__); 3591 } 3592 3593 break; 3594 } 3595 3596 default: 3597 break; 3598 } 3599 IWM_UNLOCK(sc); 3600 IEEE80211_LOCK(ic); 3601 3602 return (ivp->iv_newstate(vap, nstate, arg)); 3603 } 3604 3605 void 3606 iwm_endscan_cb(void *arg, int pending) 3607 { 3608 struct iwm_softc *sc = arg; 3609 struct ieee80211com *ic = &sc->sc_ic; 3610 int done; 3611 int error; 3612 3613 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE, 3614 "%s: scan ended\n", 3615 __func__); 3616 3617 IWM_LOCK(sc); 3618 if (sc->sc_scanband == IEEE80211_CHAN_2GHZ && 3619 sc->sc_nvm.sku_cap_band_52GHz_enable) { 3620 done = 0; 3621 if ((error = iwm_mvm_scan_request(sc, 3622 IEEE80211_CHAN_5GHZ, 0, NULL, 0)) != 0) { 3623 device_printf(sc->sc_dev, 3624 "could not initiate 5 GHz scan\n"); 3625 done = 1; 3626 } 3627 } else { 3628 done = 1; 3629 } 3630 3631 if (done) { 3632 IWM_UNLOCK(sc); 3633 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps)); 3634 IWM_LOCK(sc); 3635 sc->sc_scanband = 0; 3636 } 3637 IWM_UNLOCK(sc); 3638 } 3639 3640 static int 3641 iwm_init_hw(struct iwm_softc *sc) 3642 { 3643 struct ieee80211com *ic = &sc->sc_ic; 3644 int error, i, qid; 3645 3646 if ((error = iwm_start_hw(sc)) != 0) 3647 return error; 3648 3649 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) { 3650 return error; 3651 } 3652 3653 /* 3654 * should stop and start HW since that INIT 3655 * image just loaded 3656 */ 3657 iwm_stop_device(sc); 3658 if ((error = iwm_start_hw(sc)) != 0) { 3659 device_printf(sc->sc_dev, "could not initialize hardware\n"); 3660 return error; 3661 } 3662 3663 /* omstart, this time with the regular firmware */ 3664 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR); 3665 if (error) { 3666 device_printf(sc->sc_dev, "could not load firmware\n"); 3667 goto error; 3668 } 3669 3670 if ((error = iwm_send_tx_ant_cfg(sc, IWM_FW_VALID_TX_ANT(sc))) != 0) 3671 goto error; 3672 3673 /* Send phy db control command and then phy db calibration*/ 3674 if ((error = iwm_send_phy_db_data(sc)) != 0) 3675 goto error; 3676 3677 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) 3678 goto error; 3679 3680 /* Add auxiliary station for scanning */ 3681 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) 3682 goto error; 3683 3684 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 3685 /* 3686 * The channel used here isn't relevant as it's 3687 * going to be overwritten in the other flows. 3688 * For now use the first channel we have. 3689 */ 3690 if ((error = iwm_mvm_phy_ctxt_add(sc, 3691 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0) 3692 goto error; 3693 } 3694 3695 error = iwm_mvm_power_update_device(sc); 3696 if (error) 3697 goto error; 3698 3699 /* Mark TX rings as active. */ 3700 for (qid = 0; qid < 4; qid++) { 3701 iwm_enable_txq(sc, qid, qid); 3702 } 3703 3704 return 0; 3705 3706 error: 3707 iwm_stop_device(sc); 3708 return error; 3709 } 3710 3711 /* Allow multicast from our BSSID. */ 3712 static int 3713 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc) 3714 { 3715 struct ieee80211_node *ni = vap->iv_bss; 3716 struct iwm_mcast_filter_cmd *cmd; 3717 size_t size; 3718 int error; 3719 3720 size = roundup(sizeof(*cmd), 4); 3721 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 3722 if (cmd == NULL) 3723 return ENOMEM; 3724 cmd->filter_own = 1; 3725 cmd->port_id = 0; 3726 cmd->count = 0; 3727 cmd->pass_all = 1; 3728 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid); 3729 3730 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 3731 IWM_CMD_SYNC, size, cmd); 3732 free(cmd, M_DEVBUF); 3733 3734 return (error); 3735 } 3736 3737 static void 3738 iwm_init(struct iwm_softc *sc) 3739 { 3740 int error; 3741 3742 if (sc->sc_flags & IWM_FLAG_HW_INITED) { 3743 return; 3744 } 3745 sc->sc_generation++; 3746 sc->sc_flags &= ~IWM_FLAG_STOPPED; 3747 3748 if ((error = iwm_init_hw(sc)) != 0) { 3749 iwm_stop(sc); 3750 return; 3751 } 3752 3753 /* 3754 * Ok, firmware loaded and we are jogging 3755 */ 3756 sc->sc_flags |= IWM_FLAG_HW_INITED; 3757 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 3758 } 3759 3760 static int 3761 iwm_transmit(struct ieee80211com *ic, struct mbuf *m) 3762 { 3763 struct iwm_softc *sc; 3764 int error; 3765 3766 sc = ic->ic_softc; 3767 3768 IWM_LOCK(sc); 3769 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 3770 IWM_UNLOCK(sc); 3771 return (ENXIO); 3772 } 3773 error = mbufq_enqueue(&sc->sc_snd, m); 3774 if (error) { 3775 IWM_UNLOCK(sc); 3776 return (error); 3777 } 3778 iwm_start(sc); 3779 IWM_UNLOCK(sc); 3780 return (0); 3781 } 3782 3783 /* 3784 * Dequeue packets from sendq and call send. 3785 */ 3786 static void 3787 iwm_start(struct iwm_softc *sc) 3788 { 3789 struct ieee80211_node *ni; 3790 struct mbuf *m; 3791 int ac = 0; 3792 3793 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__); 3794 while (sc->qfullmsk == 0 && 3795 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3796 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3797 if (iwm_tx(sc, m, ni, ac) != 0) { 3798 if_inc_counter(ni->ni_vap->iv_ifp, 3799 IFCOUNTER_OERRORS, 1); 3800 ieee80211_free_node(ni); 3801 continue; 3802 } 3803 sc->sc_tx_timer = 15; 3804 } 3805 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__); 3806 } 3807 3808 static void 3809 iwm_stop(struct iwm_softc *sc) 3810 { 3811 3812 sc->sc_flags &= ~IWM_FLAG_HW_INITED; 3813 sc->sc_flags |= IWM_FLAG_STOPPED; 3814 sc->sc_generation++; 3815 sc->sc_scanband = 0; 3816 iwm_led_blink_stop(sc); 3817 sc->sc_tx_timer = 0; 3818 iwm_stop_device(sc); 3819 } 3820 3821 static void 3822 iwm_watchdog(void *arg) 3823 { 3824 struct iwm_softc *sc = arg; 3825 struct ieee80211com *ic = &sc->sc_ic; 3826 3827 if (sc->sc_tx_timer > 0) { 3828 if (--sc->sc_tx_timer == 0) { 3829 device_printf(sc->sc_dev, "device timeout\n"); 3830 #ifdef IWM_DEBUG 3831 iwm_nic_error(sc); 3832 #endif 3833 ieee80211_restart_all(ic); 3834 counter_u64_add(ic->ic_oerrors, 1); 3835 return; 3836 } 3837 } 3838 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 3839 } 3840 3841 static void 3842 iwm_parent(struct ieee80211com *ic) 3843 { 3844 struct iwm_softc *sc = ic->ic_softc; 3845 int startall = 0; 3846 3847 IWM_LOCK(sc); 3848 if (ic->ic_nrunning > 0) { 3849 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) { 3850 iwm_init(sc); 3851 startall = 1; 3852 } 3853 } else if (sc->sc_flags & IWM_FLAG_HW_INITED) 3854 iwm_stop(sc); 3855 IWM_UNLOCK(sc); 3856 if (startall) 3857 ieee80211_start_all(ic); 3858 } 3859 3860 /* 3861 * The interrupt side of things 3862 */ 3863 3864 /* 3865 * error dumping routines are from iwlwifi/mvm/utils.c 3866 */ 3867 3868 /* 3869 * Note: This structure is read from the device with IO accesses, 3870 * and the reading already does the endian conversion. As it is 3871 * read with uint32_t-sized accesses, any members with a different size 3872 * need to be ordered correctly though! 3873 */ 3874 struct iwm_error_event_table { 3875 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 3876 uint32_t error_id; /* type of error */ 3877 uint32_t pc; /* program counter */ 3878 uint32_t blink1; /* branch link */ 3879 uint32_t blink2; /* branch link */ 3880 uint32_t ilink1; /* interrupt link */ 3881 uint32_t ilink2; /* interrupt link */ 3882 uint32_t data1; /* error-specific data */ 3883 uint32_t data2; /* error-specific data */ 3884 uint32_t data3; /* error-specific data */ 3885 uint32_t bcon_time; /* beacon timer */ 3886 uint32_t tsf_low; /* network timestamp function timer */ 3887 uint32_t tsf_hi; /* network timestamp function timer */ 3888 uint32_t gp1; /* GP1 timer register */ 3889 uint32_t gp2; /* GP2 timer register */ 3890 uint32_t gp3; /* GP3 timer register */ 3891 uint32_t ucode_ver; /* uCode version */ 3892 uint32_t hw_ver; /* HW Silicon version */ 3893 uint32_t brd_ver; /* HW board version */ 3894 uint32_t log_pc; /* log program counter */ 3895 uint32_t frame_ptr; /* frame pointer */ 3896 uint32_t stack_ptr; /* stack pointer */ 3897 uint32_t hcmd; /* last host command header */ 3898 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 3899 * rxtx_flag */ 3900 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 3901 * host_flag */ 3902 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 3903 * enc_flag */ 3904 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 3905 * time_flag */ 3906 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 3907 * wico interrupt */ 3908 uint32_t isr_pref; /* isr status register LMPM_NIC_PREF_STAT */ 3909 uint32_t wait_event; /* wait event() caller address */ 3910 uint32_t l2p_control; /* L2pControlField */ 3911 uint32_t l2p_duration; /* L2pDurationField */ 3912 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 3913 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 3914 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 3915 * (LMPM_PMG_SEL) */ 3916 uint32_t u_timestamp; /* indicate when the date and time of the 3917 * compilation */ 3918 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 3919 } __packed; 3920 3921 #define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 3922 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 3923 3924 #ifdef IWM_DEBUG 3925 struct { 3926 const char *name; 3927 uint8_t num; 3928 } advanced_lookup[] = { 3929 { "NMI_INTERRUPT_WDG", 0x34 }, 3930 { "SYSASSERT", 0x35 }, 3931 { "UCODE_VERSION_MISMATCH", 0x37 }, 3932 { "BAD_COMMAND", 0x38 }, 3933 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 3934 { "FATAL_ERROR", 0x3D }, 3935 { "NMI_TRM_HW_ERR", 0x46 }, 3936 { "NMI_INTERRUPT_TRM", 0x4C }, 3937 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 3938 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 3939 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 3940 { "NMI_INTERRUPT_HOST", 0x66 }, 3941 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 3942 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 3943 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 3944 { "ADVANCED_SYSASSERT", 0 }, 3945 }; 3946 3947 static const char * 3948 iwm_desc_lookup(uint32_t num) 3949 { 3950 int i; 3951 3952 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 3953 if (advanced_lookup[i].num == num) 3954 return advanced_lookup[i].name; 3955 3956 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 3957 return advanced_lookup[i].name; 3958 } 3959 3960 /* 3961 * Support for dumping the error log seemed like a good idea ... 3962 * but it's mostly hex junk and the only sensible thing is the 3963 * hw/ucode revision (which we know anyway). Since it's here, 3964 * I'll just leave it in, just in case e.g. the Intel guys want to 3965 * help us decipher some "ADVANCED_SYSASSERT" later. 