1 /* 2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright (c) 2006 8 * Damien Bergamini <damien.bergamini@free.fr> 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 */ 22 23 /* 24 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/byteorder.h> 29 #include <sys/conf.h> 30 #include <sys/cmn_err.h> 31 #include <sys/stat.h> 32 #include <sys/ddi.h> 33 #include <sys/sunddi.h> 34 #include <sys/strsubr.h> 35 #include <sys/ethernet.h> 36 #include <inet/common.h> 37 #include <inet/nd.h> 38 #include <inet/mi.h> 39 #include <sys/note.h> 40 #include <sys/stream.h> 41 #include <sys/strsun.h> 42 #include <sys/modctl.h> 43 #include <sys/devops.h> 44 #include <sys/dlpi.h> 45 #include <sys/mac_provider.h> 46 #include <sys/mac_wifi.h> 47 #include <sys/net80211.h> 48 #include <sys/net80211_proto.h> 49 #include <sys/varargs.h> 50 #include <sys/policy.h> 51 #include <sys/pci.h> 52 53 #include "wpireg.h" 54 #include "wpivar.h" 55 #include <inet/wifi_ioctl.h> 56 57 #ifdef DEBUG 58 #define WPI_DEBUG_80211 (1 << 0) 59 #define WPI_DEBUG_CMD (1 << 1) 60 #define WPI_DEBUG_DMA (1 << 2) 61 #define WPI_DEBUG_EEPROM (1 << 3) 62 #define WPI_DEBUG_FW (1 << 4) 63 #define WPI_DEBUG_HW (1 << 5) 64 #define WPI_DEBUG_INTR (1 << 6) 65 #define WPI_DEBUG_MRR (1 << 7) 66 #define WPI_DEBUG_PIO (1 << 8) 67 #define WPI_DEBUG_RX (1 << 9) 68 #define WPI_DEBUG_SCAN (1 << 10) 69 #define WPI_DEBUG_TX (1 << 11) 70 #define WPI_DEBUG_RATECTL (1 << 12) 71 #define WPI_DEBUG_RADIO (1 << 13) 72 #define WPI_DEBUG_RESUME (1 << 14) 73 uint32_t wpi_dbg_flags = 0; 74 #define WPI_DBG(x) \ 75 wpi_dbg x 76 #else 77 #define WPI_DBG(x) 78 #endif 79 80 static void *wpi_soft_state_p = NULL; 81 static uint8_t wpi_fw_bin [] = { 82 #include "fw-wpi/ipw3945.ucode.hex" 83 }; 84 85 /* DMA attributes for a shared page */ 86 static ddi_dma_attr_t sh_dma_attr = { 87 DMA_ATTR_V0, /* version of this structure */ 88 0, /* lowest usable address */ 89 0xffffffffU, /* highest usable address */ 90 0xffffffffU, /* maximum DMAable byte count */ 91 0x1000, /* alignment in bytes */ 92 0x1000, /* burst sizes (any?) */ 93 1, /* minimum transfer */ 94 0xffffffffU, /* maximum transfer */ 95 0xffffffffU, /* maximum segment length */ 96 1, /* maximum number of segments */ 97 1, /* granularity */ 98 0, /* flags (reserved) */ 99 }; 100 101 /* DMA attributes for a ring descriptor */ 102 static ddi_dma_attr_t ring_desc_dma_attr = { 103 DMA_ATTR_V0, /* version of this structure */ 104 0, /* lowest usable address */ 105 0xffffffffU, /* highest usable address */ 106 0xffffffffU, /* maximum DMAable byte count */ 107 0x4000, /* alignment in bytes */ 108 0x100, /* burst sizes (any?) */ 109 1, /* minimum transfer */ 110 0xffffffffU, /* maximum transfer */ 111 0xffffffffU, /* maximum segment length */ 112 1, /* maximum number of segments */ 113 1, /* granularity */ 114 0, /* flags (reserved) */ 115 }; 116 117 118 /* DMA attributes for a tx cmd */ 119 static ddi_dma_attr_t tx_cmd_dma_attr = { 120 DMA_ATTR_V0, /* version of this structure */ 121 0, /* lowest usable address */ 122 0xffffffffU, /* highest usable address */ 123 0xffffffffU, /* maximum DMAable byte count */ 124 4, /* alignment in bytes */ 125 0x100, /* burst sizes (any?) */ 126 1, /* minimum transfer */ 127 0xffffffffU, /* maximum transfer */ 128 0xffffffffU, /* maximum segment length */ 129 1, /* maximum number of segments */ 130 1, /* granularity */ 131 0, /* flags (reserved) */ 132 }; 133 134 /* DMA attributes for a rx buffer */ 135 static ddi_dma_attr_t rx_buffer_dma_attr = { 136 DMA_ATTR_V0, /* version of this structure */ 137 0, /* lowest usable address */ 138 0xffffffffU, /* highest usable address */ 139 0xffffffffU, /* maximum DMAable byte count */ 140 1, /* alignment in bytes */ 141 0x100, /* burst sizes (any?) */ 142 1, /* minimum transfer */ 143 0xffffffffU, /* maximum transfer */ 144 0xffffffffU, /* maximum segment length */ 145 1, /* maximum number of segments */ 146 1, /* granularity */ 147 0, /* flags (reserved) */ 148 }; 149 150 /* 151 * DMA attributes for a tx buffer. 152 * the maximum number of segments is 4 for the hardware. 153 * now all the wifi drivers put the whole frame in a single 154 * descriptor, so we define the maximum number of segments 4, 155 * just the same as the rx_buffer. we consider leverage the HW 156 * ability in the future, that is why we don't define rx and tx 157 * buffer_dma_attr as the same. 158 */ 159 static ddi_dma_attr_t tx_buffer_dma_attr = { 160 DMA_ATTR_V0, /* version of this structure */ 161 0, /* lowest usable address */ 162 0xffffffffU, /* highest usable address */ 163 0xffffffffU, /* maximum DMAable byte count */ 164 1, /* alignment in bytes */ 165 0x100, /* burst sizes (any?) */ 166 1, /* minimum transfer */ 167 0xffffffffU, /* maximum transfer */ 168 0xffffffffU, /* maximum segment length */ 169 1, /* maximum number of segments */ 170 1, /* granularity */ 171 0, /* flags (reserved) */ 172 }; 173 174 /* DMA attributes for a load firmware */ 175 static ddi_dma_attr_t fw_buffer_dma_attr = { 176 DMA_ATTR_V0, /* version of this structure */ 177 0, /* lowest usable address */ 178 0xffffffffU, /* highest usable address */ 179 0x7fffffff, /* maximum DMAable byte count */ 180 4, /* alignment in bytes */ 181 0x100, /* burst sizes (any?) */ 182 1, /* minimum transfer */ 183 0xffffffffU, /* maximum transfer */ 184 0xffffffffU, /* maximum segment length */ 185 4, /* maximum number of segments */ 186 1, /* granularity */ 187 0, /* flags (reserved) */ 188 }; 189 190 /* regs access attributes */ 191 static ddi_device_acc_attr_t wpi_reg_accattr = { 192 DDI_DEVICE_ATTR_V0, 193 DDI_STRUCTURE_LE_ACC, 194 DDI_STRICTORDER_ACC, 195 DDI_DEFAULT_ACC 196 }; 197 198 /* DMA access attributes */ 199 static ddi_device_acc_attr_t wpi_dma_accattr = { 200 DDI_DEVICE_ATTR_V0, 201 DDI_NEVERSWAP_ACC, 202 DDI_STRICTORDER_ACC, 203 DDI_DEFAULT_ACC 204 }; 205 206 static int wpi_ring_init(wpi_sc_t *); 207 static void wpi_ring_free(wpi_sc_t *); 208 static int wpi_alloc_shared(wpi_sc_t *); 209 static void wpi_free_shared(wpi_sc_t *); 210 static int wpi_alloc_fw_dma(wpi_sc_t *); 211 static void wpi_free_fw_dma(wpi_sc_t *); 212 static int wpi_alloc_rx_ring(wpi_sc_t *); 213 static void wpi_reset_rx_ring(wpi_sc_t *); 214 static void wpi_free_rx_ring(wpi_sc_t *); 215 static int wpi_alloc_tx_ring(wpi_sc_t *, wpi_tx_ring_t *, int, int); 216 static void wpi_reset_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 217 static void wpi_free_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 218 219 static ieee80211_node_t *wpi_node_alloc(ieee80211com_t *); 220 static void wpi_node_free(ieee80211_node_t *); 221 static int wpi_newstate(ieee80211com_t *, enum ieee80211_state, int); 222 static int wpi_key_set(ieee80211com_t *, const struct ieee80211_key *, 223 const uint8_t mac[IEEE80211_ADDR_LEN]); 224 static void wpi_mem_lock(wpi_sc_t *); 225 static void wpi_mem_unlock(wpi_sc_t *); 226 static uint32_t wpi_mem_read(wpi_sc_t *, uint16_t); 227 static void wpi_mem_write(wpi_sc_t *, uint16_t, uint32_t); 228 static void wpi_mem_write_region_4(wpi_sc_t *, uint16_t, 229 const uint32_t *, int); 230 static uint16_t wpi_read_prom_word(wpi_sc_t *, uint32_t); 231 static int wpi_load_microcode(wpi_sc_t *); 232 static int wpi_load_firmware(wpi_sc_t *, uint32_t); 233 static void wpi_rx_intr(wpi_sc_t *, wpi_rx_desc_t *, 234 wpi_rx_data_t *); 235 static void wpi_tx_intr(wpi_sc_t *, wpi_rx_desc_t *, 236 wpi_rx_data_t *); 237 static void wpi_cmd_intr(wpi_sc_t *, wpi_rx_desc_t *); 238 static uint_t wpi_intr(caddr_t); 239 static uint_t wpi_notif_softintr(caddr_t); 240 static uint8_t wpi_plcp_signal(int); 241 static void wpi_read_eeprom(wpi_sc_t *); 242 static int wpi_cmd(wpi_sc_t *, int, const void *, int, int); 243 static int wpi_mrr_setup(wpi_sc_t *); 244 static void wpi_set_led(wpi_sc_t *, uint8_t, uint8_t, uint8_t); 245 static int wpi_auth(wpi_sc_t *); 246 static int wpi_scan(wpi_sc_t *); 247 static int wpi_config(wpi_sc_t *); 248 static void wpi_stop_master(wpi_sc_t *); 249 static int wpi_power_up(wpi_sc_t *); 250 static int wpi_reset(wpi_sc_t *); 251 static void wpi_hw_config(wpi_sc_t *); 252 static int wpi_init(wpi_sc_t *); 253 static void wpi_stop(wpi_sc_t *); 254 static int wpi_quiesce(dev_info_t *dip); 255 static void wpi_amrr_init(wpi_amrr_t *); 256 static void wpi_amrr_timeout(wpi_sc_t *); 257 static void wpi_amrr_ratectl(void *, ieee80211_node_t *); 258 259 static int wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd); 260 static int wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd); 261 262 /* 263 * GLD specific operations 264 */ 265 static int wpi_m_stat(void *arg, uint_t stat, uint64_t *val); 266 static int wpi_m_start(void *arg); 267 static void wpi_m_stop(void *arg); 268 static int wpi_m_unicst(void *arg, const uint8_t *macaddr); 269 static int wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m); 270 static int wpi_m_promisc(void *arg, boolean_t on); 271 static mblk_t *wpi_m_tx(void *arg, mblk_t *mp); 272 static void wpi_m_ioctl(void *arg, queue_t *wq, mblk_t *mp); 273 static int wpi_m_setprop(void *arg, const char *pr_name, 274 mac_prop_id_t wldp_pr_num, uint_t wldp_length, const void *wldp_buf); 275 static int wpi_m_getprop(void *arg, const char *pr_name, 276 mac_prop_id_t wldp_pr_num, uint_t pr_flags, uint_t wldp_lenth, 277 void *wldp_buf, uint_t *); 278 static void wpi_destroy_locks(wpi_sc_t *sc); 279 static int wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type); 280 static void wpi_thread(wpi_sc_t *sc); 281 static int wpi_fast_recover(wpi_sc_t *sc); 282 283 /* 284 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 285 */ 286 static const struct ieee80211_rateset wpi_rateset_11b = 287 { 4, { 2, 4, 11, 22 } }; 288 289 static const struct ieee80211_rateset wpi_rateset_11g = 290 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 291 292 static const uint8_t wpi_ridx_to_signal[] = { 293 /* OFDM: IEEE Std 802.11a-1999, pp. 14 Table 80 */ 294 /* R1-R4 (ral/ural is R4-R1) */ 295 0xd, 0xf, 0x5, 0x7, 0x9, 0xb, 0x1, 0x3, 296 /* CCK: device-dependent */ 297 10, 20, 55, 110 298 }; 299 300 /* 301 * For mfthread only 302 */ 303 extern pri_t minclsyspri; 304 305 /* 306 * Module Loading Data & Entry Points 307 */ 308 DDI_DEFINE_STREAM_OPS(wpi_devops, nulldev, nulldev, wpi_attach, 309 wpi_detach, nodev, NULL, D_MP, NULL, wpi_quiesce); 310 311 static struct modldrv wpi_modldrv = { 312 &mod_driverops, 313 "Intel(R) PRO/Wireless 3945ABG driver", 314 &wpi_devops 315 }; 316 317 static struct modlinkage wpi_modlinkage = { 318 MODREV_1, 319 &wpi_modldrv, 320 NULL 321 }; 322 323 int 324 _init(void) 325 { 326 int status; 327 328 status = ddi_soft_state_init(&wpi_soft_state_p, 329 sizeof (wpi_sc_t), 1); 330 if (status != DDI_SUCCESS) 331 return (status); 332 333 mac_init_ops(&wpi_devops, "wpi"); 334 status = mod_install(&wpi_modlinkage); 335 if (status != DDI_SUCCESS) { 336 mac_fini_ops(&wpi_devops); 337 ddi_soft_state_fini(&wpi_soft_state_p); 338 } 339 340 return (status); 341 } 342 343 int 344 _fini(void) 345 { 346 int status; 347 348 status = mod_remove(&wpi_modlinkage); 349 if (status == DDI_SUCCESS) { 350 mac_fini_ops(&wpi_devops); 351 ddi_soft_state_fini(&wpi_soft_state_p); 352 } 353 354 return (status); 355 } 356 357 int 358 _info(struct modinfo *mip) 359 { 360 return (mod_info(&wpi_modlinkage, mip)); 361 } 362 363 /* 364 * Mac Call Back entries 365 */ 366 mac_callbacks_t wpi_m_callbacks = { 367 MC_IOCTL | MC_SETPROP | MC_GETPROP, 368 wpi_m_stat, 369 wpi_m_start, 370 wpi_m_stop, 371 wpi_m_promisc, 372 wpi_m_multicst, 373 wpi_m_unicst, 374 wpi_m_tx, 375 wpi_m_ioctl, 376 NULL, 377 NULL, 378 NULL, 379 wpi_m_setprop, 380 wpi_m_getprop 381 }; 382 383 #ifdef DEBUG 384 void 385 wpi_dbg(uint32_t flags, const char *fmt, ...) 