1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright (c) 2006 8 * Damien Bergamini <damien.bergamini@free.fr> 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 */ 22 23 #pragma ident "%Z%%M% %I% %E% SMI" 24 25 /* 26 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 27 */ 28 29 #include <sys/types.h> 30 #include <sys/byteorder.h> 31 #include <sys/conf.h> 32 #include <sys/cmn_err.h> 33 #include <sys/stat.h> 34 #include <sys/ddi.h> 35 #include <sys/sunddi.h> 36 #include <sys/strsubr.h> 37 #include <sys/ethernet.h> 38 #include <inet/common.h> 39 #include <inet/nd.h> 40 #include <inet/mi.h> 41 #include <sys/note.h> 42 #include <sys/stream.h> 43 #include <sys/strsun.h> 44 #include <sys/modctl.h> 45 #include <sys/devops.h> 46 #include <sys/dlpi.h> 47 #include <sys/mac.h> 48 #include <sys/mac_wifi.h> 49 #include <sys/net80211.h> 50 #include <sys/net80211_proto.h> 51 #include <sys/varargs.h> 52 #include <sys/policy.h> 53 #include <sys/pci.h> 54 55 #include "wpireg.h" 56 #include "wpivar.h" 57 #include <inet/wifi_ioctl.h> 58 59 #ifdef DEBUG 60 #define WPI_DEBUG_80211 (1 << 0) 61 #define WPI_DEBUG_CMD (1 << 1) 62 #define WPI_DEBUG_DMA (1 << 2) 63 #define WPI_DEBUG_EEPROM (1 << 3) 64 #define WPI_DEBUG_FW (1 << 4) 65 #define WPI_DEBUG_HW (1 << 5) 66 #define WPI_DEBUG_INTR (1 << 6) 67 #define WPI_DEBUG_MRR (1 << 7) 68 #define WPI_DEBUG_PIO (1 << 8) 69 #define WPI_DEBUG_RX (1 << 9) 70 #define WPI_DEBUG_SCAN (1 << 10) 71 #define WPI_DEBUG_TX (1 << 11) 72 #define WPI_DEBUG_RATECTL (1 << 12) 73 #define WPI_DEBUG_RADIO (1 << 13) 74 uint32_t wpi_dbg_flags = 0; 75 #define WPI_DBG(x) \ 76 wpi_dbg x 77 #else 78 #define WPI_DBG(x) 79 #endif 80 81 static void *wpi_soft_state_p = NULL; 82 static uint8_t wpi_fw_bin [] = { 83 #include "fw-wpi/ipw3945.ucode.hex" 84 }; 85 86 /* DMA attributes for a shared page */ 87 static ddi_dma_attr_t sh_dma_attr = { 88 DMA_ATTR_V0, /* version of this structure */ 89 0, /* lowest usable address */ 90 0xffffffffU, /* highest usable address */ 91 0xffffffffU, /* maximum DMAable byte count */ 92 0x1000, /* alignment in bytes */ 93 0x1000, /* burst sizes (any?) */ 94 1, /* minimum transfer */ 95 0xffffffffU, /* maximum transfer */ 96 0xffffffffU, /* maximum segment length */ 97 1, /* maximum number of segments */ 98 1, /* granularity */ 99 0, /* flags (reserved) */ 100 }; 101 102 /* DMA attributes for a ring descriptor */ 103 static ddi_dma_attr_t ring_desc_dma_attr = { 104 DMA_ATTR_V0, /* version of this structure */ 105 0, /* lowest usable address */ 106 0xffffffffU, /* highest usable address */ 107 0xffffffffU, /* maximum DMAable byte count */ 108 0x4000, /* alignment in bytes */ 109 0x100, /* burst sizes (any?) */ 110 1, /* minimum transfer */ 111 0xffffffffU, /* maximum transfer */ 112 0xffffffffU, /* maximum segment length */ 113 1, /* maximum number of segments */ 114 1, /* granularity */ 115 0, /* flags (reserved) */ 116 }; 117 118 119 /* DMA attributes for a tx cmd */ 120 static ddi_dma_attr_t tx_cmd_dma_attr = { 121 DMA_ATTR_V0, /* version of this structure */ 122 0, /* lowest usable address */ 123 0xffffffffU, /* highest usable address */ 124 0xffffffffU, /* maximum DMAable byte count */ 125 4, /* alignment in bytes */ 126 0x100, /* burst sizes (any?) */ 127 1, /* minimum transfer */ 128 0xffffffffU, /* maximum transfer */ 129 0xffffffffU, /* maximum segment length */ 130 1, /* maximum number of segments */ 131 1, /* granularity */ 132 0, /* flags (reserved) */ 133 }; 134 135 /* DMA attributes for a rx buffer */ 136 static ddi_dma_attr_t rx_buffer_dma_attr = { 137 DMA_ATTR_V0, /* version of this structure */ 138 0, /* lowest usable address */ 139 0xffffffffU, /* highest usable address */ 140 0xffffffffU, /* maximum DMAable byte count */ 141 1, /* alignment in bytes */ 142 0x100, /* burst sizes (any?) */ 143 1, /* minimum transfer */ 144 0xffffffffU, /* maximum transfer */ 145 0xffffffffU, /* maximum segment length */ 146 1, /* maximum number of segments */ 147 1, /* granularity */ 148 0, /* flags (reserved) */ 149 }; 150 151 /* 152 * DMA attributes for a tx buffer. 153 * the maximum number of segments is 4 for the hardware. 154 * now all the wifi drivers put the whole frame in a single 155 * descriptor, so we define the maximum number of segments 4, 156 * just the same as the rx_buffer. we consider leverage the HW 157 * ability in the future, that is why we don't define rx and tx 158 * buffer_dma_attr as the same. 159 */ 160 static ddi_dma_attr_t tx_buffer_dma_attr = { 161 DMA_ATTR_V0, /* version of this structure */ 162 0, /* lowest usable address */ 163 0xffffffffU, /* highest usable address */ 164 0xffffffffU, /* maximum DMAable byte count */ 165 1, /* alignment in bytes */ 166 0x100, /* burst sizes (any?) */ 167 1, /* minimum transfer */ 168 0xffffffffU, /* maximum transfer */ 169 0xffffffffU, /* maximum segment length */ 170 1, /* maximum number of segments */ 171 1, /* granularity */ 172 0, /* flags (reserved) */ 173 }; 174 175 /* DMA attributes for a load firmware */ 176 static ddi_dma_attr_t fw_buffer_dma_attr = { 177 DMA_ATTR_V0, /* version of this structure */ 178 0, /* lowest usable address */ 179 0xffffffffU, /* highest usable address */ 180 0x7fffffff, /* maximum DMAable byte count */ 181 4, /* alignment in bytes */ 182 0x100, /* burst sizes (any?) */ 183 1, /* minimum transfer */ 184 0xffffffffU, /* maximum transfer */ 185 0xffffffffU, /* maximum segment length */ 186 4, /* maximum number of segments */ 187 1, /* granularity */ 188 0, /* flags (reserved) */ 189 }; 190 191 /* regs access attributes */ 192 static ddi_device_acc_attr_t wpi_reg_accattr = { 193 DDI_DEVICE_ATTR_V0, 194 DDI_STRUCTURE_LE_ACC, 195 DDI_STRICTORDER_ACC, 196 DDI_DEFAULT_ACC 197 }; 198 199 /* DMA access attributes */ 200 static ddi_device_acc_attr_t wpi_dma_accattr = { 201 DDI_DEVICE_ATTR_V0, 202 DDI_NEVERSWAP_ACC, 203 DDI_STRICTORDER_ACC, 204 DDI_DEFAULT_ACC 205 }; 206 207 static int wpi_ring_init(wpi_sc_t *); 208 static void wpi_ring_free(wpi_sc_t *); 209 static int wpi_alloc_shared(wpi_sc_t *); 210 static void wpi_free_shared(wpi_sc_t *); 211 static int wpi_alloc_fw_dma(wpi_sc_t *); 212 static void wpi_free_fw_dma(wpi_sc_t *); 213 static int wpi_alloc_rx_ring(wpi_sc_t *); 214 static void wpi_reset_rx_ring(wpi_sc_t *); 215 static void wpi_free_rx_ring(wpi_sc_t *); 216 static int wpi_alloc_tx_ring(wpi_sc_t *, wpi_tx_ring_t *, int, int); 217 static void wpi_reset_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 218 static void wpi_free_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 219 220 static ieee80211_node_t *wpi_node_alloc(ieee80211com_t *); 221 static void wpi_node_free(ieee80211_node_t *); 222 static int wpi_newstate(ieee80211com_t *, enum ieee80211_state, int); 223 static int wpi_key_set(ieee80211com_t *, const struct ieee80211_key *, 224 const uint8_t mac[IEEE80211_ADDR_LEN]); 225 static void wpi_mem_lock(wpi_sc_t *); 226 static void wpi_mem_unlock(wpi_sc_t *); 227 static uint32_t wpi_mem_read(wpi_sc_t *, uint16_t); 228 static void wpi_mem_write(wpi_sc_t *, uint16_t, uint32_t); 229 static void wpi_mem_write_region_4(wpi_sc_t *, uint16_t, 230 const uint32_t *, int); 231 static uint16_t wpi_read_prom_word(wpi_sc_t *, uint32_t); 232 static int wpi_load_microcode(wpi_sc_t *); 233 static int wpi_load_firmware(wpi_sc_t *, uint32_t); 234 static void wpi_rx_intr(wpi_sc_t *, wpi_rx_desc_t *, 235 wpi_rx_data_t *); 236 static void wpi_tx_intr(wpi_sc_t *, wpi_rx_desc_t *, 237 wpi_rx_data_t *); 238 static void wpi_cmd_intr(wpi_sc_t *, wpi_rx_desc_t *); 239 static uint_t wpi_intr(caddr_t); 240 static uint_t wpi_notif_softintr(caddr_t); 241 static uint8_t wpi_plcp_signal(int); 242 static void wpi_read_eeprom(wpi_sc_t *); 243 static int wpi_cmd(wpi_sc_t *, int, const void *, int, int); 244 static int wpi_mrr_setup(wpi_sc_t *); 245 static void wpi_set_led(wpi_sc_t *, uint8_t, uint8_t, uint8_t); 246 static int wpi_auth(wpi_sc_t *); 247 static int wpi_scan(wpi_sc_t *); 248 static int wpi_config(wpi_sc_t *); 249 static void wpi_stop_master(wpi_sc_t *); 250 static int wpi_power_up(wpi_sc_t *); 251 static int wpi_reset(wpi_sc_t *); 252 static void wpi_hw_config(wpi_sc_t *); 253 static int wpi_init(wpi_sc_t *); 254 static void wpi_stop(wpi_sc_t *); 255 static void wpi_amrr_init(wpi_amrr_t *); 256 static void wpi_amrr_timeout(wpi_sc_t *); 257 static void wpi_amrr_ratectl(void *, ieee80211_node_t *); 258 259 static int wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd); 260 static int wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd); 261 262 /* 263 * GLD specific operations 264 */ 265 static int wpi_m_stat(void *arg, uint_t stat, uint64_t *val); 266 static int wpi_m_start(void *arg); 267 static void wpi_m_stop(void *arg); 268 static int wpi_m_unicst(void *arg, const uint8_t *macaddr); 269 static int wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m); 270 static int wpi_m_promisc(void *arg, boolean_t on); 271 static mblk_t *wpi_m_tx(void *arg, mblk_t *mp); 272 static void wpi_m_ioctl(void *arg, queue_t *wq, mblk_t *mp); 273 274 static void wpi_destroy_locks(wpi_sc_t *sc); 275 static int wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type); 276 static void wpi_thread(wpi_sc_t *sc); 277 278 /* 279 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 280 */ 281 static const struct ieee80211_rateset wpi_rateset_11b = 282 { 4, { 2, 4, 11, 22 } }; 283 284 static const struct ieee80211_rateset wpi_rateset_11g = 285 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 286 287 static const uint8_t wpi_ridx_to_signal[] = { 288 /* OFDM: IEEE Std 802.11a-1999, pp. 14 Table 80 */ 289 /* R1-R4 (ral/ural is R4-R1) */ 290 0xd, 0xf, 0x5, 0x7, 0x9, 0xb, 0x1, 0x3, 291 /* CCK: device-dependent */ 292 10, 20, 55, 110 293 }; 294 295 /* 296 * For mfthread only 297 */ 298 extern pri_t minclsyspri; 299 300 /* 301 * Module Loading Data & Entry Points 302 */ 303 DDI_DEFINE_STREAM_OPS(wpi_devops, nulldev, nulldev, wpi_attach, 304 wpi_detach, nodev, NULL, D_MP, NULL); 305 306 static struct modldrv wpi_modldrv = { 307 &mod_driverops, 308 "Intel(R) PRO/Wireless 3945ABG driver", 309 &wpi_devops 310 }; 311 312 static struct modlinkage wpi_modlinkage = { 313 MODREV_1, 314 &wpi_modldrv, 315 NULL 316 }; 317 318 int 319 _init(void) 320 { 321 int status; 322 323 status = ddi_soft_state_init(&wpi_soft_state_p, 324 sizeof (wpi_sc_t), 1); 325 if (status != DDI_SUCCESS) 326 return (status); 327 328 mac_init_ops(&wpi_devops, "wpi"); 329 status = mod_install(&wpi_modlinkage); 330 if (status != DDI_SUCCESS) { 331 mac_fini_ops(&wpi_devops); 332 ddi_soft_state_fini(&wpi_soft_state_p); 333 } 334 335 return (status); 336 } 337 338 int 339 _fini(void) 340 { 341 int status; 342 343 status = mod_remove(&wpi_modlinkage); 344 if (status == DDI_SUCCESS) { 345 mac_fini_ops(&wpi_devops); 346 ddi_soft_state_fini(&wpi_soft_state_p); 347 } 348 349 return (status); 350 } 351 352 int 353 _info(struct modinfo *mip) 354 { 355 return (mod_info(&wpi_modlinkage, mip)); 356 } 357 358 /* 359 * Mac Call Back entries 360 */ 361 mac_callbacks_t wpi_m_callbacks = { 362 MC_IOCTL, 363 wpi_m_stat, 364 wpi_m_start, 365 wpi_m_stop, 366 wpi_m_promisc, 367 wpi_m_multicst, 368 wpi_m_unicst, 369 wpi_m_tx, 370 NULL, 371 wpi_m_ioctl 372 }; 373 374 #ifdef DEBUG 375 void 376 wpi_dbg(uint32_t flags, const char *fmt, ...) 