1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright (c) 2006 8 * Damien Bergamini <damien.bergamini@free.fr> 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 */ 22 23 #pragma ident "%Z%%M% %I% %E% SMI" 24 25 /* 26 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 27 */ 28 29 #include <sys/types.h> 30 #include <sys/byteorder.h> 31 #include <sys/conf.h> 32 #include <sys/cmn_err.h> 33 #include <sys/stat.h> 34 #include <sys/ddi.h> 35 #include <sys/sunddi.h> 36 #include <sys/strsubr.h> 37 #include <sys/ethernet.h> 38 #include <inet/common.h> 39 #include <inet/nd.h> 40 #include <inet/mi.h> 41 #include <sys/note.h> 42 #include <sys/stream.h> 43 #include <sys/strsun.h> 44 #include <sys/modctl.h> 45 #include <sys/devops.h> 46 #include <sys/dlpi.h> 47 #include <sys/mac.h> 48 #include <sys/mac_wifi.h> 49 #include <sys/net80211.h> 50 #include <sys/net80211_proto.h> 51 #include <sys/varargs.h> 52 #include <sys/policy.h> 53 #include <sys/pci.h> 54 55 #include "wpireg.h" 56 #include "wpivar.h" 57 #include <inet/wifi_ioctl.h> 58 59 #ifdef DEBUG 60 #define WPI_DEBUG_80211 (1 << 0) 61 #define WPI_DEBUG_CMD (1 << 1) 62 #define WPI_DEBUG_DMA (1 << 2) 63 #define WPI_DEBUG_EEPROM (1 << 3) 64 #define WPI_DEBUG_FW (1 << 4) 65 #define WPI_DEBUG_HW (1 << 5) 66 #define WPI_DEBUG_INTR (1 << 6) 67 #define WPI_DEBUG_MRR (1 << 7) 68 #define WPI_DEBUG_PIO (1 << 8) 69 #define WPI_DEBUG_RX (1 << 9) 70 #define WPI_DEBUG_SCAN (1 << 10) 71 #define WPI_DEBUG_TX (1 << 11) 72 #define WPI_DEBUG_RATECTL (1 << 12) 73 #define WPI_DEBUG_RADIO (1 << 13) 74 uint32_t wpi_dbg_flags = 0; 75 #define WPI_DBG(x) \ 76 wpi_dbg x 77 #else 78 #define WPI_DBG(x) 79 #endif 80 81 static void *wpi_soft_state_p = NULL; 82 static uint8_t wpi_fw_bin [] = { 83 #include "fw-wpi/ipw3945.ucode.hex" 84 }; 85 86 /* DMA attributes for a shared page */ 87 static ddi_dma_attr_t sh_dma_attr = { 88 DMA_ATTR_V0, /* version of this structure */ 89 0, /* lowest usable address */ 90 0xffffffffU, /* highest usable address */ 91 0xffffffffU, /* maximum DMAable byte count */ 92 0x1000, /* alignment in bytes */ 93 0x1000, /* burst sizes (any?) */ 94 1, /* minimum transfer */ 95 0xffffffffU, /* maximum transfer */ 96 0xffffffffU, /* maximum segment length */ 97 1, /* maximum number of segments */ 98 1, /* granularity */ 99 0, /* flags (reserved) */ 100 }; 101 102 /* DMA attributes for a ring descriptor */ 103 static ddi_dma_attr_t ring_desc_dma_attr = { 104 DMA_ATTR_V0, /* version of this structure */ 105 0, /* lowest usable address */ 106 0xffffffffU, /* highest usable address */ 107 0xffffffffU, /* maximum DMAable byte count */ 108 0x4000, /* alignment in bytes */ 109 0x100, /* burst sizes (any?) */ 110 1, /* minimum transfer */ 111 0xffffffffU, /* maximum transfer */ 112 0xffffffffU, /* maximum segment length */ 113 1, /* maximum number of segments */ 114 1, /* granularity */ 115 0, /* flags (reserved) */ 116 }; 117 118 119 /* DMA attributes for a tx cmd */ 120 static ddi_dma_attr_t tx_cmd_dma_attr = { 121 DMA_ATTR_V0, /* version of this structure */ 122 0, /* lowest usable address */ 123 0xffffffffU, /* highest usable address */ 124 0xffffffffU, /* maximum DMAable byte count */ 125 4, /* alignment in bytes */ 126 0x100, /* burst sizes (any?) */ 127 1, /* minimum transfer */ 128 0xffffffffU, /* maximum transfer */ 129 0xffffffffU, /* maximum segment length */ 130 1, /* maximum number of segments */ 131 1, /* granularity */ 132 0, /* flags (reserved) */ 133 }; 134 135 /* DMA attributes for a rx buffer */ 136 static ddi_dma_attr_t rx_buffer_dma_attr = { 137 DMA_ATTR_V0, /* version of this structure */ 138 0, /* lowest usable address */ 139 0xffffffffU, /* highest usable address */ 140 0xffffffffU, /* maximum DMAable byte count */ 141 1, /* alignment in bytes */ 142 0x100, /* burst sizes (any?) */ 143 1, /* minimum transfer */ 144 0xffffffffU, /* maximum transfer */ 145 0xffffffffU, /* maximum segment length */ 146 1, /* maximum number of segments */ 147 1, /* granularity */ 148 0, /* flags (reserved) */ 149 }; 150 151 /* 152 * DMA attributes for a tx buffer. 153 * the maximum number of segments is 4 for the hardware. 154 * now all the wifi drivers put the whole frame in a single 155 * descriptor, so we define the maximum number of segments 4, 156 * just the same as the rx_buffer. we consider leverage the HW 157 * ability in the future, that is why we don't define rx and tx 158 * buffer_dma_attr as the same. 159 */ 160 static ddi_dma_attr_t tx_buffer_dma_attr = { 161 DMA_ATTR_V0, /* version of this structure */ 162 0, /* lowest usable address */ 163 0xffffffffU, /* highest usable address */ 164 0xffffffffU, /* maximum DMAable byte count */ 165 1, /* alignment in bytes */ 166 0x100, /* burst sizes (any?) */ 167 1, /* minimum transfer */ 168 0xffffffffU, /* maximum transfer */ 169 0xffffffffU, /* maximum segment length */ 170 1, /* maximum number of segments */ 171 1, /* granularity */ 172 0, /* flags (reserved) */ 173 }; 174 175 /* DMA attributes for a load firmware */ 176 static ddi_dma_attr_t fw_buffer_dma_attr = { 177 DMA_ATTR_V0, /* version of this structure */ 178 0, /* lowest usable address */ 179 0xffffffffU, /* highest usable address */ 180 0x7fffffff, /* maximum DMAable byte count */ 181 4, /* alignment in bytes */ 182 0x100, /* burst sizes (any?) */ 183 1, /* minimum transfer */ 184 0xffffffffU, /* maximum transfer */ 185 0xffffffffU, /* maximum segment length */ 186 4, /* maximum number of segments */ 187 1, /* granularity */ 188 0, /* flags (reserved) */ 189 }; 190 191 /* regs access attributes */ 192 static ddi_device_acc_attr_t wpi_reg_accattr = { 193 DDI_DEVICE_ATTR_V0, 194 DDI_STRUCTURE_LE_ACC, 195 DDI_STRICTORDER_ACC, 196 DDI_DEFAULT_ACC 197 }; 198 199 /* DMA access attributes */ 200 static ddi_device_acc_attr_t wpi_dma_accattr = { 201 DDI_DEVICE_ATTR_V0, 202 DDI_NEVERSWAP_ACC, 203 DDI_STRICTORDER_ACC, 204 DDI_DEFAULT_ACC 205 }; 206 207 static int wpi_ring_init(wpi_sc_t *); 208 static void wpi_ring_free(wpi_sc_t *); 209 static int wpi_alloc_shared(wpi_sc_t *); 210 static void wpi_free_shared(wpi_sc_t *); 211 static int wpi_alloc_fw_dma(wpi_sc_t *); 212 static void wpi_free_fw_dma(wpi_sc_t *); 213 static int wpi_alloc_rx_ring(wpi_sc_t *); 214 static void wpi_reset_rx_ring(wpi_sc_t *); 215 static void wpi_free_rx_ring(wpi_sc_t *); 216 static int wpi_alloc_tx_ring(wpi_sc_t *, wpi_tx_ring_t *, int, int); 217 static void wpi_reset_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 218 static void wpi_free_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 219 220 static ieee80211_node_t *wpi_node_alloc(ieee80211com_t *); 221 static void wpi_node_free(ieee80211_node_t *); 222 static int wpi_newstate(ieee80211com_t *, enum ieee80211_state, int); 223 static int wpi_key_set(ieee80211com_t *, const struct ieee80211_key *, 224 const uint8_t mac[IEEE80211_ADDR_LEN]); 225 static void wpi_mem_lock(wpi_sc_t *); 226 static void wpi_mem_unlock(wpi_sc_t *); 227 static uint32_t wpi_mem_read(wpi_sc_t *, uint16_t); 228 static void wpi_mem_write(wpi_sc_t *, uint16_t, uint32_t); 229 static void wpi_mem_write_region_4(wpi_sc_t *, uint16_t, 230 const uint32_t *, int); 231 static uint16_t wpi_read_prom_word(wpi_sc_t *, uint32_t); 232 static int wpi_load_microcode(wpi_sc_t *); 233 static int wpi_load_firmware(wpi_sc_t *, uint32_t); 234 static void wpi_rx_intr(wpi_sc_t *, wpi_rx_desc_t *, 235 wpi_rx_data_t *); 236 static void wpi_tx_intr(wpi_sc_t *, wpi_rx_desc_t *, 237 wpi_rx_data_t *); 238 static void wpi_cmd_intr(wpi_sc_t *, wpi_rx_desc_t *); 239 static uint_t wpi_intr(caddr_t); 240 static uint_t wpi_notif_softintr(caddr_t); 241 static uint8_t wpi_plcp_signal(int); 242 static void wpi_read_eeprom(wpi_sc_t *); 243 static int wpi_cmd(wpi_sc_t *, int, const void *, int, int); 244 static int wpi_mrr_setup(wpi_sc_t *); 245 static void wpi_set_led(wpi_sc_t *, uint8_t, uint8_t, uint8_t); 246 static int wpi_auth(wpi_sc_t *); 247 static int wpi_scan(wpi_sc_t *); 248 static int wpi_config(wpi_sc_t *); 249 static void wpi_stop_master(wpi_sc_t *); 250 static int wpi_power_up(wpi_sc_t *); 251 static int wpi_reset(wpi_sc_t *); 252 static void wpi_hw_config(wpi_sc_t *); 253 static int wpi_init(wpi_sc_t *); 254 static void wpi_stop(wpi_sc_t *); 255 static void wpi_amrr_init(wpi_amrr_t *); 256 static void wpi_amrr_timeout(wpi_sc_t *); 257 static void wpi_amrr_ratectl(void *, ieee80211_node_t *); 258 259 static int wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd); 260 static int wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd); 261 262 /* 263 * GLD specific operations 264 */ 265 static int wpi_m_stat(void *arg, uint_t stat, uint64_t *val); 266 static int wpi_m_start(void *arg); 267 static void wpi_m_stop(void *arg); 268 static int wpi_m_unicst(void *arg, const uint8_t *macaddr); 269 static int wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m); 270 static int wpi_m_promisc(void *arg, boolean_t on); 271 static mblk_t *wpi_m_tx(void *arg, mblk_t *mp); 272 static void wpi_m_ioctl(void *arg, queue_t *wq, mblk_t *mp); 273 274 static void wpi_destroy_locks(wpi_sc_t *sc); 275 static int wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type); 276 static void wpi_thread(wpi_sc_t *sc); 277 278 /* 279 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 280 */ 281 static const struct ieee80211_rateset wpi_rateset_11b = 282 { 4, { 2, 4, 11, 22 } }; 283 284 static const struct ieee80211_rateset wpi_rateset_11g = 285 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 286 287 static const uint8_t wpi_ridx_to_signal[] = { 288 /* OFDM: IEEE Std 802.11a-1999, pp. 14 Table 80 */ 289 /* R1-R4 (ral/ural is R4-R1) */ 290 0xd, 0xf, 0x5, 0x7, 0x9, 0xb, 0x1, 0x3, 291 /* CCK: device-dependent */ 292 10, 20, 55, 110 293 }; 294 295 /* 296 * For mfthread only 297 */ 298 extern pri_t minclsyspri; 299 300 /* 301 * Module Loading Data & Entry Points 302 */ 303 DDI_DEFINE_STREAM_OPS(wpi_devops, nulldev, nulldev, wpi_attach, 304 wpi_detach, nodev, NULL, D_MP, NULL); 305 306 static struct modldrv wpi_modldrv = { 307 &mod_driverops, 308 "Intel(R) PRO/Wireless 3945ABG driver", 309 &wpi_devops 310 }; 311 312 static struct modlinkage wpi_modlinkage = { 313 MODREV_1, 314 &wpi_modldrv, 315 NULL 316 }; 317 318 int 319 _init(void) 320 { 321 int status; 322 323 status = ddi_soft_state_init(&wpi_soft_state_p, 324 sizeof (wpi_sc_t), 1); 325 if (status != DDI_SUCCESS) 326 return (status); 327 328 mac_init_ops(&wpi_devops, "wpi"); 329 status = mod_install(&wpi_modlinkage); 330 if (status != DDI_SUCCESS) { 331 mac_fini_ops(&wpi_devops); 332 ddi_soft_state_fini(&wpi_soft_state_p); 333 } 334 335 return (status); 336 } 337 338 int 339 _fini(void) 340 { 341 int status; 342 343 status = mod_remove(&wpi_modlinkage); 344 if (status == DDI_SUCCESS) { 345 mac_fini_ops(&wpi_devops); 346 ddi_soft_state_fini(&wpi_soft_state_p); 347 } 348 349 return (status); 350 } 351 352 int 353 _info(struct modinfo *mip) 354 { 355 return (mod_info(&wpi_modlinkage, mip)); 356 } 357 358 /* 359 * Mac Call Back entries 360 */ 361 mac_callbacks_t wpi_m_callbacks = { 362 MC_IOCTL, 363 wpi_m_stat, 364 wpi_m_start, 365 wpi_m_stop, 366 wpi_m_promisc, 367 wpi_m_multicst, 368 wpi_m_unicst, 369 wpi_m_tx, 370 NULL, 371 wpi_m_ioctl 372 }; 373 374 #ifdef DEBUG 375 void 376 wpi_dbg(uint32_t flags, const char *fmt, ...) 