386 { 387 va_list ap; 388 389 if (flags & wpi_dbg_flags) { 390 va_start(ap, fmt); 391 vcmn_err(CE_NOTE, fmt, ap); 392 va_end(ap); 393 } 394 } 395 #endif 396 /* 397 * device operations 398 */ 399 int 400 wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 401 { 402 wpi_sc_t *sc; 403 ddi_acc_handle_t cfg_handle; 404 caddr_t cfg_base; 405 ieee80211com_t *ic; 406 int instance, err, i; 407 char strbuf[32]; 408 wifi_data_t wd = { 0 }; 409 mac_register_t *macp; 410 411 switch (cmd) { 412 case DDI_ATTACH: 413 break; 414 case DDI_RESUME: 415 sc = ddi_get_soft_state(wpi_soft_state_p, 416 ddi_get_instance(dip)); 417 ASSERT(sc != NULL); 418 419 mutex_enter(&sc->sc_glock); 420 sc->sc_flags &= ~WPI_F_SUSPEND; 421 mutex_exit(&sc->sc_glock); 422 423 if (sc->sc_flags & WPI_F_RUNNING) 424 (void) wpi_init(sc); 425 426 mutex_enter(&sc->sc_glock); 427 sc->sc_flags |= WPI_F_LAZY_RESUME; 428 mutex_exit(&sc->sc_glock); 429 430 WPI_DBG((WPI_DEBUG_RESUME, "wpi: resume \n")); 431 return (DDI_SUCCESS); 432 default: 433 err = DDI_FAILURE; 434 goto attach_fail1; 435 } 436 437 instance = ddi_get_instance(dip); 438 err = ddi_soft_state_zalloc(wpi_soft_state_p, instance); 439 if (err != DDI_SUCCESS) { 440 cmn_err(CE_WARN, 441 "wpi_attach(): failed to allocate soft state\n"); 442 goto attach_fail1; 443 } 444 sc = ddi_get_soft_state(wpi_soft_state_p, instance); 445 sc->sc_dip = dip; 446 447 err = ddi_regs_map_setup(dip, 0, &cfg_base, 0, 0, 448 &wpi_reg_accattr, &cfg_handle); 449 if (err != DDI_SUCCESS) { 450 cmn_err(CE_WARN, 451 "wpi_attach(): failed to map config spaces regs\n"); 452 goto attach_fail2; 453 } 454 sc->sc_rev = ddi_get8(cfg_handle, 455 (uint8_t *)(cfg_base + PCI_CONF_REVID)); 456 ddi_put8(cfg_handle, (uint8_t *)(cfg_base + 0x41), 0); 457 sc->sc_clsz = ddi_get16(cfg_handle, 458 (uint16_t *)(cfg_base + PCI_CONF_CACHE_LINESZ)); 459 ddi_regs_map_free(&cfg_handle); 460 if (!sc->sc_clsz) 461 sc->sc_clsz = 16; 462 sc->sc_clsz = (sc->sc_clsz << 2); 463 sc->sc_dmabuf_sz = roundup(0x1000 + sizeof (struct ieee80211_frame) + 464 IEEE80211_MTU + IEEE80211_CRC_LEN + 465 (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + 466 IEEE80211_WEP_CRCLEN), sc->sc_clsz); 467 /* 468 * Map operating registers 469 */ 470 err = ddi_regs_map_setup(dip, 1, &sc->sc_base, 471 0, 0, &wpi_reg_accattr, &sc->sc_handle); 472 if (err != DDI_SUCCESS) { 473 cmn_err(CE_WARN, 474 "wpi_attach(): failed to map device regs\n"); 475 goto attach_fail2; 476 } 477 478 /* 479 * Allocate shared page. 480 */ 481 err = wpi_alloc_shared(sc); 482 if (err != DDI_SUCCESS) { 483 cmn_err(CE_WARN, "failed to allocate shared page\n"); 484 goto attach_fail3; 485 } 486 487 /* 488 * Get the hw conf, including MAC address, then init all rings. 489 */ 490 wpi_read_eeprom(sc); 491 err = wpi_ring_init(sc); 492 if (err != DDI_SUCCESS) { 493 cmn_err(CE_WARN, "wpi_attach(): " 494 "failed to allocate and initialize ring\n"); 495 goto attach_fail4; 496 } 497 498 sc->sc_hdr = (const wpi_firmware_hdr_t *)wpi_fw_bin; 499 500 /* firmware image layout: |HDR|<--TEXT-->|<--DATA-->|<--BOOT-->| */ 501 sc->sc_text = (const char *)(sc->sc_hdr + 1); 502 sc->sc_data = sc->sc_text + LE_32(sc->sc_hdr->textsz); 503 sc->sc_boot = sc->sc_data + LE_32(sc->sc_hdr->datasz); 504 err = wpi_alloc_fw_dma(sc); 505 if (err != DDI_SUCCESS) { 506 cmn_err(CE_WARN, "wpi_attach(): " 507 "failed to allocate firmware dma\n"); 508 goto attach_fail5; 509 } 510 511 /* 512 * Initialize mutexs and condvars 513 */ 514 err = ddi_get_iblock_cookie(dip, 0, &sc->sc_iblk); 515 if (err != DDI_SUCCESS) { 516 cmn_err(CE_WARN, 517 "wpi_attach(): failed to do ddi_get_iblock_cookie()\n"); 518 goto attach_fail6; 519 } 520 mutex_init(&sc->sc_glock, NULL, MUTEX_DRIVER, sc->sc_iblk); 521 mutex_init(&sc->sc_tx_lock, NULL, MUTEX_DRIVER, sc->sc_iblk); 522 cv_init(&sc->sc_fw_cv, NULL, CV_DRIVER, NULL); 523 cv_init(&sc->sc_cmd_cv, NULL, CV_DRIVER, NULL); 524 525 /* 526 * initialize the mfthread 527 */ 528 mutex_init(&sc->sc_mt_lock, NULL, MUTEX_DRIVER, 529 (void *) sc->sc_iblk); 530 cv_init(&sc->sc_mt_cv, NULL, CV_DRIVER, NULL); 531 sc->sc_mf_thread = NULL; 532 sc->sc_mf_thread_switch = 0; 533 /* 534 * Initialize the wifi part, which will be used by 535 * generic layer 536 */ 537 ic = &sc->sc_ic; 538 ic->ic_phytype = IEEE80211_T_OFDM; 539 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 540 ic->ic_state = IEEE80211_S_INIT; 541 ic->ic_maxrssi = 70; /* experimental number */ 542 ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_TXPMGT | 543 IEEE80211_C_PMGT | IEEE80211_C_SHSLOT; 544 545 /* 546 * use software WEP and TKIP, hardware CCMP; 547 */ 548 ic->ic_caps |= IEEE80211_C_AES_CCM; 549 ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */ 550 551 /* set supported .11b and .11g rates */ 552 ic->ic_sup_rates[IEEE80211_MODE_11B] = wpi_rateset_11b; 553 ic->ic_sup_rates[IEEE80211_MODE_11G] = wpi_rateset_11g; 554 555 /* set supported .11b and .11g channels (1 through 14) */ 556 for (i = 1; i <= 14; i++) { 557 ic->ic_sup_channels[i].ich_freq = 558 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 559 ic->ic_sup_channels[i].ich_flags = 560 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 561 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ | 562 IEEE80211_CHAN_PASSIVE; 563 } 564 ic->ic_ibss_chan = &ic->ic_sup_channels[0]; 565 ic->ic_xmit = wpi_send; 566 /* 567 * init Wifi layer 568 */ 569 ieee80211_attach(ic); 570 571 /* register WPA door */ 572 ieee80211_register_door(ic, ddi_driver_name(dip), 573 ddi_get_instance(dip)); 574 575 /* 576 * Override 80211 default routines 577 */ 578 sc->sc_newstate = ic->ic_newstate; 579 ic->ic_newstate = wpi_newstate; 580 ic->ic_node_alloc = wpi_node_alloc; 581 ic->ic_node_free = wpi_node_free; 582 ic->ic_crypto.cs_key_set = wpi_key_set; 583 ieee80211_media_init(ic); 584 /* 585 * initialize default tx key 586 */ 587 ic->ic_def_txkey = 0; 588 589 err = ddi_add_softintr(dip, DDI_SOFTINT_LOW, 590 &sc->sc_notif_softint_id, &sc->sc_iblk, NULL, wpi_notif_softintr, 591 (caddr_t)sc); 592 if (err != DDI_SUCCESS) { 593 cmn_err(CE_WARN, 594 "wpi_attach(): failed to do ddi_add_softintr()\n"); 595 goto attach_fail7; 596 } 597 598 /* 599 * Add the interrupt handler 600 */ 601 err = ddi_add_intr(dip, 0, &sc->sc_iblk, NULL, 602 wpi_intr, (caddr_t)sc); 603 if (err != DDI_SUCCESS) { 604 cmn_err(CE_WARN, 605 "wpi_attach(): failed to do ddi_add_intr()\n"); 606 goto attach_fail8; 607 } 608 609 /* 610 * Initialize pointer to device specific functions 611 */ 612 wd.wd_secalloc = WIFI_SEC_NONE; 613 wd.wd_opmode = ic->ic_opmode; 614 IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_macaddr); 615 616 macp = mac_alloc(MAC_VERSION); 617 if (err != DDI_SUCCESS) { 618 cmn_err(CE_WARN, 619 "wpi_attach(): failed to do mac_alloc()\n"); 620 goto attach_fail9; 621 } 622 623 macp->m_type_ident = MAC_PLUGIN_IDENT_WIFI; 624 macp->m_driver = sc; 625 macp->m_dip = dip; 626 macp->m_src_addr = ic->ic_macaddr; 627 macp->m_callbacks = &wpi_m_callbacks; 628 macp->m_min_sdu = 0; 629 macp->m_max_sdu = IEEE80211_MTU; 630 macp->m_pdata = &wd; 631 macp->m_pdata_size = sizeof (wd); 632 633 /* 634 * Register the macp to mac 635 */ 636 err = mac_register(macp, &ic->ic_mach); 637 mac_free(macp); 638 if (err != DDI_SUCCESS) { 639 cmn_err(CE_WARN, 640 "wpi_attach(): failed to do mac_register()\n"); 641 goto attach_fail9; 642 } 643 644 /* 645 * Create minor node of type DDI_NT_NET_WIFI 646 */ 647 (void) snprintf(strbuf, sizeof (strbuf), "wpi%d", instance); 648 err = ddi_create_minor_node(dip, strbuf, S_IFCHR, 649 instance + 1, DDI_NT_NET_WIFI, 0); 650 if (err != DDI_SUCCESS) 651 cmn_err(CE_WARN, 652 "wpi_attach(): failed to do ddi_create_minor_node()\n"); 653 654 /* 655 * Notify link is down now 656 */ 657 mac_link_update(ic->ic_mach, LINK_STATE_DOWN); 658 659 /* 660 * create the mf thread to handle the link status, 661 * recovery fatal error, etc. 662 */ 663 664 sc->sc_mf_thread_switch = 1; 665 if (sc->sc_mf_thread == NULL) 666 sc->sc_mf_thread = thread_create((caddr_t)NULL, 0, 667 wpi_thread, sc, 0, &p0, TS_RUN, minclsyspri); 668 669 sc->sc_flags |= WPI_F_ATTACHED; 670 671 return (DDI_SUCCESS); 672 attach_fail9: 673 ddi_remove_intr(dip, 0, sc->sc_iblk); 674 attach_fail8: 675 ddi_remove_softintr(sc->sc_notif_softint_id); 676 sc->sc_notif_softint_id = NULL; 677 attach_fail7: 678 ieee80211_detach(ic); 679 wpi_destroy_locks(sc); 680 attach_fail6: 681 wpi_free_fw_dma(sc); 682 attach_fail5: 683 wpi_ring_free(sc); 684 attach_fail4: 685 wpi_free_shared(sc); 686 attach_fail3: 687 ddi_regs_map_free(&sc->sc_handle); 688 attach_fail2: 689 ddi_soft_state_free(wpi_soft_state_p, instance); 690 attach_fail1: 691 return (err); 692 } 693 694 int 695 wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 696 { 697 wpi_sc_t *sc; 698 int err; 699 700 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 701 ASSERT(sc != NULL); 702 703 switch (cmd) { 704 case DDI_DETACH: 705 break; 706 case DDI_SUSPEND: 707 mutex_enter(&sc->sc_glock); 708 sc->sc_flags |= WPI_F_SUSPEND; 709 mutex_exit(&sc->sc_glock); 710 711 if (sc->sc_flags & WPI_F_RUNNING) { 712 wpi_stop(sc); 713 } 714 715 WPI_DBG((WPI_DEBUG_RESUME, "wpi: suspend \n")); 716 return (DDI_SUCCESS); 717 default: 718 return (DDI_FAILURE); 719 } 720 if (!(sc->sc_flags & WPI_F_ATTACHED)) 721 return (DDI_FAILURE); 722 723 err = mac_disable(sc->sc_ic.ic_mach); 724 if (err != DDI_SUCCESS) 725 return (err); 726 727 /* 728 * Destroy the mf_thread 729 */ 730 mutex_enter(&sc->sc_mt_lock); 731 sc->sc_mf_thread_switch = 0; 732 while (sc->sc_mf_thread != NULL) { 733 if (cv_wait_sig(&sc->sc_mt_cv, &sc->sc_mt_lock) == 0) 734 break; 735 } 736 mutex_exit(&sc->sc_mt_lock); 737 738 wpi_stop(sc); 739 740 /* 741 * Unregiste from the MAC layer subsystem 742 */ 743 (void) mac_unregister(sc->sc_ic.ic_mach); 744 745 mutex_enter(&sc->sc_glock); 746 wpi_free_fw_dma(sc); 747 wpi_ring_free(sc); 748 wpi_free_shared(sc); 749 mutex_exit(&sc->sc_glock); 750 751 ddi_remove_intr(dip, 0, sc->sc_iblk); 752 ddi_remove_softintr(sc->sc_notif_softint_id); 753 sc->sc_notif_softint_id = NULL; 754 755 /* 756 * detach ieee80211 757 */ 758 ieee80211_detach(&sc->sc_ic); 759 760 wpi_destroy_locks(sc); 761 762 ddi_regs_map_free(&sc->sc_handle); 763 ddi_remove_minor_node(dip, NULL); 764 ddi_soft_state_free(wpi_soft_state_p, ddi_get_instance(dip)); 765 766 return (DDI_SUCCESS); 767 } 768 769 static void 770 wpi_destroy_locks(wpi_sc_t *sc) 771 { 772 cv_destroy(&sc->sc_mt_cv); 773 mutex_destroy(&sc->sc_mt_lock); 774 cv_destroy(&sc->sc_cmd_cv); 775 cv_destroy(&sc->sc_fw_cv); 776 mutex_destroy(&sc->sc_tx_lock); 777 mutex_destroy(&sc->sc_glock); 778 } 779 780 /* 781 * Allocate an area of memory and a DMA handle for accessing it 782 */ 783 static int 784 wpi_alloc_dma_mem(wpi_sc_t *sc, size_t memsize, ddi_dma_attr_t *dma_attr_p, 785 ddi_device_acc_attr_t *acc_attr_p, uint_t dma_flags, wpi_dma_t *dma_p) 786 { 787 caddr_t vaddr; 788 int err; 789 790 /* 791 * Allocate handle 792 */ 793 err = ddi_dma_alloc_handle(sc->sc_dip, dma_attr_p, 794 DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl); 795 if (err != DDI_SUCCESS) { 796 dma_p->dma_hdl = NULL; 797 return (DDI_FAILURE); 798 } 799 800 /* 801 * Allocate memory 802 */ 803 err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, acc_attr_p, 804 dma_flags & (DDI_DMA_CONSISTENT | DDI_DMA_STREAMING), 805 DDI_DMA_SLEEP, NULL, &vaddr, &dma_p->alength, &dma_p->acc_hdl); 806 if (err != DDI_SUCCESS) { 807 ddi_dma_free_handle(&dma_p->dma_hdl); 808 dma_p->dma_hdl = NULL; 809 dma_p->acc_hdl = NULL; 810 return (DDI_FAILURE); 811 } 812 813 /* 814 * Bind the two together 815 */ 816 dma_p->mem_va = vaddr; 817 err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL, 818 vaddr, dma_p->alength, dma_flags, DDI_DMA_SLEEP, NULL, 819 &dma_p->cookie, &dma_p->ncookies); 820 if (err != DDI_DMA_MAPPED) { 821 ddi_dma_mem_free(&dma_p->acc_hdl); 822 ddi_dma_free_handle(&dma_p->dma_hdl); 823 dma_p->acc_hdl = NULL; 824 dma_p->dma_hdl = NULL; 825 return (DDI_FAILURE); 826 } 827 828 dma_p->nslots = ~0U; 829 dma_p->size = ~0U; 830 dma_p->token = ~0U; 831 dma_p->offset = 0; 832 return (DDI_SUCCESS); 833 } 834 835 /* 836 * Free one allocated area of DMAable memory 837 */ 838 static void 839 wpi_free_dma_mem(wpi_dma_t *dma_p) 840 { 841 if (dma_p->dma_hdl != NULL) { 842 if (dma_p->ncookies) { 843 (void) ddi_dma_unbind_handle(dma_p->dma_hdl); 844 dma_p->ncookies = 0; 845 } 846 ddi_dma_free_handle(&dma_p->dma_hdl); 847 dma_p->dma_hdl = NULL; 848 } 849 850 if (dma_p->acc_hdl != NULL) { 851 ddi_dma_mem_free(&dma_p->acc_hdl); 852 dma_p->acc_hdl = NULL; 853 } 854 } 855 856 /* 857 * Allocate an area of dma memory for firmware load. 858 * Idealy, this allocation should be a one time action, that is, 859 * the memory will be freed after the firmware is uploaded to the 860 * card. but since a recovery mechanism for the fatal firmware need 861 * reload the firmware, and re-allocate dma at run time may be failed, 862 * so we allocate it at attach and keep it in the whole lifecycle of 863 * the driver. 