1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright (c) 2006 8 * Damien Bergamini <damien.bergamini@free.fr> 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 */ 22 23 /* 24 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/byteorder.h> 29 #include <sys/conf.h> 30 #include <sys/cmn_err.h> 31 #include <sys/stat.h> 32 #include <sys/ddi.h> 33 #include <sys/sunddi.h> 34 #include <sys/strsubr.h> 35 #include <sys/ethernet.h> 36 #include <inet/common.h> 37 #include <inet/nd.h> 38 #include <inet/mi.h> 39 #include <sys/note.h> 40 #include <sys/stream.h> 41 #include <sys/strsun.h> 42 #include <sys/modctl.h> 43 #include <sys/devops.h> 44 #include <sys/dlpi.h> 45 #include <sys/mac.h> 46 #include <sys/mac_wifi.h> 47 #include <sys/net80211.h> 48 #include <sys/net80211_proto.h> 49 #include <sys/varargs.h> 50 #include <sys/policy.h> 51 #include <sys/pci.h> 52 53 #include "wpireg.h" 54 #include "wpivar.h" 55 #include <inet/wifi_ioctl.h> 56 57 #ifdef DEBUG 58 #define WPI_DEBUG_80211 (1 << 0) 59 #define WPI_DEBUG_CMD (1 << 1) 60 #define WPI_DEBUG_DMA (1 << 2) 61 #define WPI_DEBUG_EEPROM (1 << 3) 62 #define WPI_DEBUG_FW (1 << 4) 63 #define WPI_DEBUG_HW (1 << 5) 64 #define WPI_DEBUG_INTR (1 << 6) 65 #define WPI_DEBUG_MRR (1 << 7) 66 #define WPI_DEBUG_PIO (1 << 8) 67 #define WPI_DEBUG_RX (1 << 9) 68 #define WPI_DEBUG_SCAN (1 << 10) 69 #define WPI_DEBUG_TX (1 << 11) 70 #define WPI_DEBUG_RATECTL (1 << 12) 71 #define WPI_DEBUG_RADIO (1 << 13) 72 #define WPI_DEBUG_RESUME (1 << 14) 73 uint32_t wpi_dbg_flags = 0; 74 #define WPI_DBG(x) \ 75 wpi_dbg x 76 #else 77 #define WPI_DBG(x) 78 #endif 79 80 static void *wpi_soft_state_p = NULL; 81 static uint8_t wpi_fw_bin [] = { 82 #include "fw-wpi/ipw3945.ucode.hex" 83 }; 84 85 /* DMA attributes for a shared page */ 86 static ddi_dma_attr_t sh_dma_attr = { 87 DMA_ATTR_V0, /* version of this structure */ 88 0, /* lowest usable address */ 89 0xffffffffU, /* highest usable address */ 90 0xffffffffU, /* maximum DMAable byte count */ 91 0x1000, /* alignment in bytes */ 92 0x1000, /* burst sizes (any?) */ 93 1, /* minimum transfer */ 94 0xffffffffU, /* maximum transfer */ 95 0xffffffffU, /* maximum segment length */ 96 1, /* maximum number of segments */ 97 1, /* granularity */ 98 0, /* flags (reserved) */ 99 }; 100 101 /* DMA attributes for a ring descriptor */ 102 static ddi_dma_attr_t ring_desc_dma_attr = { 103 DMA_ATTR_V0, /* version of this structure */ 104 0, /* lowest usable address */ 105 0xffffffffU, /* highest usable address */ 106 0xffffffffU, /* maximum DMAable byte count */ 107 0x4000, /* alignment in bytes */ 108 0x100, /* burst sizes (any?) */ 109 1, /* minimum transfer */ 110 0xffffffffU, /* maximum transfer */ 111 0xffffffffU, /* maximum segment length */ 112 1, /* maximum number of segments */ 113 1, /* granularity */ 114 0, /* flags (reserved) */ 115 }; 116 117 118 /* DMA attributes for a tx cmd */ 119 static ddi_dma_attr_t tx_cmd_dma_attr = { 120 DMA_ATTR_V0, /* version of this structure */ 121 0, /* lowest usable address */ 122 0xffffffffU, /* highest usable address */ 123 0xffffffffU, /* maximum DMAable byte count */ 124 4, /* alignment in bytes */ 125 0x100, /* burst sizes (any?) */ 126 1, /* minimum transfer */ 127 0xffffffffU, /* maximum transfer */ 128 0xffffffffU, /* maximum segment length */ 129 1, /* maximum number of segments */ 130 1, /* granularity */ 131 0, /* flags (reserved) */ 132 }; 133 134 /* DMA attributes for a rx buffer */ 135 static ddi_dma_attr_t rx_buffer_dma_attr = { 136 DMA_ATTR_V0, /* version of this structure */ 137 0, /* lowest usable address */ 138 0xffffffffU, /* highest usable address */ 139 0xffffffffU, /* maximum DMAable byte count */ 140 1, /* alignment in bytes */ 141 0x100, /* burst sizes (any?) */ 142 1, /* minimum transfer */ 143 0xffffffffU, /* maximum transfer */ 144 0xffffffffU, /* maximum segment length */ 145 1, /* maximum number of segments */ 146 1, /* granularity */ 147 0, /* flags (reserved) */ 148 }; 149 150 /* 151 * DMA attributes for a tx buffer. 152 * the maximum number of segments is 4 for the hardware. 153 * now all the wifi drivers put the whole frame in a single 154 * descriptor, so we define the maximum number of segments 4, 155 * just the same as the rx_buffer. we consider leverage the HW 156 * ability in the future, that is why we don't define rx and tx 157 * buffer_dma_attr as the same. 158 */ 159 static ddi_dma_attr_t tx_buffer_dma_attr = { 160 DMA_ATTR_V0, /* version of this structure */ 161 0, /* lowest usable address */ 162 0xffffffffU, /* highest usable address */ 163 0xffffffffU, /* maximum DMAable byte count */ 164 1, /* alignment in bytes */ 165 0x100, /* burst sizes (any?) */ 166 1, /* minimum transfer */ 167 0xffffffffU, /* maximum transfer */ 168 0xffffffffU, /* maximum segment length */ 169 1, /* maximum number of segments */ 170 1, /* granularity */ 171 0, /* flags (reserved) */ 172 }; 173 174 /* DMA attributes for a load firmware */ 175 static ddi_dma_attr_t fw_buffer_dma_attr = { 176 DMA_ATTR_V0, /* version of this structure */ 177 0, /* lowest usable address */ 178 0xffffffffU, /* highest usable address */ 179 0x7fffffff, /* maximum DMAable byte count */ 180 4, /* alignment in bytes */ 181 0x100, /* burst sizes (any?) */ 182 1, /* minimum transfer */ 183 0xffffffffU, /* maximum transfer */ 184 0xffffffffU, /* maximum segment length */ 185 4, /* maximum number of segments */ 186 1, /* granularity */ 187 0, /* flags (reserved) */ 188 }; 189 190 /* regs access attributes */ 191 static ddi_device_acc_attr_t wpi_reg_accattr = { 192 DDI_DEVICE_ATTR_V0, 193 DDI_STRUCTURE_LE_ACC, 194 DDI_STRICTORDER_ACC, 195 DDI_DEFAULT_ACC 196 }; 197 198 /* DMA access attributes */ 199 static ddi_device_acc_attr_t wpi_dma_accattr = { 200 DDI_DEVICE_ATTR_V0, 201 DDI_NEVERSWAP_ACC, 202 DDI_STRICTORDER_ACC, 203 DDI_DEFAULT_ACC 204 }; 205 206 static int wpi_ring_init(wpi_sc_t *); 207 static void wpi_ring_free(wpi_sc_t *); 208 static int wpi_alloc_shared(wpi_sc_t *); 209 static void wpi_free_shared(wpi_sc_t *); 210 static int wpi_alloc_fw_dma(wpi_sc_t *); 211 static void wpi_free_fw_dma(wpi_sc_t *); 212 static int wpi_alloc_rx_ring(wpi_sc_t *); 213 static void wpi_reset_rx_ring(wpi_sc_t *); 214 static void wpi_free_rx_ring(wpi_sc_t *); 215 static int wpi_alloc_tx_ring(wpi_sc_t *, wpi_tx_ring_t *, int, int); 216 static void wpi_reset_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 217 static void wpi_free_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 218 219 static ieee80211_node_t *wpi_node_alloc(ieee80211com_t *); 220 static void wpi_node_free(ieee80211_node_t *); 221 static int wpi_newstate(ieee80211com_t *, enum ieee80211_state, int); 222 static int wpi_key_set(ieee80211com_t *, const struct ieee80211_key *, 223 const uint8_t mac[IEEE80211_ADDR_LEN]); 224 static void wpi_mem_lock(wpi_sc_t *); 225 static void wpi_mem_unlock(wpi_sc_t *); 226 static uint32_t wpi_mem_read(wpi_sc_t *, uint16_t); 227 static void wpi_mem_write(wpi_sc_t *, uint16_t, uint32_t); 228 static void wpi_mem_write_region_4(wpi_sc_t *, uint16_t, 229 const uint32_t *, int); 230 static uint16_t wpi_read_prom_word(wpi_sc_t *, uint32_t); 231 static int wpi_load_microcode(wpi_sc_t *); 232 static int wpi_load_firmware(wpi_sc_t *, uint32_t); 233 static void wpi_rx_intr(wpi_sc_t *, wpi_rx_desc_t *, 234 wpi_rx_data_t *); 235 static void wpi_tx_intr(wpi_sc_t *, wpi_rx_desc_t *, 236 wpi_rx_data_t *); 237 static void wpi_cmd_intr(wpi_sc_t *, wpi_rx_desc_t *); 238 static uint_t wpi_intr(caddr_t); 239 static uint_t wpi_notif_softintr(caddr_t); 240 static uint8_t wpi_plcp_signal(int); 241 static void wpi_read_eeprom(wpi_sc_t *); 242 static int wpi_cmd(wpi_sc_t *, int, const void *, int, int); 243 static int wpi_mrr_setup(wpi_sc_t *); 244 static void wpi_set_led(wpi_sc_t *, uint8_t, uint8_t, uint8_t); 245 static int wpi_auth(wpi_sc_t *); 246 static int wpi_scan(wpi_sc_t *); 247 static int wpi_config(wpi_sc_t *); 248 static void wpi_stop_master(wpi_sc_t *); 249 static int wpi_power_up(wpi_sc_t *); 250 static int wpi_reset(wpi_sc_t *); 251 static void wpi_hw_config(wpi_sc_t *); 252 static int wpi_init(wpi_sc_t *); 253 static void wpi_stop(wpi_sc_t *); 254 static int wpi_quiesce(dev_info_t *dip); 255 static void wpi_amrr_init(wpi_amrr_t *); 256 static void wpi_amrr_timeout(wpi_sc_t *); 257 static void wpi_amrr_ratectl(void *, ieee80211_node_t *); 258 259 static int wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd); 260 static int wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd); 261 262 /* 263 * GLD specific operations 264 */ 265 static int wpi_m_stat(void *arg, uint_t stat, uint64_t *val); 266 static int wpi_m_start(void *arg); 267 static void wpi_m_stop(void *arg); 268 static int wpi_m_unicst(void *arg, const uint8_t *macaddr); 269 static int wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m); 270 static int wpi_m_promisc(void *arg, boolean_t on); 271 static mblk_t *wpi_m_tx(void *arg, mblk_t *mp); 272 static void wpi_m_ioctl(void *arg, queue_t *wq, mblk_t *mp); 273 static int wpi_m_setprop(void *arg, const char *pr_name, 274 mac_prop_id_t wldp_pr_num, uint_t wldp_length, const void *wldp_buf); 275 static int wpi_m_getprop(void *arg, const char *pr_name, 276 mac_prop_id_t wldp_pr_num, uint_t pr_flags, uint_t wldp_lenth, 277 void *wldp_buf, uint_t *); 278 static void wpi_destroy_locks(wpi_sc_t *sc); 279 static int wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type); 280 static void wpi_thread(wpi_sc_t *sc); 281 282 /* 283 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 284 */ 285 static const struct ieee80211_rateset wpi_rateset_11b = 286 { 4, { 2, 4, 11, 22 } }; 287 288 static const struct ieee80211_rateset wpi_rateset_11g = 289 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 290 291 static const uint8_t wpi_ridx_to_signal[] = { 292 /* OFDM: IEEE Std 802.11a-1999, pp. 14 Table 80 */ 293 /* R1-R4 (ral/ural is R4-R1) */ 294 0xd, 0xf, 0x5, 0x7, 0x9, 0xb, 0x1, 0x3, 295 /* CCK: device-dependent */ 296 10, 20, 55, 110 297 }; 298 299 /* 300 * For mfthread only 301 */ 302 extern pri_t minclsyspri; 303 304 /* 305 * Module Loading Data & Entry Points 306 */ 307 DDI_DEFINE_STREAM_OPS(wpi_devops, nulldev, nulldev, wpi_attach, 308 wpi_detach, nodev, NULL, D_MP, NULL, wpi_quiesce); 309 310 static struct modldrv wpi_modldrv = { 311 &mod_driverops, 312 "Intel(R) PRO/Wireless 3945ABG driver", 313 &wpi_devops 314 }; 315 316 static struct modlinkage wpi_modlinkage = { 317 MODREV_1, 318 &wpi_modldrv, 319 NULL 320 }; 321 322 int 323 _init(void) 324 { 325 int status; 326 327 status = ddi_soft_state_init(&wpi_soft_state_p, 328 sizeof (wpi_sc_t), 1); 329 if (status != DDI_SUCCESS) 330 return (status); 331 332 mac_init_ops(&wpi_devops, "wpi"); 333 status = mod_install(&wpi_modlinkage); 334 if (status != DDI_SUCCESS) { 335 mac_fini_ops(&wpi_devops); 336 ddi_soft_state_fini(&wpi_soft_state_p); 337 } 338 339 return (status); 340 } 341 342 int 343 _fini(void) 344 { 345 int status; 346 347 status = mod_remove(&wpi_modlinkage); 348 if (status == DDI_SUCCESS) { 349 mac_fini_ops(&wpi_devops); 350 ddi_soft_state_fini(&wpi_soft_state_p); 351 } 352 353 return (status); 354 } 355 356 int 357 _info(struct modinfo *mip) 358 { 359 return (mod_info(&wpi_modlinkage, mip)); 360 } 361 362 /* 363 * Mac Call Back entries 364 */ 365 mac_callbacks_t wpi_m_callbacks = { 366 MC_IOCTL | MC_SETPROP | MC_GETPROP, 367 wpi_m_stat, 368 wpi_m_start, 369 wpi_m_stop, 370 wpi_m_promisc, 371 wpi_m_multicst, 372 wpi_m_unicst, 373 wpi_m_tx, 374 NULL, 375 wpi_m_ioctl, 376 NULL, 377 NULL, 378 NULL, 379 wpi_m_setprop, 380 wpi_m_getprop 381 }; 382 383 #ifdef DEBUG 384 void 385 wpi_dbg(uint32_t flags, const char *fmt, ...) 