377 { 378 va_list ap; 379 380 if (flags & wpi_dbg_flags) { 381 va_start(ap, fmt); 382 vcmn_err(CE_NOTE, fmt, ap); 383 va_end(ap); 384 } 385 } 386 #endif 387 /* 388 * device operations 389 */ 390 int 391 wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 392 { 393 wpi_sc_t *sc; 394 ddi_acc_handle_t cfg_handle; 395 caddr_t cfg_base; 396 ieee80211com_t *ic; 397 int instance, err, i; 398 char strbuf[32]; 399 wifi_data_t wd = { 0 }; 400 mac_register_t *macp; 401 402 if (cmd != DDI_ATTACH) { 403 err = DDI_FAILURE; 404 goto attach_fail1; 405 } 406 407 instance = ddi_get_instance(dip); 408 err = ddi_soft_state_zalloc(wpi_soft_state_p, instance); 409 if (err != DDI_SUCCESS) { 410 cmn_err(CE_WARN, 411 "wpi_attach(): failed to allocate soft state\n"); 412 goto attach_fail1; 413 } 414 sc = ddi_get_soft_state(wpi_soft_state_p, instance); 415 sc->sc_dip = dip; 416 417 err = ddi_regs_map_setup(dip, 0, &cfg_base, 0, 0, 418 &wpi_reg_accattr, &cfg_handle); 419 if (err != DDI_SUCCESS) { 420 cmn_err(CE_WARN, 421 "wpi_attach(): failed to map config spaces regs\n"); 422 goto attach_fail2; 423 } 424 sc->sc_rev = ddi_get8(cfg_handle, 425 (uint8_t *)(cfg_base + PCI_CONF_REVID)); 426 ddi_put8(cfg_handle, (uint8_t *)(cfg_base + 0x41), 0); 427 sc->sc_clsz = ddi_get16(cfg_handle, 428 (uint16_t *)(cfg_base + PCI_CONF_CACHE_LINESZ)); 429 ddi_regs_map_free(&cfg_handle); 430 if (!sc->sc_clsz) 431 sc->sc_clsz = 16; 432 sc->sc_clsz = (sc->sc_clsz << 2); 433 sc->sc_dmabuf_sz = roundup(0x1000 + sizeof (struct ieee80211_frame) + 434 IEEE80211_MTU + IEEE80211_CRC_LEN + 435 (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + 436 IEEE80211_WEP_CRCLEN), sc->sc_clsz); 437 /* 438 * Map operating registers 439 */ 440 err = ddi_regs_map_setup(dip, 1, &sc->sc_base, 441 0, 0, &wpi_reg_accattr, &sc->sc_handle); 442 if (err != DDI_SUCCESS) { 443 cmn_err(CE_WARN, 444 "wpi_attach(): failed to map device regs\n"); 445 goto attach_fail2; 446 } 447 448 /* 449 * Allocate shared page. 450 */ 451 err = wpi_alloc_shared(sc); 452 if (err != DDI_SUCCESS) { 453 cmn_err(CE_WARN, "failed to allocate shared page\n"); 454 goto attach_fail3; 455 } 456 457 /* 458 * Get the hw conf, including MAC address, then init all rings. 459 */ 460 wpi_read_eeprom(sc); 461 err = wpi_ring_init(sc); 462 if (err != DDI_SUCCESS) { 463 cmn_err(CE_WARN, "wpi_attach(): " 464 "failed to allocate and initialize ring\n"); 465 goto attach_fail4; 466 } 467 468 sc->sc_hdr = (const wpi_firmware_hdr_t *)wpi_fw_bin; 469 470 /* firmware image layout: |HDR|<--TEXT-->|<--DATA-->|<--BOOT-->| */ 471 sc->sc_text = (const char *)(sc->sc_hdr + 1); 472 sc->sc_data = sc->sc_text + LE_32(sc->sc_hdr->textsz); 473 sc->sc_boot = sc->sc_data + LE_32(sc->sc_hdr->datasz); 474 err = wpi_alloc_fw_dma(sc); 475 if (err != DDI_SUCCESS) { 476 cmn_err(CE_WARN, "wpi_attach(): " 477 "failed to allocate firmware dma\n"); 478 goto attach_fail5; 479 } 480 481 /* 482 * Initialize mutexs and condvars 483 */ 484 err = ddi_get_iblock_cookie(dip, 0, &sc->sc_iblk); 485 if (err != DDI_SUCCESS) { 486 cmn_err(CE_WARN, 487 "wpi_attach(): failed to do ddi_get_iblock_cookie()\n"); 488 goto attach_fail6; 489 } 490 mutex_init(&sc->sc_glock, NULL, MUTEX_DRIVER, sc->sc_iblk); 491 mutex_init(&sc->sc_tx_lock, NULL, MUTEX_DRIVER, sc->sc_iblk); 492 cv_init(&sc->sc_fw_cv, NULL, CV_DRIVER, NULL); 493 cv_init(&sc->sc_cmd_cv, NULL, CV_DRIVER, NULL); 494 cv_init(&sc->sc_tx_cv, "tx-ring", CV_DRIVER, NULL); 495 /* 496 * initialize the mfthread 497 */ 498 mutex_init(&sc->sc_mt_lock, NULL, MUTEX_DRIVER, 499 (void *) sc->sc_iblk); 500 cv_init(&sc->sc_mt_cv, NULL, CV_DRIVER, NULL); 501 sc->sc_mf_thread = NULL; 502 sc->sc_mf_thread_switch = 0; 503 /* 504 * Initialize the wifi part, which will be used by 505 * generic layer 506 */ 507 ic = &sc->sc_ic; 508 ic->ic_phytype = IEEE80211_T_OFDM; 509 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 510 ic->ic_state = IEEE80211_S_INIT; 511 ic->ic_maxrssi = 70; /* experimental number */ 512 ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_TXPMGT | 513 IEEE80211_C_PMGT | IEEE80211_C_SHSLOT; 514 515 /* 516 * use software WEP and TKIP, hardware CCMP; 517 */ 518 ic->ic_caps |= IEEE80211_C_AES_CCM; 519 ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */ 520 521 /* set supported .11b and .11g rates */ 522 ic->ic_sup_rates[IEEE80211_MODE_11B] = wpi_rateset_11b; 523 ic->ic_sup_rates[IEEE80211_MODE_11G] = wpi_rateset_11g; 524 525 /* set supported .11b and .11g channels (1 through 14) */ 526 for (i = 1; i <= 14; i++) { 527 ic->ic_sup_channels[i].ich_freq = 528 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 529 ic->ic_sup_channels[i].ich_flags = 530 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 531 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 532 } 533 ic->ic_ibss_chan = &ic->ic_sup_channels[0]; 534 ic->ic_xmit = wpi_send; 535 /* 536 * init Wifi layer 537 */ 538 ieee80211_attach(ic); 539 540 /* register WPA door */ 541 ieee80211_register_door(ic, ddi_driver_name(dip), 542 ddi_get_instance(dip)); 543 544 /* 545 * Override 80211 default routines 546 */ 547 sc->sc_newstate = ic->ic_newstate; 548 ic->ic_newstate = wpi_newstate; 549 ic->ic_node_alloc = wpi_node_alloc; 550 ic->ic_node_free = wpi_node_free; 551 ic->ic_crypto.cs_key_set = wpi_key_set; 552 ieee80211_media_init(ic); 553 /* 554 * initialize default tx key 555 */ 556 ic->ic_def_txkey = 0; 557 558 err = ddi_add_softintr(dip, DDI_SOFTINT_LOW, 559 &sc->sc_notif_softint_id, &sc->sc_iblk, NULL, wpi_notif_softintr, 560 (caddr_t)sc); 561 if (err != DDI_SUCCESS) { 562 cmn_err(CE_WARN, 563 "wpi_attach(): failed to do ddi_add_softintr()\n"); 564 goto attach_fail7; 565 } 566 567 /* 568 * Add the interrupt handler 569 */ 570 err = ddi_add_intr(dip, 0, &sc->sc_iblk, NULL, 571 wpi_intr, (caddr_t)sc); 572 if (err != DDI_SUCCESS) { 573 cmn_err(CE_WARN, 574 "wpi_attach(): failed to do ddi_add_intr()\n"); 575 goto attach_fail8; 576 } 577 578 /* 579 * Initialize pointer to device specific functions 580 */ 581 wd.wd_secalloc = WIFI_SEC_NONE; 582 wd.wd_opmode = ic->ic_opmode; 583 IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_macaddr); 584 585 macp = mac_alloc(MAC_VERSION); 586 if (err != DDI_SUCCESS) { 587 cmn_err(CE_WARN, 588 "wpi_attach(): failed to do mac_alloc()\n"); 589 goto attach_fail9; 590 } 591 592 macp->m_type_ident = MAC_PLUGIN_IDENT_WIFI; 593 macp->m_driver = sc; 594 macp->m_dip = dip; 595 macp->m_src_addr = ic->ic_macaddr; 596 macp->m_callbacks = &wpi_m_callbacks; 597 macp->m_min_sdu = 0; 598 macp->m_max_sdu = IEEE80211_MTU; 599 macp->m_pdata = &wd; 600 macp->m_pdata_size = sizeof (wd); 601 602 /* 603 * Register the macp to mac 604 */ 605 err = mac_register(macp, &ic->ic_mach); 606 mac_free(macp); 607 if (err != DDI_SUCCESS) { 608 cmn_err(CE_WARN, 609 "wpi_attach(): failed to do mac_register()\n"); 610 goto attach_fail9; 611 } 612 613 /* 614 * Create minor node of type DDI_NT_NET_WIFI 615 */ 616 (void) snprintf(strbuf, sizeof (strbuf), "wpi%d", instance); 617 err = ddi_create_minor_node(dip, strbuf, S_IFCHR, 618 instance + 1, DDI_NT_NET_WIFI, 0); 619 if (err != DDI_SUCCESS) 620 cmn_err(CE_WARN, 621 "wpi_attach(): failed to do ddi_create_minor_node()\n"); 622 623 /* 624 * Notify link is down now 625 */ 626 mac_link_update(ic->ic_mach, LINK_STATE_DOWN); 627 628 /* 629 * create the mf thread to handle the link status, 630 * recovery fatal error, etc. 631 */ 632 633 sc->sc_mf_thread_switch = 1; 634 if (sc->sc_mf_thread == NULL) 635 sc->sc_mf_thread = thread_create((caddr_t)NULL, 0, 636 wpi_thread, sc, 0, &p0, TS_RUN, minclsyspri); 637 638 sc->sc_flags |= WPI_F_ATTACHED; 639 640 return (DDI_SUCCESS); 641 attach_fail9: 642 ddi_remove_intr(dip, 0, sc->sc_iblk); 643 attach_fail8: 644 ddi_remove_softintr(sc->sc_notif_softint_id); 645 sc->sc_notif_softint_id = NULL; 646 attach_fail7: 647 ieee80211_detach(ic); 648 wpi_destroy_locks(sc); 649 attach_fail6: 650 wpi_free_fw_dma(sc); 651 attach_fail5: 652 wpi_ring_free(sc); 653 attach_fail4: 654 wpi_free_shared(sc); 655 attach_fail3: 656 ddi_regs_map_free(&sc->sc_handle); 657 attach_fail2: 658 ddi_soft_state_free(wpi_soft_state_p, instance); 659 attach_fail1: 660 return (err); 661 } 662 663 int 664 wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 665 { 666 wpi_sc_t *sc; 667 int err; 668 669 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 670 ASSERT(sc != NULL); 671 672 if (cmd != DDI_DETACH) 673 return (DDI_FAILURE); 674 if (!(sc->sc_flags & WPI_F_ATTACHED)) 675 return (DDI_FAILURE); 676 677 /* 678 * Destroy the mf_thread 679 */ 680 mutex_enter(&sc->sc_mt_lock); 681 sc->sc_mf_thread_switch = 0; 682 while (sc->sc_mf_thread != NULL) { 683 if (cv_wait_sig(&sc->sc_mt_cv, &sc->sc_mt_lock) == 0) 684 break; 685 } 686 mutex_exit(&sc->sc_mt_lock); 687 688 wpi_stop(sc); 689 690 /* 691 * Unregiste from the MAC layer subsystem 692 */ 693 err = mac_unregister(sc->sc_ic.ic_mach); 694 if (err != DDI_SUCCESS) 695 return (err); 696 697 mutex_enter(&sc->sc_glock); 698 wpi_free_fw_dma(sc); 699 wpi_ring_free(sc); 700 wpi_free_shared(sc); 701 mutex_exit(&sc->sc_glock); 702 703 ddi_remove_intr(dip, 0, sc->sc_iblk); 704 ddi_remove_softintr(sc->sc_notif_softint_id); 705 sc->sc_notif_softint_id = NULL; 706 707 /* 708 * detach ieee80211 709 */ 710 ieee80211_detach(&sc->sc_ic); 711 712 wpi_destroy_locks(sc); 713 714 ddi_regs_map_free(&sc->sc_handle); 715 ddi_remove_minor_node(dip, NULL); 716 ddi_soft_state_free(wpi_soft_state_p, ddi_get_instance(dip)); 717 718 return (DDI_SUCCESS); 719 } 720 721 static void 722 wpi_destroy_locks(wpi_sc_t *sc) 723 { 724 cv_destroy(&sc->sc_mt_cv); 725 mutex_destroy(&sc->sc_mt_lock); 726 cv_destroy(&sc->sc_tx_cv); 727 cv_destroy(&sc->sc_cmd_cv); 728 cv_destroy(&sc->sc_fw_cv); 729 mutex_destroy(&sc->sc_tx_lock); 730 mutex_destroy(&sc->sc_glock); 731 } 732 733 /* 734 * Allocate an area of memory and a DMA handle for accessing it 735 */ 736 static int 737 wpi_alloc_dma_mem(wpi_sc_t *sc, size_t memsize, ddi_dma_attr_t *dma_attr_p, 738 ddi_device_acc_attr_t *acc_attr_p, uint_t dma_flags, wpi_dma_t *dma_p) 739 { 740 caddr_t vaddr; 741 int err; 742 743 /* 744 * Allocate handle 745 */ 746 err = ddi_dma_alloc_handle(sc->sc_dip, dma_attr_p, 747 DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl); 748 if (err != DDI_SUCCESS) { 749 dma_p->dma_hdl = NULL; 750 return (DDI_FAILURE); 751 } 752 753 /* 754 * Allocate memory 755 */ 756 err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, acc_attr_p, 757 dma_flags & (DDI_DMA_CONSISTENT | DDI_DMA_STREAMING), 758 DDI_DMA_SLEEP, NULL, &vaddr, &dma_p->alength, &dma_p->acc_hdl); 759 if (err != DDI_SUCCESS) { 760 ddi_dma_free_handle(&dma_p->dma_hdl); 761 dma_p->dma_hdl = NULL; 762 dma_p->acc_hdl = NULL; 763 return (DDI_FAILURE); 764 } 765 766 /* 767 * Bind the two together 768 */ 769 dma_p->mem_va = vaddr; 770 err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL, 771 vaddr, dma_p->alength, dma_flags, DDI_DMA_SLEEP, NULL, 772 &dma_p->cookie, &dma_p->ncookies); 773 if (err != DDI_DMA_MAPPED) { 774 ddi_dma_mem_free(&dma_p->acc_hdl); 775 ddi_dma_free_handle(&dma_p->dma_hdl); 776 dma_p->acc_hdl = NULL; 777 dma_p->dma_hdl = NULL; 778 return (DDI_FAILURE); 779 } 780 781 dma_p->nslots = ~0U; 782 dma_p->size = ~0U; 783 dma_p->token = ~0U; 784 dma_p->offset = 0; 785 return (DDI_SUCCESS); 786 } 787 788 /* 789 * Free one allocated area of DMAable memory 790 */ 791 static void 792 wpi_free_dma_mem(wpi_dma_t *dma_p) 793 { 794 if (dma_p->dma_hdl != NULL) { 795 if (dma_p->ncookies) { 796 (void) ddi_dma_unbind_handle(dma_p->dma_hdl); 797 dma_p->ncookies = 0; 798 } 799 ddi_dma_free_handle(&dma_p->dma_hdl); 800 dma_p->dma_hdl = NULL; 801 } 802 803 if (dma_p->acc_hdl != NULL) { 804 ddi_dma_mem_free(&dma_p->acc_hdl); 805 dma_p->acc_hdl = NULL; 806 } 807 } 808 809 /* 810 * Allocate an area of dma memory for firmware load. 811 * Idealy, this allocation should be a one time action, that is, 812 * the memory will be freed after the firmware is uploaded to the 813 * card. but since a recovery mechanism for the fatal firmware need 814 * reload the firmware, and re-allocate dma at run time may be failed, 815 * so we allocate it at attach and keep it in the whole lifecycle of 816 * the driver. 