864 */ 865 static int 866 wpi_alloc_fw_dma(wpi_sc_t *sc) 867 { 868 int i, err = DDI_SUCCESS; 869 wpi_dma_t *dma_p; 870 871 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->textsz), 872 &fw_buffer_dma_attr, &wpi_dma_accattr, 873 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 874 &sc->sc_dma_fw_text); 875 dma_p = &sc->sc_dma_fw_text; 876 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 877 dma_p->ncookies, dma_p->cookie.dmac_address, 878 dma_p->cookie.dmac_size)); 879 if (err != DDI_SUCCESS) { 880 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 881 "text dma memory"); 882 goto fail; 883 } 884 for (i = 0; i < dma_p->ncookies; i++) { 885 sc->sc_fw_text_cookie[i] = dma_p->cookie; 886 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 887 } 888 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz), 889 &fw_buffer_dma_attr, &wpi_dma_accattr, 890 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 891 &sc->sc_dma_fw_data); 892 dma_p = &sc->sc_dma_fw_data; 893 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 894 dma_p->ncookies, dma_p->cookie.dmac_address, 895 dma_p->cookie.dmac_size)); 896 if (err != DDI_SUCCESS) { 897 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 898 "data dma memory"); 899 goto fail; 900 } 901 for (i = 0; i < dma_p->ncookies; i++) { 902 sc->sc_fw_data_cookie[i] = dma_p->cookie; 903 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 904 } 905 fail: 906 return (err); 907 } 908 909 static void 910 wpi_free_fw_dma(wpi_sc_t *sc) 911 { 912 wpi_free_dma_mem(&sc->sc_dma_fw_text); 913 wpi_free_dma_mem(&sc->sc_dma_fw_data); 914 } 915 916 /* 917 * Allocate a shared page between host and NIC. 918 */ 919 static int 920 wpi_alloc_shared(wpi_sc_t *sc) 921 { 922 int err = DDI_SUCCESS; 923 924 /* must be aligned on a 4K-page boundary */ 925 err = wpi_alloc_dma_mem(sc, sizeof (wpi_shared_t), 926 &sh_dma_attr, &wpi_dma_accattr, 927 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 928 &sc->sc_dma_sh); 929 if (err != DDI_SUCCESS) 930 goto fail; 931 sc->sc_shared = (wpi_shared_t *)sc->sc_dma_sh.mem_va; 932 return (err); 933 934 fail: 935 wpi_free_shared(sc); 936 return (err); 937 } 938 939 static void 940 wpi_free_shared(wpi_sc_t *sc) 941 { 942 wpi_free_dma_mem(&sc->sc_dma_sh); 943 } 944 945 static int 946 wpi_alloc_rx_ring(wpi_sc_t *sc) 947 { 948 wpi_rx_ring_t *ring; 949 wpi_rx_data_t *data; 950 int i, err = DDI_SUCCESS; 951 952 ring = &sc->sc_rxq; 953 ring->cur = 0; 954 955 err = wpi_alloc_dma_mem(sc, WPI_RX_RING_COUNT * sizeof (uint32_t), 956 &ring_desc_dma_attr, &wpi_dma_accattr, 957 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 958 &ring->dma_desc); 959 if (err != DDI_SUCCESS) { 960 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring desc failed\n")); 961 goto fail; 962 } 963 ring->desc = (uint32_t *)ring->dma_desc.mem_va; 964 965 /* 966 * Allocate Rx buffers. 967 */ 968 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 969 data = &ring->data[i]; 970 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 971 &rx_buffer_dma_attr, &wpi_dma_accattr, 972 DDI_DMA_READ | DDI_DMA_STREAMING, 973 &data->dma_data); 974 if (err != DDI_SUCCESS) { 975 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring buf[%d] " 976 "failed\n", i)); 977 goto fail; 978 } 979 980 ring->desc[i] = LE_32(data->dma_data.cookie.dmac_address); 981 } 982 983 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 984 985 return (err); 986 987 fail: 988 wpi_free_rx_ring(sc); 989 return (err); 990 } 991 992 static void 993 wpi_reset_rx_ring(wpi_sc_t *sc) 994 { 995 int ntries; 996 997 wpi_mem_lock(sc); 998 999 WPI_WRITE(sc, WPI_RX_CONFIG, 0); 1000 for (ntries = 0; ntries < 2000; ntries++) { 1001 if (WPI_READ(sc, WPI_RX_STATUS) & WPI_RX_IDLE) 1002 break; 1003 DELAY(1000); 1004 } 1005 if (ntries == 2000) 1006 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Rx ring\n")); 1007 1008 wpi_mem_unlock(sc); 1009 1010 sc->sc_rxq.cur = 0; 1011 } 1012 1013 static void 1014 wpi_free_rx_ring(wpi_sc_t *sc) 1015 { 1016 int i; 1017 1018 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1019 if (sc->sc_rxq.data[i].dma_data.dma_hdl) 1020 WPI_DMA_SYNC(sc->sc_rxq.data[i].dma_data, 1021 DDI_DMA_SYNC_FORCPU); 1022 wpi_free_dma_mem(&sc->sc_rxq.data[i].dma_data); 1023 } 1024 1025 if (sc->sc_rxq.dma_desc.dma_hdl) 1026 WPI_DMA_SYNC(sc->sc_rxq.dma_desc, DDI_DMA_SYNC_FORDEV); 1027 wpi_free_dma_mem(&sc->sc_rxq.dma_desc); 1028 } 1029 1030 static int 1031 wpi_alloc_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring, int count, int qid) 1032 { 1033 wpi_tx_data_t *data; 1034 wpi_tx_desc_t *desc_h; 1035 uint32_t paddr_desc_h; 1036 wpi_tx_cmd_t *cmd_h; 1037 uint32_t paddr_cmd_h; 1038 int i, err = DDI_SUCCESS; 1039 1040 ring->qid = qid; 1041 ring->count = count; 1042 ring->queued = 0; 1043 ring->cur = 0; 1044 1045 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_desc_t), 1046 &ring_desc_dma_attr, &wpi_dma_accattr, 1047 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1048 &ring->dma_desc); 1049 if (err != DDI_SUCCESS) { 1050 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring desc[%d] failed\n", 1051 qid)); 1052 goto fail; 1053 } 1054 1055 /* update shared page with ring's base address */ 1056 sc->sc_shared->txbase[qid] = ring->dma_desc.cookie.dmac_address; 1057 1058 desc_h = (wpi_tx_desc_t *)ring->dma_desc.mem_va; 1059 paddr_desc_h = ring->dma_desc.cookie.dmac_address; 1060 1061 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_cmd_t), 1062 &tx_cmd_dma_attr, &wpi_dma_accattr, 1063 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1064 &ring->dma_cmd); 1065 if (err != DDI_SUCCESS) { 1066 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring cmd[%d] failed\n", 1067 qid)); 1068 goto fail; 1069 } 1070 1071 cmd_h = (wpi_tx_cmd_t *)ring->dma_cmd.mem_va; 1072 paddr_cmd_h = ring->dma_cmd.cookie.dmac_address; 1073 1074 /* 1075 * Allocate Tx buffers. 1076 */ 1077 ring->data = kmem_zalloc(sizeof (wpi_tx_data_t) * count, KM_NOSLEEP); 1078 if (ring->data == NULL) { 1079 WPI_DBG((WPI_DEBUG_DMA, "could not allocate tx data slots\n")); 1080 goto fail; 1081 } 1082 1083 for (i = 0; i < count; i++) { 1084 data = &ring->data[i]; 1085 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 1086 &tx_buffer_dma_attr, &wpi_dma_accattr, 1087 DDI_DMA_WRITE | DDI_DMA_STREAMING, 1088 &data->dma_data); 1089 if (err != DDI_SUCCESS) { 1090 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring buf[%d] " 1091 "failed\n", i)); 1092 goto fail; 1093 } 1094 1095 data->desc = desc_h + i; 1096 data->paddr_desc = paddr_desc_h + 1097 ((uintptr_t)data->desc - (uintptr_t)desc_h); 1098 data->cmd = cmd_h + i; 1099 data->paddr_cmd = paddr_cmd_h + 1100 ((uintptr_t)data->cmd - (uintptr_t)cmd_h); 1101 } 1102 1103 return (err); 1104 1105 fail: 1106 wpi_free_tx_ring(sc, ring); 1107 return (err); 1108 } 1109 1110 static void 1111 wpi_reset_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1112 { 1113 wpi_tx_data_t *data; 1114 int i, ntries; 1115 1116 wpi_mem_lock(sc); 1117 1118 WPI_WRITE(sc, WPI_TX_CONFIG(ring->qid), 0); 1119 for (ntries = 0; ntries < 100; ntries++) { 1120 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(ring->qid)) 1121 break; 1122 DELAY(10); 1123 } 1124 #ifdef DEBUG 1125 if (ntries == 100 && wpi_dbg_flags > 0) { 1126 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Tx ring %d\n", 1127 ring->qid)); 1128 } 1129 #endif 1130 wpi_mem_unlock(sc); 1131 1132 if (!(sc->sc_flags & WPI_F_QUIESCED)) { 1133 for (i = 0; i < ring->count; i++) { 1134 data = &ring->data[i]; 1135 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 1136 } 1137 } 1138 1139 ring->queued = 0; 1140 ring->cur = 0; 1141 } 1142 1143 /*ARGSUSED*/ 1144 static void 1145 wpi_free_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1146 { 1147 int i; 1148 1149 if (ring->dma_desc.dma_hdl != NULL) 1150 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 1151 wpi_free_dma_mem(&ring->dma_desc); 1152 1153 if (ring->dma_cmd.dma_hdl != NULL) 1154 WPI_DMA_SYNC(ring->dma_cmd, DDI_DMA_SYNC_FORDEV); 1155 wpi_free_dma_mem(&ring->dma_cmd); 1156 1157 if (ring->data != NULL) { 1158 for (i = 0; i < ring->count; i++) { 1159 if (ring->data[i].dma_data.dma_hdl) 1160 WPI_DMA_SYNC(ring->data[i].dma_data, 1161 DDI_DMA_SYNC_FORDEV); 1162 wpi_free_dma_mem(&ring->data[i].dma_data); 1163 } 1164 kmem_free(ring->data, ring->count * sizeof (wpi_tx_data_t)); 1165 ring->data = NULL; 1166 } 1167 } 1168 1169 static int 1170 wpi_ring_init(wpi_sc_t *sc) 1171 { 1172 int i, err = DDI_SUCCESS; 1173 1174 for (i = 0; i < 4; i++) { 1175 err = wpi_alloc_tx_ring(sc, &sc->sc_txq[i], WPI_TX_RING_COUNT, 1176 i); 1177 if (err != DDI_SUCCESS) 1178 goto fail; 1179 } 1180 err = wpi_alloc_tx_ring(sc, &sc->sc_cmdq, WPI_CMD_RING_COUNT, 4); 1181 if (err != DDI_SUCCESS) 1182 goto fail; 1183 err = wpi_alloc_tx_ring(sc, &sc->sc_svcq, WPI_SVC_RING_COUNT, 5); 1184 if (err != DDI_SUCCESS) 1185 goto fail; 1186 err = wpi_alloc_rx_ring(sc); 1187 if (err != DDI_SUCCESS) 1188 goto fail; 1189 return (err); 1190 1191 fail: 1192 return (err); 1193 } 1194 1195 static void 1196 wpi_ring_free(wpi_sc_t *sc) 1197 { 1198 int i = 4; 1199 1200 wpi_free_rx_ring(sc); 1201 wpi_free_tx_ring(sc, &sc->sc_svcq); 1202 wpi_free_tx_ring(sc, &sc->sc_cmdq); 1203 while (--i >= 0) { 1204 wpi_free_tx_ring(sc, &sc->sc_txq[i]); 1205 } 1206 } 1207 1208 /* ARGSUSED */ 1209 static ieee80211_node_t * 1210 wpi_node_alloc(ieee80211com_t *ic) 1211 { 1212 wpi_amrr_t *amrr; 1213 1214 amrr = kmem_zalloc(sizeof (wpi_amrr_t), KM_SLEEP); 1215 if (amrr != NULL) 1216 wpi_amrr_init(amrr); 1217 return (&amrr->in); 1218 } 1219 1220 static void 1221 wpi_node_free(ieee80211_node_t *in) 1222 { 1223 ieee80211com_t *ic = in->in_ic; 1224 1225 ic->ic_node_cleanup(in); 1226 if (in->in_wpa_ie != NULL) 1227 ieee80211_free(in->in_wpa_ie); 1228 kmem_free(in, sizeof (wpi_amrr_t)); 1229 } 1230 1231 /*ARGSUSED*/ 1232 static int 1233 wpi_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg) 1234 { 1235 wpi_sc_t *sc = (wpi_sc_t *)ic; 1236 ieee80211_node_t *in = ic->ic_bss; 1237 enum ieee80211_state ostate; 1238 int i, err = WPI_SUCCESS; 1239 1240 mutex_enter(&sc->sc_glock); 1241 ostate = ic->ic_state; 1242 switch (nstate) { 1243 case IEEE80211_S_SCAN: 1244 switch (ostate) { 1245 case IEEE80211_S_INIT: 1246 { 1247 wpi_node_t node; 1248 1249 sc->sc_flags |= WPI_F_SCANNING; 1250 sc->sc_scan_next = 0; 1251 1252 /* make the link LED blink while we're scanning */ 1253 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1254 1255 /* 1256 * clear association to receive beacons from all 1257 * BSS'es 1258 */ 1259 sc->sc_config.state = 0; 1260 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1261 1262 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x " 1263 "filter %x\n", 1264 sc->sc_config.chan, sc->sc_config.flags, 1265 sc->sc_config.filter)); 1266 1267 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1268 sizeof (wpi_config_t), 1); 1269 if (err != WPI_SUCCESS) { 1270 cmn_err(CE_WARN, 1271 "could not clear association\n"); 1272 sc->sc_flags &= ~WPI_F_SCANNING; 1273 mutex_exit(&sc->sc_glock); 1274 return (err); 1275 } 1276 1277 /* add broadcast node to send probe request */ 1278 (void) memset(&node, 0, sizeof (node)); 1279 (void) memset(&node.bssid, 0xff, IEEE80211_ADDR_LEN); 1280 node.id = WPI_ID_BROADCAST; 1281 1282 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, 1283 sizeof (node), 1); 1284 if (err != WPI_SUCCESS) { 1285 cmn_err(CE_WARN, 1286 "could not add broadcast node\n"); 1287 sc->sc_flags &= ~WPI_F_SCANNING; 1288 mutex_exit(&sc->sc_glock); 1289 return (err); 1290 } 1291 break; 1292 } 1293 case IEEE80211_S_SCAN: 1294 mutex_exit(&sc->sc_glock); 1295 /* step to next channel before actual FW scan */ 1296 err = sc->sc_newstate(ic, nstate, arg); 1297 mutex_enter(&sc->sc_glock); 1298 if ((err != 0) || ((err = wpi_scan(sc)) != 0)) { 1299 cmn_err(CE_WARN, 1300 "could not initiate scan\n"); 1301 sc->sc_flags &= ~WPI_F_SCANNING; 1302 ieee80211_cancel_scan(ic); 1303 } 1304 mutex_exit(&sc->sc_glock); 1305 return (err); 1306 default: 1307 break; 1308 } 1309 sc->sc_clk = 0; 1310 break; 1311 1312 case IEEE80211_S_AUTH: 1313 if (ostate == IEEE80211_S_SCAN) { 1314 sc->sc_flags &= ~WPI_F_SCANNING; 1315 } 1316 1317 /* reset state to handle reassociations correctly */ 1318 sc->sc_config.state = 0; 1319 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1320 1321 if ((err = wpi_auth(sc)) != 0) { 1322 WPI_DBG((WPI_DEBUG_80211, 1323 "could not send authentication request\n")); 1324 mutex_exit(&sc->sc_glock); 1325 return (err); 1326 } 1327 break; 1328 1329 case IEEE80211_S_RUN: 1330 if (ostate == IEEE80211_S_SCAN) { 1331 sc->sc_flags &= ~WPI_F_SCANNING; 1332 } 1333 1334 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1335 /* link LED blinks while monitoring */ 1336 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 1337 break; 1338 } 1339 1340 if (ic->ic_opmode != IEEE80211_M_STA) { 1341 (void) wpi_auth(sc); 1342 /* need setup beacon here */ 1343 } 1344 WPI_DBG((WPI_DEBUG_80211, "wpi: associated.")); 1345 1346 /* update adapter's configuration */ 1347 sc->sc_config.state = LE_16(WPI_CONFIG_ASSOCIATED); 1348 /* short preamble/slot time are negotiated when associating */ 1349 sc->sc_config.flags &= ~LE_32(WPI_CONFIG_SHPREAMBLE | 1350 WPI_CONFIG_SHSLOT); 1351 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1352 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHSLOT); 1353 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1354 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHPREAMBLE); 1355 sc->sc_config.filter |= LE_32(WPI_FILTER_BSS); 1356 if (ic->ic_opmode != IEEE80211_M_STA) 1357 sc->sc_config.filter |= LE_32(WPI_FILTER_BEACON); 1358 1359 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x\n", 1360 sc->sc_config.chan, sc->sc_config.flags)); 1361 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1362 sizeof (wpi_config_t), 1); 1363 if (err != WPI_SUCCESS) { 1364 WPI_DBG((WPI_DEBUG_80211, 1365 "could not update configuration\n")); 1366 mutex_exit(&sc->sc_glock); 1367 return (err); 1368 } 1369 1370 /* start automatic rate control */ 1371 mutex_enter(&sc->sc_mt_lock); 1372 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1373 sc->sc_flags |= WPI_F_RATE_AUTO_CTL; 1374 /* set rate to some reasonable