1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright (c) 2006 8 * Damien Bergamini <damien.bergamini@free.fr> 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 */ 22 23 /* 24 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/byteorder.h> 29 #include <sys/conf.h> 30 #include <sys/cmn_err.h> 31 #include <sys/stat.h> 32 #include <sys/ddi.h> 33 #include <sys/sunddi.h> 34 #include <sys/strsubr.h> 35 #include <sys/ethernet.h> 36 #include <inet/common.h> 37 #include <inet/nd.h> 38 #include <inet/mi.h> 39 #include <sys/note.h> 40 #include <sys/stream.h> 41 #include <sys/strsun.h> 42 #include <sys/modctl.h> 43 #include <sys/devops.h> 44 #include <sys/dlpi.h> 45 #include <sys/mac.h> 46 #include <sys/mac_wifi.h> 47 #include <sys/net80211.h> 48 #include <sys/net80211_proto.h> 49 #include <sys/varargs.h> 50 #include <sys/policy.h> 51 #include <sys/pci.h> 52 53 #include "wpireg.h" 54 #include "wpivar.h" 55 #include <inet/wifi_ioctl.h> 56 57 #ifdef DEBUG 58 #define WPI_DEBUG_80211 (1 << 0) 59 #define WPI_DEBUG_CMD (1 << 1) 60 #define WPI_DEBUG_DMA (1 << 2) 61 #define WPI_DEBUG_EEPROM (1 << 3) 62 #define WPI_DEBUG_FW (1 << 4) 63 #define WPI_DEBUG_HW (1 << 5) 64 #define WPI_DEBUG_INTR (1 << 6) 65 #define WPI_DEBUG_MRR (1 << 7) 66 #define WPI_DEBUG_PIO (1 << 8) 67 #define WPI_DEBUG_RX (1 << 9) 68 #define WPI_DEBUG_SCAN (1 << 10) 69 #define WPI_DEBUG_TX (1 << 11) 70 #define WPI_DEBUG_RATECTL (1 << 12) 71 #define WPI_DEBUG_RADIO (1 << 13) 72 #define WPI_DEBUG_RESUME (1 << 14) 73 uint32_t wpi_dbg_flags = 0; 74 #define WPI_DBG(x) \ 75 wpi_dbg x 76 #else 77 #define WPI_DBG(x) 78 #endif 79 80 static void *wpi_soft_state_p = NULL; 81 static uint8_t wpi_fw_bin [] = { 82 #include "fw-wpi/ipw3945.ucode.hex" 83 }; 84 85 /* DMA attributes for a shared page */ 86 static ddi_dma_attr_t sh_dma_attr = { 87 DMA_ATTR_V0, /* version of this structure */ 88 0, /* lowest usable address */ 89 0xffffffffU, /* highest usable address */ 90 0xffffffffU, /* maximum DMAable byte count */ 91 0x1000, /* alignment in bytes */ 92 0x1000, /* burst sizes (any?) */ 93 1, /* minimum transfer */ 94 0xffffffffU, /* maximum transfer */ 95 0xffffffffU, /* maximum segment length */ 96 1, /* maximum number of segments */ 97 1, /* granularity */ 98 0, /* flags (reserved) */ 99 }; 100 101 /* DMA attributes for a ring descriptor */ 102 static ddi_dma_attr_t ring_desc_dma_attr = { 103 DMA_ATTR_V0, /* version of this structure */ 104 0, /* lowest usable address */ 105 0xffffffffU, /* highest usable address */ 106 0xffffffffU, /* maximum DMAable byte count */ 107 0x4000, /* alignment in bytes */ 108 0x100, /* burst sizes (any?) */ 109 1, /* minimum transfer */ 110 0xffffffffU, /* maximum transfer */ 111 0xffffffffU, /* maximum segment length */ 112 1, /* maximum number of segments */ 113 1, /* granularity */ 114 0, /* flags (reserved) */ 115 }; 116 117 118 /* DMA attributes for a tx cmd */ 119 static ddi_dma_attr_t tx_cmd_dma_attr = { 120 DMA_ATTR_V0, /* version of this structure */ 121 0, /* lowest usable address */ 122 0xffffffffU, /* highest usable address */ 123 0xffffffffU, /* maximum DMAable byte count */ 124 4, /* alignment in bytes */ 125 0x100, /* burst sizes (any?) */ 126 1, /* minimum transfer */ 127 0xffffffffU, /* maximum transfer */ 128 0xffffffffU, /* maximum segment length */ 129 1, /* maximum number of segments */ 130 1, /* granularity */ 131 0, /* flags (reserved) */ 132 }; 133 134 /* DMA attributes for a rx buffer */ 135 static ddi_dma_attr_t rx_buffer_dma_attr = { 136 DMA_ATTR_V0, /* version of this structure */ 137 0, /* lowest usable address */ 138 0xffffffffU, /* highest usable address */ 139 0xffffffffU, /* maximum DMAable byte count */ 140 1, /* alignment in bytes */ 141 0x100, /* burst sizes (any?) */ 142 1, /* minimum transfer */ 143 0xffffffffU, /* maximum transfer */ 144 0xffffffffU, /* maximum segment length */ 145 1, /* maximum number of segments */ 146 1, /* granularity */ 147 0, /* flags (reserved) */ 148 }; 149 150 /* 151 * DMA attributes for a tx buffer. 152 * the maximum number of segments is 4 for the hardware. 153 * now all the wifi drivers put the whole frame in a single 154 * descriptor, so we define the maximum number of segments 4, 155 * just the same as the rx_buffer. we consider leverage the HW 156 * ability in the future, that is why we don't define rx and tx 157 * buffer_dma_attr as the same. 158 */ 159 static ddi_dma_attr_t tx_buffer_dma_attr = { 160 DMA_ATTR_V0, /* version of this structure */ 161 0, /* lowest usable address */ 162 0xffffffffU, /* highest usable address */ 163 0xffffffffU, /* maximum DMAable byte count */ 164 1, /* alignment in bytes */ 165 0x100, /* burst sizes (any?) */ 166 1, /* minimum transfer */ 167 0xffffffffU, /* maximum transfer */ 168 0xffffffffU, /* maximum segment length */ 169 1, /* maximum number of segments */ 170 1, /* granularity */ 171 0, /* flags (reserved) */ 172 }; 173 174 /* DMA attributes for a load firmware */ 175 static ddi_dma_attr_t fw_buffer_dma_attr = { 176 DMA_ATTR_V0, /* version of this structure */ 177 0, /* lowest usable address */ 178 0xffffffffU, /* highest usable address */ 179 0x7fffffff, /* maximum DMAable byte count */ 180 4, /* alignment in bytes */ 181 0x100, /* burst sizes (any?) */ 182 1, /* minimum transfer */ 183 0xffffffffU, /* maximum transfer */ 184 0xffffffffU, /* maximum segment length */ 185 4, /* maximum number of segments */ 186 1, /* granularity */ 187 0, /* flags (reserved) */ 188 }; 189 190 /* regs access attributes */ 191 static ddi_device_acc_attr_t wpi_reg_accattr = { 192 DDI_DEVICE_ATTR_V0, 193 DDI_STRUCTURE_LE_ACC, 194 DDI_STRICTORDER_ACC, 195 DDI_DEFAULT_ACC 196 }; 197 198 /* DMA access attributes */ 199 static ddi_device_acc_attr_t wpi_dma_accattr = { 200 DDI_DEVICE_ATTR_V0, 201 DDI_NEVERSWAP_ACC, 202 DDI_STRICTORDER_ACC, 203 DDI_DEFAULT_ACC 204 }; 205 206 static int wpi_ring_init(wpi_sc_t *); 207 static void wpi_ring_free(wpi_sc_t *); 208 static int wpi_alloc_shared(wpi_sc_t *); 209 static void wpi_free_shared(wpi_sc_t *); 210 static int wpi_alloc_fw_dma(wpi_sc_t *); 211 static void wpi_free_fw_dma(wpi_sc_t *); 212 static int wpi_alloc_rx_ring(wpi_sc_t *); 213 static void wpi_reset_rx_ring(wpi_sc_t *); 214 static void wpi_free_rx_ring(wpi_sc_t *); 215 static int wpi_alloc_tx_ring(wpi_sc_t *, wpi_tx_ring_t *, int, int); 216 static void wpi_reset_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 217 static void wpi_free_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 218 219 static ieee80211_node_t *wpi_node_alloc(ieee80211com_t *); 220 static void wpi_node_free(ieee80211_node_t *); 221 static int wpi_newstate(ieee80211com_t *, enum ieee80211_state, int); 222 static int wpi_key_set(ieee80211com_t *, const struct ieee80211_key *, 223 const uint8_t mac[IEEE80211_ADDR_LEN]); 224 static void wpi_mem_lock(wpi_sc_t *); 225 static void wpi_mem_unlock(wpi_sc_t *); 226 static uint32_t wpi_mem_read(wpi_sc_t *, uint16_t); 227 static void wpi_mem_write(wpi_sc_t *, uint16_t, uint32_t); 228 static void wpi_mem_write_region_4(wpi_sc_t *, uint16_t, 229 const uint32_t *, int); 230 static uint16_t wpi_read_prom_word(wpi_sc_t *, uint32_t); 231 static int wpi_load_microcode(wpi_sc_t *); 232 static int wpi_load_firmware(wpi_sc_t *, uint32_t); 233 static void wpi_rx_intr(wpi_sc_t *, wpi_rx_desc_t *, 234 wpi_rx_data_t *); 235 static void wpi_tx_intr(wpi_sc_t *, wpi_rx_desc_t *, 236 wpi_rx_data_t *); 237 static void wpi_cmd_intr(wpi_sc_t *, wpi_rx_desc_t *); 238 static uint_t wpi_intr(caddr_t); 239 static uint_t wpi_notif_softintr(caddr_t); 240 static uint8_t wpi_plcp_signal(int); 241 static void wpi_read_eeprom(wpi_sc_t *); 242 static int wpi_cmd(wpi_sc_t *, int, const void *, int, int); 243 static int wpi_mrr_setup(wpi_sc_t *); 244 static void wpi_set_led(wpi_sc_t *, uint8_t, uint8_t, uint8_t); 245 static int wpi_auth(wpi_sc_t *); 246 static int wpi_scan(wpi_sc_t *); 247 static int wpi_config(wpi_sc_t *); 248 static void wpi_stop_master(wpi_sc_t *); 249 static int wpi_power_up(wpi_sc_t *); 250 static int wpi_reset(wpi_sc_t *); 251 static void wpi_hw_config(wpi_sc_t *); 252 static int wpi_init(wpi_sc_t *); 253 static void wpi_stop(wpi_sc_t *); 254 static void wpi_amrr_init(wpi_amrr_t *); 255 static void wpi_amrr_timeout(wpi_sc_t *); 256 static void wpi_amrr_ratectl(void *, ieee80211_node_t *); 257 258 static int wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd); 259 static int wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd); 260 261 /* 262 * GLD specific operations 263 */ 264 static int wpi_m_stat(void *arg, uint_t stat, uint64_t *val); 265 static int wpi_m_start(void *arg); 266 static void wpi_m_stop(void *arg); 267 static int wpi_m_unicst(void *arg, const uint8_t *macaddr); 268 static int wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m); 269 static int wpi_m_promisc(void *arg, boolean_t on); 270 static mblk_t *wpi_m_tx(void *arg, mblk_t *mp); 271 static void wpi_m_ioctl(void *arg, queue_t *wq, mblk_t *mp); 272 273 static void wpi_destroy_locks(wpi_sc_t *sc); 274 static int wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type); 275 static void wpi_thread(wpi_sc_t *sc); 276 277 /* 278 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 279 */ 280 static const struct ieee80211_rateset wpi_rateset_11b = 281 { 4, { 2, 4, 11, 22 } }; 282 283 static const struct ieee80211_rateset wpi_rateset_11g = 284 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 285 286 static const uint8_t wpi_ridx_to_signal[] = { 287 /* OFDM: IEEE Std 802.11a-1999, pp. 14 Table 80 */ 288 /* R1-R4 (ral/ural is R4-R1) */ 289 0xd, 0xf, 0x5, 0x7, 0x9, 0xb, 0x1, 0x3, 290 /* CCK: device-dependent */ 291 10, 20, 55, 110 292 }; 293 294 /* 295 * For mfthread only 296 */ 297 extern pri_t minclsyspri; 298 299 /* 300 * Module Loading Data & Entry Points 301 */ 302 DDI_DEFINE_STREAM_OPS(wpi_devops, nulldev, nulldev, wpi_attach, 303 wpi_detach, nodev, NULL, D_MP, NULL); 304 305 static struct modldrv wpi_modldrv = { 306 &mod_driverops, 307 "Intel(R) PRO/Wireless 3945ABG driver", 308 &wpi_devops 309 }; 310 311 static struct modlinkage wpi_modlinkage = { 312 MODREV_1, 313 &wpi_modldrv, 314 NULL 315 }; 316 317 int 318 _init(void) 319 { 320 int status; 321 322 status = ddi_soft_state_init(&wpi_soft_state_p, 323 sizeof (wpi_sc_t), 1); 324 if (status != DDI_SUCCESS) 325 return (status); 326 327 mac_init_ops(&wpi_devops, "wpi"); 328 status = mod_install(&wpi_modlinkage); 329 if (status != DDI_SUCCESS) { 330 mac_fini_ops(&wpi_devops); 331 ddi_soft_state_fini(&wpi_soft_state_p); 332 } 333 334 return (status); 335 } 336 337 int 338 _fini(void) 339 { 340 int status; 341 342 status = mod_remove(&wpi_modlinkage); 343 if (status == DDI_SUCCESS) { 344 mac_fini_ops(&wpi_devops); 345 ddi_soft_state_fini(&wpi_soft_state_p); 346 } 347 348 return (status); 349 } 350 351 int 352 _info(struct modinfo *mip) 353 { 354 return (mod_info(&wpi_modlinkage, mip)); 355 } 356 357 /* 358 * Mac Call Back entries 359 */ 360 mac_callbacks_t wpi_m_callbacks = { 361 MC_IOCTL, 362 wpi_m_stat, 363 wpi_m_start, 364 wpi_m_stop, 365 wpi_m_promisc, 366 wpi_m_multicst, 367 wpi_m_unicst, 368 wpi_m_tx, 369 NULL, 370 wpi_m_ioctl 371 }; 372 373 #ifdef DEBUG 374 void 375 wpi_dbg(uint32_t flags, const char *fmt, ...) 