386 { 387 va_list ap; 388 389 if (flags & wpi_dbg_flags) { 390 va_start(ap, fmt); 391 vcmn_err(CE_NOTE, fmt, ap); 392 va_end(ap); 393 } 394 } 395 #endif 396 /* 397 * device operations 398 */ 399 int 400 wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 401 { 402 wpi_sc_t *sc; 403 ddi_acc_handle_t cfg_handle; 404 caddr_t cfg_base; 405 ieee80211com_t *ic; 406 int instance, err, i; 407 char strbuf[32]; 408 wifi_data_t wd = { 0 }; 409 mac_register_t *macp; 410 411 switch (cmd) { 412 case DDI_ATTACH: 413 break; 414 case DDI_RESUME: 415 sc = ddi_get_soft_state(wpi_soft_state_p, 416 ddi_get_instance(dip)); 417 ASSERT(sc != NULL); 418 mutex_enter(&sc->sc_glock); 419 sc->sc_flags &= ~WPI_F_SUSPEND; 420 mutex_exit(&sc->sc_glock); 421 if (sc->sc_flags & WPI_F_RUNNING) { 422 (void) wpi_init(sc); 423 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 424 } 425 WPI_DBG((WPI_DEBUG_RESUME, "wpi: resume \n")); 426 return (DDI_SUCCESS); 427 default: 428 err = DDI_FAILURE; 429 goto attach_fail1; 430 } 431 432 instance = ddi_get_instance(dip); 433 err = ddi_soft_state_zalloc(wpi_soft_state_p, instance); 434 if (err != DDI_SUCCESS) { 435 cmn_err(CE_WARN, 436 "wpi_attach(): failed to allocate soft state\n"); 437 goto attach_fail1; 438 } 439 sc = ddi_get_soft_state(wpi_soft_state_p, instance); 440 sc->sc_dip = dip; 441 442 err = ddi_regs_map_setup(dip, 0, &cfg_base, 0, 0, 443 &wpi_reg_accattr, &cfg_handle); 444 if (err != DDI_SUCCESS) { 445 cmn_err(CE_WARN, 446 "wpi_attach(): failed to map config spaces regs\n"); 447 goto attach_fail2; 448 } 449 sc->sc_rev = ddi_get8(cfg_handle, 450 (uint8_t *)(cfg_base + PCI_CONF_REVID)); 451 ddi_put8(cfg_handle, (uint8_t *)(cfg_base + 0x41), 0); 452 sc->sc_clsz = ddi_get16(cfg_handle, 453 (uint16_t *)(cfg_base + PCI_CONF_CACHE_LINESZ)); 454 ddi_regs_map_free(&cfg_handle); 455 if (!sc->sc_clsz) 456 sc->sc_clsz = 16; 457 sc->sc_clsz = (sc->sc_clsz << 2); 458 sc->sc_dmabuf_sz = roundup(0x1000 + sizeof (struct ieee80211_frame) + 459 IEEE80211_MTU + IEEE80211_CRC_LEN + 460 (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + 461 IEEE80211_WEP_CRCLEN), sc->sc_clsz); 462 /* 463 * Map operating registers 464 */ 465 err = ddi_regs_map_setup(dip, 1, &sc->sc_base, 466 0, 0, &wpi_reg_accattr, &sc->sc_handle); 467 if (err != DDI_SUCCESS) { 468 cmn_err(CE_WARN, 469 "wpi_attach(): failed to map device regs\n"); 470 goto attach_fail2; 471 } 472 473 /* 474 * Allocate shared page. 475 */ 476 err = wpi_alloc_shared(sc); 477 if (err != DDI_SUCCESS) { 478 cmn_err(CE_WARN, "failed to allocate shared page\n"); 479 goto attach_fail3; 480 } 481 482 /* 483 * Get the hw conf, including MAC address, then init all rings. 484 */ 485 wpi_read_eeprom(sc); 486 err = wpi_ring_init(sc); 487 if (err != DDI_SUCCESS) { 488 cmn_err(CE_WARN, "wpi_attach(): " 489 "failed to allocate and initialize ring\n"); 490 goto attach_fail4; 491 } 492 493 sc->sc_hdr = (const wpi_firmware_hdr_t *)wpi_fw_bin; 494 495 /* firmware image layout: |HDR|<--TEXT-->|<--DATA-->|<--BOOT-->| */ 496 sc->sc_text = (const char *)(sc->sc_hdr + 1); 497 sc->sc_data = sc->sc_text + LE_32(sc->sc_hdr->textsz); 498 sc->sc_boot = sc->sc_data + LE_32(sc->sc_hdr->datasz); 499 err = wpi_alloc_fw_dma(sc); 500 if (err != DDI_SUCCESS) { 501 cmn_err(CE_WARN, "wpi_attach(): " 502 "failed to allocate firmware dma\n"); 503 goto attach_fail5; 504 } 505 506 /* 507 * Initialize mutexs and condvars 508 */ 509 err = ddi_get_iblock_cookie(dip, 0, &sc->sc_iblk); 510 if (err != DDI_SUCCESS) { 511 cmn_err(CE_WARN, 512 "wpi_attach(): failed to do ddi_get_iblock_cookie()\n"); 513 goto attach_fail6; 514 } 515 mutex_init(&sc->sc_glock, NULL, MUTEX_DRIVER, sc->sc_iblk); 516 mutex_init(&sc->sc_tx_lock, NULL, MUTEX_DRIVER, sc->sc_iblk); 517 cv_init(&sc->sc_fw_cv, NULL, CV_DRIVER, NULL); 518 cv_init(&sc->sc_cmd_cv, NULL, CV_DRIVER, NULL); 519 520 /* 521 * initialize the mfthread 522 */ 523 mutex_init(&sc->sc_mt_lock, NULL, MUTEX_DRIVER, 524 (void *) sc->sc_iblk); 525 cv_init(&sc->sc_mt_cv, NULL, CV_DRIVER, NULL); 526 sc->sc_mf_thread = NULL; 527 sc->sc_mf_thread_switch = 0; 528 /* 529 * Initialize the wifi part, which will be used by 530 * generic layer 531 */ 532 ic = &sc->sc_ic; 533 ic->ic_phytype = IEEE80211_T_OFDM; 534 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 535 ic->ic_state = IEEE80211_S_INIT; 536 ic->ic_maxrssi = 70; /* experimental number */ 537 ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_TXPMGT | 538 IEEE80211_C_PMGT | IEEE80211_C_SHSLOT; 539 540 /* 541 * use software WEP and TKIP, hardware CCMP; 542 */ 543 ic->ic_caps |= IEEE80211_C_AES_CCM; 544 ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */ 545 546 /* set supported .11b and .11g rates */ 547 ic->ic_sup_rates[IEEE80211_MODE_11B] = wpi_rateset_11b; 548 ic->ic_sup_rates[IEEE80211_MODE_11G] = wpi_rateset_11g; 549 550 /* set supported .11b and .11g channels (1 through 14) */ 551 for (i = 1; i <= 14; i++) { 552 ic->ic_sup_channels[i].ich_freq = 553 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 554 ic->ic_sup_channels[i].ich_flags = 555 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 556 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ | 557 IEEE80211_CHAN_PASSIVE; 558 } 559 ic->ic_ibss_chan = &ic->ic_sup_channels[0]; 560 ic->ic_xmit = wpi_send; 561 /* 562 * init Wifi layer 563 */ 564 ieee80211_attach(ic); 565 566 /* register WPA door */ 567 ieee80211_register_door(ic, ddi_driver_name(dip), 568 ddi_get_instance(dip)); 569 570 /* 571 * Override 80211 default routines 572 */ 573 sc->sc_newstate = ic->ic_newstate; 574 ic->ic_newstate = wpi_newstate; 575 ic->ic_node_alloc = wpi_node_alloc; 576 ic->ic_node_free = wpi_node_free; 577 ic->ic_crypto.cs_key_set = wpi_key_set; 578 ieee80211_media_init(ic); 579 /* 580 * initialize default tx key 581 */ 582 ic->ic_def_txkey = 0; 583 584 err = ddi_add_softintr(dip, DDI_SOFTINT_LOW, 585 &sc->sc_notif_softint_id, &sc->sc_iblk, NULL, wpi_notif_softintr, 586 (caddr_t)sc); 587 if (err != DDI_SUCCESS) { 588 cmn_err(CE_WARN, 589 "wpi_attach(): failed to do ddi_add_softintr()\n"); 590 goto attach_fail7; 591 } 592 593 /* 594 * Add the interrupt handler 595 */ 596 err = ddi_add_intr(dip, 0, &sc->sc_iblk, NULL, 597 wpi_intr, (caddr_t)sc); 598 if (err != DDI_SUCCESS) { 599 cmn_err(CE_WARN, 600 "wpi_attach(): failed to do ddi_add_intr()\n"); 601 goto attach_fail8; 602 } 603 604 /* 605 * Initialize pointer to device specific functions 606 */ 607 wd.wd_secalloc = WIFI_SEC_NONE; 608 wd.wd_opmode = ic->ic_opmode; 609 IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_macaddr); 610 611 macp = mac_alloc(MAC_VERSION); 612 if (err != DDI_SUCCESS) { 613 cmn_err(CE_WARN, 614 "wpi_attach(): failed to do mac_alloc()\n"); 615 goto attach_fail9; 616 } 617 618 macp->m_type_ident = MAC_PLUGIN_IDENT_WIFI; 619 macp->m_driver = sc; 620 macp->m_dip = dip; 621 macp->m_src_addr = ic->ic_macaddr; 622 macp->m_callbacks = &wpi_m_callbacks; 623 macp->m_min_sdu = 0; 624 macp->m_max_sdu = IEEE80211_MTU; 625 macp->m_pdata = &wd; 626 macp->m_pdata_size = sizeof (wd); 627 628 /* 629 * Register the macp to mac 630 */ 631 err = mac_register(macp, &ic->ic_mach); 632 mac_free(macp); 633 if (err != DDI_SUCCESS) { 634 cmn_err(CE_WARN, 635 "wpi_attach(): failed to do mac_register()\n"); 636 goto attach_fail9; 637 } 638 639 /* 640 * Create minor node of type DDI_NT_NET_WIFI 641 */ 642 (void) snprintf(strbuf, sizeof (strbuf), "wpi%d", instance); 643 err = ddi_create_minor_node(dip, strbuf, S_IFCHR, 644 instance + 1, DDI_NT_NET_WIFI, 0); 645 if (err != DDI_SUCCESS) 646 cmn_err(CE_WARN, 647 "wpi_attach(): failed to do ddi_create_minor_node()\n"); 648 649 /* 650 * Notify link is down now 651 */ 652 mac_link_update(ic->ic_mach, LINK_STATE_DOWN); 653 654 /* 655 * create the mf thread to handle the link status, 656 * recovery fatal error, etc. 657 */ 658 659 sc->sc_mf_thread_switch = 1; 660 if (sc->sc_mf_thread == NULL) 661 sc->sc_mf_thread = thread_create((caddr_t)NULL, 0, 662 wpi_thread, sc, 0, &p0, TS_RUN, minclsyspri); 663 664 sc->sc_flags |= WPI_F_ATTACHED; 665 666 return (DDI_SUCCESS); 667 attach_fail9: 668 ddi_remove_intr(dip, 0, sc->sc_iblk); 669 attach_fail8: 670 ddi_remove_softintr(sc->sc_notif_softint_id); 671 sc->sc_notif_softint_id = NULL; 672 attach_fail7: 673 ieee80211_detach(ic); 674 wpi_destroy_locks(sc); 675 attach_fail6: 676 wpi_free_fw_dma(sc); 677 attach_fail5: 678 wpi_ring_free(sc); 679 attach_fail4: 680 wpi_free_shared(sc); 681 attach_fail3: 682 ddi_regs_map_free(&sc->sc_handle); 683 attach_fail2: 684 ddi_soft_state_free(wpi_soft_state_p, instance); 685 attach_fail1: 686 return (err); 687 } 688 689 int 690 wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 691 { 692 wpi_sc_t *sc; 693 int err; 694 695 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 696 ASSERT(sc != NULL); 697 698 switch (cmd) { 699 case DDI_DETACH: 700 break; 701 case DDI_SUSPEND: 702 if (sc->sc_flags & WPI_F_RUNNING) { 703 wpi_stop(sc); 704 } 705 mutex_enter(&sc->sc_glock); 706 sc->sc_flags |= WPI_F_SUSPEND; 707 mutex_exit(&sc->sc_glock); 708 WPI_DBG((WPI_DEBUG_RESUME, "wpi: suspend \n")); 709 return (DDI_SUCCESS); 710 default: 711 return (DDI_FAILURE); 712 } 713 if (!(sc->sc_flags & WPI_F_ATTACHED)) 714 return (DDI_FAILURE); 715 716 err = mac_disable(sc->sc_ic.ic_mach); 717 if (err != DDI_SUCCESS) 718 return (err); 719 720 /* 721 * Destroy the mf_thread 722 */ 723 mutex_enter(&sc->sc_mt_lock); 724 sc->sc_mf_thread_switch = 0; 725 while (sc->sc_mf_thread != NULL) { 726 if (cv_wait_sig(&sc->sc_mt_cv, &sc->sc_mt_lock) == 0) 727 break; 728 } 729 mutex_exit(&sc->sc_mt_lock); 730 731 wpi_stop(sc); 732 733 /* 734 * Unregiste from the MAC layer subsystem 735 */ 736 (void) mac_unregister(sc->sc_ic.ic_mach); 737 738 mutex_enter(&sc->sc_glock); 739 wpi_free_fw_dma(sc); 740 wpi_ring_free(sc); 741 wpi_free_shared(sc); 742 mutex_exit(&sc->sc_glock); 743 744 ddi_remove_intr(dip, 0, sc->sc_iblk); 745 ddi_remove_softintr(sc->sc_notif_softint_id); 746 sc->sc_notif_softint_id = NULL; 747 748 /* 749 * detach ieee80211 750 */ 751 ieee80211_detach(&sc->sc_ic); 752 753 wpi_destroy_locks(sc); 754 755 ddi_regs_map_free(&sc->sc_handle); 756 ddi_remove_minor_node(dip, NULL); 757 ddi_soft_state_free(wpi_soft_state_p, ddi_get_instance(dip)); 758 759 return (DDI_SUCCESS); 760 } 761 762 static void 763 wpi_destroy_locks(wpi_sc_t *sc) 764 { 765 cv_destroy(&sc->sc_mt_cv); 766 mutex_destroy(&sc->sc_mt_lock); 767 cv_destroy(&sc->sc_cmd_cv); 768 cv_destroy(&sc->sc_fw_cv); 769 mutex_destroy(&sc->sc_tx_lock); 770 mutex_destroy(&sc->sc_glock); 771 } 772 773 /* 774 * Allocate an area of memory and a DMA handle for accessing it 775 */ 776 static int 777 wpi_alloc_dma_mem(wpi_sc_t *sc, size_t memsize, ddi_dma_attr_t *dma_attr_p, 778 ddi_device_acc_attr_t *acc_attr_p, uint_t dma_flags, wpi_dma_t *dma_p) 779 { 780 caddr_t vaddr; 781 int err; 782 783 /* 784 * Allocate handle 785 */ 786 err = ddi_dma_alloc_handle(sc->sc_dip, dma_attr_p, 787 DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl); 788 if (err != DDI_SUCCESS) { 789 dma_p->dma_hdl = NULL; 790 return (DDI_FAILURE); 791 } 792 793 /* 794 * Allocate memory 795 */ 796 err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, acc_attr_p, 797 dma_flags & (DDI_DMA_CONSISTENT | DDI_DMA_STREAMING), 798 DDI_DMA_SLEEP, NULL, &vaddr, &dma_p->alength, &dma_p->acc_hdl); 799 if (err != DDI_SUCCESS) { 800 ddi_dma_free_handle(&dma_p->dma_hdl); 801 dma_p->dma_hdl = NULL; 802 dma_p->acc_hdl = NULL; 803 return (DDI_FAILURE); 804 } 805 806 /* 807 * Bind the two together 808 */ 809 dma_p->mem_va = vaddr; 810 err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL, 811 vaddr, dma_p->alength, dma_flags, DDI_DMA_SLEEP, NULL, 812 &dma_p->cookie, &dma_p->ncookies); 813 if (err != DDI_DMA_MAPPED) { 814 ddi_dma_mem_free(&dma_p->acc_hdl); 815 ddi_dma_free_handle(&dma_p->dma_hdl); 816 dma_p->acc_hdl = NULL; 817 dma_p->dma_hdl = NULL; 818 return (DDI_FAILURE); 819 } 820 821 dma_p->nslots = ~0U; 822 dma_p->size = ~0U; 823 dma_p->token = ~0U; 824 dma_p->offset = 0; 825 return (DDI_SUCCESS); 826 } 827 828 /* 829 * Free one allocated area of DMAable memory 830 */ 831 static void 832 wpi_free_dma_mem(wpi_dma_t *dma_p) 833 { 834 if (dma_p->dma_hdl != NULL) { 835 if (dma_p->ncookies) { 836 (void) ddi_dma_unbind_handle(dma_p->dma_hdl); 837 dma_p->ncookies = 0; 838 } 839 ddi_dma_free_handle(&dma_p->dma_hdl); 840 dma_p->dma_hdl = NULL; 841 } 842 843 if (dma_p->acc_hdl != NULL) { 844 ddi_dma_mem_free(&dma_p->acc_hdl); 845 dma_p->acc_hdl = NULL; 846 } 847 } 848 849 /* 850 * Allocate an area of dma memory for firmware load. 851 * Idealy, this allocation should be a one time action, that is, 852 * the memory will be freed after the firmware is uploaded to the 853 * card. but since a recovery mechanism for the fatal firmware need 854 * reload the firmware, and re-allocate dma at run time may be failed, 855 * so we allocate it at attach and keep it in the whole lifecycle of 856 * the driver. 