377 { 378 va_list ap; 379 380 if (flags & wpi_dbg_flags) { 381 va_start(ap, fmt); 382 vcmn_err(CE_NOTE, fmt, ap); 383 va_end(ap); 384 } 385 } 386 #endif 387 /* 388 * device operations 389 */ 390 int 391 wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 392 { 393 wpi_sc_t *sc; 394 ddi_acc_handle_t cfg_handle; 395 caddr_t cfg_base; 396 ieee80211com_t *ic; 397 int instance, err, i; 398 char strbuf[32]; 399 wifi_data_t wd = { 0 }; 400 mac_register_t *macp; 401 402 if (cmd != DDI_ATTACH) { 403 err = DDI_FAILURE; 404 goto attach_fail1; 405 } 406 407 instance = ddi_get_instance(dip); 408 err = ddi_soft_state_zalloc(wpi_soft_state_p, instance); 409 if (err != DDI_SUCCESS) { 410 cmn_err(CE_WARN, 411 "wpi_attach(): failed to allocate soft state\n"); 412 goto attach_fail1; 413 } 414 sc = ddi_get_soft_state(wpi_soft_state_p, instance); 415 sc->sc_dip = dip; 416 417 err = ddi_regs_map_setup(dip, 0, &cfg_base, 0, 0, 418 &wpi_reg_accattr, &cfg_handle); 419 if (err != DDI_SUCCESS) { 420 cmn_err(CE_WARN, 421 "wpi_attach(): failed to map config spaces regs\n"); 422 goto attach_fail2; 423 } 424 sc->sc_rev = ddi_get8(cfg_handle, 425 (uint8_t *)(cfg_base + PCI_CONF_REVID)); 426 ddi_put8(cfg_handle, (uint8_t *)(cfg_base + 0x41), 0); 427 sc->sc_clsz = ddi_get16(cfg_handle, 428 (uint16_t *)(cfg_base + PCI_CONF_CACHE_LINESZ)); 429 ddi_regs_map_free(&cfg_handle); 430 if (!sc->sc_clsz) 431 sc->sc_clsz = 16; 432 sc->sc_clsz = (sc->sc_clsz << 2); 433 sc->sc_dmabuf_sz = roundup(0x1000 + sizeof (struct ieee80211_frame) + 434 IEEE80211_MTU + IEEE80211_CRC_LEN + 435 (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + 436 IEEE80211_WEP_CRCLEN), sc->sc_clsz); 437 /* 438 * Map operating registers 439 */ 440 err = ddi_regs_map_setup(dip, 1, &sc->sc_base, 441 0, 0, &wpi_reg_accattr, &sc->sc_handle); 442 if (err != DDI_SUCCESS) { 443 cmn_err(CE_WARN, 444 "wpi_attach(): failed to map device regs\n"); 445 goto attach_fail2; 446 } 447 448 /* 449 * Allocate shared page. 450 */ 451 err = wpi_alloc_shared(sc); 452 if (err != DDI_SUCCESS) { 453 cmn_err(CE_WARN, "failed to allocate shared page\n"); 454 goto attach_fail3; 455 } 456 457 /* 458 * Get the hw conf, including MAC address, then init all rings. 459 */ 460 wpi_read_eeprom(sc); 461 err = wpi_ring_init(sc); 462 if (err != DDI_SUCCESS) { 463 cmn_err(CE_WARN, "wpi_attach(): " 464 "failed to allocate and initialize ring\n"); 465 goto attach_fail4; 466 } 467 468 sc->sc_hdr = (const wpi_firmware_hdr_t *)wpi_fw_bin; 469 470 /* firmware image layout: |HDR|<--TEXT-->|<--DATA-->|<--BOOT-->| */ 471 sc->sc_text = (const char *)(sc->sc_hdr + 1); 472 sc->sc_data = sc->sc_text + LE_32(sc->sc_hdr->textsz); 473 sc->sc_boot = sc->sc_data + LE_32(sc->sc_hdr->datasz); 474 err = wpi_alloc_fw_dma(sc); 475 if (err != DDI_SUCCESS) { 476 cmn_err(CE_WARN, "wpi_attach(): " 477 "failed to allocate firmware dma\n"); 478 goto attach_fail5; 479 } 480 481 /* 482 * Initialize mutexs and condvars 483 */ 484 err = ddi_get_iblock_cookie(dip, 0, &sc->sc_iblk); 485 if (err != DDI_SUCCESS) { 486 cmn_err(CE_WARN, 487 "wpi_attach(): failed to do ddi_get_iblock_cookie()\n"); 488 goto attach_fail6; 489 } 490 mutex_init(&sc->sc_glock, NULL, MUTEX_DRIVER, sc->sc_iblk); 491 mutex_init(&sc->sc_tx_lock, NULL, MUTEX_DRIVER, sc->sc_iblk); 492 cv_init(&sc->sc_fw_cv, NULL, CV_DRIVER, NULL); 493 cv_init(&sc->sc_cmd_cv, NULL, CV_DRIVER, NULL); 494 cv_init(&sc->sc_tx_cv, "tx-ring", CV_DRIVER, NULL); 495 /* 496 * initialize the mfthread 497 */ 498 mutex_init(&sc->sc_mt_lock, NULL, MUTEX_DRIVER, 499 (void *) sc->sc_iblk); 500 cv_init(&sc->sc_mt_cv, NULL, CV_DRIVER, NULL); 501 sc->sc_mf_thread = NULL; 502 sc->sc_mf_thread_switch = 0; 503 /* 504 * Initialize the wifi part, which will be used by 505 * generic layer 506 */ 507 ic = &sc->sc_ic; 508 ic->ic_phytype = IEEE80211_T_OFDM; 509 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 510 ic->ic_state = IEEE80211_S_INIT; 511 ic->ic_maxrssi = 70; /* experimental number */ 512 ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_TXPMGT | 513 IEEE80211_C_PMGT | IEEE80211_C_SHSLOT; 514 515 /* 516 * use software WEP and TKIP, hardware CCMP; 517 */ 518 ic->ic_caps |= IEEE80211_C_AES_CCM; 519 ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */ 520 521 /* set supported .11b and .11g rates */ 522 ic->ic_sup_rates[IEEE80211_MODE_11B] = wpi_rateset_11b; 523 ic->ic_sup_rates[IEEE80211_MODE_11G] = wpi_rateset_11g; 524 525 /* set supported .11b and .11g channels (1 through 14) */ 526 for (i = 1; i <= 14; i++) { 527 ic->ic_sup_channels[i].ich_freq = 528 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 529 ic->ic_sup_channels[i].ich_flags = 530 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 531 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 532 } 533 ic->ic_ibss_chan = &ic->ic_sup_channels[0]; 534 ic->ic_xmit = wpi_send; 535 /* 536 * init Wifi layer 537 */ 538 ieee80211_attach(ic); 539 540 /* register WPA door */ 541 ieee80211_register_door(ic, ddi_driver_name(dip), 542 ddi_get_instance(dip)); 543 544 /* 545 * Override 80211 default routines 546 */ 547 sc->sc_newstate = ic->ic_newstate; 548 ic->ic_newstate = wpi_newstate; 549 ic->ic_node_alloc = wpi_node_alloc; 550 ic->ic_node_free = wpi_node_free; 551 ic->ic_crypto.cs_key_set = wpi_key_set; 552 ieee80211_media_init(ic); 553 /* 554 * initialize default tx key 555 */ 556 ic->ic_def_txkey = 0; 557 558 err = ddi_add_softintr(dip, DDI_SOFTINT_LOW, 559 &sc->sc_notif_softint_id, &sc->sc_iblk, NULL, wpi_notif_softintr, 560 (caddr_t)sc); 561 if (err != DDI_SUCCESS) { 562 cmn_err(CE_WARN, 563 "wpi_attach(): failed to do ddi_add_softintr()\n"); 564 goto attach_fail7; 565 } 566 567 /* 568 * Add the interrupt handler 569 */ 570 err = ddi_add_intr(dip, 0, &sc->sc_iblk, NULL, 571 wpi_intr, (caddr_t)sc); 572 if (err != DDI_SUCCESS) { 573 cmn_err(CE_WARN, 574 "wpi_attach(): failed to do ddi_add_intr()\n"); 575 goto attach_fail8; 576 } 577 578 /* 579 * Initialize pointer to device specific functions 580 */ 581 wd.wd_secalloc = WIFI_SEC_NONE; 582 wd.wd_opmode = ic->ic_opmode; 583 IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_macaddr); 584 585 macp = mac_alloc(MAC_VERSION); 586 if (err != DDI_SUCCESS) { 587 cmn_err(CE_WARN, 588 "wpi_attach(): failed to do mac_alloc()\n"); 589 goto attach_fail9; 590 } 591 592 macp->m_type_ident = MAC_PLUGIN_IDENT_WIFI; 593 macp->m_driver = sc; 594 macp->m_dip = dip; 595 macp->m_src_addr = ic->ic_macaddr; 596 macp->m_callbacks = &wpi_m_callbacks; 597 macp->m_min_sdu = 0; 598 macp->m_max_sdu = IEEE80211_MTU; 599 macp->m_pdata = &wd; 600 macp->m_pdata_size = sizeof (wd); 601 602 /* 603 * Register the macp to mac 604 */ 605 err = mac_register(macp, &ic->ic_mach); 606 mac_free(macp); 607 if (err != DDI_SUCCESS) { 608 cmn_err(CE_WARN, 609 "wpi_attach(): failed to do mac_register()\n"); 610 goto attach_fail9; 611 } 612 613 /* 614 * Create minor node of type DDI_NT_NET_WIFI 615 */ 616 (void) snprintf(strbuf, sizeof (strbuf), "wpi%d", instance); 617 err = ddi_create_minor_node(dip, strbuf, S_IFCHR, 618 instance + 1, DDI_NT_NET_WIFI, 0); 619 if (err != DDI_SUCCESS) 620 cmn_err(CE_WARN, 621 "wpi_attach(): failed to do ddi_create_minor_node()\n"); 622 623 /* 624 * Notify link is down now 625 */ 626 mac_link_update(ic->ic_mach, LINK_STATE_DOWN); 627 628 /* 629 * create the mf thread to handle the link status, 630 * recovery fatal error, etc. 631 */ 632 633 sc->sc_mf_thread_switch = 1; 634 if (sc->sc_mf_thread == NULL) 635 sc->sc_mf_thread = thread_create((caddr_t)NULL, 0, 636 wpi_thread, sc, 0, &p0, TS_RUN, minclsyspri); 637 638 sc->sc_flags |= WPI_F_ATTACHED; 639 640 return (DDI_SUCCESS); 641 attach_fail9: 642 ddi_remove_intr(dip, 0, sc->sc_iblk); 643 attach_fail8: 644 ddi_remove_softintr(sc->sc_notif_softint_id); 645 sc->sc_notif_softint_id = NULL; 646 attach_fail7: 647 ieee80211_detach(ic); 648 wpi_destroy_locks(sc); 649 attach_fail6: 650 wpi_free_fw_dma(sc); 651 attach_fail5: 652 wpi_ring_free(sc); 653 attach_fail4: 654 wpi_free_shared(sc); 655 attach_fail3: 656 ddi_regs_map_free(&sc->sc_handle); 657 attach_fail2: 658 ddi_soft_state_free(wpi_soft_state_p, instance); 659 attach_fail1: 660 return (err); 661 } 662 663 int 664 wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 665 { 666 wpi_sc_t *sc; 667 int err; 668 669 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 670 ASSERT(sc != NULL); 671 672 if (cmd != DDI_DETACH) 673 return (DDI_FAILURE); 674 if (!(sc->sc_flags & WPI_F_ATTACHED)) 675 return (DDI_FAILURE); 676 677 /* 678 * Destroy the mf_thread 679 */ 680 mutex_enter(&sc->sc_mt_lock); 681 sc->sc_mf_thread_switch = 0; 682 while (sc->sc_mf_thread != NULL) { 683 if (cv_wait_sig(&sc->sc_mt_cv, &sc->sc_mt_lock) == 0) 684 break; 685 } 686 mutex_exit(&sc->sc_mt_lock); 687 688 wpi_stop(sc); 689 690 /* 691 * Unregiste from the MAC layer subsystem 692 */ 693 err = mac_unregister(sc->sc_ic.ic_mach); 694 if (err != DDI_SUCCESS) 695 return (err); 696 697 mutex_enter(&sc->sc_glock); 698 wpi_free_fw_dma(sc); 699 wpi_ring_free(sc); 700 wpi_free_shared(sc); 701 mutex_exit(&sc->sc_glock); 702 703 ddi_remove_intr(dip, 0, sc->sc_iblk); 704 ddi_remove_softintr(sc->sc_notif_softint_id); 705 sc->sc_notif_softint_id = NULL; 706 707 /* 708 * detach ieee80211 709 */ 710 ieee80211_detach(&sc->sc_ic); 711 712 wpi_destroy_locks(sc); 713 714 ddi_regs_map_free(&sc->sc_handle); 715 ddi_remove_minor_node(dip, NULL); 716 ddi_soft_state_free(wpi_soft_state_p, ddi_get_instance(dip)); 717 718 return (DDI_SUCCESS); 719 } 720 721 static void 722 wpi_destroy_locks(wpi_sc_t *sc) 723 { 724 cv_destroy(&sc->sc_mt_cv); 725 mutex_destroy(&sc->sc_mt_lock); 726 cv_destroy(&sc->sc_tx_cv); 727 cv_destroy(&sc->sc_cmd_cv); 728 cv_destroy(&sc->sc_fw_cv); 729 mutex_destroy(&sc->sc_tx_lock); 730 mutex_destroy(&sc->sc_glock); 731 } 732 733 /* 734 * Allocate an area of memory and a DMA handle for accessing it 735 */ 736 static int 737 wpi_alloc_dma_mem(wpi_sc_t *sc, size_t memsize, ddi_dma_attr_t *dma_attr_p, 738 ddi_device_acc_attr_t *acc_attr_p, uint_t dma_flags, wpi_dma_t *dma_p) 739 { 740 caddr_t vaddr; 741 int err; 742 743 /* 744 * Allocate handle 745 */ 746 err = ddi_dma_alloc_handle(sc->sc_dip, dma_attr_p, 747 DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl); 748 if (err != DDI_SUCCESS) { 749 dma_p->dma_hdl = NULL; 750 return (DDI_FAILURE); 751 } 752 753 /* 754 * Allocate memory 755 */ 756 err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, acc_attr_p, 757 dma_flags & (DDI_DMA_CONSISTENT | DDI_DMA_STREAMING), 758 DDI_DMA_SLEEP, NULL, &vaddr, &dma_p->alength, &dma_p->acc_hdl); 759 if (err != DDI_SUCCESS) { 760 ddi_dma_free_handle(&dma_p->dma_hdl); 761 dma_p->dma_hdl = NULL; 762 dma_p->acc_hdl = NULL; 763 return (DDI_FAILURE); 764 } 765 766 /* 767 * Bind the two together 768 */ 769 dma_p->mem_va = vaddr; 770 err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL, 771 vaddr, dma_p->alength, dma_flags, DDI_DMA_SLEEP, NULL, 772 &dma_p->cookie, &dma_p->ncookies); 773 if (err != DDI_DMA_MAPPED) { 774 ddi_dma_mem_free(&dma_p->acc_hdl); 775 ddi_dma_free_handle(&dma_p->dma_hdl); 776 dma_p->acc_hdl = NULL; 777 dma_p->dma_hdl = NULL; 778 return (DDI_FAILURE); 779 } 780 781 dma_p->nslots = ~0U; 782 dma_p->size = ~0U; 783 dma_p->token = ~0U; 784 dma_p->offset = 0; 785 return (DDI_SUCCESS); 786 } 787 788 /* 789 * Free one allocated area of DMAable memory 790 */ 791 static void 792 wpi_free_dma_mem(wpi_dma_t *dma_p) 793 { 794 if (dma_p->dma_hdl != NULL) { 795 if (dma_p->ncookies) { 796 (void) ddi_dma_unbind_handle(dma_p->dma_hdl); 797 dma_p->ncookies = 0; 798 } 799 ddi_dma_free_handle(&dma_p->dma_hdl); 800 dma_p->dma_hdl = NULL; 801 } 802 803 if (dma_p->acc_hdl != NULL) { 804 ddi_dma_mem_free(&dma_p->acc_hdl); 805 dma_p->acc_hdl = NULL; 806 } 807 } 808 809 /* 810 * Allocate an area of dma memory for firmware load. 811 * Idealy, this allocation should be a one time action, that is, 812 * the memory will be freed after the firmware is uploaded to the 813 * card. but since a recovery mechanism for the fatal firmware need 814 * reload the firmware, and re-allocate dma at run time may be failed, 815 * so we allocate it at attach and keep it in the whole lifecycle of 816 * the driver. 