817 */ 818 static int 819 wpi_alloc_fw_dma(wpi_sc_t *sc) 820 { 821 int i, err = DDI_SUCCESS; 822 wpi_dma_t *dma_p; 823 824 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->textsz), 825 &fw_buffer_dma_attr, &wpi_dma_accattr, 826 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 827 &sc->sc_dma_fw_text); 828 dma_p = &sc->sc_dma_fw_text; 829 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 830 dma_p->ncookies, dma_p->cookie.dmac_address, 831 dma_p->cookie.dmac_size)); 832 if (err != DDI_SUCCESS) { 833 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 834 "text dma memory"); 835 goto fail; 836 } 837 for (i = 0; i < dma_p->ncookies; i++) { 838 sc->sc_fw_text_cookie[i] = dma_p->cookie; 839 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 840 } 841 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz), 842 &fw_buffer_dma_attr, &wpi_dma_accattr, 843 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 844 &sc->sc_dma_fw_data); 845 dma_p = &sc->sc_dma_fw_data; 846 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 847 dma_p->ncookies, dma_p->cookie.dmac_address, 848 dma_p->cookie.dmac_size)); 849 if (err != DDI_SUCCESS) { 850 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 851 "data dma memory"); 852 goto fail; 853 } 854 for (i = 0; i < dma_p->ncookies; i++) { 855 sc->sc_fw_data_cookie[i] = dma_p->cookie; 856 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 857 } 858 fail: 859 return (err); 860 } 861 862 static void 863 wpi_free_fw_dma(wpi_sc_t *sc) 864 { 865 wpi_free_dma_mem(&sc->sc_dma_fw_text); 866 wpi_free_dma_mem(&sc->sc_dma_fw_data); 867 } 868 869 /* 870 * Allocate a shared page between host and NIC. 871 */ 872 static int 873 wpi_alloc_shared(wpi_sc_t *sc) 874 { 875 int err = DDI_SUCCESS; 876 877 /* must be aligned on a 4K-page boundary */ 878 err = wpi_alloc_dma_mem(sc, sizeof (wpi_shared_t), 879 &sh_dma_attr, &wpi_dma_accattr, 880 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 881 &sc->sc_dma_sh); 882 if (err != DDI_SUCCESS) 883 goto fail; 884 sc->sc_shared = (wpi_shared_t *)sc->sc_dma_sh.mem_va; 885 return (err); 886 887 fail: 888 wpi_free_shared(sc); 889 return (err); 890 } 891 892 static void 893 wpi_free_shared(wpi_sc_t *sc) 894 { 895 wpi_free_dma_mem(&sc->sc_dma_sh); 896 } 897 898 static int 899 wpi_alloc_rx_ring(wpi_sc_t *sc) 900 { 901 wpi_rx_ring_t *ring; 902 wpi_rx_data_t *data; 903 int i, err = DDI_SUCCESS; 904 905 ring = &sc->sc_rxq; 906 ring->cur = 0; 907 908 err = wpi_alloc_dma_mem(sc, WPI_RX_RING_COUNT * sizeof (uint32_t), 909 &ring_desc_dma_attr, &wpi_dma_accattr, 910 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 911 &ring->dma_desc); 912 if (err != DDI_SUCCESS) { 913 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring desc failed\n")); 914 goto fail; 915 } 916 ring->desc = (uint32_t *)ring->dma_desc.mem_va; 917 918 /* 919 * Allocate Rx buffers. 920 */ 921 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 922 data = &ring->data[i]; 923 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 924 &rx_buffer_dma_attr, &wpi_dma_accattr, 925 DDI_DMA_READ | DDI_DMA_STREAMING, 926 &data->dma_data); 927 if (err != DDI_SUCCESS) { 928 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring buf[%d] " 929 "failed\n", i)); 930 goto fail; 931 } 932 933 ring->desc[i] = LE_32(data->dma_data.cookie.dmac_address); 934 } 935 936 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 937 938 return (err); 939 940 fail: 941 wpi_free_rx_ring(sc); 942 return (err); 943 } 944 945 static void 946 wpi_reset_rx_ring(wpi_sc_t *sc) 947 { 948 int ntries; 949 950 wpi_mem_lock(sc); 951 952 WPI_WRITE(sc, WPI_RX_CONFIG, 0); 953 for (ntries = 0; ntries < 2000; ntries++) { 954 if (WPI_READ(sc, WPI_RX_STATUS) & WPI_RX_IDLE) 955 break; 956 DELAY(1000); 957 } 958 #ifdef DEBUG 959 if (ntries == 2000) 960 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Rx ring\n")); 961 #endif 962 wpi_mem_unlock(sc); 963 964 sc->sc_rxq.cur = 0; 965 } 966 967 static void 968 wpi_free_rx_ring(wpi_sc_t *sc) 969 { 970 int i; 971 972 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 973 if (sc->sc_rxq.data[i].dma_data.dma_hdl) 974 WPI_DMA_SYNC(sc->sc_rxq.data[i].dma_data, 975 DDI_DMA_SYNC_FORCPU); 976 wpi_free_dma_mem(&sc->sc_rxq.data[i].dma_data); 977 } 978 979 if (sc->sc_rxq.dma_desc.dma_hdl) 980 WPI_DMA_SYNC(sc->sc_rxq.dma_desc, DDI_DMA_SYNC_FORDEV); 981 wpi_free_dma_mem(&sc->sc_rxq.dma_desc); 982 } 983 984 static int 985 wpi_alloc_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring, int count, int qid) 986 { 987 wpi_tx_data_t *data; 988 wpi_tx_desc_t *desc_h; 989 uint32_t paddr_desc_h; 990 wpi_tx_cmd_t *cmd_h; 991 uint32_t paddr_cmd_h; 992 int i, err = DDI_SUCCESS; 993 994 ring->qid = qid; 995 ring->count = count; 996 ring->queued = 0; 997 ring->cur = 0; 998 999 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_desc_t), 1000 &ring_desc_dma_attr, &wpi_dma_accattr, 1001 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1002 &ring->dma_desc); 1003 if (err != DDI_SUCCESS) { 1004 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring desc[%d] failed\n", 1005 qid)); 1006 goto fail; 1007 } 1008 1009 /* update shared page with ring's base address */ 1010 sc->sc_shared->txbase[qid] = ring->dma_desc.cookie.dmac_address; 1011 1012 desc_h = (wpi_tx_desc_t *)ring->dma_desc.mem_va; 1013 paddr_desc_h = ring->dma_desc.cookie.dmac_address; 1014 1015 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_cmd_t), 1016 &tx_cmd_dma_attr, &wpi_dma_accattr, 1017 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1018 &ring->dma_cmd); 1019 if (err != DDI_SUCCESS) { 1020 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring cmd[%d] failed\n", 1021 qid)); 1022 goto fail; 1023 } 1024 1025 cmd_h = (wpi_tx_cmd_t *)ring->dma_cmd.mem_va; 1026 paddr_cmd_h = ring->dma_cmd.cookie.dmac_address; 1027 1028 /* 1029 * Allocate Tx buffers. 1030 */ 1031 ring->data = kmem_zalloc(sizeof (wpi_tx_data_t) * count, KM_NOSLEEP); 1032 if (ring->data == NULL) { 1033 WPI_DBG((WPI_DEBUG_DMA, "could not allocate tx data slots\n")); 1034 goto fail; 1035 } 1036 1037 for (i = 0; i < count; i++) { 1038 data = &ring->data[i]; 1039 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 1040 &tx_buffer_dma_attr, &wpi_dma_accattr, 1041 DDI_DMA_WRITE | DDI_DMA_STREAMING, 1042 &data->dma_data); 1043 if (err != DDI_SUCCESS) { 1044 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring buf[%d] " 1045 "failed\n", i)); 1046 goto fail; 1047 } 1048 1049 data->desc = desc_h + i; 1050 data->paddr_desc = paddr_desc_h + 1051 ((caddr_t)data->desc - (caddr_t)desc_h); 1052 data->cmd = cmd_h + i; 1053 data->paddr_cmd = paddr_cmd_h + 1054 ((caddr_t)data->cmd - (caddr_t)cmd_h); 1055 } 1056 1057 return (err); 1058 1059 fail: 1060 if (ring->data) 1061 kmem_free(ring->data, sizeof (wpi_tx_data_t) * count); 1062 wpi_free_tx_ring(sc, ring); 1063 return (err); 1064 } 1065 1066 static void 1067 wpi_reset_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1068 { 1069 wpi_tx_data_t *data; 1070 int i, ntries; 1071 1072 wpi_mem_lock(sc); 1073 1074 WPI_WRITE(sc, WPI_TX_CONFIG(ring->qid), 0); 1075 for (ntries = 0; ntries < 100; ntries++) { 1076 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(ring->qid)) 1077 break; 1078 DELAY(10); 1079 } 1080 #ifdef DEBUG 1081 if (ntries == 100 && wpi_dbg_flags > 0) { 1082 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Tx ring %d\n", 1083 ring->qid)); 1084 } 1085 #endif 1086 wpi_mem_unlock(sc); 1087 1088 for (i = 0; i < ring->count; i++) { 1089 data = &ring->data[i]; 1090 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 1091 } 1092 1093 ring->queued = 0; 1094 ring->cur = 0; 1095 } 1096 1097 /*ARGSUSED*/ 1098 static void 1099 wpi_free_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1100 { 1101 int i; 1102 1103 if (ring->dma_desc.dma_hdl != NULL) 1104 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 1105 wpi_free_dma_mem(&ring->dma_desc); 1106 1107 if (ring->dma_cmd.dma_hdl != NULL) 1108 WPI_DMA_SYNC(ring->dma_cmd, DDI_DMA_SYNC_FORDEV); 1109 wpi_free_dma_mem(&ring->dma_cmd); 1110 1111 if (ring->data != NULL) { 1112 for (i = 0; i < ring->count; i++) { 1113 if (ring->data[i].dma_data.dma_hdl) 1114 WPI_DMA_SYNC(ring->data[i].dma_data, 1115 DDI_DMA_SYNC_FORDEV); 1116 wpi_free_dma_mem(&ring->data[i].dma_data); 1117 } 1118 kmem_free(ring->data, ring->count * sizeof (wpi_tx_data_t)); 1119 } 1120 } 1121 1122 static int 1123 wpi_ring_init(wpi_sc_t *sc) 1124 { 1125 int i, err = DDI_SUCCESS; 1126 1127 for (i = 0; i < 4; i++) { 1128 err = wpi_alloc_tx_ring(sc, &sc->sc_txq[i], WPI_TX_RING_COUNT, 1129 i); 1130 if (err != DDI_SUCCESS) 1131 goto fail; 1132 } 1133 err = wpi_alloc_tx_ring(sc, &sc->sc_cmdq, WPI_CMD_RING_COUNT, 4); 1134 if (err != DDI_SUCCESS) 1135 goto fail; 1136 err = wpi_alloc_tx_ring(sc, &sc->sc_svcq, WPI_SVC_RING_COUNT, 5); 1137 if (err != DDI_SUCCESS) 1138 goto fail; 1139 err = wpi_alloc_rx_ring(sc); 1140 if (err != DDI_SUCCESS) 1141 goto fail; 1142 return (err); 1143 1144 fail: 1145 return (err); 1146 } 1147 1148 static void 1149 wpi_ring_free(wpi_sc_t *sc) 1150 { 1151 int i = 4; 1152 1153 wpi_free_rx_ring(sc); 1154 wpi_free_tx_ring(sc, &sc->sc_svcq); 1155 wpi_free_tx_ring(sc, &sc->sc_cmdq); 1156 while (--i >= 0) { 1157 wpi_free_tx_ring(sc, &sc->sc_txq[i]); 1158 } 1159 } 1160 1161 /* ARGSUSED */ 1162 static ieee80211_node_t * 1163 wpi_node_alloc(ieee80211com_t *ic) 1164 { 1165 wpi_amrr_t *amrr; 1166 1167 amrr = kmem_zalloc(sizeof (wpi_amrr_t), KM_SLEEP); 1168 if (amrr != NULL) 1169 wpi_amrr_init(amrr); 1170 return (&amrr->in); 1171 } 1172 1173 static void 1174 wpi_node_free(ieee80211_node_t *in) 1175 { 1176 ieee80211com_t *ic = in->in_ic; 1177 1178 ic->ic_node_cleanup(in); 1179 if (in->in_wpa_ie != NULL) 1180 ieee80211_free(in->in_wpa_ie); 1181 kmem_free(in, sizeof (wpi_amrr_t)); 1182 } 1183 1184 /*ARGSUSED*/ 1185 static int 1186 wpi_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg) 1187 { 1188 wpi_sc_t *sc = (wpi_sc_t *)ic; 1189 ieee80211_node_t *in = ic->ic_bss; 1190 int i, err = WPI_SUCCESS; 1191 1192 mutex_enter(&sc->sc_glock); 1193 switch (nstate) { 1194 case IEEE80211_S_SCAN: 1195 /* ieee80211_node_table_reset(&ic->ic_scan); */ 1196 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1197 /* make the link LED blink while we're scanning */ 1198 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1199 1200 if ((err = wpi_scan(sc)) != 0) { 1201 WPI_DBG((WPI_DEBUG_80211, "could not initiate scan\n")); 1202 ic->ic_flags &= ~(IEEE80211_F_SCAN | 1203 IEEE80211_F_ASCAN); 1204 mutex_exit(&sc->sc_glock); 1205 return (err); 1206 } 1207 ic->ic_state = nstate; 1208 sc->sc_clk = 0; 1209 1210 mutex_exit(&sc->sc_glock); 1211 return (WPI_SUCCESS); 1212 1213 case IEEE80211_S_AUTH: 1214 /* reset state to handle reassociations correctly */ 1215 sc->sc_config.state = 0; 