3966 */ 3967 static void 3968 iwm_nic_error(struct iwm_softc *sc) 3969 { 3970 struct iwm_error_event_table table; 3971 uint32_t base; 3972 3973 device_printf(sc->sc_dev, "dumping device error log\n"); 3974 base = sc->sc_uc.uc_error_event_table; 3975 if (base < 0x800000 || base >= 0x80C000) { 3976 device_printf(sc->sc_dev, 3977 "Not valid error log pointer 0x%08x\n", base); 3978 return; 3979 } 3980 3981 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t)) != 0) { 3982 device_printf(sc->sc_dev, "reading errlog failed\n"); 3983 return; 3984 } 3985 3986 if (!table.valid) { 3987 device_printf(sc->sc_dev, "errlog not found, skipping\n"); 3988 return; 3989 } 3990 3991 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 3992 device_printf(sc->sc_dev, "Start IWL Error Log Dump:\n"); 3993 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 3994 sc->sc_flags, table.valid); 3995 } 3996 3997 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id, 3998 iwm_desc_lookup(table.error_id)); 3999 device_printf(sc->sc_dev, "%08X | uPc\n", table.pc); 4000 device_printf(sc->sc_dev, "%08X | branchlink1\n", table.blink1); 4001 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2); 4002 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1); 4003 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2); 4004 device_printf(sc->sc_dev, "%08X | data1\n", table.data1); 4005 device_printf(sc->sc_dev, "%08X | data2\n", table.data2); 4006 device_printf(sc->sc_dev, "%08X | data3\n", table.data3); 4007 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time); 4008 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low); 4009 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi); 4010 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1); 4011 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2); 4012 device_printf(sc->sc_dev, "%08X | time gp3\n", table.gp3); 4013 device_printf(sc->sc_dev, "%08X | uCode version\n", table.ucode_ver); 4014 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver); 4015 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver); 4016 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd); 4017 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0); 4018 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1); 4019 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2); 4020 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3); 4021 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4); 4022 device_printf(sc->sc_dev, "%08X | isr_pref\n", table.isr_pref); 4023 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event); 4024 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control); 4025 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration); 4026 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid); 4027 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match); 4028 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel); 4029 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp); 4030 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler); 4031 } 4032 #endif 4033 4034 #define SYNC_RESP_STRUCT(_var_, _pkt_) \ 4035 do { \ 4036 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\ 4037 _var_ = (void *)((_pkt_)+1); \ 4038 } while (/*CONSTCOND*/0) 4039 4040 #define SYNC_RESP_PTR(_ptr_, _len_, _pkt_) \ 4041 do { \ 4042 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\ 4043 _ptr_ = (void *)((_pkt_)+1); \ 4044 } while (/*CONSTCOND*/0) 4045 4046 #define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT); 4047 4048 /* 4049 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt. 4050 * Basic structure from if_iwn 4051 */ 4052 static void 4053 iwm_notif_intr(struct iwm_softc *sc) 4054 { 4055 uint16_t hw; 4056 4057 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map, 4058 BUS_DMASYNC_POSTREAD); 4059 4060 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 4061 while (sc->rxq.cur != hw) { 4062 struct iwm_rx_ring *ring = &sc->rxq; 4063 struct iwm_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 4064 struct iwm_rx_packet *pkt; 4065 struct iwm_cmd_response *cresp; 4066 int qid, idx; 4067 4068 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 4069 BUS_DMASYNC_POSTREAD); 4070 pkt = mtod(data->m, struct iwm_rx_packet *); 4071 4072 qid = pkt->hdr.qid & ~0x80; 4073 idx = pkt->hdr.idx; 4074 4075 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 4076 "rx packet qid=%d idx=%d flags=%x type=%x %d %d\n", 4077 pkt->hdr.qid & ~0x80, pkt->hdr.idx, pkt->hdr.flags, 4078 pkt->hdr.code, sc->rxq.cur, hw); 4079 4080 /* 4081 * randomly get these from the firmware, no idea why. 4082 * they at least seem harmless, so just ignore them for now 4083 */ 4084 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0) 4085 || pkt->len_n_flags == htole32(0x55550000))) { 4086 ADVANCE_RXQ(sc); 4087 continue; 4088 } 4089 4090 switch (pkt->hdr.code) { 4091 case IWM_REPLY_RX_PHY_CMD: 4092 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data); 4093 break; 4094 4095 case IWM_REPLY_RX_MPDU_CMD: 4096 iwm_mvm_rx_rx_mpdu(sc, pkt, data); 4097 break; 4098 4099 case IWM_TX_CMD: 4100 iwm_mvm_rx_tx_cmd(sc, pkt, data); 4101 break; 4102 4103 case IWM_MISSED_BEACONS_NOTIFICATION: { 4104 struct iwm_missed_beacons_notif *resp; 4105 int missed; 4106 4107 /* XXX look at mac_id to determine interface ID */ 4108 struct ieee80211com *ic = &sc->sc_ic; 4109 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4110 