initial value */ 1375 i = in->in_rates.ir_nrates - 1; 1376 while (i > 0 && IEEE80211_RATE(i) > 72) 1377 i--; 1378 in->in_txrate = i; 1379 } else { 1380 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 1381 } 1382 mutex_exit(&sc->sc_mt_lock); 1383 1384 /* link LED always on while associated */ 1385 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 1386 break; 1387 1388 case IEEE80211_S_INIT: 1389 sc->sc_flags &= ~WPI_F_SCANNING; 1390 break; 1391 1392 case IEEE80211_S_ASSOC: 1393 sc->sc_flags &= ~WPI_F_SCANNING; 1394 break; 1395 } 1396 1397 mutex_exit(&sc->sc_glock); 1398 return (sc->sc_newstate(ic, nstate, arg)); 1399 } 1400 1401 /*ARGSUSED*/ 1402 static int wpi_key_set(ieee80211com_t *ic, const struct ieee80211_key *k, 1403 const uint8_t mac[IEEE80211_ADDR_LEN]) 1404 { 1405 wpi_sc_t *sc = (wpi_sc_t *)ic; 1406 wpi_node_t node; 1407 int err; 1408 1409 switch (k->wk_cipher->ic_cipher) { 1410 case IEEE80211_CIPHER_WEP: 1411 case IEEE80211_CIPHER_TKIP: 1412 return (1); /* sofeware do it. */ 1413 case IEEE80211_CIPHER_AES_CCM: 1414 break; 1415 default: 1416 return (0); 1417 } 1418 sc->sc_config.filter &= ~(WPI_FILTER_NODECRYPTUNI | 1419 WPI_FILTER_NODECRYPTMUL); 1420 1421 mutex_enter(&sc->sc_glock); 1422 1423 /* update ap/multicast node */ 1424 (void) memset(&node, 0, sizeof (node)); 1425 if (IEEE80211_IS_MULTICAST(mac)) { 1426 (void) memset(node.bssid, 0xff, 6); 1427 node.id = WPI_ID_BROADCAST; 1428 } else { 1429 IEEE80211_ADDR_COPY(node.bssid, ic->ic_bss->in_bssid); 1430 node.id = WPI_ID_BSS; 1431 } 1432 if (k->wk_flags & IEEE80211_KEY_XMIT) { 1433 node.key_flags = 0; 1434 node.keyp = k->wk_keyix; 1435 } else { 1436 node.key_flags = (1 << 14); 1437 node.keyp = k->wk_keyix + 4; 1438 } 1439 (void) memcpy(node.key, k->wk_key, k->wk_keylen); 1440 node.key_flags |= (2 | (1 << 3) | (k->wk_keyix << 8)); 1441 node.sta_mask = 1; 1442 node.control = 1; 1443 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 1444 if (err != WPI_SUCCESS) { 1445 cmn_err(CE_WARN, "wpi_key_set():" 1446 "failed to update ap node\n"); 1447 mutex_exit(&sc->sc_glock); 1448 return (0); 1449 } 1450 mutex_exit(&sc->sc_glock); 1451 return (1); 1452 } 1453 1454 /* 1455 * Grab exclusive access to NIC memory. 1456 */ 1457 static void 1458 wpi_mem_lock(wpi_sc_t *sc) 1459 { 1460 uint32_t tmp; 1461 int ntries; 1462 1463 tmp = WPI_READ(sc, WPI_GPIO_CTL); 1464 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_MAC); 1465 1466 /* spin until we actually get the lock */ 1467 for (ntries = 0; ntries < 1000; ntries++) { 1468 if ((WPI_READ(sc, WPI_GPIO_CTL) & 1469 (WPI_GPIO_CLOCK | WPI_GPIO_SLEEP)) == WPI_GPIO_CLOCK) 1470 break; 1471 DELAY(10); 1472 } 1473 if (ntries == 1000) 1474 WPI_DBG((WPI_DEBUG_PIO, "could not lock memory\n")); 1475 } 1476 1477 /* 1478 * Release lock on NIC memory. 1479 */ 1480 static void 1481 wpi_mem_unlock(wpi_sc_t *sc) 1482 { 1483 uint32_t tmp = WPI_READ(sc, WPI_GPIO_CTL); 1484 WPI_WRITE(sc, WPI_GPIO_CTL, tmp & ~WPI_GPIO_MAC); 1485 } 1486 1487 static uint32_t 1488 wpi_mem_read(wpi_sc_t *sc, uint16_t addr) 1489 { 1490 WPI_WRITE(sc, WPI_READ_MEM_ADDR, WPI_MEM_4 | addr); 1491 return (WPI_READ(sc, WPI_READ_MEM_DATA)); 1492 } 1493 1494 static void 1495 wpi_mem_write(wpi_sc_t *sc, uint16_t addr, uint32_t data) 1496 { 1497 WPI_WRITE(sc, WPI_WRITE_MEM_ADDR, WPI_MEM_4 | addr); 1498 WPI_WRITE(sc, WPI_WRITE_MEM_DATA, data); 1499 } 1500 1501 static void 1502 wpi_mem_write_region_4(wpi_sc_t *sc, uint16_t addr, 1503 const uint32_t *data, int wlen) 1504 { 1505 for (; wlen > 0; wlen--, data++, addr += 4) 1506 wpi_mem_write(sc, addr, *data); 1507 } 1508 1509 /* 1510 * Read 16 bits from the EEPROM. We access EEPROM through the MAC instead of 1511 * using the traditional bit-bang method. 1512 */ 1513 static uint16_t 1514 wpi_read_prom_word(wpi_sc_t *sc, uint32_t addr) 1515 { 1516 uint32_t val; 1517 int ntries; 1518 1519 WPI_WRITE(sc, WPI_EEPROM_CTL, addr << 2); 1520 1521 wpi_mem_lock(sc); 1522 for (ntries = 0; ntries < 10; ntries++) { 1523 if ((val = WPI_READ(sc, WPI_EEPROM_CTL)) & WPI_EEPROM_READY) 1524 break; 1525 DELAY(10); 1526 } 1527 wpi_mem_unlock(sc); 1528 1529 if (ntries == 10) { 1530 WPI_DBG((WPI_DEBUG_PIO, "could not read EEPROM\n")); 1531 return (0xdead); 1532 } 1533 return (val >> 16); 1534 } 1535 1536 /* 1537 * The firmware boot code is small and is intended to be copied directly into 1538 * the NIC internal memory. 1539 */ 1540 static int 1541 wpi_load_microcode(wpi_sc_t *sc) 1542 { 1543 const char *ucode; 1544 int size; 1545 1546 ucode = sc->sc_boot; 1547 size = LE_32(sc->sc_hdr->bootsz); 1548 /* check that microcode size is a multiple of 4 */ 1549 if (size & 3) 1550 return (EINVAL); 1551 1552 size /= sizeof (uint32_t); 1553 1554 wpi_mem_lock(sc); 1555 1556 /* copy microcode image into NIC memory */ 1557 wpi_mem_write_region_4(sc, WPI_MEM_UCODE_BASE, (const uint32_t *)ucode, 1558 size); 1559 1560 wpi_mem_write(sc, WPI_MEM_UCODE_SRC, 0); 1561 wpi_mem_write(sc, WPI_MEM_UCODE_DST, WPI_FW_TEXT); 1562 wpi_mem_write(sc, WPI_MEM_UCODE_SIZE, size); 1563 1564 /* run microcode */ 1565 wpi_mem_write(sc, WPI_MEM_UCODE_CTL, WPI_UC_RUN); 1566 1567 wpi_mem_unlock(sc); 1568 1569 return (WPI_SUCCESS); 1570 } 1571 1572 /* 1573 * The firmware text and data segments are transferred to the NIC using DMA. 1574 * The driver just copies the firmware into DMA-safe memory and tells the NIC 1575 * where to find it. Once the NIC has copied the firmware into its internal 1576 * memory, we can free our local copy in the driver. 1577 */ 1578 static int 1579 wpi_load_firmware(wpi_sc_t *sc, uint32_t target) 1580 { 1581 const char *fw; 1582 int size; 1583 wpi_dma_t *dma_p; 1584 ddi_dma_cookie_t *cookie; 1585 wpi_tx_desc_t desc; 1586 int i, ntries, err = WPI_SUCCESS; 1587 1588 /* only text and data here */ 1589 if (target == WPI_FW_TEXT) { 1590 fw = sc->sc_text; 1591 size = LE_32(sc->sc_hdr->textsz); 1592 dma_p = &sc->sc_dma_fw_text; 1593 cookie = sc->sc_fw_text_cookie; 1594 } else { 1595 fw = sc->sc_data; 1596 size = LE_32(sc->sc_hdr->datasz); 1597 dma_p = &sc->sc_dma_fw_data; 1598 cookie = sc->sc_fw_data_cookie; 1599 } 1600 1601 /* copy firmware image to DMA-safe memory */ 1602 (void) memcpy(dma_p->mem_va, fw, size); 1603 1604 /* make sure the adapter will get up-to-date values */ 1605 (void) ddi_dma_sync(dma_p->dma_hdl, 0, size, DDI_DMA_SYNC_FORDEV); 1606 1607 (void) memset(&desc, 0, sizeof (desc)); 1608 desc.flags = LE_32(WPI_PAD32(size) << 28 | dma_p->ncookies << 24); 1609 for (i = 0; i < dma_p->ncookies; i++) { 1610 WPI_DBG((WPI_DEBUG_DMA, "cookie%d addr:%x size:%x\n", 1611 i, cookie[i].dmac_address, cookie[i].dmac_size)); 1612 desc.segs[i].addr = cookie[i].dmac_address; 1613 desc.segs[i].len = (uint32_t)cookie[i].dmac_size; 1614 } 1615 1616 wpi_mem_lock(sc); 1617 1618 /* tell adapter where to copy image in its internal memory */ 1619 WPI_WRITE(sc, WPI_FW_TARGET, target); 1620 1621 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0); 1622 1623 /* copy firmware descriptor into NIC memory */ 1624 WPI_WRITE_REGION_4(sc, WPI_TX_DESC(6), (uint32_t *)&desc, 1625 sizeof desc / sizeof (uint32_t)); 1626 1627 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0xfffff); 1628 WPI_WRITE(sc, WPI_TX_STATE(6), 0x4001); 1629 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0x80000001); 1630 1631 /* wait while the adapter is busy copying the firmware */ 1632 for (ntries = 0; ntries < 100; ntries++) { 1633 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(6)) 1634 break; 1635 DELAY(1000); 1636 } 1637 if (ntries == 100) { 1638 WPI_DBG((WPI_DEBUG_FW, "timeout transferring firmware\n")); 1639 err = ETIMEDOUT; 1640 } 1641 1642 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0); 1643 1644 wpi_mem_unlock(sc); 1645 1646 return (err); 1647 } 1648 1649 /*ARGSUSED*/ 1650 static void 1651 wpi_rx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1652 { 1653 ieee80211com_t *ic = &sc->sc_ic; 1654 wpi_rx_ring_t *ring = &sc->sc_rxq; 1655 wpi_rx_stat_t *stat; 1656 wpi_rx_head_t *head; 1657 wpi_rx_tail_t *tail; 1658 ieee80211_node_t *in; 1659 struct ieee80211_frame *wh; 1660 mblk_t *mp; 1661 uint16_t len; 1662 1663 stat = (wpi_rx_stat_t *)(desc + 1); 1664 1665 if (stat->len > WPI_STAT_MAXLEN) { 1666 WPI_DBG((WPI_DEBUG_RX, "invalid rx statistic header\n")); 1667 return; 1668 } 1669 1670 head = (wpi_rx_head_t *)((caddr_t)(stat + 1) + stat->len); 1671 tail = (wpi_rx_tail_t *)((caddr_t)(head + 1) + LE_16(head->len)); 1672 1673 len = LE_16(head->len); 1674 1675 WPI_DBG((WPI_DEBUG_RX, "rx intr: idx=%d len=%d stat len=%d rssi=%d " 1676 "rate=%x chan=%d tstamp=%llu", ring->cur, LE_32(desc->len), 1677 len, (int8_t)stat->rssi, head->rate, head->chan, 1678 LE_64(tail->tstamp))); 1679 1680 if ((len < 20) || (len > sc->sc_dmabuf_sz)) { 1681 sc->sc_rx_err++; 1682 return; 1683 } 1684 1685 /* 1686 * Discard Rx frames with bad CRC early 1687 */ 1688 if ((LE_32(tail->flags) & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1689 WPI_DBG((WPI_DEBUG_RX, "rx tail flags error %x\n", 1690 LE_32(tail->flags))); 1691 sc->sc_rx_err++; 1692 return; 1693 } 1694 1695 /* update Rx descriptor */ 1696 /* ring->desc[ring->cur] = LE_32(data->dma_data.cookie.dmac_address); */ 1697 1698 #ifdef WPI_BPF 1699 #ifndef WPI_CURRENT 1700 if (sc->sc_drvbpf != NULL) { 1701 #else 1702 if (bpf_peers_present(sc->sc_drvbpf)) { 1703 #endif 1704 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1705 1706 tap->wr_flags = 0; 1707 tap->wr_rate = head->rate; 1708 tap->wr_chan_freq = 1709 LE_16(ic->ic_channels[head->chan].ic_freq); 1710 tap->wr_chan_flags = 1711 LE_16(ic->ic_channels[head->chan].ic_flags); 1712 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1713 tap->wr_dbm_antnoise = (int8_t)LE_16(stat->noise); 1714 tap->wr_tsft = tail->tstamp; 1715 tap->wr_antenna = (LE_16(head->flags) >> 4) & 0xf; 1716 switch (head->rate) { 1717 /* CCK rates */ 1718 case 10: tap->wr_rate = 2; break; 1719 case 20: tap->wr_rate = 4; break; 1720 case 55: tap->wr_rate = 11; break; 1721 case 110: tap->wr_rate = 22; break; 1722 /* OFDM rates */ 1723 case 0xd: tap->wr_rate = 12; break; 1724 case 0xf: tap->wr_rate = 18; break; 1725 case 0x5: tap->wr_rate = 24; break; 1726 case 0x7: tap->wr_rate = 36; break; 1727 case 0x9: tap->wr_rate = 48; break; 1728 case 0xb: tap->wr_rate = 72; break; 1729 case 0x1: tap->wr_rate = 96; break; 1730 case 0x3: tap->wr_rate = 108; break; 1731 /* unknown rate: should not happen */ 1732 default: tap->wr_rate = 0; 1733 } 1734 if (LE_16(head->flags) & 0x4) 1735 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1736 1737 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1738 } 1739 #endif 1740 /* grab a reference to the source node */ 1741 wh = (struct ieee80211_frame *)(head + 1); 1742 1743 #ifdef DEBUG 1744 if (wpi_dbg_flags & WPI_DEBUG_RX) 1745 ieee80211_dump_pkt((uint8_t *)wh, len, 0, 0); 1746 #endif 1747 1748 in = ieee80211_find_rxnode(ic, wh); 1749 mp = allocb(len, BPRI_MED); 1750 if (mp) { 1751 (void) memcpy(mp->b_wptr, wh, len); 1752 mp->b_wptr += len; 1753 1754 /* send the frame to the 802.11 layer */ 1755 (void) ieee80211_input(ic, mp, in, stat->rssi, 0); 1756 } else { 1757 sc->sc_rx_nobuf++; 1758 WPI_DBG((WPI_DEBUG_RX, 1759 "wpi_rx_intr(): alloc rx buf failed\n")); 1760 } 1761 /* release node reference */ 1762 ieee80211_free_node(in); 1763 } 1764 1765 /*ARGSUSED*/ 1766 static void 1767 wpi_tx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1768 { 1769 ieee80211com_t *ic = &sc->sc_ic; 1770 wpi_tx_ring_t *ring = &sc->sc_txq[desc->qid & 0x3]; 1771 /* wpi_tx_data_t *txdata = &ring->data[desc->idx]; */ 1772 wpi_tx_stat_t *stat = (wpi_tx_stat_t *)(desc + 1); 1773 wpi_amrr_t *amrr = (wpi_amrr_t *)ic->ic_bss; 1774 1775 WPI_DBG((WPI_DEBUG_TX, "tx done: qid=%d idx=%d retries=%d nkill=%d " 1776 "rate=%x duration=%d status=%x\n", 1777 desc->qid, desc->idx, stat->ntries, stat->nkill, stat->rate, 1778 LE_32(stat->duration), LE_32(stat->status))); 1779 1780 amrr->txcnt++; 1781 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d cnt\n", amrr->txcnt)); 1782 if (stat->ntries > 0) { 1783 amrr->retrycnt++; 1784 sc->sc_tx_retries++; 1785 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d retries\n", 1786 amrr->retrycnt)); 1787 } 1788 1789 sc->sc_tx_timer = 0; 1790 1791 mutex_enter(&sc->sc_tx_lock); 1792 ring->queued--; 1793 if (ring->queued < 0) 1794 ring->queued = 0; 1795 if ((sc->sc_need_reschedule) && (ring->queued <= (ring->count << 3))) { 1796 sc->sc_need_reschedule = 0; 1797 mutex_exit(&sc->sc_tx_lock); 1798 mac_tx_update(ic->ic_mach); 1799 mutex_enter(&sc->sc_tx_lock); 1800 } 1801 mutex_exit(&sc->sc_tx_lock); 1802 } 1803 1804 static void 1805 wpi_cmd_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc) 1806 { 1807 if ((desc->qid & 7) != 4) { 1808 return; /* not a command ack */ 1809 } 1810 mutex_enter(&sc->sc_glock); 1811 sc->sc_flags |= WPI_F_CMD_DONE; 1812 cv_signal(&sc->sc_cmd_cv); 1813 mutex_exit(&sc->sc_glock); 1814 } 1815 1816 static uint_t 1817 wpi_notif_softintr(caddr_t arg) 1818 { 1819 wpi_sc_t *sc = (wpi_sc_t *)arg; 1820 wpi_rx_desc_t *desc; 1821 wpi_rx_data_t *data; 1822 uint32_t hw; 1823 1824 mutex_enter(&sc->sc_glock); 1825 if (sc->sc_notif_softint_pending != 1) { 1826 mutex_exit(&sc->sc_glock); 1827 return (DDI_INTR_UNCLAIMED); 1828 } 1829 mutex_exit(&sc->sc_glock); 1830 1831 hw = LE_32(sc->sc_shared->next); 1832 1833 while (sc->sc_rxq.cur != hw) { 1834 data = &sc->sc_rxq.data[sc->sc_rxq.cur]; 1835 desc = (wpi_rx_desc_t *)data->dma_data.mem_va; 1836 1837 WPI_DBG((WPI_DEBUG_INTR, "rx notification hw = %d cur = %d " 1838 "qid=%x idx=%d flags=%x type=%d len=%d\n", 1839 hw, sc->sc_rxq.cur, desc->qid, desc->idx, desc->flags, 1840 desc->type, LE_32(desc->len))); 1841 1842 if (!