1216 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1217 1218 if ((err = wpi_auth(sc)) != 0) { 1219 WPI_DBG((WPI_DEBUG_80211, 1220 "could not send authentication request\n")); 1221 mutex_exit(&sc->sc_glock); 1222 return (err); 1223 } 1224 break; 1225 1226 case IEEE80211_S_RUN: 1227 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1228 /* link LED blinks while monitoring */ 1229 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 1230 break; 1231 } 1232 1233 if (ic->ic_opmode != IEEE80211_M_STA) { 1234 (void) wpi_auth(sc); 1235 /* need setup beacon here */ 1236 } 1237 WPI_DBG((WPI_DEBUG_80211, "wpi: associated.")); 1238 1239 /* update adapter's configuration */ 1240 sc->sc_config.state = LE_16(WPI_CONFIG_ASSOCIATED); 1241 /* short preamble/slot time are negotiated when associating */ 1242 sc->sc_config.flags &= ~LE_32(WPI_CONFIG_SHPREAMBLE | 1243 WPI_CONFIG_SHSLOT); 1244 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1245 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHSLOT); 1246 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1247 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHPREAMBLE); 1248 sc->sc_config.filter |= LE_32(WPI_FILTER_BSS); 1249 if (ic->ic_opmode != IEEE80211_M_STA) 1250 sc->sc_config.filter |= LE_32(WPI_FILTER_BEACON); 1251 1252 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x\n", 1253 sc->sc_config.chan, sc->sc_config.flags)); 1254 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1255 sizeof (wpi_config_t), 1); 1256 if (err != WPI_SUCCESS) { 1257 WPI_DBG((WPI_DEBUG_80211, 1258 "could not update configuration\n")); 1259 mutex_exit(&sc->sc_glock); 1260 return (err); 1261 } 1262 1263 /* start automatic rate control */ 1264 mutex_enter(&sc->sc_mt_lock); 1265 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1266 sc->sc_flags |= WPI_F_RATE_AUTO_CTL; 1267 /* set rate to some reasonable initial value */ 1268 i = in->in_rates.ir_nrates - 1; 1269 while (i > 0 && IEEE80211_RATE(i) > 72) 1270 i--; 1271 in->in_txrate = i; 1272 } else { 1273 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 1274 } 1275 mutex_exit(&sc->sc_mt_lock); 1276 1277 /* link LED always on while associated */ 1278 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 1279 break; 1280 1281 case IEEE80211_S_INIT: 1282 case IEEE80211_S_ASSOC: 1283 break; 1284 } 1285 1286 mutex_exit(&sc->sc_glock); 1287 return (sc->sc_newstate(ic, nstate, arg)); 1288 } 1289 1290 /*ARGSUSED*/ 1291 static int wpi_key_set(ieee80211com_t *ic, const struct ieee80211_key *k, 1292 const uint8_t mac[IEEE80211_ADDR_LEN]) 1293 { 1294 wpi_sc_t *sc = (wpi_sc_t *)ic; 1295 wpi_node_t node; 1296 int err; 1297 1298 switch (k->wk_cipher->ic_cipher) { 1299 case IEEE80211_CIPHER_WEP: 1300 case IEEE80211_CIPHER_TKIP: 1301 return (1); /* sofeware do it. */ 1302 case IEEE80211_CIPHER_AES_CCM: 1303 break; 1304 default: 1305 return (0); 1306 } 1307 sc->sc_config.filter &= ~(WPI_FILTER_NODECRYPTUNI | 1308 WPI_FILTER_NODECRYPTMUL); 1309 1310 mutex_enter(&sc->sc_glock); 1311 1312 /* update ap/multicast node */ 1313 (void) memset(&node, 0, sizeof (node)); 1314 if (IEEE80211_IS_MULTICAST(mac)) { 1315 (void) memset(node.bssid, 0xff, 6); 1316 node.id = WPI_ID_BROADCAST; 1317 } else { 1318 IEEE80211_ADDR_COPY(node.bssid, ic->ic_bss->in_bssid); 1319 node.id = WPI_ID_BSS; 1320 } 1321 if (k->wk_flags & IEEE80211_KEY_XMIT) { 1322 node.key_flags = 0; 1323 node.keyp = k->wk_keyix; 1324 } else { 1325 node.key_flags = (1 << 14); 1326 node.keyp = k->wk_keyix + 4; 1327 } 1328 (void) memcpy(node.key, k->wk_key, k->wk_keylen); 1329 node.key_flags |= (2 | (1 << 3) | (k->wk_keyix << 8)); 1330 node.sta_mask = 1; 1331 node.control = 1; 1332 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 1333 if (err != WPI_SUCCESS) { 1334 cmn_err(CE_WARN, "wpi_key_set():" 1335 "failed to update ap node\n"); 1336 mutex_exit(&sc->sc_glock); 1337 return (0); 1338 } 1339 mutex_exit(&sc->sc_glock); 1340 return (1); 1341 } 1342 1343 /* 1344 * Grab exclusive access to NIC memory. 1345 */ 1346 static void 1347 wpi_mem_lock(wpi_sc_t *sc) 1348 { 1349 uint32_t tmp; 1350 int ntries; 1351 1352 tmp = WPI_READ(sc, WPI_GPIO_CTL); 1353 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_MAC); 1354 1355 /* spin until we actually get the lock */ 1356 for (ntries = 0; ntries < 1000; ntries++) { 1357 if ((WPI_READ(sc, WPI_GPIO_CTL) & 1358 (WPI_GPIO_CLOCK | WPI_GPIO_SLEEP)) == WPI_GPIO_CLOCK) 1359 break; 1360 DELAY(10); 1361 } 1362 if (ntries == 1000) 1363 WPI_DBG((WPI_DEBUG_PIO, "could not lock memory\n")); 1364 } 1365 1366 /* 1367 * Release lock on NIC memory. 1368 */ 1369 static void 1370 wpi_mem_unlock(wpi_sc_t *sc) 1371 { 1372 uint32_t tmp = WPI_READ(sc, WPI_GPIO_CTL); 1373 WPI_WRITE(sc, WPI_GPIO_CTL, tmp & ~WPI_GPIO_MAC); 1374 } 1375 1376 static uint32_t 1377 wpi_mem_read(wpi_sc_t *sc, uint16_t addr) 1378 { 1379 WPI_WRITE(sc, WPI_READ_MEM_ADDR, WPI_MEM_4 | addr); 1380 return (WPI_READ(sc, WPI_READ_MEM_DATA)); 1381 } 1382 1383 static void 1384 wpi_mem_write(wpi_sc_t *sc, uint16_t addr, uint32_t data) 1385 { 1386 WPI_WRITE(sc, WPI_WRITE_MEM_ADDR, WPI_MEM_4 | addr); 1387 WPI_WRITE(sc, WPI_WRITE_MEM_DATA, data); 1388 } 1389 1390 static void 1391 wpi_mem_write_region_4(wpi_sc_t *sc, uint16_t addr, 1392 const uint32_t *data, int wlen) 1393 { 1394 for (; wlen > 0; wlen--, data++, addr += 4) 1395 wpi_mem_write(sc, addr, *data); 1396 } 1397 1398 /* 1399 * Read 16 bits from the EEPROM. We access EEPROM through the MAC instead of 1400 * using the traditional bit-bang method. 1401 */ 1402 static uint16_t 1403 wpi_read_prom_word(wpi_sc_t *sc, uint32_t addr) 1404 { 1405 uint32_t val; 1406 int ntries; 1407 1408 WPI_WRITE(sc, WPI_EEPROM_CTL, addr << 2); 1409 1410 wpi_mem_lock(sc); 1411 for (ntries = 0; ntries < 10; ntries++) { 1412 if ((val = WPI_READ(sc, WPI_EEPROM_CTL)) & WPI_EEPROM_READY) 1413 break; 1414 DELAY(10); 1415 } 1416 wpi_mem_unlock(sc); 1417 1418 if (ntries == 10) { 1419 WPI_DBG((WPI_DEBUG_PIO, "could not read EEPROM\n")); 1420 return (0xdead); 1421 } 1422 return (val >> 16); 1423 } 1424 1425 /* 1426 * The firmware boot code is small and is intended to be copied directly into 1427 * the NIC internal memory. 1428 */ 1429 static int 1430 wpi_load_microcode(wpi_sc_t *sc) 1431 { 1432 const char *ucode; 1433 int size; 1434 1435 ucode = sc->sc_boot; 1436 size = LE_32(sc->sc_hdr->bootsz); 1437 /* check that microcode size is a multiple of 4 */ 1438 if (size & 3) 1439 return (EINVAL); 1440 1441 size /= sizeof (uint32_t); 1442 1443 wpi_mem_lock(sc); 1444 1445 /* copy microcode image into NIC memory */ 1446 wpi_mem_write_region_4(sc, WPI_MEM_UCODE_BASE, (const uint32_t *)ucode, 1447 size); 1448 1449 wpi_mem_write(sc, WPI_MEM_UCODE_SRC, 0); 1450 wpi_mem_write(sc, WPI_MEM_UCODE_DST, WPI_FW_TEXT); 1451 wpi_mem_write(sc, WPI_MEM_UCODE_SIZE, size); 1452 1453 /* run microcode */ 1454 wpi_mem_write(sc, WPI_MEM_UCODE_CTL, WPI_UC_RUN); 1455 1456 wpi_mem_unlock(sc); 1457 1458 return (WPI_SUCCESS); 1459 } 1460 1461 /* 1462 * The firmware text and data segments are transferred to the NIC using DMA. 1463 * The driver just copies the firmware into DMA-safe memory and tells the NIC 1464 * where to find it. Once the NIC has copied the firmware into its internal 1465 * memory, we can free our local copy in the driver. 1466 */ 1467 static int 1468 wpi_load_firmware(wpi_sc_t *sc, uint32_t target) 1469 { 1470 const char *fw; 1471 int size; 1472 wpi_dma_t *dma_p; 1473 ddi_dma_cookie_t *cookie; 1474 wpi_tx_desc_t desc; 1475 int i, ntries, err = WPI_SUCCESS; 1476 1477 /* only text and data here */ 1478 if (target == WPI_FW_TEXT) { 1479 fw = sc->sc_text; 1480 size = LE_32(sc->sc_hdr->textsz); 1481 dma_p = &sc->sc_dma_fw_text; 1482 cookie = sc->sc_fw_text_cookie; 1483 } else { 1484 fw = sc->sc_data; 1485 size = LE_32(sc->sc_hdr->datasz); 1486 dma_p = &sc->sc_dma_fw_data; 1487 cookie = sc->sc_fw_data_cookie; 1488 } 1489 1490 /* copy firmware image to DMA-safe memory */ 1491 (void) memcpy(dma_p->mem_va, fw, size); 1492 1493 /* make sure the adapter will get up-to-date values */ 1494 (void) ddi_dma_sync(dma_p->dma_hdl, 0, size, DDI_DMA_SYNC_FORDEV); 1495 1496 (void) memset(&desc, 0, sizeof (desc)); 1497 desc.flags = LE_32(WPI_PAD32(size) << 28 | dma_p->ncookies << 24); 1498 for (i = 0; i < dma_p->ncookies; i++) { 1499 WPI_DBG((WPI_DEBUG_DMA, "cookie%d addr:%x size:%x\n", 1500 i, cookie[i].dmac_address, cookie[i].dmac_size)); 1501 desc.segs[i].addr = cookie[i].dmac_address; 1502 desc.segs[i].len = (uint32_t)cookie[i].dmac_size; 1503 } 1504 1505 wpi_mem_lock(sc); 1506 1507 /* tell adapter where to copy image in its internal memory */ 1508 WPI_WRITE(sc, WPI_FW_TARGET, target); 1509 1510 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0); 1511 1512 /* copy firmware descriptor into NIC memory */ 1513 WPI_WRITE_REGION_4(sc, WPI_TX_DESC(6), (uint32_t *)&desc, 1514 sizeof desc / sizeof (uint32_t)); 1515 1516 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0xfffff); 1517 WPI_WRITE(sc, WPI_TX_STATE(6), 0x4001); 1518 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0x80000001); 1519 1520 /* wait while the adapter is busy copying the firmware */ 1521 for (ntries = 0; ntries < 100; ntries++) { 1522 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(6)) 1523 break; 1524 DELAY(1000); 1525 } 1526 if (ntries == 100) { 1527 WPI_DBG((WPI_DEBUG_FW, "timeout transferring firmware\n")); 1528 err = ETIMEDOUT; 1529 } 1530 1531 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0); 1532 1533 wpi_mem_unlock(sc); 1534 1535 return (err); 1536 } 1537 1538 /*ARGSUSED*/ 1539 static void 1540 wpi_rx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1541 { 1542 ieee80211com_t *ic = &sc->sc_ic; 1543 wpi_rx_ring_t *ring = &sc->sc_rxq; 1544 wpi_rx_stat_t *stat; 1545 wpi_rx_head_t *head; 1546 wpi_rx_tail_t *tail; 1547 ieee80211_node_t *in; 1548 struct ieee80211_frame *wh; 1549 mblk_t *mp; 1550 uint16_t len; 1551 1552 stat = (wpi_rx_stat_t *)(desc + 1); 1553 1554 if (stat->len > WPI_STAT_MAXLEN) { 1555 WPI_DBG((WPI_DEBUG_RX, "invalid rx statistic header\n")); 1556 return; 1557 } 1558 1559 head = (wpi_rx_head_t *)((caddr_t)(stat + 1) + stat->len); 1560 tail = (wpi_rx_tail_t *)((caddr_t)(head + 1) + LE_16(head->len)); 1561 1562 len = LE_16(head->len); 1563 1564 WPI_DBG((WPI_DEBUG_RX, "rx intr: idx=%d len=%d stat len=%d rssi=%d " 1565 "rate=%x chan=%d tstamp=%llu", ring->cur, LE_32(desc->len), 1566 len, (int8_t)stat->rssi, head->rate, head->chan, 1567 LE_64(tail->tstamp))); 1568 1569 if ((len < 20) || (len > sc->sc_dmabuf_sz)) { 1570 sc->sc_rx_err++; 1571 return; 1572 } 1573 1574 /* 1575 * Discard Rx frames with bad CRC early 1576 */ 1577 if ((LE_32(tail->flags) & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1578 WPI_DBG((WPI_DEBUG_RX, "rx tail flags error %x\n", 1579 LE_32(tail->flags))); 1580 sc->sc_rx_err++; 1581 return; 1582 } 1583 1584 /* update Rx descriptor */ 1585 /* ring->desc[ring->cur] = LE_32(data->dma_data.cookie.dmac_address); */ 1586 1587 #ifdef WPI_BPF 1588 #ifndef WPI_CURRENT 1589 if (sc->sc_drvbpf != NULL) { 1590 #else 1591 if (bpf_peers_present(sc->sc_drvbpf)) { 1592 #endif 1593 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1594 1595 tap->wr_flags = 0; 1596 tap->wr_rate = head->rate; 1597 tap->wr_chan_freq = 1598 LE_16(ic->ic_channels[head->chan].ic_freq); 1599 tap->wr_chan_flags = 1600 LE_16(ic->ic_channels[head->chan].ic_flags); 1601 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1602 