857 */ 858 static int 859 wpi_alloc_fw_dma(wpi_sc_t *sc) 860 { 861 int i, err = DDI_SUCCESS; 862 wpi_dma_t *dma_p; 863 864 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->textsz), 865 &fw_buffer_dma_attr, &wpi_dma_accattr, 866 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 867 &sc->sc_dma_fw_text); 868 dma_p = &sc->sc_dma_fw_text; 869 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 870 dma_p->ncookies, dma_p->cookie.dmac_address, 871 dma_p->cookie.dmac_size)); 872 if (err != DDI_SUCCESS) { 873 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 874 "text dma memory"); 875 goto fail; 876 } 877 for (i = 0; i < dma_p->ncookies; i++) { 878 sc->sc_fw_text_cookie[i] = dma_p->cookie; 879 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 880 } 881 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz), 882 &fw_buffer_dma_attr, &wpi_dma_accattr, 883 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 884 &sc->sc_dma_fw_data); 885 dma_p = &sc->sc_dma_fw_data; 886 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 887 dma_p->ncookies, dma_p->cookie.dmac_address, 888 dma_p->cookie.dmac_size)); 889 if (err != DDI_SUCCESS) { 890 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 891 "data dma memory"); 892 goto fail; 893 } 894 for (i = 0; i < dma_p->ncookies; i++) { 895 sc->sc_fw_data_cookie[i] = dma_p->cookie; 896 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 897 } 898 fail: 899 return (err); 900 } 901 902 static void 903 wpi_free_fw_dma(wpi_sc_t *sc) 904 { 905 wpi_free_dma_mem(&sc->sc_dma_fw_text); 906 wpi_free_dma_mem(&sc->sc_dma_fw_data); 907 } 908 909 /* 910 * Allocate a shared page between host and NIC. 911 */ 912 static int 913 wpi_alloc_shared(wpi_sc_t *sc) 914 { 915 int err = DDI_SUCCESS; 916 917 /* must be aligned on a 4K-page boundary */ 918 err = wpi_alloc_dma_mem(sc, sizeof (wpi_shared_t), 919 &sh_dma_attr, &wpi_dma_accattr, 920 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 921 &sc->sc_dma_sh); 922 if (err != DDI_SUCCESS) 923 goto fail; 924 sc->sc_shared = (wpi_shared_t *)sc->sc_dma_sh.mem_va; 925 return (err); 926 927 fail: 928 wpi_free_shared(sc); 929 return (err); 930 } 931 932 static void 933 wpi_free_shared(wpi_sc_t *sc) 934 { 935 wpi_free_dma_mem(&sc->sc_dma_sh); 936 } 937 938 static int 939 wpi_alloc_rx_ring(wpi_sc_t *sc) 940 { 941 wpi_rx_ring_t *ring; 942 wpi_rx_data_t *data; 943 int i, err = DDI_SUCCESS; 944 945 ring = &sc->sc_rxq; 946 ring->cur = 0; 947 948 err = wpi_alloc_dma_mem(sc, WPI_RX_RING_COUNT * sizeof (uint32_t), 949 &ring_desc_dma_attr, &wpi_dma_accattr, 950 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 951 &ring->dma_desc); 952 if (err != DDI_SUCCESS) { 953 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring desc failed\n")); 954 goto fail; 955 } 956 ring->desc = (uint32_t *)ring->dma_desc.mem_va; 957 958 /* 959 * Allocate Rx buffers. 960 */ 961 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 962 data = &ring->data[i]; 963 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 964 &rx_buffer_dma_attr, &wpi_dma_accattr, 965 DDI_DMA_READ | DDI_DMA_STREAMING, 966 &data->dma_data); 967 if (err != DDI_SUCCESS) { 968 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring buf[%d] " 969 "failed\n", i)); 970 goto fail; 971 } 972 973 ring->desc[i] = LE_32(data->dma_data.cookie.dmac_address); 974 } 975 976 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 977 978 return (err); 979 980 fail: 981 wpi_free_rx_ring(sc); 982 return (err); 983 } 984 985 static void 986 wpi_reset_rx_ring(wpi_sc_t *sc) 987 { 988 int ntries; 989 990 wpi_mem_lock(sc); 991 992 WPI_WRITE(sc, WPI_RX_CONFIG, 0); 993 for (ntries = 0; ntries < 2000; ntries++) { 994 if (WPI_READ(sc, WPI_RX_STATUS) & WPI_RX_IDLE) 995 break; 996 DELAY(1000); 997 } 998 if (ntries == 2000) 999 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Rx ring\n")); 1000 1001 wpi_mem_unlock(sc); 1002 1003 sc->sc_rxq.cur = 0; 1004 } 1005 1006 static void 1007 wpi_free_rx_ring(wpi_sc_t *sc) 1008 { 1009 int i; 1010 1011 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1012 if (sc->sc_rxq.data[i].dma_data.dma_hdl) 1013 WPI_DMA_SYNC(sc->sc_rxq.data[i].dma_data, 1014 DDI_DMA_SYNC_FORCPU); 1015 wpi_free_dma_mem(&sc->sc_rxq.data[i].dma_data); 1016 } 1017 1018 if (sc->sc_rxq.dma_desc.dma_hdl) 1019 WPI_DMA_SYNC(sc->sc_rxq.dma_desc, DDI_DMA_SYNC_FORDEV); 1020 wpi_free_dma_mem(&sc->sc_rxq.dma_desc); 1021 } 1022 1023 static int 1024 wpi_alloc_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring, int count, int qid) 1025 { 1026 wpi_tx_data_t *data; 1027 wpi_tx_desc_t *desc_h; 1028 uint32_t paddr_desc_h; 1029 wpi_tx_cmd_t *cmd_h; 1030 uint32_t paddr_cmd_h; 1031 int i, err = DDI_SUCCESS; 1032 1033 ring->qid = qid; 1034 ring->count = count; 1035 ring->queued = 0; 1036 ring->cur = 0; 1037 1038 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_desc_t), 1039 &ring_desc_dma_attr, &wpi_dma_accattr, 1040 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1041 &ring->dma_desc); 1042 if (err != DDI_SUCCESS) { 1043 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring desc[%d] failed\n", 1044 qid)); 1045 goto fail; 1046 } 1047 1048 /* update shared page with ring's base address */ 1049 sc->sc_shared->txbase[qid] = ring->dma_desc.cookie.dmac_address; 1050 1051 desc_h = (wpi_tx_desc_t *)ring->dma_desc.mem_va; 1052 paddr_desc_h = ring->dma_desc.cookie.dmac_address; 1053 1054 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_cmd_t), 1055 &tx_cmd_dma_attr, &wpi_dma_accattr, 1056 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1057 &ring->dma_cmd); 1058 if (err != DDI_SUCCESS) { 1059 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring cmd[%d] failed\n", 1060 qid)); 1061 goto fail; 1062 } 1063 1064 cmd_h = (wpi_tx_cmd_t *)ring->dma_cmd.mem_va; 1065 paddr_cmd_h = ring->dma_cmd.cookie.dmac_address; 1066 1067 /* 1068 * Allocate Tx buffers. 1069 */ 1070 ring->data = kmem_zalloc(sizeof (wpi_tx_data_t) * count, KM_NOSLEEP); 1071 if (ring->data == NULL) { 1072 WPI_DBG((WPI_DEBUG_DMA, "could not allocate tx data slots\n")); 1073 goto fail; 1074 } 1075 1076 for (i = 0; i < count; i++) { 1077 data = &ring->data[i]; 1078 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 1079 &tx_buffer_dma_attr, &wpi_dma_accattr, 1080 DDI_DMA_WRITE | DDI_DMA_STREAMING, 1081 &data->dma_data); 1082 if (err != DDI_SUCCESS) { 1083 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring buf[%d] " 1084 "failed\n", i)); 1085 goto fail; 1086 } 1087 1088 data->desc = desc_h + i; 1089 data->paddr_desc = paddr_desc_h + 1090 ((uintptr_t)data->desc - (uintptr_t)desc_h); 1091 data->cmd = cmd_h + i; 1092 data->paddr_cmd = paddr_cmd_h + 1093 ((uintptr_t)data->cmd - (uintptr_t)cmd_h); 1094 } 1095 1096 return (err); 1097 1098 fail: 1099 wpi_free_tx_ring(sc, ring); 1100 return (err); 1101 } 1102 1103 static void 1104 wpi_reset_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1105 { 1106 wpi_tx_data_t *data; 1107 int i, ntries; 1108 1109 wpi_mem_lock(sc); 1110 1111 WPI_WRITE(sc, WPI_TX_CONFIG(ring->qid), 0); 1112 for (ntries = 0; ntries < 100; ntries++) { 1113 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(ring->qid)) 1114 break; 1115 DELAY(10); 1116 } 1117 #ifdef DEBUG 1118 if (ntries == 100 && wpi_dbg_flags > 0) { 1119 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Tx ring %d\n", 1120 ring->qid)); 1121 } 1122 #endif 1123 wpi_mem_unlock(sc); 1124 1125 if (!(sc->sc_flags & WPI_F_QUIESCED)) { 1126 for (i = 0; i < ring->count; i++) { 1127 data = &ring->data[i]; 1128 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 1129 } 1130 } 1131 1132 ring->queued = 0; 1133 ring->cur = 0; 1134 } 1135 1136 /*ARGSUSED*/ 1137 static void 1138 wpi_free_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1139 { 1140 int i; 1141 1142 if (ring->dma_desc.dma_hdl != NULL) 1143 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 1144 wpi_free_dma_mem(&ring->dma_desc); 1145 1146 if (ring->dma_cmd.dma_hdl != NULL) 1147 WPI_DMA_SYNC(ring->dma_cmd, DDI_DMA_SYNC_FORDEV); 1148 wpi_free_dma_mem(&ring->dma_cmd); 1149 1150 if (ring->data != NULL) { 1151 for (i = 0; i < ring->count; i++) { 1152 if (ring->data[i].dma_data.dma_hdl) 1153 WPI_DMA_SYNC(ring->data[i].dma_data, 1154 DDI_DMA_SYNC_FORDEV); 1155 wpi_free_dma_mem(&ring->data[i].dma_data); 1156 } 1157 kmem_free(ring->data, ring->count * sizeof (wpi_tx_data_t)); 1158 ring->data = NULL; 1159 } 1160 } 1161 1162 static int 1163 wpi_ring_init(wpi_sc_t *sc) 1164 { 1165 int i, err = DDI_SUCCESS; 1166 1167 for (i = 0; i < 4; i++) { 1168 err = wpi_alloc_tx_ring(sc, &sc->sc_txq[i], WPI_TX_RING_COUNT, 1169 i); 1170 if (err != DDI_SUCCESS) 1171 goto fail; 1172 } 1173 err = wpi_alloc_tx_ring(sc, &sc->sc_cmdq, WPI_CMD_RING_COUNT, 4); 1174 if (err != DDI_SUCCESS) 1175 goto fail; 1176 err = wpi_alloc_tx_ring(sc, &sc->sc_svcq, WPI_SVC_RING_COUNT, 5); 1177 if (err != DDI_SUCCESS) 1178 goto fail; 1179 err = wpi_alloc_rx_ring(sc); 1180 if (err != DDI_SUCCESS) 1181 goto fail; 1182 return (err); 1183 1184 fail: 1185 return (err); 1186 } 1187 1188 static void 1189 wpi_ring_free(wpi_sc_t *sc) 1190 { 1191 int i = 4; 1192 1193 wpi_free_rx_ring(sc); 1194 wpi_free_tx_ring(sc, &sc->sc_svcq); 1195 wpi_free_tx_ring(sc, &sc->sc_cmdq); 1196 while (--i >= 0) { 1197 wpi_free_tx_ring(sc, &sc->sc_txq[i]); 1198 } 1199 } 1200 1201 /* ARGSUSED */ 1202 static ieee80211_node_t * 1203 wpi_node_alloc(ieee80211com_t *ic) 1204 { 1205 wpi_amrr_t *amrr; 1206 1207 amrr = kmem_zalloc(sizeof (wpi_amrr_t), KM_SLEEP); 1208 if (amrr != NULL) 1209 wpi_amrr_init(amrr); 1210 return (&amrr->in); 1211 } 1212 1213 static void 1214 wpi_node_free(ieee80211_node_t *in) 1215 { 1216 ieee80211com_t *ic = in->in_ic; 1217 1218 ic->ic_node_cleanup(in); 1219 if (in->in_wpa_ie != NULL) 1220 ieee80211_free(in->in_wpa_ie); 1221 kmem_free(in, sizeof (wpi_amrr_t)); 1222 } 1223 1224 /*ARGSUSED*/ 1225 static int 1226 wpi_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg) 1227 { 1228 wpi_sc_t *sc = (wpi_sc_t *)ic; 1229 ieee80211_node_t *in = ic->ic_bss; 1230 enum ieee80211_state ostate; 1231 int i, err = WPI_SUCCESS; 1232 1233 mutex_enter(&sc->sc_glock); 1234 ostate = ic->ic_state; 1235 switch (nstate) { 1236 case IEEE80211_S_SCAN: 1237 switch (ostate) { 1238 case IEEE80211_S_INIT: 1239 { 1240 wpi_node_t node; 1241 1242 sc->sc_flags |= WPI_F_SCANNING; 1243 sc->sc_scan_next = 0; 1244 1245 /* make the link LED blink while we're scanning */ 1246 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1247 1248 /* 1249 * clear association to receive beacons from all 1250 * BSS'es 1251 */ 1252 sc->sc_config.state = 0; 1253 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1254 1255 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x " 1256 "filter %x\n", 1257 sc->sc_config.chan, sc->sc_config.flags, 1258 sc->sc_config.filter)); 1259 1260 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1261 sizeof (wpi_config_t), 1); 1262 if (err != WPI_SUCCESS) { 1263 cmn_err(CE_WARN, 1264 "could not clear association\n"); 1265 sc->sc_flags &= ~WPI_F_SCANNING; 1266 mutex_exit(&sc->sc_glock); 1267 return (err); 1268 } 1269 1270 /* add broadcast node to send probe request */ 1271 (void) memset(&node, 0, sizeof (node)); 1272 (void) memset(&node.bssid, 0xff, IEEE80211_ADDR_LEN); 1273 node.id = WPI_ID_BROADCAST; 1274 1275 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, 1276 sizeof (node), 1); 1277 if (err != WPI_SUCCESS) { 1278 cmn_err(CE_WARN, 1279 "could not add broadcast node\n"); 1280 sc->sc_flags &= ~WPI_F_SCANNING; 1281 mutex_exit(&sc->sc_glock); 1282 return (err); 1283 } 1284 break; 1285 } 1286 case IEEE80211_S_SCAN: 1287 mutex_exit(&sc->sc_glock); 1288 /* step to next channel before actual FW scan */ 1289 err = sc->sc_newstate(ic, nstate, arg); 1290 mutex_enter(&sc->sc_glock); 1291 if ((err != 0) || ((err = wpi_scan(sc)) != 0)) { 1292 cmn_err(CE_WARN, 1293 "could not initiate scan\n"); 1294 sc->sc_flags &= ~WPI_F_SCANNING; 1295 ieee80211_cancel_scan(ic); 1296 } 1297 mutex_exit(&sc->sc_glock); 1298 return (err); 1299 default: 1300 break; 1301 } 1302 sc->sc_clk = 0; 1303 break; 1304 1305 case IEEE80211_S_AUTH: 1306 if (ostate == IEEE80211_S_SCAN) { 1307 sc->sc_flags &= ~WPI_F_SCANNING; 1308 } 1309 1310 /* reset state to handle reassociations correctly */ 1311 sc->sc_config.state = 0; 1312 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1313 1314 if ((err = wpi_auth(sc)) != 0) { 1315 WPI_DBG((WPI_DEBUG_80211, 1316 "could not send authentication request\n")); 1317 mutex_exit(&sc->sc_glock); 1318 return (err); 1319 } 1320 break; 1321 1322 case IEEE80211_S_RUN: 1323 if (ostate == IEEE80211_S_SCAN) { 1324 sc->sc_flags &= ~WPI_F_SCANNING; 1325 } 1326 1327 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1328 /* link LED blinks while monitoring */ 1329 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 1330 break; 1331 } 1332 1333 if (ic->ic_opmode != IEEE80211_M_STA) { 1334 (void) wpi_auth(sc); 1335 /* need setup beacon here */ 1336 } 1337 WPI_DBG((WPI_DEBUG_80211, "wpi: associated.")); 1338 1339 /* update adapter's configuration */ 