376 { 377 va_list ap; 378 379 if (flags & wpi_dbg_flags) { 380 va_start(ap, fmt); 381 vcmn_err(CE_NOTE, fmt, ap); 382 va_end(ap); 383 } 384 } 385 #endif 386 /* 387 * device operations 388 */ 389 int 390 wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 391 { 392 wpi_sc_t *sc; 393 ddi_acc_handle_t cfg_handle; 394 caddr_t cfg_base; 395 ieee80211com_t *ic; 396 int instance, err, i; 397 char strbuf[32]; 398 wifi_data_t wd = { 0 }; 399 mac_register_t *macp; 400 401 switch (cmd) { 402 case DDI_ATTACH: 403 break; 404 case DDI_RESUME: 405 sc = ddi_get_soft_state(wpi_soft_state_p, 406 ddi_get_instance(dip)); 407 ASSERT(sc != NULL); 408 mutex_enter(&sc->sc_glock); 409 sc->sc_flags &= ~WPI_F_SUSPEND; 410 mutex_exit(&sc->sc_glock); 411 if (sc->sc_flags & WPI_F_RUNNING) { 412 (void) wpi_init(sc); 413 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 414 } 415 WPI_DBG((WPI_DEBUG_RESUME, "wpi: resume \n")); 416 return (DDI_SUCCESS); 417 default: 418 err = DDI_FAILURE; 419 goto attach_fail1; 420 } 421 422 instance = ddi_get_instance(dip); 423 err = ddi_soft_state_zalloc(wpi_soft_state_p, instance); 424 if (err != DDI_SUCCESS) { 425 cmn_err(CE_WARN, 426 "wpi_attach(): failed to allocate soft state\n"); 427 goto attach_fail1; 428 } 429 sc = ddi_get_soft_state(wpi_soft_state_p, instance); 430 sc->sc_dip = dip; 431 432 err = ddi_regs_map_setup(dip, 0, &cfg_base, 0, 0, 433 &wpi_reg_accattr, &cfg_handle); 434 if (err != DDI_SUCCESS) { 435 cmn_err(CE_WARN, 436 "wpi_attach(): failed to map config spaces regs\n"); 437 goto attach_fail2; 438 } 439 sc->sc_rev = ddi_get8(cfg_handle, 440 (uint8_t *)(cfg_base + PCI_CONF_REVID)); 441 ddi_put8(cfg_handle, (uint8_t *)(cfg_base + 0x41), 0); 442 sc->sc_clsz = ddi_get16(cfg_handle, 443 (uint16_t *)(cfg_base + PCI_CONF_CACHE_LINESZ)); 444 ddi_regs_map_free(&cfg_handle); 445 if (!sc->sc_clsz) 446 sc->sc_clsz = 16; 447 sc->sc_clsz = (sc->sc_clsz << 2); 448 sc->sc_dmabuf_sz = roundup(0x1000 + sizeof (struct ieee80211_frame) + 449 IEEE80211_MTU + IEEE80211_CRC_LEN + 450 (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + 451 IEEE80211_WEP_CRCLEN), sc->sc_clsz); 452 /* 453 * Map operating registers 454 */ 455 err = ddi_regs_map_setup(dip, 1, &sc->sc_base, 456 0, 0, &wpi_reg_accattr, &sc->sc_handle); 457 if (err != DDI_SUCCESS) { 458 cmn_err(CE_WARN, 459 "wpi_attach(): failed to map device regs\n"); 460 goto attach_fail2; 461 } 462 463 /* 464 * Allocate shared page. 465 */ 466 err = wpi_alloc_shared(sc); 467 if (err != DDI_SUCCESS) { 468 cmn_err(CE_WARN, "failed to allocate shared page\n"); 469 goto attach_fail3; 470 } 471 472 /* 473 * Get the hw conf, including MAC address, then init all rings. 474 */ 475 wpi_read_eeprom(sc); 476 err = wpi_ring_init(sc); 477 if (err != DDI_SUCCESS) { 478 cmn_err(CE_WARN, "wpi_attach(): " 479 "failed to allocate and initialize ring\n"); 480 goto attach_fail4; 481 } 482 483 sc->sc_hdr = (const wpi_firmware_hdr_t *)wpi_fw_bin; 484 485 /* firmware image layout: |HDR|<--TEXT-->|<--DATA-->|<--BOOT-->| */ 486 sc->sc_text = (const char *)(sc->sc_hdr + 1); 487 sc->sc_data = sc->sc_text + LE_32(sc->sc_hdr->textsz); 488 sc->sc_boot = sc->sc_data + LE_32(sc->sc_hdr->datasz); 489 err = wpi_alloc_fw_dma(sc); 490 if (err != DDI_SUCCESS) { 491 cmn_err(CE_WARN, "wpi_attach(): " 492 "failed to allocate firmware dma\n"); 493 goto attach_fail5; 494 } 495 496 /* 497 * Initialize mutexs and condvars 498 */ 499 err = ddi_get_iblock_cookie(dip, 0, &sc->sc_iblk); 500 if (err != DDI_SUCCESS) { 501 cmn_err(CE_WARN, 502 "wpi_attach(): failed to do ddi_get_iblock_cookie()\n"); 503 goto attach_fail6; 504 } 505 mutex_init(&sc->sc_glock, NULL, MUTEX_DRIVER, sc->sc_iblk); 506 mutex_init(&sc->sc_tx_lock, NULL, MUTEX_DRIVER, sc->sc_iblk); 507 cv_init(&sc->sc_fw_cv, NULL, CV_DRIVER, NULL); 508 cv_init(&sc->sc_cmd_cv, NULL, CV_DRIVER, NULL); 509 cv_init(&sc->sc_tx_cv, "tx-ring", CV_DRIVER, NULL); 510 /* 511 * initialize the mfthread 512 */ 513 mutex_init(&sc->sc_mt_lock, NULL, MUTEX_DRIVER, 514 (void *) sc->sc_iblk); 515 cv_init(&sc->sc_mt_cv, NULL, CV_DRIVER, NULL); 516 sc->sc_mf_thread = NULL; 517 sc->sc_mf_thread_switch = 0; 518 /* 519 * Initialize the wifi part, which will be used by 520 * generic layer 521 */ 522 ic = &sc->sc_ic; 523 ic->ic_phytype = IEEE80211_T_OFDM; 524 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 525 ic->ic_state = IEEE80211_S_INIT; 526 ic->ic_maxrssi = 70; /* experimental number */ 527 ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_TXPMGT | 528 IEEE80211_C_PMGT | IEEE80211_C_SHSLOT; 529 530 /* 531 * use software WEP and TKIP, hardware CCMP; 532 */ 533 ic->ic_caps |= IEEE80211_C_AES_CCM; 534 ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */ 535 536 /* set supported .11b and .11g rates */ 537 ic->ic_sup_rates[IEEE80211_MODE_11B] = wpi_rateset_11b; 538 ic->ic_sup_rates[IEEE80211_MODE_11G] = wpi_rateset_11g; 539 540 /* set supported .11b and .11g channels (1 through 14) */ 541 for (i = 1; i <= 14; i++) { 542 ic->ic_sup_channels[i].ich_freq = 543 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 544 ic->ic_sup_channels[i].ich_flags = 545 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 546 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 547 } 548 ic->ic_ibss_chan = &ic->ic_sup_channels[0]; 549 ic->ic_xmit = wpi_send; 550 /* 551 * init Wifi layer 552 */ 553 ieee80211_attach(ic); 554 555 /* register WPA door */ 556 ieee80211_register_door(ic, ddi_driver_name(dip), 557 ddi_get_instance(dip)); 558 559 /* 560 * Override 80211 default routines 561 */ 562 sc->sc_newstate = ic->ic_newstate; 563 ic->ic_newstate = wpi_newstate; 564 ic->ic_node_alloc = wpi_node_alloc; 565 ic->ic_node_free = wpi_node_free; 566 ic->ic_crypto.cs_key_set = wpi_key_set; 567 ieee80211_media_init(ic); 568 /* 569 * initialize default tx key 570 */ 571 ic->ic_def_txkey = 0; 572 573 err = ddi_add_softintr(dip, DDI_SOFTINT_LOW, 574 &sc->sc_notif_softint_id, &sc->sc_iblk, NULL, wpi_notif_softintr, 575 (caddr_t)sc); 576 if (err != DDI_SUCCESS) { 577 cmn_err(CE_WARN, 578 "wpi_attach(): failed to do ddi_add_softintr()\n"); 579 goto attach_fail7; 580 } 581 582 /* 583 * Add the interrupt handler 584 */ 585 err = ddi_add_intr(dip, 0, &sc->sc_iblk, NULL, 586 wpi_intr, (caddr_t)sc); 587 if (err != DDI_SUCCESS) { 588 cmn_err(CE_WARN, 589 "wpi_attach(): failed to do ddi_add_intr()\n"); 590 goto attach_fail8; 591 } 592 593 /* 594 * Initialize pointer to device specific functions 595 */ 596 wd.wd_secalloc = WIFI_SEC_NONE; 597 wd.wd_opmode = ic->ic_opmode; 598 IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_macaddr); 599 600 macp = mac_alloc(MAC_VERSION); 601 if (err != DDI_SUCCESS) { 602 cmn_err(CE_WARN, 603 "wpi_attach(): failed to do mac_alloc()\n"); 604 goto attach_fail9; 605 } 606 607 macp->m_type_ident = MAC_PLUGIN_IDENT_WIFI; 608 macp->m_driver = sc; 609 macp->m_dip = dip; 610 macp->m_src_addr = ic->ic_macaddr; 611 macp->m_callbacks = &wpi_m_callbacks; 612 macp->m_min_sdu = 0; 613 macp->m_max_sdu = IEEE80211_MTU; 614 macp->m_pdata = &wd; 615 macp->m_pdata_size = sizeof (wd); 616 617 /* 618 * Register the macp to mac 619 */ 620 err = mac_register(macp, &ic->ic_mach); 621 mac_free(macp); 622 if (err != DDI_SUCCESS) { 623 cmn_err(CE_WARN, 624 "wpi_attach(): failed to do mac_register()\n"); 625 goto attach_fail9; 626 } 627 628 /* 629 * Create minor node of type DDI_NT_NET_WIFI 630 */ 631 (void) snprintf(strbuf, sizeof (strbuf), "wpi%d", instance); 632 err = ddi_create_minor_node(dip, strbuf, S_IFCHR, 633 instance + 1, DDI_NT_NET_WIFI, 0); 634 if (err != DDI_SUCCESS) 635 cmn_err(CE_WARN, 636 "wpi_attach(): failed to do ddi_create_minor_node()\n"); 637 638 /* 639 * Notify link is down now 640 */ 641 mac_link_update(ic->ic_mach, LINK_STATE_DOWN); 642 643 /* 644 * create the mf thread to handle the link status, 645 * recovery fatal error, etc. 646 */ 647 648 sc->sc_mf_thread_switch = 1; 649 if (sc->sc_mf_thread == NULL) 650 sc->sc_mf_thread = thread_create((caddr_t)NULL, 0, 651 wpi_thread, sc, 0, &p0, TS_RUN, minclsyspri); 652 653 sc->sc_flags |= WPI_F_ATTACHED; 654 655 return (DDI_SUCCESS); 656 attach_fail9: 657 ddi_remove_intr(dip, 0, sc->sc_iblk); 658 attach_fail8: 659 ddi_remove_softintr(sc->sc_notif_softint_id); 660 sc->sc_notif_softint_id = NULL; 661 attach_fail7: 662 ieee80211_detach(ic); 663 wpi_destroy_locks(sc); 664 attach_fail6: 665 wpi_free_fw_dma(sc); 666 attach_fail5: 667 wpi_ring_free(sc); 668 attach_fail4: 669 wpi_free_shared(sc); 670 attach_fail3: 671 ddi_regs_map_free(&sc->sc_handle); 672 attach_fail2: 673 ddi_soft_state_free(wpi_soft_state_p, instance); 674 attach_fail1: 675 return (err); 676 } 677 678 int 679 wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 680 { 681 wpi_sc_t *sc; 682 int err; 683 684 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 685 ASSERT(sc != NULL); 686 687 switch (cmd) { 688 case DDI_DETACH: 689 break; 690 case DDI_SUSPEND: 691 if (sc->sc_flags & WPI_F_RUNNING) { 692 wpi_stop(sc); 693 } 694 mutex_enter(&sc->sc_glock); 695 sc->sc_flags |= WPI_F_SUSPEND; 696 mutex_exit(&sc->sc_glock); 697 WPI_DBG((WPI_DEBUG_RESUME, "wpi: suspend \n")); 698 return (DDI_SUCCESS); 699 default: 700 return (DDI_FAILURE); 701 } 702 if (!(sc->sc_flags & WPI_F_ATTACHED)) 703 return (DDI_FAILURE); 704 705 err = mac_disable(sc->sc_ic.ic_mach); 706 if (err != DDI_SUCCESS) 707 return (err); 708 709 /* 710 * Destroy the mf_thread 711 */ 712 mutex_enter(&sc->sc_mt_lock); 713 sc->sc_mf_thread_switch = 0; 714 while (sc->sc_mf_thread != NULL) { 715 if (cv_wait_sig(&sc->sc_mt_cv, &sc->sc_mt_lock) == 0) 716 break; 717 } 718 mutex_exit(&sc->sc_mt_lock); 719 720 wpi_stop(sc); 721 722 /* 723 * Unregiste from the MAC layer subsystem 724 */ 725 (void) mac_unregister(sc->sc_ic.ic_mach); 726 727 mutex_enter(&sc->sc_glock); 728 wpi_free_fw_dma(sc); 729 wpi_ring_free(sc); 730 wpi_free_shared(sc); 731 mutex_exit(&sc->sc_glock); 732 733 ddi_remove_intr(dip, 0, sc->sc_iblk); 734 ddi_remove_softintr(sc->sc_notif_softint_id); 735 sc->sc_notif_softint_id = NULL; 736 737 /* 738 * detach ieee80211 739 */ 740 ieee80211_detach(&sc->sc_ic); 741 742 wpi_destroy_locks(sc); 743 744 ddi_regs_map_free(&sc->sc_handle); 745 ddi_remove_minor_node(dip, NULL); 746 ddi_soft_state_free(wpi_soft_state_p, ddi_get_instance(dip)); 747 748 return (DDI_SUCCESS); 749 } 750 751 static void 752 wpi_destroy_locks(wpi_sc_t *sc) 753 { 754 cv_destroy(&sc->sc_mt_cv); 755 mutex_destroy(&sc->sc_mt_lock); 756 cv_destroy(&sc->sc_tx_cv); 757 cv_destroy(&sc->sc_cmd_cv); 758 cv_destroy(&sc->sc_fw_cv); 759 mutex_destroy(&sc->sc_tx_lock); 760 mutex_destroy(&sc->sc_glock); 761 } 762 763 /* 764 * Allocate an area of memory and a DMA handle for accessing it 765 */ 766 static int 767 wpi_alloc_dma_mem(wpi_sc_t *sc, size_t memsize, ddi_dma_attr_t *dma_attr_p, 768 ddi_device_acc_attr_t *acc_attr_p, uint_t dma_flags, wpi_dma_t *dma_p) 769 { 770 caddr_t vaddr; 771 int err; 772 773 /* 774 * Allocate handle 775 */ 776 err = ddi_dma_alloc_handle(sc->sc_dip, dma_attr_p, 777 DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl); 778 if (err != DDI_SUCCESS) { 779 dma_p->dma_hdl = NULL; 780 return (DDI_FAILURE); 781 } 782 783 /* 784 * Allocate memory 785 */ 786 err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, acc_attr_p, 787 dma_flags & (DDI_DMA_CONSISTENT | DDI_DMA_STREAMING), 788 DDI_DMA_SLEEP, NULL, &vaddr, &dma_p->alength, &dma_p->acc_hdl); 789 if (err != DDI_SUCCESS) { 790 ddi_dma_free_handle(&dma_p->dma_hdl); 791 dma_p->dma_hdl = NULL; 792 dma_p->acc_hdl = NULL; 793 return (DDI_FAILURE); 794 } 795 796 /* 797 * Bind the two together 798 */ 799 dma_p->mem_va = vaddr; 800 err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL, 801 vaddr, dma_p->alength, dma_flags, DDI_DMA_SLEEP, NULL, 802 &dma_p->cookie, &dma_p->ncookies); 803 if (err != DDI_DMA_MAPPED) { 804 ddi_dma_mem_free(&dma_p->acc_hdl); 805 ddi_dma_free_handle(&dma_p->dma_hdl); 806 dma_p->acc_hdl = NULL; 807 dma_p->dma_hdl = NULL; 808 return (DDI_FAILURE); 809 } 810 811 dma_p->nslots = ~0U; 812 dma_p->size = ~0U; 813 dma_p->token = ~0U; 814 dma_p->offset = 0; 815 return (DDI_SUCCESS); 816 } 817 818 /* 819 * Free one allocated area of DMAable memory 820 */ 821 static void 822 wpi_free_dma_mem(wpi_dma_t *dma_p) 823 { 824 if (dma_p->dma_hdl != NULL) { 825 if (dma_p->ncookies) { 826 (void) ddi_dma_unbind_handle(dma_p->dma_hdl); 827 dma_p->ncookies = 0; 828 } 829 ddi_dma_free_handle(&dma_p->dma_hdl); 830 dma_p->dma_hdl = NULL; 831 } 832 833 if (dma_p->acc_hdl != NULL) { 834 ddi_dma_mem_free(&dma_p->acc_hdl); 835 dma_p->acc_hdl = NULL; 836 } 837 } 838 839 /* 840 * Allocate an area of dma memory for firmware load. 841 * Idealy, this allocation should be a one time action, that is, 842 * the memory will be freed after the firmware is uploaded to the 843 * card. but since a recovery mechanism for the fatal firmware need 844 * reload the firmware, and re-allocate dma at run time may be failed, 845 * so we allocate it at attach and keep it in the whole lifecycle of 846 * the driver. 