tap->wr_dbm_antnoise = (int8_t)LE_16(stat->noise); 1603 tap->wr_tsft = tail->tstamp; 1604 tap->wr_antenna = (LE_16(head->flags) >> 4) & 0xf; 1605 switch (head->rate) { 1606 /* CCK rates */ 1607 case 10: tap->wr_rate = 2; break; 1608 case 20: tap->wr_rate = 4; break; 1609 case 55: tap->wr_rate = 11; break; 1610 case 110: tap->wr_rate = 22; break; 1611 /* OFDM rates */ 1612 case 0xd: tap->wr_rate = 12; break; 1613 case 0xf: tap->wr_rate = 18; break; 1614 case 0x5: tap->wr_rate = 24; break; 1615 case 0x7: tap->wr_rate = 36; break; 1616 case 0x9: tap->wr_rate = 48; break; 1617 case 0xb: tap->wr_rate = 72; break; 1618 case 0x1: tap->wr_rate = 96; break; 1619 case 0x3: tap->wr_rate = 108; break; 1620 /* unknown rate: should not happen */ 1621 default: tap->wr_rate = 0; 1622 } 1623 if (LE_16(head->flags) & 0x4) 1624 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1625 1626 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1627 } 1628 #endif 1629 /* grab a reference to the source node */ 1630 wh = (struct ieee80211_frame *)(head + 1); 1631 1632 #ifdef DEBUG 1633 if (wpi_dbg_flags & WPI_DEBUG_RX) 1634 ieee80211_dump_pkt((uint8_t *)wh, len, 0, 0); 1635 #endif 1636 1637 in = ieee80211_find_rxnode(ic, wh); 1638 mp = allocb(len, BPRI_MED); 1639 if (mp) { 1640 (void) memcpy(mp->b_wptr, wh, len); 1641 mp->b_wptr += len; 1642 1643 /* send the frame to the 802.11 layer */ 1644 (void) ieee80211_input(ic, mp, in, stat->rssi, 0); 1645 } else { 1646 sc->sc_rx_nobuf++; 1647 WPI_DBG((WPI_DEBUG_RX, 1648 "wpi_rx_intr(): alloc rx buf failed\n")); 1649 } 1650 /* release node reference */ 1651 ieee80211_free_node(in); 1652 } 1653 1654 /*ARGSUSED*/ 1655 static void 1656 wpi_tx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1657 { 1658 ieee80211com_t *ic = &sc->sc_ic; 1659 wpi_tx_ring_t *ring = &sc->sc_txq[desc->qid & 0x3]; 1660 /* wpi_tx_data_t *txdata = &ring->data[desc->idx]; */ 1661 wpi_tx_stat_t *stat = (wpi_tx_stat_t *)(desc + 1); 1662 wpi_amrr_t *amrr = (wpi_amrr_t *)ic->ic_bss; 1663 1664 WPI_DBG((WPI_DEBUG_TX, "tx done: qid=%d idx=%d retries=%d nkill=%d " 1665 "rate=%x duration=%d status=%x\n", 1666 desc->qid, desc->idx, stat->ntries, stat->nkill, stat->rate, 1667 LE_32(stat->duration), LE_32(stat->status))); 1668 1669 amrr->txcnt++; 1670 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d cnt\n", amrr->txcnt)); 1671 if (stat->ntries > 0) { 1672 amrr->retrycnt++; 1673 sc->sc_tx_retries++; 1674 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d retries\n", 1675 amrr->retrycnt)); 1676 } 1677 1678 sc->sc_tx_timer = 0; 1679 1680 mutex_enter(&sc->sc_tx_lock); 1681 ring->queued--; 1682 if (ring->queued < 0) 1683 ring->queued = 0; 1684 if ((sc->sc_need_reschedule) && (ring->queued <= (ring->count << 3))) { 1685 sc->sc_need_reschedule = 0; 1686 mutex_exit(&sc->sc_tx_lock); 1687 mac_tx_update(ic->ic_mach); 1688 mutex_enter(&sc->sc_tx_lock); 1689 } 1690 mutex_exit(&sc->sc_tx_lock); 1691 } 1692 1693 static void 1694 wpi_cmd_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc) 1695 { 1696 if ((desc->qid & 7) != 4) { 1697 return; /* not a command ack */ 1698 } 1699 mutex_enter(&sc->sc_glock); 1700 sc->sc_flags |= WPI_F_CMD_DONE; 1701 cv_signal(&sc->sc_cmd_cv); 1702 mutex_exit(&sc->sc_glock); 1703 } 1704 1705 static uint_t 1706 wpi_notif_softintr(caddr_t arg) 1707 { 1708 wpi_sc_t *sc = (wpi_sc_t *)arg; 1709 ieee80211com_t *ic = &sc->sc_ic; 1710 wpi_rx_desc_t *desc; 1711 wpi_rx_data_t *data; 1712 uint32_t hw; 1713 1714 mutex_enter(&sc->sc_glock); 1715 if (sc->sc_notif_softint_pending != 1) { 1716 mutex_exit(&sc->sc_glock); 1717 return (DDI_INTR_UNCLAIMED); 1718 } 1719 mutex_exit(&sc->sc_glock); 1720 1721 hw = LE_32(sc->sc_shared->next); 1722 1723 while (sc->sc_rxq.cur != hw) { 1724 data = &sc->sc_rxq.data[sc->sc_rxq.cur]; 1725 desc = (wpi_rx_desc_t *)data->dma_data.mem_va; 1726 1727 WPI_DBG((WPI_DEBUG_INTR, "rx notification hw = %d cur = %d " 1728 "qid=%x idx=%d flags=%x type=%d len=%d\n", 1729 hw, sc->sc_rxq.cur, desc->qid, desc->idx, desc->flags, 1730 desc->type, LE_32(desc->len))); 1731 1732 if (!(desc->qid & 0x80)) /* reply to a command */ 1733 wpi_cmd_intr(sc, desc); 1734 1735 switch (desc->type) { 1736 case WPI_RX_DONE: 1737 /* a 802.11 frame was received */ 1738 wpi_rx_intr(sc, desc, data); 1739 break; 1740 1741 case WPI_TX_DONE: 1742 /* a 802.11 frame has been transmitted */ 1743 wpi_tx_intr(sc, desc, data); 1744 break; 1745 1746 case WPI_UC_READY: 1747 { 1748 wpi_ucode_info_t *uc = 1749 (wpi_ucode_info_t *)(desc + 1); 1750 1751 /* the microcontroller is ready */ 1752 WPI_DBG((WPI_DEBUG_FW, 1753 "microcode alive notification version %x " 1754 "alive %x\n", LE_32(uc->version), 1755 LE_32(uc->valid))); 1756 1757 if (LE_32(uc->valid) != 1) { 1758 WPI_DBG((WPI_DEBUG_FW, 1759 "microcontroller initialization failed\n")); 1760 } 1761 break; 1762 } 1763 case WPI_STATE_CHANGED: 1764 { 1765 uint32_t *status = (uint32_t *)(desc + 1); 1766 1767 /* enabled/disabled notification */ 1768 WPI_DBG((WPI_DEBUG_RADIO, "state changed to %x\n", 1769 LE_32(*status))); 1770 1771 if (LE_32(*status) & 1) { 1772 /* the radio button has to be pushed */ 1773 cmn_err(CE_NOTE, 1774 "wpi: Radio transmitter is off\n"); 1775 } 1776 break; 1777 } 1778 case WPI_START_SCAN: 1779 { 1780 wpi_start_scan_t *scan = 1781 (wpi_start_scan_t *)(desc + 1); 1782 1783 WPI_DBG((WPI_DEBUG_SCAN, 1784 "scanning channel %d status %x\n", 1785 scan->chan, LE_32(scan->status))); 1786 1787 /* fix current channel */ 1788 ic->ic_curchan = &ic->ic_sup_channels[scan->chan]; 1789 break; 1790 } 1791 case WPI_STOP_SCAN: 1792 WPI_DBG((WPI_DEBUG_SCAN, "scan finished\n")); 1793 ieee80211_end_scan(ic); 1794 break; 1795 } 1796 1797 sc->sc_rxq.cur = (sc->sc_rxq.cur + 1) % WPI_RX_RING_COUNT; 1798 } 1799 1800 /* tell the firmware what we have processed */ 1801 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1802 WPI_WRITE(sc, WPI_RX_WIDX, hw & (~7)); 1803 mutex_enter(&sc->sc_glock); 1804 sc->sc_notif_softint_pending = 0; 1805 mutex_exit(&sc->sc_glock); 1806 1807 return (DDI_INTR_CLAIMED); 1808 } 1809 1810 static uint_t 1811 wpi_intr(caddr_t arg) 1812 { 1813 wpi_sc_t *sc = (wpi_sc_t *)arg; 1814 uint32_t r; 1815 1816 mutex_enter(&sc->sc_glock); 1817 r = WPI_READ(sc, WPI_INTR); 1818 if (r == 0 || r == 0xffffffff) { 1819 mutex_exit(&sc->sc_glock); 1820 return (DDI_INTR_UNCLAIMED); 1821 } 1822 1823 WPI_DBG((WPI_DEBUG_INTR, "interrupt reg %x\n", r)); 1824 1825 /* disable interrupts */ 1826 WPI_WRITE(sc, WPI_MASK, 0); 1827 /* ack interrupts */ 1828 WPI_WRITE(sc, WPI_INTR, r); 1829 1830 if (sc->sc_notif_softint_id == NULL) { 1831 mutex_exit(&sc->sc_glock); 1832 return (DDI_INTR_CLAIMED); 1833 } 1834 1835 if (r & (WPI_SW_ERROR | WPI_HW_ERROR)) { 1836 WPI_DBG((WPI_DEBUG_FW, "fatal firmware error\n")); 1837 mutex_exit(&sc->sc_glock); 1838 wpi_stop(sc); 1839 sc->sc_ostate = sc->sc_ic.ic_state; 1840 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 1841 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 1842 return (DDI_INTR_CLAIMED); 1843 } 1844 1845 if (r & WPI_RX_INTR) { 1846 sc->sc_notif_softint_pending = 1; 1847 ddi_trigger_softintr(sc->sc_notif_softint_id); 1848 } 1849 1850 if (r & WPI_ALIVE_INTR) { /* firmware initialized */ 1851 sc->sc_flags |= WPI_F_FW_INIT; 1852 cv_signal(&sc->sc_fw_cv); 1853 } 1854 1855 /* re-enable interrupts */ 1856 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 1857 mutex_exit(&sc->sc_glock); 1858 1859 return (DDI_INTR_CLAIMED); 1860 } 1861 1862 static uint8_t 1863 wpi_plcp_signal(int rate) 1864 { 1865 switch (rate) { 1866 /* CCK rates (returned values are device-dependent) */ 1867 case 2: return (10); 1868 case 4: return (20); 1869 case 11: return (55); 1870 case 22: return (110); 1871 1872 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 1873 /* R1-R4 (ral/ural is R4-R1) */ 1874 case 12: return (0xd); 1875 case 18: return (0xf); 1876 case 24: return (0x5); 1877 case 36: return (0x7); 1878 case 48: return (0x9); 1879 case 72: return (0xb); 1880 case 96: return (0x1); 1881 case 108: return (0x3); 1882 1883 /* unsupported rates (should not get there) */ 1884 default: return (0); 1885 } 1886 } 1887 1888 static mblk_t * 1889 wpi_m_tx(void *arg, mblk_t *mp) 1890 { 1891 wpi_sc_t *sc = (wpi_sc_t *)arg; 1892 ieee80211com_t *ic = &sc->sc_ic; 1893 mblk_t *next; 1894 1895 if (ic->ic_state != IEEE80211_S_RUN) { 1896 freemsgchain(mp); 1897 return (NULL); 1898 } 1899 1900 while (mp != NULL) { 1901 next = mp->b_next; 1902 mp->b_next = NULL; 1903 if (wpi_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != 0) { 1904 mp->b_next = next; 1905 break; 1906 } 1907 mp = next; 1908 } 1909 return (mp); 1910 } 1911 1912 /* ARGSUSED */ 1913 static int 1914 wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type) 1915 { 1916 wpi_sc_t *sc = (wpi_sc_t *)ic; 1917 wpi_tx_ring_t *ring; 1918 wpi_tx_desc_t *desc; 1919 wpi_tx_data_t *data; 1920 wpi_tx_cmd_t *cmd; 1921 wpi_cmd_data_t *tx; 1922 ieee80211_node_t *in; 1923 struct ieee80211_frame *wh; 1924 struct ieee80211_key *k; 1925 mblk_t *m, *m0; 1926 int rate, hdrlen, len, mblen, off, err = WPI_SUCCESS; 1927 1928 ring = ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA) ? 1929 (&sc->sc_txq[0]) : (&sc->sc_txq[1]); 1930 data = &ring->data[ring->cur]; 1931 desc = data->desc; 1932 cmd = data->cmd; 1933 bzero(desc, sizeof (*desc)); 1934 bzero(cmd, sizeof (*cmd)); 1935 1936 mutex_enter(&sc->sc_tx_lock); 1937 if (ring->queued > ring->count - 64) { 1938 WPI_DBG((WPI_DEBUG_TX, "wpi_send(): no txbuf\n")); 1939 sc->sc_need_reschedule = 1; 1940 mutex_exit(&sc->sc_tx_lock); 1941 if ((type & IEEE80211_FC0_TYPE_MASK) != 1942 IEEE80211_FC0_TYPE_DATA) { 1943 freemsg(mp); 1944 } 1945 sc->sc_tx_nobuf++; 1946 err = WPI_FAIL; 1947 goto exit; 1948 } 1949 mutex_exit(&sc->sc_tx_lock); 1950 1951 hdrlen = sizeof (struct ieee80211_frame); 1952 1953 m = allocb(msgdsize(mp) + 32, BPRI_MED); 1954 if (m == NULL) { /* can not alloc buf, drop this package */ 1955 cmn_err(CE_WARN, 1956 "wpi_send(): failed to allocate msgbuf\n"); 1957 freemsg(mp); 1958 err = WPI_SUCCESS; 1959 goto exit; 1960 } 1961 for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) { 1962 mblen = MBLKL(m0); 1963 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen); 1964 off += mblen; 1965 } 1966 m->b_wptr += off; 1967 freemsg(mp); 1968 1969 wh = (struct ieee80211_frame *)m->b_rptr; 1970 1971 in = ieee80211_find_txnode(ic, wh->i_addr1); 1972 if (in == NULL) { 1973 cmn_err(CE_WARN, "wpi_send(): failed to find tx node\n"); 1974 freemsg(m); 1975 sc->sc_tx_err++; 1976 err = WPI_SUCCESS; 1977 goto exit; 1978 } 1979 1980 (void) ieee80211_encap(ic, m, in); 1981 1982 cmd->code = WPI_CMD_TX_DATA; 1983 cmd->flags = 0; 1984 cmd->qid = ring->qid; 1985 cmd->idx = ring->cur; 1986 1987 tx = (wpi_cmd_data_t *)cmd->data; 1988 tx->flags = 0; 1989 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1990 tx->flags |= LE_32(WPI_TX_NEED_ACK); 1991 } else { 1992 tx->flags &= ~(LE_32(WPI_TX_NEED_ACK)); 1993 } 1994 1995 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1996 k = ieee80211_crypto_encap(ic, m); 1997 if (k == NULL) { 1998 freemsg(m); 1999 sc->sc_tx_err++; 2000 err = WPI_SUCCESS; 2001 goto exit; 2002 } 2003 2004 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 2005 tx->security = 2; /* for CCMP */ 2006 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2007 (void) memcpy(&tx->key, k->wk_key, k->wk_keylen); 2008 } 2009 2010 /* packet header may have moved, reset