1340 sc->sc_config.state = LE_16(WPI_CONFIG_ASSOCIATED); 1341 /* short preamble/slot time are negotiated when associating */ 1342 sc->sc_config.flags &= ~LE_32(WPI_CONFIG_SHPREAMBLE | 1343 WPI_CONFIG_SHSLOT); 1344 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1345 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHSLOT); 1346 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1347 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHPREAMBLE); 1348 sc->sc_config.filter |= LE_32(WPI_FILTER_BSS); 1349 if (ic->ic_opmode != IEEE80211_M_STA) 1350 sc->sc_config.filter |= LE_32(WPI_FILTER_BEACON); 1351 1352 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x\n", 1353 sc->sc_config.chan, sc->sc_config.flags)); 1354 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1355 sizeof (wpi_config_t), 1); 1356 if (err != WPI_SUCCESS) { 1357 WPI_DBG((WPI_DEBUG_80211, 1358 "could not update configuration\n")); 1359 mutex_exit(&sc->sc_glock); 1360 return (err); 1361 } 1362 1363 /* start automatic rate control */ 1364 mutex_enter(&sc->sc_mt_lock); 1365 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1366 sc->sc_flags |= WPI_F_RATE_AUTO_CTL; 1367 /* set rate to some reasonable initial value */ 1368 i = in->in_rates.ir_nrates - 1; 1369 while (i > 0 && IEEE80211_RATE(i) > 72) 1370 i--; 1371 in->in_txrate = i; 1372 } else { 1373 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 1374 } 1375 mutex_exit(&sc->sc_mt_lock); 1376 1377 /* link LED always on while associated */ 1378 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 1379 break; 1380 1381 case IEEE80211_S_INIT: 1382 sc->sc_flags &= ~WPI_F_SCANNING; 1383 break; 1384 1385 case IEEE80211_S_ASSOC: 1386 sc->sc_flags &= ~WPI_F_SCANNING; 1387 break; 1388 } 1389 1390 mutex_exit(&sc->sc_glock); 1391 return (sc->sc_newstate(ic, nstate, arg)); 1392 } 1393 1394 /*ARGSUSED*/ 1395 static int wpi_key_set(ieee80211com_t *ic, const struct ieee80211_key *k, 1396 const uint8_t mac[IEEE80211_ADDR_LEN]) 1397 { 1398 wpi_sc_t *sc = (wpi_sc_t *)ic; 1399 wpi_node_t node; 1400 int err; 1401 1402 switch (k->wk_cipher->ic_cipher) { 1403 case IEEE80211_CIPHER_WEP: 1404 case IEEE80211_CIPHER_TKIP: 1405 return (1); /* sofeware do it. */ 1406 case IEEE80211_CIPHER_AES_CCM: 1407 break; 1408 default: 1409 return (0); 1410 } 1411 sc->sc_config.filter &= ~(WPI_FILTER_NODECRYPTUNI | 1412 WPI_FILTER_NODECRYPTMUL); 1413 1414 mutex_enter(&sc->sc_glock); 1415 1416 /* update ap/multicast node */ 1417 (void) memset(&node, 0, sizeof (node)); 1418 if (IEEE80211_IS_MULTICAST(mac)) { 1419 (void) memset(node.bssid, 0xff, 6); 1420 node.id = WPI_ID_BROADCAST; 1421 } else { 1422 IEEE80211_ADDR_COPY(node.bssid, ic->ic_bss->in_bssid); 1423 node.id = WPI_ID_BSS; 1424 } 1425 if (k->wk_flags & IEEE80211_KEY_XMIT) { 1426 node.key_flags = 0; 1427 node.keyp = k->wk_keyix; 1428 } else { 1429 node.key_flags = (1 << 14); 1430 node.keyp = k->wk_keyix + 4; 1431 } 1432 (void) memcpy(node.key, k->wk_key, k->wk_keylen); 1433 node.key_flags |= (2 | (1 << 3) | (k->wk_keyix << 8)); 1434 node.sta_mask = 1; 1435 node.control = 1; 1436 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 1437 if (err != WPI_SUCCESS) { 1438 cmn_err(CE_WARN, "wpi_key_set():" 1439 "failed to update ap node\n"); 1440 mutex_exit(&sc->sc_glock); 1441 return (0); 1442 } 1443 mutex_exit(&sc->sc_glock); 1444 return (1); 1445 } 1446 1447 /* 1448 * Grab exclusive access to NIC memory. 1449 */ 1450 static void 1451 wpi_mem_lock(wpi_sc_t *sc) 1452 { 1453 uint32_t tmp; 1454 int ntries; 1455 1456 tmp = WPI_READ(sc, WPI_GPIO_CTL); 1457 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_MAC); 1458 1459 /* spin until we actually get the lock */ 1460 for (ntries = 0; ntries < 1000; ntries++) { 1461 if ((WPI_READ(sc, WPI_GPIO_CTL) & 1462 (WPI_GPIO_CLOCK | WPI_GPIO_SLEEP)) == WPI_GPIO_CLOCK) 1463 break; 1464 DELAY(10); 1465 } 1466 if (ntries == 1000) 1467 WPI_DBG((WPI_DEBUG_PIO, "could not lock memory\n")); 1468 } 1469 1470 /* 1471 * Release lock on NIC memory. 1472 */ 1473 static void 1474 wpi_mem_unlock(wpi_sc_t *sc) 1475 { 1476 uint32_t tmp = WPI_READ(sc, WPI_GPIO_CTL); 1477 WPI_WRITE(sc, WPI_GPIO_CTL, tmp & ~WPI_GPIO_MAC); 1478 } 1479 1480 static uint32_t 1481 wpi_mem_read(wpi_sc_t *sc, uint16_t addr) 1482 { 1483 WPI_WRITE(sc, WPI_READ_MEM_ADDR, WPI_MEM_4 | addr); 1484 return (WPI_READ(sc, WPI_READ_MEM_DATA)); 1485 } 1486 1487 static void 1488 wpi_mem_write(wpi_sc_t *sc, uint16_t addr, uint32_t data) 1489 { 1490 WPI_WRITE(sc, WPI_WRITE_MEM_ADDR, WPI_MEM_4 | addr); 1491 WPI_WRITE(sc, WPI_WRITE_MEM_DATA, data); 1492 } 1493 1494 static void 1495 wpi_mem_write_region_4(wpi_sc_t *sc, uint16_t addr, 1496 const uint32_t *data, int wlen) 1497 { 1498 for (; wlen > 0; wlen--, data++, addr += 4) 1499 wpi_mem_write(sc, addr, *data); 1500 } 1501 1502 /* 1503 * Read 16 bits from the EEPROM. We access EEPROM through the MAC instead of 1504 * using the traditional bit-bang method. 1505 */ 1506 static uint16_t 1507 wpi_read_prom_word(wpi_sc_t *sc, uint32_t addr) 1508 { 1509 uint32_t val; 1510 int ntries; 1511 1512 WPI_WRITE(sc, WPI_EEPROM_CTL, addr << 2); 1513 1514 wpi_mem_lock(sc); 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((val = WPI_READ(sc, WPI_EEPROM_CTL)) & WPI_EEPROM_READY) 1517 break; 1518 DELAY(10); 1519 } 1520 wpi_mem_unlock(sc); 1521 1522 if (ntries == 10) { 1523 WPI_DBG((WPI_DEBUG_PIO, "could not read EEPROM\n")); 1524 return (0xdead); 1525 } 1526 return (val >> 16); 1527 } 1528 1529 /* 1530 * The firmware boot code is small and is intended to be copied directly into 1531 * the NIC internal memory. 1532 */ 1533 static int 1534 wpi_load_microcode(wpi_sc_t *sc) 1535 { 1536 const char *ucode; 1537 int size; 1538 1539 ucode = sc->sc_boot; 1540 size = LE_32(sc->sc_hdr->bootsz); 1541 /* check that microcode size is a multiple of 4 */ 1542 if (size & 3) 1543 return (EINVAL); 1544 1545 size /= sizeof (uint32_t); 1546 1547 wpi_mem_lock(sc); 1548 1549 /* copy microcode image into NIC memory */ 1550 wpi_mem_write_region_4(sc, WPI_MEM_UCODE_BASE, (const uint32_t *)ucode, 1551 size); 1552 1553 wpi_mem_write(sc, WPI_MEM_UCODE_SRC, 0); 1554 wpi_mem_write(sc, WPI_MEM_UCODE_DST, WPI_FW_TEXT); 1555 wpi_mem_write(sc, WPI_MEM_UCODE_SIZE, size); 1556 1557 /* run microcode */ 1558 wpi_mem_write(sc, WPI_MEM_UCODE_CTL, WPI_UC_RUN); 1559 1560 wpi_mem_unlock(sc); 1561 1562 return (WPI_SUCCESS); 1563 } 1564 1565 /* 1566 * The firmware text and data segments are transferred to the NIC using DMA. 1567 * The driver just copies the firmware into DMA-safe memory and tells the NIC 1568 * where to find it. Once the NIC has copied the firmware into its internal 1569 * memory, we can free our local copy in the driver. 1570 */ 1571 static int 1572 wpi_load_firmware(wpi_sc_t *sc, uint32_t target) 1573 { 1574 const char *fw; 1575 int size; 1576 wpi_dma_t *dma_p; 1577 ddi_dma_cookie_t *cookie; 1578 wpi_tx_desc_t desc; 1579 int i, ntries, err = WPI_SUCCESS; 1580 1581 /* only text and data here */ 1582 if (target == WPI_FW_TEXT) { 1583 fw = sc->sc_text; 1584 size = LE_32(sc->sc_hdr->textsz); 1585 dma_p = &sc->sc_dma_fw_text; 1586 cookie = sc->sc_fw_text_cookie; 1587 } else { 1588 fw = sc->sc_data; 1589 size = LE_32(sc->sc_hdr->datasz); 1590 dma_p = &sc->sc_dma_fw_data; 1591 cookie = sc->sc_fw_data_cookie; 1592 } 1593 1594 /* copy firmware image to DMA-safe memory */ 1595 (void) memcpy(dma_p->mem_va, fw, size); 1596 1597 /* make sure the adapter will get up-to-date values */ 1598 (void) ddi_dma_sync(dma_p->dma_hdl, 0, size, DDI_DMA_SYNC_FORDEV); 1599 1600 (void) memset(&desc, 0, sizeof (desc)); 1601 desc.flags = LE_32(WPI_PAD32(size) << 28 | dma_p->ncookies << 24); 1602 for (i = 0; i < dma_p->ncookies; i++) { 1603 WPI_DBG((WPI_DEBUG_DMA, "cookie%d addr:%x size:%x\n", 1604 i, cookie[i].dmac_address, cookie[i].dmac_size)); 1605 desc.segs[i].addr = cookie[i].dmac_address; 1606 desc.segs[i].len = (uint32_t)cookie[i].dmac_size; 1607 } 1608 1609 wpi_mem_lock(sc); 1610 1611 /* tell adapter where to copy image in its internal memory */ 1612 WPI_WRITE(sc, WPI_FW_TARGET, target); 1613 1614 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0); 1615 1616 /* copy firmware descriptor into NIC memory */ 1617 WPI_WRITE_REGION_4(sc, WPI_TX_DESC(6), (uint32_t *)&desc, 1618 sizeof desc / sizeof (uint32_t)); 1619 1620 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0xfffff); 1621 WPI_WRITE(sc, WPI_TX_STATE(6), 0x4001); 1622 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0x80000001); 1623 1624 /* wait while the adapter is busy copying the firmware */ 1625 for (ntries = 0; ntries < 100; ntries++) { 1626 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(6)) 1627 break; 1628 DELAY(1000); 1629 } 1630 if (ntries == 100) { 1631 WPI_DBG((WPI_DEBUG_FW, "timeout transferring firmware\n")); 1632 err = ETIMEDOUT; 1633 } 1634 1635 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0); 1636 1637 wpi_mem_unlock(sc); 1638 1639 return (err); 1640 } 1641 1642 /*ARGSUSED*/ 1643 static void 1644 wpi_rx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1645 { 1646 ieee80211com_t *ic = &sc->sc_ic; 1647 wpi_rx_ring_t *ring = &sc->sc_rxq; 1648 wpi_rx_stat_t *stat; 1649 wpi_rx_head_t *head; 1650 wpi_rx_tail_t *tail; 1651 ieee80211_node_t *in; 1652 struct ieee80211_frame *wh; 1653 mblk_t *mp; 1654 uint16_t len; 1655 1656 stat = (wpi_rx_stat_t *)(desc + 1); 1657 1658 if (stat->len > WPI_STAT_MAXLEN) { 1659 WPI_DBG((WPI_DEBUG_RX, "invalid rx statistic header\n")); 1660 return; 1661 } 1662 1663 head = (wpi_rx_head_t *)((caddr_t)(stat + 1) + stat->len); 1664 tail = (wpi_rx_tail_t *)((caddr_t)(head + 1) + LE_16(head->len)); 1665 1666 len = LE_16(head->len); 1667 1668 WPI_DBG((WPI_DEBUG_RX, "rx intr: idx=%d len=%d stat len=%d rssi=%d " 1669 "rate=%x chan=%d tstamp=%llu", ring->cur, LE_32(desc->len), 1670 len, (int8_t)stat->rssi, head->rate, head->chan, 1671 LE_64(tail->tstamp))); 1672 1673 if ((len < 20) || (len > sc->sc_dmabuf_sz)) { 1674 sc->sc_rx_err++; 1675 return; 1676 } 1677 1678 /* 1679 * Discard Rx frames with bad CRC early 1680 */ 1681 if ((LE_32(tail->flags) & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1682 WPI_DBG((WPI_DEBUG_RX, "rx tail flags error %x\n", 1683 LE_32(tail->flags))); 1684 sc->sc_rx_err++; 1685 return; 1686 } 1687 1688 /* update Rx descriptor */ 1689 /* ring->desc[ring->cur] = LE_32(data->dma_data.cookie.dmac_address); */ 1690 1691 #ifdef WPI_BPF 1692 #ifndef WPI_CURRENT 1693 if (sc->sc_drvbpf != NULL) { 1694 #else 1695 if (bpf_peers_present(sc->sc_drvbpf)) { 1696 #endif 1697 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1698 1699 tap->wr_flags = 0; 1700 tap->wr_rate = head->rate; 1701 tap->wr_chan_freq = 1702 LE_16(ic->ic_channels[head->chan].ic_freq); 1703 tap->wr_chan_flags = 1704 LE_16(ic->ic_channels[head->chan].ic_flags); 1705 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1706 tap->wr_dbm_antnoise = (int8_t)LE_16(stat->noise); 1707 tap->wr_tsft = tail->tstamp; 1708 tap->wr_antenna = (LE_16(head->flags) >> 4) & 0xf; 1709 switch (head->rate) { 1710 /* CCK rates */ 1711 case 10: tap->wr_rate = 2; break; 1712 case 20: tap->wr_rate = 4; break; 1713 case 55: tap->wr_rate = 11; break; 1714 case 110: tap->wr_rate = 22; break; 1715 /* OFDM rates */ 1716 case 0xd: tap->wr_rate = 12; break; 1717 case 0xf: tap->wr_rate = 18; break; 1718 case 0x5: tap->wr_rate = 24; break; 1719 case 0x7: tap->wr_rate = 36; break; 1720 case 0x9: tap->wr_rate = 48; break; 1721 case 0xb: tap->wr_rate = 72; break; 1722 case 0x1: tap->wr_rate = 96; break; 1723 case 0x3: tap->wr_rate = 108; break; 1724 /* unknown rate: should not happen */ 1725 default: tap->wr_rate = 0; 1726 } 1727 if (LE_16(head->flags) & 0x4) 1728 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1729 1730 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1731 } 1732 #endif 1733 /* grab a reference to the source node */ 1734 wh = (struct ieee80211_frame *)(head + 1); 1735 1736 #ifdef DEBUG 1737 if (wpi_dbg_flags & WPI_DEBUG_RX) 1738 ieee80211_dump_pkt((uint8_t *)wh, len, 0, 0); 1739 #endif 1740 1741 in = ieee80211_find_rxnode(ic, wh); 1742 mp = allocb(len, BPRI_MED); 1743 if (mp) { 1744 (void) memcpy(mp->b_wptr, wh, len); 1745 mp->b_wptr += len; 1746 1747 /* send the frame to the 802.11 layer */ 1748 (void) ieee80211_input(ic, mp, in, stat->rssi, 0); 1749 } else { 1750 sc->sc_rx_nobuf++; 1751 WPI_DBG((WPI_DEBUG_RX, 1752 "wpi_rx_intr(): alloc rx buf failed\n")); 1753 } 1754 /* release node reference */ 1755 ieee80211_free_node(in); 1756 } 1757 1758 /*ARGSUSED*/ 1759 static void 1760 wpi_tx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1761 { 1762 ieee80211com_t *ic = &sc->sc_ic; 1763 wpi_tx_ring_t *ring = &sc->sc_txq[desc->qid & 0x3]; 1764 /* wpi_tx_data_t *txdata = &ring->data[desc->idx]; */ 1765 wpi_tx_stat_t *stat = (wpi_tx_stat_t *)(desc + 1); 1766 wpi_amrr_t *amrr = (wpi_amrr_t *)ic->ic_bss; 1767 1768 WPI_DBG((WPI_DEBUG_TX, "tx done: qid=%d idx=%d retries=%d nkill=%d " 1769 "rate=%x duration=%d status=%x\n", 1770 desc->qid, desc->idx, stat->ntries, stat->nkill, stat->rate, 1771 LE_32(stat->duration), LE_32(stat->status))); 1772 1773 amrr->txcnt++; 1774 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d cnt\n", amrr->txcnt)); 1775 if (stat->ntries > 0) { 1776 amrr->retrycnt++; 1777 sc->sc_tx_retries++; 1778 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d retries\n", 1779 amrr->retrycnt)); 1780 } 1781 1782 sc->sc_tx_timer = 0; 1783 1784 mutex_enter(&sc->sc_tx_lock); 1785 ring->queued--; 1786 if (ring->queued < 0) 1787 ring->queued = 0; 1788 if ((sc->sc_need_reschedule) && (ring->queued <= (ring->count << 3))) { 1789 sc->sc_need_reschedule = 0; 1790 mutex_exit(&sc->sc_tx_lock); 1791 mac_tx_update(ic->ic_mach); 1792 mutex_enter(&sc->sc_tx_lock); 1793 } 1794 mutex_exit(&sc->sc_tx_lock); 1795 } 1796 1797 static void 1798 wpi_cmd_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc) 1799 { 1800 if ((desc->qid & 7) != 4) { 1801 return; /* not a command ack */ 1802 } 1803 mutex_enter(&sc->sc_glock); 1804 sc->sc_flags |= WPI_F_CMD_DONE; 1805 cv_signal(&sc->sc_cmd_cv); 1806 mutex_exit(&sc->sc_glock); 1807 } 1808 1809 static uint_t 1810 wpi_notif_softintr(caddr_t arg) 1811 { 1812 wpi_sc_t *sc = (wpi_sc_t *)arg; 1813 wpi_rx_desc_t *desc; 1814 wpi_rx_data_t *data; 1815 uint32_t hw; 1816 1817 mutex_enter(&sc->sc_glock); 1818 if (sc->sc_notif_softint_pending != 1) { 1819 mutex_exit(&sc->sc_glock); 1820 return (DDI_INTR_UNCLAIMED); 1821 } 1822 mutex_exit(&sc->sc_glock); 1823 1824 hw = LE_32(sc->sc_shared->next); 1825 1826 while (sc->sc_rxq.cur != hw) { 1827 data = &sc->sc_rxq.data[sc->sc_rxq.cur]; 1828 desc = (wpi_rx_desc_t *)data->dma_data.mem_va; 1829 1830 WPI_DBG((WPI_DEBUG_INTR, "rx notification hw = %d cur = %d " 1831 "qid=%x idx=%d flags=%x type=%d len=%d\n", 1832 hw, sc->sc_rxq.cur, desc->qid, desc->idx, desc->flags, 1833 desc->type, LE_32(desc->len))); 1834 1835 if (!(desc->qid & 0x80)) /* reply to a command */ 1836 wpi_cmd_intr(sc, desc); 1837 1838 switch (desc->type) { 1839 case WPI_RX_DONE: 1840 /* a 802.11 frame was received */ 1841 wpi_rx_intr(sc, desc, data); 1842 break; 1843 1844 case WPI_TX_DONE: 1845 /* a 802.11 frame has been transmitted */ 1846 wpi_tx_intr(sc, desc, data); 1847 break; 1848 1849 case WPI_UC_READY: 1850 { 1851 wpi_ucode_info_t *uc = 1852 (wpi_ucode_info_t *)(desc + 1); 1853 1854 /* the microcontroller is ready */ 1855 WPI_DBG((WPI_DEBUG_FW, 1856 "microcode alive notification version %x " 1857 "alive %x\n", LE_32(uc->version), 1858 LE_32(uc->valid))); 1859 1860 if (LE_32(uc->valid) != 1) { 1861 WPI_DBG((WPI_DEBUG_FW, 1862 "microcontroller initialization failed\n")); 1863 } 1864 break; 1865 } 1866 case WPI_STATE_CHANGED: 1867 { 1868 uint32_t *status = (uint32_t *)(desc + 1); 1869 1870 /* enabled/disabled notification */ 1871 WPI_DBG((WPI_DEBUG_RADIO, "state changed to %x\n", 1872 LE_32(*status))); 1873 1874 if (LE_32(*status) & 1) { 1875 /* 1876 * the radio button has to be pushed(OFF). It 1877 * is considered as a hw error, the 1878 * wpi_thread() tries to recover it after the 1879 * button is pushed again(ON) 1880 */ 1881 cmn_err(CE_NOTE, 1882 "wpi: Radio transmitter is off\n"); 1883 sc->sc_ostate = sc->sc_ic.ic_state; 1884 ieee80211_new_state(&sc->sc_ic, 1885 IEEE80211_S_INIT, -1); 1886 sc->sc_flags |= 1887 (WPI_F_HW_ERR_RECOVER | WPI_F_RADIO_OFF); 1888 } 1889 break; 1890 } 1891 case WPI_START_SCAN: 1892 { 1893 wpi_start_scan_t *scan = 1894 (wpi_start_scan_t *)(desc + 1); 1895 1896 WPI_DBG((WPI_DEBUG_SCAN, 1897 "scanning channel %d status %x\n", 1898 scan->chan, LE_32(scan->status))); 1899 1900 break; 1901 } 1902 case WPI_STOP_SCAN: 1903 { 1904 wpi_stop_scan_t *scan = 1905 (wpi_stop_scan_t *)(desc + 1); 1906 1907 WPI_DBG((WPI_DEBUG_SCAN, 1908 "completed channel %d (burst of %d) status %02x\n", 1909 scan->chan, scan->nchan, scan->status)); 1910 1911 sc->sc_scan_pending = 0; 1912 sc->sc_scan_next++; 1913 break; 1914 } 1915 default: 1916 break; 1917 } 1918 1919 sc->sc_rxq.cur = (sc->sc_rxq.cur + 1) % WPI_RX_RING_COUNT; 1920 } 1921 1922 /* tell the firmware what we have processed */ 1923 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1924 WPI_WRITE(sc, WPI_RX_WIDX, hw & (~7)); 1925 mutex_enter(&sc->sc_glock); 1926 sc->sc_notif_softint_pending = 0; 1927 mutex_exit(&sc->sc_glock); 1928 1929 return (DDI_INTR_CLAIMED); 1930 } 1931 1932 static uint_t 1933 wpi_intr(caddr_t arg) 1934 { 1935 wpi_sc_t *sc = (wpi_sc_t *)arg; 1936 uint32_t r, rfh; 1937 1938 mutex_enter(&sc->sc_glock); 1939 if (sc->sc_flags & WPI_F_SUSPEND) { 1940 mutex_exit(&sc->sc_glock); 1941 return (DDI_INTR_UNCLAIMED); 1942 } 1943 1944 r = WPI_READ(sc, WPI_INTR); 1945 if (r == 0 || r == 0xffffffff) { 1946 mutex_exit(&sc->sc_glock); 1947 return (DDI_INTR_UNCLAIMED); 1948 } 1949 1950 WPI_DBG((WPI_DEBUG_INTR, "interrupt reg %x\n", r)); 1951 1952 rfh = WPI_READ(sc, WPI_INTR_STATUS); 1953 /* disable interrupts */ 1954 WPI_WRITE(sc, WPI_MASK, 0); 1955 /* ack interrupts */ 1956 WPI_WRITE(sc, WPI_INTR, r); 1957 WPI_WRITE(sc, WPI_INTR_STATUS, rfh); 1958 1959 if (sc->sc_notif_softint_id == NULL) { 1960 mutex_exit(&sc->sc_glock); 1961 return (DDI_INTR_CLAIMED); 1962 } 1963 1964 if (r & (WPI_SW_ERROR | WPI_HW_ERROR)) { 1965 WPI_DBG((WPI_DEBUG_FW, "fatal firmware error\n")); 1966 mutex_exit(&sc->sc_glock); 1967 wpi_stop(sc); 1968 if (!(sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 1969 sc->sc_ostate = sc->sc_ic.ic_state; 1970 } 1971 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 1972 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 1973 return (DDI_INTR_CLAIMED); 1974 } 1975 1976 if ((r & (WPI_RX_INTR | WPI_RX_SWINT)) || 1977 (rfh & 0x40070000)) { 1978 sc->sc_notif_softint_pending = 1; 1979 ddi_trigger_softintr(sc->sc_notif_softint_id); 1980 } 1981 1982 if (r & WPI_ALIVE_INTR) { /* firmware initialized */ 1983 sc->sc_flags |= WPI_F_FW_INIT; 1984 cv_signal(&sc->sc_fw_cv); 1985 } 1986 1987 /* re-enable interrupts */ 1988 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 1989 mutex_exit(&sc->sc_glock); 1990 1991 return (DDI_INTR_CLAIMED); 1992 } 1993 1994 static uint8_t 1995 wpi_plcp_signal(int rate) 1996 { 1997 switch (rate) { 1998 /* CCK rates (returned values are device-dependent) */ 1999 case 2: return (10); 2000 case 4: return (20); 2001 case 11: return (55); 2002 case 22: return (110); 2003 2004 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 2005 /* R1-R4 (ral/ural is R4-R1) */ 2006 case 12: return (0xd); 2007 case 18: return (0xf); 2008 case 24: return (0x5); 2009 case 36: return (0x7); 2010 case 48: return (0x9); 2011 case 72: return (0xb); 2012 case 96: return (0x1); 2013 case 108: return (0x3); 2014 2015 /* unsupported rates (should not get there) */ 2016 default: return (0); 2017 } 2018 } 2019 2020 static mblk_t * 2021 wpi_m_tx(void *arg, mblk_t *mp) 2022 { 2023 wpi_sc_t *sc = (wpi_sc_t *)arg; 2024 ieee80211com_t *ic = &sc->sc_ic; 2025 mblk_t *next; 2026 2027 if (sc->sc_flags & WPI_F_SUSPEND) { 2028 freemsgchain(mp); 2029 return (NULL); 2030 } 2031 2032 if (ic->ic_state != IEEE80211_S_RUN) { 2033 freemsgchain(mp); 2034 return (NULL); 2035 } 2036 2037 while (mp != NULL) { 2038 next = mp->b_next; 2039 mp->b_next = NULL; 2040 if (wpi_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != 0) { 2041 mp->b_next = next; 2042 break; 2043 } 2044 mp = next; 2045 } 2046 return (mp); 2047 } 2048 2049 /* ARGSUSED */ 2050 static int 2051 wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type) 2052 { 2053 wpi_sc_t *sc = (wpi_sc_t *)ic; 2054 wpi_tx_ring_t *ring; 2055 wpi_tx_desc_t *desc; 2056 wpi_tx_data_t *data; 2057 wpi_tx_cmd_t *cmd; 2058 wpi_cmd_data_t *tx; 2059 ieee80211_node_t *in; 2060 struct ieee80211_frame *wh; 2061 struct ieee80211_key *k; 2062 mblk_t *m, *m0; 2063 int rate, hdrlen, len, mblen, off, err = WPI_SUCCESS; 2064 2065 ring = ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA) ? 2066 (&sc->sc_txq[0]) : (&sc->sc_txq[1]); 2067 data = &ring->data[ring->cur]; 2068 desc = data->desc; 2069 cmd = data->cmd; 2070 bzero(desc, sizeof (*desc)); 2071 bzero(cmd, sizeof (*cmd)); 2072 2073 mutex_enter(&sc->sc_tx_lock); 2074 if (sc->sc_flags & WPI_F_SUSPEND) { 2075 mutex_exit(&sc->sc_tx_lock); 2076 if ((type & IEEE80211_FC0_TYPE_MASK) != 2077 IEEE80211_FC0_TYPE_DATA) { 2078 freemsg(mp); 2079 } 2080 err = ENXIO; 2081 goto exit; 2082 } 2083 2084 if (ring->queued > ring->count - 64) { 2085 WPI_DBG((WPI_DEBUG_TX, "wpi_send(): no txbuf\n")); 2086 sc->sc_need_reschedule = 1; 2087 mutex_exit(&sc->sc_tx_lock); 2088 if ((type & IEEE80211_FC0_TYPE_MASK) != 2089 IEEE80211_FC0_TYPE_DATA) { 2090 freemsg(mp); 2091 } 2092 sc->sc_tx_nobuf++; 2093 err = ENOMEM; 2094 goto exit; 2095 } 2096 mutex_exit(&sc->sc_tx_lock); 2097 2098 hdrlen = sizeof (struct ieee80211_frame); 2099 2100 m = allocb(msgdsize(mp) + 32, BPRI_MED); 2101 if (m == NULL) { /* can not alloc buf, drop this package */ 2102 cmn_err(CE_WARN, 2103 "wpi_send(): failed to allocate msgbuf\n"); 2104 freemsg(mp); 2105 err = WPI_SUCCESS; 2106 goto exit; 2107 } 2108 for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) { 2109 mblen = MBLKL(m0); 2110 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen); 2111 off += mblen; 2112 } 2113 m->b_wptr += off; 2114 freemsg(mp); 2115 2116 wh = (struct ieee80211_frame *)m->b_rptr; 2117 2118 in = ieee80211_find_txnode(ic, wh->i_addr1); 2119 if (in == NULL) { 2120 cmn_err(CE_WARN, "wpi_send(): failed to find tx node\n"); 2121 freemsg(m); 2122 sc->sc_tx_err++; 2123 err = WPI_SUCCESS; 2124 goto exit; 2125 } 2126 2127 (void) ieee80211_encap(ic, m, in); 2128 2129 cmd->code = WPI_CMD_TX_DATA; 2130 cmd->flags = 0; 2131 cmd->qid = ring->qid; 2132 cmd->idx = ring->cur; 2133 2134 tx = (wpi_cmd_data_t *)cmd->data; 2135 tx->flags = 0; 2136 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2137 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2138 } else { 2139 tx->flags &= ~(LE_32(WPI_TX_NEED_ACK)); 2140 } 2141 2142 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2143 k = ieee80211_crypto_encap(ic, m); 2144 if (k == NULL) { 2145 freemsg(m); 2146 sc->sc_tx_err++; 2147 err = WPI_SUCCESS; 2148 goto exit; 2149 } 2150 2151 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 2152 tx->security = 2; /* for CCMP */ 2153 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2154 (void) memcpy(&tx->key, k->wk_key, k->wk_keylen); 2155 } 2156 2157 /* packet header may have moved, reset our local pointer */ 2158 wh = (struct ieee80211_frame *)m->b_rptr; 2159 } 2160 2161 len = msgdsize(m); 2162 2163 #ifdef DEBUG 2164 if (wpi_dbg_flags & WPI_DEBUG_TX) 2165 ieee80211_dump_pkt((uint8_t *)wh, hdrlen, 0, 0); 2166 #endif 2167 2168 /* pickup a rate */ 2169 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2170 IEEE80211_FC0_TYPE_MGT) { 2171 /* mgmt frames are sent at the lowest available bit-rate */ 2172 rate = 2; 2173 } else { 2174 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) { 2175 rate = ic->ic_fixed_rate; 2176 } else 2177 rate = in->in_rates.ir_rates[in->in_txrate]; 2178 } 2179 rate &= IEEE80211_RATE_VAL; 2180 WPI_DBG((WPI_DEBUG_RATECTL, "tx rate[%d of %d] = %x", 2181 in->in_txrate, in->in_rates.ir_nrates, rate)); 2182 #ifdef WPI_BPF 2183 #ifndef WPI_CURRENT 2184 if (sc->sc_drvbpf != NULL) { 2185 #else 2186 if (bpf_peers_present(sc->sc_drvbpf)) { 2187 #endif 2188 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2189 2190 tap->wt_flags = 0; 2191 tap->wt_chan_freq = LE_16(ic->ic_curchan->ic_freq); 2192 tap->wt_chan_flags = LE_16(ic->ic_curchan->ic_flags); 2193 tap->wt_rate = rate; 2194 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2195 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2196 2197 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 2198 } 2199 #endif 2200 2201 tx->flags |= (LE_32(WPI_TX_AUTO_SEQ)); 2202 tx->flags |= LE_32(WPI_TX_BT_DISABLE | WPI_TX_CALIBRATION); 2203 2204 /* retrieve destination node's id */ 2205 tx->id = IEEE80211_IS_MULTICAST(wh->i_addr1) ? WPI_ID_BROADCAST : 2206 WPI_ID_BSS; 2207 2208 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2209 IEEE80211_FC0_TYPE_MGT) { 2210 /* tell h/w to set timestamp in probe responses */ 2211 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2212 