xref: /illumos-gate/usr/src/uts/common/io/rtw/rtw.c (revision 51396a8ee7fb52fe0ab33bfe7b4f495ad431904a)
1 /*
2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2004 David Young.  All rights reserved.
8  *
9  * This code was written by David Young.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  * 3. Neither the name of the author nor the names of any co-contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY David Young ``AS IS'' AND ANY
24  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
25  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
26  * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL David
27  * Young BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
28  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
34  * OF SUCH DAMAGE.
35  */
36 #include <sys/sysmacros.h>
37 #include <sys/pci.h>
38 #include <sys/stat.h>
39 #include <sys/strsubr.h>
40 #include <sys/strsun.h>
41 #include <sys/mac_provider.h>
42 #include <sys/mac_wifi.h>
43 #include <sys/net80211.h>
44 #include <sys/byteorder.h>
45 #include "rtwreg.h"
46 #include "rtwvar.h"
47 #include "smc93cx6var.h"
48 #include "rtwphy.h"
49 #include "rtwphyio.h"
50 
51 /*
52  * PIO access attributes for registers
53  */
54 static ddi_device_acc_attr_t rtw_reg_accattr = {
55 	DDI_DEVICE_ATTR_V0,
56 	DDI_STRUCTURE_LE_ACC,
57 	DDI_STRICTORDER_ACC,
58 	DDI_DEFAULT_ACC
59 };
60 
61 /*
62  * DMA access attributes for descriptors and bufs: NOT to be byte swapped.
63  */
64 static ddi_device_acc_attr_t rtw_desc_accattr = {
65 	DDI_DEVICE_ATTR_V0,
66 	DDI_NEVERSWAP_ACC,
67 	DDI_STRICTORDER_ACC,
68 	DDI_DEFAULT_ACC
69 };
70 static ddi_device_acc_attr_t rtw_buf_accattr = {
71 	DDI_DEVICE_ATTR_V0,
72 	DDI_NEVERSWAP_ACC,
73 	DDI_STRICTORDER_ACC,
74 	DDI_DEFAULT_ACC
75 };
76 
77 /*
78  * Describes the chip's DMA engine
79  */
80 static ddi_dma_attr_t dma_attr_desc = {
81 	DMA_ATTR_V0,			/* dma_attr version */
82 	0x0000000000000000ull,		/* dma_attr_addr_lo */
83 	0xFFFFFFFF,			/* dma_attr_addr_hi */
84 	0x00000000FFFFFFFFull,		/* dma_attr_count_max */
85 	0x100,				/* dma_attr_align */
86 	0xFFFFFFFF,			/* dma_attr_burstsizes */
87 	0x00000001,			/* dma_attr_minxfer */
88 	0x00000000FFFFull,		/* dma_attr_maxxfer */
89 	0xFFFFFFFFFFFFFFFFull,		/* dma_attr_seg */
90 	1,				/* dma_attr_sgllen */
91 	1,				/* dma_attr_granular */
92 	0				/* dma_attr_flags */
93 };
94 
95 static ddi_dma_attr_t dma_attr_rxbuf = {
96 	DMA_ATTR_V0,			/* dma_attr version */
97 	0x0000000000000000ull,		/* dma_attr_addr_lo */
98 	0xFFFFFFFF,			/* dma_attr_addr_hi */
99 	0x00000000FFFFFFFFull,		/* dma_attr_count_max */
100 	(uint32_t)16,			/* dma_attr_align */
101 	0xFFFFFFFF,			/* dma_attr_burstsizes */
102 	0x00000001,			/* dma_attr_minxfer */
103 	0x00000000FFFFull,		/* dma_attr_maxxfer */
104 	0xFFFFFFFFFFFFFFFFull,		/* dma_attr_seg */
105 	1,				/* dma_attr_sgllen */
106 	1,				/* dma_attr_granular */
107 	0				/* dma_attr_flags */
108 };
109 
110 static ddi_dma_attr_t dma_attr_txbuf = {
111 	DMA_ATTR_V0,			/* dma_attr version */
112 	0x0000000000000000ull,		/* dma_attr_addr_lo */
113 	0xFFFFFFFF,			/* dma_attr_addr_hi */
114 	0x00000000FFFFFFFFull,		/* dma_attr_count_max */
115 	(uint32_t)16,			/* dma_attr_align */
116 	0xFFFFFFFF,			/* dma_attr_burstsizes */
117 	0x00000001,			/* dma_attr_minxfer */
118 	0x00000000FFFFull,		/* dma_attr_maxxfer */
119 	0xFFFFFFFFFFFFFFFFull,		/* dma_attr_seg */
120 	1,				/* dma_attr_sgllen */
121 	1,				/* dma_attr_granular */
122 	0				/* dma_attr_flags */
123 };
124 
125 
126 static void *rtw_soft_state_p = NULL;
127 
128 static void	rtw_stop(void *);
129 static int	rtw_attach(dev_info_t *, ddi_attach_cmd_t);
130 static int	rtw_detach(dev_info_t *, ddi_detach_cmd_t);
131 static int	rtw_quiesce(dev_info_t *);
132 static int	rtw_m_stat(void *,  uint_t, uint64_t *);
133 static int	rtw_m_start(void *);
134 static void	rtw_m_stop(void *);
135 static int	rtw_m_promisc(void *, boolean_t);
136 static int	rtw_m_multicst(void *, boolean_t, const uint8_t *);
137 static int	rtw_m_unicst(void *, const uint8_t *);
138 static mblk_t	*rtw_m_tx(void *, mblk_t *);
139 static void	rtw_m_ioctl(void *, queue_t *, mblk_t *);
140 static int	rtw_m_setprop(void *, const char *, mac_prop_id_t,
141     uint_t, const void *);
142 static int	rtw_m_getprop(void *, const char *, mac_prop_id_t,
143     uint_t, void *);
144 static void	rtw_m_propinfo(void *, const char *, mac_prop_id_t,
145     mac_prop_info_handle_t);
146 
147 static mac_callbacks_t rtw_m_callbacks = {
148 	MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO,
149 	rtw_m_stat,
150 	rtw_m_start,
151 	rtw_m_stop,
152 	rtw_m_promisc,
153 	rtw_m_multicst,
154 	rtw_m_unicst,
155 	rtw_m_tx,
156 	NULL,
157 	rtw_m_ioctl,
158 	NULL,		/* mc_getcapab */
159 	NULL,
160 	NULL,
161 	rtw_m_setprop,
162 	rtw_m_getprop,
163 	rtw_m_propinfo
164 };
165 
166 DDI_DEFINE_STREAM_OPS(rtw_dev_ops, nulldev, nulldev, rtw_attach, rtw_detach,
167     nodev, NULL, D_MP, NULL, rtw_quiesce);
168 
169 static struct modldrv rtw_modldrv = {
170 	&mod_driverops,		/* Type of module.  This one is a driver */
171 	"realtek 8180L driver 1.7",	/* short description */
172 	&rtw_dev_ops		/* driver specific ops */
173 };
174 
175 static struct modlinkage modlinkage = {
176 	MODREV_1, (void *)&rtw_modldrv, NULL
177 };
178 
179 static uint32_t rtw_qlen[RTW_NTXPRI] = {
180 	RTW_TXQLENLO,
181 	RTW_TXQLENMD,
182 	RTW_TXQLENHI,
183 	RTW_TXQLENBCN
184 };
185 
186 uint32_t rtw_dbg_flags = 0;
187 	/*
188 	 * RTW_DEBUG_ATTACH | RTW_DEBUG_TUNE |
189 	 * RTW_DEBUG_ACCESS | RTW_DEBUG_INIT | RTW_DEBUG_PKTFILT |
190 	 * RTW_DEBUG_RECV | RTW_DEBUG_XMIT | RTW_DEBUG_80211 | RTW_DEBUG_INTR |
191 	 * RTW_DEBUG_PKTDUMP;
192 	 */
193 
194 /*
195  * Supported rates for 802.11b modes (in 500Kbps unit).
196  */
197 static const struct ieee80211_rateset rtw_rateset_11b =
198 	{ 4, { 2, 4, 11, 22 } };
199 
200 int
201 _info(struct modinfo *modinfop)
202 {
203 	return (mod_info(&modlinkage, modinfop));
204 }
205 
206 int
207 _init(void)
208 {
209 	int status;
210 
211 	status = ddi_soft_state_init(&rtw_soft_state_p,
212 	    sizeof (rtw_softc_t), 1);
213 	if (status != 0)
214 		return (status);
215 
216 	mac_init_ops(&rtw_dev_ops, "rtw");
217 	status = mod_install(&modlinkage);
218 	if (status != 0) {
219 		mac_fini_ops(&rtw_dev_ops);
220 		ddi_soft_state_fini(&rtw_soft_state_p);
221 	}
222 	return (status);
223 }
224 
225 int
226 _fini(void)
227 {
228 	int status;
229 
230 	status = mod_remove(&modlinkage);
231 	if (status == 0) {
232 		mac_fini_ops(&rtw_dev_ops);
233 		ddi_soft_state_fini(&rtw_soft_state_p);
234 	}
235 	return (status);
236 }
237 
238 void
239 rtw_dbg(uint32_t dbg_flags, const int8_t *fmt, ...)
240 {
241 	va_list args;
242 
243 	if (dbg_flags & rtw_dbg_flags) {
244 		va_start(args, fmt);
245 		vcmn_err(CE_CONT, fmt, args);
246 		va_end(args);
247 	}
248 }
249 
250 #ifdef DEBUG
251 static void
252 rtw_print_regs(struct rtw_regs *regs, const char *dvname, const char *where)
253 {
254 #define	PRINTREG32(sc, reg)				\
255 	RTW_DPRINTF(RTW_DEBUG_REGDUMP,			\
256 	    "%s: reg[ " #reg " / %03x ] = %08x\n",	\
257 	    dvname, reg, RTW_READ(regs, reg))
258 
259 #define	PRINTREG16(sc, reg)				\
260 	RTW_DPRINTF(RTW_DEBUG_REGDUMP,			\
261 	    "%s: reg[ " #reg " / %03x ] = %04x\n",	\
262 	    dvname, reg, RTW_READ16(regs, reg))
263 
264 #define	PRINTREG8(sc, reg)				\
265 	RTW_DPRINTF(RTW_DEBUG_REGDUMP,			\
266 	    "%s: reg[ " #reg " / %03x ] = %02x\n",	\
267 	    dvname, reg, RTW_READ8(regs, reg))
268 
269 	RTW_DPRINTF(RTW_DEBUG_REGDUMP, "%s: %s\n", dvname, where);
270 
271 	PRINTREG32(regs, RTW_IDR0);
272 	PRINTREG32(regs, RTW_IDR1);
273 	PRINTREG32(regs, RTW_MAR0);
274 	PRINTREG32(regs, RTW_MAR1);
275 	PRINTREG32(regs, RTW_TSFTRL);
276 	PRINTREG32(regs, RTW_TSFTRH);
277 	PRINTREG32(regs, RTW_TLPDA);
278 	PRINTREG32(regs, RTW_TNPDA);
279 	PRINTREG32(regs, RTW_THPDA);
280 	PRINTREG32(regs, RTW_TCR);
281 	PRINTREG32(regs, RTW_RCR);
282 	PRINTREG32(regs, RTW_TINT);
283 	PRINTREG32(regs, RTW_TBDA);
284 	PRINTREG32(regs, RTW_ANAPARM);
285 	PRINTREG32(regs, RTW_BB);
286 	PRINTREG32(regs, RTW_PHYCFG);
287 	PRINTREG32(regs, RTW_WAKEUP0L);
288 	PRINTREG32(regs, RTW_WAKEUP0H);
289 	PRINTREG32(regs, RTW_WAKEUP1L);
290 	PRINTREG32(regs, RTW_WAKEUP1H);
291 	PRINTREG32(regs, RTW_WAKEUP2LL);
292 	PRINTREG32(regs, RTW_WAKEUP2LH);
293 	PRINTREG32(regs, RTW_WAKEUP2HL);
294 	PRINTREG32(regs, RTW_WAKEUP2HH);
295 	PRINTREG32(regs, RTW_WAKEUP3LL);
296 	PRINTREG32(regs, RTW_WAKEUP3LH);
297 	PRINTREG32(regs, RTW_WAKEUP3HL);
298 	PRINTREG32(regs, RTW_WAKEUP3HH);
299 	PRINTREG32(regs, RTW_WAKEUP4LL);
300 	PRINTREG32(regs, RTW_WAKEUP4LH);
301 	PRINTREG32(regs, RTW_WAKEUP4HL);
302 	PRINTREG32(regs, RTW_WAKEUP4HH);
303 	PRINTREG32(regs, RTW_DK0);
304 	PRINTREG32(regs, RTW_DK1);
305 	PRINTREG32(regs, RTW_DK2);
306 	PRINTREG32(regs, RTW_DK3);
307 	PRINTREG32(regs, RTW_RETRYCTR);
308 	PRINTREG32(regs, RTW_RDSAR);
309 	PRINTREG32(regs, RTW_FER);
310 	PRINTREG32(regs, RTW_FEMR);
311 	PRINTREG32(regs, RTW_FPSR);
312 	PRINTREG32(regs, RTW_FFER);
313 
314 	/* 16-bit registers */
315 	PRINTREG16(regs, RTW_BRSR);
316 	PRINTREG16(regs, RTW_IMR);
317 	PRINTREG16(regs, RTW_ISR);
318 	PRINTREG16(regs, RTW_BCNITV);
319 	PRINTREG16(regs, RTW_ATIMWND);
320 	PRINTREG16(regs, RTW_BINTRITV);
321 	PRINTREG16(regs, RTW_ATIMTRITV);
322 	PRINTREG16(regs, RTW_CRC16ERR);
323 	PRINTREG16(regs, RTW_CRC0);
324 	PRINTREG16(regs, RTW_CRC1);
325 	PRINTREG16(regs, RTW_CRC2);
326 	PRINTREG16(regs, RTW_CRC3);
327 	PRINTREG16(regs, RTW_CRC4);
328 	PRINTREG16(regs, RTW_CWR);
329 
330 	/* 8-bit registers */
331 	PRINTREG8(regs, RTW_CR);
332 	PRINTREG8(regs, RTW_9346CR);
333 	PRINTREG8(regs, RTW_CONFIG0);
334 	PRINTREG8(regs, RTW_CONFIG1);
335 	PRINTREG8(regs, RTW_CONFIG2);
336 	PRINTREG8(regs, RTW_MSR);
337 	PRINTREG8(regs, RTW_CONFIG3);
338 	PRINTREG8(regs, RTW_CONFIG4);
339 	PRINTREG8(regs, RTW_TESTR);
340 	PRINTREG8(regs, RTW_PSR);
341 	PRINTREG8(regs, RTW_SCR);
342 	PRINTREG8(regs, RTW_PHYDELAY);
343 	PRINTREG8(regs, RTW_CRCOUNT);
344 	PRINTREG8(regs, RTW_PHYADDR);
345 	PRINTREG8(regs, RTW_PHYDATAW);
346 	PRINTREG8(regs, RTW_PHYDATAR);
347 	PRINTREG8(regs, RTW_CONFIG5);
348 	PRINTREG8(regs, RTW_TPPOLL);
349 
350 	PRINTREG16(regs, RTW_BSSID16);
351 	PRINTREG32(regs, RTW_BSSID32);
352 #undef PRINTREG32
353 #undef PRINTREG16
354 #undef PRINTREG8
355 }
356 
357 #endif /* DEBUG */
358 static const char *
359 rtw_access_string(enum rtw_access access)
360 {
361 	switch (access) {
362 	case RTW_ACCESS_NONE:
363 		return ("none");
364 	case RTW_ACCESS_CONFIG:
365 		return ("config");
366 	case RTW_ACCESS_ANAPARM:
367 		return ("anaparm");
368 	default:
369 		return ("unknown");
370 	}
371 }
372 
373 /*
374  * Enable registers, switch register banks.