(desc->qid & 0x80)) /* reply to a command */ 1843 wpi_cmd_intr(sc, desc); 1844 1845 switch (desc->type) { 1846 case WPI_RX_DONE: 1847 /* a 802.11 frame was received */ 1848 wpi_rx_intr(sc, desc, data); 1849 break; 1850 1851 case WPI_TX_DONE: 1852 /* a 802.11 frame has been transmitted */ 1853 wpi_tx_intr(sc, desc, data); 1854 break; 1855 1856 case WPI_UC_READY: 1857 { 1858 wpi_ucode_info_t *uc = 1859 (wpi_ucode_info_t *)(desc + 1); 1860 1861 /* the microcontroller is ready */ 1862 WPI_DBG((WPI_DEBUG_FW, 1863 "microcode alive notification version %x " 1864 "alive %x\n", LE_32(uc->version), 1865 LE_32(uc->valid))); 1866 1867 if (LE_32(uc->valid) != 1) { 1868 WPI_DBG((WPI_DEBUG_FW, 1869 "microcontroller initialization failed\n")); 1870 } 1871 break; 1872 } 1873 case WPI_STATE_CHANGED: 1874 { 1875 uint32_t *status = (uint32_t *)(desc + 1); 1876 1877 /* enabled/disabled notification */ 1878 WPI_DBG((WPI_DEBUG_RADIO, "state changed to %x\n", 1879 LE_32(*status))); 1880 1881 if (LE_32(*status) & 1) { 1882 /* 1883 * the radio button has to be pushed(OFF). It 1884 * is considered as a hw error, the 1885 * wpi_thread() tries to recover it after the 1886 * button is pushed again(ON) 1887 */ 1888 cmn_err(CE_NOTE, 1889 "wpi: Radio transmitter is off\n"); 1890 sc->sc_ostate = sc->sc_ic.ic_state; 1891 ieee80211_new_state(&sc->sc_ic, 1892 IEEE80211_S_INIT, -1); 1893 sc->sc_flags |= 1894 (WPI_F_HW_ERR_RECOVER | WPI_F_RADIO_OFF); 1895 } 1896 break; 1897 } 1898 case WPI_START_SCAN: 1899 { 1900 wpi_start_scan_t *scan = 1901 (wpi_start_scan_t *)(desc + 1); 1902 1903 WPI_DBG((WPI_DEBUG_SCAN, 1904 "scanning channel %d status %x\n", 1905 scan->chan, LE_32(scan->status))); 1906 1907 break; 1908 } 1909 case WPI_STOP_SCAN: 1910 { 1911 wpi_stop_scan_t *scan = 1912 (wpi_stop_scan_t *)(desc + 1); 1913 1914 WPI_DBG((WPI_DEBUG_SCAN, 1915 "completed channel %d (burst of %d) status %02x\n", 1916 scan->chan, scan->nchan, scan->status)); 1917 1918 sc->sc_scan_pending = 0; 1919 sc->sc_scan_next++; 1920 break; 1921 } 1922 default: 1923 break; 1924 } 1925 1926 sc->sc_rxq.cur = (sc->sc_rxq.cur + 1) % WPI_RX_RING_COUNT; 1927 } 1928 1929 /* tell the firmware what we have processed */ 1930 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1931 WPI_WRITE(sc, WPI_RX_WIDX, hw & (~7)); 1932 mutex_enter(&sc->sc_glock); 1933 sc->sc_notif_softint_pending = 0; 1934 mutex_exit(&sc->sc_glock); 1935 1936 return (DDI_INTR_CLAIMED); 1937 } 1938 1939 static uint_t 1940 wpi_intr(caddr_t arg) 1941 { 1942 wpi_sc_t *sc = (wpi_sc_t *)arg; 1943 uint32_t r, rfh; 1944 1945 mutex_enter(&sc->sc_glock); 1946 if (sc->sc_flags & WPI_F_SUSPEND) { 1947 mutex_exit(&sc->sc_glock); 1948 return (DDI_INTR_UNCLAIMED); 1949 } 1950 1951 r = WPI_READ(sc, WPI_INTR); 1952 if (r == 0 || r == 0xffffffff) { 1953 mutex_exit(&sc->sc_glock); 1954 return (DDI_INTR_UNCLAIMED); 1955 } 1956 1957 WPI_DBG((WPI_DEBUG_INTR, "interrupt reg %x\n", r)); 1958 1959 rfh = WPI_READ(sc, WPI_INTR_STATUS); 1960 /* disable interrupts */ 1961 WPI_WRITE(sc, WPI_MASK, 0); 1962 /* ack interrupts */ 1963 WPI_WRITE(sc, WPI_INTR, r); 1964 WPI_WRITE(sc, WPI_INTR_STATUS, rfh); 1965 1966 if (sc->sc_notif_softint_id == NULL) { 1967 mutex_exit(&sc->sc_glock); 1968 return (DDI_INTR_CLAIMED); 1969 } 1970 1971 if (r & (WPI_SW_ERROR | WPI_HW_ERROR)) { 1972 WPI_DBG((WPI_DEBUG_FW, "fatal firmware error\n")); 1973 mutex_exit(&sc->sc_glock); 1974 wpi_stop(sc); 1975 if (!(sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 1976 sc->sc_ostate = sc->sc_ic.ic_state; 1977 } 1978 1979 /* not capable of fast recovery */ 1980 if (!WPI_CHK_FAST_RECOVER(sc)) 1981 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 1982 1983 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 1984 return (DDI_INTR_CLAIMED); 1985 } 1986 1987 if ((r & (WPI_RX_INTR | WPI_RX_SWINT)) || 1988 (rfh & 0x40070000)) { 1989 sc->sc_notif_softint_pending = 1; 1990 ddi_trigger_softintr(sc->sc_notif_softint_id); 1991 } 1992 1993 if (r & WPI_ALIVE_INTR) { /* firmware initialized */ 1994 sc->sc_flags |= WPI_F_FW_INIT; 1995 cv_signal(&sc->sc_fw_cv); 1996 } 1997 1998 /* re-enable interrupts */ 1999 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 2000 mutex_exit(&sc->sc_glock); 2001 2002 return (DDI_INTR_CLAIMED); 2003 } 2004 2005 static uint8_t 2006 wpi_plcp_signal(int rate) 2007 { 2008 switch (rate) { 2009 /* CCK rates (returned values are device-dependent) */ 2010 case 2: return (10); 2011 case 4: return (20); 2012 case 11: return (55); 2013 case 22: return (110); 2014 2015 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 2016 /* R1-R4 (ral/ural is R4-R1) */ 2017 case 12: return (0xd); 2018 case 18: return (0xf); 2019 case 24: return (0x5); 2020 case 36: return (0x7); 2021 case 48: return (0x9); 2022 case 72: return (0xb); 2023 case 96: return (0x1); 2024 case 108: return (0x3); 2025 2026 /* unsupported rates (should not get there) */ 2027 default: return (0); 2028 } 2029 } 2030 2031 static mblk_t * 2032 wpi_m_tx(void *arg, mblk_t *mp) 2033 { 2034 wpi_sc_t *sc = (wpi_sc_t *)arg; 2035 ieee80211com_t *ic = &sc->sc_ic; 2036 mblk_t *next; 2037 2038 if (sc->sc_flags & WPI_F_SUSPEND) { 2039 freemsgchain(mp); 2040 return (NULL); 2041 } 2042 2043 if (ic->ic_state != IEEE80211_S_RUN) { 2044 freemsgchain(mp); 2045 return (NULL); 2046 } 2047 2048 if ((sc->sc_flags & WPI_F_HW_ERR_RECOVER) && 2049 WPI_CHK_FAST_RECOVER(sc)) { 2050 WPI_DBG((WPI_DEBUG_FW, "wpi_m_tx(): hold queue\n")); 2051 return (mp); 2052 } 2053 2054 while (mp != NULL) { 2055 next = mp->b_next; 2056 mp->b_next = NULL; 2057 if (wpi_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != 0) { 2058 mp->b_next = next; 2059 break; 2060 } 2061 mp = next; 2062 } 2063 return (mp); 2064 } 2065 2066 /* ARGSUSED */ 2067 static int 2068 wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type) 2069 { 2070 wpi_sc_t *sc = (wpi_sc_t *)ic; 2071 wpi_tx_ring_t *ring; 2072 wpi_tx_desc_t *desc; 2073 wpi_tx_data_t *data; 2074 wpi_tx_cmd_t *cmd; 2075 wpi_cmd_data_t *tx; 2076 ieee80211_node_t *in; 2077 struct ieee80211_frame *wh; 2078 struct ieee80211_key *k; 2079 mblk_t *m, *m0; 2080 int rate, hdrlen, len, mblen, off, err = WPI_SUCCESS; 2081 2082 ring = ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA) ? 2083 (&sc->sc_txq[0]) : (&sc->sc_txq[1]); 2084 data = &ring->data[ring->cur]; 2085 desc = data->desc; 2086 cmd = data->cmd; 2087 bzero(desc, sizeof (*desc)); 2088 bzero(cmd, sizeof (*cmd)); 2089 2090 mutex_enter(&sc->sc_tx_lock); 2091 if (sc->sc_flags & WPI_F_SUSPEND) { 2092 mutex_exit(&sc->sc_tx_lock); 2093 if ((type & IEEE80211_FC0_TYPE_MASK) != 2094 IEEE80211_FC0_TYPE_DATA) { 2095 freemsg(mp); 2096 } 2097 err = ENXIO; 2098 goto exit; 2099 } 2100 2101 if (ring->queued > ring->count - 64) { 2102 WPI_DBG((WPI_DEBUG_TX, "wpi_send(): no txbuf\n")); 2103 sc->sc_need_reschedule = 1; 2104 mutex_exit(&sc->sc_tx_lock); 2105 if ((type & IEEE80211_FC0_TYPE_MASK) != 2106 IEEE80211_FC0_TYPE_DATA) { 2107 freemsg(mp); 2108 } 2109 sc->sc_tx_nobuf++; 2110 err = ENOMEM; 2111 goto exit; 2112 } 2113 mutex_exit(&sc->sc_tx_lock); 2114 2115 hdrlen = sizeof (struct ieee80211_frame); 2116 2117 m = allocb(msgdsize(mp) + 32, BPRI_MED); 2118 if (m == NULL) { /* can not alloc buf, drop this package */ 2119 cmn_err(CE_WARN, 2120 "wpi_send(): failed to allocate msgbuf\n"); 2121 freemsg(mp); 2122 err = WPI_SUCCESS; 2123 goto exit; 2124 } 2125 for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) { 2126 mblen = MBLKL(m0); 2127 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen); 2128 off += mblen; 2129 } 2130 m->b_wptr += off; 2131 freemsg(mp); 2132 2133 wh = (struct ieee80211_frame *)m->b_rptr; 2134 2135 in = ieee80211_find_txnode(ic, wh->i_addr1); 2136 if (in == NULL) { 2137 cmn_err(CE_WARN, "wpi_send(): failed to find tx node\n"); 2138 freemsg(m); 2139 sc->sc_tx_err++; 2140 err = WPI_SUCCESS; 2141 goto exit; 2142 } 2143 2144 (void) ieee80211_encap(ic, m, in); 2145 2146 cmd->code = WPI_CMD_TX_DATA; 2147 cmd->flags = 0; 2148 cmd->qid = ring->qid; 2149 cmd->idx = ring->cur; 2150 2151 tx = (wpi_cmd_data_t *)cmd->data; 2152 tx->flags = 0; 2153 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2154 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2155 } else { 2156 tx->flags &= ~(LE_32(WPI_TX_NEED_ACK)); 2157 } 2158 2159 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2160 k = ieee80211_crypto_encap(ic, m); 2161 if (k == NULL) { 2162 freemsg(m); 2163 sc->sc_tx_err++; 2164 err = WPI_SUCCESS; 2165 goto exit; 2166 } 2167 2168 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 2169 tx->security = 2; /* for CCMP */ 2170 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2171 (void) memcpy(&tx->key, k->wk_key, k->wk_keylen); 2172 } 2173 2174 /* packet header may have moved, reset our local pointer */ 2175 wh = (struct ieee80211_frame *)m->b_rptr; 2176 } 2177 2178 len = msgdsize(m); 2179 2180 #ifdef DEBUG 2181 if (wpi_dbg_flags & WPI_DEBUG_TX) 2182 ieee80211_dump_pkt((uint8_t *)wh, hdrlen, 0, 0); 2183 #endif 2184 2185 /* pickup a rate */ 2186 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2187 IEEE80211_FC0_TYPE_MGT) { 2188 /* mgmt frames are sent at the lowest available bit-rate */ 2189 rate = 2; 2190 } else { 2191 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) { 2192 rate = ic->ic_fixed_rate; 2193 } else 2194 rate = in->in_rates.ir_rates[in->in_txrate]; 2195 } 2196 rate &= IEEE80211_RATE_VAL; 2197 WPI_DBG((WPI_DEBUG_RATECTL, "tx rate[%d of %d] = %x", 2198 in->in_txrate, in->in_rates.ir_nrates, rate)); 2199 #ifdef WPI_BPF 2200 #ifndef WPI_CURRENT 2201 if (sc->sc_drvbpf != NULL) { 2202 #else 2203 if (bpf_peers_present(sc->sc_drvbpf)) { 2204 #endif 2205 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2206 2207 tap->wt_flags = 0; 2208 tap->wt_chan_freq = LE_16(ic->ic_curchan->ic_freq); 2209 tap->wt_chan_flags = LE_16(ic->ic_curchan->ic_flags); 2210 tap->wt_rate = rate; 2211 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2212 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2213 2214 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 2215 } 2216 #endif 2217 2218 tx->flags |= (LE_32(WPI_TX_AUTO_SEQ)); 2219 tx->flags |= LE_32(WPI_TX_BT_DISABLE | WPI_TX_CALIBRATION); 2220 2221 /* retrieve destination node's id */ 2222 tx->id = IEEE80211_IS_MULTICAST(wh->i_addr1) ? WPI_ID_BROADCAST : 2223 WPI_ID_BSS; 2224 2225 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2226 IEEE80211_FC0_TYPE_MGT) { 2227 /* tell h/w to set timestamp in probe responses */ 2228 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2229 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2230 tx->flags |= LE_32(WPI_TX_INSERT_TSTAMP); 2231 2232 if (((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2233 IEEE80211_FC0_SUBTYPE_ASSOC_REQ) || 2234 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2235 IEEE80211_FC0_SUBTYPE_REASSOC_REQ)) 2236 tx->timeout = 3; 2237 else 2238 tx->timeout = 2; 2239 } else 2240 tx->timeout = 0; 2241 2242 tx->rate = wpi_plcp_signal(rate); 2243 2244 /* be very persistant at sending frames out */ 2245 tx->rts_ntries = 7; 2246 tx->data_ntries = 15; 2247 2248 tx->cck_mask = 0x0f; 2249 tx->ofdm_mask = 0xff; 2250 tx->lifetime = LE_32(0xffffffff); 2251 2252 tx->len = LE_16(len); 2253 2254 /* save and trim IEEE802.11 header */ 2255 (void) memcpy(tx + 1, m->b_rptr, hdrlen); 2256 m->b_rptr += hdrlen; 2257 (void) memcpy(data->dma_data.mem_va, m->b_rptr, len - hdrlen); 2258 2259 WPI_DBG((WPI_DEBUG_TX, "sending data: qid=%d idx=%d len=%d", ring->qid, 2260 ring->cur, len)); 2261 2262 /* first scatter/gather segment is used by the tx data command */ 2263 desc->flags = LE_32(WPI_PAD32(len) << 28 | (2) << 24); 2264 desc->segs[0].addr = LE_32(data->paddr_cmd); 2265 desc->segs[0].len = LE_32( 2266 roundup(4 + sizeof (wpi_cmd_data_t) + hdrlen, 4)); 2267 desc->segs[1].addr = LE_32(data->dma_data.cookie.dmac_address); 2268 desc->segs[1].len = LE_32(len - hdrlen); 2269 2270 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2271 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2272 2273 mutex_enter(&sc->sc_tx_lock); 2274 ring->queued++; 2275 mutex_exit(&sc->sc_tx_lock); 2276 2277 /* kick ring */ 2278 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2279 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2280 freemsg(m); 2281 /* release node reference */ 2282 ieee80211_free_node(in); 2283 2284 ic->ic_stats.is_tx_bytes += len; 2285 ic->ic_stats.is_tx_frags++; 2286 2287 if (sc->sc_tx_timer == 0) 2288 sc->sc_tx_timer = 5; 2289 exit: 2290 return (err); 2291 } 2292 2293 static void 2294 wpi_m_ioctl(void* arg, queue_t *wq, mblk_t *mp) 2295 { 2296 wpi_sc_t *sc = (wpi_sc_t *)arg; 2297 ieee80211com_t *ic = &sc->sc_ic; 2298 int err; 2299 2300 err = ieee80211_ioctl(ic, wq, mp); 2301 if (err == ENETRESET) { 2302 /* 2303 * This is special for the hidden AP connection. 