847 */ 848 static int 849 wpi_alloc_fw_dma(wpi_sc_t *sc) 850 { 851 int i, err = DDI_SUCCESS; 852 wpi_dma_t *dma_p; 853 854 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->textsz), 855 &fw_buffer_dma_attr, &wpi_dma_accattr, 856 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 857 &sc->sc_dma_fw_text); 858 dma_p = &sc->sc_dma_fw_text; 859 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 860 dma_p->ncookies, dma_p->cookie.dmac_address, 861 dma_p->cookie.dmac_size)); 862 if (err != DDI_SUCCESS) { 863 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 864 "text dma memory"); 865 goto fail; 866 } 867 for (i = 0; i < dma_p->ncookies; i++) { 868 sc->sc_fw_text_cookie[i] = dma_p->cookie; 869 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 870 } 871 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz), 872 &fw_buffer_dma_attr, &wpi_dma_accattr, 873 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 874 &sc->sc_dma_fw_data); 875 dma_p = &sc->sc_dma_fw_data; 876 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 877 dma_p->ncookies, dma_p->cookie.dmac_address, 878 dma_p->cookie.dmac_size)); 879 if (err != DDI_SUCCESS) { 880 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 881 "data dma memory"); 882 goto fail; 883 } 884 for (i = 0; i < dma_p->ncookies; i++) { 885 sc->sc_fw_data_cookie[i] = dma_p->cookie; 886 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 887 } 888 fail: 889 return (err); 890 } 891 892 static void 893 wpi_free_fw_dma(wpi_sc_t *sc) 894 { 895 wpi_free_dma_mem(&sc->sc_dma_fw_text); 896 wpi_free_dma_mem(&sc->sc_dma_fw_data); 897 } 898 899 /* 900 * Allocate a shared page between host and NIC. 901 */ 902 static int 903 wpi_alloc_shared(wpi_sc_t *sc) 904 { 905 int err = DDI_SUCCESS; 906 907 /* must be aligned on a 4K-page boundary */ 908 err = wpi_alloc_dma_mem(sc, sizeof (wpi_shared_t), 909 &sh_dma_attr, &wpi_dma_accattr, 910 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 911 &sc->sc_dma_sh); 912 if (err != DDI_SUCCESS) 913 goto fail; 914 sc->sc_shared = (wpi_shared_t *)sc->sc_dma_sh.mem_va; 915 return (err); 916 917 fail: 918 wpi_free_shared(sc); 919 return (err); 920 } 921 922 static void 923 wpi_free_shared(wpi_sc_t *sc) 924 { 925 wpi_free_dma_mem(&sc->sc_dma_sh); 926 } 927 928 static int 929 wpi_alloc_rx_ring(wpi_sc_t *sc) 930 { 931 wpi_rx_ring_t *ring; 932 wpi_rx_data_t *data; 933 int i, err = DDI_SUCCESS; 934 935 ring = &sc->sc_rxq; 936 ring->cur = 0; 937 938 err = wpi_alloc_dma_mem(sc, WPI_RX_RING_COUNT * sizeof (uint32_t), 939 &ring_desc_dma_attr, &wpi_dma_accattr, 940 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 941 &ring->dma_desc); 942 if (err != DDI_SUCCESS) { 943 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring desc failed\n")); 944 goto fail; 945 } 946 ring->desc = (uint32_t *)ring->dma_desc.mem_va; 947 948 /* 949 * Allocate Rx buffers. 950 */ 951 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 952 data = &ring->data[i]; 953 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 954 &rx_buffer_dma_attr, &wpi_dma_accattr, 955 DDI_DMA_READ | DDI_DMA_STREAMING, 956 &data->dma_data); 957 if (err != DDI_SUCCESS) { 958 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring buf[%d] " 959 "failed\n", i)); 960 goto fail; 961 } 962 963 ring->desc[i] = LE_32(data->dma_data.cookie.dmac_address); 964 } 965 966 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 967 968 return (err); 969 970 fail: 971 wpi_free_rx_ring(sc); 972 return (err); 973 } 974 975 static void 976 wpi_reset_rx_ring(wpi_sc_t *sc) 977 { 978 int ntries; 979 980 wpi_mem_lock(sc); 981 982 WPI_WRITE(sc, WPI_RX_CONFIG, 0); 983 for (ntries = 0; ntries < 2000; ntries++) { 984 if (WPI_READ(sc, WPI_RX_STATUS) & WPI_RX_IDLE) 985 break; 986 DELAY(1000); 987 } 988 #ifdef DEBUG 989 if (ntries == 2000) 990 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Rx ring\n")); 991 #endif 992 wpi_mem_unlock(sc); 993 994 sc->sc_rxq.cur = 0; 995 } 996 997 static void 998 wpi_free_rx_ring(wpi_sc_t *sc) 999 { 1000 int i; 1001 1002 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1003 if (sc->sc_rxq.data[i].dma_data.dma_hdl) 1004 WPI_DMA_SYNC(sc->sc_rxq.data[i].dma_data, 1005 DDI_DMA_SYNC_FORCPU); 1006 wpi_free_dma_mem(&sc->sc_rxq.data[i].dma_data); 1007 } 1008 1009 if (sc->sc_rxq.dma_desc.dma_hdl) 1010 WPI_DMA_SYNC(sc->sc_rxq.dma_desc, DDI_DMA_SYNC_FORDEV); 1011 wpi_free_dma_mem(&sc->sc_rxq.dma_desc); 1012 } 1013 1014 static int 1015 wpi_alloc_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring, int count, int qid) 1016 { 1017 wpi_tx_data_t *data; 1018 wpi_tx_desc_t *desc_h; 1019 uint32_t paddr_desc_h; 1020 wpi_tx_cmd_t *cmd_h; 1021 uint32_t paddr_cmd_h; 1022 int i, err = DDI_SUCCESS; 1023 1024 ring->qid = qid; 1025 ring->count = count; 1026 ring->queued = 0; 1027 ring->cur = 0; 1028 1029 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_desc_t), 1030 &ring_desc_dma_attr, &wpi_dma_accattr, 1031 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1032 &ring->dma_desc); 1033 if (err != DDI_SUCCESS) { 1034 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring desc[%d] failed\n", 1035 qid)); 1036 goto fail; 1037 } 1038 1039 /* update shared page with ring's base address */ 1040 sc->sc_shared->txbase[qid] = ring->dma_desc.cookie.dmac_address; 1041 1042 desc_h = (wpi_tx_desc_t *)ring->dma_desc.mem_va; 1043 paddr_desc_h = ring->dma_desc.cookie.dmac_address; 1044 1045 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_cmd_t), 1046 &tx_cmd_dma_attr, &wpi_dma_accattr, 1047 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1048 &ring->dma_cmd); 1049 if (err != DDI_SUCCESS) { 1050 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring cmd[%d] failed\n", 1051 qid)); 1052 goto fail; 1053 } 1054 1055 cmd_h = (wpi_tx_cmd_t *)ring->dma_cmd.mem_va; 1056 paddr_cmd_h = ring->dma_cmd.cookie.dmac_address; 1057 1058 /* 1059 * Allocate Tx buffers. 1060 */ 1061 ring->data = kmem_zalloc(sizeof (wpi_tx_data_t) * count, KM_NOSLEEP); 1062 if (ring->data == NULL) { 1063 WPI_DBG((WPI_DEBUG_DMA, "could not allocate tx data slots\n")); 1064 goto fail; 1065 } 1066 1067 for (i = 0; i < count; i++) { 1068 data = &ring->data[i]; 1069 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 1070 &tx_buffer_dma_attr, &wpi_dma_accattr, 1071 DDI_DMA_WRITE | DDI_DMA_STREAMING, 1072 &data->dma_data); 1073 if (err != DDI_SUCCESS) { 1074 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring buf[%d] " 1075 "failed\n", i)); 1076 goto fail; 1077 } 1078 1079 data->desc = desc_h + i; 1080 data->paddr_desc = paddr_desc_h + 1081 ((uintptr_t)data->desc - (uintptr_t)desc_h); 1082 data->cmd = cmd_h + i; 1083 data->paddr_cmd = paddr_cmd_h + 1084 ((uintptr_t)data->cmd - (uintptr_t)cmd_h); 1085 } 1086 1087 return (err); 1088 1089 fail: 1090 if (ring->data) 1091 kmem_free(ring->data, sizeof (wpi_tx_data_t) * count); 1092 wpi_free_tx_ring(sc, ring); 1093 return (err); 1094 } 1095 1096 static void 1097 wpi_reset_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1098 { 1099 wpi_tx_data_t *data; 1100 int i, ntries; 1101 1102 wpi_mem_lock(sc); 1103 1104 WPI_WRITE(sc, WPI_TX_CONFIG(ring->qid), 0); 1105 for (ntries = 0; ntries < 100; ntries++) { 1106 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(ring->qid)) 1107 break; 1108 DELAY(10); 1109 } 1110 #ifdef DEBUG 1111 if (ntries == 100 && wpi_dbg_flags > 0) { 1112 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Tx ring %d\n", 1113 ring->qid)); 1114 } 1115 #endif 1116 wpi_mem_unlock(sc); 1117 1118 for (i = 0; i < ring->count; i++) { 1119 data = &ring->data[i]; 1120 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 1121 } 1122 1123 ring->queued = 0; 1124 ring->cur = 0; 1125 } 1126 1127 /*ARGSUSED*/ 1128 static void 1129 wpi_free_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1130 { 1131 int i; 1132 1133 if (ring->dma_desc.dma_hdl != NULL) 1134 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 1135 wpi_free_dma_mem(&ring->dma_desc); 1136 1137 if (ring->dma_cmd.dma_hdl != NULL) 1138 WPI_DMA_SYNC(ring->dma_cmd, DDI_DMA_SYNC_FORDEV); 1139 wpi_free_dma_mem(&ring->dma_cmd); 1140 1141 if (ring->data != NULL) { 1142 for (i = 0; i < ring->count; i++) { 1143 if (ring->data[i].dma_data.dma_hdl) 1144 WPI_DMA_SYNC(ring->data[i].dma_data, 1145 DDI_DMA_SYNC_FORDEV); 1146 wpi_free_dma_mem(&ring->data[i].dma_data); 1147 } 1148 kmem_free(ring->data, ring->count * sizeof (wpi_tx_data_t)); 1149 } 1150 } 1151 1152 static int 1153 wpi_ring_init(wpi_sc_t *sc) 1154 { 1155 int i, err = DDI_SUCCESS; 1156 1157 for (i = 0; i < 4; i++) { 1158 err = wpi_alloc_tx_ring(sc, &sc->sc_txq[i], WPI_TX_RING_COUNT, 1159 i); 1160 if (err != DDI_SUCCESS) 1161 goto fail; 1162 } 1163 err = wpi_alloc_tx_ring(sc, &sc->sc_cmdq, WPI_CMD_RING_COUNT, 4); 1164 if (err != DDI_SUCCESS) 1165 goto fail; 1166 err = wpi_alloc_tx_ring(sc, &sc->sc_svcq, WPI_SVC_RING_COUNT, 5); 1167 if (err != DDI_SUCCESS) 1168 goto fail; 1169 err = wpi_alloc_rx_ring(sc); 1170 if (err != DDI_SUCCESS) 1171 goto fail; 1172 return (err); 1173 1174 fail: 1175 return (err); 1176 } 1177 1178 static void 1179 wpi_ring_free(wpi_sc_t *sc) 1180 { 1181 int i = 4; 1182 1183 wpi_free_rx_ring(sc); 1184 wpi_free_tx_ring(sc, &sc->sc_svcq); 1185 wpi_free_tx_ring(sc, &sc->sc_cmdq); 1186 while (--i >= 0) { 1187 wpi_free_tx_ring(sc, &sc->sc_txq[i]); 1188 } 1189 } 1190 1191 /* ARGSUSED */ 1192 static ieee80211_node_t * 1193 wpi_node_alloc(ieee80211com_t *ic) 1194 { 1195 wpi_amrr_t *amrr; 1196 1197 amrr = kmem_zalloc(sizeof (wpi_amrr_t), KM_SLEEP); 1198 if (amrr != NULL) 1199 wpi_amrr_init(amrr); 1200 return (&amrr->in); 1201 } 1202 1203 static void 1204 wpi_node_free(ieee80211_node_t *in) 1205 { 1206 ieee80211com_t *ic = in->in_ic; 1207 1208 ic->ic_node_cleanup(in); 1209 if (in->in_wpa_ie != NULL) 1210 ieee80211_free(in->in_wpa_ie); 1211 kmem_free(in, sizeof (wpi_amrr_t)); 1212 } 1213 1214 /*ARGSUSED*/ 1215 static int 1216 wpi_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg) 1217 { 1218 wpi_sc_t *sc = (wpi_sc_t *)ic; 1219 ieee80211_node_t *in = ic->ic_bss; 1220 enum ieee80211_state ostate; 1221 int i, err = WPI_SUCCESS; 1222 1223 mutex_enter(&sc->sc_glock); 1224 switch (nstate) { 1225 case IEEE80211_S_SCAN: 1226 ostate = ic->ic_state; 1227 switch (ostate) { 1228 default: 1229 break; 1230 case IEEE80211_S_INIT: 1231 /* make the link LED blink while we're scanning */ 1232 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1233 1234 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1235 if ((err = wpi_scan(sc)) != 0) { 1236 WPI_DBG((WPI_DEBUG_80211, 1237 "could not initiate scan\n")); 1238 ic->ic_flags &= ~(IEEE80211_F_SCAN | 1239 IEEE80211_F_ASCAN); 1240 mutex_exit(&sc->sc_glock); 1241 return (err); 1242 } 1243 break; 1244 } 1245 ic->ic_state = nstate; 1246 sc->sc_clk = 0; 1247 1248 mutex_exit(&sc->sc_glock); 1249 return (WPI_SUCCESS); 1250 1251 case IEEE80211_S_AUTH: 1252 /* reset state to handle reassociations correctly */ 1253 sc->sc_config.state = 0; 1254 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1255 1256 if ((err = wpi_auth(sc)) != 0) { 1257 WPI_DBG((WPI_DEBUG_80211, 1258 "could not send authentication request\n")); 1259 mutex_exit(&sc->sc_glock); 1260 return (err); 1261 } 1262 break; 1263 1264 case IEEE80211_S_RUN: 1265 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1266 /* link LED blinks while monitoring */ 1267 