375  */
376 void
377 rtw_config0123_enable(struct rtw_regs *regs, int enable)
378 {
379 	uint8_t ecr;
380 	ecr = RTW_READ8(regs, RTW_9346CR);
381 	ecr &= ~(RTW_9346CR_EEM_MASK | RTW_9346CR_EECS | RTW_9346CR_EESK);
382 	if (enable)
383 		ecr |= RTW_9346CR_EEM_CONFIG;
384 	else {
385 		RTW_WBW(regs, RTW_9346CR, MAX(RTW_CONFIG0, RTW_CONFIG3));
386 		ecr |= RTW_9346CR_EEM_NORMAL;
387 	}
388 	RTW_WRITE8(regs, RTW_9346CR, ecr);
389 	RTW_SYNC(regs, RTW_9346CR, RTW_9346CR);
390 }
391 
392 /*
393  * requires rtw_config0123_enable(, 1)
394  */
395 void
396 rtw_anaparm_enable(struct rtw_regs *regs, int enable)
397 {
398 	uint8_t cfg3;
399 
400 	cfg3 = RTW_READ8(regs, RTW_CONFIG3);
401 	cfg3 |= RTW_CONFIG3_CLKRUNEN;
402 	if (enable)
403 		cfg3 |= RTW_CONFIG3_PARMEN;
404 	else
405 		cfg3 &= ~RTW_CONFIG3_PARMEN;
406 	RTW_WRITE8(regs, RTW_CONFIG3, cfg3);
407 	RTW_SYNC(regs, RTW_CONFIG3, RTW_CONFIG3);
408 }
409 
410 /*
411  * requires rtw_anaparm_enable(, 1)
412  */
413 void
414 rtw_txdac_enable(rtw_softc_t *rsc, int enable)
415 {
416 	uint32_t anaparm;
417 	struct rtw_regs *regs = &rsc->sc_regs;
418 
419 	anaparm = RTW_READ(regs, RTW_ANAPARM);
420 	if (enable)
421 		anaparm &= ~RTW_ANAPARM_TXDACOFF;
422 	else
423 		anaparm |= RTW_ANAPARM_TXDACOFF;
424 	RTW_WRITE(regs, RTW_ANAPARM, anaparm);
425 	RTW_SYNC(regs, RTW_ANAPARM, RTW_ANAPARM);
426 }
427 
428 static void
429 rtw_set_access1(struct rtw_regs *regs, enum rtw_access naccess)
430 {
431 	ASSERT(naccess >= RTW_ACCESS_NONE && naccess <= RTW_ACCESS_ANAPARM);
432 	ASSERT(regs->r_access >= RTW_ACCESS_NONE &&
433 	    regs->r_access <= RTW_ACCESS_ANAPARM);
434 
435 	if (naccess == regs->r_access)
436 		return;
437 
438 	switch (naccess) {
439 	case RTW_ACCESS_NONE:
440 		switch (regs->r_access) {
441 		case RTW_ACCESS_ANAPARM:
442 			rtw_anaparm_enable(regs, 0);
443 			/*FALLTHROUGH*/
444 		case RTW_ACCESS_CONFIG:
445 			rtw_config0123_enable(regs, 0);
446 			/*FALLTHROUGH*/
447 		case RTW_ACCESS_NONE:
448 			break;
449 		}
450 		break;
451 	case RTW_ACCESS_CONFIG:
452 		switch (regs->r_access) {
453 		case RTW_ACCESS_NONE:
454 			rtw_config0123_enable(regs, 1);
455 			/*FALLTHROUGH*/
456 		case RTW_ACCESS_CONFIG:
457 			break;
458 		case RTW_ACCESS_ANAPARM:
459 			rtw_anaparm_enable(regs, 0);
460 			break;
461 		}
462 		break;
463 	case RTW_ACCESS_ANAPARM:
464 		switch (regs->r_access) {
465 		case RTW_ACCESS_NONE:
466 			rtw_config0123_enable(regs, 1);
467 			/*FALLTHROUGH*/
468 		case RTW_ACCESS_CONFIG:
469 			rtw_anaparm_enable(regs, 1);
470 			/*FALLTHROUGH*/
471 		case RTW_ACCESS_ANAPARM:
472 			break;
473 		}
474 		break;
475 	}
476 }
477 
478 void
479 rtw_set_access(struct rtw_regs *regs, enum rtw_access access)
480 {
481 	rtw_set_access1(regs, access);
482 	RTW_DPRINTF(RTW_DEBUG_ACCESS,
483 	    "%s: access %s -> %s\n", __func__,
484 	    rtw_access_string(regs->r_access),
485 	    rtw_access_string(access));
486 	regs->r_access = access;
487 }
488 
489 
490 void
491 rtw_continuous_tx_enable(rtw_softc_t *rsc, int enable)
492 {
493 	struct rtw_regs *regs = &rsc->sc_regs;
494 
495 	uint32_t tcr;
496 	tcr = RTW_READ(regs, RTW_TCR);
497 	tcr &= ~RTW_TCR_LBK_MASK;
498 	if (enable)
499 		tcr |= RTW_TCR_LBK_CONT;
500 	else
501 		tcr |= RTW_TCR_LBK_NORMAL;
502 	RTW_WRITE(regs, RTW_TCR, tcr);
503 	RTW_SYNC(regs, RTW_TCR, RTW_TCR);
504 	rtw_set_access(regs, RTW_ACCESS_ANAPARM);
505 	rtw_txdac_enable(rsc, !enable);
506 	rtw_set_access(regs, RTW_ACCESS_ANAPARM);
507 	rtw_set_access(regs, RTW_ACCESS_NONE);
508 }
509 
510 static int
511 rtw_chip_reset1(struct rtw_regs *regs, const char *dvname)
512 {
513 	uint8_t cr;
514 	int i;
515 
516 	RTW_WRITE8(regs, RTW_CR, RTW_CR_RST);
517 
518 	RTW_WBR(regs, RTW_CR, RTW_CR);
519 
520 	for (i = 0; i < 1000; i++) {
521 		cr = RTW_READ8(regs, RTW_CR);
522 		if ((cr & RTW_CR_RST) == 0) {
523 			RTW_DPRINTF(RTW_DEBUG_RESET,
524 			    "%s: reset in %dus\n", dvname, i);
525 			return (0);
526 		}
527 		RTW_RBR(regs, RTW_CR, RTW_CR);
528 		DELAY(10); /* 10us */
529 	}
530 
531 	cmn_err(CE_WARN, "%s: reset failed\n", dvname);
532 	return (ETIMEDOUT);
533 }
534 
535 static int
536 rtw_chip_reset(struct rtw_regs *regs, const char *dvname)
537 {
538 	RTW_WBW(regs, RTW_CR, RTW_TCR);
539 	return (rtw_chip_reset1(regs, dvname));
540 }
541 
542 static void
543 rtw_disable_interrupts(struct rtw_regs *regs)
544 {
545 	RTW_WRITE16(regs, RTW_IMR, 0);
546 	RTW_WRITE16(regs, RTW_ISR, 0xffff);
547 	(void) RTW_READ16(regs, RTW_IMR);
548 }
549 
550 static void
551 rtw_enable_interrupts(rtw_softc_t *rsc)
552 {
553 	struct rtw_regs *regs = &rsc->sc_regs;
554 
555 	rsc->sc_inten = RTW_INTR_RX | RTW_INTR_TX | RTW_INTR_IOERROR;
556 
557 	RTW_WRITE16(regs, RTW_IMR, rsc->sc_inten);
558 	RTW_WRITE16(regs, RTW_ISR, 0xffff);
559 
560 	/* XXX necessary? */
561 	if (rsc->sc_intr_ack != NULL)
562 		(*rsc->sc_intr_ack)(regs);
563 }
564 
565 static int
566 rtw_recall_eeprom(struct rtw_regs *regs, const char *dvname)
567 {
568 	int i;
569 	uint8_t ecr;
570 
571 	ecr = RTW_READ8(regs, RTW_9346CR);
572 	ecr = (ecr & ~RTW_9346CR_EEM_MASK) | RTW_9346CR_EEM_AUTOLOAD;
573 	RTW_WRITE8(regs, RTW_9346CR, ecr);
574 
575 	RTW_WBR(regs, RTW_9346CR, RTW_9346CR);
576 
577 	/* wait 25ms for completion */
578 	for (i = 0; i < 250; i++) {
579 		ecr = RTW_READ8(regs, RTW_9346CR);
580 		if ((ecr & RTW_9346CR_EEM_MASK) == RTW_9346CR_EEM_NORMAL) {
581 			RTW_DPRINTF(RTW_DEBUG_RESET,
582 			    "%s: recall EEPROM in %dus\n", dvname, i * 100);
583 			return (0);
584 		}
585 		RTW_RBR(regs, RTW_9346CR, RTW_9346CR);
586 		DELAY(100);
587 	}
588 	cmn_err(CE_WARN, "%s: recall EEPROM failed\n", dvname);
589 	return (ETIMEDOUT);
590 }
591 
592 static int
593 rtw_reset(rtw_softc_t *rsc)
594 {
595 	int rc;
596 
597 	rc = rtw_chip_reset(&rsc->sc_regs, "rtw");
598 	if (rc != 0)
599 		return (rc);
600 
601 	(void) rtw_recall_eeprom(&rsc->sc_regs, "rtw");
602 	return (0);
603 }
604 
605 void
606 rtw_set_mode(struct rtw_regs *regs, int mode)
607 {
608 	uint8_t command;
609 	command = RTW_READ8(regs, RTW_9346CR);
610 	command = command &~ RTW_EPROM_CMD_OPERATING_MODE_MASK;
611 	command = command | (mode<<RTW_EPROM_CMD_OPERATING_MODE_SHIFT);
612 	command = command &~ (1<<RTW_EPROM_CS_SHIFT);
613 	command = command &~ (1<<RTW_EPROM_CK_SHIFT);
614 	RTW_WRITE8(regs, RTW_9346CR, command);
615 }
616 
617 void
618 rtw_dma_start(struct rtw_regs *regs, int priority)
619 {
620 	uint8_t check = 0;
621 
622 	check = RTW_READ8(regs, RTW_TPPOLL);
623 	switch (priority) {
624 	case (0):
625 		RTW_WRITE8(regs, RTW_TPPOLL,
626 		    (1<< RTW_TX_DMA_POLLING_LOWPRIORITY_SHIFT) | check);
627 		break;
628 	case (1):
629 		RTW_WRITE8(regs, RTW_TPPOLL,
630 		    (1<< RTW_TX_DMA_POLLING_NORMPRIORITY_SHIFT) | check);
631 		break;
632 	case (2):
633 		RTW_WRITE8(regs, RTW_TPPOLL,
634 		    (1<< RTW_TX_DMA_POLLING_HIPRIORITY_SHIFT) | check);
635 		break;
636 	}
637 	(void) RTW_READ8(regs, RTW_TPPOLL);
638 }
639 
640 void
641 rtw_beacon_tx_disable(struct rtw_regs *regs)
642 {
643 	uint8_t mask = 0;
644 	mask |= (1 << RTW_TX_DMA_STOP_BEACON_SHIFT);
645 	rtw_set_mode(regs, RTW_EPROM_CMD_CONFIG);
646 	RTW_WRITE8(regs, RTW_TPPOLL, mask);
647 	rtw_set_mode(regs, RTW_EPROM_CMD_NORMAL);
648 }
649 
650 static void
651 rtw_io_enable(rtw_softc_t *rsc, uint8_t flags, int enable);
652 
653 void
654 rtw_rtx_disable(rtw_softc_t *rsc)
655 {
656 	struct rtw_regs *regs = &rsc->sc_regs;
657 
658 	rtw_io_enable(rsc, RTW_CR_RE|RTW_CR_TE, 0);
659 	(void) RTW_READ8(regs, RTW_CR);
660 }
661 
662 static void
663 rtw_srom_free(struct rtw_srom *sr)
664 {
665 	if (sr->sr_content == NULL)
666 		return;
667 	kmem_free(sr->sr_content, sr->sr_size);
668 	sr->sr_size = 0;
669 	sr->sr_content = NULL;
670 }
671 
672 /*ARGSUSED*/
673 static void
674 rtw_srom_defaults(struct rtw_srom *sr, uint32_t *flags, uint8_t *cs_threshold,
675     enum rtw_rfchipid *rfchipid, uint32_t *rcr)
676 {
677 	*flags |= (RTW_F_DIGPHY|RTW_F_ANTDIV);
678 	*cs_threshold = RTW_SR_ENERGYDETTHR_DEFAULT;
679 	*rcr |= RTW_RCR_ENCS1;
680 	*rfchipid = RTW_RFCHIPID_PHILIPS;
681 }
682 
683 static int
684 rtw_srom_parse(struct rtw_srom *sr, uint32_t *flags, uint8_t *cs_threshold,
685     enum rtw_rfchipid *rfchipid, uint32_t *rcr, enum rtw_locale *locale,
686     const char *dvname)
687 {
688 	int i;
689 	const char *rfname, *paname;
690 	char scratch[sizeof ("unknown 0xXX")];
691 	uint16_t version;
692 	uint8_t mac[IEEE80211_ADDR_LEN];
693 
694 	*flags &= ~(RTW_F_DIGPHY|RTW_F_DFLANTB|RTW_F_ANTDIV);
695 	*rcr &= ~(RTW_RCR_ENCS1 | RTW_RCR_ENCS2);
696 
697 	version = RTW_SR_GET16(sr, RTW_SR_VERSION);
698 	RTW_DPRINTF(RTW_DEBUG_IOSTATE, "%s: SROM version %d.%d", dvname,
699 	    version >> 8, version & 0xff);
700 
701 	if (version <= 0x0101) {
702 		cmn_err(CE_NOTE, " is not understood, limping along "
703 		    "with defaults\n");
704 		rtw_srom_defaults(sr, flags, cs_threshold, rfchipid, rcr);
705 		return (0);
706 	}
707 
708 	for (i = 0; i < IEEE80211_ADDR_LEN; i++)
709 		mac[i] = RTW_SR_GET(sr, RTW_SR_MAC + i);
710 
711 	RTW_DPRINTF(RTW_DEBUG_ATTACH,
712 	    "%s: EEPROM MAC %s\n", dvname, mac);
713 
714 	*cs_threshold = RTW_SR_GET(sr, RTW_SR_ENERGYDETTHR);
715 
716 	if ((RTW_SR_GET(sr, RTW_SR_CONFIG2) & RTW_CONFIG2_ANT) != 0)
717 		*flags |= RTW_F_ANTDIV;
718 
719 	/*
720 	 * Note well: the sense of the RTW_SR_RFPARM_DIGPHY bit seems
721 	 * to be reversed.
722 	 */
723 	if ((RTW_SR_GET(sr, RTW_SR_RFPARM) & RTW_SR_RFPARM_DIGPHY) == 0)
724 		*flags |= RTW_F_DIGPHY;
725 	if ((RTW_SR_GET(sr, RTW_SR_RFPARM) & RTW_SR_RFPARM_DFLANTB) != 0)
726 		*flags |= RTW_F_DFLANTB;
727 
728 	*rcr |= LSHIFT(MASK_AND_RSHIFT(RTW_SR_GET(sr, RTW_SR_RFPARM),
729 	    RTW_SR_RFPARM_CS_MASK), RTW_RCR_ENCS1);
730 
731 	*rfchipid = RTW_SR_GET(sr, RTW_SR_RFCHIPID);
732 	switch (*rfchipid) {
733 	case RTW_RFCHIPID_GCT:		/* this combo seen in the wild */
734 		rfname = "GCT GRF5101";
735 		paname = "Winspring WS9901";
736 		break;
737 	case RTW_RFCHIPID_MAXIM:
738 		rfname = "Maxim MAX2820";	/* guess */
739 		paname = "Maxim MAX2422";	/* guess */
740 		break;
741 	case RTW_RFCHIPID_INTERSIL:
742 		rfname = "Intersil HFA3873";	/* guess */
743 		paname = "Intersil <unknown>";
744 		break;
745 	case RTW_RFCHIPID_PHILIPS:	/* this combo seen in the wild */
746 		rfname = "Philips SA2400A";
747 		paname = "Philips SA2411";
748 		break;
749 	case RTW_RFCHIPID_RFMD:
750 		/*
751 		 * this is the same front-end as an atw(4)!
752 		 */
753 		rfname = "RFMD RF2948B, "	/* mentioned in Realtek docs */
754 		    "LNA: RFMD RF2494, "	/* mentioned in Realtek docs */
755 		    "SYN: Silicon Labs Si4126";
756 		paname = "RFMD RF2189";		/* mentioned in Realtek docs */
757 		break;
758 	case RTW_RFCHIPID_RESERVED:
759 		rfname = paname = "reserved";
760 		break;
761 	default:
762 		(void) snprintf(scratch, sizeof (scratch),
763 		    "unknown 0x%02x", *rfchipid);
764 		rfname = paname = scratch;
765 	}
766 	RTW_DPRINTF(RTW_DEBUG_PHY, "%s: RF: %s, PA: %s\n",
767 	    dvname, rfname, paname);
768 
769 	switch (RTW_SR_GET(sr, RTW_SR_CONFIG0) & RTW_CONFIG0_GL_MASK) {
770 	case RTW_CONFIG0_GL_USA:
771 		*locale = RTW_LOCALE_USA;
772 		break;
773 	case RTW_CONFIG0_GL_EUROPE:
774 		*locale = RTW_LOCALE_EUROPE;
775 		break;
776 	case RTW_CONFIG0_GL_JAPAN:
777 		*locale = RTW_LOCALE_JAPAN;
778 		break;
779 	default:
780 		*locale = RTW_LOCALE_UNKNOWN;
781 		break;
782 	}
783 	return (0);
784 }
785 
786 /*
787  * Returns -1 on failure.
788  */
789 static int
790 rtw_srom_read(struct rtw_regs *regs, uint32_t flags, struct rtw_srom *sr,
791     const char *dvname)
792 {
793 	int rc;
794 	struct seeprom_descriptor sd;
795 	uint8_t ecr;
796 
797 	(void) memset(&sd, 0, sizeof (sd));
798 
799 	ecr = RTW_READ8(regs, RTW_9346CR);
800 
801 	if ((flags & RTW_F_9356SROM) != 0) {
802 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "%s: 93c56 SROM\n", dvname);
803 		sr->sr_size = 256;
804 		sd.sd_chip = C56_66;
805 	} else {
806 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "%s: 93c46 SROM\n", dvname);
807 		sr->sr_size = 128;
808 		sd.sd_chip = C46;
809 	}
810 
811 	ecr &= ~(RTW_9346CR_EEDI | RTW_9346CR_EEDO | RTW_9346CR_EESK |
812 	    RTW_9346CR_EEM_MASK | RTW_9346CR_EECS);
813 	ecr |= RTW_9346CR_EEM_PROGRAM;
814 
815 	RTW_WRITE8(regs, RTW_9346CR, ecr);
816 
817 	sr->sr_content = kmem_zalloc(sr->sr_size, KM_SLEEP);
818 
819 	if (sr->sr_content == NULL) {
820 		cmn_err(CE_WARN, "%s: unable to allocate SROM buffer\n",
821 		    dvname);
822 		return (ENOMEM);
823 	}
824 
825 	(void) memset(sr->sr_content, 0, sr->sr_size);
826 
827 	/*
828 	 * RTL8180 has a single 8-bit register for controlling the
829 	 * 93cx6 SROM.  There is no "ready" bit. The RTL8180
830 	 * input/output sense is the reverse of read_seeprom's.
