xref: /titanic_44/usr/src/uts/common/io/arn/arn_main.c (revision bde3d612a7c090234c60e6e4578821237a5db135)
1 /*
2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2008 Atheros Communications Inc.
8  *
9  * Permission to use, copy, modify, and/or distribute this software for any
10  * purpose with or without fee is hereby granted, provided that the above
11  * copyright notice and this permission notice appear in all copies.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20  */
21 
22 #include <sys/sysmacros.h>
23 #include <sys/param.h>
24 #include <sys/types.h>
25 #include <sys/signal.h>
26 #include <sys/stream.h>
27 #include <sys/termio.h>
28 #include <sys/errno.h>
29 #include <sys/file.h>
30 #include <sys/cmn_err.h>
31 #include <sys/stropts.h>
32 #include <sys/strsubr.h>
33 #include <sys/strtty.h>
34 #include <sys/kbio.h>
35 #include <sys/cred.h>
36 #include <sys/stat.h>
37 #include <sys/consdev.h>
38 #include <sys/kmem.h>
39 #include <sys/modctl.h>
40 #include <sys/ddi.h>
41 #include <sys/sunddi.h>
42 #include <sys/pci.h>
43 #include <sys/errno.h>
44 #include <sys/mac_provider.h>
45 #include <sys/dlpi.h>
46 #include <sys/ethernet.h>
47 #include <sys/list.h>
48 #include <sys/byteorder.h>
49 #include <sys/strsun.h>
50 #include <sys/policy.h>
51 #include <inet/common.h>
52 #include <inet/nd.h>
53 #include <inet/mi.h>
54 #include <inet/wifi_ioctl.h>
55 #include <sys/mac_wifi.h>
56 #include <sys/net80211.h>
57 #include <sys/net80211_proto.h>
58 #include <sys/net80211_ht.h>
59 
60 
61 #include "arn_ath9k.h"
62 #include "arn_core.h"
63 #include "arn_reg.h"
64 #include "arn_hw.h"
65 
66 #define	ARN_MAX_RSSI	45	/* max rssi */
67 
68 /*
69  * Default 11n reates supported by this station.
70  */
71 extern struct ieee80211_htrateset ieee80211_rateset_11n;
72 
73 /*
74  * PIO access attributes for registers
75  */
76 static ddi_device_acc_attr_t arn_reg_accattr = {
77 	DDI_DEVICE_ATTR_V0,
78 	DDI_STRUCTURE_LE_ACC,
79 	DDI_STRICTORDER_ACC,
80 	DDI_DEFAULT_ACC
81 };
82 
83 /*
84  * DMA access attributes for descriptors: NOT to be byte swapped.
85  */
86 static ddi_device_acc_attr_t arn_desc_accattr = {
87 	DDI_DEVICE_ATTR_V0,
88 	DDI_STRUCTURE_LE_ACC,
89 	DDI_STRICTORDER_ACC,
90 	DDI_DEFAULT_ACC
91 };
92 
93 /*
94  * Describes the chip's DMA engine
95  */
96 static ddi_dma_attr_t arn_dma_attr = {
97 	DMA_ATTR_V0,	/* version number */
98 	0,				/* low address */
99 	0xffffffffU,	/* high address */
100 	0x3ffffU,		/* counter register max */
101 	1,				/* alignment */
102 	0xFFF,			/* burst sizes */
103 	1,				/* minimum transfer size */
104 	0x3ffffU,		/* max transfer size */
105 	0xffffffffU,	/* address register max */
106 	1,				/* no scatter-gather */
107 	1,				/* granularity of device */
108 	0,				/* DMA flags */
109 };
110 
111 static ddi_dma_attr_t arn_desc_dma_attr = {
112 	DMA_ATTR_V0,	/* version number */
113 	0,				/* low address */
114 	0xffffffffU,	/* high address */
115 	0xffffffffU,	/* counter register max */
116 	0x1000,			/* alignment */
117 	0xFFF,			/* burst sizes */
118 	1,				/* minimum transfer size */
119 	0xffffffffU,	/* max transfer size */
120 	0xffffffffU,	/* address register max */
121 	1,				/* no scatter-gather */
122 	1,				/* granularity of device */
123 	0,				/* DMA flags */
124 };
125 
126 #define	ATH_DEF_CACHE_BYTES	32 /* default cache line size */
127 
128 static kmutex_t arn_loglock;
129 static void *arn_soft_state_p = NULL;
130 static int arn_dwelltime = 200; /* scan interval */
131 
132 static int	arn_m_stat(void *,  uint_t, uint64_t *);
133 static int	arn_m_start(void *);
134 static void	arn_m_stop(void *);