4111 SYNC_RESP_STRUCT(resp, pkt); 4112 missed = le32toh(resp->consec_missed_beacons); 4113 4114 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE, 4115 "%s: MISSED_BEACON: mac_id=%d, " 4116 "consec_since_last_rx=%d, consec=%d, num_expect=%d " 4117 "num_rx=%d\n", 4118 __func__, 4119 le32toh(resp->mac_id), 4120 le32toh(resp->consec_missed_beacons_since_last_rx), 4121 le32toh(resp->consec_missed_beacons), 4122 le32toh(resp->num_expected_beacons), 4123 le32toh(resp->num_recvd_beacons)); 4124 4125 /* Be paranoid */ 4126 if (vap == NULL) 4127 break; 4128 4129 /* XXX no net80211 locking? */ 4130 if (vap->iv_state == IEEE80211_S_RUN && 4131 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 4132 if (missed > vap->iv_bmissthreshold) { 4133 /* XXX bad locking; turn into task */ 4134 IWM_UNLOCK(sc); 4135 ieee80211_beacon_miss(ic); 4136 IWM_LOCK(sc); 4137 } 4138 } 4139 4140 break; } 4141 4142 case IWM_MVM_ALIVE: { 4143 struct iwm_mvm_alive_resp *resp; 4144 SYNC_RESP_STRUCT(resp, pkt); 4145 4146 sc->sc_uc.uc_error_event_table 4147 = le32toh(resp->error_event_table_ptr); 4148 sc->sc_uc.uc_log_event_table 4149 = le32toh(resp->log_event_table_ptr); 4150 sc->sched_base = le32toh(resp->scd_base_ptr); 4151 sc->sc_uc.uc_ok = resp->status == IWM_ALIVE_STATUS_OK; 4152 4153 sc->sc_uc.uc_intr = 1; 4154 wakeup(&sc->sc_uc); 4155 break; } 4156 4157 case IWM_CALIB_RES_NOTIF_PHY_DB: { 4158 struct iwm_calib_res_notif_phy_db *phy_db_notif; 4159 SYNC_RESP_STRUCT(phy_db_notif, pkt); 4160 4161 iwm_phy_db_set_section(sc, phy_db_notif); 4162 4163 break; } 4164 4165 case IWM_STATISTICS_NOTIFICATION: { 4166 struct iwm_notif_statistics *stats; 4167 SYNC_RESP_STRUCT(stats, pkt); 4168 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 4169 sc->sc_noise = iwm_get_noise(&stats->rx.general); 4170 break; } 4171 4172 case IWM_NVM_ACCESS_CMD: 4173 if (sc->sc_wantresp == ((qid << 16) | idx)) { 4174 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 4175 BUS_DMASYNC_POSTREAD); 4176 memcpy(sc->sc_cmd_resp, 4177 pkt, sizeof(sc->sc_cmd_resp)); 4178 } 4179 break; 4180 4181 case IWM_PHY_CONFIGURATION_CMD: 4182 case IWM_TX_ANT_CONFIGURATION_CMD: 4183 case IWM_ADD_STA: 4184 case IWM_MAC_CONTEXT_CMD: 4185 case IWM_REPLY_SF_CFG_CMD: 4186 case IWM_POWER_TABLE_CMD: 4187 case IWM_PHY_CONTEXT_CMD: 4188 case IWM_BINDING_CONTEXT_CMD: 4189 case IWM_TIME_EVENT_CMD: 4190 case IWM_SCAN_REQUEST_CMD: 4191 case IWM_REPLY_BEACON_FILTERING_CMD: 4192 case IWM_MAC_PM_POWER_TABLE: 4193 case IWM_TIME_QUOTA_CMD: 4194 case IWM_REMOVE_STA: 4195 case IWM_TXPATH_FLUSH: 4196 case IWM_LQ_CMD: 4197 SYNC_RESP_STRUCT(cresp, pkt); 4198 if (sc->sc_wantresp == ((qid << 16) | idx)) { 4199 memcpy(sc->sc_cmd_resp, 4200 pkt, sizeof(*pkt)+sizeof(*cresp)); 4201 } 4202 break; 4203 4204 /* ignore */ 4205 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */ 4206 break; 4207 4208 case IWM_INIT_COMPLETE_NOTIF: 4209 sc->sc_init_complete = 1; 4210 wakeup(&sc->sc_init_complete); 4211 break; 4212 4213 case IWM_SCAN_COMPLETE_NOTIFICATION: { 4214 struct iwm_scan_complete_notif *notif; 4215 SYNC_RESP_STRUCT(notif, pkt); 4216 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task); 4217 break; } 4218 4219 case IWM_REPLY_ERROR: { 4220 struct iwm_error_resp *resp; 4221 SYNC_RESP_STRUCT(resp, pkt); 4222 4223 device_printf(sc->sc_dev, 4224 "firmware error 0x%x, cmd 0x%x\n", 4225 le32toh(resp->error_type), 4226 resp->cmd_id); 4227 break; } 4228 4229 case IWM_TIME_EVENT_NOTIFICATION: { 4230 struct iwm_time_event_notif *notif; 4231 SYNC_RESP_STRUCT(notif, pkt); 4232 4233 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 4234 "TE notif status = 0x%x action = 0x%x\n", 4235 notif->status, notif->action); 4236 break; } 4237 4238 case IWM_MCAST_FILTER_CMD: 4239 break; 4240 4241 default: 4242 device_printf(sc->sc_dev, 4243 "frame %d/%d %x UNHANDLED (this should " 4244 "not happen)\n", qid, idx, 4245 pkt->len_n_flags); 4246 break; 4247 } 4248 4249 /* 4250 * Why test bit 0x80? The Linux driver: 4251 * 4252 * There is one exception: uCode sets bit 15 when it 4253 * originates the response/notification, i.e. when the 4254 * response/notification is not a direct response to a 4255 * command sent by the driver. For example, uCode issues 4256 * IWM_REPLY_RX when it sends a received frame to the driver; 4257 * it is not a direct response to any driver command. 4258 * 4259 * Ok, so since when is 7 == 15? Well, the Linux driver 4260 * uses a slightly different format for pkt->hdr, and "qid" 4261 * is actually the upper byte of a two-byte field. 4262 */ 4263 if (!(pkt->hdr.qid & (1 << 7))) { 4264 iwm_cmd_done(sc, pkt); 4265 } 4266 4267 ADVANCE_RXQ(sc); 4268 } 4269 4270 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 4271 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 4272 4273 /* 4274 * Tell the firmware what we have processed. 4275 * Seems like the hardware gets upset unless we align 4276 * the write by 8?? 