our local pointer */ 2011 wh = (struct ieee80211_frame *)m->b_rptr; 2012 } 2013 2014 len = msgdsize(m); 2015 2016 #ifdef DEBUG 2017 if (wpi_dbg_flags & WPI_DEBUG_TX) 2018 ieee80211_dump_pkt((uint8_t *)wh, hdrlen, 0, 0); 2019 #endif 2020 2021 /* pickup a rate */ 2022 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2023 IEEE80211_FC0_TYPE_MGT) { 2024 /* mgmt frames are sent at the lowest available bit-rate */ 2025 rate = 2; 2026 } else { 2027 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) { 2028 rate = ic->ic_fixed_rate; 2029 } else 2030 rate = in->in_rates.ir_rates[in->in_txrate]; 2031 } 2032 rate &= IEEE80211_RATE_VAL; 2033 WPI_DBG((WPI_DEBUG_RATECTL, "tx rate[%d of %d] = %x", 2034 in->in_txrate, in->in_rates.ir_nrates, rate)); 2035 #ifdef WPI_BPF 2036 #ifndef WPI_CURRENT 2037 if (sc->sc_drvbpf != NULL) { 2038 #else 2039 if (bpf_peers_present(sc->sc_drvbpf)) { 2040 #endif 2041 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2042 2043 tap->wt_flags = 0; 2044 tap->wt_chan_freq = LE_16(ic->ic_curchan->ic_freq); 2045 tap->wt_chan_flags = LE_16(ic->ic_curchan->ic_flags); 2046 tap->wt_rate = rate; 2047 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2048 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2049 2050 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 2051 } 2052 #endif 2053 2054 tx->flags |= (LE_32(WPI_TX_AUTO_SEQ)); 2055 tx->flags |= LE_32(WPI_TX_BT_DISABLE | WPI_TX_CALIBRATION); 2056 2057 /* retrieve destination node's id */ 2058 tx->id = IEEE80211_IS_MULTICAST(wh->i_addr1) ? WPI_ID_BROADCAST : 2059 WPI_ID_BSS; 2060 2061 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2062 IEEE80211_FC0_TYPE_MGT) { 2063 /* tell h/w to set timestamp in probe responses */ 2064 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2065 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2066 tx->flags |= LE_32(WPI_TX_INSERT_TSTAMP); 2067 2068 if (((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2069 IEEE80211_FC0_SUBTYPE_ASSOC_REQ) || 2070 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2071 IEEE80211_FC0_SUBTYPE_REASSOC_REQ)) 2072 tx->timeout = 3; 2073 else 2074 tx->timeout = 2; 2075 } else 2076 tx->timeout = 0; 2077 2078 tx->rate = wpi_plcp_signal(rate); 2079 2080 /* be very persistant at sending frames out */ 2081 tx->rts_ntries = 7; 2082 tx->data_ntries = 15; 2083 2084 tx->cck_mask = 0x0f; 2085 tx->ofdm_mask = 0xff; 2086 tx->lifetime = LE_32(0xffffffff); 2087 2088 tx->len = LE_16(len); 2089 2090 /* save and trim IEEE802.11 header */ 2091 (void) memcpy(tx + 1, m->b_rptr, hdrlen); 2092 m->b_rptr += hdrlen; 2093 (void) memcpy(data->dma_data.mem_va, m->b_rptr, len - hdrlen); 2094 2095 WPI_DBG((WPI_DEBUG_TX, "sending data: qid=%d idx=%d len=%d", ring->qid, 2096 ring->cur, len)); 2097 2098 /* first scatter/gather segment is used by the tx data command */ 2099 desc->flags = LE_32(WPI_PAD32(len) << 28 | (2) << 24); 2100 desc->segs[0].addr = LE_32(data->paddr_cmd); 2101 desc->segs[0].len = LE_32( 2102 roundup(4 + sizeof (wpi_cmd_data_t) + hdrlen, 4)); 2103 desc->segs[1].addr = LE_32(data->dma_data.cookie.dmac_address); 2104 desc->segs[1].len = LE_32(len - hdrlen); 2105 2106 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2107 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2108 2109 mutex_enter(&sc->sc_tx_lock); 2110 ring->queued++; 2111 mutex_exit(&sc->sc_tx_lock); 2112 2113 /* kick ring */ 2114 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2115 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2116 freemsg(m); 2117 /* release node reference */ 2118 ieee80211_free_node(in); 2119 2120 ic->ic_stats.is_tx_bytes += len; 2121 ic->ic_stats.is_tx_frags++; 2122 2123 if (sc->sc_tx_timer == 0) 2124 sc->sc_tx_timer = 5; 2125 exit: 2126 return (err); 2127 } 2128 2129 static void 2130 wpi_m_ioctl(void* arg, queue_t *wq, mblk_t *mp) 2131 { 2132 wpi_sc_t *sc = (wpi_sc_t *)arg; 2133 ieee80211com_t *ic = &sc->sc_ic; 2134 int err; 2135 2136 err = ieee80211_ioctl(ic, wq, mp); 2137 if (err == ENETRESET) { 2138 (void) ieee80211_new_state(ic, 2139 IEEE80211_S_SCAN, -1); 2140 } 2141 } 2142 2143 /*ARGSUSED*/ 2144 static int 2145 wpi_m_stat(void *arg, uint_t stat, uint64_t *val) 2146 { 2147 wpi_sc_t *sc = (wpi_sc_t *)arg; 2148 ieee80211com_t *ic = &sc->sc_ic; 2149 ieee80211_node_t *in = ic->ic_bss; 2150 struct ieee80211_rateset *rs = &in->in_rates; 2151 2152 mutex_enter(&sc->sc_glock); 2153 switch (stat) { 2154 case MAC_STAT_IFSPEED: 2155 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ? 2156 (rs->ir_rates[in->in_txrate] & IEEE80211_RATE_VAL) 2157 : ic->ic_fixed_rate) * 5000000ull; 2158 break; 2159 case MAC_STAT_NOXMTBUF: 2160 *val = sc->sc_tx_nobuf; 2161 break; 2162 case MAC_STAT_NORCVBUF: 2163 *val = sc->sc_rx_nobuf; 2164 break; 2165 case MAC_STAT_IERRORS: 2166 *val = sc->sc_rx_err; 2167 break; 2168 case MAC_STAT_RBYTES: 2169 *val = ic->ic_stats.is_rx_bytes; 2170 break; 2171 case MAC_STAT_IPACKETS: 2172 *val = ic->ic_stats.is_rx_frags; 2173 break; 2174 case MAC_STAT_OBYTES: 2175 *val = ic->ic_stats.is_tx_bytes; 2176 break; 2177 case MAC_STAT_OPACKETS: 2178 *val = ic->ic_stats.is_tx_frags; 2179 break; 2180 case MAC_STAT_OERRORS: 2181 case WIFI_STAT_TX_FAILED: 2182 *val = sc->sc_tx_err; 2183 break; 2184 case WIFI_STAT_TX_RETRANS: 2185 *val = sc->sc_tx_retries; 2186 break; 2187 case WIFI_STAT_FCS_ERRORS: 2188 case WIFI_STAT_WEP_ERRORS: 2189 case WIFI_STAT_TX_FRAGS: 2190 case WIFI_STAT_MCAST_TX: 2191 case WIFI_STAT_RTS_SUCCESS: 2192 case WIFI_STAT_RTS_FAILURE: 2193 case WIFI_STAT_ACK_FAILURE: 2194 case WIFI_STAT_RX_FRAGS: 2195 case WIFI_STAT_MCAST_RX: 2196 case WIFI_STAT_RX_DUPS: 2197 mutex_exit(&sc->sc_glock); 2198 return (ieee80211_stat(ic, stat, val)); 2199 default: 2200 mutex_exit(&sc->sc_glock); 2201 return (ENOTSUP); 2202 } 2203 mutex_exit(&sc->sc_glock); 2204 2205 return (WPI_SUCCESS); 2206 2207 } 2208 2209 static int 2210 wpi_m_start(void *arg) 2211 { 2212 wpi_sc_t *sc = (wpi_sc_t *)arg; 2213 ieee80211com_t *ic = &sc->sc_ic; 2214 int err; 2215 2216 err = wpi_init(sc); 2217 if (err != WPI_SUCCESS) { 2218 wpi_stop(sc); 2219 DELAY(1000000); 2220 err = wpi_init(sc); 2221 } 2222 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2223 2224 return (err); 2225 } 2226 2227 static void 2228 wpi_m_stop(void *arg) 2229 { 2230 wpi_sc_t *sc = (wpi_sc_t *)arg; 2231 ieee80211com_t *ic = &sc->sc_ic; 2232 2233 wpi_stop(sc); 2234 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2235 mutex_enter(&sc->sc_mt_lock); 2236 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2237 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 2238 mutex_exit(&sc->sc_mt_lock); 2239 } 2240 2241 /*ARGSUSED*/ 2242 static int 2243 wpi_m_unicst(void *arg, const uint8_t *macaddr) 2244 { 2245 wpi_sc_t *sc = (wpi_sc_t *)arg; 2246 ieee80211com_t *ic = &sc->sc_ic; 2247 int err; 2248 2249 if (!IEEE80211_ADDR_EQ(ic->ic_macaddr, macaddr)) { 2250 IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr); 2251 mutex_enter(&sc->sc_glock); 2252 err = wpi_config(sc); 2253 mutex_exit(&sc->sc_glock); 2254 if (err != WPI_SUCCESS) { 2255 cmn_err(CE_WARN, 2256 "wpi_m_unicst(): " 2257 "failed to configure device\n"); 2258 goto fail; 2259 } 2260 } 2261 return (WPI_SUCCESS); 2262 fail: 2263 return (err); 2264 } 2265 2266 /*ARGSUSED*/ 2267 static int 2268 wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m) 2269 { 2270 return (WPI_SUCCESS); 2271 } 2272 2273 /*ARGSUSED*/ 2274 static int 2275 wpi_m_promisc(void *arg, boolean_t on) 2276 { 2277 return (WPI_SUCCESS); 2278 } 2279 2280 static void 2281 wpi_thread(wpi_sc_t *sc) 2282 { 2283 ieee80211com_t *ic = &sc->sc_ic; 2284 clock_t clk; 2285 int times = 0, err, n = 0, timeout = 0; 2286 2287 mutex_enter(&sc->sc_mt_lock); 2288 while (sc->sc_mf_thread_switch) { 2289 /* 2290 * recovery fatal error 2291 */ 2292 if (ic->ic_mach && 2293 (sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 2294 2295 WPI_DBG((WPI_DEBUG_FW, 2296 "wpi_thread(): " 2297 "try to recover fatal hw error: %d\n", times++)); 2298 2299 wpi_stop(sc); 2300 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2301 2302 mutex_exit(&sc->sc_mt_lock); 2303 delay(drv_usectohz(2000000)); 2304 mutex_enter(&sc->sc_mt_lock); 2305 err = wpi_init(sc); 2306 if (err != WPI_SUCCESS) { 2307 n++; 2308 if (n < 3) 2309 continue; 2310 } 2311 n = 0; 2312 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2313 mutex_exit(&sc->sc_mt_lock); 2314 delay(drv_usectohz(2000000)); 2315 if (sc->sc_ostate != IEEE80211_S_INIT) 2316 ieee80211_begin_scan(ic, 0); 2317 mutex_enter(&sc->sc_mt_lock); 2318 } 2319 2320 /* 2321 * rate ctl 2322 */ 2323 if (ic->ic_mach && 2324 (sc->sc_flags & WPI_F_RATE_AUTO_CTL)) { 2325 clk = ddi_get_lbolt(); 2326 if (clk > sc->sc_clk + drv_usectohz(500000)) { 2327 wpi_amrr_timeout(sc); 2328 } 2329 } 2330 mutex_exit(&sc->sc_mt_lock); 2331 delay(drv_usectohz(100000)); 2332 mutex_enter(&sc->sc_mt_lock); 2333 if (sc->sc_tx_timer) { 2334 timeout++; 2335 if (timeout == 10) { 2336 sc->sc_tx_timer--; 2337 if (sc->sc_tx_timer == 0) { 2338 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2339 sc->sc_ostate = IEEE80211_S_RUN; 2340 } 2341 timeout = 0; 2342 } 2343 } 2344 } 2345 sc->sc_mf_thread = NULL; 2346 cv_signal(&sc->sc_mt_cv); 2347 mutex_exit(&sc->sc_mt_lock); 2348 } 2349 2350 /* 2351 * Extract various information from EEPROM. 2352 */ 2353 static void 2354 wpi_read_eeprom(wpi_sc_t *sc) 2355 { 2356 ieee80211com_t *ic = &sc->sc_ic; 2357 uint16_t val; 2358 int i; 2359 2360 /* read MAC address */ 2361 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 0); 2362 ic->ic_macaddr[0] = val & 0xff; 2363 ic->ic_macaddr[1] = val >> 8; 2364 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 1); 2365 ic->ic_macaddr[2] = val & 0xff; 2366 ic->ic_macaddr[3] = val >> 8; 2367 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 2); 2368 ic->ic_macaddr[4] = val & 0xff; 2369 ic->ic_macaddr[5] = val >> 8; 2370 2371 WPI_DBG((WPI_DEBUG_EEPROM, 2372 "mac:%2x:%2x:%2x:%2x:%2x:%2x\n", 2373 ic->ic_macaddr[0], ic->ic_macaddr[1], 2374 ic->ic_macaddr[2], ic->ic_macaddr[3], 2375 ic->ic_macaddr[4], ic->ic_macaddr[5])); 2376 /* read power settings for 2.4GHz channels */ 2377 for (i = 0; i < 14; i++) { 2378 sc->sc_pwr1[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR1 + i); 2379 sc->sc_pwr2[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR2 + i); 2380 WPI_DBG((WPI_DEBUG_EEPROM, 2381 "channel %d pwr1 0x%04x pwr2 0x%04x\n", i + 1, 2382 sc->sc_pwr1[i], sc->sc_pwr2[i])); 2383 } 2384 } 2385 2386 /* 2387 * Send a command to the firmware. 2388 */ 2389 static int 2390 wpi_cmd(wpi_sc_t *sc, int code, const void *buf, int size, int async) 2391 { 2392 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2393 wpi_tx_desc_t *desc; 2394 wpi_tx_cmd_t *cmd; 2395 2396 ASSERT(size <= sizeof (cmd->data)); 2397 ASSERT(mutex_owned(&sc->sc_glock)); 2398 2399 WPI_DBG((WPI_DEBUG_CMD, "wpi_cmd() # code[%d]", code)); 2400 desc = ring->data[ring->cur].desc; 2401 cmd = ring->data[ring->cur].cmd; 2402 2403 cmd->code = (uint8_t)code; 2404 cmd->flags = 0; 2405 cmd->qid = ring->qid; 2406 cmd->idx = ring->cur; 2407 (void) memcpy(cmd->data, buf, size); 2408 2409 desc->flags = LE_32(WPI_PAD32(size) << 28 | 1 << 24); 2410 desc->segs[0].addr = ring->data[ring->cur].paddr_cmd; 2411 desc->segs[0].len = 4 + size; 2412 2413 /* kick cmd ring */ 2414 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2415 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2416 2417 if (async) 2418 return (WPI_SUCCESS); 2419 else { 2420 clock_t clk; 2421 sc->sc_flags &= ~WPI_F_CMD_DONE; 2422 clk = ddi_get_lbolt() + drv_usectohz(2000000); 2423 while (!