2304 * In any case, we should make sure only one 'scan' 2305 * in the driver for a 'connect' CLI command. So 2306 * when connecting to a hidden AP, the scan is just 2307 * sent out to the air when we know the desired 2308 * essid of the AP we want to connect. 2309 */ 2310 if (ic->ic_des_esslen) { 2311 if (sc->sc_flags & WPI_F_RUNNING) { 2312 wpi_m_stop(sc); 2313 (void) wpi_m_start(sc); 2314 (void) ieee80211_new_state(ic, 2315 IEEE80211_S_SCAN, -1); 2316 } 2317 } 2318 } 2319 } 2320 2321 /* 2322 * Callback functions for get/set properties 2323 */ 2324 /* ARGSUSED */ 2325 static int 2326 wpi_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_name, 2327 uint_t pr_flags, uint_t wldp_length, void *wldp_buf, uint_t *perm) 2328 { 2329 int err = 0; 2330 wpi_sc_t *sc = (wpi_sc_t *)arg; 2331 2332 err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_name, 2333 pr_flags, wldp_length, wldp_buf, perm); 2334 2335 return (err); 2336 } 2337 static int 2338 wpi_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_name, 2339 uint_t wldp_length, const void *wldp_buf) 2340 { 2341 int err; 2342 wpi_sc_t *sc = (wpi_sc_t *)arg; 2343 ieee80211com_t *ic = &sc->sc_ic; 2344 2345 err = ieee80211_setprop(ic, pr_name, wldp_pr_name, 2346 wldp_length, wldp_buf); 2347 2348 if (err == ENETRESET) { 2349 if (ic->ic_des_esslen) { 2350 if (sc->sc_flags & WPI_F_RUNNING) { 2351 wpi_m_stop(sc); 2352 (void) wpi_m_start(sc); 2353 (void) ieee80211_new_state(ic, 2354 IEEE80211_S_SCAN, -1); 2355 } 2356 } 2357 2358 err = 0; 2359 } 2360 2361 return (err); 2362 } 2363 2364 /*ARGSUSED*/ 2365 static int 2366 wpi_m_stat(void *arg, uint_t stat, uint64_t *val) 2367 { 2368 wpi_sc_t *sc = (wpi_sc_t *)arg; 2369 ieee80211com_t *ic = &sc->sc_ic; 2370 ieee80211_node_t *in; 2371 2372 mutex_enter(&sc->sc_glock); 2373 switch (stat) { 2374 case MAC_STAT_IFSPEED: 2375 in = ic->ic_bss; 2376 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ? 2377 IEEE80211_RATE(in->in_txrate) : 2378 ic->ic_fixed_rate) / 2 * 1000000; 2379 break; 2380 case MAC_STAT_NOXMTBUF: 2381 *val = sc->sc_tx_nobuf; 2382 break; 2383 case MAC_STAT_NORCVBUF: 2384 *val = sc->sc_rx_nobuf; 2385 break; 2386 case MAC_STAT_IERRORS: 2387 *val = sc->sc_rx_err; 2388 break; 2389 case MAC_STAT_RBYTES: 2390 *val = ic->ic_stats.is_rx_bytes; 2391 break; 2392 case MAC_STAT_IPACKETS: 2393 *val = ic->ic_stats.is_rx_frags; 2394 break; 2395 case MAC_STAT_OBYTES: 2396 *val = ic->ic_stats.is_tx_bytes; 2397 break; 2398 case MAC_STAT_OPACKETS: 2399 *val = ic->ic_stats.is_tx_frags; 2400 break; 2401 case MAC_STAT_OERRORS: 2402 case WIFI_STAT_TX_FAILED: 2403 *val = sc->sc_tx_err; 2404 break; 2405 case WIFI_STAT_TX_RETRANS: 2406 *val = sc->sc_tx_retries; 2407 break; 2408 case WIFI_STAT_FCS_ERRORS: 2409 case WIFI_STAT_WEP_ERRORS: 2410 case WIFI_STAT_TX_FRAGS: 2411 case WIFI_STAT_MCAST_TX: 2412 case WIFI_STAT_RTS_SUCCESS: 2413 case WIFI_STAT_RTS_FAILURE: 2414 case WIFI_STAT_ACK_FAILURE: 2415 case WIFI_STAT_RX_FRAGS: 2416 case WIFI_STAT_MCAST_RX: 2417 case WIFI_STAT_RX_DUPS: 2418 mutex_exit(&sc->sc_glock); 2419 return (ieee80211_stat(ic, stat, val)); 2420 default: 2421 mutex_exit(&sc->sc_glock); 2422 return (ENOTSUP); 2423 } 2424 mutex_exit(&sc->sc_glock); 2425 2426 return (WPI_SUCCESS); 2427 2428 } 2429 2430 static int 2431 wpi_m_start(void *arg) 2432 { 2433 wpi_sc_t *sc = (wpi_sc_t *)arg; 2434 ieee80211com_t *ic = &sc->sc_ic; 2435 int err; 2436 2437 err = wpi_init(sc); 2438 if (err != WPI_SUCCESS) { 2439 wpi_stop(sc); 2440 DELAY(1000000); 2441 err = wpi_init(sc); 2442 } 2443 2444 if (err) { 2445 /* 2446 * The hw init err(eg. RF is OFF). Return Success to make 2447 * the 'plumb' succeed. The wpi_thread() tries to re-init 2448 * background. 2449 */ 2450 mutex_enter(&sc->sc_glock); 2451 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2452 mutex_exit(&sc->sc_glock); 2453 return (WPI_SUCCESS); 2454 } 2455 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2456 mutex_enter(&sc->sc_glock); 2457 sc->sc_flags |= WPI_F_RUNNING; 2458 mutex_exit(&sc->sc_glock); 2459 2460 return (WPI_SUCCESS); 2461 } 2462 2463 static void 2464 wpi_m_stop(void *arg) 2465 { 2466 wpi_sc_t *sc = (wpi_sc_t *)arg; 2467 ieee80211com_t *ic = &sc->sc_ic; 2468 2469 wpi_stop(sc); 2470 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2471 mutex_enter(&sc->sc_mt_lock); 2472 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2473 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 2474 mutex_exit(&sc->sc_mt_lock); 2475 mutex_enter(&sc->sc_glock); 2476 sc->sc_flags &= ~WPI_F_RUNNING; 2477 mutex_exit(&sc->sc_glock); 2478 } 2479 2480 /*ARGSUSED*/ 2481 static int 2482 wpi_m_unicst(void *arg, const uint8_t *macaddr) 2483 { 2484 wpi_sc_t *sc = (wpi_sc_t *)arg; 2485 ieee80211com_t *ic = &sc->sc_ic; 2486 int err; 2487 2488 if (!IEEE80211_ADDR_EQ(ic->ic_macaddr, macaddr)) { 2489 IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr); 2490 mutex_enter(&sc->sc_glock); 2491 err = wpi_config(sc); 2492 mutex_exit(&sc->sc_glock); 2493 if (err != WPI_SUCCESS) { 2494 cmn_err(CE_WARN, 2495 "wpi_m_unicst(): " 2496 "failed to configure device\n"); 2497 goto fail; 2498 } 2499 } 2500 return (WPI_SUCCESS); 2501 fail: 2502 return (err); 2503 } 2504 2505 /*ARGSUSED*/ 2506 static int 2507 wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m) 2508 { 2509 return (WPI_SUCCESS); 2510 } 2511 2512 /*ARGSUSED*/ 2513 static int 2514 wpi_m_promisc(void *arg, boolean_t on) 2515 { 2516 return (WPI_SUCCESS); 2517 } 2518 2519 static void 2520 wpi_thread(wpi_sc_t *sc) 2521 { 2522 ieee80211com_t *ic = &sc->sc_ic; 2523 clock_t clk; 2524 int times = 0, err, n = 0, timeout = 0; 2525 uint32_t tmp; 2526 2527 mutex_enter(&sc->sc_mt_lock); 2528 while (sc->sc_mf_thread_switch) { 2529 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2530 if (tmp & WPI_GPIO_HW_RF_KILL) { 2531 sc->sc_flags &= ~WPI_F_RADIO_OFF; 2532 } else { 2533 sc->sc_flags |= WPI_F_RADIO_OFF; 2534 } 2535 /* 2536 * If in SUSPEND or the RF is OFF, do nothing 2537 */ 2538 if ((sc->sc_flags & WPI_F_SUSPEND) || 2539 (sc->sc_flags & WPI_F_RADIO_OFF)) { 2540 mutex_exit(&sc->sc_mt_lock); 2541 delay(drv_usectohz(100000)); 2542 mutex_enter(&sc->sc_mt_lock); 2543 continue; 2544 } 2545 2546 /* 2547 * recovery fatal error 2548 */ 2549 if (ic->ic_mach && 2550 (sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 2551 2552 WPI_DBG((WPI_DEBUG_FW, 2553 "wpi_thread(): " 2554 "try to recover fatal hw error: %d\n", times++)); 2555 2556 wpi_stop(sc); 2557 2558 if (WPI_CHK_FAST_RECOVER(sc)) { 2559 /* save runtime configuration */ 2560 bcopy(&sc->sc_config, &sc->sc_config_save, 2561 sizeof (sc->sc_config)); 2562 } else { 2563 mutex_exit(&sc->sc_mt_lock); 2564 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2565 delay(drv_usectohz(2000000)); 2566 mutex_enter(&sc->sc_mt_lock); 2567 } 2568 2569 err = wpi_init(sc); 2570 if (err != WPI_SUCCESS) { 2571 n++; 2572 if (n < 3) 2573 continue; 2574 } 2575 n = 0; 2576 if (!err) 2577 sc->sc_flags |= WPI_F_RUNNING; 2578 2579 if (!WPI_CHK_FAST_RECOVER(sc) || 2580 wpi_fast_recover(sc) != WPI_SUCCESS) { 2581 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2582 2583 mutex_exit(&sc->sc_mt_lock); 2584 delay(drv_usectohz(2000000)); 2585 if (sc->sc_ostate != IEEE80211_S_INIT) 2586 ieee80211_new_state(ic, 2587 IEEE80211_S_SCAN, 0); 2588 mutex_enter(&sc->sc_mt_lock); 2589 } 2590 } 2591 2592 if (ic->ic_mach && (sc->sc_flags & WPI_F_LAZY_RESUME)) { 2593 WPI_DBG((WPI_DEBUG_RESUME, 2594 "wpi_thread(): " 2595 "lazy resume\n")); 2596 sc->sc_flags &= ~WPI_F_LAZY_RESUME; 2597 mutex_exit(&sc->sc_mt_lock); 2598 /* 2599 * NB: under WPA mode, this call hangs (door problem?) 2600 * when called in wpi_attach() and wpi_detach() while 2601 * system is in the procedure of CPR. To be safe, let 2602 * the thread do this. 2603 */ 2604 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 2605 mutex_enter(&sc->sc_mt_lock); 2606 } 2607 2608 /* 2609 * scan next channel 2610 */ 2611 if (ic->ic_mach && 2612 (sc->sc_flags & WPI_F_SCANNING) && sc->sc_scan_next) { 2613 2614 WPI_DBG((WPI_DEBUG_SCAN, 2615 "wpi_thread(): " 2616 "wait for probe response\n")); 2617 2618 sc->sc_scan_next--; 2619 mutex_exit(&sc->sc_mt_lock); 2620 delay(drv_usectohz(200000)); 2621 if (sc->sc_flags & WPI_F_SCANNING) 2622 ieee80211_next_scan(ic); 2623 mutex_enter(&sc->sc_mt_lock); 2624 } 2625 2626 /* 2627 * rate ctl 2628 */ 2629 if (ic->ic_mach && 2630 (sc->sc_flags & WPI_F_RATE_AUTO_CTL)) { 2631 clk = ddi_get_lbolt(); 2632 if (clk > sc->sc_clk + drv_usectohz(500000)) { 2633 wpi_amrr_timeout(sc); 2634 } 2635 } 2636 mutex_exit(&sc->sc_mt_lock); 2637 delay(drv_usectohz(100000)); 2638 mutex_enter(&sc->sc_mt_lock); 2639 if (sc->sc_tx_timer) { 2640 timeout++; 2641 if (timeout == 10) { 2642 sc->sc_tx_timer--; 2643 if (sc->sc_tx_timer == 0) { 2644 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2645 sc->sc_ostate = IEEE80211_S_RUN; 2646 WPI_DBG((WPI_DEBUG_FW, 2647 "wpi_thread(): send fail\n")); 2648 } 2649 timeout = 0; 2650 } 2651 } 2652 } 2653 sc->sc_mf_thread = NULL; 2654 cv_signal(&sc->sc_mt_cv); 2655 mutex_exit(&sc->sc_mt_lock); 2656 } 2657 2658 /* 2659 * Extract various information from EEPROM. 2660 */ 2661 static void 2662 wpi_read_eeprom(wpi_sc_t *sc) 2663 { 2664 ieee80211com_t *ic = &sc->sc_ic; 2665 uint16_t val; 2666 int i; 2667 2668 /* read MAC address */ 2669 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 0); 2670 ic->ic_macaddr[0] = val & 0xff; 2671 ic->ic_macaddr[1] = val >> 8; 2672 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 1); 2673 ic->ic_macaddr[2] = val & 0xff; 2674 ic->ic_macaddr[3] = val >> 8; 2675 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 2); 2676 ic->ic_macaddr[4] = val & 0xff; 2677 ic->ic_macaddr[5] = val >> 8; 2678 2679 WPI_DBG((WPI_DEBUG_EEPROM, 2680 "mac:%2x:%2x:%2x:%2x:%2x:%2x\n", 2681 ic->ic_macaddr[0], ic->ic_macaddr[1], 2682 ic->ic_macaddr[2], ic->ic_macaddr[3], 2683 ic->ic_macaddr[4], ic->ic_macaddr[5])); 2684 /* read power settings for 2.4GHz channels */ 2685 for (i = 0; i < 14; i++) { 2686 sc->sc_pwr1[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR1 + i); 2687 sc->sc_pwr2[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR2 + i); 2688 WPI_DBG((WPI_DEBUG_EEPROM, 2689 "channel %d pwr1 0x%04x pwr2 0x%04x\n", i + 1, 2690 sc->sc_pwr1[i], sc->sc_pwr2[i])); 2691 } 2692 } 2693 2694 /* 2695 * Send a command to the firmware. 2696 */ 2697 static int 2698 wpi_cmd(wpi_sc_t *sc, int code, const void *buf, int size, int async) 2699 { 2700 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2701 wpi_tx_desc_t *desc; 2702 wpi_tx_cmd_t *cmd; 2703 2704 ASSERT(size <= sizeof (cmd->data)); 2705 ASSERT(mutex_owned(&sc->sc_glock)); 2706 2707 WPI_DBG((WPI_DEBUG_CMD, "wpi_cmd() # code[%d]", code)); 2708 desc = ring->data[ring->cur].desc; 2709 cmd = ring->data[ring->cur].cmd; 2710 2711 cmd->code = (uint8_t)code; 2712 cmd->flags = 0; 2713 cmd->qid = ring->qid; 2714 cmd->idx = ring->cur; 2715 (void) memcpy(cmd->data, buf, size); 2716 2717 desc->flags = LE_32(WPI_PAD32(size) << 28 | 1 << 24); 2718 desc->segs[0].addr = ring->data[ring->cur].paddr_cmd; 2719 desc->segs[0].len = 4 + size; 2720 2721 /* kick cmd ring */ 2722 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2723 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2724 2725 if (async) 2726 return (WPI_SUCCESS); 2727 else { 2728 clock_t clk; 2729 sc->sc_flags &= ~WPI_F_CMD_DONE; 2730 clk = ddi_get_lbolt() + drv_usectohz(2000000); 2731 while (!(sc->sc_flags & WPI_F_CMD_DONE)) { 2732 if (cv_timedwait(&sc->sc_cmd_cv, &sc->sc_glock, clk) 2733 < 0) 2734 break; 2735 } 2736 if (sc->sc_flags & WPI_F_CMD_DONE) 2737 return (WPI_SUCCESS); 2738 else 2739 return (WPI_FAIL); 2740 } 2741 } 2742 2743 /* 2744 * Configure h/w multi-rate retries. 