4277 */ 4278 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1; 4279 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7); 4280 } 4281 4282 static void 4283 iwm_intr(void *arg) 4284 { 4285 struct iwm_softc *sc = arg; 4286 int handled = 0; 4287 int r1, r2, rv = 0; 4288 int isperiodic = 0; 4289 4290 IWM_LOCK(sc); 4291 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 4292 4293 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 4294 uint32_t *ict = sc->ict_dma.vaddr; 4295 int tmp; 4296 4297 tmp = htole32(ict[sc->ict_cur]); 4298 if (!tmp) 4299 goto out_ena; 4300 4301 /* 4302 * ok, there was something. keep plowing until we have all. 4303 */ 4304 r1 = r2 = 0; 4305 while (tmp) { 4306 r1 |= tmp; 4307 ict[sc->ict_cur] = 0; 4308 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 4309 tmp = htole32(ict[sc->ict_cur]); 4310 } 4311 4312 /* this is where the fun begins. don't ask */ 4313 if (r1 == 0xffffffff) 4314 r1 = 0; 4315 4316 /* i am not expected to understand this */ 4317 if (r1 & 0xc0000) 4318 r1 |= 0x8000; 4319 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 4320 } else { 4321 r1 = IWM_READ(sc, IWM_CSR_INT); 4322 /* "hardware gone" (where, fishing?) */ 4323 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 4324 goto out; 4325 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 4326 } 4327 if (r1 == 0 && r2 == 0) { 4328 goto out_ena; 4329 } 4330 4331 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 4332 4333 /* ignored */ 4334 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/)); 4335 4336 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 4337 int i; 4338 struct ieee80211com *ic = &sc->sc_ic; 4339 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4340 4341 #ifdef IWM_DEBUG 4342 iwm_nic_error(sc); 4343 #endif 4344 /* Dump driver status (TX and RX rings) while we're here. */ 4345 device_printf(sc->sc_dev, "driver status:\n"); 4346 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) { 4347 struct iwm_tx_ring *ring = &sc->txq[i]; 4348 device_printf(sc->sc_dev, 4349 " tx ring %2d: qid=%-2d cur=%-3d " 4350 "queued=%-3d\n", 4351 i, ring->qid, ring->cur, ring->queued); 4352 } 4353 device_printf(sc->sc_dev, 4354 " rx ring: cur=%d\n", sc->rxq.cur); 4355 device_printf(sc->sc_dev, 4356 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state); 4357 4358 /* Don't stop the device; just do a VAP restart */ 4359 IWM_UNLOCK(sc); 4360 4361 if (vap == NULL) { 4362 printf("%s: null vap\n", __func__); 4363 return; 4364 } 4365 4366 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; " 4367 "restarting\n", __func__, vap->iv_state); 4368 4369 /* XXX TODO: turn this into a callout/taskqueue */ 4370 ieee80211_restart_all(ic); 4371 return; 4372 } 4373 4374 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 4375 handled |= IWM_CSR_INT_BIT_HW_ERR; 4376 device_printf(sc->sc_dev, "hardware error, stopping device\n"); 4377 iwm_stop(sc); 4378 rv = 1; 4379 goto out; 4380 } 4381 4382 /* firmware chunk loaded */ 4383 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 4384 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 4385 handled |= IWM_CSR_INT_BIT_FH_TX; 4386 sc->sc_fw_chunk_done = 1; 4387 wakeup(&sc->sc_fw); 4388 } 4389 4390 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 4391 handled |= IWM_CSR_INT_BIT_RF_KILL; 4392 if (iwm_check_rfkill(sc)) { 4393 device_printf(sc->sc_dev, 4394 "%s: rfkill switch, disabling interface\n", 4395 __func__); 4396 iwm_stop(sc); 4397 } 4398 } 4399 4400 /* 4401 * The Linux driver uses periodic interrupts to avoid races. 4402 * We cargo-cult like it's going out of fashion. 4403 */ 4404 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 4405 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 4406 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 4407 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0) 4408 IWM_WRITE_1(sc, 4409 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 4410 isperiodic = 1; 4411 } 4412 4413 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) { 4414 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 4415 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 4416 4417 iwm_notif_intr(sc); 4418 4419 /* enable periodic interrupt, see above */ 4420 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic) 4421 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 4422 IWM_CSR_INT_PERIODIC_ENA); 4423 } 4424 4425 if (__predict_false(r1 & ~handled)) 4426 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 4427 "%s: unhandled interrupts: %x\n", __func__, r1); 4428 rv = 1; 4429 4430 out_ena: 4431 iwm_restore_interrupts(sc); 4432 out: 4433 IWM_UNLOCK(sc); 4434 return; 4435 } 4436 4437 /* 4438 * Autoconf glue-sniffing 4439 */ 4440 #define PCI_VENDOR_INTEL 0x8086 4441 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 4442 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 4443 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 4444 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 4445 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 4446 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 4447 4448 static const struct iwm_devices { 4449 uint16_t device; 4450 const char *name; 4451 } iwm_devices[] = { 4452 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" }, 4453 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" }, 4454 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" }, 4455 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" }, 4456 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" }, 4457 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" }, 4458 }; 4459 4460 static int 4461 iwm_probe(device_t dev) 4462 { 4463 int i; 4464 4465 for (i = 0; i < nitems(iwm_devices); i++) 4466 