831 	 */
832 	sd.sd_handle = regs->r_handle;
833 	sd.sd_base = regs->r_base;
834 	sd.sd_regsize = 1;
835 	sd.sd_control_offset = RTW_9346CR;
836 	sd.sd_status_offset = RTW_9346CR;
837 	sd.sd_dataout_offset = RTW_9346CR;
838 	sd.sd_CK = RTW_9346CR_EESK;
839 	sd.sd_CS = RTW_9346CR_EECS;
840 	sd.sd_DI = RTW_9346CR_EEDO;
841 	sd.sd_DO = RTW_9346CR_EEDI;
842 	/*
843 	 * make read_seeprom enter EEPROM read/write mode
844 	 */
845 	sd.sd_MS = ecr;
846 	sd.sd_RDY = 0;
847 
848 	/*
849 	 * TBD bus barriers
850 	 */
851 	if (!read_seeprom(&sd, sr->sr_content, 0, sr->sr_size/2)) {
852 		cmn_err(CE_WARN, "%s: could not read SROM\n", dvname);
853 		kmem_free(sr->sr_content, sr->sr_size);
854 		sr->sr_content = NULL;
855 		return (-1);	/* XXX */
856 	}
857 
858 	/*
859 	 * end EEPROM read/write mode
860 	 */
861 	RTW_WRITE8(regs, RTW_9346CR,
862 	    (ecr & ~RTW_9346CR_EEM_MASK) | RTW_9346CR_EEM_NORMAL);
863 	RTW_WBRW(regs, RTW_9346CR, RTW_9346CR);
864 
865 	if ((rc = rtw_recall_eeprom(regs, dvname)) != 0)
866 		return (rc);
867 
868 #ifdef SROM_DEBUG
869 	{
870 		int i;
871 		RTW_DPRINTF(RTW_DEBUG_ATTACH,
872 		    "\n%s: serial ROM:\n\t", dvname);
873 		for (i = 0; i < sr->sr_size/2; i++) {
874 			RTW_DPRINTF(RTW_DEBUG_ATTACH,
875 			    "offset-0x%x: %04x", 2*i, sr->sr_content[i]);
876 		}
877 	}
878 #endif /* DEBUG */
879 	return (0);
880 }
881 
882 static void
883 rtw_set_rfprog(struct rtw_regs *regs, enum rtw_rfchipid rfchipid,
884     const char *dvname)
885 {
886 	uint8_t cfg4;
887 	const char *method;
888 
889 	cfg4 = RTW_READ8(regs, RTW_CONFIG4) & ~RTW_CONFIG4_RFTYPE_MASK;
890 
891 	switch (rfchipid) {
892 	default:
893 		cfg4 |= LSHIFT(0, RTW_CONFIG4_RFTYPE_MASK);
894 		method = "fallback";
895 		break;
896 	case RTW_RFCHIPID_INTERSIL:
897 		cfg4 |= RTW_CONFIG4_RFTYPE_INTERSIL;
898 		method = "Intersil";
899 		break;
900 	case RTW_RFCHIPID_PHILIPS:
901 		cfg4 |= RTW_CONFIG4_RFTYPE_PHILIPS;
902 		method = "Philips";
903 		break;
904 	case RTW_RFCHIPID_GCT:	/* XXX a guess */
905 	case RTW_RFCHIPID_RFMD:
906 		cfg4 |= RTW_CONFIG4_RFTYPE_RFMD;
907 		method = "RFMD";
908 		break;
909 	}
910 
911 	RTW_WRITE8(regs, RTW_CONFIG4, cfg4);
912 
913 	RTW_WBR(regs, RTW_CONFIG4, RTW_CONFIG4);
914 
915 	RTW_DPRINTF(RTW_DEBUG_INIT,
916 	    "%s: %s RF programming method, %02x\n", dvname, method,
917 	    RTW_READ8(regs, RTW_CONFIG4));
918 }
919 
920 static void
921 rtw_init_channels(enum rtw_locale locale,
922     struct ieee80211_channel (*chans)[IEEE80211_CHAN_MAX+1],
923     const char *dvname)
924 {
925 	int i;
926 	const char *name = NULL;
927 #define	ADD_CHANNEL(_chans, _chan) {			\
928 	(*_chans)[_chan].ich_flags = IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK;\
929 	(*_chans)[_chan].ich_freq =				\
930 	    ieee80211_ieee2mhz(_chan, (*_chans)[_chan].ich_flags);\
931 }
932 
933 	switch (locale) {
934 	case RTW_LOCALE_USA:	/* 1-11 */
935 		name = "USA";
936 		for (i = 1; i <= 11; i++)
937 			ADD_CHANNEL(chans, i);
938 		break;
939 	case RTW_LOCALE_JAPAN:	/* 1-14 */
940 		name = "Japan";
941 		ADD_CHANNEL(chans, 14);
942 		for (i = 1; i <= 14; i++)
943 			ADD_CHANNEL(chans, i);
944 		break;
945 	case RTW_LOCALE_EUROPE:	/* 1-13 */
946 		name = "Europe";
947 		for (i = 1; i <= 13; i++)
948 			ADD_CHANNEL(chans, i);
949 		break;
950 	default:			/* 10-11 allowed by most countries */
951 		name = "<unknown>";
952 		for (i = 10; i <= 11; i++)
953 			ADD_CHANNEL(chans, i);
954 		break;
955 	}
956 	RTW_DPRINTF(RTW_DEBUG_ATTACH, "%s: Geographic Location %s\n",
957 	    dvname, name);
958 #undef ADD_CHANNEL
959 }
960 
961 static void
962 rtw_set80211props(struct ieee80211com *ic)
963 {
964 	ic->ic_phytype = IEEE80211_T_DS;
965 	ic->ic_opmode = IEEE80211_M_STA;
966 	ic->ic_caps = IEEE80211_C_PMGT | IEEE80211_C_IBSS |
967 	    IEEE80211_C_SHPREAMBLE;
968 	/* IEEE80211_C_HOSTAP | IEEE80211_C_MONITOR | IEEE80211_C_WEP */
969 
970 	ic->ic_sup_rates[IEEE80211_MODE_11B] = rtw_rateset_11b;
971 }
972 
973 /*ARGSUSED*/
974 static void
975 rtw_identify_country(struct rtw_regs *regs, enum rtw_locale *locale,
976     const char *dvname)
977 {
978 	uint8_t cfg0 = RTW_READ8(regs, RTW_CONFIG0);
979 
980 	switch (cfg0 & RTW_CONFIG0_GL_MASK) {
981 	case RTW_CONFIG0_GL_USA:
982 		*locale = RTW_LOCALE_USA;
983 		break;
984 	case RTW_CONFIG0_GL_JAPAN:
985 		*locale = RTW_LOCALE_JAPAN;
986 		break;
987 	case RTW_CONFIG0_GL_EUROPE:
988 		*locale = RTW_LOCALE_EUROPE;
989 		break;
990 	default:
991 		*locale = RTW_LOCALE_UNKNOWN;
992 		break;
993 	}
994 }
995 
996 static int
997 rtw_identify_sta(struct rtw_regs *regs, uint8_t *addr,
998     const char *dvname)
999 {
1000 	uint32_t idr0 = RTW_READ(regs, RTW_IDR0),
1001 	    idr1 = RTW_READ(regs, RTW_IDR1);
1002 
1003 	*addr = MASK_AND_RSHIFT(idr0, BITS(0,  7));
1004 	*(addr + 1) = MASK_AND_RSHIFT(idr0, BITS(8,  15));
1005 	*(addr + 2) = MASK_AND_RSHIFT(idr0, BITS(16, 23));
1006 	*(addr + 3) = MASK_AND_RSHIFT(idr0, BITS(24, 31));
1007 
1008 	*(addr + 4) = MASK_AND_RSHIFT(idr1, BITS(0,  7));
1009 	*(addr + 5) = MASK_AND_RSHIFT(idr1, BITS(8, 15));
1010 
1011 	RTW_DPRINTF(RTW_DEBUG_ATTACH,
1012 	    "%s: 802.11mac address %x:%x:%x:%x:%x:%x\n", dvname,
1013 	    *addr, *(addr+1), *(addr+2), *(addr+3), *(addr+4), *(addr+5));
1014 
1015 	return (0);
1016 }
1017 
1018 static uint8_t
1019 rtw_chan2txpower(struct rtw_srom *sr, struct ieee80211com *ic,
1020     struct ieee80211_channel *chan)
1021 {
1022 	uint32_t idx = RTW_SR_TXPOWER1 + ieee80211_chan2ieee(ic, chan) - 1;
1023 	return (RTW_SR_GET(sr, idx));
1024 }
1025 
1026 static void
1027 rtw_rxdesc_init(rtw_softc_t *rsc, struct rtw_rxbuf *rbf, int idx, int is_last)
1028 {
1029 	uint32_t ctl = 0;
1030 	uint8_t *buf = (uint8_t *)rbf->bf_dma.mem_va;
1031 
1032 	ASSERT(rbf != NULL);
1033 	rbf->rxdesc->rd_buf = (rbf->bf_dma.cookie.dmac_address);
1034 	bzero(buf, rbf->bf_dma.alength);
1035 	RTW_DMA_SYNC(rbf->bf_dma, DDI_DMA_SYNC_FORDEV);
1036 
1037 	ctl = (rbf->bf_dma.alength & 0xfff) | RTW_RXCTL_OWN;
1038 
1039 	if (is_last)
1040 		ctl |= RTW_RXCTL_EOR;
1041 
1042 	rbf->rxdesc->rd_ctl = (ctl);
1043 	/* sync the mbuf */
1044 
1045 	/* sync the descriptor */
1046 	RTW_DMA_SYNC_DESC(rsc->sc_desc_dma,
1047 	    RTW_DESC_OFFSET(hd_rx, idx),
1048 	    sizeof (struct rtw_rxdesc),
1049 	    DDI_DMA_SYNC_FORDEV);
1050 }
1051 
1052 static void
1053 rtw_idle(struct rtw_regs *regs)
1054 {
1055 	int active;
1056 
1057 	/* request stop DMA; wait for packets to stop transmitting. */
1058 
1059 	RTW_WRITE8(regs, RTW_TPPOLL, RTW_TPPOLL_SALL);
1060 
1061 	for (active = 0; active < 300 &&
1062 	    (RTW_READ8(regs, RTW_TPPOLL) & RTW_TPPOLL_ALL) != 0; active++)
1063 		drv_usecwait(10);
1064 }
1065 
1066 static void
1067 rtw_io_enable(rtw_softc_t *rsc, uint8_t flags, int enable)
1068 {
1069 	uint8_t cr;
1070 	struct rtw_regs *regs = &rsc->sc_regs;
1071 
1072 	RTW_DPRINTF(RTW_DEBUG_IOSTATE, "%s: %s 0x%02x\n", __func__,
1073 	    enable ? "enable" : "disable", flags);
1074 
1075 	cr = RTW_READ8(regs, RTW_CR);
1076 
1077 	/* The receive engine will always start at RDSAR.  */
1078 	if (enable && (flags & ~cr & RTW_CR_RE)) {
1079 		RTW_DMA_SYNC_DESC(rsc->sc_desc_dma,
1080 		    RTW_DESC_OFFSET(hd_rx, 0),
1081 		    sizeof (struct rtw_rxdesc),
1082 		    DDI_DMA_SYNC_FORCPU);
1083 		rsc->rx_next = 0;
1084 		rtw_rxdesc_init(rsc, rsc->rxbuf_h, 0, 0);
1085 	}
1086 
1087 	if (enable)
1088 		cr |= flags;
1089 	else
1090 		cr &= ~flags;
1091 	RTW_WRITE8(regs, RTW_CR, cr);
1092 	(void) RTW_READ8(regs, RTW_CR);
1093 }
1094 
1095 /*
1096  * Allocate an area of memory and a DMA handle for accessing it
1097  */
1098 static int
1099 rtw_alloc_dma_mem(dev_info_t *devinfo, ddi_dma_attr_t *dma_attr,
1100 	size_t memsize, ddi_device_acc_attr_t *attr_p, uint_t alloc_flags,
1101 	uint_t bind_flags, dma_area_t *dma_p)
1102 {
1103 	int err;
1104 
1105 	/*
1106 	 * Allocate handle
1107 	 */
1108 	err = ddi_dma_alloc_handle(devinfo, dma_attr,
1109 	    DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl);
1110 	if (err != DDI_SUCCESS)
1111 		return (DDI_FAILURE);
1112 
1113 	/*
1114 	 * Allocate memory
1115 	 */
1116 	err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, attr_p,
1117 	    alloc_flags, DDI_DMA_SLEEP, NULL, &dma_p->mem_va,
1118 	    &dma_p->alength, &dma_p->acc_hdl);
1119 	if (err != DDI_SUCCESS)
1120 		return (DDI_FAILURE);
1121 
1122 	/*
1123 	 * Bind the two together
1124 	 */
1125 	err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL,
1126 	    dma_p->mem_va, dma_p->alength, bind_flags,
1127 	    DDI_DMA_SLEEP, NULL, &dma_p->cookie, &dma_p->ncookies);
1128 	if ((dma_p->ncookies != 1) || (err != DDI_DMA_MAPPED))
1129 		return (DDI_FAILURE);
1130 
1131 	dma_p->nslots = ~0U;
1132 	dma_p->size = ~0U;
1133 	dma_p->token = ~0U;
1134 	dma_p->offset = 0;
1135 	return (DDI_SUCCESS);
1136 }
1137 
1138 /*
1139  * Free one allocated area of DMAable memory
1140  */
1141 static void
1142 rtw_free_dma_mem(dma_area_t *dma_p)
1143 {
1144 	if (dma_p->dma_hdl != NULL) {
1145 		(void) ddi_dma_unbind_handle(dma_p->dma_hdl);
1146 		if (dma_p->acc_hdl != NULL) {
1147 			ddi_dma_mem_free(&dma_p->acc_hdl);
1148 			dma_p->acc_hdl = NULL;
1149 		}
1150 		ddi_dma_free_handle(&dma_p->dma_hdl);
1151 		dma_p->ncookies = 0;
1152 		dma_p->dma_hdl = NULL;
1153 	}
1154 }
1155 
1156 static void
1157 rtw_dma_free(rtw_softc_t *rsc)
1158 {
1159 	struct rtw_txbuf *txbf;
1160 	struct rtw_rxbuf *rxbf;
1161 	int i, j;
1162 
1163 	/* Free TX DMA buffer */
1164 	for (i = 0; i < RTW_NTXPRI; i++) {
1165 		txbf = list_head(&rsc->sc_txq[i].tx_free_list);
1166 		while (txbf != NULL) {
1167 			rtw_free_dma_mem(&txbf->bf_dma);
1168 			list_remove(&rsc->sc_txq[i].tx_free_list, txbf);
1169 			txbf = list_head(&rsc->sc_txq[i].tx_free_list);
1170 		}
1171 		list_destroy(&rsc->sc_txq[i].tx_free_list);
1172 		txbf = list_head(&rsc->sc_txq[i].tx_dirty_list);
1173 		while (txbf != NULL) {
1174 			rtw_free_dma_mem(&txbf->bf_dma);
1175 			list_remove(&rsc->sc_txq[i].tx_dirty_list, txbf);
1176 			txbf = list_head(&rsc->sc_txq[i].tx_dirty_list);
1177 		}
1178 		list_destroy(&rsc->sc_txq[i].tx_dirty_list);
1179 
1180 		if (rsc->sc_txq[i].txbuf_h != NULL) {
1181 			kmem_free(rsc->sc_txq[i].txbuf_h,
1182 			    sizeof (struct rtw_txbuf) * rtw_qlen[i]);
1183 			rsc->sc_txq[i].txbuf_h = NULL;
1184 		}
1185 	}
1186 
1187 	/* Free RX DMA buffer */
1188 	rxbf = rsc->rxbuf_h;
1189 	for (j = 0; j < RTW_RXQLEN; j++) {
1190 		rtw_free_dma_mem(&rxbf->bf_dma);
1191 		rxbf++;
1192 	}
1193 
1194 	if (rsc->rxbuf_h != NULL) {
1195 		kmem_free(rsc->rxbuf_h,
1196 		    sizeof (struct rtw_rxbuf) * RTW_RXQLEN);
1197 		rsc->rxbuf_h = NULL;
1198 	}
1199 
1200 	rtw_free_dma_mem(&rsc->sc_desc_dma);
1201 }
1202 
1203 static int
1204 rtw_dma_init(dev_info_t *devinfo, rtw_softc_t *rsc)
1205 {
1206 	int i, j, err;
1207 	size_t size;
1208 	uint32_t buflen;
1209 	struct rtw_txdesc *txds;
1210 	struct rtw_rxdesc *rxds;
1211 	struct rtw_txbuf *txbf;
1212 	struct rtw_rxbuf *rxbf;
1213 	uint32_t phybaseaddr, ptx[RTW_NTXPRI], prx;
1214 	caddr_t virbaseaddr, vtx[RTW_NTXPRI], vrx;
1215 
1216 	/* DMA buffer size for each TX/RX packet */
1217 	rsc->sc_dmabuf_size = roundup(sizeof (struct ieee80211_frame) + 0x100 +
1218 	    IEEE80211_MTU + IEEE80211_CRC_LEN + sizeof (struct ieee80211_llc) +
1219 	    (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN +
1220 	    IEEE80211_WEP_CRCLEN), rsc->sc_cachelsz);
1221 	size = sizeof (struct rtw_descs);
1222 	err = rtw_alloc_dma_mem(devinfo, &dma_attr_desc, size,
1223 	    &rtw_desc_accattr,
1224 	    DDI_DMA_CONSISTENT, DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1225 	    &rsc->sc_desc_dma);
1226 	if (err != DDI_SUCCESS)
1227 		goto error;
1228 	phybaseaddr = rsc->sc_desc_dma.cookie.dmac_address;
1229 	virbaseaddr = rsc->sc_desc_dma.mem_va;
1230 	ptx[0] = RTW_RING_BASE(phybaseaddr, hd_txlo);
1231 	ptx[1] = RTW_RING_BASE(phybaseaddr, hd_txmd);
1232 	ptx[2] = RTW_RING_BASE(phybaseaddr, hd_txhi);
1233 	ptx[3] = RTW_RING_BASE(phybaseaddr, hd_bcn);
1234 	vtx[0] = (caddr_t)(RTW_RING_BASE(virbaseaddr, hd_txlo));
1235 	vtx[1] = (caddr_t)(RTW_RING_BASE(virbaseaddr, hd_txmd));
1236 	vtx[2] = (caddr_t)(RTW_RING_BASE(virbaseaddr, hd_txhi));
1237 	vtx[3] = (caddr_t)(RTW_RING_BASE(virbaseaddr, hd_bcn));
1238 	for (i = 0; i < RTW_NTXPRI; i++) {
1239 		RTW_DPRINTF(RTW_DEBUG_DMA, "p[%d]=%x, v[%d]=%x", i, ptx[i],
1240 		    i, vtx[i]);
1241 		RTW_DPRINTF(RTW_DEBUG_DMA, "ring%d:", i);
1242 		list_create(&rsc->sc_txq[i].tx_free_list,
1243 		    sizeof (struct rtw_txbuf),
1244 		    offsetof(struct rtw_txbuf, bf_node));
1245 		list_create(&rsc->sc_txq[i].tx_dirty_list,
1246 		    sizeof (struct rtw_txbuf),
1247 		    offsetof(struct rtw_txbuf, bf_node));
1248 		/* virtual address of the first descriptor */
1249 		rsc->sc_txq[i].txdesc_h =
1250 		    (struct rtw_txdesc *)(uintptr_t)vtx[i];
1251 
1252 		txds = rsc->sc_txq[i].txdesc_h;
1253 		/* allocate data structures to describe TX DMA buffers */