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2213 tx->flags |= LE_32(WPI_TX_INSERT_TSTAMP); 2214 2215 if (((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2216 IEEE80211_FC0_SUBTYPE_ASSOC_REQ) || 2217 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2218 IEEE80211_FC0_SUBTYPE_REASSOC_REQ)) 2219 tx->timeout = 3; 2220 else 2221 tx->timeout = 2; 2222 } else 2223 tx->timeout = 0; 2224 2225 tx->rate = wpi_plcp_signal(rate); 2226 2227 /* be very persistant at sending frames out */ 2228 tx->rts_ntries = 7; 2229 tx->data_ntries = 15; 2230 2231 tx->cck_mask = 0x0f; 2232 tx->ofdm_mask = 0xff; 2233 tx->lifetime = LE_32(0xffffffff); 2234 2235 tx->len = LE_16(len); 2236 2237 /* save and trim IEEE802.11 header */ 2238 (void) memcpy(tx + 1, m->b_rptr, hdrlen); 2239 m->b_rptr += hdrlen; 2240 (void) memcpy(data->dma_data.mem_va, m->b_rptr, len - hdrlen); 2241 2242 WPI_DBG((WPI_DEBUG_TX, "sending data: qid=%d idx=%d len=%d", ring->qid, 2243 ring->cur, len)); 2244 2245 /* first scatter/gather segment is used by the tx data command */ 2246 desc->flags = LE_32(WPI_PAD32(len) << 28 | (2) << 24); 2247 desc->segs[0].addr = LE_32(data->paddr_cmd); 2248 desc->segs[0].len = LE_32( 2249 roundup(4 + sizeof (wpi_cmd_data_t) + hdrlen, 4)); 2250 desc->segs[1].addr = LE_32(data->dma_data.cookie.dmac_address); 2251 desc->segs[1].len = LE_32(len - hdrlen); 2252 2253 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2254 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2255 2256 mutex_enter(&sc->sc_tx_lock); 2257 ring->queued++; 2258 mutex_exit(&sc->sc_tx_lock); 2259 2260 /* kick ring */ 2261 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2262 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2263 freemsg(m); 2264 /* release node reference */ 2265 ieee80211_free_node(in); 2266 2267 ic->ic_stats.is_tx_bytes += len; 2268 ic->ic_stats.is_tx_frags++; 2269 2270 if (sc->sc_tx_timer == 0) 2271 sc->sc_tx_timer = 5; 2272 exit: 2273 return (err); 2274 } 2275 2276 static void 2277 wpi_m_ioctl(void* arg, queue_t *wq, mblk_t *mp) 2278 { 2279 wpi_sc_t *sc = (wpi_sc_t *)arg; 2280 ieee80211com_t *ic = &sc->sc_ic; 2281 int err; 2282 2283 err = ieee80211_ioctl(ic, wq, mp); 2284 if (err == ENETRESET) { 2285 /* 2286 * This is special for the hidden AP connection. 2287 * In any case, we should make sure only one 'scan' 2288 * in the driver for a 'connect' CLI command. So 2289 * when connecting to a hidden AP, the scan is just 2290 * sent out to the air when we know the desired 2291 * essid of the AP we want to connect. 2292 */ 2293 if (ic->ic_des_esslen) { 2294 if (sc->sc_flags & WPI_F_RUNNING) { 2295 wpi_m_stop(sc); 2296 (void) wpi_m_start(sc); 2297 (void) ieee80211_new_state(ic, 2298 IEEE80211_S_SCAN, -1); 2299 } 2300 } 2301 } 2302 } 2303 2304 /* 2305 * Callback functions for get/set properties 2306 */ 2307 /* ARGSUSED */ 2308 static int 2309 wpi_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_name, 2310 uint_t pr_flags, uint_t wldp_length, void *wldp_buf, uint_t *perm) 2311 { 2312 int err = 0; 2313 wpi_sc_t *sc = (wpi_sc_t *)arg; 2314 2315 err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_name, 2316 pr_flags, wldp_length, wldp_buf, perm); 2317 2318 return (err); 2319 } 2320 static int 2321 wpi_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_name, 2322 uint_t wldp_length, const void *wldp_buf) 2323 { 2324 int err; 2325 wpi_sc_t *sc = (wpi_sc_t *)arg; 2326 ieee80211com_t *ic = &sc->sc_ic; 2327 2328 err = ieee80211_setprop(ic, pr_name, wldp_pr_name, 2329 wldp_length, wldp_buf); 2330 2331 if (err == ENETRESET) { 2332 if (ic->ic_des_esslen) { 2333 if (sc->sc_flags & WPI_F_RUNNING) { 2334 wpi_m_stop(sc); 2335 (void) wpi_m_start(sc); 2336 (void) ieee80211_new_state(ic, 2337 IEEE80211_S_SCAN, -1); 2338 } 2339 } 2340 2341 err = 0; 2342 } 2343 2344 return (err); 2345 } 2346 2347 /*ARGSUSED*/ 2348 static int 2349 wpi_m_stat(void *arg, uint_t stat, uint64_t *val) 2350 { 2351 wpi_sc_t *sc = (wpi_sc_t *)arg; 2352 ieee80211com_t *ic = &sc->sc_ic; 2353 ieee80211_node_t *in; 2354 2355 mutex_enter(&sc->sc_glock); 2356 switch (stat) { 2357 case MAC_STAT_IFSPEED: 2358 in = ic->ic_bss; 2359 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ? 2360 IEEE80211_RATE(in->in_txrate) : 2361 ic->ic_fixed_rate) / 2 * 1000000; 2362 break; 2363 case MAC_STAT_NOXMTBUF: 2364 *val = sc->sc_tx_nobuf; 2365 break; 2366 case MAC_STAT_NORCVBUF: 2367 *val = sc->sc_rx_nobuf; 2368 break; 2369 case MAC_STAT_IERRORS: 2370 *val = sc->sc_rx_err; 2371 break; 2372 case MAC_STAT_RBYTES: 2373 *val = ic->ic_stats.is_rx_bytes; 2374 break; 2375 case MAC_STAT_IPACKETS: 2376 *val = ic->ic_stats.is_rx_frags; 2377 break; 2378 case MAC_STAT_OBYTES: 2379 *val = ic->ic_stats.is_tx_bytes; 2380 break; 2381 case MAC_STAT_OPACKETS: 2382 *val = ic->ic_stats.is_tx_frags; 2383 break; 2384 case MAC_STAT_OERRORS: 2385 case WIFI_STAT_TX_FAILED: 2386 *val = sc->sc_tx_err; 2387 break; 2388 case WIFI_STAT_TX_RETRANS: 2389 *val = sc->sc_tx_retries; 2390 break; 2391 case WIFI_STAT_FCS_ERRORS: 2392 case WIFI_STAT_WEP_ERRORS: 2393 case WIFI_STAT_TX_FRAGS: 2394 case WIFI_STAT_MCAST_TX: 2395 case WIFI_STAT_RTS_SUCCESS: 2396 case WIFI_STAT_RTS_FAILURE: 2397 case WIFI_STAT_ACK_FAILURE: 2398 case WIFI_STAT_RX_FRAGS: 2399 case WIFI_STAT_MCAST_RX: 2400 case WIFI_STAT_RX_DUPS: 2401 mutex_exit(&sc->sc_glock); 2402 return (ieee80211_stat(ic, stat, val)); 2403 default: 2404 mutex_exit(&sc->sc_glock); 2405 return (ENOTSUP); 2406 } 2407 mutex_exit(&sc->sc_glock); 2408 2409 return (WPI_SUCCESS); 2410 2411 } 2412 2413 static int 2414 wpi_m_start(void *arg) 2415 { 2416 wpi_sc_t *sc = (wpi_sc_t *)arg; 2417 ieee80211com_t *ic = &sc->sc_ic; 2418 int err; 2419 2420 err = wpi_init(sc); 2421 if (err != WPI_SUCCESS) { 2422 wpi_stop(sc); 2423 DELAY(1000000); 2424 err = wpi_init(sc); 2425 } 2426 2427 if (err) { 2428 /* 2429 * The hw init err(eg. RF is OFF). Return Success to make 2430 * the 'plumb' succeed. The wpi_thread() tries to re-init 2431 * background. 2432 */ 2433 mutex_enter(&sc->sc_glock); 2434 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2435 mutex_exit(&sc->sc_glock); 2436 return (WPI_SUCCESS); 2437 } 2438 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2439 mutex_enter(&sc->sc_glock); 2440 sc->sc_flags |= WPI_F_RUNNING; 2441 mutex_exit(&sc->sc_glock); 2442 2443 return (WPI_SUCCESS); 2444 } 2445 2446 static void 2447 wpi_m_stop(void *arg) 2448 { 2449 wpi_sc_t *sc = (wpi_sc_t *)arg; 2450 ieee80211com_t *ic = &sc->sc_ic; 2451 2452 wpi_stop(sc); 2453 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2454 mutex_enter(&sc->sc_mt_lock); 2455 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2456 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 2457 mutex_exit(&sc->sc_mt_lock); 2458 mutex_enter(&sc->sc_glock); 2459 sc->sc_flags &= ~WPI_F_RUNNING; 2460 mutex_exit(&sc->sc_glock); 2461 } 2462 2463 /*ARGSUSED*/ 2464 static int 2465 wpi_m_unicst(void *arg, const uint8_t *macaddr) 2466 { 2467 wpi_sc_t *sc = (wpi_sc_t *)arg; 2468 ieee80211com_t *ic = &sc->sc_ic; 2469 int err; 2470 2471 if (!IEEE80211_ADDR_EQ(ic->ic_macaddr, macaddr)) { 2472 IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr); 2473 mutex_enter(&sc->sc_glock); 2474 err = wpi_config(sc); 2475 mutex_exit(&sc->sc_glock); 2476 if (err != WPI_SUCCESS) { 2477 cmn_err(CE_WARN, 2478 "wpi_m_unicst(): " 2479 "failed to configure device\n"); 2480 goto fail; 2481 } 2482 } 2483 return (WPI_SUCCESS); 2484 fail: 2485 return (err); 2486 } 2487 2488 /*ARGSUSED*/ 2489 static int 2490 wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m) 2491 { 2492 return (WPI_SUCCESS); 2493 } 2494 2495 /*ARGSUSED*/ 2496 static int 2497 wpi_m_promisc(void *arg, boolean_t on) 2498 { 2499 return (WPI_SUCCESS); 2500 } 2501 2502 static void 2503 wpi_thread(wpi_sc_t *sc) 2504 { 2505 ieee80211com_t *ic = &sc->sc_ic; 2506 clock_t clk; 2507 int times = 0, err, n = 0, timeout = 0; 2508 uint32_t tmp; 2509 2510 mutex_enter(&sc->sc_mt_lock); 2511 while (sc->sc_mf_thread_switch) { 2512 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2513 if (tmp & WPI_GPIO_HW_RF_KILL) { 2514 sc->sc_flags &= ~WPI_F_RADIO_OFF; 2515 } else { 2516 sc->sc_flags |= WPI_F_RADIO_OFF; 2517 } 2518 /* 2519 * If in SUSPEND or the RF is OFF, do nothing 2520 */ 2521 if ((sc->sc_flags & WPI_F_SUSPEND) || 2522 (sc->sc_flags & WPI_F_RADIO_OFF)) { 2523 mutex_exit(&sc->sc_mt_lock); 2524 delay(drv_usectohz(100000)); 2525 mutex_enter(&sc->sc_mt_lock); 2526 continue; 2527 } 2528 2529 /* 2530 * recovery fatal error 2531 */ 2532 if (ic->ic_mach && 2533 (sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 2534 2535 WPI_DBG((WPI_DEBUG_FW, 2536 "wpi_thread(): " 2537 "try to recover fatal hw error: %d\n", times++)); 2538 2539 wpi_stop(sc); 2540 mutex_exit(&sc->sc_mt_lock); 2541 2542 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2543 delay(drv_usectohz(2000000)); 2544 2545 mutex_enter(&sc->sc_mt_lock); 2546 err = wpi_init(sc); 2547 if (err != WPI_SUCCESS) { 2548 n++; 2549 if (n < 3) 2550 continue; 2551 } 2552 n = 0; 2553 if (!err) 2554 sc->sc_flags |= WPI_F_RUNNING; 2555 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2556 mutex_exit(&sc->sc_mt_lock); 2557 delay(drv_usectohz(2000000)); 2558 if (sc->sc_ostate != IEEE80211_S_INIT) 2559 ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); 2560 mutex_enter(&sc->sc_mt_lock); 2561 } 2562 2563 /* 2564 * scan next channel 2565 */ 2566 if (ic->ic_mach && 2567 (sc->sc_flags & WPI_F_SCANNING) && sc->sc_scan_next) { 2568 2569 WPI_DBG((WPI_DEBUG_SCAN, 2570 "wpi_thread(): " 2571 "wait for probe response\n")); 2572 2573 sc->sc_scan_next--; 2574 mutex_exit(&sc->sc_mt_lock); 2575 delay(drv_usectohz(200000)); 2576 ieee80211_next_scan(ic); 2577 mutex_enter(&sc->sc_mt_lock); 2578 } 2579 2580 /* 2581 * rate ctl 2582 */ 2583 if (ic->ic_mach && 2584 (sc->sc_flags & WPI_F_RATE_AUTO_CTL)) { 2585 clk = ddi_get_lbolt(); 2586 if (clk > sc->sc_clk + drv_usectohz(500000)) { 2587 wpi_amrr_timeout(sc); 2588 } 2589 } 2590 mutex_exit(&sc->sc_mt_lock); 2591 delay(drv_usectohz(100000)); 2592 mutex_enter(&sc->sc_mt_lock); 2593 if (sc->sc_tx_timer) { 2594 timeout++; 2595 if (timeout == 10) { 2596 sc->sc_tx_timer--; 2597 if (sc->sc_tx_timer == 0) { 2598 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2599 sc->sc_ostate = IEEE80211_S_RUN; 2600 WPI_DBG((WPI_DEBUG_FW, 2601 "wpi_thread(): send fail\n")); 2602 } 2603 timeout = 0; 2604 } 2605 } 2606 } 2607 sc->sc_mf_thread = NULL; 2608 cv_signal(&sc->sc_mt_cv); 2609 mutex_exit(&sc->sc_mt_lock); 2610 } 2611 2612 /* 2613 * Extract various information from EEPROM. 2614 */ 2615 static void 2616 wpi_read_eeprom(wpi_sc_t *sc) 2617 { 2618 ieee80211com_t *ic = &sc->sc_ic; 2619 uint16_t val; 2620 int i; 2621 2622 /* read MAC address */ 2623 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 0); 2624 ic->ic_macaddr[0] = val & 0xff; 2625 ic->ic_macaddr[1] = val >> 8; 2626 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 1); 2627 ic->ic_macaddr[2] = val & 0xff; 2628 ic->ic_macaddr[3] = val >> 8; 2629 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 2); 2630 ic->ic_macaddr[4] = val & 0xff; 2631 ic->ic_macaddr[5] = val >> 8; 2632 2633 WPI_DBG((WPI_DEBUG_EEPROM, 2634 "mac:%2x:%2x:%2x:%2x:%2x:%2x\n", 2635 ic->ic_macaddr[0], ic->ic_macaddr[1], 2636 ic->ic_macaddr[2], ic->ic_macaddr[3], 2637 ic->ic_macaddr[4], ic->ic_macaddr[5])); 2638 /* read power settings for 2.4GHz channels */ 2639 for (i = 0; i < 14; i++) { 2640 sc->sc_pwr1[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR1 + i); 2641 sc->sc_pwr2[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR2 + i); 2642 WPI_DBG((WPI_DEBUG_EEPROM, 2643 "channel %d pwr1 0x%04x pwr2 0x%04x\n", i + 1, 2644 sc->sc_pwr1[i], sc->sc_pwr2[i])); 2645 } 2646 } 2647 2648 /* 2649 * Send a command to the firmware. 2650 */ 2651 static int 2652 wpi_cmd(wpi_sc_t *sc, int code, const void *buf, int size, int async) 2653 { 2654 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2655 wpi_tx_desc_t *desc; 2656 wpi_tx_cmd_t *cmd; 2657 2658 ASSERT(size <= sizeof (cmd->data)); 2659 ASSERT(mutex_owned(&sc->sc_glock)); 2660 2661 WPI_DBG((WPI_DEBUG_CMD, "wpi_cmd() # code[%d]", code)); 2662 desc = ring->data[ring->cur].desc; 2663 cmd = ring->data[ring->cur].cmd; 2664 2665 cmd->code = (uint8_t)code; 2666 cmd->flags = 0; 2667 cmd->qid = ring->qid; 2668 cmd->idx = ring->cur; 2669 (void) memcpy(cmd->data, buf, size); 2670 2671 desc->flags = LE_32(WPI_PAD32(size) << 28 | 1 << 24); 2672 desc->segs[0].addr = ring->data[ring->cur].paddr_cmd; 2673 desc->segs[0].len = 4 + size; 2674 2675 /* kick cmd ring */ 2676 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2677 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2678 2679 if (async) 2680 return (WPI_SUCCESS); 2681 else { 2682 clock_t clk; 2683 sc->sc_flags &= ~WPI_F_CMD_DONE; 2684 clk = ddi_get_lbolt() + drv_usectohz(2000000); 2685 while (!