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL && 4467 pci_get_device(dev) == iwm_devices[i].device) { 4468 device_set_desc(dev, iwm_devices[i].name); 4469 return (BUS_PROBE_DEFAULT); 4470 } 4471 4472 return (ENXIO); 4473 } 4474 4475 static int 4476 iwm_dev_check(device_t dev) 4477 { 4478 struct iwm_softc *sc; 4479 4480 sc = device_get_softc(dev); 4481 4482 switch (pci_get_device(dev)) { 4483 case PCI_PRODUCT_INTEL_WL_3160_1: 4484 case PCI_PRODUCT_INTEL_WL_3160_2: 4485 sc->sc_fwname = "iwm3160fw"; 4486 sc->host_interrupt_operation_mode = 1; 4487 return (0); 4488 case PCI_PRODUCT_INTEL_WL_7260_1: 4489 case PCI_PRODUCT_INTEL_WL_7260_2: 4490 sc->sc_fwname = "iwm7260fw"; 4491 sc->host_interrupt_operation_mode = 1; 4492 return (0); 4493 case PCI_PRODUCT_INTEL_WL_7265_1: 4494 case PCI_PRODUCT_INTEL_WL_7265_2: 4495 sc->sc_fwname = "iwm7265fw"; 4496 sc->host_interrupt_operation_mode = 0; 4497 return (0); 4498 default: 4499 device_printf(dev, "unknown adapter type\n"); 4500 return ENXIO; 4501 } 4502 } 4503 4504 static int 4505 iwm_pci_attach(device_t dev) 4506 { 4507 struct iwm_softc *sc; 4508 int count, error, rid; 4509 uint16_t reg; 4510 4511 sc = device_get_softc(dev); 4512 4513 /* Clear device-specific "PCI retry timeout" register (41h). */ 4514 reg = pci_read_config(dev, 0x40, sizeof(reg)); 4515 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg)); 4516 4517 /* Enable bus-mastering and hardware bug workaround. */ 4518 pci_enable_busmaster(dev); 4519 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg)); 4520 /* if !MSI */ 4521 if (reg & PCIM_STATUS_INTxSTATE) { 4522 reg &= ~PCIM_STATUS_INTxSTATE; 4523 } 4524 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg)); 4525 4526 rid = PCIR_BAR(0); 4527 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 4528 RF_ACTIVE); 4529 if (sc->sc_mem == NULL) { 4530 device_printf(sc->sc_dev, "can't map mem space\n"); 4531 return (ENXIO); 4532 } 4533 sc->sc_st = rman_get_bustag(sc->sc_mem); 4534 sc->sc_sh = rman_get_bushandle(sc->sc_mem); 4535 4536 /* Install interrupt handler. */ 4537 count = 1; 4538 rid = 0; 4539 if (pci_alloc_msi(dev, &count) == 0) 4540 rid = 1; 4541 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 4542 (rid != 0 ? 0 : RF_SHAREABLE)); 4543 if (sc->sc_irq == NULL) { 4544 device_printf(dev, "can't map interrupt\n"); 4545 return (ENXIO); 4546 } 4547 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE, 4548 NULL, iwm_intr, sc, &sc->sc_ih); 4549 if (sc->sc_ih == NULL) { 4550 device_printf(dev, "can't establish interrupt"); 4551 return (ENXIO); 4552 } 4553 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 4554 4555 return (0); 4556 } 4557 4558 static void 4559 iwm_pci_detach(device_t dev) 4560 { 4561 struct iwm_softc *sc = device_get_softc(dev); 4562 4563 if (sc->sc_irq != NULL) { 4564 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih); 4565 bus_release_resource(dev, SYS_RES_IRQ, 4566 rman_get_rid(sc->sc_irq), sc->sc_irq); 4567 pci_release_msi(dev); 4568 } 4569 if (sc->sc_mem != NULL) 4570 bus_release_resource(dev, SYS_RES_MEMORY, 4571 rman_get_rid(sc->sc_mem), sc->sc_mem); 4572 } 4573 4574 4575 4576 static int 4577 iwm_attach(device_t dev) 4578 { 4579 struct iwm_softc *sc = device_get_softc(dev); 4580 struct ieee80211com *ic = &sc->sc_ic; 4581 int error; 4582 int txq_i, i; 4583 4584 sc->sc_dev = dev; 4585 IWM_LOCK_INIT(sc); 4586 mbufq_init(&sc->sc_snd, ifqmaxlen); 4587 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0); 4588 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0); 4589 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc); 4590 sc->sc_tq = taskqueue_create("iwm_taskq", M_WAITOK, 4591 taskqueue_thread_enqueue, &sc->sc_tq); 4592 error = taskqueue_start_threads(&sc->sc_tq, 1, 0, "iwm_taskq"); 4593 if (error != 0) { 4594 device_printf(dev, "can't start threads, error %d\n", 4595 error); 4596 goto fail; 4597 } 4598 4599 /* PCI attach */ 4600 error = iwm_pci_attach(dev); 4601 if (error != 0) 4602 goto fail; 4603 4604 sc->sc_wantresp = -1; 4605 4606 /* Check device type */ 4607 error = iwm_dev_check(dev); 4608 if (error != 0) 4609 goto fail; 4610 4611 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 4612 4613 /* 4614 * We now start fiddling with the hardware 4615 */ 4616 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 4617 if (iwm_prepare_card_hw(sc) != 0) { 4618 device_printf(dev, "could not initialize hardware\n"); 4619 goto fail; 4620 } 4621 4622 /* Allocate DMA memory for firmware transfers. */ 4623 if ((error = iwm_alloc_fwmem(sc)) != 0) { 4624 device_printf(dev, "could not allocate memory for firmware\n"); 4625 goto fail; 4626 } 4627 4628 /* Allocate "Keep Warm" page. */ 4629 if ((error = iwm_alloc_kw(sc)) != 0) { 4630 device_printf(dev, "could not allocate keep warm page\n"); 4631 goto fail; 4632 } 4633 4634 /* We use ICT interrupts */ 4635 if ((error = iwm_alloc_ict(sc)) != 0) { 4636 device_printf(dev, "could not allocate ICT table\n"); 4637 goto fail; 4638 } 4639 4640 /* Allocate TX scheduler "rings". */ 4641 if ((error = iwm_alloc_sched(sc)) != 0) { 4642 device_printf(dev, "could not allocate TX scheduler rings\n"); 4643 goto fail; 4644 } 4645 4646 /* Allocate TX rings */ 4647 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 4648 if ((error = iwm_alloc_tx_ring(sc, 4649 &sc->txq[txq_i], txq_i)) != 0) { 4650 device_printf(dev, 