817 */ 818 static int 819 wpi_alloc_fw_dma(wpi_sc_t *sc) 820 { 821 int i, err = DDI_SUCCESS; 822 wpi_dma_t *dma_p; 823 824 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->textsz), 825 &fw_buffer_dma_attr, &wpi_dma_accattr, 826 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 827 &sc->sc_dma_fw_text); 828 dma_p = &sc->sc_dma_fw_text; 829 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 830 dma_p->ncookies, dma_p->cookie.dmac_address, 831 dma_p->cookie.dmac_size)); 832 if (err != DDI_SUCCESS) { 833 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 834 "text dma memory"); 835 goto fail; 836 } 837 for (i = 0; i < dma_p->ncookies; i++) { 838 sc->sc_fw_text_cookie[i] = dma_p->cookie; 839 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 840 } 841 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz), 842 &fw_buffer_dma_attr, &wpi_dma_accattr, 843 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 844 &sc->sc_dma_fw_data); 845 dma_p = &sc->sc_dma_fw_data; 846 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 847 dma_p->ncookies, dma_p->cookie.dmac_address, 848 dma_p->cookie.dmac_size)); 849 if (err != DDI_SUCCESS) { 850 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 851 "data dma memory"); 852 goto fail; 853 } 854 for (i = 0; i < dma_p->ncookies; i++) { 855 sc->sc_fw_data_cookie[i] = dma_p->cookie; 856 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 857 } 858 fail: 859 return (err); 860 } 861 862 static void 863 wpi_free_fw_dma(wpi_sc_t *sc) 864 { 865 wpi_free_dma_mem(&sc->sc_dma_fw_text); 866 wpi_free_dma_mem(&sc->sc_dma_fw_data); 867 } 868 869 /* 870 * Allocate a shared page between host and NIC. 871 */ 872 static int 873 wpi_alloc_shared(wpi_sc_t *sc) 874 { 875 int err = DDI_SUCCESS; 876 877 /* must be aligned on a 4K-page boundary */ 878 err = wpi_alloc_dma_mem(sc, sizeof (wpi_shared_t), 879 &sh_dma_attr, &wpi_dma_accattr, 880 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 881 &sc->sc_dma_sh); 882 if (err != DDI_SUCCESS) 883 goto fail; 884 sc->sc_shared = (wpi_shared_t *)sc->sc_dma_sh.mem_va; 885 return (err); 886 887 fail: 888 wpi_free_shared(sc); 889 return (err); 890 } 891 892 static void 893 wpi_free_shared(wpi_sc_t *sc) 894 { 895 wpi_free_dma_mem(&sc->sc_dma_sh); 896 } 897 898 static int 899 wpi_alloc_rx_ring(wpi_sc_t *sc) 900 { 901 wpi_rx_ring_t *ring; 902 wpi_rx_data_t *data; 903 int i, err = DDI_SUCCESS; 904 905 ring = &sc->sc_rxq; 906 ring->cur = 0; 907 908 err = wpi_alloc_dma_mem(sc, WPI_RX_RING_COUNT * sizeof (uint32_t), 909 &ring_desc_dma_attr, &wpi_dma_accattr, 910 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 911 &ring->dma_desc); 912 if (err != DDI_SUCCESS) { 913 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring desc failed\n")); 914 goto fail; 915 } 916 ring->desc = (uint32_t *)ring->dma_desc.mem_va; 917 918 /* 919 * Allocate Rx buffers. 920 */ 921 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 922 data = &ring->data[i]; 923 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 924 &rx_buffer_dma_attr, &wpi_dma_accattr, 925 DDI_DMA_READ | DDI_DMA_STREAMING, 926 &data->dma_data); 927 if (err != DDI_SUCCESS) { 928 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring buf[%d] " 929 "failed\n", i)); 930 goto fail; 931 } 932 933 ring->desc[i] = LE_32(data->dma_data.cookie.dmac_address); 934 } 935 936 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 937 938 return (err); 939 940 fail: 941 wpi_free_rx_ring(sc); 942 return (err); 943 } 944 945 static void 946 wpi_reset_rx_ring(wpi_sc_t *sc) 947 { 948 int ntries; 949 950 wpi_mem_lock(sc); 951 952 WPI_WRITE(sc, WPI_RX_CONFIG, 0); 953 for (ntries = 0; ntries < 2000; ntries++) { 954 if (WPI_READ(sc, WPI_RX_STATUS) & WPI_RX_IDLE) 955 break; 956 DELAY(1000); 957 } 958 #ifdef DEBUG 959 if (ntries == 2000) 960 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Rx ring\n")); 961 #endif 962 wpi_mem_unlock(sc); 963 964 sc->sc_rxq.cur = 0; 965 } 966 967 static void 968 wpi_free_rx_ring(wpi_sc_t *sc) 969 { 970 int i; 971 972 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 973 if (sc->sc_rxq.data[i].dma_data.dma_hdl) 974 WPI_DMA_SYNC(sc->sc_rxq.data[i].dma_data, 975 DDI_DMA_SYNC_FORCPU); 976 wpi_free_dma_mem(&sc->sc_rxq.data[i].dma_data); 977 } 978 979 if (sc->sc_rxq.dma_desc.dma_hdl) 980 WPI_DMA_SYNC(sc->sc_rxq.dma_desc, DDI_DMA_SYNC_FORDEV); 981 wpi_free_dma_mem(&sc->sc_rxq.dma_desc); 982 } 983 984 static int 985 wpi_alloc_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring, int count, int qid) 986 { 987 wpi_tx_data_t *data; 988 wpi_tx_desc_t *desc_h; 989 uint32_t paddr_desc_h; 990 wpi_tx_cmd_t *cmd_h; 991 uint32_t paddr_cmd_h; 992 int i, err = DDI_SUCCESS; 993 994 ring->qid = qid; 995 ring->count = count; 996 ring->queued = 0; 997 ring->cur = 0; 998 999 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_desc_t), 1000 &ring_desc_dma_attr, &wpi_dma_accattr, 1001 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1002 &ring->dma_desc); 1003 if (err != DDI_SUCCESS) { 1004 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring desc[%d] failed\n", 1005 qid)); 1006 goto fail; 1007 } 1008 1009 /* update shared page with ring's base address */ 1010 sc->sc_shared->txbase[qid] = ring->dma_desc.cookie.dmac_address; 1011 1012 desc_h = (wpi_tx_desc_t *)ring->dma_desc.mem_va; 1013 paddr_desc_h = ring->dma_desc.cookie.dmac_address; 1014 1015 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_cmd_t), 1016 &tx_cmd_dma_attr, &wpi_dma_accattr, 1017 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1018 &ring->dma_cmd); 1019 if (err != DDI_SUCCESS) { 1020 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring cmd[%d] failed\n", 1021 qid)); 1022 goto fail; 1023 } 1024 1025 cmd_h = (wpi_tx_cmd_t *)ring->dma_cmd.mem_va; 1026 paddr_cmd_h = ring->dma_cmd.cookie.dmac_address; 1027 1028 /* 1029 * Allocate Tx buffers. 1030 */ 1031 ring->data = kmem_zalloc(sizeof (wpi_tx_data_t) * count, KM_NOSLEEP); 1032 if (ring->data == NULL) { 1033 WPI_DBG((WPI_DEBUG_DMA, "could not allocate tx data slots\n")); 1034 goto fail; 1035 } 1036 1037 for (i = 0; i < count; i++) { 1038 data = &ring->data[i]; 1039 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 1040 &tx_buffer_dma_attr, &wpi_dma_accattr, 1041 DDI_DMA_WRITE | DDI_DMA_STREAMING, 1042 &data->dma_data); 1043 if (err != DDI_SUCCESS) { 1044 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring buf[%d] " 1045 "failed\n", i)); 1046 goto fail; 1047 } 1048 1049 data->desc = desc_h + i; 1050 data->paddr_desc = paddr_desc_h + 1051 ((caddr_t)data->desc - (caddr_t)desc_h); 1052 data->cmd = cmd_h + i; 1053 data->paddr_cmd = paddr_cmd_h + 1054 ((caddr_t)data->cmd - (caddr_t)cmd_h); 1055 } 1056 1057 return (err); 1058 1059 fail: 1060 if (ring->data) 1061 kmem_free(ring->data, sizeof (wpi_tx_data_t) * count); 1062 wpi_free_tx_ring(sc, ring); 1063 return (err); 1064 } 1065 1066 static void 1067 wpi_reset_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1068 { 1069 wpi_tx_data_t *data; 1070 int i, ntries; 1071 1072 wpi_mem_lock(sc); 1073 1074 WPI_WRITE(sc, WPI_TX_CONFIG(ring->qid), 0); 1075 for (ntries = 0; ntries < 100; ntries++) { 1076 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(ring->qid)) 1077 break; 1078 DELAY(10); 1079 } 1080 #ifdef DEBUG 1081 if (ntries == 100 && wpi_dbg_flags > 0) { 1082 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Tx ring %d\n", 1083 ring->qid)); 1084 } 1085 #endif 1086 wpi_mem_unlock(sc); 1087 1088 for (i = 0; i < ring->count; i++) { 1089 data = &ring->data[i]; 1090 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 1091 } 1092 1093 ring->queued = 0; 1094 ring->cur = 0; 1095 } 1096 1097 /*ARGSUSED*/ 1098 static void 1099 wpi_free_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1100 { 1101 int i; 1102 1103 if (ring->dma_desc.dma_hdl != NULL) 1104 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 1105 wpi_free_dma_mem(&ring->dma_desc); 1106 1107 if (ring->dma_cmd.dma_hdl != NULL) 1108 WPI_DMA_SYNC(ring->dma_cmd, DDI_DMA_SYNC_FORDEV); 1109 wpi_free_dma_mem(&ring->dma_cmd); 1110 1111 if (ring->data != NULL) { 1112 for (i = 0; i < ring->count; i++) { 1113 if (ring->data[i].dma_data.dma_hdl) 1114 WPI_DMA_SYNC(ring->data[i].dma_data, 1115 DDI_DMA_SYNC_FORDEV); 1116 wpi_free_dma_mem(&ring->data[i].dma_data); 1117 } 1118 kmem_free(ring->data, ring->count * sizeof (wpi_tx_data_t)); 1119 } 1120 } 1121 1122 static int 1123 wpi_ring_init(wpi_sc_t *sc) 1124 { 1125 int i, err = DDI_SUCCESS; 1126 1127 for (i = 0; i < 4; i++) { 1128 err = wpi_alloc_tx_ring(sc, &sc->sc_txq[i], WPI_TX_RING_COUNT, 1129 i); 1130 if (err != DDI_SUCCESS) 1131 goto fail; 1132 } 1133 err = wpi_alloc_tx_ring(sc, &sc->sc_cmdq, WPI_CMD_RING_COUNT, 4); 1134 if (err != DDI_SUCCESS) 1135 goto fail; 1136 err = wpi_alloc_tx_ring(sc, &sc->sc_svcq, WPI_SVC_RING_COUNT, 5); 1137 if (err != DDI_SUCCESS) 1138 goto fail; 1139 err = wpi_alloc_rx_ring(sc); 1140 if (err != DDI_SUCCESS) 1141 goto fail; 1142 return (err); 1143 1144 fail: 1145 return (err); 1146 } 1147 1148 static void 1149 wpi_ring_free(wpi_sc_t *sc) 1150 { 1151 int i = 4; 1152 1153 wpi_free_rx_ring(sc); 1154 wpi_free_tx_ring(sc, &sc->sc_svcq); 1155 wpi_free_tx_ring(sc, &sc->sc_cmdq); 1156 while (--i >= 0) { 1157 wpi_free_tx_ring(sc, &sc->sc_txq[i]); 1158 } 1159 } 1160 1161 /* ARGSUSED */ 1162 static ieee80211_node_t * 1163 wpi_node_alloc(ieee80211com_t *ic) 1164 { 1165 wpi_amrr_t *amrr; 1166 1167 amrr = kmem_zalloc(sizeof (wpi_amrr_t), KM_SLEEP); 1168 if (amrr != NULL) 1169 wpi_amrr_init(amrr); 1170 return (&amrr->in); 1171 } 1172 1173 static void 1174 wpi_node_free(ieee80211_node_t *in) 1175 { 1176 ieee80211com_t *ic = in->in_ic; 1177 1178 ic->ic_node_cleanup(in); 1179 if (in->in_wpa_ie != NULL) 1180 ieee80211_free(in->in_wpa_ie); 1181 kmem_free(in, sizeof (wpi_amrr_t)); 1182 } 1183 1184 /*ARGSUSED*/ 1185 static int 1186 wpi_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg) 1187 { 1188 wpi_sc_t *sc = (wpi_sc_t *)ic; 1189 ieee80211_node_t *in = ic->ic_bss; 1190 enum ieee80211_state ostate; 1191 int i, err = WPI_SUCCESS; 1192 1193 mutex_enter(&sc->sc_glock); 1194 switch (nstate) { 1195 case IEEE80211_S_SCAN: 1196 ostate = ic->ic_state; 1197 switch (ostate) { 1198 default: 1199 break; 1200 case IEEE80211_S_INIT: 1201 /* make the link LED blink while we're scanning */ 1202 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1203 1204 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1205 if ((err = wpi_scan(sc)) != 0) { 1206 WPI_DBG((WPI_DEBUG_80211, 1207 "could not initiate scan\n")); 1208 ic->ic_flags &= ~(IEEE80211_F_SCAN | 1209 IEEE80211_F_ASCAN); 1210 mutex_exit(&sc->sc_glock); 1211 return (err); 1212 } 1213 break; 1214 } 1215 ic->ic_state = nstate; 1216 sc->sc_clk = 0; 1217 1218 mutex_exit(&sc->sc_glock); 1219 return (WPI_SUCCESS); 1220 1221 case IEEE80211_S_AUTH: 1222 /* reset state to handle reassociations correctly */ 1223 