1254 		buflen = sizeof (struct rtw_txbuf) * rtw_qlen[i];
1255 		txbf = (struct rtw_txbuf *)kmem_zalloc(buflen, KM_SLEEP);
1256 		rsc->sc_txq[i].txbuf_h = txbf;
1257 		for (j = 0; j < rtw_qlen[i]; j++, txbf++, txds++) {
1258 			txbf->txdesc = txds;
1259 			txbf->bf_daddr = ptx[i] + ((uintptr_t)txds -
1260 			    (uintptr_t)rsc->sc_txq[i].txdesc_h);
1261 			list_insert_tail(&rsc->sc_txq[i].tx_free_list, txbf);
1262 
1263 			/* alloc DMA memory */
1264 			err = rtw_alloc_dma_mem(devinfo, &dma_attr_txbuf,
1265 			    rsc->sc_dmabuf_size,
1266 			    &rtw_buf_accattr,
1267 			    DDI_DMA_STREAMING,
1268 			    DDI_DMA_WRITE | DDI_DMA_STREAMING,
1269 			    &txbf->bf_dma);
1270 			if (err != DDI_SUCCESS)
1271 				goto error;
1272 			RTW_DPRINTF(RTW_DEBUG_DMA, "pbufaddr[%d]=%x",
1273 			    j, txbf->bf_dma.cookie.dmac_address);
1274 		}
1275 	}
1276 	prx = RTW_RING_BASE(phybaseaddr, hd_rx);
1277 	vrx = (caddr_t)(RTW_RING_BASE(virbaseaddr, hd_rx));
1278 	/* virtual address of the first descriptor */
1279 	rsc->rxdesc_h = (struct rtw_rxdesc *)(uintptr_t)vrx;
1280 	rxds = rsc->rxdesc_h;
1281 
1282 	/* allocate data structures to describe RX DMA buffers */
1283 	buflen = sizeof (struct rtw_rxbuf) * RTW_RXQLEN;
1284 	rxbf = (struct rtw_rxbuf *)kmem_zalloc(buflen, KM_SLEEP);
1285 	rsc->rxbuf_h = rxbf;
1286 
1287 	for (j = 0; j < RTW_RXQLEN; j++, rxbf++, rxds++) {
1288 		rxbf->rxdesc = rxds;
1289 		rxbf->bf_daddr =
1290 		    prx + ((uintptr_t)rxds - (uintptr_t)rsc->rxdesc_h);
1291 
1292 		/* alloc DMA memory */
1293 		err = rtw_alloc_dma_mem(devinfo, &dma_attr_rxbuf,
1294 		    rsc->sc_dmabuf_size,
1295 		    &rtw_buf_accattr,
1296 		    DDI_DMA_STREAMING, DDI_DMA_READ | DDI_DMA_STREAMING,
1297 		    &rxbf->bf_dma);
1298 		if (err != DDI_SUCCESS)
1299 			goto error;
1300 	}
1301 
1302 	return (DDI_SUCCESS);
1303 error:
1304 	return (DDI_FAILURE);
1305 }
1306 
1307 static void
1308 rtw_hwring_setup(rtw_softc_t *rsc)
1309 {
1310 	struct rtw_regs *regs = &rsc->sc_regs;
1311 	uint32_t phybaseaddr;
1312 
1313 	phybaseaddr = rsc->sc_desc_dma.cookie.dmac_address;
1314 
1315 	RTW_WRITE(regs, RTW_RDSAR, RTW_RING_BASE(phybaseaddr, hd_rx));
1316 	RTW_WRITE(regs, RTW_TLPDA, RTW_RING_BASE(phybaseaddr, hd_txlo));
1317 	RTW_WRITE(regs, RTW_TNPDA, RTW_RING_BASE(phybaseaddr, hd_txmd));
1318 	RTW_WRITE(regs, RTW_THPDA, RTW_RING_BASE(phybaseaddr, hd_txhi));
1319 	RTW_WRITE(regs, RTW_TBDA, RTW_RING_BASE(phybaseaddr, hd_bcn));
1320 	rsc->hw_start = RTW_READ(regs, RTW_TNPDA);
1321 	rsc->hw_go = RTW_READ(regs, RTW_TNPDA);
1322 }
1323 
1324 static void
1325 rtw_swring_setup(rtw_softc_t *rsc, int flag)
1326 {
1327 	int i, j;
1328 	int is_last;
1329 	struct rtw_txbuf *txbf;
1330 	struct rtw_rxbuf *rxbf;
1331 	uint32_t phybaseaddr, ptx[RTW_NTXPRI], baddr_desc, taddr_desc;
1332 
1333 	phybaseaddr = rsc->sc_desc_dma.cookie.dmac_address;
1334 	ptx[0] = RTW_RING_BASE(phybaseaddr, hd_txlo);
1335 	ptx[1] = RTW_RING_BASE(phybaseaddr, hd_txmd);
1336 	ptx[2] = RTW_RING_BASE(phybaseaddr, hd_txhi);
1337 	ptx[3] = RTW_RING_BASE(phybaseaddr, hd_bcn);
1338 	RTW_DMA_SYNC(rsc->sc_desc_dma, DDI_DMA_SYNC_FORDEV);
1339 	/* sync tx desc and tx buf */
1340 	for (i = 0; i < RTW_NTXPRI; i++) {
1341 		rsc->sc_txq[i].tx_prod = rsc->sc_txq[i].tx_cons = 0;
1342 		rsc->sc_txq[i].tx_nfree = rtw_qlen[i];
1343 		txbf = list_head(&rsc->sc_txq[i].tx_free_list);
1344 		while (txbf != NULL) {
1345 			list_remove(&rsc->sc_txq[i].tx_free_list, txbf);
1346 			txbf = list_head(&rsc->sc_txq[i].tx_free_list);
1347 		}
1348 		txbf = list_head(&rsc->sc_txq[i].tx_dirty_list);
1349 		while (txbf != NULL) {
1350 			list_remove(&rsc->sc_txq[i].tx_dirty_list, txbf);
1351 			txbf = list_head(&rsc->sc_txq[i].tx_dirty_list);
1352 		}
1353 		txbf = rsc->sc_txq[i].txbuf_h;
1354 		baddr_desc = ptx[i];
1355 		taddr_desc = baddr_desc + sizeof (struct rtw_txdesc);
1356 		for (j = 0; j < rtw_qlen[i]; j++) {
1357 			list_insert_tail(&rsc->sc_txq[i].tx_free_list, txbf);
1358 			if (j == (rtw_qlen[i] - 1)) {
1359 				is_last = 1;
1360 			} else {
1361 				is_last = 0;
1362 			}
1363 
1364 			if (is_last) {
1365 				txbf->txdesc->td_next = baddr_desc;
1366 			} else {
1367 				txbf->txdesc->td_next = taddr_desc;
1368 			}
1369 			txbf->next_bf_daddr = txbf->txdesc->td_next;
1370 			RTW_DMA_SYNC(txbf->bf_dma, DDI_DMA_SYNC_FORDEV);
1371 			txbf->order = j;
1372 			txbf++;
1373 			taddr_desc += sizeof (struct rtw_txdesc);
1374 		}
1375 	}
1376 	if (!flag)
1377 		return;
1378 
1379 	/* sync rx desc and rx buf */
1380 	rsc->rx_next = 0;
1381 	rxbf = rsc->rxbuf_h;
1382 	for (j = 0; j < RTW_RXQLEN; j++) {
1383 		RTW_DMA_SYNC(rxbf->bf_dma, DDI_DMA_SYNC_FORCPU);
1384 		if (j == (RTW_RXQLEN - 1))
1385 			is_last = 1;
1386 		else
1387 			is_last = 0;
1388 		rtw_rxdesc_init(rsc, rxbf, j, is_last);
1389 		rxbf++;
1390 	}
1391 }
1392 
1393 static void
1394 rtw_resume_ticks(rtw_softc_t *rsc)
1395 {
1396 	RTW_WRITE(&rsc->sc_regs, RTW_TINT, 0xffffffff);
1397 }
1398 
1399 const char *
1400 rtw_pwrstate_string(enum rtw_pwrstate power)
1401 {
1402 	switch (power) {
1403 	case RTW_ON:
1404 		return ("on");
1405 	case RTW_SLEEP:
1406 		return ("sleep");
1407 	case RTW_OFF:
1408 		return ("off");
1409 	default:
1410 		return ("unknown");
1411 	}
1412 }
1413 
1414 /*
1415  * XXX For Maxim, I am using the RFMD settings gleaned from the
1416  * reference driver, plus a magic Maxim "ON" value that comes from
1417  * the Realtek document "Windows PG for Rtl8180."
1418  */
1419 /*ARGSUSED*/
1420 static void
1421 rtw_maxim_pwrstate(struct rtw_regs *regs, enum rtw_pwrstate power,
1422     int before_rf, int digphy)
1423 {
1424 	uint32_t anaparm;
1425 
1426 	anaparm = RTW_READ(regs, RTW_ANAPARM);
1427 	anaparm &= ~(RTW_ANAPARM_RFPOW_MASK | RTW_ANAPARM_TXDACOFF);
1428 
1429 	switch (power) {
1430 	case RTW_OFF:
1431 		if (before_rf)
1432 			return;
1433 		anaparm |= RTW_ANAPARM_RFPOW_MAXIM_OFF;
1434 		anaparm |= RTW_ANAPARM_TXDACOFF;
1435 		break;
1436 	case RTW_SLEEP:
1437 		if (!before_rf)
1438 			return;
1439 		anaparm |= RTW_ANAPARM_RFPOW_MAXIM_SLEEP;
1440 		anaparm |= RTW_ANAPARM_TXDACOFF;
1441 		break;
1442 	case RTW_ON:
1443 		if (!before_rf)
1444 			return;
1445 		anaparm |= RTW_ANAPARM_RFPOW_MAXIM_ON;
1446 		break;
1447 	}
1448 	RTW_DPRINTF(RTW_DEBUG_PWR,
1449 	    "%s: power state %s, %s RF, reg[ANAPARM] <- %08x\n",
1450 	    __func__, rtw_pwrstate_string(power),
1451 	    (before_rf) ? "before" : "after", anaparm);
1452 
1453 	RTW_WRITE(regs, RTW_ANAPARM, anaparm);
1454 	RTW_SYNC(regs, RTW_ANAPARM, RTW_ANAPARM);
1455 }
1456 
1457 /*
1458  * XXX I am using the RFMD settings gleaned from the reference
1459  * driver.  They agree
1460  */
1461 /*ARGSUSED*/
1462 static void
1463 rtw_rfmd_pwrstate(struct rtw_regs *regs, enum rtw_pwrstate power,
1464     int before_rf, int digphy)
1465 {
1466 	uint32_t anaparm;
1467 
1468 	anaparm = RTW_READ(regs, RTW_ANAPARM);
1469 	anaparm &= ~(RTW_ANAPARM_RFPOW_MASK | RTW_ANAPARM_TXDACOFF);
1470 
1471 	switch (power) {
1472 	case RTW_OFF:
1473 		if (before_rf)
1474 			return;
1475 		anaparm |= RTW_ANAPARM_RFPOW_RFMD_OFF;
1476 		anaparm |= RTW_ANAPARM_TXDACOFF;
1477 		break;
1478 	case RTW_SLEEP:
1479 		if (!before_rf)
1480 			return;
1481 		anaparm |= RTW_ANAPARM_RFPOW_RFMD_SLEEP;
1482 		anaparm |= RTW_ANAPARM_TXDACOFF;
1483 		break;
1484 	case RTW_ON:
1485 		if (!before_rf)
1486 			return;
1487 		anaparm |= RTW_ANAPARM_RFPOW_RFMD_ON;
1488 		break;
1489 	}
1490 	RTW_DPRINTF(RTW_DEBUG_PWR,
1491 	    "%s: power state %s, %s RF, reg[ANAPARM] <- %08x\n",
1492 	    __func__, rtw_pwrstate_string(power),
1493 	    (before_rf) ? "before" : "after", anaparm);
1494 
1495 	RTW_WRITE(regs, RTW_ANAPARM, anaparm);
1496 	RTW_SYNC(regs, RTW_ANAPARM, RTW_ANAPARM);
1497 }
1498 
1499 static void
1500 rtw_philips_pwrstate(struct rtw_regs *regs, enum rtw_pwrstate power,
1501     int before_rf, int digphy)
1502 {
1503 	uint32_t anaparm;
1504 
1505 	anaparm = RTW_READ(regs, RTW_ANAPARM);
1506 	anaparm &= ~(RTW_ANAPARM_RFPOW_MASK | RTW_ANAPARM_TXDACOFF);
1507 
1508 	switch (power) {
1509 	case RTW_OFF:
1510 		if (before_rf)
1511 			return;
1512 		anaparm |= RTW_ANAPARM_RFPOW_PHILIPS_OFF;
1513 		anaparm |= RTW_ANAPARM_TXDACOFF;
1514 		break;
1515 	case RTW_SLEEP:
1516 		if (!before_rf)
1517 			return;
1518 		anaparm |= RTW_ANAPARM_RFPOW_PHILIPS_SLEEP;
1519 		anaparm |= RTW_ANAPARM_TXDACOFF;
1520 		break;
1521 	case RTW_ON:
1522 		if (!before_rf)
1523 			return;
1524 		if (digphy) {
1525 			anaparm |= RTW_ANAPARM_RFPOW_DIG_PHILIPS_ON;
1526 			/* XXX guess */
1527 			anaparm |= RTW_ANAPARM_TXDACOFF;
1528 		} else
1529 			anaparm |= RTW_ANAPARM_RFPOW_ANA_PHILIPS_ON;
1530 		break;
1531 	}
1532 	RTW_DPRINTF(RTW_DEBUG_PWR,
1533 	    "%s: power state %s, %s RF, reg[ANAPARM] <- %08x\n",
1534 	    __func__, rtw_pwrstate_string(power),
1535 	    (before_rf) ? "before" : "after", anaparm);
1536 
1537 	RTW_WRITE(regs, RTW_ANAPARM, anaparm);
1538 	RTW_SYNC(regs, RTW_ANAPARM, RTW_ANAPARM);
1539 }
1540 
1541 static void
1542 rtw_pwrstate0(rtw_softc_t *rsc, enum rtw_pwrstate power, int before_rf,
1543     int digphy)
1544 {
1545 	struct rtw_regs *regs = &rsc->sc_regs;
1546 
1547 	rtw_set_access(regs, RTW_ACCESS_ANAPARM);
1548 
1549 	(*rsc->sc_pwrstate_cb)(regs, power, before_rf, digphy);
1550 
1551 	rtw_set_access(regs, RTW_ACCESS_NONE);
1552 }
1553 
1554 static void
1555 rtw_rf_destroy(struct rtw_rf *rf)
1556 {
1557 	(*rf->rf_destroy)(rf);
1558 }
1559 
1560 static int
1561 rtw_rf_pwrstate(struct rtw_rf *rf, enum rtw_pwrstate power)
1562 {
1563 	return (*rf->rf_pwrstate)(rf, power);
1564 }
1565 
1566 static int
1567 rtw_pwrstate(rtw_softc_t *rsc, enum rtw_pwrstate power)
1568 {
1569 	int rc;
1570 
1571 	RTW_DPRINTF(RTW_DEBUG_PWR,
1572 	    "%s: %s->%s\n", __func__,
1573 	    rtw_pwrstate_string(rsc->sc_pwrstate), rtw_pwrstate_string(power));
1574 
1575 	if (rsc->sc_pwrstate == power)
1576 		return (0);
1577 
1578 	rtw_pwrstate0(rsc, power, 1, rsc->sc_flags & RTW_F_DIGPHY);
1579 	rc = rtw_rf_pwrstate(rsc->sc_rf, power);
1580 	rtw_pwrstate0(rsc, power, 0, rsc->sc_flags & RTW_F_DIGPHY);
1581 
1582 	switch (power) {
1583 	case RTW_ON:
1584 		/* TBD set LEDs */
1585 		break;
1586 	case RTW_SLEEP:
1587 		/* TBD */
1588 		break;
1589 	case RTW_OFF:
1590 		/* TBD */
1591 		break;
1592 	}
1593 	if (rc == 0)
1594 		rsc->sc_pwrstate = power;
1595 	else
1596 		rsc->sc_pwrstate = RTW_OFF;
1597 	return (rc);
1598 }
1599 
1600 void
1601 rtw_disable(rtw_softc_t *rsc)
1602 {
1603 	int rc;
1604 
1605 	if ((rsc->sc_flags & RTW_F_ENABLED) == 0)
1606 		return;
1607 
1608 	/* turn off PHY */
1609 	if ((rsc->sc_flags & RTW_F_INVALID) == 0 &&
1610 	    (rc = rtw_pwrstate(rsc, RTW_OFF)) != 0) {
1611 		cmn_err(CE_WARN, "failed to turn off PHY (%d)\n", rc);
1612 	}
1613 
1614 	if (rsc->sc_disable != NULL)
1615 		(*rsc->sc_disable)(rsc);
1616 
1617 	rsc->sc_flags &= ~RTW_F_ENABLED;
1618 }
1619 
1620 int
1621 rtw_enable(rtw_softc_t *rsc)
1622 {
1623 	if ((rsc->sc_flags & RTW_F_ENABLED) == 0) {
1624 		if (rsc->sc_enable != NULL && (*rsc->sc_enable)(rsc) != 0) {
1625 			cmn_err(CE_WARN, "device enable failed\n");
1626 			return (EIO);
1627 		}
1628 		rsc->sc_flags |= RTW_F_ENABLED;
1629 		if (rtw_pwrstate(rsc, RTW_ON) != 0)
1630 			cmn_err(CE_WARN, "PHY turn on failed\n");
1631 	}
1632 	return (0);
1633 }
1634 
1635 static void
1636 rtw_set_nettype(rtw_softc_t *rsc, enum ieee80211_opmode opmode)
1637 {
1638 	uint8_t msr;
1639 
1640 	/* I'm guessing that MSR is protected as CONFIG[0123] are. */
1641 	rtw_set_access(&rsc->sc_regs, RTW_ACCESS_CONFIG);
1642 
1643 	msr = RTW_READ8(&rsc->sc_regs, RTW_MSR) & ~RTW_MSR_NETYPE_MASK;
1644 
1645 	switch (opmode) {
1646 	case IEEE80211_M_AHDEMO:
1647 	case IEEE80211_M_IBSS:
1648 		msr |= RTW_MSR_NETYPE_ADHOC_OK;
1649 		break;
1650 	case IEEE80211_M_HOSTAP:
1651 		msr |= RTW_MSR_NETYPE_AP_OK;
1652 		break;
1653 	case IEEE80211_M_STA:
1654 		msr |= RTW_MSR_NETYPE_INFRA_OK;
1655 		break;
1656 	}
1657 	RTW_WRITE8(&rsc->sc_regs, RTW_MSR, msr);
1658 
1659 	rtw_set_access(&rsc->sc_regs, RTW_ACCESS_NONE);
1660 }
1661 
1662 static void
1663 rtw_pktfilt_load(rtw_softc_t *rsc)
1664 {
1665 	struct rtw_regs *regs = &rsc->sc_regs;
1666 	struct ieee80211com *ic = &rsc->sc_ic;
1667 
1668 	/* XXX might be necessary to stop Rx/Tx engines while setting filters */
1669 	rsc->sc_rcr &= ~RTW_RCR_PKTFILTER_MASK;
1670 	rsc->sc_rcr &= ~(RTW_RCR_MXDMA_MASK | RTW_RCR_RXFTH_MASK);
1671 
1672 	rsc->sc_rcr |= RTW_RCR_PKTFILTER_DEFAULT;
1673 	/* MAC auto-reset PHY (huh?) */
1674 	rsc->sc_rcr |= RTW_RCR_ENMARP;
1675 	/* DMA whole Rx packets, only.  Set Tx DMA burst size to 1024 bytes. */
1676 	rsc->sc_rcr |= RTW_RCR_RXFTH_WHOLE |RTW_RCR_MXDMA_1024;
1677 
1678 	switch (ic->ic_opmode) {
1679 	case IEEE80211_M_AHDEMO:
1680 	case IEEE80211_M_IBSS:
1681 		/* receive broadcasts in our BSS */
1682 		rsc->sc_rcr |= RTW_RCR_ADD3;
1683 		break;
1684 	default:
1685 		break;
1686 	}
1687 #if 0
1688 	/* XXX accept all broadcast if scanning */