(sc->sc_flags & WPI_F_CMD_DONE)) { 2424 if (cv_timedwait(&sc->sc_cmd_cv, &sc->sc_glock, clk) 2425 < 0) 2426 break; 2427 } 2428 if (sc->sc_flags & WPI_F_CMD_DONE) 2429 return (WPI_SUCCESS); 2430 else 2431 return (WPI_FAIL); 2432 } 2433 } 2434 2435 /* 2436 * Configure h/w multi-rate retries. 2437 */ 2438 static int 2439 wpi_mrr_setup(wpi_sc_t *sc) 2440 { 2441 wpi_mrr_setup_t mrr; 2442 int i, err; 2443 2444 /* CCK rates (not used with 802.11a) */ 2445 for (i = WPI_CCK1; i <= WPI_CCK11; i++) { 2446 mrr.rates[i].flags = 0; 2447 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2448 /* fallback to the immediate lower CCK rate (if any) */ 2449 mrr.rates[i].next = (i == WPI_CCK1) ? WPI_CCK1 : i - 1; 2450 /* try one time at this rate before falling back to "next" */ 2451 mrr.rates[i].ntries = 1; 2452 } 2453 2454 /* OFDM rates (not used with 802.11b) */ 2455 for (i = WPI_OFDM6; i <= WPI_OFDM54; i++) { 2456 mrr.rates[i].flags = 0; 2457 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2458 /* fallback to the immediate lower OFDM rate (if any) */ 2459 mrr.rates[i].next = (i == WPI_OFDM6) ? WPI_OFDM6 : i - 1; 2460 /* try one time at this rate before falling back to "next" */ 2461 mrr.rates[i].ntries = 1; 2462 } 2463 2464 /* setup MRR for control frames */ 2465 mrr.which = LE_32(WPI_MRR_CTL); 2466 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2467 if (err != WPI_SUCCESS) { 2468 WPI_DBG((WPI_DEBUG_MRR, 2469 "could not setup MRR for control frames\n")); 2470 return (err); 2471 } 2472 2473 /* setup MRR for data frames */ 2474 mrr.which = LE_32(WPI_MRR_DATA); 2475 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2476 if (err != WPI_SUCCESS) { 2477 WPI_DBG((WPI_DEBUG_MRR, 2478 "could not setup MRR for data frames\n")); 2479 return (err); 2480 } 2481 2482 return (WPI_SUCCESS); 2483 } 2484 2485 static void 2486 wpi_set_led(wpi_sc_t *sc, uint8_t which, uint8_t off, uint8_t on) 2487 { 2488 wpi_cmd_led_t led; 2489 2490 led.which = which; 2491 led.unit = LE_32(100000); /* on/off in unit of 100ms */ 2492 led.off = off; 2493 led.on = on; 2494 2495 (void) wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof (led), 1); 2496 } 2497 2498 static int 2499 wpi_auth(wpi_sc_t *sc) 2500 { 2501 ieee80211com_t *ic = &sc->sc_ic; 2502 ieee80211_node_t *in = ic->ic_bss; 2503 wpi_node_t node; 2504 int err; 2505 2506 /* update adapter's configuration */ 2507 IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid); 2508 sc->sc_config.chan = ieee80211_chan2ieee(ic, in->in_chan); 2509 if (ic->ic_curmode == IEEE80211_MODE_11B) { 2510 sc->sc_config.cck_mask = 0x03; 2511 sc->sc_config.ofdm_mask = 0; 2512 } else if ((in->in_chan != IEEE80211_CHAN_ANYC) && 2513 (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) { 2514 sc->sc_config.cck_mask = 0; 2515 sc->sc_config.ofdm_mask = 0x15; 2516 } else { /* assume 802.11b/g */ 2517 sc->sc_config.cck_mask = 0x0f; 2518 sc->sc_config.ofdm_mask = 0x15; 2519 } 2520 2521 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x cck %x ofdm %x" 2522 " bssid:%02x:%02x:%02x:%02x:%02x:%2x\n", 2523 sc->sc_config.chan, sc->sc_config.flags, 2524 sc->sc_config.cck_mask, sc->sc_config.ofdm_mask, 2525 sc->sc_config.bssid[0], sc->sc_config.bssid[1], 2526 sc->sc_config.bssid[2], sc->sc_config.bssid[3], 2527 sc->sc_config.bssid[4], sc->sc_config.bssid[5])); 2528 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2529 sizeof (wpi_config_t), 1); 2530 if (err != WPI_SUCCESS) { 2531 cmn_err(CE_WARN, "wpi_auth(): failed to configurate chan%d\n", 2532 sc->sc_config.chan); 2533 return (err); 2534 } 2535 2536 /* add default node */ 2537 (void) memset(&node, 0, sizeof (node)); 2538 IEEE80211_ADDR_COPY(node.bssid, in->in_bssid); 2539 node.id = WPI_ID_BSS; 2540 node.rate = wpi_plcp_signal(2); 2541 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 2542 if (err != WPI_SUCCESS) { 2543 cmn_err(CE_WARN, "wpi_auth(): failed to add BSS node\n"); 2544 return (err); 2545 } 2546 2547 err = wpi_mrr_setup(sc); 2548 if (err != WPI_SUCCESS) { 2549 cmn_err(CE_WARN, "wpi_auth(): failed to setup MRR\n"); 2550 return (err); 2551 } 2552 2553 return (WPI_SUCCESS); 2554 } 2555 2556 /* 2557 * Send a scan request to the firmware. 2558 */ 2559 static int 2560 wpi_scan(wpi_sc_t *sc) 2561 { 2562 ieee80211com_t *ic = &sc->sc_ic; 2563 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2564 wpi_tx_desc_t *desc; 2565 wpi_tx_data_t *data; 2566 wpi_tx_cmd_t *cmd; 2567 wpi_scan_hdr_t *hdr; 2568 wpi_scan_chan_t *chan; 2569 struct ieee80211_frame *wh; 2570 ieee80211_node_t *in = ic->ic_bss; 2571 struct ieee80211_rateset *rs; 2572 enum ieee80211_phymode mode; 2573 uint8_t *frm; 2574 int i, pktlen, nrates; 2575 2576 data = &ring->data[ring->cur]; 2577 desc = data->desc; 2578 cmd = (wpi_tx_cmd_t *)data->dma_data.mem_va; 2579 2580 cmd->code = WPI_CMD_SCAN; 2581 cmd->flags = 0; 2582 cmd->qid = ring->qid; 2583 cmd->idx = ring->cur; 2584 2585 hdr = (wpi_scan_hdr_t *)cmd->data; 2586 (void) memset(hdr, 0, sizeof (wpi_scan_hdr_t)); 2587 hdr->first = 1; 2588 hdr->nchan = 14; 2589 hdr->len = hdr->nchan * sizeof (wpi_scan_chan_t); 2590 hdr->quiet = LE_16(5); 2591 hdr->threshold = LE_16(1); 2592 hdr->filter = LE_32(5); 2593 hdr->rate = wpi_plcp_signal(2); 2594 hdr->id = WPI_ID_BROADCAST; 2595 hdr->mask = LE_32(0xffffffff); 2596 hdr->esslen = ic->ic_des_esslen; 2597 if (ic->ic_des_esslen) 2598 bcopy(ic->ic_des_essid, hdr->essid, ic->ic_des_esslen); 2599 else 2600 bzero(hdr->essid, sizeof (hdr->essid)); 2601 /* 2602 * Build a probe request frame. Most of the following code is a 2603 * copy & paste of what is done in net80211. Unfortunately, the 2604 * functions to add IEs are static and thus can't be reused here. 2605 */ 2606 wh = (struct ieee80211_frame *)(hdr + 1); 2607 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2608 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2609 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2610 (void) memset(wh->i_addr1, 0xff, 6); 2611 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_macaddr); 2612 (void) memset(wh->i_addr3, 0xff, 6); 2613 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 2614 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 2615 2616 frm = (uint8_t *)(wh + 1); 2617 2618 /* add essid IE */ 2619 *frm++ = IEEE80211_ELEMID_SSID; 2620 *frm++ = in->in_esslen; 2621 (void) memcpy(frm, in->in_essid, in->in_esslen); 2622 frm += in->in_esslen; 2623 2624 mode = ieee80211_chan2mode(ic, ic->ic_curchan); 2625 rs = &ic->ic_sup_rates[mode]; 2626 2627 /* add supported rates IE */ 2628 *frm++ = IEEE80211_ELEMID_RATES; 2629 nrates = rs->ir_nrates; 2630 if (nrates > IEEE80211_RATE_SIZE) 2631 nrates = IEEE80211_RATE_SIZE; 2632 *frm++ = (uint8_t)nrates; 2633 (void) memcpy(frm, rs->ir_rates, nrates); 2634 frm += nrates; 2635 2636 /* add supported xrates IE */ 2637 if (rs->ir_nrates > IEEE80211_RATE_SIZE) { 2638 nrates = rs->ir_nrates - IEEE80211_RATE_SIZE; 2639 *frm++ = IEEE80211_ELEMID_XRATES; 2640 *frm++ = (uint8_t)nrates; 2641 (void) memcpy(frm, rs->ir_rates + IEEE80211_RATE_SIZE, nrates); 2642 frm += nrates; 2643 } 2644 2645 /* add optionnal IE (usually an RSN IE) */ 2646 if (ic->ic_opt_ie != NULL) { 2647 (void) memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); 2648 frm += ic->ic_opt_ie_len; 2649 } 2650 2651 /* setup length of probe request */ 2652 hdr->pbrlen = LE_16(frm - (uint8_t *)wh); 2653 2654 /* align on a 4-byte boundary */ 2655 chan = (wpi_scan_chan_t *)frm; 2656 for (i = 1; i <= hdr->nchan; i++, chan++) { 2657 chan->flags = 3; 2658 chan->chan = (uint8_t)i; 2659 chan->magic = LE_16(0x62ab); 2660 chan->active = LE_16(20); 2661 chan->passive = LE_16(120); 2662 2663 frm += sizeof (wpi_scan_chan_t); 2664 } 2665 2666 pktlen = frm - (uint8_t *)cmd; 2667 2668 desc->flags = LE_32(WPI_PAD32(pktlen) << 28 | 1 << 24); 2669 desc->segs[0].addr = LE_32(data->dma_data.cookie.dmac_address); 2670 desc->segs[0].len = LE_32(pktlen); 2671 2672 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2673 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2674 2675 /* kick cmd ring */ 2676 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2677 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2678 2679 return (WPI_SUCCESS); /* will be notified async. of failure/success */ 2680 } 2681 2682 static int 2683 wpi_config(wpi_sc_t *sc) 2684 { 2685 ieee80211com_t *ic = &sc->sc_ic; 2686 wpi_txpower_t txpower; 2687 wpi_power_t power; 2688 #ifdef WPI_BLUE_COEXISTENCE 2689 wpi_bluetooth_t bluetooth; 2690 #endif 2691 wpi_node_t node; 2692 int err; 2693 2694 /* Intel's binary only daemon is a joke.. */ 2695 2696 /* set Tx power for 2.4GHz channels (values read from EEPROM) */ 2697 (void) memset(&txpower, 0, sizeof (txpower)); 2698 (void) memcpy(txpower.pwr1, sc->sc_pwr1, 14 * sizeof (uint16_t)); 2699 (void) memcpy(txpower.pwr2, sc->sc_pwr2, 14 * sizeof (uint16_t)); 2700 err = wpi_cmd(sc, WPI_CMD_TXPOWER, &txpower, sizeof (txpower), 0); 2701 if (err != WPI_SUCCESS) { 2702 cmn_err(CE_WARN, "wpi_config(): failed to set txpower\n"); 2703 return (err); 2704 } 2705 2706 /* set power mode */ 2707 (void) memset(&power, 0, sizeof (power)); 2708 power.flags = LE_32(0x8); 2709 err = wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &power, sizeof (power), 0); 2710 if (err != WPI_SUCCESS) { 2711 cmn_err(CE_WARN, "wpi_config(): failed to set power mode\n"); 2712 return (err); 2713 } 2714 #ifdef WPI_BLUE_COEXISTENCE 2715 /* configure bluetooth coexistence */ 2716 (void) memset(&bluetooth, 0, sizeof (bluetooth)); 2717 bluetooth.flags = 3; 2718 bluetooth.lead = 0xaa; 2719 bluetooth.kill = 1; 2720 err = wpi_cmd(sc, WPI_CMD_BLUETOOTH, &bluetooth, 2721 sizeof (bluetooth), 0); 2722 if (err != WPI_SUCCESS) { 2723 cmn_err(CE_WARN, 2724 "wpi_config(): " 2725 "failed to configurate bluetooth coexistence\n"); 2726 return (err); 2727 } 2728 #endif 2729 /* configure adapter */ 2730 (void) memset(&sc->sc_config, 0, sizeof (wpi_config_t)); 2731 IEEE80211_ADDR_COPY(sc->sc_config.myaddr, ic->ic_macaddr); 2732 sc->sc_config.