2745 */ 2746 static int 2747 wpi_mrr_setup(wpi_sc_t *sc) 2748 { 2749 wpi_mrr_setup_t mrr; 2750 int i, err; 2751 2752 /* CCK rates (not used with 802.11a) */ 2753 for (i = WPI_CCK1; i <= WPI_CCK11; i++) { 2754 mrr.rates[i].flags = 0; 2755 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2756 /* fallback to the immediate lower CCK rate (if any) */ 2757 mrr.rates[i].next = (i == WPI_CCK1) ? WPI_CCK1 : i - 1; 2758 /* try one time at this rate before falling back to "next" */ 2759 mrr.rates[i].ntries = 1; 2760 } 2761 2762 /* OFDM rates (not used with 802.11b) */ 2763 for (i = WPI_OFDM6; i <= WPI_OFDM54; i++) { 2764 mrr.rates[i].flags = 0; 2765 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2766 /* fallback to the immediate lower OFDM rate (if any) */ 2767 mrr.rates[i].next = (i == WPI_OFDM6) ? WPI_OFDM6 : i - 1; 2768 /* try one time at this rate before falling back to "next" */ 2769 mrr.rates[i].ntries = 1; 2770 } 2771 2772 /* setup MRR for control frames */ 2773 mrr.which = LE_32(WPI_MRR_CTL); 2774 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2775 if (err != WPI_SUCCESS) { 2776 WPI_DBG((WPI_DEBUG_MRR, 2777 "could not setup MRR for control frames\n")); 2778 return (err); 2779 } 2780 2781 /* setup MRR for data frames */ 2782 mrr.which = LE_32(WPI_MRR_DATA); 2783 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2784 if (err != WPI_SUCCESS) { 2785 WPI_DBG((WPI_DEBUG_MRR, 2786 "could not setup MRR for data frames\n")); 2787 return (err); 2788 } 2789 2790 return (WPI_SUCCESS); 2791 } 2792 2793 static void 2794 wpi_set_led(wpi_sc_t *sc, uint8_t which, uint8_t off, uint8_t on) 2795 { 2796 wpi_cmd_led_t led; 2797 2798 led.which = which; 2799 led.unit = LE_32(100000); /* on/off in unit of 100ms */ 2800 led.off = off; 2801 led.on = on; 2802 2803 (void) wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof (led), 1); 2804 } 2805 2806 static int 2807 wpi_auth(wpi_sc_t *sc) 2808 { 2809 ieee80211com_t *ic = &sc->sc_ic; 2810 ieee80211_node_t *in = ic->ic_bss; 2811 wpi_node_t node; 2812 int err; 2813 2814 /* update adapter's configuration */ 2815 IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid); 2816 sc->sc_config.chan = ieee80211_chan2ieee(ic, in->in_chan); 2817 if (ic->ic_curmode == IEEE80211_MODE_11B) { 2818 sc->sc_config.cck_mask = 0x03; 2819 sc->sc_config.ofdm_mask = 0; 2820 } else if ((in->in_chan != IEEE80211_CHAN_ANYC) && 2821 (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) { 2822 sc->sc_config.cck_mask = 0; 2823 sc->sc_config.ofdm_mask = 0x15; 2824 } else { /* assume 802.11b/g */ 2825 sc->sc_config.cck_mask = 0x0f; 2826 sc->sc_config.ofdm_mask = 0xff; 2827 } 2828 2829 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x cck %x ofdm %x" 2830 " bssid:%02x:%02x:%02x:%02x:%02x:%2x\n", 2831 sc->sc_config.chan, sc->sc_config.flags, 2832 sc->sc_config.cck_mask, sc->sc_config.ofdm_mask, 2833 sc->sc_config.bssid[0], sc->sc_config.bssid[1], 2834 sc->sc_config.bssid[2], sc->sc_config.bssid[3], 2835 sc->sc_config.bssid[4], sc->sc_config.bssid[5])); 2836 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2837 sizeof (wpi_config_t), 1); 2838 if (err != WPI_SUCCESS) { 2839 cmn_err(CE_WARN, "wpi_auth(): failed to configurate chan%d\n", 2840 sc->sc_config.chan); 2841 return (err); 2842 } 2843 2844 /* add default node */ 2845 (void) memset(&node, 0, sizeof (node)); 2846 IEEE80211_ADDR_COPY(node.bssid, in->in_bssid); 2847 node.id = WPI_ID_BSS; 2848 node.rate = wpi_plcp_signal(2); 2849 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 2850 if (err != WPI_SUCCESS) { 2851 cmn_err(CE_WARN, "wpi_auth(): failed to add BSS node\n"); 2852 return (err); 2853 } 2854 2855 err = wpi_mrr_setup(sc); 2856 if (err != WPI_SUCCESS) { 2857 cmn_err(CE_WARN, "wpi_auth(): failed to setup MRR\n"); 2858 return (err); 2859 } 2860 2861 return (WPI_SUCCESS); 2862 } 2863 2864 /* 2865 * Send a scan request to the firmware. 2866 */ 2867 static int 2868 wpi_scan(wpi_sc_t *sc) 2869 { 2870 ieee80211com_t *ic = &sc->sc_ic; 2871 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2872 wpi_tx_desc_t *desc; 2873 wpi_tx_data_t *data; 2874 wpi_tx_cmd_t *cmd; 2875 wpi_scan_hdr_t *hdr; 2876 wpi_scan_chan_t *chan; 2877 struct ieee80211_frame *wh; 2878 ieee80211_node_t *in = ic->ic_bss; 2879 uint8_t essid[IEEE80211_NWID_LEN+1]; 2880 struct ieee80211_rateset *rs; 2881 enum ieee80211_phymode mode; 2882 uint8_t *frm; 2883 int i, pktlen, nrates; 2884 2885 /* previous scan not completed */ 2886 if (sc->sc_scan_pending) { 2887 WPI_DBG((WPI_DEBUG_SCAN, "previous scan not completed\n")); 2888 return (WPI_SUCCESS); 2889 } 2890 2891 data = &ring->data[ring->cur]; 2892 desc = data->desc; 2893 cmd = (wpi_tx_cmd_t *)data->dma_data.mem_va; 2894 2895 cmd->code = WPI_CMD_SCAN; 2896 cmd->flags = 0; 2897 cmd->qid = ring->qid; 2898 cmd->idx = ring->cur; 2899 2900 hdr = (wpi_scan_hdr_t *)cmd->data; 2901 (void) memset(hdr, 0, sizeof (wpi_scan_hdr_t)); 2902 hdr->first = 1; 2903 hdr->nchan = 1; 2904 hdr->len = hdr->nchan * sizeof (wpi_scan_chan_t); 2905 hdr->quiet = LE_16(50); 2906 hdr->threshold = LE_16(1); 2907 hdr->filter = LE_32(5); 2908 hdr->rate = wpi_plcp_signal(2); 2909 hdr->id = WPI_ID_BROADCAST; 2910 hdr->mask = LE_32(0xffffffff); 2911 hdr->esslen = ic->ic_des_esslen; 2912 2913 if (ic->ic_des_esslen) { 2914 bcopy(ic->ic_des_essid, essid, ic->ic_des_esslen); 2915 essid[ic->ic_des_esslen] = '\0'; 2916 WPI_DBG((WPI_DEBUG_SCAN, "directed scan %s\n", essid)); 2917 2918 bcopy(ic->ic_des_essid, hdr->essid, ic->ic_des_esslen); 2919 } else { 2920 bzero(hdr->essid, sizeof (hdr->essid)); 2921 } 2922 2923 /* 2924 * Build a probe request frame. Most of the following code is a 2925 * copy & paste of what is done in net80211. Unfortunately, the 2926 * functions to add IEs are static and thus can't be reused here. 2927 */ 2928 wh = (struct ieee80211_frame *)(hdr + 1); 2929 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2930 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2931 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2932 (void) memset(wh->i_addr1, 0xff, 6); 2933 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_macaddr); 2934 (void) memset(wh->i_addr3, 0xff, 6); 2935 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 2936 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 2937 2938 frm = (uint8_t *)(wh + 1); 2939 2940 /* add essid IE */ 2941 if (in->in_esslen) { 2942 bcopy(in->in_essid, essid, in->in_esslen); 2943 essid[in->in_esslen] = '\0'; 2944 WPI_DBG((WPI_DEBUG_SCAN, "probe with ESSID %s\n", 2945 essid)); 2946 } 2947 *frm++ = IEEE80211_ELEMID_SSID; 2948 *frm++ = in->in_esslen; 2949 (void) memcpy(frm, in->in_essid, in->in_esslen); 2950 frm += in->in_esslen; 2951 2952 mode = ieee80211_chan2mode(ic, ic->ic_curchan); 2953 rs = &ic->ic_sup_rates[mode]; 2954 2955 /* add supported rates IE */ 2956 *frm++ = IEEE80211_ELEMID_RATES; 2957 nrates = rs->ir_nrates; 2958 if (nrates > IEEE80211_RATE_SIZE) 2959 nrates = IEEE80211_RATE_SIZE; 2960 *frm++ = (uint8_t)nrates; 2961 (void) memcpy(frm, rs->ir_rates, nrates); 2962 frm += nrates; 2963 2964 /* add supported xrates IE */ 2965 if (rs->ir_nrates > IEEE80211_RATE_SIZE) { 2966 nrates = rs->ir_nrates - IEEE80211_RATE_SIZE; 2967 *frm++ = IEEE80211_ELEMID_XRATES; 2968 *frm++ = (uint8_t)nrates; 2969 (void) memcpy(frm, rs->ir_rates + IEEE80211_RATE_SIZE, nrates); 2970 frm += nrates; 2971 } 2972 2973 /* add optionnal IE (usually an RSN IE) */ 2974 if (ic->ic_opt_ie != NULL) { 2975 (void) memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); 2976 frm += ic->ic_opt_ie_len; 2977 } 2978 2979 /* setup length of probe request */ 2980 hdr->pbrlen = LE_16((uintptr_t)frm - (uintptr_t)wh); 2981 2982 /* align on a 4-byte boundary */ 2983 chan = (wpi_scan_chan_t *)frm; 2984 for (i = 1; i <= hdr->nchan; i++, chan++) { 2985 if (ic->ic_des_esslen) { 2986 chan->flags = 0x3; 2987 } else { 2988 chan->flags = 0x1; 2989 } 2990 chan->chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2991 chan->magic = LE_16(0x62ab); 2992 chan->active = LE_16(50); 2993 chan->passive = LE_16(120); 2994 2995 frm += sizeof (wpi_scan_chan_t); 2996 } 2997 2998 pktlen = (uintptr_t)frm - (uintptr_t)cmd; 2999 3000 desc->flags = LE_32(WPI_PAD32(pktlen) << 28 | 1 << 24); 3001 desc->segs[0].addr = LE_32(data->dma_data.cookie.dmac_address); 3002 desc->segs[0].len = LE_32(pktlen); 3003 3004 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 3005 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 3006 3007 /* kick cmd ring */ 3008 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 3009 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 3010 3011 sc->sc_scan_pending = 1; 3012 3013 return (WPI_SUCCESS); /* will be notified async. of failure/success */ 3014 } 3015 3016 static int 3017 wpi_config(wpi_sc_t *sc) 3018 { 3019 ieee80211com_t *ic = &sc->sc_ic; 3020 wpi_txpower_t txpower; 3021 wpi_power_t power; 3022 #ifdef WPI_BLUE_COEXISTENCE 3023 wpi_bluetooth_t bluetooth; 3024 #endif 3025 wpi_node_t node; 3026 int err; 3027 3028 /* Intel's binary only daemon is a joke.. */ 3029 3030 /* set Tx power for 2.4GHz channels (values read from EEPROM) */ 3031 (void) memset(&txpower, 0, sizeof (txpower)); 3032 (void) memcpy(txpower.pwr1, sc->sc_pwr1, 14 * sizeof (uint16_t)); 3033 (void) memcpy(txpower.pwr2, sc->sc_pwr2, 14 * sizeof (uint16_t)); 3034 err = wpi_cmd(sc, WPI_CMD_TXPOWER, &txpower, sizeof (txpower), 0); 3035 if (err != WPI_SUCCESS) { 3036 cmn_err(CE_WARN, "wpi_config(): failed to set txpower\n"); 3037 return (err); 3038 } 3039 3040 /* set power mode */ 3041 (void) memset(&power, 0, sizeof (power)); 3042 power.flags = LE_32(0x8); 3043 err = wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &power, sizeof (power), 0); 3044 if (err != WPI_SUCCESS) { 3045 cmn_err(CE_WARN, "wpi_config(): failed to set power mode\n"); 3046 return (err); 3047 } 3048 #ifdef WPI_BLUE_COEXISTENCE 3049 /* configure bluetooth coexistence */ 3050 (void) memset(&bluetooth, 0, sizeof (bluetooth)); 3051 bluetooth.flags = 3; 3052 bluetooth.lead = 0xaa; 3053 bluetooth.kill = 1; 3054 err = wpi_cmd(sc, WPI_CMD_BLUETOOTH, &bluetooth, 3055 sizeof (bluetooth), 0); 3056 if (err != WPI_SUCCESS) { 3057 cmn_err(CE_WARN, 3058 "wpi_config(): " 3059 "failed to configurate bluetooth coexistence\n"); 3060 return (err); 3061 } 3062 #endif 3063 /* configure adapter */ 3064 (void) memset(&sc->sc_config, 0, sizeof (wpi_config_t)); 3065 IEEE80211_ADDR_COPY(sc->sc_config.myaddr, ic->ic_macaddr); 3066 sc->sc_config.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 3067 sc->sc_config.flags = LE_32(WPI_CONFIG_TSF | WPI_CONFIG_AUTO | 3068 WPI_CONFIG_24GHZ); 3069 sc->sc_config.filter = 0; 3070 switch (ic->ic_opmode) { 3071 case IEEE80211_M_STA: 3072 sc->sc_config.mode = WPI_MODE_STA; 3073 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST); 3074 break; 3075 case IEEE80211_M_IBSS: 3076 case IEEE80211_M_AHDEMO: 3077 sc->sc_config.mode = WPI_MODE_IBSS; 3078 break; 3079 case IEEE80211_M_HOSTAP: 3080 sc->sc_config.mode = WPI_MODE_HOSTAP; 3081 break; 3082 case IEEE80211_M_MONITOR: 3083 sc->sc_config.mode = WPI_MODE_MONITOR; 3084 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST | 3085 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 3086 break; 3087 } 3088 sc->sc_config.cck_mask = 0x0f; /* not yet negotiated */ 3089 sc->sc_config.ofdm_mask = 0xff; /* not yet negotiated */ 3090 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 3091 sizeof (wpi_config_t), 0); 3092 if (err != WPI_SUCCESS) { 3093 cmn_err(CE_WARN, "wpi_config(): " 3094 "failed to set configure command\n"); 3095 return (err); 3096 } 3097 3098 /* add broadcast node */ 3099 (void) memset(&node, 0, sizeof (node)); 3100 (void) memset(node.bssid, 0xff, 6); 3101 node.id = WPI_ID_BROADCAST; 3102 node.rate = wpi_plcp_signal(2); 3103 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 0); 3104 if (err != WPI_SUCCESS) { 3105 cmn_err(CE_WARN, "wpi_config(): " 3106 "failed to add broadcast node\n"); 3107 return (err); 3108 } 3109 3110 return (WPI_SUCCESS); 3111 } 3112 3113 static void 3114 wpi_stop_master(wpi_sc_t *sc) 3115 { 3116 uint32_t tmp; 3117 int ntries; 3118 3119 tmp = WPI_READ(sc, WPI_RESET); 3120 WPI_WRITE(sc, WPI_RESET, tmp | WPI_STOP_MASTER); 3121 3122 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3123 if ((tmp & WPI_GPIO_PWR_STATUS) == WPI_GPIO_PWR_SLEEP) 3124 return; /* already asleep */ 3125 3126 for (ntries = 0; ntries < 2000; ntries++) { 3127 if (WPI_READ(sc, WPI_RESET) & WPI_MASTER_DISABLED) 3128 break; 3129 DELAY(1000); 3130 } 3131 if (ntries == 2000) 3132 WPI_DBG((WPI_DEBUG_HW, "timeout waiting for master\n")); 3133 } 3134 3135 static int 3136 wpi_power_up(wpi_sc_t *sc) 3137 { 3138 uint32_t tmp; 3139 int ntries; 3140 3141 wpi_mem_lock(sc); 3142 tmp = wpi_mem_read(sc, WPI_MEM_POWER); 3143 wpi_mem_write(sc, WPI_MEM_POWER, tmp & ~0x03000000); 3144 wpi_mem_unlock(sc); 3145 3146 for (ntries = 0; ntries < 5000; ntries++) { 3147 if (WPI_READ(sc, WPI_GPIO_STATUS) & WPI_POWERED) 3148 break; 3149 DELAY(10); 3150 } 3151 if (ntries == 5000) { 3152 cmn_err(CE_WARN, 3153 "wpi_power_up(): timeout waiting for NIC to power up\n"); 3154 return (ETIMEDOUT); 3155 } 3156 return (WPI_SUCCESS); 3157 } 3158 3159 static int 3160 wpi_reset(wpi_sc_t *sc) 3161 { 3162 uint32_t tmp; 3163 int ntries; 3164 3165 /* clear any pending interrupts */ 3166 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 3167 3168 tmp = WPI_READ(sc, WPI_PLL_CTL); 3169 WPI_WRITE(sc, WPI_PLL_CTL, tmp | WPI_PLL_INIT); 3170 3171 tmp = WPI_READ(sc, WPI_CHICKEN); 3172 WPI_WRITE(sc, WPI_CHICKEN, tmp | WPI_CHICKEN_RXNOLOS); 3173 3174 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3175 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_INIT); 3176 3177 /* wait for clock stabilization */ 3178 for (ntries = 0; ntries < 1000; ntries++) { 3179 if (WPI_READ(sc, WPI_GPIO_CTL) & WPI_GPIO_CLOCK) 3180 break; 3181 DELAY(10); 3182 } 3183 if (ntries == 1000) { 3184 cmn_err(CE_WARN, 3185 "wpi_reset(): timeout waiting for clock stabilization\n"); 3186 return (ETIMEDOUT); 3187 } 3188 3189 /* initialize EEPROM */ 3190 tmp = WPI_READ(sc, WPI_EEPROM_STATUS); 3191 if ((tmp & WPI_EEPROM_VERSION) == 0) { 3192 cmn_err(CE_WARN, "wpi_reset(): EEPROM not found\n"); 3193 return (EIO); 3194 } 3195 WPI_WRITE(sc, WPI_EEPROM_STATUS, tmp & ~WPI_EEPROM_LOCKED); 3196 3197 return (WPI_SUCCESS); 3198 } 3199 3200 static void 3201 wpi_hw_config(wpi_sc_t *sc) 3202 { 3203 uint16_t val; 3204 uint32_t hw; 3205 3206 /* voodoo from the Linux "driver".. */ 3207 hw = WPI_READ(sc, WPI_HWCONFIG); 3208 3209 if ((sc->sc_rev & 0xc0) == 0x40) 3210 hw |= WPI_HW_ALM_MB; 3211 else if (!