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 1268 break; 1269 } 1270 1271 if (ic->ic_opmode != IEEE80211_M_STA) { 1272 (void) wpi_auth(sc); 1273 /* need setup beacon here */ 1274 } 1275 WPI_DBG((WPI_DEBUG_80211, "wpi: associated.")); 1276 1277 /* update adapter's configuration */ 1278 sc->sc_config.state = LE_16(WPI_CONFIG_ASSOCIATED); 1279 /* short preamble/slot time are negotiated when associating */ 1280 sc->sc_config.flags &= ~LE_32(WPI_CONFIG_SHPREAMBLE | 1281 WPI_CONFIG_SHSLOT); 1282 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1283 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHSLOT); 1284 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1285 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHPREAMBLE); 1286 sc->sc_config.filter |= LE_32(WPI_FILTER_BSS); 1287 if (ic->ic_opmode != IEEE80211_M_STA) 1288 sc->sc_config.filter |= LE_32(WPI_FILTER_BEACON); 1289 1290 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x\n", 1291 sc->sc_config.chan, sc->sc_config.flags)); 1292 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1293 sizeof (wpi_config_t), 1); 1294 if (err != WPI_SUCCESS) { 1295 WPI_DBG((WPI_DEBUG_80211, 1296 "could not update configuration\n")); 1297 mutex_exit(&sc->sc_glock); 1298 return (err); 1299 } 1300 1301 /* start automatic rate control */ 1302 mutex_enter(&sc->sc_mt_lock); 1303 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1304 sc->sc_flags |= WPI_F_RATE_AUTO_CTL; 1305 /* set rate to some reasonable initial value */ 1306 i = in->in_rates.ir_nrates - 1; 1307 while (i > 0 && IEEE80211_RATE(i) > 72) 1308 i--; 1309 in->in_txrate = i; 1310 } else { 1311 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 1312 } 1313 mutex_exit(&sc->sc_mt_lock); 1314 1315 /* link LED always on while associated */ 1316 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 1317 break; 1318 1319 case IEEE80211_S_INIT: 1320 case IEEE80211_S_ASSOC: 1321 break; 1322 } 1323 1324 mutex_exit(&sc->sc_glock); 1325 return (sc->sc_newstate(ic, nstate, arg)); 1326 } 1327 1328 /*ARGSUSED*/ 1329 static int wpi_key_set(ieee80211com_t *ic, const struct ieee80211_key *k, 1330 const uint8_t mac[IEEE80211_ADDR_LEN]) 1331 { 1332 wpi_sc_t *sc = (wpi_sc_t *)ic; 1333 wpi_node_t node; 1334 int err; 1335 1336 switch (k->wk_cipher->ic_cipher) { 1337 case IEEE80211_CIPHER_WEP: 1338 case IEEE80211_CIPHER_TKIP: 1339 return (1); /* sofeware do it. */ 1340 case IEEE80211_CIPHER_AES_CCM: 1341 break; 1342 default: 1343 return (0); 1344 } 1345 sc->sc_config.filter &= ~(WPI_FILTER_NODECRYPTUNI | 1346 WPI_FILTER_NODECRYPTMUL); 1347 1348 mutex_enter(&sc->sc_glock); 1349 1350 /* update ap/multicast node */ 1351 (void) memset(&node, 0, sizeof (node)); 1352 if (IEEE80211_IS_MULTICAST(mac)) { 1353 (void) memset(node.bssid, 0xff, 6); 1354 node.id = WPI_ID_BROADCAST; 1355 } else { 1356 IEEE80211_ADDR_COPY(node.bssid, ic->ic_bss->in_bssid); 1357 node.id = WPI_ID_BSS; 1358 } 1359 if (k->wk_flags & IEEE80211_KEY_XMIT) { 1360 node.key_flags = 0; 1361 node.keyp = k->wk_keyix; 1362 } else { 1363 node.key_flags = (1 << 14); 1364 node.keyp = k->wk_keyix + 4; 1365 } 1366 (void) memcpy(node.key, k->wk_key, k->wk_keylen); 1367 node.key_flags |= (2 | (1 << 3) | (k->wk_keyix << 8)); 1368 node.sta_mask = 1; 1369 node.control = 1; 1370 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 1371 if (err != WPI_SUCCESS) { 1372 cmn_err(CE_WARN, "wpi_key_set():" 1373 "failed to update ap node\n"); 1374 mutex_exit(&sc->sc_glock); 1375 return (0); 1376 } 1377 mutex_exit(&sc->sc_glock); 1378 return (1); 1379 } 1380 1381 /* 1382 * Grab exclusive access to NIC memory. 1383 */ 1384 static void 1385 wpi_mem_lock(wpi_sc_t *sc) 1386 { 1387 uint32_t tmp; 1388 int ntries; 1389 1390 tmp = WPI_READ(sc, WPI_GPIO_CTL); 1391 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_MAC); 1392 1393 /* spin until we actually get the lock */ 1394 for (ntries = 0; ntries < 1000; ntries++) { 1395 if ((WPI_READ(sc, WPI_GPIO_CTL) & 1396 (WPI_GPIO_CLOCK | WPI_GPIO_SLEEP)) == WPI_GPIO_CLOCK) 1397 break; 1398 DELAY(10); 1399 } 1400 if (ntries == 1000) 1401 WPI_DBG((WPI_DEBUG_PIO, "could not lock memory\n")); 1402 } 1403 1404 /* 1405 * Release lock on NIC memory. 1406 */ 1407 static void 1408 wpi_mem_unlock(wpi_sc_t *sc) 1409 { 1410 uint32_t tmp = WPI_READ(sc, WPI_GPIO_CTL); 1411 WPI_WRITE(sc, WPI_GPIO_CTL, tmp & ~WPI_GPIO_MAC); 1412 } 1413 1414 static uint32_t 1415 wpi_mem_read(wpi_sc_t *sc, uint16_t addr) 1416 { 1417 WPI_WRITE(sc, WPI_READ_MEM_ADDR, WPI_MEM_4 | addr); 1418 return (WPI_READ(sc, WPI_READ_MEM_DATA)); 1419 } 1420 1421 static void 1422 wpi_mem_write(wpi_sc_t *sc, uint16_t addr, uint32_t data) 1423 { 1424 WPI_WRITE(sc, WPI_WRITE_MEM_ADDR, WPI_MEM_4 | addr); 1425 WPI_WRITE(sc, WPI_WRITE_MEM_DATA, data); 1426 } 1427 1428 static void 1429 wpi_mem_write_region_4(wpi_sc_t *sc, uint16_t addr, 1430 const uint32_t *data, int wlen) 1431 { 1432 for (; wlen > 0; wlen--, data++, addr += 4) 1433 wpi_mem_write(sc, addr, *data); 1434 } 1435 1436 /* 1437 * Read 16 bits from the EEPROM. We access EEPROM through the MAC instead of 1438 * using the traditional bit-bang method. 1439 */ 1440 static uint16_t 1441 wpi_read_prom_word(wpi_sc_t *sc, uint32_t addr) 1442 { 1443 uint32_t val; 1444 int ntries; 1445 1446 WPI_WRITE(sc, WPI_EEPROM_CTL, addr << 2); 1447 1448 wpi_mem_lock(sc); 1449 for (ntries = 0; ntries < 10; ntries++) { 1450 if ((val = WPI_READ(sc, WPI_EEPROM_CTL)) & WPI_EEPROM_READY) 1451 break; 1452 DELAY(10); 1453 } 1454 wpi_mem_unlock(sc); 1455 1456 if (ntries == 10) { 1457 WPI_DBG((WPI_DEBUG_PIO, "could not read EEPROM\n")); 1458 return (0xdead); 1459 } 1460 return (val >> 16); 1461 } 1462 1463 /* 1464 * The firmware boot code is small and is intended to be copied directly into 1465 * the NIC internal memory. 1466 */ 1467 static int 1468 wpi_load_microcode(wpi_sc_t *sc) 1469 { 1470 const char *ucode; 1471 int size; 1472 1473 ucode = sc->sc_boot; 1474 size = LE_32(sc->sc_hdr->bootsz); 1475 /* check that microcode size is a multiple of 4 */ 1476 if (size & 3) 1477 return (EINVAL); 1478 1479 size /= sizeof (uint32_t); 1480 1481 wpi_mem_lock(sc); 1482 1483 /* copy microcode image into NIC memory */ 1484 wpi_mem_write_region_4(sc, WPI_MEM_UCODE_BASE, (const uint32_t *)ucode, 1485 size); 1486 1487 wpi_mem_write(sc, WPI_MEM_UCODE_SRC, 0); 1488 wpi_mem_write(sc, WPI_MEM_UCODE_DST, WPI_FW_TEXT); 1489 wpi_mem_write(sc, WPI_MEM_UCODE_SIZE, size); 1490 1491 /* run microcode */ 1492 wpi_mem_write(sc, WPI_MEM_UCODE_CTL, WPI_UC_RUN); 1493 1494 wpi_mem_unlock(sc); 1495 1496 return (WPI_SUCCESS); 1497 } 1498 1499 /* 1500 * The firmware text and data segments are transferred to the NIC using DMA. 1501 * The driver just copies the firmware into DMA-safe memory and tells the NIC 1502 * where to find it. Once the NIC has copied the firmware into its internal 1503 * memory, we can free our local copy in the driver. 1504 */ 1505 static int 1506 wpi_load_firmware(wpi_sc_t *sc, uint32_t target) 1507 { 1508 const char *fw; 1509 int size; 1510 wpi_dma_t *dma_p; 1511 ddi_dma_cookie_t *cookie; 1512 wpi_tx_desc_t desc; 1513 int i, ntries, err = WPI_SUCCESS; 1514 1515 /* only text and data here */ 1516 if (target == WPI_FW_TEXT) { 1517 fw = sc->sc_text; 1518 size = LE_32(sc->sc_hdr->textsz); 1519 dma_p = &sc->sc_dma_fw_text; 1520 cookie = sc->sc_fw_text_cookie; 1521 } else { 1522 fw = sc->sc_data; 1523 size = LE_32(sc->sc_hdr->datasz); 1524 dma_p = &sc->sc_dma_fw_data; 1525 cookie = sc->sc_fw_data_cookie; 1526 } 1527 1528 /* copy firmware image to DMA-safe memory */ 1529 (void) memcpy(dma_p->mem_va, fw, size); 1530 1531 /* make sure the adapter will get up-to-date values */ 1532 (void) ddi_dma_sync(dma_p->dma_hdl, 0, size, DDI_DMA_SYNC_FORDEV); 1533 1534 (void) memset(&desc, 0, sizeof (desc)); 1535 desc.flags = LE_32(WPI_PAD32(size) << 28 | dma_p->ncookies << 24); 1536 for (i = 0; i < dma_p->ncookies; i++) { 1537 WPI_DBG((WPI_DEBUG_DMA, "cookie%d addr:%x size:%x\n", 1538 i, cookie[i].dmac_address, cookie[i].dmac_size)); 1539 desc.segs[i].addr = cookie[i].dmac_address; 1540 desc.segs[i].len = (uint32_t)cookie[i].dmac_size; 1541 } 1542 1543 wpi_mem_lock(sc); 1544 1545 /* tell adapter where to copy image in its internal memory */ 1546 WPI_WRITE(sc, WPI_FW_TARGET, target); 1547 1548 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0); 1549 1550 /* copy firmware descriptor into NIC memory */ 1551 WPI_WRITE_REGION_4(sc, WPI_TX_DESC(6), (uint32_t *)&desc, 1552 sizeof desc / sizeof (uint32_t)); 1553 1554 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0xfffff); 1555 WPI_WRITE(sc, WPI_TX_STATE(6), 0x4001); 1556 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0x80000001); 1557 1558 /* wait while the adapter is busy copying the firmware */ 1559 for (ntries = 0; ntries < 100; ntries++) { 1560 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(6)) 1561 break; 1562 DELAY(1000); 1563 } 1564 if (ntries == 100) { 1565 WPI_DBG((WPI_DEBUG_FW, "timeout transferring firmware\n")); 1566 err = ETIMEDOUT; 1567 } 1568 1569 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0); 1570 1571 wpi_mem_unlock(sc); 1572 1573 return (err); 1574 } 1575 1576 /*ARGSUSED*/ 1577 static void 1578 wpi_rx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1579 { 1580 ieee80211com_t *ic = &sc->sc_ic; 1581 wpi_rx_ring_t *ring = &sc->sc_rxq; 1582 wpi_rx_stat_t *stat; 1583 wpi_rx_head_t *head; 1584 wpi_rx_tail_t *tail; 1585 ieee80211_node_t *in; 1586 struct ieee80211_frame *wh; 1587 mblk_t *mp; 1588 uint16_t len; 1589 1590 stat = (wpi_rx_stat_t *)(desc + 1); 1591 1592 if (stat->len > WPI_STAT_MAXLEN) { 1593 WPI_DBG((WPI_DEBUG_RX, "invalid rx statistic header\n")); 1594 return; 1595 } 1596 1597 head = (wpi_rx_head_t *)((caddr_t)(stat + 1) + stat->len); 1598 tail = (wpi_rx_tail_t *)((caddr_t)(head + 1) + LE_16(head->len)); 1599 1600 len = LE_16(head->len); 1601 1602 WPI_DBG((WPI_DEBUG_RX, "rx intr: idx=%d len=%d stat len=%d rssi=%d " 1603 "rate=%x chan=%d tstamp=%llu", ring->cur, LE_32(desc->len), 1604 len, (int8_t)stat->rssi, head->rate, head->chan, 1605 LE_64(tail->tstamp))); 1606 1607 if ((len < 20) || (len > sc->sc_dmabuf_sz)) { 1608 sc->sc_rx_err++; 1609 return; 1610 } 1611 1612 /* 1613 * Discard Rx frames with bad CRC early 1614 */ 1615 if ((LE_32(tail->flags) & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1616 WPI_DBG((WPI_DEBUG_RX, "rx tail flags error %x\n", 1617 LE_32(tail->flags))); 1618 sc->sc_rx_err++; 1619 return; 1620 } 1621 1622 /* update Rx descriptor */ 1623 /* ring->desc[ring->cur] = LE_32(data->dma_data.cookie.dmac_address); */ 1624 1625 #ifdef WPI_BPF 1626 #ifndef WPI_CURRENT 1627 if (sc->sc_drvbpf != NULL) { 1628 #else 1629 if (bpf_peers_present(sc->sc_drvbpf)) { 1630 #endif 1631 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1632 1633 tap->wr_flags = 0; 1634 tap->wr_rate = head->rate; 1635 tap->wr_chan_freq = 1636 LE_16(ic->ic_channels[head->chan].ic_freq); 1637 tap->wr_chan_flags = 1638 LE_16(ic->ic_channels[head->chan].ic_flags); 1639 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1640 tap->wr_dbm_antnoise = (int8_t)LE_16(stat->noise); 1641 tap->wr_tsft = tail->tstamp; 1642 tap->wr_antenna = (LE_16(head->flags) >> 4) & 0xf; 1643 switch (head->rate) { 1644 /* CCK rates */ 1645 case 10: tap->wr_rate = 2; break; 1646 case 20: tap->wr_rate = 4; break; 1647 case 55: tap->wr_rate = 11; break; 1648 case 110: tap->wr_rate = 22; break; 1649 /* OFDM rates */ 1650 case 0xd: tap->wr_rate = 12; break; 1651 case 0xf: tap->wr_rate = 18; break; 1652 case 0x5: tap->wr_rate = 24; break; 1653 case 0x7: tap->wr_rate = 36; break; 1654 case 0x9: tap->wr_rate = 48; break; 1655 case 0xb: tap->wr_rate = 72; break; 1656 case 0x1: tap->wr_rate = 96; break; 1657 case 0x3: tap->wr_rate = 108; break; 1658 /* unknown rate: should not happen */ 1659 default: tap->wr_rate = 0; 1660 } 1661 if (LE_16(head->flags) & 0x4) 