4651 "could not allocate TX ring %d\n", 4652 txq_i); 4653 goto fail; 4654 } 4655 } 4656 4657 /* Allocate RX ring. */ 4658 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) { 4659 device_printf(dev, "could not allocate RX ring\n"); 4660 goto fail; 4661 } 4662 4663 /* Clear pending interrupts. */ 4664 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 4665 4666 ic->ic_softc = sc; 4667 ic->ic_name = device_get_nameunit(sc->sc_dev); 4668 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 4669 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 4670 4671 /* Set device capabilities. */ 4672 ic->ic_caps = 4673 IEEE80211_C_STA | 4674 IEEE80211_C_WPA | /* WPA/RSN */ 4675 IEEE80211_C_WME | 4676 IEEE80211_C_SHSLOT | /* short slot time supported */ 4677 IEEE80211_C_SHPREAMBLE /* short preamble supported */ 4678 // IEEE80211_C_BGSCAN /* capable of bg scanning */ 4679 ; 4680 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 4681 sc->sc_phyctxt[i].id = i; 4682 sc->sc_phyctxt[i].color = 0; 4683 sc->sc_phyctxt[i].ref = 0; 4684 sc->sc_phyctxt[i].channel = NULL; 4685 } 4686 4687 /* Max RSSI */ 4688 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 4689 sc->sc_preinit_hook.ich_func = iwm_preinit; 4690 sc->sc_preinit_hook.ich_arg = sc; 4691 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) { 4692 device_printf(dev, "config_intrhook_establish failed\n"); 4693 goto fail; 4694 } 4695 4696 #ifdef IWM_DEBUG 4697 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 4698 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug", 4699 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging"); 4700 #endif 4701 4702 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 4703 "<-%s\n", __func__); 4704 4705 return 0; 4706 4707 /* Free allocated memory if something failed during attachment. */ 4708 fail: 4709 iwm_detach_local(sc, 0); 4710 4711 return ENXIO; 4712 } 4713 4714 static int 4715 iwm_update_edca(struct ieee80211com *ic) 4716 { 4717 struct iwm_softc *sc = ic->ic_softc; 4718 4719 device_printf(sc->sc_dev, "%s: called\n", __func__); 4720 return (0); 4721 } 4722 4723 static void 4724 iwm_preinit(void *arg) 4725 { 4726 struct iwm_softc *sc = arg; 4727 device_t dev = sc->sc_dev; 4728 struct ieee80211com *ic = &sc->sc_ic; 4729 int error; 4730 4731 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 4732 "->%s\n", __func__); 4733 4734 IWM_LOCK(sc); 4735 if ((error = iwm_start_hw(sc)) != 0) { 4736 device_printf(dev, "could not initialize hardware\n"); 4737 IWM_UNLOCK(sc); 4738 goto fail; 4739 } 4740 4741 error = iwm_run_init_mvm_ucode(sc, 1); 4742 iwm_stop_device(sc); 4743 if (error) { 4744 IWM_UNLOCK(sc); 4745 goto fail; 4746 } 4747 device_printf(dev, 4748 "revision: 0x%x, firmware %d.%d (API ver. %d)\n", 4749 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 4750 IWM_UCODE_MAJOR(sc->sc_fwver), 4751 IWM_UCODE_MINOR(sc->sc_fwver), 4752 IWM_UCODE_API(sc->sc_fwver)); 4753 4754 /* not all hardware can do 5GHz band */ 4755 if (!sc->sc_nvm.sku_cap_band_52GHz_enable) 4756 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 4757 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 4758 IWM_UNLOCK(sc); 4759 4760 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 4761 ic->ic_channels); 4762 4763 /* 4764 * At this point we've committed - if we fail to do setup, 4765 * we now also have to tear down the net80211 state. 4766 */ 4767 ieee80211_ifattach(ic); 4768 ic->ic_vap_create = iwm_vap_create; 4769 ic->ic_vap_delete = iwm_vap_delete; 4770 ic->ic_raw_xmit = iwm_raw_xmit; 4771 ic->ic_node_alloc = iwm_node_alloc; 4772 ic->ic_scan_start = iwm_scan_start; 4773 ic->ic_scan_end = iwm_scan_end; 4774 ic->ic_update_mcast = iwm_update_mcast; 4775 ic->ic_getradiocaps = iwm_init_channel_map; 4776 ic->ic_set_channel = iwm_set_channel; 4777 ic->ic_scan_curchan = iwm_scan_curchan; 4778 ic->ic_scan_mindwell = iwm_scan_mindwell; 4779 ic->ic_wme.wme_update = iwm_update_edca; 4780 ic->ic_parent = iwm_parent; 4781 ic->ic_transmit = iwm_transmit; 4782 iwm_radiotap_attach(sc); 4783 if (bootverbose) 4784 ieee80211_announce(ic); 4785 4786 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 4787 "<-%s\n", __func__); 4788 config_intrhook_disestablish(&sc->sc_preinit_hook); 4789 4790 return; 4791 fail: 4792 config_intrhook_disestablish(&sc->sc_preinit_hook); 4793 iwm_detach_local(sc, 0); 4794 } 4795 4796 /* 4797 * Attach the interface to 802.11 radiotap. 4798 */ 4799 static void 4800 iwm_radiotap_attach(struct iwm_softc *sc) 4801 { 4802 struct ieee80211com *ic = &sc->sc_ic; 4803 4804 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 4805 "->%s begin\n", __func__); 4806 ieee80211_radiotap_attach(ic, 4807 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 4808 IWM_TX_RADIOTAP_PRESENT, 4809 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 4810 IWM_RX_RADIOTAP_PRESENT); 4811 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 4812 "->%s end\n", __func__); 4813 } 4814 4815 static struct ieee80211vap * 4816 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 4817 enum ieee80211_opmode opmode, int flags, 4818 const uint8_t bssid[IEEE80211_ADDR_LEN], 4819 const uint8_t mac[IEEE80211_ADDR_LEN]) 4820 { 4821 struct iwm_vap *ivp; 4822 struct ieee80211vap *vap; 4823 4824 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 4825 return NULL; 4826 