sc->sc_config.state = 0; 1224 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1225 1226 if ((err = wpi_auth(sc)) != 0) { 1227 WPI_DBG((WPI_DEBUG_80211, 1228 "could not send authentication request\n")); 1229 mutex_exit(&sc->sc_glock); 1230 return (err); 1231 } 1232 break; 1233 1234 case IEEE80211_S_RUN: 1235 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1236 /* link LED blinks while monitoring */ 1237 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 1238 break; 1239 } 1240 1241 if (ic->ic_opmode != IEEE80211_M_STA) { 1242 (void) wpi_auth(sc); 1243 /* need setup beacon here */ 1244 } 1245 WPI_DBG((WPI_DEBUG_80211, "wpi: associated.")); 1246 1247 /* update adapter's configuration */ 1248 sc->sc_config.state = LE_16(WPI_CONFIG_ASSOCIATED); 1249 /* short preamble/slot time are negotiated when associating */ 1250 sc->sc_config.flags &= ~LE_32(WPI_CONFIG_SHPREAMBLE | 1251 WPI_CONFIG_SHSLOT); 1252 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1253 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHSLOT); 1254 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1255 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHPREAMBLE); 1256 sc->sc_config.filter |= LE_32(WPI_FILTER_BSS); 1257 if (ic->ic_opmode != IEEE80211_M_STA) 1258 sc->sc_config.filter |= LE_32(WPI_FILTER_BEACON); 1259 1260 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x\n", 1261 sc->sc_config.chan, sc->sc_config.flags)); 1262 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1263 sizeof (wpi_config_t), 1); 1264 if (err != WPI_SUCCESS) { 1265 WPI_DBG((WPI_DEBUG_80211, 1266 "could not update configuration\n")); 1267 mutex_exit(&sc->sc_glock); 1268 return (err); 1269 } 1270 1271 /* start automatic rate control */ 1272 mutex_enter(&sc->sc_mt_lock); 1273 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1274 sc->sc_flags |= WPI_F_RATE_AUTO_CTL; 1275 /* set rate to some reasonable initial value */ 1276 i = in->in_rates.ir_nrates - 1; 1277 while (i > 0 && IEEE80211_RATE(i) > 72) 1278 i--; 1279 in->in_txrate = i; 1280 } else { 1281 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 1282 } 1283 mutex_exit(&sc->sc_mt_lock); 1284 1285 /* link LED always on while associated */ 1286 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 1287 break; 1288 1289 case IEEE80211_S_INIT: 1290 case IEEE80211_S_ASSOC: 1291 break; 1292 } 1293 1294 mutex_exit(&sc->sc_glock); 1295 return (sc->sc_newstate(ic, nstate, arg)); 1296 } 1297 1298 /*ARGSUSED*/ 1299 static int wpi_key_set(ieee80211com_t *ic, const struct ieee80211_key *k, 1300 const uint8_t mac[IEEE80211_ADDR_LEN]) 1301 { 1302 wpi_sc_t *sc = (wpi_sc_t *)ic; 1303 wpi_node_t node; 1304 int err; 1305 1306 switch (k->wk_cipher->ic_cipher) { 1307 case IEEE80211_CIPHER_WEP: 1308 case IEEE80211_CIPHER_TKIP: 1309 return (1); /* sofeware do it. */ 1310 case IEEE80211_CIPHER_AES_CCM: 1311 break; 1312 default: 1313 return (0); 1314 } 1315 sc->sc_config.filter &= ~(WPI_FILTER_NODECRYPTUNI | 1316 WPI_FILTER_NODECRYPTMUL); 1317 1318 mutex_enter(&sc->sc_glock); 1319 1320 /* update ap/multicast node */ 1321 (void) memset(&node, 0, sizeof (node)); 1322 if (IEEE80211_IS_MULTICAST(mac)) { 1323 (void) memset(node.bssid, 0xff, 6); 1324 node.id = WPI_ID_BROADCAST; 1325 } else { 1326 IEEE80211_ADDR_COPY(node.bssid, ic->ic_bss->in_bssid); 1327 node.id = WPI_ID_BSS; 1328 } 1329 if (k->wk_flags & IEEE80211_KEY_XMIT) { 1330 node.key_flags = 0; 1331 node.keyp = k->wk_keyix; 1332 } else { 1333 node.key_flags = (1 << 14); 1334 node.keyp = k->wk_keyix + 4; 1335 } 1336 (void) memcpy(node.key, k->wk_key, k->wk_keylen); 1337 node.key_flags |= (2 | (1 << 3) | (k->wk_keyix << 8)); 1338 node.sta_mask = 1; 1339 node.control = 1; 1340 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 1341 if (err != WPI_SUCCESS) { 1342 cmn_err(CE_WARN, "wpi_key_set():" 1343 "failed to update ap node\n"); 1344 mutex_exit(&sc->sc_glock); 1345 return (0); 1346 } 1347 mutex_exit(&sc->sc_glock); 1348 return (1); 1349 } 1350 1351 /* 1352 * Grab exclusive access to NIC memory. 1353 */ 1354 static void 1355 wpi_mem_lock(wpi_sc_t *sc) 1356 { 1357 uint32_t tmp; 1358 int ntries; 1359 1360 tmp = WPI_READ(sc, WPI_GPIO_CTL); 1361 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_MAC); 1362 1363 /* spin until we actually get the lock */ 1364 for (ntries = 0; ntries < 1000; ntries++) { 1365 if ((WPI_READ(sc, WPI_GPIO_CTL) & 1366 (WPI_GPIO_CLOCK | WPI_GPIO_SLEEP)) == WPI_GPIO_CLOCK) 1367 break; 1368 DELAY(10); 1369 } 1370 if (ntries == 1000) 1371 WPI_DBG((WPI_DEBUG_PIO, "could not lock memory\n")); 1372 } 1373 1374 /* 1375 * Release lock on NIC memory. 1376 */ 1377 static void 1378 wpi_mem_unlock(wpi_sc_t *sc) 1379 { 1380 uint32_t tmp = WPI_READ(sc, WPI_GPIO_CTL); 1381 WPI_WRITE(sc, WPI_GPIO_CTL, tmp & ~WPI_GPIO_MAC); 1382 } 1383 1384 static uint32_t 1385 wpi_mem_read(wpi_sc_t *sc, uint16_t addr) 1386 { 1387 WPI_WRITE(sc, WPI_READ_MEM_ADDR, WPI_MEM_4 | addr); 1388 return (WPI_READ(sc, WPI_READ_MEM_DATA)); 1389 } 1390 1391 static void 1392 wpi_mem_write(wpi_sc_t *sc, uint16_t addr, uint32_t data) 1393 { 1394 WPI_WRITE(sc, WPI_WRITE_MEM_ADDR, WPI_MEM_4 | addr); 1395 WPI_WRITE(sc, WPI_WRITE_MEM_DATA, data); 1396 } 1397 1398 static void 1399 wpi_mem_write_region_4(wpi_sc_t *sc, uint16_t addr, 1400 const uint32_t *data, int wlen) 1401 { 1402 for (; wlen > 0; wlen--, data++, addr += 4) 1403 wpi_mem_write(sc, addr, *data); 1404 } 1405 1406 /* 1407 * Read 16 bits from the EEPROM. We access EEPROM through the MAC instead of 1408 * using the traditional bit-bang method. 1409 */ 1410 static uint16_t 1411 wpi_read_prom_word(wpi_sc_t *sc, uint32_t addr) 1412 { 1413 uint32_t val; 1414 int ntries; 1415 1416 WPI_WRITE(sc, WPI_EEPROM_CTL, addr << 2); 1417 1418 wpi_mem_lock(sc); 1419 for (ntries = 0; ntries < 10; ntries++) { 1420 if ((val = WPI_READ(sc, WPI_EEPROM_CTL)) & WPI_EEPROM_READY) 1421 break; 1422 DELAY(10); 1423 } 1424 wpi_mem_unlock(sc); 1425 1426 if (ntries == 10) { 1427 WPI_DBG((WPI_DEBUG_PIO, "could not read EEPROM\n")); 1428 return (0xdead); 1429 } 1430 return (val >> 16); 1431 } 1432 1433 /* 1434 * The firmware boot code is small and is intended to be copied directly into 1435 * the NIC internal memory. 1436 */ 1437 static int 1438 wpi_load_microcode(wpi_sc_t *sc) 1439 { 1440 const char *ucode; 1441 int size; 1442 1443 ucode = sc->sc_boot; 1444 size = LE_32(sc->sc_hdr->bootsz); 1445 /* check that microcode size is a multiple of 4 */ 1446 if (size & 3) 1447 return (EINVAL); 1448 1449 size /= sizeof (uint32_t); 1450 1451 wpi_mem_lock(sc); 1452 1453 /* copy microcode image into NIC memory */ 1454 wpi_mem_write_region_4(sc, WPI_MEM_UCODE_BASE, (const uint32_t *)ucode, 1455 size); 1456 1457 wpi_mem_write(sc, WPI_MEM_UCODE_SRC, 0); 1458 wpi_mem_write(sc, WPI_MEM_UCODE_DST, WPI_FW_TEXT); 1459 wpi_mem_write(sc, WPI_MEM_UCODE_SIZE, size); 1460 1461 /* run microcode */ 1462 wpi_mem_write(sc, WPI_MEM_UCODE_CTL, WPI_UC_RUN); 1463 1464 wpi_mem_unlock(sc); 1465 1466 return (WPI_SUCCESS); 1467 } 1468 1469 /* 1470 * The firmware text and data segments are transferred to the NIC using DMA. 1471 * The driver just copies the firmware into DMA-safe memory and tells the NIC 1472 * where to find it. Once the NIC has copied the firmware into its internal 1473 * memory, we can free our local copy in the driver. 1474 */ 1475 static int 1476 wpi_load_firmware(wpi_sc_t *sc, uint32_t target) 1477 { 1478 const char *fw; 1479 int size; 1480 wpi_dma_t *dma_p; 1481 ddi_dma_cookie_t *cookie; 1482 wpi_tx_desc_t desc; 1483 int i, ntries, err = WPI_SUCCESS; 1484 1485 /* only text and data here */ 1486 if (target == WPI_FW_TEXT) { 1487 fw = sc->sc_text; 1488 size = LE_32(sc->sc_hdr->textsz); 1489 dma_p = &sc->sc_dma_fw_text; 1490 cookie = sc->sc_fw_text_cookie; 1491 } else { 1492 fw = sc->sc_data; 1493 size = LE_32(sc->sc_hdr->datasz); 1494 dma_p = &sc->sc_dma_fw_data; 1495 cookie = sc->sc_fw_data_cookie; 1496 } 1497 1498 /* copy firmware image to DMA-safe memory */ 1499 (void) memcpy(dma_p->mem_va, fw, size); 1500 1501 /* make sure the adapter will get up-to-date values */ 1502 (void) ddi_dma_sync(dma_p->dma_hdl, 0, size, DDI_DMA_SYNC_FORDEV); 1503 1504 (void) memset(&desc, 0, sizeof (desc)); 1505 desc.flags = LE_32(WPI_PAD32(size) << 28 | dma_p->ncookies << 24); 1506 for (i = 0; i < dma_p->ncookies; i++) { 1507 WPI_DBG((WPI_DEBUG_DMA, "cookie%d addr:%x size:%x\n", 1508 i, cookie[i].dmac_address, cookie[i].dmac_size)); 1509 desc.segs[i].addr = cookie[i].dmac_address; 1510 desc.segs[i].len = (uint32_t)cookie[i].dmac_size; 1511 } 1512 1513 wpi_mem_lock(sc); 1514 1515 /* tell adapter where to copy image in its internal memory */ 1516 WPI_WRITE(sc, WPI_FW_TARGET, target); 1517 1518 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0); 1519 1520 /* copy firmware descriptor into NIC memory */ 1521 WPI_WRITE_REGION_4(sc, WPI_TX_DESC(6), (uint32_t *)&desc, 1522 sizeof desc / sizeof (uint32_t)); 1523 1524 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0xfffff); 1525 WPI_WRITE(sc, WPI_TX_STATE(6), 0x4001); 1526 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0x80000001); 1527 1528 /* wait while the adapter is busy copying the firmware */ 1529 for (ntries = 0; ntries < 100; ntries++) { 1530 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(6)) 1531 break; 1532 DELAY(1000); 1533 } 1534 if (ntries == 100) { 1535 WPI_DBG((WPI_DEBUG_FW, "timeout transferring firmware\n")); 1536 err = ETIMEDOUT; 1537 } 1538 1539 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0); 1540 1541 wpi_mem_unlock(sc); 1542 1543 return (err); 1544 } 1545 1546 /*ARGSUSED*/ 1547 static void 1548 wpi_rx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1549 { 1550 ieee80211com_t *ic = &sc->sc_ic; 1551 wpi_rx_ring_t *ring = &sc->sc_rxq; 1552 wpi_rx_stat_t *stat; 1553 wpi_rx_head_t *head; 1554 wpi_rx_tail_t *tail; 1555 ieee80211_node_t *in; 1556 struct ieee80211_frame *wh; 1557 mblk_t *mp; 1558 uint16_t len; 1559 1560 stat = (wpi_rx_stat_t *)(desc + 1); 1561 1562 if (stat->len > WPI_STAT_MAXLEN) { 1563 WPI_DBG((WPI_DEBUG_RX, "invalid rx statistic header\n")); 1564 return; 1565 } 1566 1567 head = (wpi_rx_head_t *)((caddr_t)(stat + 1) + stat->len); 1568 tail = (wpi_rx_tail_t *)((caddr_t)(head + 1) + LE_16(head->len)); 1569 1570 len = LE_16(head->len); 1571 1572 WPI_DBG((WPI_DEBUG_RX, "rx intr: idx=%d len=%d stat len=%d rssi=%d " 1573 "rate=%x chan=%d tstamp=%llu", ring->cur, LE_32(desc->len), 1574 len, (int8_t)stat->rssi, head->rate, head->chan, 1575 LE_64(tail->tstamp))); 1576 1577 if ((len < 20) || (len > sc->sc_dmabuf_sz)) { 1578 sc->sc_rx_err++; 1579 return; 1580 } 1581 1582 /* 1583 * Discard Rx frames with bad CRC early 1584 */ 1585 if ((LE_32(tail->flags) & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1586 WPI_DBG((WPI_DEBUG_RX, "rx tail flags error %x\n", 1587 LE_32(tail->flags))); 1588 sc->sc_rx_err++; 1589 return; 1590 } 1591 1592 /* update Rx descriptor */ 1593 /* ring->desc[ring->cur] = LE_32(data->dma_data.cookie.dmac_address); */ 1594 1595 #ifdef WPI_BPF 1596 #ifndef WPI_CURRENT 1597 if (sc->sc_drvbpf != NULL) { 1598 #else 1599 if (bpf_peers_present(sc->sc_drvbpf)) { 1600 #endif 1601 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1602 1603 tap->wr_flags = 0; 1604 tap->wr_rate = head->rate; 1605 tap->wr_chan_freq = 1606 LE_16(ic->ic_channels[head->chan].ic_freq); 1607 tap->wr_chan_flags = 1608 LE_16(ic->ic_channels[head->chan].ic_flags); 1609 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1610 