1662 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1663 1664 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1665 } 1666 #endif 1667 /* grab a reference to the source node */ 1668 wh = (struct ieee80211_frame *)(head + 1); 1669 1670 #ifdef DEBUG 1671 if (wpi_dbg_flags & WPI_DEBUG_RX) 1672 ieee80211_dump_pkt((uint8_t *)wh, len, 0, 0); 1673 #endif 1674 1675 in = ieee80211_find_rxnode(ic, wh); 1676 mp = allocb(len, BPRI_MED); 1677 if (mp) { 1678 (void) memcpy(mp->b_wptr, wh, len); 1679 mp->b_wptr += len; 1680 1681 /* send the frame to the 802.11 layer */ 1682 (void) ieee80211_input(ic, mp, in, stat->rssi, 0); 1683 } else { 1684 sc->sc_rx_nobuf++; 1685 WPI_DBG((WPI_DEBUG_RX, 1686 "wpi_rx_intr(): alloc rx buf failed\n")); 1687 } 1688 /* release node reference */ 1689 ieee80211_free_node(in); 1690 } 1691 1692 /*ARGSUSED*/ 1693 static void 1694 wpi_tx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1695 { 1696 ieee80211com_t *ic = &sc->sc_ic; 1697 wpi_tx_ring_t *ring = &sc->sc_txq[desc->qid & 0x3]; 1698 /* wpi_tx_data_t *txdata = &ring->data[desc->idx]; */ 1699 wpi_tx_stat_t *stat = (wpi_tx_stat_t *)(desc + 1); 1700 wpi_amrr_t *amrr = (wpi_amrr_t *)ic->ic_bss; 1701 1702 WPI_DBG((WPI_DEBUG_TX, "tx done: qid=%d idx=%d retries=%d nkill=%d " 1703 "rate=%x duration=%d status=%x\n", 1704 desc->qid, desc->idx, stat->ntries, stat->nkill, stat->rate, 1705 LE_32(stat->duration), LE_32(stat->status))); 1706 1707 amrr->txcnt++; 1708 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d cnt\n", amrr->txcnt)); 1709 if (stat->ntries > 0) { 1710 amrr->retrycnt++; 1711 sc->sc_tx_retries++; 1712 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d retries\n", 1713 amrr->retrycnt)); 1714 } 1715 1716 sc->sc_tx_timer = 0; 1717 1718 mutex_enter(&sc->sc_tx_lock); 1719 ring->queued--; 1720 if (ring->queued < 0) 1721 ring->queued = 0; 1722 if ((sc->sc_need_reschedule) && (ring->queued <= (ring->count << 3))) { 1723 sc->sc_need_reschedule = 0; 1724 mutex_exit(&sc->sc_tx_lock); 1725 mac_tx_update(ic->ic_mach); 1726 mutex_enter(&sc->sc_tx_lock); 1727 } 1728 mutex_exit(&sc->sc_tx_lock); 1729 } 1730 1731 static void 1732 wpi_cmd_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc) 1733 { 1734 if ((desc->qid & 7) != 4) { 1735 return; /* not a command ack */ 1736 } 1737 mutex_enter(&sc->sc_glock); 1738 sc->sc_flags |= WPI_F_CMD_DONE; 1739 cv_signal(&sc->sc_cmd_cv); 1740 mutex_exit(&sc->sc_glock); 1741 } 1742 1743 static uint_t 1744 wpi_notif_softintr(caddr_t arg) 1745 { 1746 wpi_sc_t *sc = (wpi_sc_t *)arg; 1747 ieee80211com_t *ic = &sc->sc_ic; 1748 wpi_rx_desc_t *desc; 1749 wpi_rx_data_t *data; 1750 uint32_t hw; 1751 1752 mutex_enter(&sc->sc_glock); 1753 if (sc->sc_notif_softint_pending != 1) { 1754 mutex_exit(&sc->sc_glock); 1755 return (DDI_INTR_UNCLAIMED); 1756 } 1757 mutex_exit(&sc->sc_glock); 1758 1759 hw = LE_32(sc->sc_shared->next); 1760 1761 while (sc->sc_rxq.cur != hw) { 1762 data = &sc->sc_rxq.data[sc->sc_rxq.cur]; 1763 desc = (wpi_rx_desc_t *)data->dma_data.mem_va; 1764 1765 WPI_DBG((WPI_DEBUG_INTR, "rx notification hw = %d cur = %d " 1766 "qid=%x idx=%d flags=%x type=%d len=%d\n", 1767 hw, sc->sc_rxq.cur, desc->qid, desc->idx, desc->flags, 1768 desc->type, LE_32(desc->len))); 1769 1770 if (!(desc->qid & 0x80)) /* reply to a command */ 1771 wpi_cmd_intr(sc, desc); 1772 1773 switch (desc->type) { 1774 case WPI_RX_DONE: 1775 /* a 802.11 frame was received */ 1776 wpi_rx_intr(sc, desc, data); 1777 break; 1778 1779 case WPI_TX_DONE: 1780 /* a 802.11 frame has been transmitted */ 1781 wpi_tx_intr(sc, desc, data); 1782 break; 1783 1784 case WPI_UC_READY: 1785 { 1786 wpi_ucode_info_t *uc = 1787 (wpi_ucode_info_t *)(desc + 1); 1788 1789 /* the microcontroller is ready */ 1790 WPI_DBG((WPI_DEBUG_FW, 1791 "microcode alive notification version %x " 1792 "alive %x\n", LE_32(uc->version), 1793 LE_32(uc->valid))); 1794 1795 if (LE_32(uc->valid) != 1) { 1796 WPI_DBG((WPI_DEBUG_FW, 1797 "microcontroller initialization failed\n")); 1798 } 1799 break; 1800 } 1801 case WPI_STATE_CHANGED: 1802 { 1803 uint32_t *status = (uint32_t *)(desc + 1); 1804 1805 /* enabled/disabled notification */ 1806 WPI_DBG((WPI_DEBUG_RADIO, "state changed to %x\n", 1807 LE_32(*status))); 1808 1809 if (LE_32(*status) & 1) { 1810 /* 1811 * the radio button has to be pushed(OFF). It 1812 * is considered as a hw error, the 1813 * wpi_thread() tries to recover it after the 1814 * button is pushed again(ON) 1815 */ 1816 cmn_err(CE_NOTE, 1817 "wpi: Radio transmitter is off\n"); 1818 sc->sc_ostate = sc->sc_ic.ic_state; 1819 ieee80211_new_state(&sc->sc_ic, 1820 IEEE80211_S_INIT, -1); 1821 sc->sc_flags |= 1822 (WPI_F_HW_ERR_RECOVER | WPI_F_RADIO_OFF); 1823 } 1824 break; 1825 } 1826 case WPI_START_SCAN: 1827 { 1828 wpi_start_scan_t *scan = 1829 (wpi_start_scan_t *)(desc + 1); 1830 1831 WPI_DBG((WPI_DEBUG_SCAN, 1832 "scanning channel %d status %x\n", 1833 scan->chan, LE_32(scan->status))); 1834 1835 /* fix current channel */ 1836 ic->ic_curchan = &ic->ic_sup_channels[scan->chan]; 1837 break; 1838 } 1839 case WPI_STOP_SCAN: 1840 WPI_DBG((WPI_DEBUG_SCAN, "scan finished\n")); 1841 ieee80211_end_scan(ic); 1842 break; 1843 } 1844 1845 sc->sc_rxq.cur = (sc->sc_rxq.cur + 1) % WPI_RX_RING_COUNT; 1846 } 1847 1848 /* tell the firmware what we have processed */ 1849 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1850 WPI_WRITE(sc, WPI_RX_WIDX, hw & (~7)); 1851 mutex_enter(&sc->sc_glock); 1852 sc->sc_notif_softint_pending = 0; 1853 mutex_exit(&sc->sc_glock); 1854 1855 return (DDI_INTR_CLAIMED); 1856 } 1857 1858 static uint_t 1859 wpi_intr(caddr_t arg) 1860 { 1861 wpi_sc_t *sc = (wpi_sc_t *)arg; 1862 uint32_t r, rfh; 1863 1864 mutex_enter(&sc->sc_glock); 1865 if (sc->sc_flags & WPI_F_SUSPEND) { 1866 mutex_exit(&sc->sc_glock); 1867 return (DDI_INTR_UNCLAIMED); 1868 } 1869 1870 r = WPI_READ(sc, WPI_INTR); 1871 if (r == 0 || r == 0xffffffff) { 1872 mutex_exit(&sc->sc_glock); 1873 return (DDI_INTR_UNCLAIMED); 1874 } 1875 1876 WPI_DBG((WPI_DEBUG_INTR, "interrupt reg %x\n", r)); 1877 1878 rfh = WPI_READ(sc, WPI_INTR_STATUS); 1879 /* disable interrupts */ 1880 WPI_WRITE(sc, WPI_MASK, 0); 1881 /* ack interrupts */ 1882 WPI_WRITE(sc, WPI_INTR, r); 1883 WPI_WRITE(sc, WPI_INTR_STATUS, rfh); 1884 1885 if (sc->sc_notif_softint_id == NULL) { 1886 mutex_exit(&sc->sc_glock); 1887 return (DDI_INTR_CLAIMED); 1888 } 1889 1890 if (r & (WPI_SW_ERROR | WPI_HW_ERROR)) { 1891 WPI_DBG((WPI_DEBUG_FW, "fatal firmware error\n")); 1892 mutex_exit(&sc->sc_glock); 1893 wpi_stop(sc); 1894 sc->sc_ostate = sc->sc_ic.ic_state; 1895 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 1896 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 1897 return (DDI_INTR_CLAIMED); 1898 } 1899 1900 if ((r & (WPI_RX_INTR | WPI_RX_SWINT)) || 1901 (rfh & 0x40070000)) { 1902 sc->sc_notif_softint_pending = 1; 1903 ddi_trigger_softintr(sc->sc_notif_softint_id); 1904 } 1905 1906 if (r & WPI_ALIVE_INTR) { /* firmware initialized */ 1907 sc->sc_flags |= WPI_F_FW_INIT; 1908 cv_signal(&sc->sc_fw_cv); 1909 } 1910 1911 /* re-enable interrupts */ 1912 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 1913 mutex_exit(&sc->sc_glock); 1914 1915 return (DDI_INTR_CLAIMED); 1916 } 1917 1918 static uint8_t 1919 wpi_plcp_signal(int rate) 1920 { 1921 switch (rate) { 1922 /* CCK rates (returned values are device-dependent) */ 1923 case 2: return (10); 1924 case 4: return (20); 1925 case 11: return (55); 1926 case 22: return (110); 1927 1928 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 1929 /* R1-R4 (ral/ural is R4-R1) */ 1930 case 12: return (0xd); 1931 case 18: return (0xf); 1932 case 24: return (0x5); 1933 case 36: return (0x7); 1934 case 48: return (0x9); 1935 case 72: return (0xb); 1936 case 96: return (0x1); 1937 case 108: return (0x3); 1938 1939 /* unsupported rates (should not get there) */ 1940 default: return (0); 1941 } 1942 } 1943 1944 static mblk_t * 1945 wpi_m_tx(void *arg, mblk_t *mp) 1946 { 1947 wpi_sc_t *sc = (wpi_sc_t *)arg; 1948 ieee80211com_t *ic = &sc->sc_ic; 1949 mblk_t *next; 1950 1951 if (sc->sc_flags & WPI_F_SUSPEND) { 1952 freemsgchain(mp); 1953 return (NULL); 1954 } 1955 1956 if (ic->ic_state != IEEE80211_S_RUN) { 1957 freemsgchain(mp); 1958 return (NULL); 1959 } 1960 1961 while (mp != NULL) { 1962 next = mp->b_next; 1963 mp->b_next = NULL; 1964 if (wpi_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != 0) { 1965 mp->b_next = next; 1966 break; 1967 } 1968 mp = next; 1969 } 1970 return (mp); 1971 } 1972 1973 /* ARGSUSED */ 1974 static int 1975 wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type) 1976 { 1977 wpi_sc_t *sc = (wpi_sc_t *)ic; 1978 wpi_tx_ring_t *ring; 1979 wpi_tx_desc_t *desc; 1980 wpi_tx_data_t *data; 1981 wpi_tx_cmd_t *cmd; 1982 wpi_cmd_data_t *tx; 1983 ieee80211_node_t *in; 1984 struct ieee80211_frame *wh; 1985 struct ieee80211_key *k; 1986 mblk_t *m, *m0; 1987 int rate, hdrlen, len, mblen, off, err = WPI_SUCCESS; 1988 1989 ring = ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA) ? 1990 (&sc->sc_txq[0]) : (&sc->sc_txq[1]); 1991 data = &ring->data[ring->cur]; 1992 desc = data->desc; 1993 cmd = data->cmd; 1994 bzero(desc, sizeof (*desc)); 1995 bzero(cmd, sizeof (*cmd)); 1996 1997 mutex_enter(&sc->sc_tx_lock); 1998 if (sc->sc_flags & WPI_F_SUSPEND) { 1999 mutex_exit(&sc->sc_tx_lock); 2000 if ((type & IEEE80211_FC0_TYPE_MASK) != 2001 IEEE80211_FC0_TYPE_DATA) { 2002 freemsg(mp); 2003 } 2004 err = ENXIO; 2005 goto exit; 2006 } 2007 2008 if (ring->queued > ring->count - 64) { 2009 WPI_DBG((WPI_DEBUG_TX, "wpi_send(): no txbuf\n")); 2010 sc->sc_need_reschedule = 1; 2011 mutex_exit(&sc->sc_tx_lock); 2012 if ((type & IEEE80211_FC0_TYPE_MASK) != 2013 IEEE80211_FC0_TYPE_DATA) { 2014 freemsg(mp); 2015 } 2016 sc->sc_tx_nobuf++; 2017 err = ENOMEM; 2018 goto exit; 2019 } 2020 mutex_exit(&sc->sc_tx_lock); 2021 2022 hdrlen = sizeof (struct ieee80211_frame); 2023 2024 m = allocb(msgdsize(mp) + 32, BPRI_MED); 2025 if (m == NULL) { /* can not alloc buf, drop this package */ 2026 cmn_err(CE_WARN, 2027 "wpi_send(): failed to allocate msgbuf\n"); 2028 freemsg(mp); 2029 err = WPI_SUCCESS; 2030 goto exit; 2031 } 2032 for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) { 2033 mblen = MBLKL(m0); 2034 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen); 2035 off += mblen; 2036 } 2037 m->b_wptr += off; 2038 freemsg(mp); 2039 2040 wh = (struct ieee80211_frame *)m->b_rptr; 2041 2042 in = ieee80211_find_txnode(ic, wh->i_addr1); 2043 if (in == NULL) { 2044 cmn_err(CE_WARN, "wpi_send(): failed to find tx node\n"); 2045 freemsg(m); 2046 sc->sc_tx_err++; 2047 err = WPI_SUCCESS; 2048 goto exit; 2049 } 2050 2051 (void) ieee80211_encap(ic, m, in); 2052 2053 cmd->code = WPI_CMD_TX_DATA; 2054 cmd->flags = 0; 2055 cmd->qid = ring->qid; 2056 cmd->idx = ring->cur; 2057 2058 tx = (wpi_cmd_data_t *)cmd->data; 2059 tx->flags = 0; 2060 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2061 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2062 } else { 2063 tx->flags &= ~(LE_32(WPI_TX_NEED_ACK)); 2064 } 2065 2066 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2067 k = ieee80211_crypto_encap(ic, m); 2068 if (k == NULL) { 2069 freemsg(m); 2070 sc->sc_tx_err++; 2071 err = WPI_SUCCESS; 2072 goto exit; 2073 } 2074 2075 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 2076 tx->security = 2; /* for CCMP */ 2077 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2078 (void) memcpy(&tx->key, k->wk_key, k->wk_keylen); 2079 } 2080 2081 /* packet header may have moved, reset our local pointer */ 2082 wh = (struct ieee80211_frame *)m->b_rptr; 2083 } 2084 2085 len = msgdsize(m); 2086 2087 #ifdef DEBUG 2088 if (wpi_dbg_flags & WPI_DEBUG_TX) 2089 ieee80211_dump_pkt((uint8_t *)wh, hdrlen, 0, 0); 2090 #endif 2091 2092 /* pickup a rate */ 2093 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2094 IEEE80211_FC0_TYPE_MGT) { 