(sc->sc_flags & WPI_F_CMD_DONE)) { 2686 if (cv_timedwait(&sc->sc_cmd_cv, &sc->sc_glock, clk) 2687 < 0) 2688 break; 2689 } 2690 if (sc->sc_flags & WPI_F_CMD_DONE) 2691 return (WPI_SUCCESS); 2692 else 2693 return (WPI_FAIL); 2694 } 2695 } 2696 2697 /* 2698 * Configure h/w multi-rate retries. 2699 */ 2700 static int 2701 wpi_mrr_setup(wpi_sc_t *sc) 2702 { 2703 wpi_mrr_setup_t mrr; 2704 int i, err; 2705 2706 /* CCK rates (not used with 802.11a) */ 2707 for (i = WPI_CCK1; i <= WPI_CCK11; i++) { 2708 mrr.rates[i].flags = 0; 2709 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2710 /* fallback to the immediate lower CCK rate (if any) */ 2711 mrr.rates[i].next = (i == WPI_CCK1) ? WPI_CCK1 : i - 1; 2712 /* try one time at this rate before falling back to "next" */ 2713 mrr.rates[i].ntries = 1; 2714 } 2715 2716 /* OFDM rates (not used with 802.11b) */ 2717 for (i = WPI_OFDM6; i <= WPI_OFDM54; i++) { 2718 mrr.rates[i].flags = 0; 2719 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2720 /* fallback to the immediate lower OFDM rate (if any) */ 2721 mrr.rates[i].next = (i == WPI_OFDM6) ? WPI_OFDM6 : i - 1; 2722 /* try one time at this rate before falling back to "next" */ 2723 mrr.rates[i].ntries = 1; 2724 } 2725 2726 /* setup MRR for control frames */ 2727 mrr.which = LE_32(WPI_MRR_CTL); 2728 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2729 if (err != WPI_SUCCESS) { 2730 WPI_DBG((WPI_DEBUG_MRR, 2731 "could not setup MRR for control frames\n")); 2732 return (err); 2733 } 2734 2735 /* setup MRR for data frames */ 2736 mrr.which = LE_32(WPI_MRR_DATA); 2737 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2738 if (err != WPI_SUCCESS) { 2739 WPI_DBG((WPI_DEBUG_MRR, 2740 "could not setup MRR for data frames\n")); 2741 return (err); 2742 } 2743 2744 return (WPI_SUCCESS); 2745 } 2746 2747 static void 2748 wpi_set_led(wpi_sc_t *sc, uint8_t which, uint8_t off, uint8_t on) 2749 { 2750 wpi_cmd_led_t led; 2751 2752 led.which = which; 2753 led.unit = LE_32(100000); /* on/off in unit of 100ms */ 2754 led.off = off; 2755 led.on = on; 2756 2757 (void) wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof (led), 1); 2758 } 2759 2760 static int 2761 wpi_auth(wpi_sc_t *sc) 2762 { 2763 ieee80211com_t *ic = &sc->sc_ic; 2764 ieee80211_node_t *in = ic->ic_bss; 2765 wpi_node_t node; 2766 int err; 2767 2768 /* update adapter's configuration */ 2769 IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid); 2770 sc->sc_config.chan = ieee80211_chan2ieee(ic, in->in_chan); 2771 if (ic->ic_curmode == IEEE80211_MODE_11B) { 2772 sc->sc_config.cck_mask = 0x03; 2773 sc->sc_config.ofdm_mask = 0; 2774 } else if ((in->in_chan != IEEE80211_CHAN_ANYC) && 2775 (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) { 2776 sc->sc_config.cck_mask = 0; 2777 sc->sc_config.ofdm_mask = 0x15; 2778 } else { /* assume 802.11b/g */ 2779 sc->sc_config.cck_mask = 0x0f; 2780 sc->sc_config.ofdm_mask = 0xff; 2781 } 2782 2783 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x cck %x ofdm %x" 2784 " bssid:%02x:%02x:%02x:%02x:%02x:%2x\n", 2785 sc->sc_config.chan, sc->sc_config.flags, 2786 sc->sc_config.cck_mask, sc->sc_config.ofdm_mask, 2787 sc->sc_config.bssid[0], sc->sc_config.bssid[1], 2788 sc->sc_config.bssid[2], sc->sc_config.bssid[3], 2789 sc->sc_config.bssid[4], sc->sc_config.bssid[5])); 2790 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2791 sizeof (wpi_config_t), 1); 2792 if (err != WPI_SUCCESS) { 2793 cmn_err(CE_WARN, "wpi_auth(): failed to configurate chan%d\n", 2794 sc->sc_config.chan); 2795 return (err); 2796 } 2797 2798 /* add default node */ 2799 (void) memset(&node, 0, sizeof (node)); 2800 IEEE80211_ADDR_COPY(node.bssid, in->in_bssid); 2801 node.id = WPI_ID_BSS; 2802 node.rate = wpi_plcp_signal(2); 2803 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 2804 if (err != WPI_SUCCESS) { 2805 cmn_err(CE_WARN, "wpi_auth(): failed to add BSS node\n"); 2806 return (err); 2807 } 2808 2809 err = wpi_mrr_setup(sc); 2810 if (err != WPI_SUCCESS) { 2811 cmn_err(CE_WARN, "wpi_auth(): failed to setup MRR\n"); 2812 return (err); 2813 } 2814 2815 return (WPI_SUCCESS); 2816 } 2817 2818 /* 2819 * Send a scan request to the firmware. 2820 */ 2821 static int 2822 wpi_scan(wpi_sc_t *sc) 2823 { 2824 ieee80211com_t *ic = &sc->sc_ic; 2825 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2826 wpi_tx_desc_t *desc; 2827 wpi_tx_data_t *data; 2828 wpi_tx_cmd_t *cmd; 2829 wpi_scan_hdr_t *hdr; 2830 wpi_scan_chan_t *chan; 2831 struct ieee80211_frame *wh; 2832 ieee80211_node_t *in = ic->ic_bss; 2833 uint8_t essid[IEEE80211_NWID_LEN+1]; 2834 struct ieee80211_rateset *rs; 2835 enum ieee80211_phymode mode; 2836 uint8_t *frm; 2837 int i, pktlen, nrates; 2838 2839 /* previous scan not completed */ 2840 if (sc->sc_scan_pending) { 2841 WPI_DBG((WPI_DEBUG_SCAN, "previous scan not completed\n")); 2842 return (WPI_SUCCESS); 2843 } 2844 2845 data = &ring->data[ring->cur]; 2846 desc = data->desc; 2847 cmd = (wpi_tx_cmd_t *)data->dma_data.mem_va; 2848 2849 cmd->code = WPI_CMD_SCAN; 2850 cmd->flags = 0; 2851 cmd->qid = ring->qid; 2852 cmd->idx = ring->cur; 2853 2854 hdr = (wpi_scan_hdr_t *)cmd->data; 2855 (void) memset(hdr, 0, sizeof (wpi_scan_hdr_t)); 2856 hdr->first = 1; 2857 hdr->nchan = 1; 2858 hdr->len = hdr->nchan * sizeof (wpi_scan_chan_t); 2859 hdr->quiet = LE_16(50); 2860 hdr->threshold = LE_16(1); 2861 hdr->filter = LE_32(5); 2862 hdr->rate = wpi_plcp_signal(2); 2863 hdr->id = WPI_ID_BROADCAST; 2864 hdr->mask = LE_32(0xffffffff); 2865 hdr->esslen = ic->ic_des_esslen; 2866 2867 if (ic->ic_des_esslen) { 2868 bcopy(ic->ic_des_essid, essid, ic->ic_des_esslen); 2869 essid[ic->ic_des_esslen] = '\0'; 2870 WPI_DBG((WPI_DEBUG_SCAN, "directed scan %s\n", essid)); 2871 2872 bcopy(ic->ic_des_essid, hdr->essid, ic->ic_des_esslen); 2873 } else { 2874 bzero(hdr->essid, sizeof (hdr->essid)); 2875 } 2876 2877 /* 2878 * Build a probe request frame. Most of the following code is a 2879 * copy & paste of what is done in net80211. Unfortunately, the 2880 * functions to add IEs are static and thus can't be reused here. 2881 */ 2882 wh = (struct ieee80211_frame *)(hdr + 1); 2883 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2884 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2885 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2886 (void) memset(wh->i_addr1, 0xff, 6); 2887 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_macaddr); 2888 (void) memset(wh->i_addr3, 0xff, 6); 2889 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 2890 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 2891 2892 frm = (uint8_t *)(wh + 1); 2893 2894 /* add essid IE */ 2895 if (in->in_esslen) { 2896 bcopy(in->in_essid, essid, in->in_esslen); 2897 essid[in->in_esslen] = '\0'; 2898 WPI_DBG((WPI_DEBUG_SCAN, "probe with ESSID %s\n", 2899 essid)); 2900 } 2901 *frm++ = IEEE80211_ELEMID_SSID; 2902 *frm++ = in->in_esslen; 2903 (void) memcpy(frm, in->in_essid, in->in_esslen); 2904 frm += in->in_esslen; 2905 2906 mode = ieee80211_chan2mode(ic, ic->ic_curchan); 2907 rs = &ic->ic_sup_rates[mode]; 2908 2909 /* add supported rates IE */ 2910 *frm++ = IEEE80211_ELEMID_RATES; 2911 nrates = rs->ir_nrates; 2912 if (nrates > IEEE80211_RATE_SIZE) 2913 nrates = IEEE80211_RATE_SIZE; 2914 *frm++ = (uint8_t)nrates; 2915 (void) memcpy(frm, rs->ir_rates, nrates); 2916 frm += nrates; 2917 2918 /* add supported xrates IE */ 2919 if (rs->ir_nrates > IEEE80211_RATE_SIZE) { 2920 nrates = rs->ir_nrates - IEEE80211_RATE_SIZE; 2921 *frm++ = IEEE80211_ELEMID_XRATES; 2922 *frm++ = (uint8_t)nrates; 2923 (void) memcpy(frm, rs->ir_rates + IEEE80211_RATE_SIZE, nrates); 2924 frm += nrates; 2925 } 2926 2927 /* add optionnal IE (usually an RSN IE) */ 2928 if (ic->ic_opt_ie != NULL) { 2929 (void) memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); 2930 frm += ic->ic_opt_ie_len; 2931 } 2932 2933 /* setup length of probe request */ 2934 hdr->pbrlen = LE_16((uintptr_t)frm - (uintptr_t)wh); 2935 2936 /* align on a 4-byte boundary */ 2937 chan = (wpi_scan_chan_t *)frm; 2938 for (i = 1; i <= hdr->nchan; i++, chan++) { 2939 if (ic->ic_des_esslen) { 2940 chan->flags = 0x3; 2941 } else { 2942 chan->flags = 0x1; 2943 } 2944 chan->chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2945 chan->magic = LE_16(0x62ab); 2946 chan->active = LE_16(50); 2947 chan->passive = LE_16(120); 2948 2949 frm += sizeof (wpi_scan_chan_t); 2950 } 2951 2952 pktlen = (uintptr_t)frm - (uintptr_t)cmd; 2953 2954 desc->flags = LE_32(WPI_PAD32(pktlen) << 28 | 1 << 24); 2955 desc->segs[0].addr = LE_32(data->dma_data.cookie.dmac_address); 2956 desc->segs[0].len = LE_32(pktlen); 2957 2958 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2959 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2960 2961 /* kick cmd ring */ 2962 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2963 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2964 2965 sc->sc_scan_pending = 1; 2966 2967 return (WPI_SUCCESS); /* will be notified async. of failure/success */ 2968 } 2969 2970 static int 2971 wpi_config(wpi_sc_t *sc) 2972 { 2973 ieee80211com_t *ic = &sc->sc_ic; 2974 wpi_txpower_t txpower; 2975 wpi_power_t power; 2976 #ifdef WPI_BLUE_COEXISTENCE 2977 wpi_bluetooth_t bluetooth; 2978 #endif 2979 wpi_node_t node; 2980 int err; 2981 2982 /* Intel's binary only daemon is a joke.. */ 2983 2984 /* set Tx power for 2.4GHz channels (values read from EEPROM) */ 2985 (void) memset(&txpower, 0, sizeof (txpower)); 2986 (void) memcpy(txpower.pwr1, sc->sc_pwr1, 14 * sizeof (uint16_t)); 2987 (void) memcpy(txpower.pwr2, sc->sc_pwr2, 14 * sizeof (uint16_t)); 2988 err = wpi_cmd(sc, WPI_CMD_TXPOWER, &txpower, sizeof (txpower), 0); 2989 if (err != WPI_SUCCESS) { 2990 cmn_err(CE_WARN, "wpi_config(): failed to set txpower\n"); 2991 return (err); 2992 } 2993 2994 /* set power mode */ 2995 (void) memset(&power, 0, sizeof (power)); 2996 power.flags = LE_32(0x8); 2997 err = wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &power, sizeof (power), 0); 2998 if (err != WPI_SUCCESS) { 2999 cmn_err(CE_WARN, "wpi_config(): failed to set power mode\n"); 3000 return (err); 3001 } 3002 #ifdef WPI_BLUE_COEXISTENCE 3003 /* configure bluetooth coexistence */ 3004 (void) memset(&bluetooth, 0, sizeof (bluetooth)); 3005 bluetooth.flags = 3; 3006 bluetooth.lead = 0xaa; 3007 bluetooth.kill = 1; 3008 err = wpi_cmd(sc, WPI_CMD_BLUETOOTH, &bluetooth, 3009 sizeof (bluetooth), 0); 3010 if (err != WPI_SUCCESS) { 3011 cmn_err(CE_WARN, 3012 "wpi_config(): " 3013 "failed to configurate bluetooth coexistence\n"); 3014 return (err); 3015 } 3016 #endif 3017 /* configure adapter */ 3018 (void) memset(&sc->sc_config, 0, sizeof (wpi_config_t)); 3019 IEEE80211_ADDR_COPY(sc->sc_config.myaddr, ic->ic_macaddr); 3020 sc->sc_config.