(sc->sc_rev & 0x80)) 3212 hw |= WPI_HW_ALM_MM; 3213 3214 val = wpi_read_prom_word(sc, WPI_EEPROM_CAPABILITIES); 3215 if ((val & 0xff) == 0x80) 3216 hw |= WPI_HW_SKU_MRC; 3217 3218 val = wpi_read_prom_word(sc, WPI_EEPROM_REVISION); 3219 hw &= ~WPI_HW_REV_D; 3220 if ((val & 0xf0) == 0xd0) 3221 hw |= WPI_HW_REV_D; 3222 3223 val = wpi_read_prom_word(sc, WPI_EEPROM_TYPE); 3224 if ((val & 0xff) > 1) 3225 hw |= WPI_HW_TYPE_B; 3226 3227 WPI_DBG((WPI_DEBUG_HW, "setting h/w config %x\n", hw)); 3228 WPI_WRITE(sc, WPI_HWCONFIG, hw); 3229 } 3230 3231 static int 3232 wpi_init(wpi_sc_t *sc) 3233 { 3234 uint32_t tmp; 3235 int qid, ntries, err; 3236 clock_t clk; 3237 3238 mutex_enter(&sc->sc_glock); 3239 sc->sc_flags &= ~WPI_F_FW_INIT; 3240 3241 (void) wpi_reset(sc); 3242 3243 wpi_mem_lock(sc); 3244 wpi_mem_write(sc, WPI_MEM_CLOCK1, 0xa00); 3245 DELAY(20); 3246 tmp = wpi_mem_read(sc, WPI_MEM_PCIDEV); 3247 wpi_mem_write(sc, WPI_MEM_PCIDEV, tmp | 0x800); 3248 wpi_mem_unlock(sc); 3249 3250 (void) wpi_power_up(sc); 3251 wpi_hw_config(sc); 3252 3253 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3254 if (!(tmp & WPI_GPIO_HW_RF_KILL)) { 3255 cmn_err(CE_WARN, "wpi_init(): Radio transmitter is off\n"); 3256 goto fail1; 3257 } 3258 3259 /* init Rx ring */ 3260 wpi_mem_lock(sc); 3261 WPI_WRITE(sc, WPI_RX_BASE, sc->sc_rxq.dma_desc.cookie.dmac_address); 3262 WPI_WRITE(sc, WPI_RX_RIDX_PTR, 3263 (uint32_t)(sc->sc_dma_sh.cookie.dmac_address + 3264 offsetof(wpi_shared_t, next))); 3265 WPI_WRITE(sc, WPI_RX_WIDX, (WPI_RX_RING_COUNT - 1) & (~7)); 3266 WPI_WRITE(sc, WPI_RX_CONFIG, 0xa9601010); 3267 wpi_mem_unlock(sc); 3268 3269 /* init Tx rings */ 3270 wpi_mem_lock(sc); 3271 wpi_mem_write(sc, WPI_MEM_MODE, 2); /* bypass mode */ 3272 wpi_mem_write(sc, WPI_MEM_RA, 1); /* enable RA0 */ 3273 wpi_mem_write(sc, WPI_MEM_TXCFG, 0x3f); /* enable all 6 Tx rings */ 3274 wpi_mem_write(sc, WPI_MEM_BYPASS1, 0x10000); 3275 wpi_mem_write(sc, WPI_MEM_BYPASS2, 0x30002); 3276 wpi_mem_write(sc, WPI_MEM_MAGIC4, 4); 3277 wpi_mem_write(sc, WPI_MEM_MAGIC5, 5); 3278 3279 WPI_WRITE(sc, WPI_TX_BASE_PTR, sc->sc_dma_sh.cookie.dmac_address); 3280 WPI_WRITE(sc, WPI_MSG_CONFIG, 0xffff05a5); 3281 3282 for (qid = 0; qid < 6; qid++) { 3283 WPI_WRITE(sc, WPI_TX_CTL(qid), 0); 3284 WPI_WRITE(sc, WPI_TX_BASE(qid), 0); 3285 WPI_WRITE(sc, WPI_TX_CONFIG(qid), 0x80200008); 3286 } 3287 wpi_mem_unlock(sc); 3288 3289 /* clear "radio off" and "disable command" bits (reversed logic) */ 3290 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_RADIO_OFF); 3291 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_DISABLE_CMD); 3292 3293 /* clear any pending interrupts */ 3294 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 3295 3296 /* enable interrupts */ 3297 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 3298 3299 /* load firmware boot code into NIC */ 3300 err = wpi_load_microcode(sc); 3301 if (err != WPI_SUCCESS) { 3302 cmn_err(CE_WARN, "wpi_init(): failed to load microcode\n"); 3303 goto fail1; 3304 } 3305 3306 /* load firmware .text segment into NIC */ 3307 err = wpi_load_firmware(sc, WPI_FW_TEXT); 3308 if (err != WPI_SUCCESS) { 3309 cmn_err(CE_WARN, "wpi_init(): " 3310 "failed to load firmware(text)\n"); 3311 goto fail1; 3312 } 3313 3314 /* load firmware .data segment into NIC */ 3315 err = wpi_load_firmware(sc, WPI_FW_DATA); 3316 if (err != WPI_SUCCESS) { 3317 cmn_err(CE_WARN, "wpi_init(): " 3318 "failed to load firmware(data)\n"); 3319 goto fail1; 3320 } 3321 3322 /* now press "execute" ;-) */ 3323 tmp = WPI_READ(sc, WPI_RESET); 3324 tmp &= ~(WPI_MASTER_DISABLED | WPI_STOP_MASTER | WPI_NEVO_RESET); 3325 WPI_WRITE(sc, WPI_RESET, tmp); 3326 3327 /* ..and wait at most one second for adapter to initialize */ 3328 clk = ddi_get_lbolt() + drv_usectohz(2000000); 3329 while (!(sc->sc_flags & WPI_F_FW_INIT)) { 3330 if (cv_timedwait(&sc->sc_fw_cv, &sc->sc_glock, clk) < 0) 3331 break; 3332 } 3333 if (!(sc->sc_flags & WPI_F_FW_INIT)) { 3334 cmn_err(CE_WARN, 3335 "wpi_init(): timeout waiting for firmware init\n"); 3336 goto fail1; 3337 } 3338 3339 /* wait for thermal sensors to calibrate */ 3340 for (ntries = 0; ntries < 1000; ntries++) { 3341 if (WPI_READ(sc, WPI_TEMPERATURE) != 0) 3342 break; 3343 DELAY(10); 3344 } 3345 3346 if (ntries == 1000) { 3347 WPI_DBG((WPI_DEBUG_HW, 3348 "wpi_init(): timeout waiting for thermal sensors " 3349 "calibration\n")); 3350 } 3351 3352 WPI_DBG((WPI_DEBUG_HW, "temperature %d\n", 3353 (int)WPI_READ(sc, WPI_TEMPERATURE))); 3354 3355 err = wpi_config(sc); 3356 if (err) { 3357 cmn_err(CE_WARN, "wpi_init(): failed to configure device\n"); 3358 goto fail1; 3359 } 3360 3361 mutex_exit(&sc->sc_glock); 3362 return (WPI_SUCCESS); 3363 3364 fail1: 3365 err = WPI_FAIL; 3366 mutex_exit(&sc->sc_glock); 3367 return (err); 3368 } 3369 3370 static int 3371 wpi_fast_recover(wpi_sc_t *sc) 3372 { 3373 ieee80211com_t *ic = &sc->sc_ic; 3374 int err; 3375 3376 mutex_enter(&sc->sc_glock); 3377 3378 /* restore runtime configuration */ 3379 bcopy(&sc->sc_config_save, &sc->sc_config, 3380 sizeof (sc->sc_config)); 3381 3382 sc->sc_config.state = 0; 3383 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 3384 3385 if ((err = wpi_auth(sc)) != 0) { 3386 cmn_err(CE_WARN, "wpi_fast_recover(): " 3387 "failed to setup authentication\n"); 3388 mutex_exit(&sc->sc_glock); 3389 return (err); 3390 } 3391 3392 sc->sc_config.state = LE_16(WPI_CONFIG_ASSOCIATED); 3393 sc->sc_config.flags &= ~LE_32(WPI_CONFIG_SHPREAMBLE | 3394 WPI_CONFIG_SHSLOT); 3395 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3396 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHSLOT); 3397 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3398 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHPREAMBLE); 3399 sc->sc_config.filter |= LE_32(WPI_FILTER_BSS); 3400 if (ic->ic_opmode != IEEE80211_M_STA) 3401 sc->sc_config.filter |= LE_32(WPI_FILTER_BEACON); 3402 3403 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x\n", 3404 sc->sc_config.chan, sc->sc_config.flags)); 3405 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 3406 sizeof (wpi_config_t), 1); 3407 if (err != WPI_SUCCESS) { 3408 cmn_err(CE_WARN, "failed to setup association\n"); 3409 mutex_exit(&sc->sc_glock); 3410 return (err); 3411 } 3412 /* link LED on */ 3413 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 3414 3415 mutex_exit(&sc->sc_glock); 3416 3417 /* update keys */ 3418 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 3419 for (int i = 0; i < IEEE80211_KEY_MAX; i++) { 3420 if (ic->ic_nw_keys[i].wk_keyix == IEEE80211_KEYIX_NONE) 3421 continue; 3422 err = wpi_key_set(ic, &ic->ic_nw_keys[i], 3423 ic->ic_bss->in_macaddr); 3424 /* failure */ 3425 if (err == 0) { 3426 cmn_err(CE_WARN, "wpi_fast_recover(): " 3427 "failed to setup hardware keys\n"); 3428 return (WPI_FAIL); 3429 } 3430 } 3431 } 3432 3433 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 3434 3435 /* start queue */ 3436 WPI_DBG((WPI_DEBUG_FW, "wpi_fast_recover(): resume xmit\n")); 3437 mac_tx_update(ic->ic_mach); 3438 3439 return (WPI_SUCCESS); 3440 } 3441 3442 /* 3443 * quiesce(9E) entry point. 3444 * This function is called when the system is single-threaded at high 3445 * PIL with preemption disabled. Therefore, this function must not be 3446 * blocked. 3447 * This function returns DDI_SUCCESS on success, or DDI_FAILURE on failure. 3448 * DDI_FAILURE indicates an error condition and should almost never happen. 3449 */ 3450 static int 3451 wpi_quiesce(dev_info_t *dip) 3452 { 3453 wpi_sc_t *sc; 3454 3455 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 3456 if (sc == NULL) 3457 return (DDI_FAILURE); 3458 3459 #ifdef DEBUG 3460 /* by pass any messages, if it's quiesce */ 3461 wpi_dbg_flags = 0; 3462 #endif 3463 3464 /* 3465 * No more blocking is allowed while we are in the 3466 * quiesce(9E) entry point. 3467 */ 3468 sc->sc_flags |= WPI_F_QUIESCED; 3469 3470 /* 3471 * Disable and mask all interrupts. 3472 */ 3473 wpi_stop(sc); 3474 return (DDI_SUCCESS); 3475 } 3476 3477 static void 3478 wpi_stop(wpi_sc_t *sc) 3479 { 3480 uint32_t tmp; 3481 int ac; 3482 3483 /* no mutex operation, if it's quiesced */ 3484 if (!(sc->sc_flags & WPI_F_QUIESCED)) 3485 mutex_enter(&sc->sc_glock); 3486 3487 /* disable interrupts */ 3488 WPI_WRITE(sc, WPI_MASK, 0); 3489 WPI_WRITE(sc, WPI_INTR, WPI_INTR_MASK); 3490 WPI_WRITE(sc, WPI_INTR_STATUS, 0xff); 3491 WPI_WRITE(sc, WPI_INTR_STATUS, 0x00070000); 3492 3493 wpi_mem_lock(sc); 3494 wpi_mem_write(sc, WPI_MEM_MODE, 0); 3495 wpi_mem_unlock(sc); 3496 3497 /* reset all Tx rings */ 3498 for (ac = 0; ac < 4; ac++) 3499 wpi_reset_tx_ring(sc, &sc->sc_txq[ac]); 3500 wpi_reset_tx_ring(sc, &sc->sc_cmdq); 3501 wpi_reset_tx_ring(sc, &sc->sc_svcq); 3502 3503 /* reset Rx ring */ 3504 wpi_reset_rx_ring(sc); 3505 3506 wpi_mem_lock(sc); 3507 wpi_mem_write(sc, WPI_MEM_CLOCK2, 0x200); 3508 wpi_mem_unlock(sc); 3509 3510 DELAY(5); 3511 3512 wpi_stop_master(sc); 3513 3514 sc->sc_tx_timer = 0; 3515 sc->sc_flags &= ~WPI_F_SCANNING; 3516 sc->sc_scan_pending = 0; 3517 sc->sc_scan_next = 0; 3518 3519 tmp = WPI_READ(sc, WPI_RESET); 3520 WPI_WRITE(sc, WPI_RESET, tmp | WPI_SW_RESET); 3521 3522 /* no mutex operation, if it's quiesced */ 3523 if (!(sc->sc_flags & WPI_F_QUIESCED)) 3524 mutex_exit(&sc->sc_glock); 3525 } 3526 3527 /* 3528 * Naive implementation of the Adaptive Multi Rate Retry algorithm: 3529 * "IEEE 802.11 Rate Adaptation: A Practical Approach" 3530 * Mathieu Lacage, Hossein Manshaei, Thierry Turletti 3531 * INRIA Sophia - Projet Planete 3532 * http://www-sop.inria.fr/rapports/sophia/RR-5208.html 3533 */ 3534 #define is_success(amrr) \ 3535 ((amrr)->retrycnt < (amrr)->txcnt / 10) 3536 #define is_failure(amrr) \ 3537 ((amrr)->retrycnt > (amrr)->txcnt / 3) 3538 #define is_enough(amrr) \ 3539 ((amrr)->txcnt > 100) 3540 #define is_min_rate(in) \ 3541 ((in)->in_txrate == 0) 3542 #define is_max_rate(in) \ 3543 ((in)->in_txrate == (in)->in_rates.ir_nrates - 1) 3544 #define increase_rate(in) \ 3545 ((in)->in_txrate++) 3546 #define decrease_rate(in) \ 3547 ((in)->in_txrate--) 3548 #define reset_cnt(amrr) \ 3549 { (amrr)->txcnt = (amrr)->retrycnt = 0; } 3550 3551 #define WPI_AMRR_MIN_SUCCESS_THRESHOLD 1 3552 #define WPI_AMRR_MAX_SUCCESS_THRESHOLD 15 3553 3554 static void 3555 wpi_amrr_init(wpi_amrr_t *amrr) 3556 { 3557 amrr->success = 0; 3558 amrr->recovery = 0; 3559 amrr->txcnt = amrr->retrycnt = 0; 3560 amrr->success_threshold = WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3561 } 3562 3563 static void 3564 wpi_amrr_timeout(wpi_sc_t *sc) 3565 { 3566 ieee80211com_t *ic = &sc->sc_ic; 3567 3568 WPI_DBG((WPI_DEBUG_RATECTL, "wpi_amrr_timeout() enter\n")); 3569 if (ic->ic_opmode == IEEE80211_M_STA) 3570 wpi_amrr_ratectl(NULL, ic->ic_bss); 3571 else 3572 ieee80211_iterate_nodes(&ic->ic_sta, wpi_amrr_ratectl, NULL); 3573 sc->sc_clk = ddi_get_lbolt(); 3574 } 3575 3576 /* ARGSUSED */ 3577 static void 3578 wpi_amrr_ratectl(void *arg, ieee80211_node_t *in) 3579 { 3580 wpi_amrr_t *amrr = (wpi_amrr_t *)in; 3581 int need_change = 0; 3582 3583 if (is_success(amrr) && is_enough(amrr)) { 3584 amrr->success++; 3585 if (amrr->success >= amrr->success_threshold && 3586 !is_max_rate(in)) { 3587 amrr->recovery = 1; 3588 amrr->success = 0; 3589 increase_rate(in); 3590 WPI_DBG((WPI_DEBUG_RATECTL, 3591 "AMRR increasing rate %d (txcnt=%d retrycnt=%d)\n", 3592 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3593 need_change = 1; 3594 } else { 3595 amrr->recovery = 0; 3596 } 3597 } else if (is_failure(amrr)) { 3598 amrr->success = 0; 3599 if (!is_min_rate(in)) { 3600 if (amrr->recovery) { 3601 amrr->success_threshold++; 3602 if (amrr->success_threshold > 3603 WPI_AMRR_MAX_SUCCESS_THRESHOLD) 3604 amrr->success_threshold = 3605 WPI_AMRR_MAX_SUCCESS_THRESHOLD; 3606 } else { 3607 amrr->success_threshold = 3608 WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3609 } 3610 decrease_rate(in); 3611 WPI_DBG((WPI_DEBUG_RATECTL, 3612 "AMRR decreasing rate %d (txcnt=%d retrycnt=%d)\n", 3613 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3614 need_change = 1; 3615 } 3616 amrr->recovery = 0; /* paper is incorrect */ 3617 } 3618 3619 if (is_enough(amrr) || need_change) 3620 reset_cnt(amrr); 3621 } 3622