2095 /* mgmt frames are sent at the lowest available bit-rate */ 2096 rate = 2; 2097 } else { 2098 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) { 2099 rate = ic->ic_fixed_rate; 2100 } else 2101 rate = in->in_rates.ir_rates[in->in_txrate]; 2102 } 2103 rate &= IEEE80211_RATE_VAL; 2104 WPI_DBG((WPI_DEBUG_RATECTL, "tx rate[%d of %d] = %x", 2105 in->in_txrate, in->in_rates.ir_nrates, rate)); 2106 #ifdef WPI_BPF 2107 #ifndef WPI_CURRENT 2108 if (sc->sc_drvbpf != NULL) { 2109 #else 2110 if (bpf_peers_present(sc->sc_drvbpf)) { 2111 #endif 2112 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2113 2114 tap->wt_flags = 0; 2115 tap->wt_chan_freq = LE_16(ic->ic_curchan->ic_freq); 2116 tap->wt_chan_flags = LE_16(ic->ic_curchan->ic_flags); 2117 tap->wt_rate = rate; 2118 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2119 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2120 2121 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 2122 } 2123 #endif 2124 2125 tx->flags |= (LE_32(WPI_TX_AUTO_SEQ)); 2126 tx->flags |= LE_32(WPI_TX_BT_DISABLE | WPI_TX_CALIBRATION); 2127 2128 /* retrieve destination node's id */ 2129 tx->id = IEEE80211_IS_MULTICAST(wh->i_addr1) ? WPI_ID_BROADCAST : 2130 WPI_ID_BSS; 2131 2132 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2133 IEEE80211_FC0_TYPE_MGT) { 2134 /* tell h/w to set timestamp in probe responses */ 2135 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2136 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2137 tx->flags |= LE_32(WPI_TX_INSERT_TSTAMP); 2138 2139 if (((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2140 IEEE80211_FC0_SUBTYPE_ASSOC_REQ) || 2141 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2142 IEEE80211_FC0_SUBTYPE_REASSOC_REQ)) 2143 tx->timeout = 3; 2144 else 2145 tx->timeout = 2; 2146 } else 2147 tx->timeout = 0; 2148 2149 tx->rate = wpi_plcp_signal(rate); 2150 2151 /* be very persistant at sending frames out */ 2152 tx->rts_ntries = 7; 2153 tx->data_ntries = 15; 2154 2155 tx->cck_mask = 0x0f; 2156 tx->ofdm_mask = 0xff; 2157 tx->lifetime = LE_32(0xffffffff); 2158 2159 tx->len = LE_16(len); 2160 2161 /* save and trim IEEE802.11 header */ 2162 (void) memcpy(tx + 1, m->b_rptr, hdrlen); 2163 m->b_rptr += hdrlen; 2164 (void) memcpy(data->dma_data.mem_va, m->b_rptr, len - hdrlen); 2165 2166 WPI_DBG((WPI_DEBUG_TX, "sending data: qid=%d idx=%d len=%d", ring->qid, 2167 ring->cur, len)); 2168 2169 /* first scatter/gather segment is used by the tx data command */ 2170 desc->flags = LE_32(WPI_PAD32(len) << 28 | (2) << 24); 2171 desc->segs[0].addr = LE_32(data->paddr_cmd); 2172 desc->segs[0].len = LE_32( 2173 roundup(4 + sizeof (wpi_cmd_data_t) + hdrlen, 4)); 2174 desc->segs[1].addr = LE_32(data->dma_data.cookie.dmac_address); 2175 desc->segs[1].len = LE_32(len - hdrlen); 2176 2177 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2178 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2179 2180 mutex_enter(&sc->sc_tx_lock); 2181 ring->queued++; 2182 mutex_exit(&sc->sc_tx_lock); 2183 2184 /* kick ring */ 2185 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2186 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2187 freemsg(m); 2188 /* release node reference */ 2189 ieee80211_free_node(in); 2190 2191 ic->ic_stats.is_tx_bytes += len; 2192 ic->ic_stats.is_tx_frags++; 2193 2194 if (sc->sc_tx_timer == 0) 2195 sc->sc_tx_timer = 5; 2196 exit: 2197 return (err); 2198 } 2199 2200 static void 2201 wpi_m_ioctl(void* arg, queue_t *wq, mblk_t *mp) 2202 { 2203 wpi_sc_t *sc = (wpi_sc_t *)arg; 2204 ieee80211com_t *ic = &sc->sc_ic; 2205 int err; 2206 2207 err = ieee80211_ioctl(ic, wq, mp); 2208 if (err == ENETRESET) { 2209 /* 2210 * This is special for the hidden AP connection. 2211 * In any case, we should make sure only one 'scan' 2212 * in the driver for a 'connect' CLI command. So 2213 * when connecting to a hidden AP, the scan is just 2214 * sent out to the air when we know the desired 2215 * essid of the AP we want to connect. 2216 */ 2217 if (ic->ic_des_esslen) { 2218 (void) ieee80211_new_state(ic, 2219 IEEE80211_S_SCAN, -1); 2220 } 2221 } 2222 } 2223 2224 /*ARGSUSED*/ 2225 static int 2226 wpi_m_stat(void *arg, uint_t stat, uint64_t *val) 2227 { 2228 wpi_sc_t *sc = (wpi_sc_t *)arg; 2229 ieee80211com_t *ic = &sc->sc_ic; 2230 ieee80211_node_t *in = ic->ic_bss; 2231 struct ieee80211_rateset *rs = &in->in_rates; 2232 2233 mutex_enter(&sc->sc_glock); 2234 switch (stat) { 2235 case MAC_STAT_IFSPEED: 2236 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ? 2237 (rs->ir_rates[in->in_txrate] & IEEE80211_RATE_VAL) 2238 : ic->ic_fixed_rate) / 2 * 1000000; 2239 break; 2240 case MAC_STAT_NOXMTBUF: 2241 *val = sc->sc_tx_nobuf; 2242 break; 2243 case MAC_STAT_NORCVBUF: 2244 *val = sc->sc_rx_nobuf; 2245 break; 2246 case MAC_STAT_IERRORS: 2247 *val = sc->sc_rx_err; 2248 break; 2249 case MAC_STAT_RBYTES: 2250 *val = ic->ic_stats.is_rx_bytes; 2251 break; 2252 case MAC_STAT_IPACKETS: 2253 *val = ic->ic_stats.is_rx_frags; 2254 break; 2255 case MAC_STAT_OBYTES: 2256 *val = ic->ic_stats.is_tx_bytes; 2257 break; 2258 case MAC_STAT_OPACKETS: 2259 *val = ic->ic_stats.is_tx_frags; 2260 break; 2261 case MAC_STAT_OERRORS: 2262 case WIFI_STAT_TX_FAILED: 2263 *val = sc->sc_tx_err; 2264 break; 2265 case WIFI_STAT_TX_RETRANS: 2266 *val = sc->sc_tx_retries; 2267 break; 2268 case WIFI_STAT_FCS_ERRORS: 2269 case WIFI_STAT_WEP_ERRORS: 2270 case WIFI_STAT_TX_FRAGS: 2271 case WIFI_STAT_MCAST_TX: 2272 case WIFI_STAT_RTS_SUCCESS: 2273 case WIFI_STAT_RTS_FAILURE: 2274 case WIFI_STAT_ACK_FAILURE: 2275 case WIFI_STAT_RX_FRAGS: 2276 case WIFI_STAT_MCAST_RX: 2277 case WIFI_STAT_RX_DUPS: 2278 mutex_exit(&sc->sc_glock); 2279 return (ieee80211_stat(ic, stat, val)); 2280 default: 2281 mutex_exit(&sc->sc_glock); 2282 return (ENOTSUP); 2283 } 2284 mutex_exit(&sc->sc_glock); 2285 2286 return (WPI_SUCCESS); 2287 2288 } 2289 2290 static int 2291 wpi_m_start(void *arg) 2292 { 2293 wpi_sc_t *sc = (wpi_sc_t *)arg; 2294 ieee80211com_t *ic = &sc->sc_ic; 2295 int err; 2296 2297 err = wpi_init(sc); 2298 if (err != WPI_SUCCESS) { 2299 wpi_stop(sc); 2300 DELAY(1000000); 2301 err = wpi_init(sc); 2302 } 2303 2304 if (err) { 2305 /* 2306 * The hw init err(eg. RF is OFF). Return Success to make 2307 * the 'plumb' succeed. The wpi_thread() tries to re-init 2308 * background. 2309 */ 2310 mutex_enter(&sc->sc_glock); 2311 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2312 mutex_exit(&sc->sc_glock); 2313 return (WPI_SUCCESS); 2314 } 2315 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2316 mutex_enter(&sc->sc_glock); 2317 sc->sc_flags |= WPI_F_RUNNING; 2318 mutex_exit(&sc->sc_glock); 2319 2320 return (WPI_SUCCESS); 2321 } 2322 2323 static void 2324 wpi_m_stop(void *arg) 2325 { 2326 wpi_sc_t *sc = (wpi_sc_t *)arg; 2327 ieee80211com_t *ic = &sc->sc_ic; 2328 2329 wpi_stop(sc); 2330 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2331 mutex_enter(&sc->sc_mt_lock); 2332 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2333 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 2334 mutex_exit(&sc->sc_mt_lock); 2335 mutex_enter(&sc->sc_glock); 2336 sc->sc_flags &= ~WPI_F_RUNNING; 2337 mutex_exit(&sc->sc_glock); 2338 } 2339 2340 /*ARGSUSED*/ 2341 static int 2342 wpi_m_unicst(void *arg, const uint8_t *macaddr) 2343 { 2344 wpi_sc_t *sc = (wpi_sc_t *)arg; 2345 ieee80211com_t *ic = &sc->sc_ic; 2346 int err; 2347 2348 if (!IEEE80211_ADDR_EQ(ic->ic_macaddr, macaddr)) { 2349 IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr); 2350 mutex_enter(&sc->sc_glock); 2351 err = wpi_config(sc); 2352 mutex_exit(&sc->sc_glock); 2353 if (err != WPI_SUCCESS) { 2354 cmn_err(CE_WARN, 2355 "wpi_m_unicst(): " 2356 "failed to configure device\n"); 2357 goto fail; 2358 } 2359 } 2360 return (WPI_SUCCESS); 2361 fail: 2362 return (err); 2363 } 2364 2365 /*ARGSUSED*/ 2366 static int 2367 wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m) 2368 { 2369 return (WPI_SUCCESS); 2370 } 2371 2372 /*ARGSUSED*/ 2373 static int 2374 wpi_m_promisc(void *arg, boolean_t on) 2375 { 2376 return (WPI_SUCCESS); 2377 } 2378 2379 static void 2380 wpi_thread(wpi_sc_t *sc) 2381 { 2382 ieee80211com_t *ic = &sc->sc_ic; 2383 clock_t clk; 2384 int times = 0, err, n = 0, timeout = 0; 2385 uint32_t tmp; 2386 2387 mutex_enter(&sc->sc_mt_lock); 2388 while (sc->sc_mf_thread_switch) { 2389 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2390 if (tmp & WPI_GPIO_HW_RF_KILL) { 2391 sc->sc_flags &= ~WPI_F_RADIO_OFF; 2392 } else { 2393 sc->sc_flags |= WPI_F_RADIO_OFF; 2394 } 2395 /* 2396 * If in SUSPEND or the RF is OFF, do nothing 2397 */ 2398 if ((sc->sc_flags & WPI_F_SUSPEND) || 2399 (sc->sc_flags & WPI_F_RADIO_OFF)) { 2400 mutex_exit(&sc->sc_mt_lock); 2401 delay(drv_usectohz(100000)); 2402 mutex_enter(&sc->sc_mt_lock); 2403 continue; 2404 } 2405 2406 /* 2407 * recovery fatal error 2408 */ 2409 if (ic->ic_mach && 2410 (sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 2411 2412 WPI_DBG((WPI_DEBUG_FW, 2413 "wpi_thread(): " 2414 "try to recover fatal hw error: %d\n", times++)); 2415 2416 wpi_stop(sc); 2417 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2418 2419 mutex_exit(&sc->sc_mt_lock); 2420 delay(drv_usectohz(2000000)); 2421 mutex_enter(&sc->sc_mt_lock); 2422 err = wpi_init(sc); 2423 if (err != WPI_SUCCESS) { 2424 n++; 2425 if (n < 3) 2426 continue; 2427 } 2428 n = 0; 2429 if (!err) 2430 sc->sc_flags |= WPI_F_RUNNING; 2431 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2432 mutex_exit(&sc->sc_mt_lock); 2433 delay(drv_usectohz(2000000)); 2434 if (sc->sc_ostate != IEEE80211_S_INIT) 2435 ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); 2436 mutex_enter(&sc->sc_mt_lock); 2437 } 2438 2439 /* 2440 * rate ctl 2441 */ 2442 if (ic->ic_mach && 2443 (sc->sc_flags & WPI_F_RATE_AUTO_CTL)) { 2444 clk = ddi_get_lbolt(); 2445 if (clk > sc->sc_clk + drv_usectohz(500000)) { 2446 wpi_amrr_timeout(sc); 2447 } 2448 } 2449 mutex_exit(&sc->sc_mt_lock); 2450 delay(drv_usectohz(100000)); 2451 mutex_enter(&sc->sc_mt_lock); 2452 if (sc->sc_tx_timer) { 2453 timeout++; 2454 if (timeout == 10) { 2455 sc->sc_tx_timer--; 2456 if (sc->sc_tx_timer == 0) { 2457 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2458 sc->sc_ostate = IEEE80211_S_RUN; 2459 } 2460 timeout = 0; 2461 } 2462 } 2463 } 2464 sc->sc_mf_thread = NULL; 2465 cv_signal(&sc->sc_mt_cv); 2466 mutex_exit(&sc->sc_mt_lock); 2467 } 2468 2469 /* 2470 * Extract various information from EEPROM. 2471 */ 2472 static void 2473 wpi_read_eeprom(wpi_sc_t *sc) 2474 { 2475 ieee80211com_t *ic = &sc->sc_ic; 2476 uint16_t val; 2477 int i; 2478 2479 /* read MAC address */ 2480 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 0); 2481 ic->ic_macaddr[0] = val & 0xff; 2482 ic->ic_macaddr[1] = val >> 8; 2483 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 1); 2484 ic->ic_macaddr[2] = val & 0xff; 2485 ic->ic_macaddr[3] = val >> 8; 2486 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 2); 2487 ic->ic_macaddr[4] = val & 0xff; 2488 ic->ic_macaddr[5] = val >> 8; 2489 2490 WPI_DBG((WPI_DEBUG_EEPROM, 2491 "mac:%2x:%2x:%2x:%2x:%2x:%2x\n", 2492 ic->ic_macaddr[0], ic->ic_macaddr[1], 2493 ic->ic_macaddr[2], ic->ic_macaddr[3], 2494 ic->ic_macaddr[4], ic->ic_macaddr[5])); 2495 /* read power settings for 2.4GHz channels */ 2496 for (i = 0; i < 14; i++) { 2497 sc->sc_pwr1[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR1 + i); 2498 sc->sc_pwr2[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR2 + i); 2499 WPI_DBG((WPI_DEBUG_EEPROM, 2500 "channel %d pwr1 0x%04x pwr2 0x%04x\n", i + 1, 2501 sc->sc_pwr1[i], sc->sc_pwr2[i])); 2502 } 2503 } 2504 2505 /* 2506 * Send a command to the firmware. 