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 3021 sc->sc_config.flags = LE_32(WPI_CONFIG_TSF | WPI_CONFIG_AUTO | 3022 WPI_CONFIG_24GHZ); 3023 sc->sc_config.filter = 0; 3024 switch (ic->ic_opmode) { 3025 case IEEE80211_M_STA: 3026 sc->sc_config.mode = WPI_MODE_STA; 3027 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST); 3028 break; 3029 case IEEE80211_M_IBSS: 3030 case IEEE80211_M_AHDEMO: 3031 sc->sc_config.mode = WPI_MODE_IBSS; 3032 break; 3033 case IEEE80211_M_HOSTAP: 3034 sc->sc_config.mode = WPI_MODE_HOSTAP; 3035 break; 3036 case IEEE80211_M_MONITOR: 3037 sc->sc_config.mode = WPI_MODE_MONITOR; 3038 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST | 3039 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 3040 break; 3041 } 3042 sc->sc_config.cck_mask = 0x0f; /* not yet negotiated */ 3043 sc->sc_config.ofdm_mask = 0xff; /* not yet negotiated */ 3044 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 3045 sizeof (wpi_config_t), 0); 3046 if (err != WPI_SUCCESS) { 3047 cmn_err(CE_WARN, "wpi_config(): " 3048 "failed to set configure command\n"); 3049 return (err); 3050 } 3051 3052 /* add broadcast node */ 3053 (void) memset(&node, 0, sizeof (node)); 3054 (void) memset(node.bssid, 0xff, 6); 3055 node.id = WPI_ID_BROADCAST; 3056 node.rate = wpi_plcp_signal(2); 3057 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 0); 3058 if (err != WPI_SUCCESS) { 3059 cmn_err(CE_WARN, "wpi_config(): " 3060 "failed to add broadcast node\n"); 3061 return (err); 3062 } 3063 3064 return (WPI_SUCCESS); 3065 } 3066 3067 static void 3068 wpi_stop_master(wpi_sc_t *sc) 3069 { 3070 uint32_t tmp; 3071 int ntries; 3072 3073 tmp = WPI_READ(sc, WPI_RESET); 3074 WPI_WRITE(sc, WPI_RESET, tmp | WPI_STOP_MASTER); 3075 3076 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3077 if ((tmp & WPI_GPIO_PWR_STATUS) == WPI_GPIO_PWR_SLEEP) 3078 return; /* already asleep */ 3079 3080 for (ntries = 0; ntries < 2000; ntries++) { 3081 if (WPI_READ(sc, WPI_RESET) & WPI_MASTER_DISABLED) 3082 break; 3083 DELAY(1000); 3084 } 3085 if (ntries == 2000) 3086 WPI_DBG((WPI_DEBUG_HW, "timeout waiting for master\n")); 3087 } 3088 3089 static int 3090 wpi_power_up(wpi_sc_t *sc) 3091 { 3092 uint32_t tmp; 3093 int ntries; 3094 3095 wpi_mem_lock(sc); 3096 tmp = wpi_mem_read(sc, WPI_MEM_POWER); 3097 wpi_mem_write(sc, WPI_MEM_POWER, tmp & ~0x03000000); 3098 wpi_mem_unlock(sc); 3099 3100 for (ntries = 0; ntries < 5000; ntries++) { 3101 if (WPI_READ(sc, WPI_GPIO_STATUS) & WPI_POWERED) 3102 break; 3103 DELAY(10); 3104 } 3105 if (ntries == 5000) { 3106 cmn_err(CE_WARN, 3107 "wpi_power_up(): timeout waiting for NIC to power up\n"); 3108 return (ETIMEDOUT); 3109 } 3110 return (WPI_SUCCESS); 3111 } 3112 3113 static int 3114 wpi_reset(wpi_sc_t *sc) 3115 { 3116 uint32_t tmp; 3117 int ntries; 3118 3119 /* clear any pending interrupts */ 3120 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 3121 3122 tmp = WPI_READ(sc, WPI_PLL_CTL); 3123 WPI_WRITE(sc, WPI_PLL_CTL, tmp | WPI_PLL_INIT); 3124 3125 tmp = WPI_READ(sc, WPI_CHICKEN); 3126 WPI_WRITE(sc, WPI_CHICKEN, tmp | WPI_CHICKEN_RXNOLOS); 3127 3128 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3129 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_INIT); 3130 3131 /* wait for clock stabilization */ 3132 for (ntries = 0; ntries < 1000; ntries++) { 3133 if (WPI_READ(sc, WPI_GPIO_CTL) & WPI_GPIO_CLOCK) 3134 break; 3135 DELAY(10); 3136 } 3137 if (ntries == 1000) { 3138 cmn_err(CE_WARN, 3139 "wpi_reset(): timeout waiting for clock stabilization\n"); 3140 return (ETIMEDOUT); 3141 } 3142 3143 /* initialize EEPROM */ 3144 tmp = WPI_READ(sc, WPI_EEPROM_STATUS); 3145 if ((tmp & WPI_EEPROM_VERSION) == 0) { 3146 cmn_err(CE_WARN, "wpi_reset(): EEPROM not found\n"); 3147 return (EIO); 3148 } 3149 WPI_WRITE(sc, WPI_EEPROM_STATUS, tmp & ~WPI_EEPROM_LOCKED); 3150 3151 return (WPI_SUCCESS); 3152 } 3153 3154 static void 3155 wpi_hw_config(wpi_sc_t *sc) 3156 { 3157 uint16_t val; 3158 uint32_t hw; 3159 3160 /* voodoo from the Linux "driver".. */ 3161 hw = WPI_READ(sc, WPI_HWCONFIG); 3162 3163 if ((sc->sc_rev & 0xc0) == 0x40) 3164 hw |= WPI_HW_ALM_MB; 3165 else if (!(sc->sc_rev & 0x80)) 3166 hw |= WPI_HW_ALM_MM; 3167 3168 val = wpi_read_prom_word(sc, WPI_EEPROM_CAPABILITIES); 3169 if ((val & 0xff) == 0x80) 3170 hw |= WPI_HW_SKU_MRC; 3171 3172 val = wpi_read_prom_word(sc, WPI_EEPROM_REVISION); 3173 hw &= ~WPI_HW_REV_D; 3174 if ((val & 0xf0) == 0xd0) 3175 hw |= WPI_HW_REV_D; 3176 3177 val = wpi_read_prom_word(sc, WPI_EEPROM_TYPE); 3178 if ((val & 0xff) > 1) 3179 hw |= WPI_HW_TYPE_B; 3180 3181 WPI_DBG((WPI_DEBUG_HW, "setting h/w config %x\n", hw)); 3182 WPI_WRITE(sc, WPI_HWCONFIG, hw); 3183 } 3184 3185 static int 3186 wpi_init(wpi_sc_t *sc) 3187 { 3188 uint32_t tmp; 3189 int qid, ntries, err; 3190 clock_t clk; 3191 3192 mutex_enter(&sc->sc_glock); 3193 sc->sc_flags &= ~WPI_F_FW_INIT; 3194 3195 (void) wpi_reset(sc); 3196 3197 wpi_mem_lock(sc); 3198 wpi_mem_write(sc, WPI_MEM_CLOCK1, 0xa00); 3199 DELAY(20); 3200 tmp = wpi_mem_read(sc, WPI_MEM_PCIDEV); 3201 wpi_mem_write(sc, WPI_MEM_PCIDEV, tmp | 0x800); 3202 wpi_mem_unlock(sc); 3203 3204 (void) wpi_power_up(sc); 3205 wpi_hw_config(sc); 3206 3207 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3208 if (!(tmp & WPI_GPIO_HW_RF_KILL)) { 3209 cmn_err(CE_WARN, "wpi_init(): Radio transmitter is off\n"); 3210 goto fail1; 3211 } 3212 3213 /* init Rx ring */ 3214 wpi_mem_lock(sc); 3215 WPI_WRITE(sc, WPI_RX_BASE, sc->sc_rxq.dma_desc.cookie.dmac_address); 3216 WPI_WRITE(sc, WPI_RX_RIDX_PTR, 3217 (uint32_t)(sc->sc_dma_sh.cookie.dmac_address + 3218 offsetof(wpi_shared_t, next))); 3219 WPI_WRITE(sc, WPI_RX_WIDX, (WPI_RX_RING_COUNT - 1) & (~7)); 3220 WPI_WRITE(sc, WPI_RX_CONFIG, 0xa9601010); 3221 wpi_mem_unlock(sc); 3222 3223 /* init Tx rings */ 3224 wpi_mem_lock(sc); 3225 wpi_mem_write(sc, WPI_MEM_MODE, 2); /* bypass mode */ 3226 wpi_mem_write(sc, WPI_MEM_RA, 1); /* enable RA0 */ 3227 wpi_mem_write(sc, WPI_MEM_TXCFG, 0x3f); /* enable all 6 Tx rings */ 3228 wpi_mem_write(sc, WPI_MEM_BYPASS1, 0x10000); 3229 wpi_mem_write(sc, WPI_MEM_BYPASS2, 0x30002); 3230 wpi_mem_write(sc, WPI_MEM_MAGIC4, 4); 3231 wpi_mem_write(sc, WPI_MEM_MAGIC5, 5); 3232 3233 WPI_WRITE(sc, WPI_TX_BASE_PTR, sc->sc_dma_sh.cookie.dmac_address); 3234 WPI_WRITE(sc, WPI_MSG_CONFIG, 0xffff05a5); 3235 3236 for (qid = 0; qid < 6; qid++) { 3237 WPI_WRITE(sc, WPI_TX_CTL(qid), 0); 3238 WPI_WRITE(sc, WPI_TX_BASE(qid), 0); 3239 WPI_WRITE(sc, WPI_TX_CONFIG(qid), 0x80200008); 3240 } 3241 wpi_mem_unlock(sc); 3242 3243 /* clear "radio off" and "disable command" bits (reversed logic) */ 3244 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_RADIO_OFF); 3245 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_DISABLE_CMD); 3246 3247 /* clear any pending interrupts */ 3248 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 3249 3250 /* enable interrupts */ 3251 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 3252 3253 /* load firmware boot code into NIC */ 3254 err = wpi_load_microcode(sc); 3255 if (err != WPI_SUCCESS) { 3256 cmn_err(CE_WARN, "wpi_init(): failed to load microcode\n"); 3257 goto fail1; 3258 } 3259 3260 /* load firmware .text segment into NIC */ 3261 err = wpi_load_firmware(sc, WPI_FW_TEXT); 3262 if (err != WPI_SUCCESS) { 3263 cmn_err(CE_WARN, "wpi_init(): " 3264 "failed to load firmware(text)\n"); 3265 goto fail1; 3266 } 3267 3268 /* load firmware .data segment into NIC */ 3269 err = wpi_load_firmware(sc, WPI_FW_DATA); 3270 if (err != WPI_SUCCESS) { 3271 cmn_err(CE_WARN, "wpi_init(): " 3272 "failed to load firmware(data)\n"); 3273 goto fail1; 3274 } 3275 3276 /* now press "execute" ;-) */ 3277 tmp = WPI_READ(sc, WPI_RESET); 3278 tmp &= ~(WPI_MASTER_DISABLED | WPI_STOP_MASTER | WPI_NEVO_RESET); 3279 WPI_WRITE(sc, WPI_RESET, tmp); 3280 3281 /* ..and wait at most one second for adapter to initialize */ 3282 clk = ddi_get_lbolt() + drv_usectohz(2000000); 3283 while (!(sc->sc_flags & WPI_F_FW_INIT)) { 3284 if (cv_timedwait(&sc->sc_fw_cv, &sc->sc_glock, clk) < 0) 3285 break; 3286 } 3287 if (!(sc->sc_flags & WPI_F_FW_INIT)) { 3288 cmn_err(CE_WARN, 3289 "wpi_init(): timeout waiting for firmware init\n"); 3290 goto fail1; 3291 } 3292 3293 /* wait for thermal sensors to calibrate */ 3294 for (ntries = 0; ntries < 1000; ntries++) { 3295 if (WPI_READ(sc, WPI_TEMPERATURE) != 0) 3296 break; 3297 DELAY(10); 3298 } 3299 3300 if (ntries == 1000) { 3301 WPI_DBG((WPI_DEBUG_HW, 3302 "wpi_init(): timeout waiting for thermal sensors " 3303 "calibration\n")); 3304 } 3305 3306 WPI_DBG((WPI_DEBUG_HW, "temperature %d\n", 3307 (int)WPI_READ(sc, WPI_TEMPERATURE))); 3308 3309 err = wpi_config(sc); 3310 if (err) { 3311 cmn_err(CE_WARN, "wpi_init(): failed to configure device\n"); 3312 goto fail1; 3313 } 3314 3315 mutex_exit(&sc->sc_glock); 3316 return (WPI_SUCCESS); 3317 3318 fail1: 3319 err = WPI_FAIL; 3320 mutex_exit(&sc->sc_glock); 3321 return (err); 3322 } 3323 3324 /* 3325 * quiesce(9E) entry point. 3326 * This function is called when the system is single-threaded at high 3327 * PIL with preemption disabled. Therefore, this function must not be 3328 * blocked. 3329 * This function returns DDI_SUCCESS on success, or DDI_FAILURE on failure. 3330 * DDI_FAILURE indicates an error condition and should almost never happen. 3331 */ 3332 static int 3333 wpi_quiesce(dev_info_t *dip) 3334 { 3335 wpi_sc_t *sc; 3336 3337 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 3338 if (sc == NULL) 3339 return (DDI_FAILURE); 3340 3341 #ifdef DEBUG 3342 /* by pass any messages, if it's quiesce */ 3343 wpi_dbg_flags = 0; 3344 #endif 3345 3346 /* 3347 * No more blocking is allowed while we are in the 3348 * quiesce(9E) entry point. 3349 */ 3350 sc->sc_flags |= WPI_F_QUIESCED; 3351 3352 /* 3353 * Disable and mask all interrupts. 3354 */ 3355 wpi_stop(sc); 3356 return (DDI_SUCCESS); 3357 } 3358 3359 static void 3360 wpi_stop(wpi_sc_t *sc) 3361 { 3362 uint32_t tmp; 3363 int ac; 3364 3365 /* no mutex operation, if it's quiesced */ 3366 if (!(sc->sc_flags & WPI_F_QUIESCED)) 3367 mutex_enter(&sc->sc_glock); 3368 3369 /* disable interrupts */ 3370 WPI_WRITE(sc, WPI_MASK, 0); 3371 WPI_WRITE(sc, WPI_INTR, WPI_INTR_MASK); 3372 WPI_WRITE(sc, WPI_INTR_STATUS, 0xff); 3373 WPI_WRITE(sc, WPI_INTR_STATUS, 0x00070000); 3374 3375 wpi_mem_lock(sc); 3376 wpi_mem_write(sc, WPI_MEM_MODE, 0); 3377 wpi_mem_unlock(sc); 3378 3379 /* reset all Tx rings */ 3380 for (ac = 0; ac < 4; ac++) 3381 wpi_reset_tx_ring(sc, &sc->sc_txq[ac]); 3382 wpi_reset_tx_ring(sc, &sc->sc_cmdq); 3383 wpi_reset_tx_ring(sc, &sc->sc_svcq); 3384 3385 /* reset Rx ring */ 3386 wpi_reset_rx_ring(sc); 3387 3388 wpi_mem_lock(sc); 3389 wpi_mem_write(sc, WPI_MEM_CLOCK2, 0x200); 3390 wpi_mem_unlock(sc); 3391 3392 DELAY(5); 3393 3394 wpi_stop_master(sc); 3395 3396 sc->sc_tx_timer = 0; 3397 sc->sc_flags &= ~WPI_F_SCANNING; 3398 sc->sc_scan_pending = 0; 3399 sc->sc_scan_next = 0; 3400 3401 tmp = WPI_READ(sc, WPI_RESET); 3402 WPI_WRITE(sc, WPI_RESET, tmp | WPI_SW_RESET); 3403 3404 /* no mutex operation, if it's quiesced */ 3405 if (!(sc->sc_flags & WPI_F_QUIESCED)) 3406 mutex_exit(&sc->sc_glock); 3407 } 3408 3409 /* 3410 * Naive implementation of the Adaptive Multi Rate Retry algorithm: 3411 * "IEEE 802.11 Rate Adaptation: A Practical Approach" 3412 * Mathieu Lacage, Hossein Manshaei, Thierry Turletti 3413 * INRIA Sophia - Projet Planete 3414 * http://www-sop.inria.fr/rapports/sophia/RR-5208.html 3415 */ 3416 #define is_success(amrr) \ 3417 ((amrr)->retrycnt < (amrr)->txcnt / 10) 3418 #define is_failure(amrr) \ 3419 ((amrr)->retrycnt > (amrr)->txcnt / 3) 3420 #define is_enough(amrr) \ 3421 ((amrr)->txcnt > 100) 3422 #define is_min_rate(in) \ 3423 ((in)->in_txrate == 0) 3424 #define is_max_rate(in) \ 3425 ((in)->in_txrate == (in)->in_rates.ir_nrates - 1) 3426 #define increase_rate(in) \ 3427 ((in)->in_txrate++) 3428 #define decrease_rate(in) \ 3429 ((in)->in_txrate--) 3430 #define reset_cnt(amrr) \ 3431 { (amrr)->txcnt = (amrr)->retrycnt = 0; } 3432 3433 #define WPI_AMRR_MIN_SUCCESS_THRESHOLD 1 3434 #define WPI_AMRR_MAX_SUCCESS_THRESHOLD 15 3435 3436 static void 3437 wpi_amrr_init(wpi_amrr_t *amrr) 3438 { 3439 amrr->success = 0; 3440 amrr->recovery = 0; 3441 amrr->txcnt = amrr->retrycnt = 0; 3442 amrr->success_threshold = WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3443 } 3444 3445 static void 3446 wpi_amrr_timeout(wpi_sc_t *sc) 3447 { 3448 ieee80211com_t *ic = &sc->sc_ic; 3449 3450 WPI_DBG((WPI_DEBUG_RATECTL, "wpi_amrr_timeout() enter\n")); 3451 if (ic->ic_opmode == IEEE80211_M_STA) 3452 wpi_amrr_ratectl(NULL, ic->ic_bss); 3453 else 3454 ieee80211_iterate_nodes(&ic->ic_sta, wpi_amrr_ratectl, NULL); 3455 sc->sc_clk = ddi_get_lbolt(); 3456 } 3457 3458 /* ARGSUSED */ 3459 static void 3460 wpi_amrr_ratectl(void *arg, ieee80211_node_t *in) 3461 { 3462 wpi_amrr_t *amrr = (wpi_amrr_t *)in; 3463 int need_change = 0; 3464 3465 if (is_success(amrr) && is_enough(amrr)) { 3466 amrr->success++; 3467 if (amrr->success >= amrr->success_threshold && 3468 !is_max_rate(in)) { 3469 amrr->recovery = 1; 3470 amrr->success = 0; 3471 increase_rate(in); 3472 WPI_DBG((WPI_DEBUG_RATECTL, 3473 "AMRR increasing rate %d (txcnt=%d retrycnt=%d)\n", 3474 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3475 need_change = 1; 3476 } else { 3477 amrr->recovery = 0; 3478 } 3479 } else if (is_failure(amrr)) { 3480 amrr->success = 0; 3481 if (!is_min_rate(in)) { 3482 if (amrr->recovery) { 3483 amrr->success_threshold++; 3484 if (amrr->success_threshold > 3485 WPI_AMRR_MAX_SUCCESS_THRESHOLD) 3486 amrr->success_threshold = 3487 WPI_AMRR_MAX_SUCCESS_THRESHOLD; 3488 } else { 3489 amrr->success_threshold = 3490 WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3491 } 3492 decrease_rate(in); 3493 WPI_DBG((WPI_DEBUG_RATECTL, 3494 "AMRR decreasing rate %d (txcnt=%d retrycnt=%d)\n", 3495 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3496 need_change = 1; 3497 } 3498 amrr->recovery = 0; /* paper is incorrect */ 3499 } 3500 3501 if (is_enough(amrr) || need_change) 3502 reset_cnt(amrr); 3503 } 3504