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2733 sc->sc_config.flags = LE_32(WPI_CONFIG_TSF | WPI_CONFIG_AUTO | 2734 WPI_CONFIG_24GHZ); 2735 sc->sc_config.filter = 0; 2736 switch (ic->ic_opmode) { 2737 case IEEE80211_M_STA: 2738 sc->sc_config.mode = WPI_MODE_STA; 2739 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST | 2740 WPI_FILTER_NODECRYPTUNI | WPI_FILTER_NODECRYPTMUL); 2741 break; 2742 case IEEE80211_M_IBSS: 2743 case IEEE80211_M_AHDEMO: 2744 sc->sc_config.mode = WPI_MODE_IBSS; 2745 break; 2746 case IEEE80211_M_HOSTAP: 2747 sc->sc_config.mode = WPI_MODE_HOSTAP; 2748 break; 2749 case IEEE80211_M_MONITOR: 2750 sc->sc_config.mode = WPI_MODE_MONITOR; 2751 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST | 2752 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2753 break; 2754 } 2755 sc->sc_config.cck_mask = 0x0f; /* not yet negotiated */ 2756 sc->sc_config.ofdm_mask = 0xff; /* not yet negotiated */ 2757 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2758 sizeof (wpi_config_t), 0); 2759 if (err != WPI_SUCCESS) { 2760 cmn_err(CE_WARN, "wpi_config(): " 2761 "failed to set configure command\n"); 2762 return (err); 2763 } 2764 2765 /* add broadcast node */ 2766 (void) memset(&node, 0, sizeof (node)); 2767 (void) memset(node.bssid, 0xff, 6); 2768 node.id = WPI_ID_BROADCAST; 2769 node.rate = wpi_plcp_signal(2); 2770 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 0); 2771 if (err != WPI_SUCCESS) { 2772 cmn_err(CE_WARN, "wpi_config(): " 2773 "failed to add broadcast node\n"); 2774 return (err); 2775 } 2776 2777 return (WPI_SUCCESS); 2778 } 2779 2780 static void 2781 wpi_stop_master(wpi_sc_t *sc) 2782 { 2783 uint32_t tmp; 2784 int ntries; 2785 2786 tmp = WPI_READ(sc, WPI_RESET); 2787 WPI_WRITE(sc, WPI_RESET, tmp | WPI_STOP_MASTER); 2788 2789 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2790 if ((tmp & WPI_GPIO_PWR_STATUS) == WPI_GPIO_PWR_SLEEP) 2791 return; /* already asleep */ 2792 2793 for (ntries = 0; ntries < 2000; ntries++) { 2794 if (WPI_READ(sc, WPI_RESET) & WPI_MASTER_DISABLED) 2795 break; 2796 DELAY(1000); 2797 } 2798 if (ntries == 2000) 2799 WPI_DBG((WPI_DEBUG_HW, "timeout waiting for master\n")); 2800 } 2801 2802 static int 2803 wpi_power_up(wpi_sc_t *sc) 2804 { 2805 uint32_t tmp; 2806 int ntries; 2807 2808 wpi_mem_lock(sc); 2809 tmp = wpi_mem_read(sc, WPI_MEM_POWER); 2810 wpi_mem_write(sc, WPI_MEM_POWER, tmp & ~0x03000000); 2811 wpi_mem_unlock(sc); 2812 2813 for (ntries = 0; ntries < 5000; ntries++) { 2814 if (WPI_READ(sc, WPI_GPIO_STATUS) & WPI_POWERED) 2815 break; 2816 DELAY(10); 2817 } 2818 if (ntries == 5000) { 2819 cmn_err(CE_WARN, 2820 "wpi_power_up(): timeout waiting for NIC to power up\n"); 2821 return (ETIMEDOUT); 2822 } 2823 return (WPI_SUCCESS); 2824 } 2825 2826 static int 2827 wpi_reset(wpi_sc_t *sc) 2828 { 2829 uint32_t tmp; 2830 int ntries; 2831 2832 /* clear any pending interrupts */ 2833 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 2834 2835 tmp = WPI_READ(sc, WPI_PLL_CTL); 2836 WPI_WRITE(sc, WPI_PLL_CTL, tmp | WPI_PLL_INIT); 2837 2838 tmp = WPI_READ(sc, WPI_CHICKEN); 2839 WPI_WRITE(sc, WPI_CHICKEN, tmp | WPI_CHICKEN_RXNOLOS); 2840 2841 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2842 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_INIT); 2843 2844 /* wait for clock stabilization */ 2845 for (ntries = 0; ntries < 1000; ntries++) { 2846 if (WPI_READ(sc, WPI_GPIO_CTL) & WPI_GPIO_CLOCK) 2847 break; 2848 DELAY(10); 2849 } 2850 if (ntries == 1000) { 2851 cmn_err(CE_WARN, 2852 "wpi_reset(): timeout waiting for clock stabilization\n"); 2853 return (ETIMEDOUT); 2854 } 2855 2856 /* initialize EEPROM */ 2857 tmp = WPI_READ(sc, WPI_EEPROM_STATUS); 2858 if ((tmp & WPI_EEPROM_VERSION) == 0) { 2859 cmn_err(CE_WARN, "wpi_reset(): EEPROM not found\n"); 2860 return (EIO); 2861 } 2862 WPI_WRITE(sc, WPI_EEPROM_STATUS, tmp & ~WPI_EEPROM_LOCKED); 2863 2864 return (WPI_SUCCESS); 2865 } 2866 2867 static void 2868 wpi_hw_config(wpi_sc_t *sc) 2869 { 2870 uint16_t val; 2871 uint32_t hw; 2872 2873 /* voodoo from the Linux "driver".. */ 2874 hw = WPI_READ(sc, WPI_HWCONFIG); 2875 2876 if ((sc->sc_rev & 0xc0) == 0x40) 2877 hw |= WPI_HW_ALM_MB; 2878 else if (!(sc->sc_rev & 0x80)) 2879 hw |= WPI_HW_ALM_MM; 2880 2881 val = wpi_read_prom_word(sc, WPI_EEPROM_CAPABILITIES); 2882 if ((val & 0xff) == 0x80) 2883 hw |= WPI_HW_SKU_MRC; 2884 2885 val = wpi_read_prom_word(sc, WPI_EEPROM_REVISION); 2886 hw &= ~WPI_HW_REV_D; 2887 if ((val & 0xf0) == 0xd0) 2888 hw |= WPI_HW_REV_D; 2889 2890 val = wpi_read_prom_word(sc, WPI_EEPROM_TYPE); 2891 if ((val & 0xff) > 1) 2892 hw |= WPI_HW_TYPE_B; 2893 2894 WPI_DBG((WPI_DEBUG_HW, "setting h/w config %x\n", hw)); 2895 WPI_WRITE(sc, WPI_HWCONFIG, hw); 2896 } 2897 2898 static int 2899 wpi_init(wpi_sc_t *sc) 2900 { 2901 uint32_t tmp; 2902 int qid, ntries, err; 2903 clock_t clk; 2904 2905 mutex_enter(&sc->sc_glock); 2906 sc->sc_flags &= ~WPI_F_FW_INIT; 2907 2908 (void) wpi_reset(sc); 2909 2910 wpi_mem_lock(sc); 2911 wpi_mem_write(sc, WPI_MEM_CLOCK1, 0xa00); 2912 DELAY(20); 2913 tmp = wpi_mem_read(sc, WPI_MEM_PCIDEV); 2914 wpi_mem_write(sc, WPI_MEM_PCIDEV, tmp | 0x800); 2915 wpi_mem_unlock(sc); 2916 2917 (void) wpi_power_up(sc); 2918 wpi_hw_config(sc); 2919 2920 /* init Rx ring */ 2921 wpi_mem_lock(sc); 2922 WPI_WRITE(sc, WPI_RX_BASE, sc->sc_rxq.dma_desc.cookie.dmac_address); 2923 WPI_WRITE(sc, WPI_RX_RIDX_PTR, 2924 (uint32_t)(sc->sc_dma_sh.cookie.dmac_address + 2925 offsetof(wpi_shared_t, next))); 2926 WPI_WRITE(sc, WPI_RX_WIDX, (WPI_RX_RING_COUNT - 1) & (~7)); 2927 WPI_WRITE(sc, WPI_RX_CONFIG, 0xa9601010); 2928 wpi_mem_unlock(sc); 2929 2930 /* init Tx rings */ 2931 wpi_mem_lock(sc); 2932 wpi_mem_write(sc, WPI_MEM_MODE, 2); /* bypass mode */ 2933 wpi_mem_write(sc, WPI_MEM_RA, 1); /* enable RA0 */ 2934 wpi_mem_write(sc, WPI_MEM_TXCFG, 0x3f); /* enable all 6 Tx rings */ 2935 wpi_mem_write(sc, WPI_MEM_BYPASS1, 0x10000); 2936 wpi_mem_write(sc, WPI_MEM_BYPASS2, 0x30002); 2937 wpi_mem_write(sc, WPI_MEM_MAGIC4, 4); 2938 wpi_mem_write(sc, WPI_MEM_MAGIC5, 5); 2939 2940 WPI_WRITE(sc, WPI_TX_BASE_PTR, sc->sc_dma_sh.cookie.dmac_address); 2941 WPI_WRITE(sc, WPI_MSG_CONFIG, 0xffff05a5); 2942 2943 for (qid = 0; qid < 6; qid++) { 2944 WPI_WRITE(sc, WPI_TX_CTL(qid), 0); 2945 WPI_WRITE(sc, WPI_TX_BASE(qid), 0); 2946 WPI_WRITE(sc, WPI_TX_CONFIG(qid), 0x80200008); 2947 } 2948 wpi_mem_unlock(sc); 2949 2950 /* clear "radio off" and "disable command" bits (reversed logic) */ 2951 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_RADIO_OFF); 2952 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_DISABLE_CMD); 2953 2954 /* clear any pending interrupts */ 2955 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 2956 2957 /* enable interrupts */ 2958 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 2959 2960 /* load firmware boot code into NIC */ 2961 err = wpi_load_microcode(sc); 2962 if (err != WPI_SUCCESS) { 2963 cmn_err(CE_WARN, "wpi_init(): failed to load microcode\n"); 2964 goto fail1; 2965 } 2966 2967 /* load firmware .text segment into NIC */ 2968 err = wpi_load_firmware(sc, WPI_FW_TEXT); 2969 if (err != WPI_SUCCESS) { 2970 cmn_err(CE_WARN, "wpi_init(): " 2971 "failed to load firmware(text)\n"); 2972 goto fail1; 2973 } 2974 2975 /* load firmware .data segment into NIC */ 2976 err = wpi_load_firmware(sc, WPI_FW_DATA); 2977 if (err != WPI_SUCCESS) { 2978 cmn_err(CE_WARN, "wpi_init(): " 2979 "failed to load firmware(data)\n"); 2980 goto fail1; 2981 } 2982 2983 /* now press "execute" ;-) */ 2984 tmp = WPI_READ(sc, WPI_RESET); 2985 tmp &= ~(WPI_MASTER_DISABLED | WPI_STOP_MASTER | WPI_NEVO_RESET); 2986 WPI_WRITE(sc, WPI_RESET, tmp); 2987 2988 /* ..and wait at most one second for adapter to initialize */ 2989 clk = ddi_get_lbolt() + drv_usectohz(2000000); 2990 while (!(sc->sc_flags & WPI_F_FW_INIT)) { 2991 if (cv_timedwait(&sc->sc_fw_cv, &sc->sc_glock, clk) < 0) 2992 break; 2993 } 2994 if (!(sc->sc_flags & WPI_F_FW_INIT)) { 2995 cmn_err(CE_WARN, 2996 "wpi_init(): timeout waiting for firmware init\n"); 2997 goto fail1; 2998 } 2999 3000 /* wait for thermal sensors to calibrate */ 3001 for (ntries = 0; ntries < 1000; ntries++) { 3002 if (WPI_READ(sc, WPI_TEMPERATURE) != 0) 3003 break; 3004 DELAY(10); 3005 } 3006 3007 if (ntries == 1000) { 3008 WPI_DBG((WPI_DEBUG_HW, 3009 "wpi_init(): timeout waiting for thermal sensors " 3010 "calibration\n")); 3011 } 3012 3013 WPI_DBG((WPI_DEBUG_HW, "temperature %d\n", 3014 (int)WPI_READ(sc, WPI_TEMPERATURE))); 3015 3016 err = wpi_config(sc); 3017 if (err) { 3018 cmn_err(CE_WARN, "wpi_init(): failed to configure device\n"); 3019 goto fail1; 3020 } 3021 3022 mutex_exit(&sc->sc_glock); 3023 return (WPI_SUCCESS); 3024 3025 fail1: 3026 err = WPI_FAIL; 3027 mutex_exit(&sc->sc_glock); 3028 return (err); 3029 } 3030 3031 static void 3032 wpi_stop(wpi_sc_t *sc) 3033 { 3034 uint32_t tmp; 3035 int ac; 3036 3037 3038 mutex_enter(&sc->sc_glock); 3039 /* disable interrupts */ 3040 WPI_WRITE(sc, WPI_MASK, 0); 3041 WPI_WRITE(sc, WPI_INTR, WPI_INTR_MASK); 3042 WPI_WRITE(sc, WPI_INTR_STATUS, 0xff); 3043 WPI_WRITE(sc, WPI_INTR_STATUS, 0x00070000); 3044 3045 wpi_mem_lock(sc); 3046 wpi_mem_write(sc, WPI_MEM_MODE, 0); 3047 wpi_mem_unlock(sc); 3048 3049 /* reset all Tx rings */ 3050 for (ac = 0; ac < 4; ac++) 3051 wpi_reset_tx_ring(sc, &sc->sc_txq[ac]); 3052 wpi_reset_tx_ring(sc, &sc->sc_cmdq); 3053 wpi_reset_tx_ring(sc, &sc->sc_svcq); 3054 3055 /* reset Rx ring */ 3056 wpi_reset_rx_ring(sc); 3057 3058 wpi_mem_lock(sc); 3059 wpi_mem_write(sc, WPI_MEM_CLOCK2, 0x200); 3060 wpi_mem_unlock(sc); 3061 3062 DELAY(5); 3063 3064 wpi_stop_master(sc); 3065 3066 sc->sc_tx_timer = 0; 3067 tmp = WPI_READ(sc, WPI_RESET); 3068 WPI_WRITE(sc, WPI_RESET, tmp | WPI_SW_RESET); 3069 mutex_exit(&sc->sc_glock); 3070 } 3071 3072 /* 3073 * Naive implementation of the Adaptive Multi Rate Retry algorithm: 3074 * "IEEE 802.11 Rate Adaptation: A Practical Approach" 3075 * Mathieu Lacage, Hossein Manshaei, Thierry Turletti 3076 * INRIA Sophia - Projet Planete 3077 * http://www-sop.inria.fr/rapports/sophia/RR-5208.html 3078 */ 3079 #define is_success(amrr) \ 3080 ((amrr)->retrycnt < (amrr)->txcnt / 10) 3081 #define is_failure(amrr) \ 3082 ((amrr)->retrycnt > (amrr)->txcnt / 3) 3083 #define is_enough(amrr) \ 3084 ((amrr)->txcnt > 100) 3085 #define is_min_rate(in) \ 3086 ((in)->in_txrate == 0) 3087 #define is_max_rate(in) \ 3088 ((in)->in_txrate == (in)->in_rates.ir_nrates - 1) 3089 #define increase_rate(in) \ 3090 ((in)->in_txrate++) 3091 #define decrease_rate(in) \ 3092 ((in)->in_txrate--) 3093 #define reset_cnt(amrr) \ 3094 { (amrr)->txcnt = (amrr)->retrycnt = 0; } 3095 3096 #define WPI_AMRR_MIN_SUCCESS_THRESHOLD 1 3097 #define WPI_AMRR_MAX_SUCCESS_THRESHOLD 15 3098 3099 static void 3100 wpi_amrr_init(wpi_amrr_t *amrr) 3101 { 3102 amrr->success = 0; 3103 amrr->recovery = 0; 3104 amrr->txcnt = amrr->retrycnt = 0; 3105 amrr->success_threshold = WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3106 } 3107 3108 static void 3109 wpi_amrr_timeout(wpi_sc_t *sc) 3110 { 3111 ieee80211com_t *ic = &sc->sc_ic; 3112 3113 WPI_DBG((WPI_DEBUG_RATECTL, "wpi_amrr_timeout() enter\n")); 3114 if (ic->ic_opmode == IEEE80211_M_STA) 3115 wpi_amrr_ratectl(NULL, ic->ic_bss); 3116 else 3117 ieee80211_iterate_nodes(&ic->ic_sta, wpi_amrr_ratectl, NULL); 3118 sc->sc_clk = ddi_get_lbolt(); 3119 } 3120 3121 /* ARGSUSED */ 3122 static void 3123 wpi_amrr_ratectl(void *arg, ieee80211_node_t *in) 3124 { 3125 wpi_amrr_t *amrr = (wpi_amrr_t *)in; 3126 int need_change = 0; 3127 3128 if (is_success(amrr) && is_enough(amrr)) { 3129 amrr->success++; 3130 if (amrr->success >= amrr->success_threshold && 3131 !is_max_rate(in)) { 3132 amrr->recovery = 1; 3133 amrr->success = 0; 3134 increase_rate(in); 3135 WPI_DBG((WPI_DEBUG_RATECTL, 3136 "AMRR increasing rate %d (txcnt=%d retrycnt=%d)\n", 3137 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3138 need_change = 1; 3139 } else { 3140 amrr->recovery = 0; 3141 } 3142 } else if (is_failure(amrr)) { 3143 amrr->success = 0; 3144 if (!is_min_rate(in)) { 3145 if (amrr->recovery) { 3146 amrr->success_threshold++; 3147 if (amrr->success_threshold > 3148 WPI_AMRR_MAX_SUCCESS_THRESHOLD) 3149 amrr->success_threshold = 3150 WPI_AMRR_MAX_SUCCESS_THRESHOLD; 3151 } else { 3152 amrr->success_threshold = 3153 WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3154 } 3155 decrease_rate(in); 3156 WPI_DBG((WPI_DEBUG_RATECTL, 3157 "AMRR decreasing rate %d (txcnt=%d retrycnt=%d)\n", 3158 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3159 need_change = 1; 3160 } 3161 amrr->recovery = 0; /* paper is incorrect */ 3162 } 3163 3164 if (is_enough(amrr) || need_change) 3165 reset_cnt(amrr); 3166 } 3167