2507 */ 2508 static int 2509 wpi_cmd(wpi_sc_t *sc, int code, const void *buf, int size, int async) 2510 { 2511 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2512 wpi_tx_desc_t *desc; 2513 wpi_tx_cmd_t *cmd; 2514 2515 ASSERT(size <= sizeof (cmd->data)); 2516 ASSERT(mutex_owned(&sc->sc_glock)); 2517 2518 WPI_DBG((WPI_DEBUG_CMD, "wpi_cmd() # code[%d]", code)); 2519 desc = ring->data[ring->cur].desc; 2520 cmd = ring->data[ring->cur].cmd; 2521 2522 cmd->code = (uint8_t)code; 2523 cmd->flags = 0; 2524 cmd->qid = ring->qid; 2525 cmd->idx = ring->cur; 2526 (void) memcpy(cmd->data, buf, size); 2527 2528 desc->flags = LE_32(WPI_PAD32(size) << 28 | 1 << 24); 2529 desc->segs[0].addr = ring->data[ring->cur].paddr_cmd; 2530 desc->segs[0].len = 4 + size; 2531 2532 /* kick cmd ring */ 2533 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2534 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2535 2536 if (async) 2537 return (WPI_SUCCESS); 2538 else { 2539 clock_t clk; 2540 sc->sc_flags &= ~WPI_F_CMD_DONE; 2541 clk = ddi_get_lbolt() + drv_usectohz(2000000); 2542 while (!(sc->sc_flags & WPI_F_CMD_DONE)) { 2543 if (cv_timedwait(&sc->sc_cmd_cv, &sc->sc_glock, clk) 2544 < 0) 2545 break; 2546 } 2547 if (sc->sc_flags & WPI_F_CMD_DONE) 2548 return (WPI_SUCCESS); 2549 else 2550 return (WPI_FAIL); 2551 } 2552 } 2553 2554 /* 2555 * Configure h/w multi-rate retries. 2556 */ 2557 static int 2558 wpi_mrr_setup(wpi_sc_t *sc) 2559 { 2560 wpi_mrr_setup_t mrr; 2561 int i, err; 2562 2563 /* CCK rates (not used with 802.11a) */ 2564 for (i = WPI_CCK1; i <= WPI_CCK11; i++) { 2565 mrr.rates[i].flags = 0; 2566 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2567 /* fallback to the immediate lower CCK rate (if any) */ 2568 mrr.rates[i].next = (i == WPI_CCK1) ? WPI_CCK1 : i - 1; 2569 /* try one time at this rate before falling back to "next" */ 2570 mrr.rates[i].ntries = 1; 2571 } 2572 2573 /* OFDM rates (not used with 802.11b) */ 2574 for (i = WPI_OFDM6; i <= WPI_OFDM54; i++) { 2575 mrr.rates[i].flags = 0; 2576 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2577 /* fallback to the immediate lower OFDM rate (if any) */ 2578 mrr.rates[i].next = (i == WPI_OFDM6) ? WPI_OFDM6 : i - 1; 2579 /* try one time at this rate before falling back to "next" */ 2580 mrr.rates[i].ntries = 1; 2581 } 2582 2583 /* setup MRR for control frames */ 2584 mrr.which = LE_32(WPI_MRR_CTL); 2585 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2586 if (err != WPI_SUCCESS) { 2587 WPI_DBG((WPI_DEBUG_MRR, 2588 "could not setup MRR for control frames\n")); 2589 return (err); 2590 } 2591 2592 /* setup MRR for data frames */ 2593 mrr.which = LE_32(WPI_MRR_DATA); 2594 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2595 if (err != WPI_SUCCESS) { 2596 WPI_DBG((WPI_DEBUG_MRR, 2597 "could not setup MRR for data frames\n")); 2598 return (err); 2599 } 2600 2601 return (WPI_SUCCESS); 2602 } 2603 2604 static void 2605 wpi_set_led(wpi_sc_t *sc, uint8_t which, uint8_t off, uint8_t on) 2606 { 2607 wpi_cmd_led_t led; 2608 2609 led.which = which; 2610 led.unit = LE_32(100000); /* on/off in unit of 100ms */ 2611 led.off = off; 2612 led.on = on; 2613 2614 (void) wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof (led), 1); 2615 } 2616 2617 static int 2618 wpi_auth(wpi_sc_t *sc) 2619 { 2620 ieee80211com_t *ic = &sc->sc_ic; 2621 ieee80211_node_t *in = ic->ic_bss; 2622 wpi_node_t node; 2623 int err; 2624 2625 /* update adapter's configuration */ 2626 IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid); 2627 sc->sc_config.chan = ieee80211_chan2ieee(ic, in->in_chan); 2628 if (ic->ic_curmode == IEEE80211_MODE_11B) { 2629 sc->sc_config.cck_mask = 0x03; 2630 sc->sc_config.ofdm_mask = 0; 2631 } else if ((in->in_chan != IEEE80211_CHAN_ANYC) && 2632 (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) { 2633 sc->sc_config.cck_mask = 0; 2634 sc->sc_config.ofdm_mask = 0x15; 2635 } else { /* assume 802.11b/g */ 2636 sc->sc_config.cck_mask = 0x0f; 2637 sc->sc_config.ofdm_mask = 0xff; 2638 } 2639 2640 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x cck %x ofdm %x" 2641 " bssid:%02x:%02x:%02x:%02x:%02x:%2x\n", 2642 sc->sc_config.chan, sc->sc_config.flags, 2643 sc->sc_config.cck_mask, sc->sc_config.ofdm_mask, 2644 sc->sc_config.bssid[0], sc->sc_config.bssid[1], 2645 sc->sc_config.bssid[2], sc->sc_config.bssid[3], 2646 sc->sc_config.bssid[4], sc->sc_config.bssid[5])); 2647 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2648 sizeof (wpi_config_t), 1); 2649 if (err != WPI_SUCCESS) { 2650 cmn_err(CE_WARN, "wpi_auth(): failed to configurate chan%d\n", 2651 sc->sc_config.chan); 2652 return (err); 2653 } 2654 2655 /* add default node */ 2656 (void) memset(&node, 0, sizeof (node)); 2657 IEEE80211_ADDR_COPY(node.bssid, in->in_bssid); 2658 node.id = WPI_ID_BSS; 2659 node.rate = wpi_plcp_signal(2); 2660 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 2661 if (err != WPI_SUCCESS) { 2662 cmn_err(CE_WARN, "wpi_auth(): failed to add BSS node\n"); 2663 return (err); 2664 } 2665 2666 err = wpi_mrr_setup(sc); 2667 if (err != WPI_SUCCESS) { 2668 cmn_err(CE_WARN, "wpi_auth(): failed to setup MRR\n"); 2669 return (err); 2670 } 2671 2672 return (WPI_SUCCESS); 2673 } 2674 2675 /* 2676 * Send a scan request to the firmware. 2677 */ 2678 static int 2679 wpi_scan(wpi_sc_t *sc) 2680 { 2681 ieee80211com_t *ic = &sc->sc_ic; 2682 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2683 wpi_tx_desc_t *desc; 2684 wpi_tx_data_t *data; 2685 wpi_tx_cmd_t *cmd; 2686 wpi_scan_hdr_t *hdr; 2687 wpi_scan_chan_t *chan; 2688 struct ieee80211_frame *wh; 2689 ieee80211_node_t *in = ic->ic_bss; 2690 struct ieee80211_rateset *rs; 2691 enum ieee80211_phymode mode; 2692 uint8_t *frm; 2693 int i, pktlen, nrates; 2694 2695 data = &ring->data[ring->cur]; 2696 desc = data->desc; 2697 cmd = (wpi_tx_cmd_t *)data->dma_data.mem_va; 2698 2699 cmd->code = WPI_CMD_SCAN; 2700 cmd->flags = 0; 2701 cmd->qid = ring->qid; 2702 cmd->idx = ring->cur; 2703 2704 hdr = (wpi_scan_hdr_t *)cmd->data; 2705 (void) memset(hdr, 0, sizeof (wpi_scan_hdr_t)); 2706 hdr->first = 1; 2707 hdr->nchan = 14; 2708 hdr->len = hdr->nchan * sizeof (wpi_scan_chan_t); 2709 hdr->quiet = LE_16(5); 2710 hdr->threshold = LE_16(1); 2711 hdr->filter = LE_32(5); 2712 hdr->rate = wpi_plcp_signal(2); 2713 hdr->id = WPI_ID_BROADCAST; 2714 hdr->mask = LE_32(0xffffffff); 2715 hdr->esslen = ic->ic_des_esslen; 2716 if (ic->ic_des_esslen) 2717 bcopy(ic->ic_des_essid, hdr->essid, ic->ic_des_esslen); 2718 else 2719 bzero(hdr->essid, sizeof (hdr->essid)); 2720 /* 2721 * Build a probe request frame. Most of the following code is a 2722 * copy & paste of what is done in net80211. Unfortunately, the 2723 * functions to add IEs are static and thus can't be reused here. 2724 */ 2725 wh = (struct ieee80211_frame *)(hdr + 1); 2726 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2727 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2728 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2729 (void) memset(wh->i_addr1, 0xff, 6); 2730 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_macaddr); 2731 (void) memset(wh->i_addr3, 0xff, 6); 2732 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 2733 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 2734 2735 frm = (uint8_t *)(wh + 1); 2736 2737 /* add essid IE */ 2738 *frm++ = IEEE80211_ELEMID_SSID; 2739 *frm++ = in->in_esslen; 2740 (void) memcpy(frm, in->in_essid, in->in_esslen); 2741 frm += in->in_esslen; 2742 2743 mode = ieee80211_chan2mode(ic, ic->ic_curchan); 2744 rs = &ic->ic_sup_rates[mode]; 2745 2746 /* add supported rates IE */ 2747 *frm++ = IEEE80211_ELEMID_RATES; 2748 nrates = rs->ir_nrates; 2749 if (nrates > IEEE80211_RATE_SIZE) 2750 nrates = IEEE80211_RATE_SIZE; 2751 *frm++ = (uint8_t)nrates; 2752 (void) memcpy(frm, rs->ir_rates, nrates); 2753 frm += nrates; 2754 2755 /* add supported xrates IE */ 2756 if (rs->ir_nrates > IEEE80211_RATE_SIZE) { 2757 nrates = rs->ir_nrates - IEEE80211_RATE_SIZE; 2758 *frm++ = IEEE80211_ELEMID_XRATES; 2759 *frm++ = (uint8_t)nrates; 2760 (void) memcpy(frm, rs->ir_rates + IEEE80211_RATE_SIZE, nrates); 2761 frm += nrates; 2762 } 2763 2764 /* add optionnal IE (usually an RSN IE) */ 2765 if (ic->ic_opt_ie != NULL) { 2766 (void) memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); 2767 frm += ic->ic_opt_ie_len; 2768 } 2769 2770 /* setup length of probe request */ 2771 hdr->pbrlen = LE_16((uintptr_t)frm - (uintptr_t)wh); 2772 2773 /* align on a 4-byte boundary */ 2774 chan = (wpi_scan_chan_t *)frm; 2775 for (i = 1; i <= hdr->nchan; i++, chan++) { 2776 chan->flags = 3; 2777 chan->chan = (uint8_t)i; 2778 chan->magic = LE_16(0x62ab); 2779 chan->active = LE_16(20); 2780 chan->passive = LE_16(120); 2781 2782 frm += sizeof (wpi_scan_chan_t); 2783 } 2784 2785 pktlen = (uintptr_t)frm - (uintptr_t)cmd; 2786 2787 desc->flags = LE_32(WPI_PAD32(pktlen) << 28 | 1 << 24); 2788 desc->segs[0].addr = LE_32(data->dma_data.cookie.dmac_address); 2789 desc->segs[0].len = LE_32(pktlen); 2790 2791 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2792 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2793 2794 /* kick cmd ring */ 2795 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2796 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2797 2798 return (WPI_SUCCESS); /* will be notified async. of failure/success */ 2799 } 2800 2801 static int 2802 wpi_config(wpi_sc_t *sc) 2803 { 2804 ieee80211com_t *ic = &sc->sc_ic; 2805 wpi_txpower_t txpower; 2806 wpi_power_t power; 2807 #ifdef WPI_BLUE_COEXISTENCE 2808 wpi_bluetooth_t bluetooth; 2809 #endif 2810 wpi_node_t node; 2811 int err; 2812 2813 /* Intel's binary only daemon is a joke.. */ 2814 2815 /* set Tx power for 2.4GHz channels (values read from EEPROM) */ 2816 (void) memset(&txpower, 0, sizeof (txpower)); 2817 (void) memcpy(txpower.pwr1, sc->sc_pwr1, 14 * sizeof (uint16_t)); 2818 (void) memcpy(txpower.pwr2, sc->sc_pwr2, 14 * sizeof (uint16_t)); 2819 err = wpi_cmd(sc, WPI_CMD_TXPOWER, &txpower, sizeof (txpower), 0); 2820 if (err != WPI_SUCCESS) { 2821 cmn_err(CE_WARN, "wpi_config(): failed to set txpower\n"); 2822 return (err); 2823 } 2824 2825 /* set power mode */ 2826 (void) memset(&power, 0, sizeof (power)); 2827 power.flags = LE_32(0x8); 2828 err = wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &power, sizeof (power), 0); 2829 if (err != WPI_SUCCESS) { 2830 cmn_err(CE_WARN, "wpi_config(): failed to set power mode\n"); 2831 return (err); 2832 } 2833 #ifdef WPI_BLUE_COEXISTENCE 2834 /* configure bluetooth coexistence */ 2835 (void) memset(&bluetooth, 0, sizeof (bluetooth)); 2836 bluetooth.flags = 3; 2837 bluetooth.lead = 0xaa; 2838 bluetooth.kill = 1; 2839 err = wpi_cmd(sc, WPI_CMD_BLUETOOTH, &bluetooth, 2840 sizeof (bluetooth), 0); 2841 if (err != WPI_SUCCESS) { 2842 cmn_err(CE_WARN, 2843 "wpi_config(): " 2844 "failed to configurate bluetooth coexistence\n"); 2845 return (err); 2846 } 2847 #endif 2848 /* configure adapter */ 2849 (void) memset(&sc->sc_config, 0, sizeof (wpi_config_t)); 2850 IEEE80211_ADDR_COPY(sc->sc_config.myaddr, ic->ic_macaddr); 2851 sc->sc_config.