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO); 4827 vap = &ivp->iv_vap; 4828 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 4829 vap->iv_bmissthreshold = 10; /* override default */ 4830 /* Override with driver methods. */ 4831 ivp->iv_newstate = vap->iv_newstate; 4832 vap->iv_newstate = iwm_newstate; 4833 4834 ieee80211_ratectl_init(vap); 4835 /* Complete setup. */ 4836 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status, 4837 mac); 4838 ic->ic_opmode = opmode; 4839 4840 return vap; 4841 } 4842 4843 static void 4844 iwm_vap_delete(struct ieee80211vap *vap) 4845 { 4846 struct iwm_vap *ivp = IWM_VAP(vap); 4847 4848 ieee80211_ratectl_deinit(vap); 4849 ieee80211_vap_detach(vap); 4850 free(ivp, M_80211_VAP); 4851 } 4852 4853 static void 4854 iwm_scan_start(struct ieee80211com *ic) 4855 { 4856 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4857 struct iwm_softc *sc = ic->ic_softc; 4858 int error; 4859 4860 if (sc->sc_scanband) 4861 return; 4862 IWM_LOCK(sc); 4863 error = iwm_mvm_scan_request(sc, IEEE80211_CHAN_2GHZ, 0, NULL, 0); 4864 if (error) { 4865 device_printf(sc->sc_dev, "could not initiate 2 GHz scan\n"); 4866 IWM_UNLOCK(sc); 4867 ieee80211_cancel_scan(vap); 4868 sc->sc_scanband = 0; 4869 } else { 4870 iwm_led_blink_start(sc); 4871 IWM_UNLOCK(sc); 4872 } 4873 } 4874 4875 static void 4876 iwm_scan_end(struct ieee80211com *ic) 4877 { 4878 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4879 struct iwm_softc *sc = ic->ic_softc; 4880 4881 IWM_LOCK(sc); 4882 iwm_led_blink_stop(sc); 4883 if (vap->iv_state == IEEE80211_S_RUN) 4884 iwm_mvm_led_enable(sc); 4885 IWM_UNLOCK(sc); 4886 } 4887 4888 static void 4889 iwm_update_mcast(struct ieee80211com *ic) 4890 { 4891 } 4892 4893 static void 4894 iwm_set_channel(struct ieee80211com *ic) 4895 { 4896 } 4897 4898 static void 4899 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 4900 { 4901 } 4902 4903 static void 4904 iwm_scan_mindwell(struct ieee80211_scan_state *ss) 4905 { 4906 return; 4907 } 4908 4909 void 4910 iwm_init_task(void *arg1) 4911 { 4912 struct iwm_softc *sc = arg1; 4913 4914 IWM_LOCK(sc); 4915 while (sc->sc_flags & IWM_FLAG_BUSY) 4916 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0); 4917 sc->sc_flags |= IWM_FLAG_BUSY; 4918 iwm_stop(sc); 4919 if (sc->sc_ic.ic_nrunning > 0) 4920 iwm_init(sc); 4921 sc->sc_flags &= ~IWM_FLAG_BUSY; 4922 wakeup(&sc->sc_flags); 4923 IWM_UNLOCK(sc); 4924 } 4925 4926 static int 4927 iwm_resume(device_t dev) 4928 { 4929 struct iwm_softc *sc = device_get_softc(dev); 4930 int do_reinit = 0; 4931 uint16_t reg; 4932 4933 /* Clear device-specific "PCI retry timeout" register (41h). */ 4934 reg = pci_read_config(dev, 0x40, sizeof(reg)); 4935 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg)); 4936 iwm_init_task(device_get_softc(dev)); 4937 4938 IWM_LOCK(sc); 4939 if (sc->sc_flags & IWM_FLAG_DORESUME) { 4940 sc->sc_flags &= ~IWM_FLAG_DORESUME; 4941 do_reinit = 1; 4942 } 4943 IWM_UNLOCK(sc); 4944 4945 if (do_reinit) 4946 ieee80211_resume_all(&sc->sc_ic); 4947 4948 return 0; 4949 } 4950 4951 static int 4952 iwm_suspend(device_t dev) 4953 { 4954 int do_stop = 0; 4955 struct iwm_softc *sc = device_get_softc(dev); 4956 4957 do_stop = !! (sc->sc_ic.ic_nrunning > 0); 4958 4959 ieee80211_suspend_all(&sc->sc_ic); 4960 4961 if (do_stop) { 4962 IWM_LOCK(sc); 4963 iwm_stop(sc); 4964 sc->sc_flags |= IWM_FLAG_DORESUME; 4965 IWM_UNLOCK(sc); 4966 } 4967 4968 return (0); 4969 } 4970 4971 static int 4972 iwm_detach_local(struct iwm_softc *sc, int do_net80211) 4973 { 4974 struct iwm_fw_info *fw = &sc->sc_fw; 4975 device_t dev = sc->sc_dev; 4976 int i; 4977 4978 if (sc->sc_tq) { 4979 taskqueue_drain_all(sc->sc_tq); 4980 taskqueue_free(sc->sc_tq); 4981 } 4982 callout_drain(&sc->sc_led_blink_to); 4983 callout_drain(&sc->sc_watchdog_to); 4984 iwm_stop_device(sc); 4985 if (do_net80211) 4986 ieee80211_ifdetach(&sc->sc_ic); 4987 4988 /* Free descriptor rings */ 4989 for (i = 0; i < nitems(sc->txq); i++) 4990 iwm_free_tx_ring(sc, &sc->txq[i]); 4991 4992 /* Free firmware */ 4993 if (fw->fw_fp != NULL) 4994 iwm_fw_info_free(fw); 4995 4996 /* Free scheduler */ 4997 iwm_free_sched(sc); 4998 if (sc->ict_dma.vaddr != NULL) 4999 iwm_free_ict(sc); 5000 if (sc->kw_dma.vaddr != NULL) 5001 iwm_free_kw(sc); 5002 if (sc->fw_dma.vaddr != NULL) 5003 iwm_free_fwmem(sc); 5004 5005 /* Finished with the hardware - detach things */ 5006 iwm_pci_detach(dev); 5007 5008 mbufq_drain(&sc->sc_snd); 5009 IWM_LOCK_DESTROY(sc); 5010 5011 return (0); 5012 } 5013 5014 static int 5015 iwm_detach(device_t dev) 5016 { 5017 struct iwm_softc *sc = device_get_softc(dev); 5018 5019 return (iwm_detach_local(sc, 1)); 5020 } 5021 5022 static device_method_t iwm_pci_methods[] = { 5023 /* Device interface */ 5024 DEVMETHOD(device_probe, iwm_probe), 5025 DEVMETHOD(device_attach, iwm_attach), 5026 DEVMETHOD(device_detach, iwm_detach), 5027 DEVMETHOD(device_suspend, iwm_suspend), 5028 DEVMETHOD(device_resume, iwm_resume), 5029 5030 DEVMETHOD_END 5031 }; 5032 5033 static driver_t iwm_pci_driver = { 5034 "iwm", 5035 iwm_pci_methods, 5036 sizeof (struct iwm_softc) 5037 }; 5038 5039 static devclass_t iwm_devclass; 5040 5041 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 5042 MODULE_DEPEND(iwm, firmware, 1, 1, 1); 5043 MODULE_DEPEND(iwm, pci, 1, 1, 1); 5044 MODULE_DEPEND(iwm, wlan, 1, 1, 1); 5045