tap->wr_dbm_antnoise = (int8_t)LE_16(stat->noise); 1611 tap->wr_tsft = tail->tstamp; 1612 tap->wr_antenna = (LE_16(head->flags) >> 4) & 0xf; 1613 switch (head->rate) { 1614 /* CCK rates */ 1615 case 10: tap->wr_rate = 2; break; 1616 case 20: tap->wr_rate = 4; break; 1617 case 55: tap->wr_rate = 11; break; 1618 case 110: tap->wr_rate = 22; break; 1619 /* OFDM rates */ 1620 case 0xd: tap->wr_rate = 12; break; 1621 case 0xf: tap->wr_rate = 18; break; 1622 case 0x5: tap->wr_rate = 24; break; 1623 case 0x7: tap->wr_rate = 36; break; 1624 case 0x9: tap->wr_rate = 48; break; 1625 case 0xb: tap->wr_rate = 72; break; 1626 case 0x1: tap->wr_rate = 96; break; 1627 case 0x3: tap->wr_rate = 108; break; 1628 /* unknown rate: should not happen */ 1629 default: tap->wr_rate = 0; 1630 } 1631 if (LE_16(head->flags) & 0x4) 1632 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1633 1634 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1635 } 1636 #endif 1637 /* grab a reference to the source node */ 1638 wh = (struct ieee80211_frame *)(head + 1); 1639 1640 #ifdef DEBUG 1641 if (wpi_dbg_flags & WPI_DEBUG_RX) 1642 ieee80211_dump_pkt((uint8_t *)wh, len, 0, 0); 1643 #endif 1644 1645 in = ieee80211_find_rxnode(ic, wh); 1646 mp = allocb(len, BPRI_MED); 1647 if (mp) { 1648 (void) memcpy(mp->b_wptr, wh, len); 1649 mp->b_wptr += len; 1650 1651 /* send the frame to the 802.11 layer */ 1652 (void) ieee80211_input(ic, mp, in, stat->rssi, 0); 1653 } else { 1654 sc->sc_rx_nobuf++; 1655 WPI_DBG((WPI_DEBUG_RX, 1656 "wpi_rx_intr(): alloc rx buf failed\n")); 1657 } 1658 /* release node reference */ 1659 ieee80211_free_node(in); 1660 } 1661 1662 /*ARGSUSED*/ 1663 static void 1664 wpi_tx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1665 { 1666 ieee80211com_t *ic = &sc->sc_ic; 1667 wpi_tx_ring_t *ring = &sc->sc_txq[desc->qid & 0x3]; 1668 /* wpi_tx_data_t *txdata = &ring->data[desc->idx]; */ 1669 wpi_tx_stat_t *stat = (wpi_tx_stat_t *)(desc + 1); 1670 wpi_amrr_t *amrr = (wpi_amrr_t *)ic->ic_bss; 1671 1672 WPI_DBG((WPI_DEBUG_TX, "tx done: qid=%d idx=%d retries=%d nkill=%d " 1673 "rate=%x duration=%d status=%x\n", 1674 desc->qid, desc->idx, stat->ntries, stat->nkill, stat->rate, 1675 LE_32(stat->duration), LE_32(stat->status))); 1676 1677 amrr->txcnt++; 1678 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d cnt\n", amrr->txcnt)); 1679 if (stat->ntries > 0) { 1680 amrr->retrycnt++; 1681 sc->sc_tx_retries++; 1682 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d retries\n", 1683 amrr->retrycnt)); 1684 } 1685 1686 sc->sc_tx_timer = 0; 1687 1688 mutex_enter(&sc->sc_tx_lock); 1689 ring->queued--; 1690 if (ring->queued < 0) 1691 ring->queued = 0; 1692 if ((sc->sc_need_reschedule) && (ring->queued <= (ring->count << 3))) { 1693 sc->sc_need_reschedule = 0; 1694 mutex_exit(&sc->sc_tx_lock); 1695 mac_tx_update(ic->ic_mach); 1696 mutex_enter(&sc->sc_tx_lock); 1697 } 1698 mutex_exit(&sc->sc_tx_lock); 1699 } 1700 1701 static void 1702 wpi_cmd_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc) 1703 { 1704 if ((desc->qid & 7) != 4) { 1705 return; /* not a command ack */ 1706 } 1707 mutex_enter(&sc->sc_glock); 1708 sc->sc_flags |= WPI_F_CMD_DONE; 1709 cv_signal(&sc->sc_cmd_cv); 1710 mutex_exit(&sc->sc_glock); 1711 } 1712 1713 static uint_t 1714 wpi_notif_softintr(caddr_t arg) 1715 { 1716 wpi_sc_t *sc = (wpi_sc_t *)arg; 1717 ieee80211com_t *ic = &sc->sc_ic; 1718 wpi_rx_desc_t *desc; 1719 wpi_rx_data_t *data; 1720 uint32_t hw; 1721 1722 mutex_enter(&sc->sc_glock); 1723 if (sc->sc_notif_softint_pending != 1) { 1724 mutex_exit(&sc->sc_glock); 1725 return (DDI_INTR_UNCLAIMED); 1726 } 1727 mutex_exit(&sc->sc_glock); 1728 1729 hw = LE_32(sc->sc_shared->next); 1730 1731 while (sc->sc_rxq.cur != hw) { 1732 data = &sc->sc_rxq.data[sc->sc_rxq.cur]; 1733 desc = (wpi_rx_desc_t *)data->dma_data.mem_va; 1734 1735 WPI_DBG((WPI_DEBUG_INTR, "rx notification hw = %d cur = %d " 1736 "qid=%x idx=%d flags=%x type=%d len=%d\n", 1737 hw, sc->sc_rxq.cur, desc->qid, desc->idx, desc->flags, 1738 desc->type, LE_32(desc->len))); 1739 1740 if (!(desc->qid & 0x80)) /* reply to a command */ 1741 wpi_cmd_intr(sc, desc); 1742 1743 switch (desc->type) { 1744 case WPI_RX_DONE: 1745 /* a 802.11 frame was received */ 1746 wpi_rx_intr(sc, desc, data); 1747 break; 1748 1749 case WPI_TX_DONE: 1750 /* a 802.11 frame has been transmitted */ 1751 wpi_tx_intr(sc, desc, data); 1752 break; 1753 1754 case WPI_UC_READY: 1755 { 1756 wpi_ucode_info_t *uc = 1757 (wpi_ucode_info_t *)(desc + 1); 1758 1759 /* the microcontroller is ready */ 1760 WPI_DBG((WPI_DEBUG_FW, 1761 "microcode alive notification version %x " 1762 "alive %x\n", LE_32(uc->version), 1763 LE_32(uc->valid))); 1764 1765 if (LE_32(uc->valid) != 1) { 1766 WPI_DBG((WPI_DEBUG_FW, 1767 "microcontroller initialization failed\n")); 1768 } 1769 break; 1770 } 1771 case WPI_STATE_CHANGED: 1772 { 1773 uint32_t *status = (uint32_t *)(desc + 1); 1774 1775 /* enabled/disabled notification */ 1776 WPI_DBG((WPI_DEBUG_RADIO, "state changed to %x\n", 1777 LE_32(*status))); 1778 1779 if (LE_32(*status) & 1) { 1780 /* the radio button has to be pushed */ 1781 cmn_err(CE_NOTE, 1782 "wpi: Radio transmitter is off\n"); 1783 } 1784 break; 1785 } 1786 case WPI_START_SCAN: 1787 { 1788 wpi_start_scan_t *scan = 1789 (wpi_start_scan_t *)(desc + 1); 1790 1791 WPI_DBG((WPI_DEBUG_SCAN, 1792 "scanning channel %d status %x\n", 1793 scan->chan, LE_32(scan->status))); 1794 1795 /* fix current channel */ 1796 ic->ic_curchan = &ic->ic_sup_channels[scan->chan]; 1797 break; 1798 } 1799 case WPI_STOP_SCAN: 1800 WPI_DBG((WPI_DEBUG_SCAN, "scan finished\n")); 1801 ieee80211_end_scan(ic); 1802 break; 1803 } 1804 1805 sc->sc_rxq.cur = (sc->sc_rxq.cur + 1) % WPI_RX_RING_COUNT; 1806 } 1807 1808 /* tell the firmware what we have processed */ 1809 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1810 WPI_WRITE(sc, WPI_RX_WIDX, hw & (~7)); 1811 mutex_enter(&sc->sc_glock); 1812 sc->sc_notif_softint_pending = 0; 1813 mutex_exit(&sc->sc_glock); 1814 1815 return (DDI_INTR_CLAIMED); 1816 } 1817 1818 static uint_t 1819 wpi_intr(caddr_t arg) 1820 { 1821 wpi_sc_t *sc = (wpi_sc_t *)arg; 1822 uint32_t r, rfh; 1823 1824 mutex_enter(&sc->sc_glock); 1825 r = WPI_READ(sc, WPI_INTR); 1826 if (r == 0 || r == 0xffffffff) { 1827 mutex_exit(&sc->sc_glock); 1828 return (DDI_INTR_UNCLAIMED); 1829 } 1830 1831 WPI_DBG((WPI_DEBUG_INTR, "interrupt reg %x\n", r)); 1832 1833 rfh = WPI_READ(sc, WPI_INTR_STATUS); 1834 /* disable interrupts */ 1835 WPI_WRITE(sc, WPI_MASK, 0); 1836 /* ack interrupts */ 1837 WPI_WRITE(sc, WPI_INTR, r); 1838 WPI_WRITE(sc, WPI_INTR_STATUS, rfh); 1839 1840 if (sc->sc_notif_softint_id == NULL) { 1841 mutex_exit(&sc->sc_glock); 1842 return (DDI_INTR_CLAIMED); 1843 } 1844 1845 if (r & (WPI_SW_ERROR | WPI_HW_ERROR)) { 1846 WPI_DBG((WPI_DEBUG_FW, "fatal firmware error\n")); 1847 mutex_exit(&sc->sc_glock); 1848 wpi_stop(sc); 1849 sc->sc_ostate = sc->sc_ic.ic_state; 1850 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 1851 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 1852 return (DDI_INTR_CLAIMED); 1853 } 1854 1855 if ((r & (WPI_RX_INTR | WPI_RX_SWINT)) || 1856 (rfh & 0x40070000)) { 1857 sc->sc_notif_softint_pending = 1; 1858 ddi_trigger_softintr(sc->sc_notif_softint_id); 1859 } 1860 1861 if (r & WPI_ALIVE_INTR) { /* firmware initialized */ 1862 sc->sc_flags |= WPI_F_FW_INIT; 1863 cv_signal(&sc->sc_fw_cv); 1864 } 1865 1866 /* re-enable interrupts */ 1867 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 1868 mutex_exit(&sc->sc_glock); 1869 1870 return (DDI_INTR_CLAIMED); 1871 } 1872 1873 static uint8_t 1874 wpi_plcp_signal(int rate) 1875 { 1876 switch (rate) { 1877 /* CCK rates (returned values are device-dependent) */ 1878 case 2: return (10); 1879 case 4: return (20); 1880 case 11: return (55); 1881 case 22: return (110); 1882 1883 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 1884 /* R1-R4 (ral/ural is R4-R1) */ 1885 case 12: return (0xd); 1886 case 18: return (0xf); 1887 case 24: return (0x5); 1888 case 36: return (0x7); 1889 case 48: return (0x9); 1890 case 72: return (0xb); 1891 case 96: return (0x1); 1892 case 108: return (0x3); 1893 1894 /* unsupported rates (should not get there) */ 1895 default: return (0); 1896 } 1897 } 1898 1899 static mblk_t * 1900 wpi_m_tx(void *arg, mblk_t *mp) 1901 { 1902 wpi_sc_t *sc = (wpi_sc_t *)arg; 1903 ieee80211com_t *ic = &sc->sc_ic; 1904 mblk_t *next; 1905 1906 if (ic->ic_state != IEEE80211_S_RUN) { 1907 freemsgchain(mp); 1908 return (NULL); 1909 } 1910 1911 while (mp != NULL) { 1912 next = mp->b_next; 1913 mp->b_next = NULL; 1914 if (wpi_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != 0) { 1915 mp->b_next = next; 1916 break; 1917 } 1918 mp = next; 1919 } 1920 return (mp); 1921 } 1922 1923 /* ARGSUSED */ 1924 static int 1925 wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type) 1926 { 1927 wpi_sc_t *sc = (wpi_sc_t *)ic; 1928 wpi_tx_ring_t *ring; 1929 wpi_tx_desc_t *desc; 1930 wpi_tx_data_t *data; 1931 wpi_tx_cmd_t *cmd; 1932 wpi_cmd_data_t *tx; 1933 ieee80211_node_t *in; 1934 struct ieee80211_frame *wh; 1935 struct ieee80211_key *k; 1936 mblk_t *m, *m0; 1937 int rate, hdrlen, len, mblen, off, err = WPI_SUCCESS; 1938 1939 ring = ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA) ? 1940 (&sc->sc_txq[0]) : (&sc->sc_txq[1]); 1941 data = &ring->data[ring->cur]; 1942 desc = data->desc; 1943 cmd = data->cmd; 1944 bzero(desc, sizeof (*desc)); 1945 bzero(cmd, sizeof (*cmd)); 1946 1947 mutex_enter(&sc->sc_tx_lock); 1948 if (ring->queued > ring->count - 64) { 1949 WPI_DBG((WPI_DEBUG_TX, "wpi_send(): no txbuf\n")); 1950 sc->sc_need_reschedule = 1; 1951 mutex_exit(&sc->sc_tx_lock); 1952 if ((type & IEEE80211_FC0_TYPE_MASK) != 1953 IEEE80211_FC0_TYPE_DATA) { 1954 freemsg(mp); 1955 } 1956 sc->sc_tx_nobuf++; 1957 err = WPI_FAIL; 1958 goto exit; 1959 } 1960 mutex_exit(&sc->sc_tx_lock); 1961 1962 hdrlen = sizeof (struct ieee80211_frame); 1963 1964 m = allocb(msgdsize(mp) + 32, BPRI_MED); 1965 if (m == NULL) { /* can not alloc buf, drop this package */ 1966 cmn_err(CE_WARN, 1967 "wpi_send(): failed to allocate msgbuf\n"); 1968 freemsg(mp); 1969 err = WPI_SUCCESS; 1970 goto exit; 1971 } 1972 for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) { 1973 mblen = MBLKL(m0); 1974 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen); 1975 off += mblen; 1976 } 1977 m->b_wptr += off; 1978 freemsg(mp); 1979 1980 wh = (struct ieee80211_frame *)m->b_rptr; 1981 1982 in = ieee80211_find_txnode(ic, wh->i_addr1); 1983 if (in == NULL) { 1984 cmn_err(CE_WARN, "wpi_send(): failed to find tx node\n"); 1985 freemsg(m); 1986 sc->sc_tx_err++; 1987 err = WPI_SUCCESS; 1988 goto exit; 1989 } 1990 1991 (void) ieee80211_encap(ic, m, in); 1992 1993 cmd->code = WPI_CMD_TX_DATA; 1994 cmd->flags = 0; 1995 cmd->qid = ring->qid; 1996 cmd->idx = ring->cur; 1997 1998 tx = (wpi_cmd_data_t *)cmd->data; 1999 tx->flags = 0; 2000 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2001 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2002 } else { 2003 tx->flags &= ~(LE_32(WPI_TX_NEED_ACK)); 2004 } 2005 2006 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2007 k = ieee80211_crypto_encap(ic, m); 2008 if (k == NULL) { 2009 freemsg(m); 2010 sc->sc_tx_err++; 2011 err = WPI_SUCCESS; 2012 goto exit; 2013 } 2014 2015 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 2016 tx->security = 2; /* for CCMP */ 2017 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2018 (void) memcpy(&tx->key, k->wk_key, k->wk_keylen); 2019 } 2020 2021 /* packet header may have moved, reset our local pointer */ 2022 wh = (struct ieee80211_frame *)m->b_rptr; 2023 } 2024 2025 len = msgdsize(m); 2026 2027 #ifdef DEBUG 2028 if (wpi_dbg_flags & WPI_DEBUG_TX) 2029 ieee80211_dump_pkt((uint8_t *)wh, hdrlen, 0, 0); 2030 #endif 2031 2032 /* pickup a rate */ 2033 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2034 IEEE80211_FC0_TYPE_MGT) { 2035 /* mgmt frames are sent at the lowest available bit-rate */ 2036 rate = 2; 2037 } else { 2038 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) { 2039 rate = ic->ic_fixed_rate; 2040 } else 2041 rate = in->in_rates.ir_rates[in->in_txrate]; 2042 } 2043 rate &= IEEE80211_RATE_VAL; 2044 WPI_DBG((WPI_DEBUG_RATECTL, "tx rate[%d of %d] = %x", 2045 in->in_txrate, in->in_rates.ir_nrates, rate)); 2046 #ifdef WPI_BPF 2047 #ifndef WPI_CURRENT 2048 if (sc->sc_drvbpf != NULL) { 2049 #else 2050 if (bpf_peers_present(sc->sc_drvbpf)) { 2051 #endif 2052 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2053 2054 tap->wt_flags = 0; 2055 tap->wt_chan_freq = LE_16(ic->ic_curchan->ic_freq); 2056 tap->wt_chan_flags = LE_16(ic->ic_curchan->ic_flags); 2057 tap->wt_rate = rate; 2058 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2059 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2060 2061 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 2062 } 2063 #endif 2064 2065 tx->flags |= (LE_32(WPI_TX_AUTO_SEQ)); 2066 tx->flags |= LE_32(WPI_TX_BT_DISABLE | WPI_TX_CALIBRATION); 2067 2068 /* retrieve destination node's id */ 2069 tx->id = IEEE80211_IS_MULTICAST(wh->i_addr1) ? WPI_ID_BROADCAST : 2070 WPI_ID_BSS; 2071 2072 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2073 IEEE80211_FC0_TYPE_MGT) { 2074 /* tell h/w to set timestamp in probe responses */ 2075 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2076 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2077 tx->flags |= LE_32(WPI_TX_INSERT_TSTAMP); 2078 2079 if (((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2080 IEEE80211_FC0_SUBTYPE_ASSOC_REQ) || 2081 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2082 IEEE80211_FC0_SUBTYPE_REASSOC_REQ)) 2083 tx->timeout = 3; 2084 else 2085 tx->timeout = 2; 2086 } else 2087 tx->timeout = 0; 2088 2089 tx->rate = wpi_plcp_signal(rate); 2090 2091 /* be very persistant at sending frames out */ 2092 tx->rts_ntries = 7; 2093 tx->data_ntries = 15; 2094 2095 tx->cck_mask = 0x0f; 2096 tx->ofdm_mask = 0xff; 2097 tx->lifetime = LE_32(0xffffffff); 2098 2099 tx->len = LE_16(len); 2100 2101 /* save and trim IEEE802.11 header */ 2102 (void) memcpy(tx + 1, m->b_rptr, hdrlen); 2103 m->b_rptr += hdrlen; 2104 (void) memcpy(data->dma_data.mem_va, m->b_rptr, len - hdrlen); 2105 2106 WPI_DBG((WPI_DEBUG_TX, "sending data: qid=%d idx=%d len=%d", ring->qid, 2107 ring->cur, len)); 2108 2109 /* first scatter/gather segment is used by the tx data command */ 2110 desc->flags = LE_32(WPI_PAD32(len) << 28 | (2) << 24); 2111 desc->segs[0].addr = LE_32(data->paddr_cmd); 2112 desc->segs[0].len = LE_32( 2113 roundup(4 + sizeof (wpi_cmd_data_t) + hdrlen, 4)); 2114 desc->segs[1].addr = LE_32(data->dma_data.cookie.dmac_address); 2115 desc->segs[1].len = LE_32(len - hdrlen); 2116 2117 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2118 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2119 2120 mutex_enter(&sc->sc_tx_lock); 2121 ring->queued++; 2122 mutex_exit(&sc->sc_tx_lock); 2123 2124 /* kick ring */ 2125 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2126 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2127 freemsg(m); 2128 /* release node reference */ 2129 ieee80211_free_node(in); 2130 2131 ic->ic_stats.is_tx_bytes += len; 2132 ic->ic_stats.is_tx_frags++; 2133 2134 if (sc->sc_tx_timer == 0) 2135 sc->sc_tx_timer = 5; 2136 exit: 2137 return (err); 2138 } 2139 2140 static void 2141 wpi_m_ioctl(void* arg, queue_t *wq, mblk_t *mp) 2142 { 2143 wpi_sc_t *sc = (wpi_sc_t *)arg; 2144 ieee80211com_t *ic = &sc->sc_ic; 2145 int err; 2146 2147 err = ieee80211_ioctl(ic, wq, mp); 2148 if (err == ENETRESET) { 2149 (void) ieee80211_new_state(ic, 2150 IEEE80211_S_SCAN, -1); 2151 } 2152 } 2153 2154 /*ARGSUSED*/ 2155 static int 2156 wpi_m_stat(void *arg, uint_t stat, uint64_t *val) 2157 { 2158 wpi_sc_t *sc = (wpi_sc_t *)arg; 2159 ieee80211com_t *ic = &sc->sc_ic; 2160 ieee80211_node_t *in = ic->ic_bss; 2161 struct ieee80211_rateset *rs = &in->in_rates; 2162 2163 mutex_enter(&sc->sc_glock); 2164 switch (stat) { 2165 case MAC_STAT_IFSPEED: 2166 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ? 2167 (rs->ir_rates[in->in_txrate] & IEEE80211_RATE_VAL) 2168 : ic->ic_fixed_rate) * 5000000ull; 2169 break; 2170 case MAC_STAT_NOXMTBUF: 2171 *val = sc->sc_tx_nobuf; 2172 break; 2173 case MAC_STAT_NORCVBUF: 2174 *val = sc->sc_rx_nobuf; 2175 break; 2176 case MAC_STAT_IERRORS: 2177 *val = sc->sc_rx_err; 2178 break; 2179 case MAC_STAT_RBYTES: 2180 *val = ic->ic_stats.is_rx_bytes; 2181 break; 2182 case MAC_STAT_IPACKETS: 2183 *val = ic->ic_stats.is_rx_frags; 2184 break; 2185 case MAC_STAT_OBYTES: 2186 *val = ic->ic_stats.is_tx_bytes; 2187 break; 2188 case MAC_STAT_OPACKETS: 2189 *val = ic->ic_stats.is_tx_frags; 2190 break; 2191 case MAC_STAT_OERRORS: 2192 case WIFI_STAT_TX_FAILED: 2193 *val = sc->sc_tx_err; 2194 break; 2195 case WIFI_STAT_TX_RETRANS: 2196 *val = sc->sc_tx_retries; 2197 break; 2198 case WIFI_STAT_FCS_ERRORS: 2199 case WIFI_STAT_WEP_ERRORS: 2200 case WIFI_STAT_TX_FRAGS: 2201 case WIFI_STAT_MCAST_TX: 2202 case WIFI_STAT_RTS_SUCCESS: 2203 case WIFI_STAT_RTS_FAILURE: 2204 case WIFI_STAT_ACK_FAILURE: 2205 case WIFI_STAT_RX_FRAGS: 2206 case WIFI_STAT_MCAST_RX: 2207 case WIFI_STAT_RX_DUPS: 2208 mutex_exit(&sc->sc_glock); 2209 return (ieee80211_stat(ic, stat, val)); 2210 default: 2211 mutex_exit(&sc->sc_glock); 2212 return (ENOTSUP); 2213 } 2214 mutex_exit(&sc->sc_glock); 2215 2216 return (WPI_SUCCESS); 2217 2218 } 2219 2220 static int 2221 wpi_m_start(void *arg) 2222 { 2223 wpi_sc_t *sc = (wpi_sc_t *)arg; 2224 ieee80211com_t *ic = &sc->sc_ic; 2225 int err; 2226 2227 err = wpi_init(sc); 2228 if (err != WPI_SUCCESS) { 2229 wpi_stop(sc); 2230 DELAY(1000000); 2231 err = wpi_init(sc); 2232 } 2233 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2234 2235 return (err); 2236 } 2237 2238 static void 2239 wpi_m_stop(void *arg) 2240 { 2241 wpi_sc_t *sc = (wpi_sc_t *)arg; 2242 ieee80211com_t *ic = &sc->sc_ic; 2243 2244 wpi_stop(sc); 2245 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2246 mutex_enter(&sc->sc_mt_lock); 2247 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2248 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 2249 mutex_exit(&sc->sc_mt_lock); 2250 } 2251 2252 /*ARGSUSED*/ 2253 static int 2254 wpi_m_unicst(void *arg, const uint8_t *macaddr) 2255 { 2256 wpi_sc_t *sc = (wpi_sc_t *)arg; 2257 ieee80211com_t *ic = &sc->sc_ic; 2258 int err; 2259 2260 if (!IEEE80211_ADDR_EQ(ic->ic_macaddr, macaddr)) { 2261 IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr); 2262 mutex_enter(&sc->sc_glock); 2263 err = wpi_config(sc); 2264 mutex_exit(&sc->sc_glock); 2265 if (err != WPI_SUCCESS) { 2266 cmn_err(CE_WARN, 2267 "wpi_m_unicst(): " 2268 "failed to configure device\n"); 2269 goto fail; 2270 } 2271 } 2272 return (WPI_SUCCESS); 2273 fail: 2274 return (err); 2275 } 2276 2277 /*ARGSUSED*/ 2278 static int 2279 wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m) 2280 { 2281 return (WPI_SUCCESS); 2282 } 2283 2284 /*ARGSUSED*/ 2285 static int 2286 wpi_m_promisc(void *arg, boolean_t on) 2287 { 2288 return (WPI_SUCCESS); 2289 } 2290 2291 static void 2292 wpi_thread(wpi_sc_t *sc) 2293 { 2294 ieee80211com_t *ic = &sc->sc_ic; 2295 clock_t clk; 2296 int times = 0, err, n = 0, timeout = 0; 2297 2298 mutex_enter(&sc->sc_mt_lock); 2299 while (sc->sc_mf_thread_switch) { 2300 /* 2301 * recovery fatal error 2302 */ 2303 if (ic->ic_mach && 2304 (sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 2305 2306 WPI_DBG((WPI_DEBUG_FW, 2307 "wpi_thread(): " 2308 "try to recover fatal hw error: %d\n", times++)); 2309 2310 wpi_stop(sc); 2311 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2312 2313 mutex_exit(&sc->sc_mt_lock); 2314 delay(drv_usectohz(2000000)); 2315 mutex_enter(&sc->sc_mt_lock); 2316 err = wpi_init(sc); 2317 if (err != WPI_SUCCESS) { 2318 n++; 2319 if (n < 3) 2320 continue; 2321 } 2322 n = 0; 2323 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2324 mutex_exit(&sc->sc_mt_lock); 2325 delay(drv_usectohz(2000000)); 2326 if (sc->sc_ostate != IEEE80211_S_INIT) 2327 ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); 2328 mutex_enter(&sc->sc_mt_lock); 2329 } 2330 2331 /* 2332 * rate ctl 2333 */ 2334 if (ic->ic_mach && 2335 (sc->sc_flags & WPI_F_RATE_AUTO_CTL)) { 2336 clk = ddi_get_lbolt(); 2337 if (clk > sc->sc_clk + drv_usectohz(500000)) { 2338 wpi_amrr_timeout(sc); 2339 } 2340 } 2341 mutex_exit(&sc->sc_mt_lock); 2342 delay(drv_usectohz(100000)); 2343 mutex_enter(&sc->sc_mt_lock); 2344 if (sc->sc_tx_timer) { 2345 timeout++; 2346 if (timeout == 10) { 2347 sc->sc_tx_timer--; 2348 if (sc->sc_tx_timer == 0) { 2349 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2350 sc->sc_ostate = IEEE80211_S_RUN; 2351 } 2352 timeout = 0; 2353 } 2354 } 2355 } 2356 sc->sc_mf_thread = NULL; 2357 cv_signal(&sc->sc_mt_cv); 2358 mutex_exit(&sc->sc_mt_lock); 2359 } 2360 2361 /* 2362 * Extract various information from EEPROM. 2363 */ 2364 static void 2365 wpi_read_eeprom(wpi_sc_t *sc) 2366 { 2367 ieee80211com_t *ic = &sc->sc_ic; 2368 uint16_t val; 2369 int i; 2370 2371 /* read MAC address */ 2372 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 0); 2373 ic->ic_macaddr[0] = val & 0xff; 2374 ic->ic_macaddr[1] = val >> 8; 2375 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 1); 2376 ic->ic_macaddr[2] = val & 0xff; 2377 ic->ic_macaddr[3] = val >> 8; 2378 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 2); 2379 ic->ic_macaddr[4] = val & 0xff; 2380 ic->ic_macaddr[5] = val >> 8; 2381 2382 WPI_DBG((WPI_DEBUG_EEPROM, 2383 "mac:%2x:%2x:%2x:%2x:%2x:%2x\n", 2384 ic->ic_macaddr[0], ic->ic_macaddr[1], 2385 ic->ic_macaddr[2], ic->ic_macaddr[3], 2386 ic->ic_macaddr[4], ic->ic_macaddr[5])); 2387 /* read power settings for 2.4GHz channels */ 2388 for (i = 0; i < 14; i++) { 2389 sc->sc_pwr1[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR1 + i); 2390 sc->sc_pwr2[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR2 + i); 2391 WPI_DBG((WPI_DEBUG_EEPROM, 2392 "channel %d pwr1 0x%04x pwr2 0x%04x\n", i + 1, 2393 sc->sc_pwr1[i], sc->sc_pwr2[i])); 2394 } 2395 } 2396 2397 /* 2398 * Send a command to the firmware. 2399 */ 2400 static int 2401 wpi_cmd(wpi_sc_t *sc, int code, const void *buf, int size, int async) 2402 { 2403 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2404 wpi_tx_desc_t *desc; 2405 wpi_tx_cmd_t *cmd; 2406 2407 ASSERT(size <= sizeof (cmd->data)); 2408 ASSERT(mutex_owned(&sc->sc_glock)); 2409 2410 WPI_DBG((WPI_DEBUG_CMD, "wpi_cmd() # code[%d]", code)); 2411 desc = ring->data[ring->cur].desc; 2412 cmd = ring->data[ring->cur].cmd; 2413 2414 cmd->code = (uint8_t)code; 2415 cmd->flags = 0; 2416 cmd->qid = ring->qid; 2417 cmd->idx = ring->cur; 2418 (void) memcpy(cmd->data, buf, size); 2419 2420 desc->flags = LE_32(WPI_PAD32(size) << 28 | 1 << 24); 2421 desc->segs[0].addr = ring->data[ring->cur].paddr_cmd; 2422 desc->segs[0].len = 4 + size; 2423 2424 /* kick cmd ring */ 2425 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2426 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2427 2428 if (async) 2429 return (WPI_SUCCESS); 2430 else { 2431 clock_t clk; 2432 sc->sc_flags &= ~WPI_F_CMD_DONE; 2433 clk = ddi_get_lbolt() + drv_usectohz(2000000); 2434 while (!