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2852 sc->sc_config.flags = LE_32(WPI_CONFIG_TSF | WPI_CONFIG_AUTO | 2853 WPI_CONFIG_24GHZ); 2854 sc->sc_config.filter = 0; 2855 switch (ic->ic_opmode) { 2856 case IEEE80211_M_STA: 2857 sc->sc_config.mode = WPI_MODE_STA; 2858 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST); 2859 break; 2860 case IEEE80211_M_IBSS: 2861 case IEEE80211_M_AHDEMO: 2862 sc->sc_config.mode = WPI_MODE_IBSS; 2863 break; 2864 case IEEE80211_M_HOSTAP: 2865 sc->sc_config.mode = WPI_MODE_HOSTAP; 2866 break; 2867 case IEEE80211_M_MONITOR: 2868 sc->sc_config.mode = WPI_MODE_MONITOR; 2869 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST | 2870 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2871 break; 2872 } 2873 sc->sc_config.cck_mask = 0x0f; /* not yet negotiated */ 2874 sc->sc_config.ofdm_mask = 0xff; /* not yet negotiated */ 2875 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2876 sizeof (wpi_config_t), 0); 2877 if (err != WPI_SUCCESS) { 2878 cmn_err(CE_WARN, "wpi_config(): " 2879 "failed to set configure command\n"); 2880 return (err); 2881 } 2882 2883 /* add broadcast node */ 2884 (void) memset(&node, 0, sizeof (node)); 2885 (void) memset(node.bssid, 0xff, 6); 2886 node.id = WPI_ID_BROADCAST; 2887 node.rate = wpi_plcp_signal(2); 2888 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 0); 2889 if (err != WPI_SUCCESS) { 2890 cmn_err(CE_WARN, "wpi_config(): " 2891 "failed to add broadcast node\n"); 2892 return (err); 2893 } 2894 2895 return (WPI_SUCCESS); 2896 } 2897 2898 static void 2899 wpi_stop_master(wpi_sc_t *sc) 2900 { 2901 uint32_t tmp; 2902 int ntries; 2903 2904 tmp = WPI_READ(sc, WPI_RESET); 2905 WPI_WRITE(sc, WPI_RESET, tmp | WPI_STOP_MASTER); 2906 2907 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2908 if ((tmp & WPI_GPIO_PWR_STATUS) == WPI_GPIO_PWR_SLEEP) 2909 return; /* already asleep */ 2910 2911 for (ntries = 0; ntries < 2000; ntries++) { 2912 if (WPI_READ(sc, WPI_RESET) & WPI_MASTER_DISABLED) 2913 break; 2914 DELAY(1000); 2915 } 2916 if (ntries == 2000) 2917 WPI_DBG((WPI_DEBUG_HW, "timeout waiting for master\n")); 2918 } 2919 2920 static int 2921 wpi_power_up(wpi_sc_t *sc) 2922 { 2923 uint32_t tmp; 2924 int ntries; 2925 2926 wpi_mem_lock(sc); 2927 tmp = wpi_mem_read(sc, WPI_MEM_POWER); 2928 wpi_mem_write(sc, WPI_MEM_POWER, tmp & ~0x03000000); 2929 wpi_mem_unlock(sc); 2930 2931 for (ntries = 0; ntries < 5000; ntries++) { 2932 if (WPI_READ(sc, WPI_GPIO_STATUS) & WPI_POWERED) 2933 break; 2934 DELAY(10); 2935 } 2936 if (ntries == 5000) { 2937 cmn_err(CE_WARN, 2938 "wpi_power_up(): timeout waiting for NIC to power up\n"); 2939 return (ETIMEDOUT); 2940 } 2941 return (WPI_SUCCESS); 2942 } 2943 2944 static int 2945 wpi_reset(wpi_sc_t *sc) 2946 { 2947 uint32_t tmp; 2948 int ntries; 2949 2950 /* clear any pending interrupts */ 2951 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 2952 2953 tmp = WPI_READ(sc, WPI_PLL_CTL); 2954 WPI_WRITE(sc, WPI_PLL_CTL, tmp | WPI_PLL_INIT); 2955 2956 tmp = WPI_READ(sc, WPI_CHICKEN); 2957 WPI_WRITE(sc, WPI_CHICKEN, tmp | WPI_CHICKEN_RXNOLOS); 2958 2959 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2960 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_INIT); 2961 2962 /* wait for clock stabilization */ 2963 for (ntries = 0; ntries < 1000; ntries++) { 2964 if (WPI_READ(sc, WPI_GPIO_CTL) & WPI_GPIO_CLOCK) 2965 break; 2966 DELAY(10); 2967 } 2968 if (ntries == 1000) { 2969 cmn_err(CE_WARN, 2970 "wpi_reset(): timeout waiting for clock stabilization\n"); 2971 return (ETIMEDOUT); 2972 } 2973 2974 /* initialize EEPROM */ 2975 tmp = WPI_READ(sc, WPI_EEPROM_STATUS); 2976 if ((tmp & WPI_EEPROM_VERSION) == 0) { 2977 cmn_err(CE_WARN, "wpi_reset(): EEPROM not found\n"); 2978 return (EIO); 2979 } 2980 WPI_WRITE(sc, WPI_EEPROM_STATUS, tmp & ~WPI_EEPROM_LOCKED); 2981 2982 return (WPI_SUCCESS); 2983 } 2984 2985 static void 2986 wpi_hw_config(wpi_sc_t *sc) 2987 { 2988 uint16_t val; 2989 uint32_t hw; 2990 2991 /* voodoo from the Linux "driver".. */ 2992 hw = WPI_READ(sc, WPI_HWCONFIG); 2993 2994 if ((sc->sc_rev & 0xc0) == 0x40) 2995 hw |= WPI_HW_ALM_MB; 2996 else if (!(sc->sc_rev & 0x80)) 2997 hw |= WPI_HW_ALM_MM; 2998 2999 val = wpi_read_prom_word(sc, WPI_EEPROM_CAPABILITIES); 3000 if ((val & 0xff) == 0x80) 3001 hw |= WPI_HW_SKU_MRC; 3002 3003 val = wpi_read_prom_word(sc, WPI_EEPROM_REVISION); 3004 hw &= ~WPI_HW_REV_D; 3005 if ((val & 0xf0) == 0xd0) 3006 hw |= WPI_HW_REV_D; 3007 3008 val = wpi_read_prom_word(sc, WPI_EEPROM_TYPE); 3009 if ((val & 0xff) > 1) 3010 hw |= WPI_HW_TYPE_B; 3011 3012 WPI_DBG((WPI_DEBUG_HW, "setting h/w config %x\n", hw)); 3013 WPI_WRITE(sc, WPI_HWCONFIG, hw); 3014 } 3015 3016 static int 3017 wpi_init(wpi_sc_t *sc) 3018 { 3019 uint32_t tmp; 3020 int qid, ntries, err; 3021 clock_t clk; 3022 3023 mutex_enter(&sc->sc_glock); 3024 sc->sc_flags &= ~WPI_F_FW_INIT; 3025 3026 (void) wpi_reset(sc); 3027 3028 wpi_mem_lock(sc); 3029 wpi_mem_write(sc, WPI_MEM_CLOCK1, 0xa00); 3030 DELAY(20); 3031 tmp = wpi_mem_read(sc, WPI_MEM_PCIDEV); 3032 wpi_mem_write(sc, WPI_MEM_PCIDEV, tmp | 0x800); 3033 wpi_mem_unlock(sc); 3034 3035 (void) wpi_power_up(sc); 3036 wpi_hw_config(sc); 3037 3038 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3039 if (!(tmp & WPI_GPIO_HW_RF_KILL)) { 3040 cmn_err(CE_WARN, "wpi_init(): Radio transmitter is off\n"); 3041 goto fail1; 3042 } 3043 3044 /* init Rx ring */ 3045 wpi_mem_lock(sc); 3046 WPI_WRITE(sc, WPI_RX_BASE, sc->sc_rxq.dma_desc.cookie.dmac_address); 3047 WPI_WRITE(sc, WPI_RX_RIDX_PTR, 3048 (uint32_t)(sc->sc_dma_sh.cookie.dmac_address + 3049 offsetof(wpi_shared_t, next))); 3050 WPI_WRITE(sc, WPI_RX_WIDX, (WPI_RX_RING_COUNT - 1) & (~7)); 3051 WPI_WRITE(sc, WPI_RX_CONFIG, 0xa9601010); 3052 wpi_mem_unlock(sc); 3053 3054 /* init Tx rings */ 3055 wpi_mem_lock(sc); 3056 wpi_mem_write(sc, WPI_MEM_MODE, 2); /* bypass mode */ 3057 wpi_mem_write(sc, WPI_MEM_RA, 1); /* enable RA0 */ 3058 wpi_mem_write(sc, WPI_MEM_TXCFG, 0x3f); /* enable all 6 Tx rings */ 3059 wpi_mem_write(sc, WPI_MEM_BYPASS1, 0x10000); 3060 wpi_mem_write(sc, WPI_MEM_BYPASS2, 0x30002); 3061 wpi_mem_write(sc, WPI_MEM_MAGIC4, 4); 3062 wpi_mem_write(sc, WPI_MEM_MAGIC5, 5); 3063 3064 WPI_WRITE(sc, WPI_TX_BASE_PTR, sc->sc_dma_sh.cookie.dmac_address); 3065 WPI_WRITE(sc, WPI_MSG_CONFIG, 0xffff05a5); 3066 3067 for (qid = 0; qid < 6; qid++) { 3068 WPI_WRITE(sc, WPI_TX_CTL(qid), 0); 3069 WPI_WRITE(sc, WPI_TX_BASE(qid), 0); 3070 WPI_WRITE(sc, WPI_TX_CONFIG(qid), 0x80200008); 3071 } 3072 wpi_mem_unlock(sc); 3073 3074 /* clear "radio off" and "disable command" bits (reversed logic) */ 3075 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_RADIO_OFF); 3076 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_DISABLE_CMD); 3077 3078 /* clear any pending interrupts */ 3079 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 3080 3081 /* enable interrupts */ 3082 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 3083 3084 /* load firmware boot code into NIC */ 3085 err = wpi_load_microcode(sc); 3086 if (err != WPI_SUCCESS) { 3087 cmn_err(CE_WARN, "wpi_init(): failed to load microcode\n"); 3088 goto fail1; 3089 } 3090 3091 /* load firmware .text segment into NIC */ 3092 err = wpi_load_firmware(sc, WPI_FW_TEXT); 3093 if (err != WPI_SUCCESS) { 3094 cmn_err(CE_WARN, "wpi_init(): " 3095 "failed to load firmware(text)\n"); 3096 goto fail1; 3097 } 3098 3099 /* load firmware .data segment into NIC */ 3100 err = wpi_load_firmware(sc, WPI_FW_DATA); 3101 if (err != WPI_SUCCESS) { 3102 cmn_err(CE_WARN, "wpi_init(): " 3103 "failed to load firmware(data)\n"); 3104 goto fail1; 3105 } 3106 3107 /* now press "execute" ;-) */ 3108 tmp = WPI_READ(sc, WPI_RESET); 3109 tmp &= ~(WPI_MASTER_DISABLED | WPI_STOP_MASTER | WPI_NEVO_RESET); 3110 WPI_WRITE(sc, WPI_RESET, tmp); 3111 3112 /* ..and wait at most one second for adapter to initialize */ 3113 clk = ddi_get_lbolt() + drv_usectohz(2000000); 3114 while (!(sc->sc_flags & WPI_F_FW_INIT)) { 3115 if (cv_timedwait(&sc->sc_fw_cv, &sc->sc_glock, clk) < 0) 3116 break; 3117 } 3118 if (!(sc->sc_flags & WPI_F_FW_INIT)) { 3119 cmn_err(CE_WARN, 3120 "wpi_init(): timeout waiting for firmware init\n"); 3121 goto fail1; 3122 } 3123 3124 /* wait for thermal sensors to calibrate */ 3125 for (ntries = 0; ntries < 1000; ntries++) { 3126 if (WPI_READ(sc, WPI_TEMPERATURE) != 0) 3127 break; 3128 DELAY(10); 3129 } 3130 3131 if (ntries == 1000) { 3132 WPI_DBG((WPI_DEBUG_HW, 3133 "wpi_init(): timeout waiting for thermal sensors " 3134 "calibration\n")); 3135 } 3136 3137 WPI_DBG((WPI_DEBUG_HW, "temperature %d\n", 3138 (int)WPI_READ(sc, WPI_TEMPERATURE))); 3139 3140 err = wpi_config(sc); 3141 if (err) { 3142 cmn_err(CE_WARN, "wpi_init(): failed to configure device\n"); 3143 goto fail1; 3144 } 3145 3146 mutex_exit(&sc->sc_glock); 3147 return (WPI_SUCCESS); 3148 3149 fail1: 3150 err = WPI_FAIL; 3151 mutex_exit(&sc->sc_glock); 3152 return (err); 3153 } 3154 3155 static void 3156 wpi_stop(wpi_sc_t *sc) 3157 { 3158 uint32_t tmp; 3159 int ac; 3160 3161 3162 mutex_enter(&sc->sc_glock); 3163 /* disable interrupts */ 3164 WPI_WRITE(sc, WPI_MASK, 0); 3165 WPI_WRITE(sc, WPI_INTR, WPI_INTR_MASK); 3166 WPI_WRITE(sc, WPI_INTR_STATUS, 0xff); 3167 WPI_WRITE(sc, WPI_INTR_STATUS, 0x00070000); 3168 3169 wpi_mem_lock(sc); 3170 wpi_mem_write(sc, WPI_MEM_MODE, 0); 3171 wpi_mem_unlock(sc); 3172 3173 /* reset all Tx rings */ 3174 for (ac = 0; ac < 4; ac++) 3175 wpi_reset_tx_ring(sc, &sc->sc_txq[ac]); 3176 wpi_reset_tx_ring(sc, &sc->sc_cmdq); 3177 wpi_reset_tx_ring(sc, &sc->sc_svcq); 3178 3179 /* reset Rx ring */ 3180 wpi_reset_rx_ring(sc); 3181 3182 wpi_mem_lock(sc); 3183 wpi_mem_write(sc, WPI_MEM_CLOCK2, 0x200); 3184 wpi_mem_unlock(sc); 3185 3186 DELAY(5); 3187 3188 wpi_stop_master(sc); 3189 3190 sc->sc_tx_timer = 0; 3191 tmp = WPI_READ(sc, WPI_RESET); 3192 WPI_WRITE(sc, WPI_RESET, tmp | WPI_SW_RESET); 3193 mutex_exit(&sc->sc_glock); 3194 } 3195 3196 /* 3197 * Naive implementation of the Adaptive Multi Rate Retry algorithm: 3198 * "IEEE 802.11 Rate Adaptation: A Practical Approach" 3199 * Mathieu Lacage, Hossein Manshaei, Thierry Turletti 3200 * INRIA Sophia - Projet Planete 3201 * http://www-sop.inria.fr/rapports/sophia/RR-5208.html 3202 */ 3203 #define is_success(amrr) \ 3204 ((amrr)->retrycnt < (amrr)->txcnt / 10) 3205 #define is_failure(amrr) \ 3206 ((amrr)->retrycnt > (amrr)->txcnt / 3) 3207 #define is_enough(amrr) \ 3208 ((amrr)->txcnt > 100) 3209 #define is_min_rate(in) \ 3210 ((in)->in_txrate == 0) 3211 #define is_max_rate(in) \ 3212 ((in)->in_txrate == (in)->in_rates.ir_nrates - 1) 3213 #define increase_rate(in) \ 3214 ((in)->in_txrate++) 3215 #define decrease_rate(in) \ 3216 ((in)->in_txrate--) 3217 #define reset_cnt(amrr) \ 3218 { (amrr)->txcnt = (amrr)->retrycnt = 0; } 3219 3220 #define WPI_AMRR_MIN_SUCCESS_THRESHOLD 1 3221 #define WPI_AMRR_MAX_SUCCESS_THRESHOLD 15 3222 3223 static void 3224 wpi_amrr_init(wpi_amrr_t *amrr) 3225 { 3226 amrr->success = 0; 3227 amrr->recovery = 0; 3228 amrr->txcnt = amrr->retrycnt = 0; 3229 amrr->success_threshold = WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3230 } 3231 3232 static void 3233 wpi_amrr_timeout(wpi_sc_t *sc) 3234 { 3235 ieee80211com_t *ic = &sc->sc_ic; 3236 3237 WPI_DBG((WPI_DEBUG_RATECTL, "wpi_amrr_timeout() enter\n")); 3238 if (ic->ic_opmode == IEEE80211_M_STA) 3239 wpi_amrr_ratectl(NULL, ic->ic_bss); 3240 else 3241 ieee80211_iterate_nodes(&ic->ic_sta, wpi_amrr_ratectl, NULL); 3242 sc->sc_clk = ddi_get_lbolt(); 3243 } 3244 3245 /* ARGSUSED */ 3246 static void 3247 wpi_amrr_ratectl(void *arg, ieee80211_node_t *in) 3248 { 3249 wpi_amrr_t *amrr = (wpi_amrr_t *)in; 3250 int need_change = 0; 3251 3252 if (is_success(amrr) && is_enough(amrr)) { 3253 amrr->success++; 3254 if (amrr->success >= amrr->success_threshold && 3255 !is_max_rate(in)) { 3256 amrr->recovery = 1; 3257 amrr->success = 0; 3258 increase_rate(in); 3259 WPI_DBG((WPI_DEBUG_RATECTL, 3260 "AMRR increasing rate %d (txcnt=%d retrycnt=%d)\n", 3261 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3262 need_change = 1; 3263 } else { 3264 amrr->recovery = 0; 3265 } 3266 } else if (is_failure(amrr)) { 3267 amrr->success = 0; 3268 if (!is_min_rate(in)) { 3269 if (amrr->recovery) { 3270 amrr->success_threshold++; 3271 if (amrr->success_threshold > 3272 WPI_AMRR_MAX_SUCCESS_THRESHOLD) 3273 amrr->success_threshold = 3274 WPI_AMRR_MAX_SUCCESS_THRESHOLD; 3275 } else { 3276 amrr->success_threshold = 3277 WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3278 } 3279 decrease_rate(in); 3280 WPI_DBG((WPI_DEBUG_RATECTL, 3281 "AMRR decreasing rate %d (txcnt=%d retrycnt=%d)\n", 3282 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3283 need_change = 1; 3284 } 3285 amrr->recovery = 0; /* paper is incorrect */ 3286 } 3287 3288 if (is_enough(amrr) || need_change) 3289 reset_cnt(amrr); 3290 } 3291