1689 	rsc->sc_rcr |= RTW_RCR_AB;	/* accept all broadcast */
1690 #endif
1691 	RTW_WRITE(regs, RTW_MAR0, 0xffffffff);
1692 	RTW_WRITE(regs, RTW_MAR1, 0xffffffff);
1693 	rsc->sc_rcr |= RTW_RCR_AM;
1694 	RTW_WRITE(regs, RTW_RCR, rsc->sc_rcr);
1695 	RTW_SYNC(regs, RTW_MAR0, RTW_RCR); /* RTW_MAR0 < RTW_MAR1 < RTW_RCR */
1696 
1697 	RTW_DPRINTF(RTW_DEBUG_PKTFILT,
1698 	    "RTW_MAR0 %08x RTW_MAR1 %08x RTW_RCR %08x\n",
1699 	    RTW_READ(regs, RTW_MAR0),
1700 	    RTW_READ(regs, RTW_MAR1), RTW_READ(regs, RTW_RCR));
1701 	RTW_WRITE(regs, RTW_RCR, rsc->sc_rcr);
1702 }
1703 
1704 static void
1705 rtw_transmit_config(struct rtw_regs *regs)
1706 {
1707 	uint32_t tcr;
1708 
1709 	tcr = RTW_READ(regs, RTW_TCR);
1710 
1711 	tcr |= RTW_TCR_CWMIN;
1712 	tcr &= ~RTW_TCR_MXDMA_MASK;
1713 	tcr |= RTW_TCR_MXDMA_1024;
1714 	tcr |= RTW_TCR_SAT;		/* send ACK as fast as possible */
1715 	tcr &= ~RTW_TCR_LBK_MASK;
1716 	tcr |= RTW_TCR_LBK_NORMAL;	/* normal operating mode */
1717 
1718 	/* set short/long retry limits */
1719 	tcr &= ~(RTW_TCR_SRL_MASK|RTW_TCR_LRL_MASK);
1720 	tcr |= LSHIFT(0x4, RTW_TCR_SRL_MASK) | LSHIFT(0x4, RTW_TCR_LRL_MASK);
1721 
1722 	tcr &= ~RTW_TCR_CRC;	/* NIC appends CRC32 */
1723 	RTW_WRITE(regs, RTW_TCR, tcr);
1724 	RTW_SYNC(regs, RTW_TCR, RTW_TCR);
1725 }
1726 
1727 int
1728 rtw_refine_setting(rtw_softc_t *rsc)
1729 {
1730 	struct rtw_regs *regs;
1731 	int rc = 0;
1732 
1733 	regs = &rsc->sc_regs;
1734 	rc = rtw_reset(rsc);
1735 	if (rc != 0)
1736 		return (-1);
1737 
1738 	rtw_beacon_tx_disable(regs);
1739 	rtw_io_enable(rsc, RTW_CR_RE|RTW_CR_TE, 1);
1740 	rtw_set_mode(regs, RTW_EPROM_CMD_CONFIG);
1741 
1742 	rtw_transmit_config(regs);
1743 	rtw_pktfilt_load(rsc);
1744 	rtw_set_access(regs, RTW_ACCESS_CONFIG);
1745 	RTW_WRITE(regs, RTW_TINT, 0xffffffff);
1746 	RTW_WRITE8(regs, RTW_MSR, 0x0);	/* no link */
1747 	RTW_WRITE16(regs, RTW_BRSR, 0);
1748 
1749 	rtw_set_access(regs, RTW_ACCESS_ANAPARM);
1750 	rtw_set_access(regs, RTW_ACCESS_NONE);
1751 	RTW_WRITE(regs, RTW_FEMR, 0xffff);
1752 	RTW_SYNC(regs, RTW_FEMR, RTW_FEMR);
1753 	rtw_set_rfprog(regs, rsc->sc_rfchipid, "rtw");
1754 
1755 	RTW_WRITE8(regs, RTW_PHYDELAY, rsc->sc_phydelay);
1756 	RTW_WRITE8(regs, RTW_CRCOUNT, RTW_CRCOUNT_MAGIC);
1757 	rtw_set_mode(regs, RTW_EPROM_CMD_NORMAL);
1758 	return (0);
1759 }
1760 
1761 static int
1762 rtw_tune(rtw_softc_t *rsc)
1763 {
1764 	struct ieee80211com *ic = &rsc->sc_ic;
1765 	uint32_t chan;
1766 	int rc;
1767 	int antdiv = rsc->sc_flags & RTW_F_ANTDIV,
1768 	    dflantb = rsc->sc_flags & RTW_F_DFLANTB;
1769 
1770 	ASSERT(ic->ic_curchan != NULL);
1771 
1772 	chan = ieee80211_chan2ieee(ic, ic->ic_curchan);
1773 	RTW_DPRINTF(RTW_DEBUG_TUNE, "rtw: chan no = %x", chan);
1774 
1775 	if (chan == IEEE80211_CHAN_ANY) {
1776 		cmn_err(CE_WARN, "%s: chan == IEEE80211_CHAN_ANY\n", __func__);
1777 		return (-1);
1778 	}
1779 
1780 	if (chan == rsc->sc_cur_chan) {
1781 		RTW_DPRINTF(RTW_DEBUG_TUNE,
1782 		    "%s: already tuned chan %d\n", __func__, chan);
1783 		return (0);
1784 	}
1785 	rtw_idle(&rsc->sc_regs);
1786 	rtw_io_enable(rsc, RTW_CR_RE | RTW_CR_TE, 0);
1787 	ASSERT((rsc->sc_flags & RTW_F_ENABLED) != 0);
1788 
1789 	if ((rc = rtw_phy_init(&rsc->sc_regs, rsc->sc_rf,
1790 	    rtw_chan2txpower(&rsc->sc_srom, ic, ic->ic_curchan),
1791 	    rsc->sc_csthr, ic->ic_curchan->ich_freq, antdiv,
1792 	    dflantb, RTW_ON)) != 0) {
1793 		/* XXX condition on powersaving */
1794 		cmn_err(CE_NOTE, "phy init failed\n");
1795 	}
1796 	rtw_io_enable(rsc, RTW_CR_RE | RTW_CR_TE, 1);
1797 	rtw_resume_ticks(rsc);
1798 	rsc->sc_cur_chan = chan;
1799 	return (rc);
1800 }
1801 
1802 static int
1803 rtw_init(rtw_softc_t *rsc)
1804 {
1805 	struct ieee80211com *ic = &rsc->sc_ic;
1806 	int rc = 0;
1807 
1808 	rtw_stop(rsc);
1809 	mutex_enter(&rsc->sc_genlock);
1810 	if ((rc = rtw_enable(rsc)) != 0)
1811 		goto out;
1812 	rc = rtw_refine_setting(rsc);
1813 	if (rc != 0) {
1814 		mutex_exit(&rsc->sc_genlock);
1815 		return (rc);
1816 	}
1817 	rtw_swring_setup(rsc, 1);
1818 	rtw_hwring_setup(rsc);
1819 	RTW_WRITE16(&rsc->sc_regs, RTW_BSSID16, 0x0);
1820 	RTW_WRITE(&rsc->sc_regs, RTW_BSSID32, 0x0);
1821 	rtw_enable_interrupts(rsc);
1822 
1823 	ic->ic_ibss_chan = &ic->ic_sup_channels[1];
1824 	ic->ic_curchan = ic->ic_ibss_chan;
1825 	RTW_DPRINTF(RTW_DEBUG_TUNE, "%s: channel %d freq %d flags 0x%04x\n",
1826 	    __func__, ieee80211_chan2ieee(ic, ic->ic_curchan),
1827 	    ic->ic_curchan->ich_freq, ic->ic_curchan->ich_flags);
1828 	rsc->sc_invalid = 0;
1829 out:
1830 	mutex_exit(&rsc->sc_genlock);
1831 	return (rc);
1832 }
1833 
1834 static struct rtw_rf *
1835 rtw_rf_attach(rtw_softc_t *rsc, enum rtw_rfchipid rfchipid, int digphy)
1836 {
1837 	rtw_rf_write_t rf_write;
1838 	struct rtw_rf *rf;
1839 	int rtw_host_rfio;
1840 
1841 	switch (rfchipid) {
1842 	default:
1843 		rf_write = rtw_rf_hostwrite;
1844 		break;
1845 	case RTW_RFCHIPID_INTERSIL:
1846 	case RTW_RFCHIPID_PHILIPS:
1847 	case RTW_RFCHIPID_GCT:	/* XXX a guess */
1848 	case RTW_RFCHIPID_RFMD:
1849 		rtw_host_rfio = 1;
1850 		rf_write = (rtw_host_rfio) ? rtw_rf_hostwrite : rtw_rf_macwrite;
1851 		break;
1852 	}
1853 
1854 	switch (rfchipid) {
1855 	case RTW_RFCHIPID_MAXIM:
1856 		rf = rtw_max2820_create(&rsc->sc_regs, rf_write, 0);
1857 		rsc->sc_pwrstate_cb = rtw_maxim_pwrstate;
1858 		break;
1859 	case RTW_RFCHIPID_PHILIPS:
1860 		rf = rtw_sa2400_create(&rsc->sc_regs, rf_write, digphy);
1861 		rsc->sc_pwrstate_cb = rtw_philips_pwrstate;
1862 		break;
1863 	case RTW_RFCHIPID_RFMD:
1864 		/* XXX RFMD has no RF constructor */
1865 		rsc->sc_pwrstate_cb = rtw_rfmd_pwrstate;
1866 		/*FALLTHROUGH*/
1867 	default:
1868 		return (NULL);
1869 	}
1870 	if (rf != NULL) {
1871 		rf->rf_continuous_tx_cb =
1872 		    (rtw_continuous_tx_cb_t)rtw_continuous_tx_enable;
1873 		rf->rf_continuous_tx_arg = (void *)rsc;
1874 	}
1875 	return (rf);
1876 }
1877 
1878 /*
1879  * Revision C and later use a different PHY delay setting than
1880  * revisions A and B.
1881  */
1882 static uint8_t
1883 rtw_check_phydelay(struct rtw_regs *regs, uint32_t rcr0)
1884 {
1885 #define	REVAB (RTW_RCR_MXDMA_UNLIMITED | RTW_RCR_AICV)
1886 #define	REVC (REVAB | RTW_RCR_RXFTH_WHOLE)
1887 
1888 	uint8_t phydelay = LSHIFT(0x6, RTW_PHYDELAY_PHYDELAY);
1889 
1890 	RTW_WRITE(regs, RTW_RCR, REVAB);
1891 	RTW_WBW(regs, RTW_RCR, RTW_RCR);
1892 	RTW_WRITE(regs, RTW_RCR, REVC);
1893 
1894 	RTW_WBR(regs, RTW_RCR, RTW_RCR);
1895 	if ((RTW_READ(regs, RTW_RCR) & REVC) == REVC)
1896 		phydelay |= RTW_PHYDELAY_REVC_MAGIC;
1897 
1898 	RTW_WRITE(regs, RTW_RCR, rcr0);	/* restore RCR */
1899 	RTW_SYNC(regs, RTW_RCR, RTW_RCR);
1900 
1901 	return (phydelay);
1902 #undef REVC
1903 }
1904 
1905 static void rtw_intr_rx(rtw_softc_t *rsc);
1906 static void rtw_ring_recycling(rtw_softc_t *rsc, uint16_t isr, uint32_t pri);
1907 
1908 static int
1909 rtw_get_rate(struct ieee80211com *ic)
1910 {
1911 	uint8_t (*rates)[IEEE80211_RATE_MAXSIZE];
1912 	int rate;
1913 
1914 	rates = &ic->ic_bss->in_rates.ir_rates;
1915 
1916 	if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
1917 		rate = ic->ic_fixed_rate;
1918 	else if (ic->ic_state == IEEE80211_S_RUN)
1919 		rate = (*rates)[ic->ic_bss->in_txrate];
1920 	else
1921 		rate = 0;
1922 	return (rate & IEEE80211_RATE_VAL);
1923 }
1924 
1925 /*
1926  * Arguments in:
1927  *
1928  * paylen:  payload length (no FCS, no WEP header)
1929  *
1930  * hdrlen:  header length
1931  *
1932  * rate:    MSDU speed, units 500kb/s
1933  *
1934  * flags:   IEEE80211_F_SHPREAMBLE (use short preamble),
1935  *          IEEE80211_F_SHSLOT (use short slot length)
1936  *
1937  * Arguments out:
1938  *
1939  * d:       802.11 Duration field for RTS,
1940  *          802.11 Duration field for data frame,
1941  *          PLCP Length for data frame,
1942  *          residual octets at end of data slot
1943  */
1944 static int
1945 rtw_compute_duration1(int len, int use_ack, uint32_t flags, int rate,
1946     struct rtw_ieee80211_duration *d)
1947 {
1948 	int pre, ctsrate;
1949 	uint16_t ack, bitlen, data_dur, remainder;
1950 
1951 	/*
1952 	 * RTS reserves medium for SIFS | CTS | SIFS | (DATA) | SIFS | ACK
1953 	 * DATA reserves medium for SIFS | ACK
1954 	 *
1955 	 * XXXMYC: no ACK on multicast/broadcast or control packets
1956 	 */
1957 
1958 	bitlen = len * 8;
1959 
1960 	pre = IEEE80211_DUR_DS_SIFS;
1961 	if ((flags & IEEE80211_F_SHPREAMBLE) != 0)
1962 		pre += IEEE80211_DUR_DS_SHORT_PREAMBLE +
1963 		    IEEE80211_DUR_DS_FAST_PLCPHDR;
1964 	else
1965 		pre += IEEE80211_DUR_DS_LONG_PREAMBLE +
1966 		    IEEE80211_DUR_DS_SLOW_PLCPHDR;
1967 
1968 	d->d_residue = 0;
1969 	data_dur = (bitlen * 2) / rate;
1970 	remainder = (bitlen * 2) % rate;
1971 	if (remainder != 0) {
1972 		if (rate == 22)
1973 			d->d_residue = (rate - remainder) / 16;
1974 		data_dur++;
1975 	}
1976 
1977 	switch (rate) {
1978 	case 2:		/* 1 Mb/s */
1979 	case 4:		/* 2 Mb/s */
1980 		/* 1 - 2 Mb/s WLAN: send ACK/CTS at 1 Mb/s */
1981 		ctsrate = 2;
1982 		break;
1983 	case 11:	/* 5.5 Mb/s */
1984 	case 22:	/* 11  Mb/s */
1985 	case 44:	/* 22  Mb/s */
1986 		/* 5.5 - 11 Mb/s WLAN: send ACK/CTS at 2 Mb/s */
1987 		ctsrate = 4;
1988 		break;
1989 	default:
1990 		/* TBD */
1991 		return (-1);
1992 	}
1993 
1994 	d->d_plcp_len = data_dur;
1995 
1996 	ack = (use_ack) ? pre + (IEEE80211_DUR_DS_SLOW_ACK * 2) / ctsrate : 0;
1997 
1998 	d->d_rts_dur =
1999 	    pre + (IEEE80211_DUR_DS_SLOW_CTS * 2) / ctsrate +
2000 	    pre + data_dur +
2001 	    ack;
2002 
2003 	d->d_data_dur = ack;
2004 
2005 	return (0);
2006 }
2007 
2008 /*
2009  * Arguments in:
2010  *
2011  * wh:      802.11 header
2012  *
2013  * paylen:  payload length (no FCS, no WEP header)
2014  *
2015  * rate:    MSDU speed, units 500kb/s
2016  *
2017  * fraglen: fragment length, set to maximum (or higher) for no
2018  *          fragmentation
2019  *
2020  * flags:   IEEE80211_F_PRIVACY (hardware adds WEP),
2021  *          IEEE80211_F_SHPREAMBLE (use short preamble),
2022  *          IEEE80211_F_SHSLOT (use short slot length)
2023  *
2024  * Arguments out:
2025  *
2026  * d0: 802.11 Duration fields (RTS/Data), PLCP Length, Service fields
2027  *     of first/only fragment
2028  *
2029  * dn: 802.11 Duration fields (RTS/Data), PLCP Length, Service fields
2030  *     of first/only fragment
2031  */
2032 static int
2033 rtw_compute_duration(struct ieee80211_frame *wh, int len,
2034     uint32_t flags, int fraglen, int rate, struct rtw_ieee80211_duration *d0,
2035     struct rtw_ieee80211_duration *dn, int *npktp)
2036 {
2037 	int ack, rc;
2038 	int firstlen, hdrlen, lastlen, lastlen0, npkt, overlen, paylen;
2039 
2040 	/* don't think about addr4 here */
2041 	hdrlen = sizeof (struct ieee80211_frame);
2042 
2043 	paylen = len - hdrlen;
2044 
2045 	if ((wh->i_fc[1] & IEEE80211_FC1_WEP) != 0) {
2046 		overlen = 8 + IEEE80211_CRC_LEN;
2047 		paylen -= 8;
2048 	} else
2049 		overlen = IEEE80211_CRC_LEN;
2050 
2051 	npkt = paylen / fraglen;
2052 	lastlen0 = paylen % fraglen;
2053 
2054 	if (npkt == 0)			/* no fragments */
2055 		lastlen = paylen + overlen;
2056 	else if (lastlen0 != 0) {	/* a short "tail" fragment */
2057 		lastlen = lastlen0 + overlen;
2058 		npkt++;
2059 	} else			/* full-length "tail" fragment */
2060 		lastlen = fraglen + overlen;
2061 
2062 	if (npktp != NULL)
2063 		*npktp = npkt;
2064 
2065 	if (npkt > 1)
2066 		firstlen = fraglen + overlen;
2067 	else
2068 		firstlen = paylen + overlen;
2069 
2070 	ack = !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
2071 	    (wh->i_fc[1] & IEEE80211_FC0_TYPE_MASK) !=
2072 	    IEEE80211_FC0_TYPE_CTL;
2073 
2074 	rc = rtw_compute_duration1(firstlen + hdrlen,
2075 	    ack, flags, rate, d0);
2076 	if (rc == -1)
2077 		return (rc);
2078 
2079 	if (npkt <= 1) {
2080 		*dn = *d0;
2081 		return (0);
2082 	}
2083 	return (rtw_compute_duration1(lastlen + hdrlen, ack, flags,
2084 	    rate, dn));
2085 }
2086 
2087 static int
2088 rtw_assembly_80211(rtw_softc_t *rsc, struct rtw_txbuf *bf,
2089     mblk_t *mp)
2090 {
2091 	ieee80211com_t *ic;
2092 	struct rtw_txdesc *ds;
2093 	struct ieee80211_frame *wh;
2094 	uint8_t *buf;
2095 	uint32_t ctl0 = 0, ctl1 = 0;
2096 	int npkt, rate;
2097 	struct rtw_ieee80211_duration d0, dn;
2098 	int32_t iswep, pktlen, mblen;
2099 	mblk_t *mp0;
2100 
2101 	ic = &rsc->sc_ic;
2102 	ds = bf->txdesc;
2103 	buf = (uint8_t *)bf->bf_dma.mem_va;
2104 	bzero(buf, bf->bf_dma.alength);
2105 	bzero((uint8_t *)ds, sizeof (struct rtw_txdesc));
2106 	wh = (struct ieee80211_frame *)mp->b_rptr;
2107 	iswep = wh->i_fc[1] & IEEE80211_FC1_WEP;
2108 
2109 	/* ieee80211_crypto_encap() needs a single mblk */
2110 	mp0 = allocb(bf->bf_dma.alength, BPRI_MED);
2111 	if (mp0 == NULL) {
2112 		cmn_err(CE_WARN, "%s: allocb(mp) error", __func__);
2113 		return (-1);
2114 	}
2115 	for (; mp != NULL; mp = mp->b_cont) {
2116 			mblen = (uintptr_t)mp->b_wptr - (uintptr_t)mp->b_rptr;
2117 			bcopy(mp->b_rptr, mp0->b_wptr, mblen);