(sc->sc_flags & WPI_F_CMD_DONE)) { 2435 if (cv_timedwait(&sc->sc_cmd_cv, &sc->sc_glock, clk) 2436 < 0) 2437 break; 2438 } 2439 if (sc->sc_flags & WPI_F_CMD_DONE) 2440 return (WPI_SUCCESS); 2441 else 2442 return (WPI_FAIL); 2443 } 2444 } 2445 2446 /* 2447 * Configure h/w multi-rate retries. 2448 */ 2449 static int 2450 wpi_mrr_setup(wpi_sc_t *sc) 2451 { 2452 wpi_mrr_setup_t mrr; 2453 int i, err; 2454 2455 /* CCK rates (not used with 802.11a) */ 2456 for (i = WPI_CCK1; i <= WPI_CCK11; i++) { 2457 mrr.rates[i].flags = 0; 2458 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2459 /* fallback to the immediate lower CCK rate (if any) */ 2460 mrr.rates[i].next = (i == WPI_CCK1) ? WPI_CCK1 : i - 1; 2461 /* try one time at this rate before falling back to "next" */ 2462 mrr.rates[i].ntries = 1; 2463 } 2464 2465 /* OFDM rates (not used with 802.11b) */ 2466 for (i = WPI_OFDM6; i <= WPI_OFDM54; i++) { 2467 mrr.rates[i].flags = 0; 2468 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2469 /* fallback to the immediate lower OFDM rate (if any) */ 2470 mrr.rates[i].next = (i == WPI_OFDM6) ? WPI_OFDM6 : i - 1; 2471 /* try one time at this rate before falling back to "next" */ 2472 mrr.rates[i].ntries = 1; 2473 } 2474 2475 /* setup MRR for control frames */ 2476 mrr.which = LE_32(WPI_MRR_CTL); 2477 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2478 if (err != WPI_SUCCESS) { 2479 WPI_DBG((WPI_DEBUG_MRR, 2480 "could not setup MRR for control frames\n")); 2481 return (err); 2482 } 2483 2484 /* setup MRR for data frames */ 2485 mrr.which = LE_32(WPI_MRR_DATA); 2486 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2487 if (err != WPI_SUCCESS) { 2488 WPI_DBG((WPI_DEBUG_MRR, 2489 "could not setup MRR for data frames\n")); 2490 return (err); 2491 } 2492 2493 return (WPI_SUCCESS); 2494 } 2495 2496 static void 2497 wpi_set_led(wpi_sc_t *sc, uint8_t which, uint8_t off, uint8_t on) 2498 { 2499 wpi_cmd_led_t led; 2500 2501 led.which = which; 2502 led.unit = LE_32(100000); /* on/off in unit of 100ms */ 2503 led.off = off; 2504 led.on = on; 2505 2506 (void) wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof (led), 1); 2507 } 2508 2509 static int 2510 wpi_auth(wpi_sc_t *sc) 2511 { 2512 ieee80211com_t *ic = &sc->sc_ic; 2513 ieee80211_node_t *in = ic->ic_bss; 2514 wpi_node_t node; 2515 int err; 2516 2517 /* update adapter's configuration */ 2518 IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid); 2519 sc->sc_config.chan = ieee80211_chan2ieee(ic, in->in_chan); 2520 if (ic->ic_curmode == IEEE80211_MODE_11B) { 2521 sc->sc_config.cck_mask = 0x03; 2522 sc->sc_config.ofdm_mask = 0; 2523 } else if ((in->in_chan != IEEE80211_CHAN_ANYC) && 2524 (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) { 2525 sc->sc_config.cck_mask = 0; 2526 sc->sc_config.ofdm_mask = 0x15; 2527 } else { /* assume 802.11b/g */ 2528 sc->sc_config.cck_mask = 0x0f; 2529 sc->sc_config.ofdm_mask = 0xff; 2530 } 2531 2532 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x cck %x ofdm %x" 2533 " bssid:%02x:%02x:%02x:%02x:%02x:%2x\n", 2534 sc->sc_config.chan, sc->sc_config.flags, 2535 sc->sc_config.cck_mask, sc->sc_config.ofdm_mask, 2536 sc->sc_config.bssid[0], sc->sc_config.bssid[1], 2537 sc->sc_config.bssid[2], sc->sc_config.bssid[3], 2538 sc->sc_config.bssid[4], sc->sc_config.bssid[5])); 2539 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2540 sizeof (wpi_config_t), 1); 2541 if (err != WPI_SUCCESS) { 2542 cmn_err(CE_WARN, "wpi_auth(): failed to configurate chan%d\n", 2543 sc->sc_config.chan); 2544 return (err); 2545 } 2546 2547 /* add default node */ 2548 (void) memset(&node, 0, sizeof (node)); 2549 IEEE80211_ADDR_COPY(node.bssid, in->in_bssid); 2550 node.id = WPI_ID_BSS; 2551 node.rate = wpi_plcp_signal(2); 2552 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 2553 if (err != WPI_SUCCESS) { 2554 cmn_err(CE_WARN, "wpi_auth(): failed to add BSS node\n"); 2555 return (err); 2556 } 2557 2558 err = wpi_mrr_setup(sc); 2559 if (err != WPI_SUCCESS) { 2560 cmn_err(CE_WARN, "wpi_auth(): failed to setup MRR\n"); 2561 return (err); 2562 } 2563 2564 return (WPI_SUCCESS); 2565 } 2566 2567 /* 2568 * Send a scan request to the firmware. 2569 */ 2570 static int 2571 wpi_scan(wpi_sc_t *sc) 2572 { 2573 ieee80211com_t *ic = &sc->sc_ic; 2574 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2575 wpi_tx_desc_t *desc; 2576 wpi_tx_data_t *data; 2577 wpi_tx_cmd_t *cmd; 2578 wpi_scan_hdr_t *hdr; 2579 wpi_scan_chan_t *chan; 2580 struct ieee80211_frame *wh; 2581 ieee80211_node_t *in = ic->ic_bss; 2582 struct ieee80211_rateset *rs; 2583 enum ieee80211_phymode mode; 2584 uint8_t *frm; 2585 int i, pktlen, nrates; 2586 2587 data = &ring->data[ring->cur]; 2588 desc = data->desc; 2589 cmd = (wpi_tx_cmd_t *)data->dma_data.mem_va; 2590 2591 cmd->code = WPI_CMD_SCAN; 2592 cmd->flags = 0; 2593 cmd->qid = ring->qid; 2594 cmd->idx = ring->cur; 2595 2596 hdr = (wpi_scan_hdr_t *)cmd->data; 2597 (void) memset(hdr, 0, sizeof (wpi_scan_hdr_t)); 2598 hdr->first = 1; 2599 hdr->nchan = 14; 2600 hdr->len = hdr->nchan * sizeof (wpi_scan_chan_t); 2601 hdr->quiet = LE_16(5); 2602 hdr->threshold = LE_16(1); 2603 hdr->filter = LE_32(5); 2604 hdr->rate = wpi_plcp_signal(2); 2605 hdr->id = WPI_ID_BROADCAST; 2606 hdr->mask = LE_32(0xffffffff); 2607 hdr->esslen = ic->ic_des_esslen; 2608 if (ic->ic_des_esslen) 2609 bcopy(ic->ic_des_essid, hdr->essid, ic->ic_des_esslen); 2610 else 2611 bzero(hdr->essid, sizeof (hdr->essid)); 2612 /* 2613 * Build a probe request frame. Most of the following code is a 2614 * copy & paste of what is done in net80211. Unfortunately, the 2615 * functions to add IEs are static and thus can't be reused here. 2616 */ 2617 wh = (struct ieee80211_frame *)(hdr + 1); 2618 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2619 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2620 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2621 (void) memset(wh->i_addr1, 0xff, 6); 2622 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_macaddr); 2623 (void) memset(wh->i_addr3, 0xff, 6); 2624 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 2625 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 2626 2627 frm = (uint8_t *)(wh + 1); 2628 2629 /* add essid IE */ 2630 *frm++ = IEEE80211_ELEMID_SSID; 2631 *frm++ = in->in_esslen; 2632 (void) memcpy(frm, in->in_essid, in->in_esslen); 2633 frm += in->in_esslen; 2634 2635 mode = ieee80211_chan2mode(ic, ic->ic_curchan); 2636 rs = &ic->ic_sup_rates[mode]; 2637 2638 /* add supported rates IE */ 2639 *frm++ = IEEE80211_ELEMID_RATES; 2640 nrates = rs->ir_nrates; 2641 if (nrates > IEEE80211_RATE_SIZE) 2642 nrates = IEEE80211_RATE_SIZE; 2643 *frm++ = (uint8_t)nrates; 2644 (void) memcpy(frm, rs->ir_rates, nrates); 2645 frm += nrates; 2646 2647 /* add supported xrates IE */ 2648 if (rs->ir_nrates > IEEE80211_RATE_SIZE) { 2649 nrates = rs->ir_nrates - IEEE80211_RATE_SIZE; 2650 *frm++ = IEEE80211_ELEMID_XRATES; 2651 *frm++ = (uint8_t)nrates; 2652 (void) memcpy(frm, rs->ir_rates + IEEE80211_RATE_SIZE, nrates); 2653 frm += nrates; 2654 } 2655 2656 /* add optionnal IE (usually an RSN IE) */ 2657 if (ic->ic_opt_ie != NULL) { 2658 (void) memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); 2659 frm += ic->ic_opt_ie_len; 2660 } 2661 2662 /* setup length of probe request */ 2663 hdr->pbrlen = LE_16(frm - (uint8_t *)wh); 2664 2665 /* align on a 4-byte boundary */ 2666 chan = (wpi_scan_chan_t *)frm; 2667 for (i = 1; i <= hdr->nchan; i++, chan++) { 2668 chan->flags = 3; 2669 chan->chan = (uint8_t)i; 2670 chan->magic = LE_16(0x62ab); 2671 chan->active = LE_16(20); 2672 chan->passive = LE_16(120); 2673 2674 frm += sizeof (wpi_scan_chan_t); 2675 } 2676 2677 pktlen = frm - (uint8_t *)cmd; 2678 2679 desc->flags = LE_32(WPI_PAD32(pktlen) << 28 | 1 << 24); 2680 desc->segs[0].addr = LE_32(data->dma_data.cookie.dmac_address); 2681 desc->segs[0].len = LE_32(pktlen); 2682 2683 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2684 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2685 2686 /* kick cmd ring */ 2687 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2688 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2689 2690 return (WPI_SUCCESS); /* will be notified async. of failure/success */ 2691 } 2692 2693 static int 2694 wpi_config(wpi_sc_t *sc) 2695 { 2696 ieee80211com_t *ic = &sc->sc_ic; 2697 wpi_txpower_t txpower; 2698 wpi_power_t power; 2699 #ifdef WPI_BLUE_COEXISTENCE 2700 wpi_bluetooth_t bluetooth; 2701 #endif 2702 wpi_node_t node; 2703 int err; 2704 2705 /* Intel's binary only daemon is a joke.. */ 2706 2707 /* set Tx power for 2.4GHz channels (values read from EEPROM) */ 2708 (void) memset(&txpower, 0, sizeof (txpower)); 2709 (void) memcpy(txpower.pwr1, sc->sc_pwr1, 14 * sizeof (uint16_t)); 2710 (void) memcpy(txpower.pwr2, sc->sc_pwr2, 14 * sizeof (uint16_t)); 2711 err = wpi_cmd(sc, WPI_CMD_TXPOWER, &txpower, sizeof (txpower), 0); 2712 if (err != WPI_SUCCESS) { 2713 cmn_err(CE_WARN, "wpi_config(): failed to set txpower\n"); 2714 return (err); 2715 } 2716 2717 /* set power mode */ 2718 (void) memset(&power, 0, sizeof (power)); 2719 power.flags = LE_32(0x8); 2720 err = wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &power, sizeof (power), 0); 2721 if (err != WPI_SUCCESS) { 2722 cmn_err(CE_WARN, "wpi_config(): failed to set power mode\n"); 2723 return (err); 2724 } 2725 #ifdef WPI_BLUE_COEXISTENCE 2726 /* configure bluetooth coexistence */ 2727 (void) memset(&bluetooth, 0, sizeof (bluetooth)); 2728 bluetooth.flags = 3; 2729 bluetooth.lead = 0xaa; 2730 bluetooth.kill = 1; 2731 err = wpi_cmd(sc, WPI_CMD_BLUETOOTH, &bluetooth, 2732 sizeof (bluetooth), 0); 2733 if (err != WPI_SUCCESS) { 2734 cmn_err(CE_WARN, 2735 "wpi_config(): " 2736 "failed to configurate bluetooth coexistence\n"); 2737 return (err); 2738 } 2739 #endif 2740 /* configure adapter */ 2741 (void) memset(&sc->sc_config, 0, sizeof (wpi_config_t)); 2742 IEEE80211_ADDR_COPY(sc->sc_config.myaddr, ic->ic_macaddr); 2743 sc->sc_config.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2744 sc->sc_config.flags = LE_32(WPI_CONFIG_TSF | WPI_CONFIG_AUTO | 2745 WPI_CONFIG_24GHZ); 2746 sc->sc_config.filter = 0; 2747 switch (ic->ic_opmode) { 2748 case IEEE80211_M_STA: 2749 sc->sc_config.mode = WPI_MODE_STA; 2750 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST); 2751 break; 2752 case IEEE80211_M_IBSS: 2753 case IEEE80211_M_AHDEMO: 2754 sc->sc_config.mode = WPI_MODE_IBSS; 2755 break; 2756 case IEEE80211_M_HOSTAP: 2757 sc->sc_config.mode = WPI_MODE_HOSTAP; 2758 break; 2759 case IEEE80211_M_MONITOR: 2760 sc->sc_config.mode = WPI_MODE_MONITOR; 2761 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST | 2762 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2763 break; 2764 } 2765 sc->sc_config.cck_mask = 0x0f; /* not yet negotiated */ 2766 sc->sc_config.ofdm_mask = 0xff; /* not yet negotiated */ 2767 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2768 sizeof (wpi_config_t), 0); 2769 if (err != WPI_SUCCESS) { 2770 cmn_err(CE_WARN, "wpi_config(): " 2771 "failed to set configure command\n"); 2772 return (err); 2773 } 2774 2775 /* add broadcast node */ 2776 (void) memset(&node, 0, sizeof (node)); 2777 (void) memset(node.bssid, 0xff, 6); 2778 node.id = WPI_ID_BROADCAST; 2779 node.rate = wpi_plcp_signal(2); 2780 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 0); 2781 if (err != WPI_SUCCESS) { 2782 cmn_err(CE_WARN, "wpi_config(): " 2783 "failed to add broadcast node\n"); 2784 return (err); 2785 } 2786 2787 return (WPI_SUCCESS); 2788 } 2789 2790 static void 2791 wpi_stop_master(wpi_sc_t *sc) 2792 { 2793 uint32_t tmp; 2794 int ntries; 2795 2796 tmp = WPI_READ(sc, WPI_RESET); 2797 WPI_WRITE(sc, WPI_RESET, tmp | WPI_STOP_MASTER); 2798 2799 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2800 if ((tmp & WPI_GPIO_PWR_STATUS) == WPI_GPIO_PWR_SLEEP) 2801 return; /* already asleep */ 2802 2803 for (ntries = 0; ntries < 2000; ntries++) { 2804 if (WPI_READ(sc, WPI_RESET) & WPI_MASTER_DISABLED) 2805 break; 2806 DELAY(1000); 2807 } 2808 if (ntries == 2000) 2809 WPI_DBG((WPI_DEBUG_HW, "timeout waiting for master\n")); 2810 } 2811 2812 static int 2813 wpi_power_up(wpi_sc_t *sc) 2814 { 2815 uint32_t tmp; 2816 int ntries; 2817 2818 wpi_mem_lock(sc); 2819 tmp = wpi_mem_read(sc, WPI_MEM_POWER); 2820 wpi_mem_write(sc, WPI_MEM_POWER, tmp & ~0x03000000); 2821 wpi_mem_unlock(sc); 2822 2823 for (ntries = 0; ntries < 5000; ntries++) { 2824 if (WPI_READ(sc, WPI_GPIO_STATUS) & WPI_POWERED) 2825 break; 2826 DELAY(10); 2827 } 2828 if (ntries == 5000) { 2829 cmn_err(CE_WARN, 2830 "wpi_power_up(): timeout waiting for NIC to power up\n"); 2831 return (ETIMEDOUT); 2832 } 2833 return (WPI_SUCCESS); 2834 } 2835 2836 static int 2837 wpi_reset(wpi_sc_t *sc) 2838 { 2839 uint32_t tmp; 2840 int ntries; 2841 2842 /* clear any pending interrupts */ 2843 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 2844 2845 tmp = WPI_READ(sc, WPI_PLL_CTL); 2846 WPI_WRITE(sc, WPI_PLL_CTL, tmp | WPI_PLL_INIT); 2847 2848 tmp = WPI_READ(sc, WPI_CHICKEN); 2849 WPI_WRITE(sc, WPI_CHICKEN, tmp | WPI_CHICKEN_RXNOLOS); 2850 2851 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2852 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_INIT); 2853 2854 /* wait for clock stabilization */ 2855 for (ntries = 0; ntries < 1000; ntries++) { 2856 if (WPI_READ(sc, WPI_GPIO_CTL) & WPI_GPIO_CLOCK) 2857 break; 2858 DELAY(10); 2859 } 2860 if (ntries == 1000) { 2861 cmn_err(CE_WARN, 2862 "wpi_reset(): timeout waiting for clock stabilization\n"); 2863 return (ETIMEDOUT); 2864 } 2865 2866 /* initialize EEPROM */ 2867 tmp = WPI_READ(sc, WPI_EEPROM_STATUS); 2868 if ((tmp & WPI_EEPROM_VERSION) == 0) { 2869 cmn_err(CE_WARN, "wpi_reset(): EEPROM not found\n"); 2870 return (EIO); 2871 } 2872 WPI_WRITE(sc, WPI_EEPROM_STATUS, tmp & ~WPI_EEPROM_LOCKED); 2873 2874 return (WPI_SUCCESS); 2875 } 2876 2877 static void 2878 wpi_hw_config(wpi_sc_t *sc) 2879 { 2880 uint16_t val; 2881 uint32_t hw; 2882 2883 /* voodoo from the Linux "driver".. */ 2884 hw = WPI_READ(sc, WPI_HWCONFIG); 2885 2886 if ((sc->sc_rev & 0xc0) == 0x40) 2887 hw |= WPI_HW_ALM_MB; 2888 else if (!(sc->sc_rev & 0x80)) 2889 hw |= WPI_HW_ALM_MM; 2890 2891 val = wpi_read_prom_word(sc, WPI_EEPROM_CAPABILITIES); 2892 if ((val & 0xff) == 0x80) 2893 hw |= WPI_HW_SKU_MRC; 2894 2895 val = wpi_read_prom_word(sc, WPI_EEPROM_REVISION); 2896 hw &= ~WPI_HW_REV_D; 2897 if ((val & 0xf0) == 0xd0) 2898 hw |= WPI_HW_REV_D; 2899 2900 val = wpi_read_prom_word(sc, WPI_EEPROM_TYPE); 2901 if ((val & 0xff) > 1) 2902 hw |= WPI_HW_TYPE_B; 2903 2904 WPI_DBG((WPI_DEBUG_HW, "setting h/w config %x\n", hw)); 2905 WPI_WRITE(sc, WPI_HWCONFIG, hw); 2906 } 2907 2908 static int 2909 wpi_init(wpi_sc_t *sc) 2910 { 2911 uint32_t tmp; 2912 int qid, ntries, err; 2913 clock_t clk; 2914 2915 mutex_enter(&sc->sc_glock); 2916 sc->sc_flags &= ~WPI_F_FW_INIT; 2917 2918 (void) wpi_reset(sc); 2919 2920 wpi_mem_lock(sc); 2921 wpi_mem_write(sc, WPI_MEM_CLOCK1, 0xa00); 2922 DELAY(20); 2923 tmp = wpi_mem_read(sc, WPI_MEM_PCIDEV); 2924 wpi_mem_write(sc, WPI_MEM_PCIDEV, tmp | 0x800); 2925 wpi_mem_unlock(sc); 2926 2927 (void) wpi_power_up(sc); 2928 wpi_hw_config(sc); 2929 2930 /* init Rx ring */ 2931 wpi_mem_lock(sc); 2932 WPI_WRITE(sc, WPI_RX_BASE, sc->sc_rxq.dma_desc.cookie.dmac_address); 2933 WPI_WRITE(sc, WPI_RX_RIDX_PTR, 2934 (uint32_t)(sc->sc_dma_sh.cookie.dmac_address + 2935 offsetof(wpi_shared_t, next))); 2936 WPI_WRITE(sc, WPI_RX_WIDX, (WPI_RX_RING_COUNT - 1) & (~7)); 2937 WPI_WRITE(sc, WPI_RX_CONFIG, 0xa9601010); 2938 wpi_mem_unlock(sc); 2939 2940 /* init Tx rings */ 2941 wpi_mem_lock(sc); 2942 wpi_mem_write(sc, WPI_MEM_MODE, 2); /* bypass mode */ 2943 wpi_mem_write(sc, WPI_MEM_RA, 1); /* enable RA0 */ 2944 wpi_mem_write(sc, WPI_MEM_TXCFG, 0x3f); /* enable all 6 Tx rings */ 2945 wpi_mem_write(sc, WPI_MEM_BYPASS1, 0x10000); 2946 wpi_mem_write(sc, WPI_MEM_BYPASS2, 0x30002); 2947 wpi_mem_write(sc, WPI_MEM_MAGIC4, 4); 2948 wpi_mem_write(sc, WPI_MEM_MAGIC5, 5); 2949 2950 WPI_WRITE(sc, WPI_TX_BASE_PTR, sc->sc_dma_sh.cookie.dmac_address); 2951 WPI_WRITE(sc, WPI_MSG_CONFIG, 0xffff05a5); 2952 2953 for (qid = 0; qid < 6; qid++) { 2954 WPI_WRITE(sc, WPI_TX_CTL(qid), 0); 2955 WPI_WRITE(sc, WPI_TX_BASE(qid), 0); 2956 WPI_WRITE(sc, WPI_TX_CONFIG(qid), 0x80200008); 2957 } 2958 wpi_mem_unlock(sc); 2959 2960 /* clear "radio off" and "disable command" bits (reversed logic) */ 2961 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_RADIO_OFF); 2962 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_DISABLE_CMD); 2963 2964 /* clear any pending interrupts */ 2965 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 2966 2967 /* enable interrupts */ 2968 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 2969 2970 /* load firmware boot code into NIC */ 2971 err = wpi_load_microcode(sc); 2972 if (err != WPI_SUCCESS) { 2973 cmn_err(CE_WARN, "wpi_init(): failed to load microcode\n"); 2974 goto fail1; 2975 } 2976 2977 /* load firmware .text segment into NIC */ 2978 err = wpi_load_firmware(sc, WPI_FW_TEXT); 2979 if (err != WPI_SUCCESS) { 2980 cmn_err(CE_WARN, "wpi_init(): " 2981 "failed to load firmware(text)\n"); 2982 goto fail1; 2983 } 2984 2985 /* load firmware .data segment into NIC */ 2986 err = wpi_load_firmware(sc, WPI_FW_DATA); 2987 if (err != WPI_SUCCESS) { 2988 cmn_err(CE_WARN, "wpi_init(): " 2989 "failed to load firmware(data)\n"); 2990 goto fail1; 2991 } 2992 2993 /* now press "execute" ;-) */ 2994 tmp = WPI_READ(sc, WPI_RESET); 2995 tmp &= ~(WPI_MASTER_DISABLED | WPI_STOP_MASTER | WPI_NEVO_RESET); 2996 WPI_WRITE(sc, WPI_RESET, tmp); 2997 2998 /* ..and wait at most one second for adapter to initialize */ 2999 clk = ddi_get_lbolt() + drv_usectohz(2000000); 3000 while (!(sc->sc_flags & WPI_F_FW_INIT)) { 3001 if (cv_timedwait(&sc->sc_fw_cv, &sc->sc_glock, clk) < 0) 3002 break; 3003 } 3004 if (!(sc->sc_flags & WPI_F_FW_INIT)) { 3005 cmn_err(CE_WARN, 3006 "wpi_init(): timeout waiting for firmware init\n"); 3007 goto fail1; 3008 } 3009 3010 /* wait for thermal sensors to calibrate */ 3011 for (ntries = 0; ntries < 1000; ntries++) { 3012 if (WPI_READ(sc, WPI_TEMPERATURE) != 0) 3013 break; 3014 DELAY(10); 3015 } 3016 3017 if (ntries == 1000) { 3018 WPI_DBG((WPI_DEBUG_HW, 3019 "wpi_init(): timeout waiting for thermal sensors " 3020 "calibration\n")); 3021 } 3022 3023 WPI_DBG((WPI_DEBUG_HW, "temperature %d\n", 3024 (int)WPI_READ(sc, WPI_TEMPERATURE))); 3025 3026 err = wpi_config(sc); 3027 if (err) { 3028 cmn_err(CE_WARN, "wpi_init(): failed to configure device\n"); 3029 goto fail1; 3030 } 3031 3032 mutex_exit(&sc->sc_glock); 3033 return (WPI_SUCCESS); 3034 3035 fail1: 3036 err = WPI_FAIL; 3037 mutex_exit(&sc->sc_glock); 3038 return (err); 3039 } 3040 3041 static void 3042 wpi_stop(wpi_sc_t *sc) 3043 { 3044 uint32_t tmp; 3045 int ac; 3046 3047 3048 mutex_enter(&sc->sc_glock); 3049 /* disable interrupts */ 3050 WPI_WRITE(sc, WPI_MASK, 0); 3051 WPI_WRITE(sc, WPI_INTR, WPI_INTR_MASK); 3052 WPI_WRITE(sc, WPI_INTR_STATUS, 0xff); 3053 WPI_WRITE(sc, WPI_INTR_STATUS, 0x00070000); 3054 3055 wpi_mem_lock(sc); 3056 wpi_mem_write(sc, WPI_MEM_MODE, 0); 3057 wpi_mem_unlock(sc); 3058 3059 /* reset all Tx rings */ 3060 for (ac = 0; ac < 4; ac++) 3061 wpi_reset_tx_ring(sc, &sc->sc_txq[ac]); 3062 wpi_reset_tx_ring(sc, &sc->sc_cmdq); 3063 wpi_reset_tx_ring(sc, &sc->sc_svcq); 3064 3065 /* reset Rx ring */ 3066 wpi_reset_rx_ring(sc); 3067 3068 wpi_mem_lock(sc); 3069 wpi_mem_write(sc, WPI_MEM_CLOCK2, 0x200); 3070 wpi_mem_unlock(sc); 3071 3072 DELAY(5); 3073 3074 wpi_stop_master(sc); 3075 3076 sc->sc_tx_timer = 0; 3077 tmp = WPI_READ(sc, WPI_RESET); 3078 WPI_WRITE(sc, WPI_RESET, tmp | WPI_SW_RESET); 3079 mutex_exit(&sc->sc_glock); 3080 } 3081 3082 /* 3083 * Naive implementation of the Adaptive Multi Rate Retry algorithm: 3084 * "IEEE 802.11 Rate Adaptation: A Practical Approach" 3085 * Mathieu Lacage, Hossein Manshaei, Thierry Turletti 3086 * INRIA Sophia - Projet Planete 3087 * http://www-sop.inria.fr/rapports/sophia/RR-5208.html 3088 */ 3089 #define is_success(amrr) \ 3090 ((amrr)->retrycnt < (amrr)->txcnt / 10) 3091 #define is_failure(amrr) \ 3092 ((amrr)->retrycnt > (amrr)->txcnt / 3) 3093 #define is_enough(amrr) \ 3094 ((amrr)->txcnt > 100) 3095 #define is_min_rate(in) \ 3096 ((in)->in_txrate == 0) 3097 #define is_max_rate(in) \ 3098 ((in)->in_txrate == (in)->in_rates.ir_nrates - 1) 3099 #define increase_rate(in) \ 3100 ((in)->in_txrate++) 3101 #define decrease_rate(in) \ 3102 ((in)->in_txrate--) 3103 #define reset_cnt(amrr) \ 3104 { (amrr)->txcnt = (amrr)->retrycnt = 0; } 3105 3106 #define WPI_AMRR_MIN_SUCCESS_THRESHOLD 1 3107 #define WPI_AMRR_MAX_SUCCESS_THRESHOLD 15 3108 3109 static void 3110 wpi_amrr_init(wpi_amrr_t *amrr) 3111 { 3112 amrr->success = 0; 3113 amrr->recovery = 0; 3114 amrr->txcnt = amrr->retrycnt = 0; 3115 amrr->success_threshold = WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3116 } 3117 3118 static void 3119 wpi_amrr_timeout(wpi_sc_t *sc) 3120 { 3121 ieee80211com_t *ic = &sc->sc_ic; 3122 3123 WPI_DBG((WPI_DEBUG_RATECTL, "wpi_amrr_timeout() enter\n")); 3124 if (ic->ic_opmode == IEEE80211_M_STA) 3125 wpi_amrr_ratectl(NULL, ic->ic_bss); 3126 else 3127 ieee80211_iterate_nodes(&ic->ic_sta, wpi_amrr_ratectl, NULL); 3128 sc->sc_clk = ddi_get_lbolt(); 3129 } 3130 3131 /* ARGSUSED */ 3132 static void 3133 wpi_amrr_ratectl(void *arg, ieee80211_node_t *in) 3134 { 3135 wpi_amrr_t *amrr = (wpi_amrr_t *)in; 3136 int need_change = 0; 3137 3138 if (is_success(amrr) && is_enough(amrr)) { 3139 amrr->success++; 3140 if (amrr->success >= amrr->success_threshold && 3141 !is_max_rate(in)) { 3142 amrr->recovery = 1; 3143 amrr->success = 0; 3144 increase_rate(in); 3145 WPI_DBG((WPI_DEBUG_RATECTL, 3146 "AMRR increasing rate %d (txcnt=%d retrycnt=%d)\n", 3147 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3148 need_change = 1; 3149 } else { 3150 amrr->recovery = 0; 3151 } 3152 } else if (is_failure(amrr)) { 3153 amrr->success = 0; 3154 if (!is_min_rate(in)) { 3155 if (amrr->recovery) { 3156 amrr->success_threshold++; 3157 if (amrr->success_threshold > 3158 WPI_AMRR_MAX_SUCCESS_THRESHOLD) 3159 amrr->success_threshold = 3160 WPI_AMRR_MAX_SUCCESS_THRESHOLD; 3161 } else { 3162 amrr->success_threshold = 3163 WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3164 } 3165 decrease_rate(in); 3166 WPI_DBG((WPI_DEBUG_RATECTL, 3167 "AMRR decreasing rate %d (txcnt=%d retrycnt=%d)\n", 3168 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3169 need_change = 1; 3170 } 3171 amrr->recovery = 0; /* paper is incorrect */ 3172 } 3173 3174 if (is_enough(amrr) || need_change) 3175 reset_cnt(amrr); 3176 } 3177