2118 			mp0->b_wptr += mblen;
2119 	}
2120 
2121 	if (iswep) {
2122 		struct ieee80211_key *k;
2123 
2124 		k = ieee80211_crypto_encap(ic, mp0);
2125 		if (k == NULL) {
2126 			cmn_err(CE_WARN, "%s: ieee80211_crypto_encap() error",
2127 			    __func__);
2128 			freemsg(mp0);
2129 			return (-1);
2130 		}
2131 	}
2132 	pktlen = msgdsize(mp0);
2133 
2134 #if 0
2135 	RTW_DPRINTF(RTW_DEBUG_XMIT, "-----------send------begin--------");
2136 	ieee80211_dump_pkt((uint8_t *)(mp0->b_rptr), pktlen, 0, 0);
2137 	RTW_DPRINTF(RTW_DEBUG_XMIT, "-----------send------end--------");
2138 #endif
2139 	/* RTW_DMA_SYNC(bf->bf_dma, DDI_DMA_SYNC_FORDEV); */
2140 	if (pktlen > bf->bf_dma.alength) {
2141 		cmn_err(CE_WARN, "%s: overlength packet pktlen = %d\n",
2142 		    __func__, pktlen);
2143 		freemsg(mp0);
2144 		return (-1);
2145 	}
2146 	bcopy(mp0->b_rptr, buf, pktlen);
2147 	RTW_DMA_SYNC(bf->bf_dma, DDI_DMA_SYNC_FORDEV);
2148 
2149 	/* setup descriptor */
2150 	ctl0 = RTW_TXCTL0_RTSRATE_1MBPS;
2151 
2152 	if (((ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0) &&
2153 	    (ic->ic_bss->in_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) {
2154 		ctl0 |= RTW_TXCTL0_SPLCP;
2155 	}
2156 	/* XXX do real rate control */
2157 	if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
2158 	    IEEE80211_FC0_TYPE_MGT)
2159 		rate = 2;
2160 	else {
2161 		rate = MAX(2, rtw_get_rate(ic));
2162 	}
2163 	ctl0 = ctl0 |
2164 	    LSHIFT(pktlen, RTW_TXCTL0_TPKTSIZE_MASK);
2165 
2166 	RTW_DPRINTF(RTW_DEBUG_XMIT, "%s: rate = %d", __func__, rate);
2167 
2168 	switch (rate) {
2169 	default:
2170 	case 2:
2171 		ctl0 |= RTW_TXCTL0_RATE_1MBPS;
2172 		break;
2173 	case 4:
2174 		ctl0 |= RTW_TXCTL0_RATE_2MBPS;
2175 		break;
2176 	case 11:
2177 		ctl0 |= RTW_TXCTL0_RATE_5MBPS;
2178 		break;
2179 	case 22:
2180 		ctl0 |= RTW_TXCTL0_RATE_11MBPS;
2181 		break;
2182 	}
2183 
2184 	/* XXX >= ? Compare after fragmentation? */
2185 	if (pktlen > ic->ic_rtsthreshold) {
2186 		ctl0 |= RTW_TXCTL0_RTSEN;
2187 		cmn_err(CE_NOTE, "%s: fragmentation: pktlen = %d",
2188 		    __func__, pktlen);
2189 	}
2190 
2191 	if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
2192 	    IEEE80211_FC0_TYPE_MGT) {
2193 		ctl0 &= ~(RTW_TXCTL0_SPLCP | RTW_TXCTL0_RTSEN);
2194 		if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
2195 		    IEEE80211_FC0_SUBTYPE_BEACON)
2196 			ctl0 |= RTW_TXCTL0_BEACON;
2197 	}
2198 
2199 	if (rtw_compute_duration(wh, pktlen,
2200 	    ic->ic_flags, ic->ic_fragthreshold,
2201 	    rate, &d0, &dn, &npkt) == -1) {
2202 		RTW_DPRINTF(RTW_DEBUG_XMIT,
2203 		    "%s: fail compute duration\n", __func__);
2204 		freemsg(mp0);
2205 		return (-1);
2206 	}
2207 	*(uint16_t *)(uintptr_t)wh->i_dur = (d0.d_data_dur);
2208 
2209 	ctl1 = LSHIFT(d0.d_plcp_len, RTW_TXCTL1_LENGTH_MASK) |
2210 	    LSHIFT(d0.d_rts_dur, RTW_TXCTL1_RTSDUR_MASK);
2211 
2212 	if (d0.d_residue)
2213 		ctl1 |= RTW_TXCTL1_LENGEXT;
2214 
2215 	RTW_DPRINTF(RTW_DEBUG_XMIT, "%s: duration=%x, ctl1=%x", __func__,
2216 	    *(uint16_t *)(uintptr_t)wh->i_dur, ctl1);
2217 
2218 	if (bf->bf_dma.alength > RTW_TXLEN_LENGTH_MASK) {
2219 		RTW_DPRINTF(RTW_DEBUG_XMIT,
2220 		    "%s: seg too long\n", __func__);
2221 		freemsg(mp0);
2222 		return (-1);
2223 	}
2224 	ds->td_ctl0 = ctl0;
2225 	ds->td_ctl0 |= RTW_TXCTL0_OWN | RTW_TXCTL0_LS | RTW_TXCTL0_FS;
2226 	ds->td_ctl1 = ctl1;
2227 	ds->td_buf = bf->bf_dma.cookie.dmac_address;
2228 	ds->td_len = pktlen & 0xfff;
2229 	ds->td_next = bf->next_bf_daddr;
2230 
2231 	RTW_DMA_SYNC_DESC(rsc->sc_desc_dma,
2232 	    RTW_DESC_OFFSET(hd_txmd, bf->order),
2233 	    sizeof (struct rtw_txdesc),
2234 	    DDI_DMA_SYNC_FORDEV);
2235 
2236 	RTW_DPRINTF(RTW_DEBUG_XMIT,
2237 	    "descriptor: order = %d, phy_addr=%x, ctl0=%x,"
2238 	    " ctl1=%x, buf=%x, len=%x, next=%x", bf->order,
2239 	    bf->bf_daddr, ds->td_ctl0, ds->td_ctl1,
2240 	    ds->td_buf, ds->td_len, ds->td_next);
2241 	rsc->sc_pktxmt64++;
2242 	rsc->sc_bytexmt64 += pktlen;
2243 
2244 	freemsg(mp0);
2245 	return (0);
2246 }
2247 
2248 static int
2249 rtw_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
2250 {
2251 	rtw_softc_t *rsc = (rtw_softc_t *)ic;
2252 	struct ieee80211_node *in = ic->ic_bss;
2253 	struct rtw_txbuf *bf = NULL;
2254 	int ret, i = RTW_TXPRIMD;
2255 
2256 	mutex_enter(&rsc->sc_txlock);
2257 	mutex_enter(&rsc->sc_txq[i].txbuf_lock);
2258 	bf = list_head(&rsc->sc_txq[i].tx_free_list);
2259 
2260 	if ((bf == NULL) || (rsc->sc_txq[i].tx_nfree <= 4)) {
2261 		RTW_DPRINTF(RTW_DEBUG_XMIT, "%s: no tx buf\n", __func__);
2262 		rsc->sc_noxmtbuf++;
2263 		if ((type & IEEE80211_FC0_TYPE_MASK) ==
2264 		    IEEE80211_FC0_TYPE_DATA) {
2265 			RTW_DPRINTF(RTW_DEBUG_XMIT, "%s: need reschedule\n",
2266 			    __func__);
2267 			rsc->sc_need_reschedule = 1;
2268 		} else {
2269 			freemsg(mp);
2270 		}
2271 		mutex_exit(&rsc->sc_txq[i].txbuf_lock);
2272 		mutex_exit(&rsc->sc_txlock);
2273 		return (1);
2274 	}
2275 	list_remove(&rsc->sc_txq[i].tx_free_list, bf);
2276 	rsc->sc_txq[i].tx_nfree--;
2277 
2278 	/* assemble 802.11 frame here */
2279 	ret = rtw_assembly_80211(rsc, bf, mp);
2280 	if (ret != 0) {
2281 		cmn_err(CE_WARN, "%s assembly frame error\n", __func__);
2282 		mutex_exit(&rsc->sc_txq[i].txbuf_lock);
2283 		mutex_exit(&rsc->sc_txlock);
2284 		if ((type & IEEE80211_FC0_TYPE_MASK) !=
2285 		    IEEE80211_FC0_TYPE_DATA) {
2286 			freemsg(mp);
2287 		}
2288 		return (1);
2289 	}
2290 	list_insert_tail(&rsc->sc_txq[i].tx_dirty_list, bf);
2291 	bf->bf_in = in;
2292 	rtw_dma_start(&rsc->sc_regs, i);
2293 
2294 	mutex_exit(&rsc->sc_txq[i].txbuf_lock);
2295 	mutex_exit(&rsc->sc_txlock);
2296 
2297 	freemsg(mp);
2298 	return (0);
2299 }
2300 
2301 static mblk_t *
2302 rtw_m_tx(void *arg, mblk_t *mp)
2303 {
2304 	rtw_softc_t *rsc = arg;
2305 	ieee80211com_t *ic = (ieee80211com_t *)rsc;
2306 	mblk_t *next;
2307 
2308 	if (ic->ic_state != IEEE80211_S_RUN) {
2309 		freemsgchain(mp);
2310 		return (NULL);
2311 	}
2312 
2313 	while (mp != NULL) {
2314 		next = mp->b_next;
2315 		mp->b_next = NULL;
2316 
2317 		if (rtw_send(ic, mp, IEEE80211_FC0_TYPE_DATA)) {
2318 			mp->b_next = next;
2319 			break;
2320 		}
2321 		mp = next;
2322 	}
2323 
2324 	return (mp);
2325 
2326 }
2327 
2328 static void
2329 rtw_next_scan(void *arg)
2330 {
2331 	ieee80211com_t *ic = arg;
2332 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
2333 
2334 	rsc->sc_scan_id = 0;
2335 	if (ic->ic_state == IEEE80211_S_SCAN) {
2336 		RTW_DPRINTF(RTW_DEBUG_TUNE, "rtw_next_scan\n");
2337 		(void) ieee80211_next_scan(ic);
2338 	}
2339 
2340 }
2341 
2342 static void
2343 rtw_join_bss(rtw_softc_t *rsc, uint8_t *bssid, uint16_t intval0)
2344 {
2345 	uint16_t bcnitv, intval;
2346 	int i;
2347 	struct rtw_regs *regs = &rsc->sc_regs;
2348 
2349 	for (i = 0; i < IEEE80211_ADDR_LEN; i++)
2350 		RTW_WRITE8(regs, RTW_BSSID + i, bssid[i]);
2351 
2352 	RTW_SYNC(regs, RTW_BSSID16, RTW_BSSID32);
2353 	rtw_set_access(regs, RTW_ACCESS_CONFIG);
2354 
2355 	RTW_WRITE8(regs, RTW_MSR, 0x8);	/* sta mode link ok */
2356 	intval = MIN(intval0, PRESHIFT(RTW_BCNITV_BCNITV_MASK));
2357 
2358 	bcnitv = RTW_READ16(regs, RTW_BCNITV) & ~RTW_BCNITV_BCNITV_MASK;
2359 	bcnitv |= LSHIFT(intval, RTW_BCNITV_BCNITV_MASK);
2360 	RTW_WRITE16(regs, RTW_BCNITV, bcnitv);
2361 	RTW_WRITE16(regs, RTW_ATIMWND, LSHIFT(1, RTW_ATIMWND_ATIMWND));
2362 	RTW_WRITE16(regs, RTW_ATIMTRITV, LSHIFT(2, RTW_ATIMTRITV_ATIMTRITV));
2363 
2364 	rtw_set_access(regs, RTW_ACCESS_NONE);
2365 
2366 	/* TBD WEP */
2367 	/* RTW_WRITE8(regs, RTW_SCR, 0); */
2368 
2369 	rtw_io_enable(rsc, RTW_CR_RE | RTW_CR_TE, 1);
2370 }
2371 
2372 /*
2373  * Set the starting transmit rate for a node.
2374  */
2375 static void
2376 rtw_rate_ctl_start(rtw_softc_t *rsc, struct ieee80211_node *in)
2377 {
2378 	ieee80211com_t *ic = (ieee80211com_t *)rsc;
2379 	int32_t srate;
2380 
2381 	if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) {
2382 		/*
2383 		 * No fixed rate is requested. For 11b start with
2384 		 * the highest negotiated rate; otherwise, for 11g
2385 		 * and 11a, we start "in the middle" at 24Mb or 36Mb.
2386 		 */
2387 		srate = in->in_rates.ir_nrates - 1;
2388 		if (ic->ic_curmode != IEEE80211_MODE_11B) {
2389 			/*
2390 			 * Scan the negotiated rate set to find the
2391 			 * closest rate.
2392 			 */
2393 			/* NB: the rate set is assumed sorted */
2394 			for (; srate >= 0 && IEEE80211_RATE(srate) > 72;
2395 			    srate--)
2396 				;
2397 		}
2398 	} else {
2399 		/*
2400 		 * A fixed rate is to be used;  We know the rate is
2401 		 * there because the rate set is checked when the
2402 		 * station associates.
2403 		 */
2404 		/* NB: the rate set is assumed sorted */
2405 		srate = in->in_rates.ir_nrates - 1;
2406 		for (; srate >= 0 && IEEE80211_RATE(srate) != ic->ic_fixed_rate;
2407 		    srate--)
2408 			;
2409 	}
2410 	in->in_txrate = srate;
2411 }
2412 
2413 
2414 /*
2415  * Reset the rate control state for each 802.11 state transition.
2416  */
2417 static void
2418 rtw_rate_ctl_reset(rtw_softc_t *rsc, enum ieee80211_state state)
2419 {
2420 	ieee80211com_t *ic = &rsc->sc_ic;
2421 	ieee80211_node_t *in;
2422 
2423 	if (ic->ic_opmode == IEEE80211_M_STA) {
2424 		/*
2425 		 * Reset local xmit state; this is really only
2426 		 * meaningful when operating in station mode.
2427 		 */
2428 		in = (struct ieee80211_node *)ic->ic_bss;
2429 
2430 		if (state == IEEE80211_S_RUN) {
2431 			rtw_rate_ctl_start(rsc, in);
2432 		} else {
2433 			in->in_txrate = 0;
2434 		}
2435 	}
2436 }
2437 
2438 /*
2439  * Examine and potentially adjust the transmit rate.
2440  */
2441 static void
2442 rtw_rate_ctl(void *arg)
2443 {
2444 	ieee80211com_t	*ic = (ieee80211com_t *)arg;
2445 	rtw_softc_t *rsc = (rtw_softc_t *)ic;
2446 	struct ieee80211_node *in = ic->ic_bss;
2447 	struct ieee80211_rateset *rs = &in->in_rates;
2448 	int32_t mod = 1, nrate, enough;
2449 
2450 	mutex_enter(&rsc->sc_genlock);
2451 	enough = (rsc->sc_tx_ok + rsc->sc_tx_err) >= 600? 1 : 0;
2452 
2453 	/* err ratio is high -> down */
2454 	if (enough && rsc->sc_tx_ok < rsc->sc_tx_err)
2455 		mod = -1;
2456 
2457 	nrate = in->in_txrate;
2458 	switch (mod) {
2459 	case -1:
2460 		if (nrate > 0) {
2461 			nrate--;
2462 		}
2463 		break;
2464 	case 1:
2465 		if (nrate + 1 < rs->ir_nrates) {
2466 			nrate++;
2467 		}
2468 		break;
2469 	}
2470 
2471 	if (nrate != in->in_txrate)
2472 		in->in_txrate = nrate;
2473 	rsc->sc_tx_ok = rsc->sc_tx_err = rsc->sc_tx_retr = 0;
2474 	mutex_exit(&rsc->sc_genlock);
2475 	if (ic->ic_state == IEEE80211_S_RUN)
2476 		rsc->sc_ratectl_id = timeout(rtw_rate_ctl, ic,
2477 		    drv_usectohz(1000000));
2478 }
2479 
2480 static int32_t
2481 rtw_new_state(ieee80211com_t *ic, enum ieee80211_state nstate, int arg)
2482 {
2483 	rtw_softc_t *rsc = (rtw_softc_t *)ic;
2484 	int error;
2485 	enum ieee80211_state ostate;
2486 
2487 	ostate = ic->ic_state;
2488 
2489 	RTW_DPRINTF(RTW_DEBUG_ATTACH,
2490 	    "rtw_new_state: ostate:0x%x, nstate:0x%x, opmode:0x%x\n",
2491 	    ostate, nstate, ic->ic_opmode);
2492 
2493 
2494 	mutex_enter(&rsc->sc_genlock);
2495 	if (rsc->sc_scan_id != 0) {
2496 		(void) untimeout(rsc->sc_scan_id);
2497 		rsc->sc_scan_id = 0;
2498 	}
2499 	if (rsc->sc_ratectl_id != 0) {
2500 		(void) untimeout(rsc->sc_ratectl_id);
2501 		rsc->sc_ratectl_id = 0;
2502 	}
2503 	rtw_rate_ctl_reset(rsc, nstate);
2504 	if (ostate == IEEE80211_S_INIT && nstate != IEEE80211_S_INIT)
2505 		(void) rtw_pwrstate(rsc, RTW_ON);
2506 	if (nstate != IEEE80211_S_INIT) {
2507 		if ((error = rtw_tune(rsc)) != 0) {
2508 			mutex_exit(&rsc->sc_genlock);
2509 			return (error);
2510 		}
2511 	}
2512 	switch (nstate) {
2513 	case IEEE80211_S_INIT:
2514 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw_new_state: S_INIT\n");
2515 		break;
2516 	case IEEE80211_S_SCAN:
2517 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw_new_state: S_SCAN\n");
2518 		rsc->sc_scan_id = timeout(rtw_next_scan, ic,
2519 		    drv_usectohz(200000));
2520 		rtw_set_nettype(rsc, IEEE80211_M_MONITOR);
2521 		break;
2522 	case IEEE80211_S_RUN:
2523 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw_new_state: S_RUN\n");
2524 		switch (ic->ic_opmode) {
2525 		case IEEE80211_M_HOSTAP:
2526 		case IEEE80211_M_IBSS:
2527 			rtw_set_nettype(rsc, IEEE80211_M_MONITOR);
2528 			/* TBD */
2529 			/*FALLTHROUGH*/
2530 		case IEEE80211_M_AHDEMO:
2531 		case IEEE80211_M_STA:
2532 			RTW_DPRINTF(RTW_DEBUG_ATTACH,
2533 			    "rtw_new_state: sta\n");
2534 			rtw_join_bss(rsc, ic->ic_bss->in_bssid, 0);
2535 			rsc->sc_ratectl_id = timeout(rtw_rate_ctl, ic,
2536 			    drv_usectohz(1000000));
2537 			break;
2538 		case IEEE80211_M_MONITOR:
2539 			break;
2540 		}
2541 		rtw_set_nettype(rsc, ic->ic_opmode);
2542 		break;
2543 	case IEEE80211_S_ASSOC:
2544 	case IEEE80211_S_AUTH:
2545 		break;
2546 	}
2547 
2548 	mutex_exit(&rsc->sc_genlock);
2549 	/*
2550 	 * Invoke the parent method to complete the work.
2551 	 */
2552 	error = rsc->sc_newstate(ic, nstate, arg);
2553 
2554 	return (error);
2555 }
2556 
2557 static void
2558 rtw_intr_rx(rtw_softc_t *rsc)
2559 {
2560 #define	IS_BEACON(__fc0)						\
2561 	((__fc0 & (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==\
2562 	(IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_BEACON))
2563 	/*
2564 	 * ratetbl[4] = {2, 4, 11, 22};
2565 	 */
2566 	struct rtw_rxbuf *bf;
2567 	struct rtw_rxdesc *ds;
2568 	int hwrate, len, rssi;
2569 	uint32_t hstat, hrssi, htsftl;
2570 	int is_last, next, n = 0, i;
2571 	struct ieee80211_frame *wh;
2572 	ieee80211com_t *ic = (ieee80211com_t *)rsc;
2573 	mblk_t *mp;
2574 
2575 	RTW_DPRINTF(RTW_DEBUG_RECV, "%s rtw_intr_rx: enter ic_state=%x\n",
2576 	    __func__, rsc->sc_ic.ic_state);
2577 	mutex_enter(&rsc->rxbuf_lock);
2578 	next = rsc->rx_next;
2579 	mutex_exit(&rsc->rxbuf_lock);
2580 	for (i = 0; i < RTW_RXQLEN; i++) {
2581 		RTW_DMA_SYNC_DESC(rsc->sc_desc_dma,
2582 		    RTW_DESC_OFFSET(hd_rx, next),
2583 		    sizeof (struct rtw_rxdesc),
2584 		    DDI_DMA_SYNC_FORKERNEL);
2585 		n++;
2586 		bf = rsc->rxbuf_h + next;
2587 		ds = bf->rxdesc;
2588 		hstat = (ds->rd_stat);
2589 		hrssi = ds->rd_rssi;
2590 		htsftl = ds->rd_tsftl;
2591 		/* htsfth = ds->rd_tsfth; */
2592 		RTW_DPRINTF(RTW_DEBUG_RECV, "%s: stat=%x\n", __func__, hstat);
2593 		/* still belongs to NIC */
2594 		if ((hstat & RTW_RXSTAT_OWN) != 0) {
2595 			if (n > 1) {
2596 				RTW_DPRINTF(RTW_DEBUG_RECV,
2597 				    "%s: n > 1\n", __func__);
2598 				break;
2599 			}
2600 			RTW_DMA_SYNC_DESC(rsc->sc_desc_dma,
2601 			    RTW_DESC_OFFSET(hd_rx, 0),
2602 			    sizeof (struct rtw_rxdesc),
2603 			    DDI_DMA_SYNC_FORCPU);
2604 			bf = rsc->rxbuf_h;
2605 			ds = bf->rxdesc;
2606 			hstat = (ds->rd_stat);
2607 			if ((hstat & RTW_RXSTAT_OWN) != 0)
2608 				break;
2609 			next = 0 /* RTW_RXQLEN - 1 */;
2610 			continue;
2611 		}
2612 
2613 		rsc->sc_pktrcv64++;
2614 		if ((hstat & RTW_RXSTAT_IOERROR) != 0) {
2615 			RTW_DPRINTF(RTW_DEBUG_RECV,
2616 			    "rtw: DMA error/FIFO overflow %08x, "
2617 			    "rx descriptor %d\n",
2618 			    hstat & RTW_RXSTAT_IOERROR, next);
2619 			goto next;
2620 		}
2621 
2622 		len = MASK_AND_RSHIFT(hstat, RTW_RXSTAT_LENGTH_MASK);
2623 		rsc->sc_bytercv64 += len;
2624 
2625 		/* CRC is included with the packet; trim it off. */
2626 		/* len -= IEEE80211_CRC_LEN; */
2627 
2628 		hwrate = MASK_AND_RSHIFT(hstat, RTW_RXSTAT_RATE_MASK);
2629 		if (hwrate >= 4) {
2630 			goto next;
2631 		}
2632 
2633 		if ((hstat & RTW_RXSTAT_RES) != 0 &&
2634 		    rsc->sc_ic.ic_opmode != IEEE80211_M_MONITOR) {
2635 			goto next;
2636 		}
2637 
2638 		/* if bad flags, skip descriptor */
2639 		if ((hstat & RTW_RXSTAT_ONESEG) != RTW_RXSTAT_ONESEG) {
2640 			RTW_DPRINTF(RTW_DEBUG_RECV,
2641 			    "rtw too many rx segments\n");
2642 			goto next;
2643 		}
2644 
2645 		if (rsc->sc_rfchipid == RTW_RFCHIPID_PHILIPS)
2646 			rssi = MASK_AND_RSHIFT(hrssi, RTW_RXRSSI_RSSI);
2647 		else {
2648 			rssi = MASK_AND_RSHIFT(hrssi, RTW_RXRSSI_IMR_RSSI);
2649 			/*
2650 			 * TBD find out each front-end's LNA gain in the
2651 			 * front-end's units
2652 			 */
2653 			if ((hrssi & RTW_RXRSSI_IMR_LNA) == 0)
2654 				rssi |= 0x80;
2655 		}
2656 		/* sq = MASK_AND_RSHIFT(hrssi, RTW_RXRSSI_SQ); */
2657 
2658 
2659 		/* deal with the frame itself here */
2660 		mp = allocb(rsc->sc_dmabuf_size, BPRI_MED);
2661 		if (mp == NULL) {
2662 			cmn_err(CE_WARN, "rtw: alloc mblk error");
2663 			rsc->sc_norcvbuf++;
2664 			return;
2665 		}
2666 		len -= IEEE80211_CRC_LEN;
2667 		RTW_DMA_SYNC(bf->bf_dma, DDI_DMA_SYNC_FORKERNEL);
2668 		bcopy(bf->bf_dma.mem_va, mp->b_rptr, len);
2669 		mp->b_wptr += len;
2670 		wh = (struct ieee80211_frame *)mp->b_rptr;
2671 		if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
2672 		    IEEE80211_FC0_TYPE_CTL) {
2673 			cmn_err(CE_WARN, "TYPE CTL !!\n");
2674 			freemsg(mp);
2675 			goto next;
2676 		}
2677 		(void) ieee80211_input(ic, mp, ic->ic_bss, rssi, htsftl);
2678 next:
2679 		if (next == 63)
2680 			is_last = 1;
2681 		else
2682 			is_last = 0;
2683 		rtw_rxdesc_init(rsc, bf, next, is_last);
2684 
2685 		next = (next + 1)%RTW_RXQLEN;
2686 		RTW_DPRINTF(RTW_DEBUG_RECV, "%s: next = %d\n", __func__, next);
2687 	}
2688 	mutex_enter(&rsc->rxbuf_lock);
2689 	rsc->rx_next = next;
2690 	mutex_exit(&rsc->rxbuf_lock);
2691 }
2692 
2693 static void
2694 rtw_ring_recycling(rtw_softc_t *rsc, uint16_t isr, uint32_t pri)
2695 {
2696 	struct rtw_txbuf *bf;
2697 	struct rtw_txdesc *ds;
2698 	uint32_t hstat;
2699 	uint32_t  head = 0;
2700 	uint32_t  cnt = 0, idx = 0;
2701 
2702 	mutex_enter(&rsc->sc_txq[pri].txbuf_lock);
2703 	head = RTW_READ(&rsc->sc_regs, RTW_TNPDA);
2704 	if (head == rsc->hw_go) {
2705 		mutex_exit(&rsc->sc_txq[pri].txbuf_lock);
2706 		return;
2707 	}
2708 	RTW_DPRINTF(RTW_DEBUG_XMIT, "rtw_ring_recycling: enter ic_state=%x\n",
2709 	    rsc->sc_ic.ic_state);
2710 
2711 	bf = list_head(&rsc->sc_txq[pri].tx_dirty_list);
2712 	if (bf == NULL) {
2713 		RTW_DPRINTF(RTW_DEBUG_XMIT,
2714 		    "rtw_ring_recycling: dirty bf[%d] NULL\n", pri);
2715 		mutex_exit(&rsc->sc_txq[pri].txbuf_lock);
2716 		return;
2717 	}
2718 
2719 	while ((bf != NULL) && (rsc->hw_go != head)) {
2720 		cnt++;
2721 		idx = (rsc->hw_go - rsc->hw_start) / sizeof (struct rtw_txdesc);
2722 		if (idx == 63)
2723 			rsc->hw_go = rsc->hw_start;
2724 		else
2725 			rsc->hw_go += sizeof (struct rtw_txdesc);
2726 		RTW_DMA_SYNC_DESC(rsc->sc_desc_dma,
2727 		    RTW_DESC_OFFSET(hd_txmd, idx),
2728 		    sizeof (struct rtw_txdesc),
2729 		    DDI_DMA_SYNC_FORCPU);
2730 
2731 		RTW_DPRINTF(RTW_DEBUG_XMIT, "Head = 0x%x\n", head);
2732 		ds = bf->txdesc;
2733 		hstat = (ds->td_stat);
2734 		ds->td_len = ds->td_len & 0xfff;
2735 		RTW_DPRINTF(RTW_DEBUG_XMIT,
2736 		    "%s rtw_ring_recycling: stat=%x, pri=%x\n",
2737 		    __func__, hstat, pri);
2738 		if (hstat & RTW_TXSTAT_TOK)
2739 			rsc->sc_tx_ok++;
2740 		else {
2741 			RTW_DPRINTF(RTW_DEBUG_XMIT,
2742 			    "TX err @%d, o %d, retry[%d], isr[0x%x], cnt %d\n",
2743 			    idx, (hstat & RTW_TXSTAT_OWN)?1:0,
2744 			    (hstat & RTW_TXSTAT_DRC_MASK), isr, cnt);
2745 			if ((hstat & RTW_TXSTAT_DRC_MASK) <= 4) {
2746 				rsc->sc_tx_ok++;
2747 			} else {
2748 				rsc->sc_tx_err++;
2749 			}
2750 		}
2751 		rsc->sc_tx_retr +=
2752 		    (hstat & RTW_TXSTAT_DRC_MASK);
2753 		rsc->sc_xmtretry +=
2754 		    (hstat & RTW_TXSTAT_DRC_MASK);
2755 		list_remove(&rsc->sc_txq[pri].tx_dirty_list, bf);
2756 		list_insert_tail(&rsc->sc_txq[pri].tx_free_list,
2757 		    bf);
2758 		(rsc->sc_txq[pri].tx_nfree)++;
2759 		if (rsc->sc_need_reschedule == 1) {
2760 			mac_tx_update(rsc->sc_ic.ic_mach);
2761 			rsc->sc_need_reschedule = 0;
2762 		}
2763 		RTW_DPRINTF(RTW_DEBUG_XMIT,
2764 		    "rtw_ring_recycling: nfree[%d]=%d\n",
2765 		    pri, rsc->sc_txq[pri].tx_nfree);
2766 		bzero((uint8_t *)ds, sizeof (struct rtw_txdesc));
2767 		RTW_DMA_SYNC_DESC(rsc->sc_desc_dma,
2768 		    RTW_DESC_OFFSET(hd_txmd, idx),
2769 		    sizeof (struct rtw_txdesc),
2770 		    DDI_DMA_SYNC_FORDEV);
2771 		bf = list_head(&rsc->sc_txq[pri].tx_dirty_list);
2772 	}
2773 	mutex_exit(&rsc->sc_txq[pri].txbuf_lock);
2774 }
2775 
2776 static void
2777 rtw_intr_timeout(rtw_softc_t *rsc)
2778 {
2779 	rtw_resume_ticks(rsc);
2780 }
2781 
2782 static uint_t
2783 rtw_intr(caddr_t arg)
2784 {
2785 	/* LINTED E_BAD_PTR_CAST_ALIGN */
2786 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
2787 	struct rtw_regs *regs = &rsc->sc_regs;
2788 	uint16_t isr = 0;
2789 
2790 	mutex_enter(&rsc->sc_genlock);
2791 	isr = RTW_READ16(regs, RTW_ISR);
2792 	RTW_WRITE16(regs, RTW_ISR, isr);
2793 
2794 	if (isr == 0) {
2795 		mutex_exit(&rsc->sc_genlock);
2796 		return (DDI_INTR_UNCLAIMED);
2797 	}
2798 
2799 #ifdef DEBUG
2800 #define	PRINTINTR(flag) { \
2801 	if ((isr & flag) != 0) { \
2802 		RTW_DPRINTF(RTW_DEBUG_INTR, "|" #flag); \
2803 	} \
2804 }
2805 
2806 	if ((rtw_dbg_flags & RTW_DEBUG_INTR) != 0 && isr != 0) {
2807 
2808 		RTW_DPRINTF(RTW_DEBUG_INTR, "rtw: reg[ISR] = %x", isr);
2809 
2810 		PRINTINTR(RTW_INTR_TXFOVW);
2811 		PRINTINTR(RTW_INTR_TIMEOUT);
2812 		PRINTINTR(RTW_INTR_BCNINT);
2813 		PRINTINTR(RTW_INTR_ATIMINT);
2814 		PRINTINTR(RTW_INTR_TBDER);
2815 		PRINTINTR(RTW_INTR_TBDOK);
2816 		PRINTINTR(RTW_INTR_THPDER);
2817 		PRINTINTR(RTW_INTR_THPDOK);
2818 		PRINTINTR(RTW_INTR_TNPDER);
2819 		PRINTINTR(RTW_INTR_TNPDOK);
2820 		PRINTINTR(RTW_INTR_RXFOVW);
2821 		PRINTINTR(RTW_INTR_RDU);
2822 		PRINTINTR(RTW_INTR_TLPDER);
2823 		PRINTINTR(RTW_INTR_TLPDOK);
2824 		PRINTINTR(RTW_INTR_RER);
2825 		PRINTINTR(RTW_INTR_ROK);
2826 	}
2827 #undef PRINTINTR
2828 #endif /* DEBUG */
2829 
2830 	rsc->sc_intr++;
2831 
2832 	if ((isr & RTW_INTR_RX) != 0) {
2833 		mutex_exit(&rsc->sc_genlock);
2834 		rtw_intr_rx(rsc);
2835 		mutex_enter(&rsc->sc_genlock);
2836 	}
2837 	if ((isr & RTW_INTR_TIMEOUT) != 0)
2838 		rtw_intr_timeout(rsc);
2839 
2840 	if ((isr & RTW_INTR_TX) != 0)
2841 		rtw_ring_recycling(rsc, isr, 1);
2842 	mutex_exit(&rsc->sc_genlock);
2843 	return (DDI_INTR_CLAIMED);
2844 }
2845 
2846 static void
2847 rtw_stop(void *arg)
2848 {
2849 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
2850 	struct rtw_regs *regs = &rsc->sc_regs;
2851 
2852 	mutex_enter(&rsc->sc_genlock);
2853 	rtw_disable_interrupts(regs);
2854 	rtw_io_enable(rsc, RTW_CR_RE | RTW_CR_TE, 0);
2855 	RTW_WRITE8(regs, RTW_TPPOLL, RTW_TPPOLL_SALL);
2856 	rsc->sc_invalid = 1;
2857 	mutex_exit(&rsc->sc_genlock);
2858 }
2859 
2860 static void
2861 rtw_m_stop(void *arg)
2862 {
2863 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
2864 
2865 	(void) ieee80211_new_state(&rsc->sc_ic, IEEE80211_S_INIT, -1);
2866 	rtw_stop(rsc);
2867 }
2868 
2869 /*
2870  * quiesce(9E) entry point.
2871  *
2872  * This function is called when the system is single-threaded at high
2873  * PIL with preemption disabled. Therefore, this function must not be
2874  * blocked.
2875  *
2876  * This function returns DDI_SUCCESS on success, or DDI_FAILURE on failure.
2877  * DDI_FAILURE indicates an error condition and should almost never happen.
2878  */
2879 int
2880 rtw_quiesce(dev_info_t *dip)
2881 {
2882 	rtw_softc_t  *rsc = NULL;
2883 	struct rtw_regs *regs;
2884 
2885 	rsc = ddi_get_soft_state(rtw_soft_state_p, ddi_get_instance(dip));
2886 	ASSERT(rsc != NULL);
2887 	regs = &rsc->sc_regs;
2888 
2889 	rtw_dbg_flags = 0;
2890 	rtw_disable_interrupts(regs);
2891 	rtw_io_enable(rsc, RTW_CR_RE | RTW_CR_TE, 0);
2892 	RTW_WRITE8(regs, RTW_TPPOLL, RTW_TPPOLL_SALL);
2893 
2894 	return (DDI_SUCCESS);
2895 }
2896 
2897 /*
2898  * callback functions for /get/set properties
2899  */
2900 static int
2901 rtw_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2902     uint_t wldp_length, const void *wldp_buf)
2903 {
2904 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
2905 	struct ieee80211com *ic = &rsc->sc_ic;
2906 	int err;
2907 
2908 	err = ieee80211_setprop(ic, pr_name, wldp_pr_num,
2909 	    wldp_length, wldp_buf);
2910 	if (err == ENETRESET) {
2911 		if (ic->ic_des_esslen && (rsc->sc_invalid == 0)) {
2912 			(void) rtw_init(rsc);
2913 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2914 		}
2915 		err = 0;
2916 	}
2917 	return (err);
2918 }
2919 
2920 static int
2921 rtw_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2922     uint_t wldp_length, void *wldp_buf)
2923 {
2924 	rtw_softc_t *rsc = arg;
2925 	int err;
2926 
2927 	err = ieee80211_getprop(&rsc->sc_ic, pr_name, wldp_pr_num,
2928 	    wldp_length, wldp_buf);
2929 
2930 	return (err);
2931 }
2932 
2933 static void
2934 rtw_m_propinfo(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2935     mac_prop_info_handle_t prh)
2936 {
2937 	rtw_softc_t *rsc = arg;
2938 
2939 	ieee80211_propinfo(&rsc->sc_ic, pr_name, wldp_pr_num, prh);
2940 }
2941 
2942 static int
2943 rtw_m_start(void *arg)
2944 {
2945 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
2946 	ieee80211com_t *ic = (ieee80211com_t *)rsc;
2947 	int ret;
2948 #ifdef DEBUG
2949 	rtw_print_regs(&rsc->sc_regs, "rtw", "rtw_start");
2950 #endif
2951 
2952 	ret = rtw_init(rsc);
2953 	if (ret) {
2954 		cmn_err(CE_WARN, "rtw: failed to do rtw_init\n");
2955 		return (EIO);
2956 	}
2957 	(void) ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2958 	return (0);
2959 }
2960 
2961 
2962 static int
2963 rtw_m_unicst(void *arg, const uint8_t *macaddr)
2964 {
2965 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
2966 	ieee80211com_t *ic = (ieee80211com_t *)rsc;
2967 	struct rtw_regs *regs = &rsc->sc_regs;
2968 	uint32_t t;
2969 
2970 	mutex_enter(&rsc->sc_genlock);
2971 	bcopy(macaddr, ic->ic_macaddr, 6);
2972 	t = ((*macaddr)<<24) | ((*(macaddr + 1))<<16) |
2973 	    ((*(macaddr + 2))<<8) | (*(macaddr + 3));
2974 	RTW_WRITE(regs, RTW_IDR0, ntohl(t));
2975 	t = ((*(macaddr + 4))<<24) | ((*(macaddr + 5))<<16);
2976 	RTW_WRITE(regs, RTW_IDR1, ntohl(t));
2977 	mutex_exit(&rsc->sc_genlock);
2978 	return (0);
2979 }
2980 
2981 static int
2982 rtw_m_promisc(void *arg, boolean_t on)
2983 {
2984 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
2985 	struct rtw_regs *regs = &rsc->sc_regs;
2986 
2987 	mutex_enter(&rsc->sc_genlock);
2988 
2989 	if (on)
2990 		rsc->sc_rcr |= RTW_RCR_PROMIC;
2991 	else
2992 		rsc->sc_rcr &= ~RTW_RCR_PROMIC;
2993 
2994 	RTW_WRITE(regs, RTW_RCR, rsc->sc_rcr);
2995 
2996 	mutex_exit(&rsc->sc_genlock);
2997 	return (0);
2998 }
2999 
3000 static int
3001 rtw_m_multicst(void *arg, boolean_t add, const uint8_t *macaddr)
3002 {
3003 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
3004 	struct rtw_regs *regs = &rsc->sc_regs;
3005 	uint32_t t;
3006 
3007 	mutex_enter(&rsc->sc_genlock);
3008 	if (add) {
3009 		rsc->sc_rcr |= RTW_RCR_AM;
3010 		t = ((*macaddr)<<24) | ((*(macaddr + 1))<<16) |
3011 		    ((*(macaddr + 2))<<8) | (*(macaddr + 3));
3012 		RTW_WRITE(regs, RTW_MAR0, ntohl(t));
3013 		t = ((*(macaddr + 4))<<24) | ((*(macaddr + 5))<<16);
3014 		RTW_WRITE(regs, RTW_MAR1, ntohl(t));
3015 		RTW_WRITE(regs, RTW_RCR, rsc->sc_rcr);
3016 		RTW_SYNC(regs, RTW_MAR0, RTW_RCR);
3017 	} else {
3018 		rsc->sc_rcr &= ~RTW_RCR_AM;
3019 		RTW_WRITE(regs, RTW_MAR0, 0);
3020 		RTW_WRITE(regs, RTW_MAR1, 0);
3021 		RTW_WRITE(regs, RTW_RCR, rsc->sc_rcr);
3022 		RTW_SYNC(regs, RTW_MAR0, RTW_RCR);
3023 	}
3024 	mutex_exit(&rsc->sc_genlock);
3025 	return (0);
3026 }
3027 
3028 static void
3029 rtw_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
3030 {
3031 	rtw_softc_t *rsc = arg;
3032 	struct ieee80211com *ic = &rsc->sc_ic;
3033 	int err;
3034 
3035 	err = ieee80211_ioctl(ic, wq, mp);
3036 	if (err == ENETRESET) {
3037 		if (ic->ic_des_esslen && (rsc->sc_invalid == 0)) {
3038 			(void) rtw_init(rsc);
3039 			(void) ieee80211_new_state(ic,
3040 			    IEEE80211_S_SCAN, -1);
3041 		}
3042 	}
3043 }
3044 
3045 static int
3046 rtw_m_stat(void *arg, uint_t stat, uint64_t *val)
3047 {
3048 	rtw_softc_t *rsc = (rtw_softc_t *)arg;
3049 	ieee80211com_t *ic = &rsc->sc_ic;
3050 	struct ieee80211_node *in = 0;
3051 	struct ieee80211_rateset *rs = 0;
3052 
3053 	mutex_enter(&rsc->sc_genlock);
3054 	switch (stat) {
3055 	case MAC_STAT_IFSPEED:
3056 		in = ic->ic_bss;
3057 		rs = &in->in_rates;
3058 		*val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
3059 		    (rs->ir_rates[in->in_txrate] & IEEE80211_RATE_VAL)
3060 		    : ic->ic_fixed_rate) / 2 * 1000000;
3061 		break;
3062 	case MAC_STAT_NOXMTBUF:
3063 		*val = rsc->sc_noxmtbuf;
3064 		break;
3065 	case MAC_STAT_NORCVBUF:
3066 		*val = rsc->sc_norcvbuf;
3067 		break;
3068 	case MAC_STAT_RBYTES:
3069 		*val = rsc->sc_bytercv64;
3070 		break;
3071 	case MAC_STAT_IPACKETS:
3072 		*val = rsc->sc_pktrcv64;
3073 		break;
3074 	case MAC_STAT_OBYTES:
3075 		*val = rsc->sc_bytexmt64;
3076 		break;
3077 	case MAC_STAT_OPACKETS:
3078 		*val = rsc->sc_pktxmt64;
3079 		break;
3080 	case WIFI_STAT_TX_RETRANS:
3081 		*val = rsc->sc_xmtretry;
3082 		break;
3083 	case WIFI_STAT_TX_FRAGS:
3084 	case WIFI_STAT_MCAST_TX:
3085 	case WIFI_STAT_RTS_SUCCESS:
3086 	case WIFI_STAT_RTS_FAILURE:
3087 	case WIFI_STAT_ACK_FAILURE:
3088 	case WIFI_STAT_RX_FRAGS:
3089 	case WIFI_STAT_MCAST_RX:
3090 	case WIFI_STAT_RX_DUPS:
3091 		mutex_exit(&rsc->sc_genlock);
3092 		return (ieee80211_stat(ic, stat, val));
3093 	default:
3094 		*val = 0;
3095 		break;
3096 	}
3097 	mutex_exit(&rsc->sc_genlock);
3098 
3099 	return (0);
3100 }
3101 
3102 
3103 static void
3104 rtw_mutex_destroy(rtw_softc_t *rsc)
3105 {
3106 	int i;
3107 
3108 	mutex_destroy(&rsc->rxbuf_lock);
3109 	mutex_destroy(&rsc->sc_txlock);
3110 	for (i = 0; i < RTW_NTXPRI; i++) {
3111 		mutex_destroy(&rsc->sc_txq[RTW_NTXPRI - 1 - i].txbuf_lock);
3112 	}
3113 	mutex_destroy(&rsc->sc_genlock);
3114 }
3115 
3116 static int
3117 rtw_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
3118 {
3119 	rtw_softc_t *rsc;
3120 	ieee80211com_t *ic;
3121 	uint8_t csz;
3122 	uint32_t i;
3123 	uint16_t vendor_id, device_id, command;
3124 	int32_t err;
3125 	char strbuf[32];
3126 	wifi_data_t wd = { 0 };
3127 	mac_register_t *macp;
3128 	int instance = ddi_get_instance(devinfo);
3129 
3130 	switch (cmd) {
3131 	case DDI_ATTACH:
3132 		break;
3133 	case DDI_RESUME:
3134 		rsc = ddi_get_soft_state(rtw_soft_state_p,
3135 		    ddi_get_instance(devinfo));
3136 		ASSERT(rsc != NULL);
3137 		mutex_enter(&rsc->sc_genlock);
3138 		rsc->sc_flags &= ~RTW_F_SUSPEND;
3139 		mutex_exit(&rsc->sc_genlock);
3140 		if ((rsc->sc_flags & RTW_F_PLUMBED)) {
3141 			err = rtw_init(rsc);
3142 			if (err == 0) {
3143 				mutex_enter(&rsc->sc_genlock);
3144 				rsc->sc_flags &= ~RTW_F_PLUMBED;
3145 				mutex_exit(&rsc->sc_genlock);
3146 			}
3147 		}
3148 		return (DDI_SUCCESS);
3149 	default:
3150 		return (DDI_FAILURE);
3151 	}
3152 
3153 	if (ddi_soft_state_zalloc(rtw_soft_state_p,
3154 	    ddi_get_instance(devinfo)) != DDI_SUCCESS) {
3155 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3156 		    "Unable to alloc softstate\n");
3157 		return (DDI_FAILURE);
3158 	}
3159 
3160 	rsc = ddi_get_soft_state(rtw_soft_state_p, ddi_get_instance(devinfo));
3161 	ic = &rsc->sc_ic;
3162 	rsc->sc_dev = devinfo;
3163 
3164 	err = ddi_regs_map_setup(devinfo, 0, (caddr_t *)&rsc->sc_cfg_base, 0, 0,
3165 	    &rtw_reg_accattr, &rsc->sc_cfg_handle);
3166 	if (err != DDI_SUCCESS) {
3167 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3168 		    "ddi_regs_map_setup() failed");
3169 		goto attach_fail0;
3170 	}
3171 	csz = ddi_get8(rsc->sc_cfg_handle,
3172 	    (uint8_t *)(rsc->sc_cfg_base + PCI_CONF_CACHE_LINESZ));
3173 	if (!csz)
3174 		csz = 16;
3175 	rsc->sc_cachelsz = csz << 2;
3176 	vendor_id = ddi_get16(rsc->sc_cfg_handle,
3177 	    (uint16_t *)((uintptr_t)rsc->sc_cfg_base + PCI_CONF_VENID));
3178 	device_id = ddi_get16(rsc->sc_cfg_handle,
3179 	    (uint16_t *)((uintptr_t)rsc->sc_cfg_base + PCI_CONF_DEVID));
3180 	RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): vendor 0x%x, "
3181 	    "device id 0x%x, cache size %d\n", vendor_id, device_id, csz);
3182 
3183 	/*
3184 	 * Enable response to memory space accesses,
3185 	 * and enabe bus master.
3186 	 */
3187 	command = PCI_COMM_MAE | PCI_COMM_ME;
3188 	ddi_put16(rsc->sc_cfg_handle,
3189 	    (uint16_t *)((uintptr_t)rsc->sc_cfg_base + PCI_CONF_COMM), command);
3190 	RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3191 	    "set command reg to 0x%x \n", command);
3192 
3193 	ddi_put8(rsc->sc_cfg_handle,
3194 	    (uint8_t *)(rsc->sc_cfg_base + PCI_CONF_LATENCY_TIMER), 0xa8);
3195 
3196 	ddi_regs_map_free(&rsc->sc_cfg_handle);
3197 
3198 	err = ddi_regs_map_setup(devinfo, 2, (caddr_t *)&rsc->sc_regs.r_base,
3199 	    0, 0, &rtw_reg_accattr, &rsc->sc_regs.r_handle);
3200 	if (err != DDI_SUCCESS) {
3201 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3202 		    "ddi_regs_map_setup() failed");
3203 		goto attach_fail0;
3204 	}
3205 	RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: r_base=%x, r_handle=%x\n",
3206 	    rsc->sc_regs.r_base, rsc->sc_regs.r_handle);
3207 
3208 	err = rtw_dma_init(devinfo, rsc);
3209 	if (err != DDI_SUCCESS) {
3210 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3211 		    "failed to init dma: %d\n", err);
3212 		goto attach_fail1;
3213 	}
3214 
3215 	/*
3216 	 * Stop the transmit and receive processes. First stop DMA,
3217 	 * then disable receiver and transmitter.
3218 	 */
3219 	RTW_WRITE8(&rsc->sc_regs, RTW_TPPOLL, RTW_TPPOLL_SALL);
3220 	rtw_io_enable(rsc, RTW_CR_RE | RTW_CR_TE, 0);
3221 
3222 	/* Reset the chip to a known state. */
3223 	if (rtw_reset(rsc) != 0) {
3224 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3225 		    "failed to reset\n");
3226 		goto attach_fail2;
3227 	}
3228 	rsc->sc_rcr = RTW_READ(&rsc->sc_regs, RTW_RCR);
3229 
3230 	if ((rsc->sc_rcr & RTW_RCR_9356SEL) != 0)
3231 		rsc->sc_flags |= RTW_F_9356SROM;
3232 
3233 	if (rtw_srom_read(&rsc->sc_regs, rsc->sc_flags, &rsc->sc_srom,
3234 	    "rtw") != 0) {
3235 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3236 		    "failed to read srom\n");
3237 		goto attach_fail2;
3238 	}
3239 
3240 	if (rtw_srom_parse(&rsc->sc_srom, &rsc->sc_flags, &rsc->sc_csthr,
3241 	    &rsc->sc_rfchipid, &rsc->sc_rcr, &rsc->sc_locale,
3242 	    "rtw") != 0) {
3243 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw_attach():"
3244 		    " malformed serial ROM\n");
3245 		goto attach_fail3;
3246 	}
3247 
3248 	RTW_DPRINTF(RTW_DEBUG_PHY, "rtw: %s PHY\n",
3249 	    ((rsc->sc_flags & RTW_F_DIGPHY) != 0) ? "digital" : "analog");
3250 
3251 
3252 	rsc->sc_rf = rtw_rf_attach(rsc, rsc->sc_rfchipid,
3253 	    rsc->sc_flags & RTW_F_DIGPHY);
3254 
3255 	if (rsc->sc_rf == NULL) {
3256 		cmn_err(CE_WARN, "rtw: rtw_attach(): could not attach RF\n");
3257 		goto attach_fail3;
3258 	}
3259 	rsc->sc_phydelay = rtw_check_phydelay(&rsc->sc_regs, rsc->sc_rcr);
3260 
3261 	RTW_DPRINTF(RTW_DEBUG_ATTACH,
3262 	    "rtw: PHY delay %d\n", rsc->sc_phydelay);
3263 
3264 	if (rsc->sc_locale == RTW_LOCALE_UNKNOWN)
3265 		rtw_identify_country(&rsc->sc_regs, &rsc->sc_locale,
3266 		    "rtw");
3267 
3268 	rtw_init_channels(rsc->sc_locale, &rsc->sc_ic.ic_sup_channels,
3269 	    "rtw");
3270 
3271 	rtw_set80211props(ic);
3272 
3273 	if (rtw_identify_sta(&rsc->sc_regs, ic->ic_macaddr,
3274 	    "rtw") != 0)
3275 		goto attach_fail4;
3276 
3277 	ic->ic_xmit = rtw_send;
3278 	ieee80211_attach(ic);
3279 
3280 	rsc->sc_newstate = ic->ic_newstate;
3281 	ic->ic_newstate = rtw_new_state;
3282 	ieee80211_media_init(ic);
3283 	ic->ic_def_txkey = 0;
3284 
3285 	if (ddi_get_iblock_cookie(devinfo, 0, &(rsc->sc_iblock))
3286 	    != DDI_SUCCESS) {
3287 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3288 		    "Can not get iblock cookie for INT\n");
3289 		goto attach_fail5;
3290 	}
3291 
3292 	mutex_init(&rsc->sc_genlock, NULL, MUTEX_DRIVER, rsc->sc_iblock);
3293 	for (i = 0; i < RTW_NTXPRI; i++) {
3294 		mutex_init(&rsc->sc_txq[i].txbuf_lock, NULL, MUTEX_DRIVER,
3295 		    rsc->sc_iblock);
3296 	}
3297 	mutex_init(&rsc->rxbuf_lock, NULL, MUTEX_DRIVER, rsc->sc_iblock);
3298 	mutex_init(&rsc->sc_txlock, NULL, MUTEX_DRIVER, rsc->sc_iblock);
3299 
3300 	if (ddi_add_intr(devinfo, 0, &rsc->sc_iblock, NULL, rtw_intr,
3301 	    (caddr_t)(rsc)) != DDI_SUCCESS) {
3302 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3303 		    "Can not add intr for rtw driver\n");
3304 		goto attach_fail7;
3305 	}
3306 
3307 	/*
3308 	 * Provide initial settings for the WiFi plugin; whenever this
3309 	 * information changes, we need to call mac_plugindata_update()
3310 	 */
3311 	wd.wd_opmode = ic->ic_opmode;
3312 	wd.wd_secalloc = WIFI_SEC_NONE;
3313 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
3314 
3315 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
3316 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3317 		    "MAC version mismatch\n");
3318 		goto attach_fail8;
3319 	}
3320 
3321 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
3322 	macp->m_driver		= rsc;
3323 	macp->m_dip		= devinfo;
3324 	macp->m_src_addr	= ic->ic_macaddr;
3325 	macp->m_callbacks	= &rtw_m_callbacks;
3326 	macp->m_min_sdu		= 0;
3327 	macp->m_max_sdu		= IEEE80211_MTU;
3328 	macp->m_pdata		= &wd;
3329 	macp->m_pdata_size	= sizeof (wd);
3330 
3331 	err = mac_register(macp, &ic->ic_mach);
3332 	mac_free(macp);
3333 	if (err != 0) {
3334 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "rtw: rtw_attach(): "
3335 		    "mac_register err %x\n", err);
3336 		goto attach_fail8;
3337 	}
3338 
3339 	/* Create minor node of type DDI_NT_NET_WIFI */
3340 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
3341 	    "rtw", instance);
3342 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
3343 	    instance + 1, DDI_NT_NET_WIFI, 0);
3344 	if (err != DDI_SUCCESS) {
3345 		RTW_DPRINTF(RTW_DEBUG_ATTACH, "WARN: rtw: rtw_attach(): "
3346 		    "Create minor node failed - %d\n", err);
3347 		goto attach_fail9;
3348 	}
3349 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
3350 	rsc->sc_flags |= RTW_F_ATTACHED;
3351 	rsc->sc_need_reschedule = 0;
3352 	rsc->sc_invalid = 1;
3353 	return (DDI_SUCCESS);
3354 attach_fail9:
3355 	(void) mac_disable(ic->ic_mach);
3356 	(void) mac_unregister(ic->ic_mach);
3357 attach_fail8:
3358 	ddi_remove_intr(devinfo, 0, rsc->sc_iblock);
3359 attach_fail7:
3360 attach_fail6:
3361 	rtw_mutex_destroy(rsc);
3362 attach_fail5:
3363 	ieee80211_detach(ic);
3364 attach_fail4:
3365 	rtw_rf_destroy(rsc->sc_rf);
3366 attach_fail3:
3367 	rtw_srom_free(&rsc->sc_srom);
3368 attach_fail2:
3369 	rtw_dma_free(rsc);
3370 attach_fail1:
3371 	ddi_regs_map_free(&rsc->sc_regs.r_handle);
3372 attach_fail0:
3373 	ddi_soft_state_free(rtw_soft_state_p, ddi_get_instance(devinfo));
3374 	return (DDI_FAILURE);
3375 }
3376 
3377 static int32_t
3378 rtw_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
3379 {
3380 	rtw_softc_t *rsc;
3381 
3382 	rsc = ddi_get_soft_state(rtw_soft_state_p, ddi_get_instance(devinfo));
3383 	ASSERT(rsc != NULL);
3384 
3385 	switch (cmd) {
3386 	case DDI_DETACH:
3387 		break;
3388 	case DDI_SUSPEND:
3389 		ieee80211_new_state(&rsc->sc_ic, IEEE80211_S_INIT, -1);
3390 		mutex_enter(&rsc->sc_genlock);
3391 		rsc->sc_flags |= RTW_F_SUSPEND;
3392 		mutex_exit(&rsc->sc_genlock);
3393 		if (rsc->sc_invalid == 0) {
3394 			rtw_stop(rsc);
3395 			mutex_enter(&rsc->sc_genlock);
3396 			rsc->sc_flags |= RTW_F_PLUMBED;
3397 			mutex_exit(&rsc->sc_genlock);
3398 		}
3399 		return (DDI_SUCCESS);
3400 	default:
3401 		return (DDI_FAILURE);
3402 	}
3403 	if (!(rsc->sc_flags & RTW_F_ATTACHED))
3404 		return (DDI_FAILURE);
3405 
3406 	if (mac_disable(rsc->sc_ic.ic_mach) != 0)
3407 		return (DDI_FAILURE);
3408 
3409 	/* free intterrupt resources */
3410 	ddi_remove_intr(devinfo, 0, rsc->sc_iblock);
3411 
3412 	rtw_mutex_destroy(rsc);
3413 	ieee80211_detach((ieee80211com_t *)rsc);
3414 	/*
3415 	 * Unregister from the MAC layer subsystem
3416 	 */
3417 	(void) mac_unregister(rsc->sc_ic.ic_mach);
3418 
3419 	rtw_rf_destroy(rsc->sc_rf);
3420 	rtw_srom_free(&rsc->sc_srom);
3421 	rtw_dma_free(rsc);
3422 	ddi_remove_minor_node(devinfo, NULL);
3423 	ddi_regs_map_free(&rsc->sc_regs.r_handle);
3424 
3425 	ddi_soft_state_free(rtw_soft_state_p, ddi_get_instance(devinfo));
3426 
3427 	return (DDI_SUCCESS);
3428 }
3429