135 static int	arn_m_promisc(void *, boolean_t);
136 static int	arn_m_multicst(void *, boolean_t, const uint8_t *);
137 static int	arn_m_unicst(void *, const uint8_t *);
138 static mblk_t	*arn_m_tx(void *, mblk_t *);
139 static void	arn_m_ioctl(void *, queue_t *, mblk_t *);
140 static int	arn_m_setprop(void *, const char *, mac_prop_id_t,
141     uint_t, const void *);
142 static int	arn_m_getprop(void *, const char *, mac_prop_id_t,
143     uint_t, void *);
144 static void	arn_m_propinfo(void *, const char *, mac_prop_id_t,
145     mac_prop_info_handle_t);
146 
147 /* MAC Callcack Functions */
148 static mac_callbacks_t arn_m_callbacks = {
149 	MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO,
150 	arn_m_stat,
151 	arn_m_start,
152 	arn_m_stop,
153 	arn_m_promisc,
154 	arn_m_multicst,
155 	arn_m_unicst,
156 	arn_m_tx,
157 	NULL,
158 	arn_m_ioctl,
159 	NULL,
160 	NULL,
161 	NULL,
162 	arn_m_setprop,
163 	arn_m_getprop,
164 	arn_m_propinfo
165 };
166 
167 /*
168  * ARN_DBG_HW
169  * ARN_DBG_REG_IO
170  * ARN_DBG_QUEUE
171  * ARN_DBG_EEPROM
172  * ARN_DBG_XMIT
173  * ARN_DBG_RECV
174  * ARN_DBG_CALIBRATE
175  * ARN_DBG_CHANNEL
176  * ARN_DBG_INTERRUPT
177  * ARN_DBG_REGULATORY
178  * ARN_DBG_ANI
179  * ARN_DBG_POWER_MGMT
180  * ARN_DBG_KEYCACHE
181  * ARN_DBG_BEACON
182  * ARN_DBG_RATE
183  * ARN_DBG_INIT
184  * ARN_DBG_ATTACH
185  * ARN_DBG_DEATCH
186  * ARN_DBG_AGGR
187  * ARN_DBG_RESET
188  * ARN_DBG_FATAL
189  * ARN_DBG_ANY
190  * ARN_DBG_ALL
191  */
192 uint32_t arn_dbg_mask = 0;
193 
194 /*
195  * Exception/warning cases not leading to panic.
196  */
197 void
198 arn_problem(const int8_t *fmt, ...)
199 {
200 	va_list args;
201 
202 	mutex_enter(&arn_loglock);
203 
204 	va_start(args, fmt);
205 	vcmn_err(CE_WARN, fmt, args);
206 	va_end(args);
207 
208 	mutex_exit(&arn_loglock);
209 }
210 
211 /*
212  * Normal log information independent of debug.
213  */
214 void
215 arn_log(const int8_t *fmt, ...)
216 {
217 	va_list args;
218 
219 	mutex_enter(&arn_loglock);
220 
221 	va_start(args, fmt);
222 	vcmn_err(CE_CONT, fmt, args);
223 	va_end(args);
224 
225 	mutex_exit(&arn_loglock);
226 }
227 
228 void
229 arn_dbg(uint32_t dbg_flags, const int8_t *fmt, ...)
230 {
231 	va_list args;
232 
233 	if (dbg_flags & arn_dbg_mask) {
234 		mutex_enter(&arn_loglock);
235 		va_start(args, fmt);
236 		vcmn_err(CE_CONT, fmt, args);
237 		va_end(args);
238 		mutex_exit(&arn_loglock);
239 	}
240 }
241 
242 /*
243  * Read and write, they both share the same lock. We do this to serialize
244  * reads and writes on Atheros 802.11n PCI devices only. This is required
245  * as the FIFO on these devices can only accept sanely 2 requests. After
246  * that the device goes bananas. Serializing the reads/writes prevents this
247  * from happening.
248  */
249 void
250 arn_iowrite32(struct ath_hal *ah, uint32_t reg_offset, uint32_t val)
251 {
252 	struct arn_softc *sc = ah->ah_sc;
253 	if (ah->ah_config.serialize_regmode == SER_REG_MODE_ON) {
254 		mutex_enter(&sc->sc_serial_rw);
255 		ddi_put32(sc->sc_io_handle,
256 		    (uint32_t *)((uintptr_t)(sc->mem) + (reg_offset)), val);
257 		mutex_exit(&sc->sc_serial_rw);
258 	} else {
259 		ddi_put32(sc->sc_io_handle,
260 		    (uint32_t *)((uintptr_t)(sc->mem) + (reg_offset)), val);
261 	}
262 }
263 
264 unsigned int
265 arn_ioread32(struct ath_hal *ah, uint32_t reg_offset)
266 {
267 	uint32_t val;
268 	struct arn_softc *sc = ah->ah_sc;
269 	if (ah->ah_config.serialize_regmode == SER_REG_MODE_ON) {
270 		mutex_enter(&sc->sc_serial_rw);
271 		val = ddi_get32(sc->sc_io_handle,
272 		    (uint32_t *)((uintptr_t)(sc->mem) + (reg_offset)));
273 		mutex_exit(&sc->sc_serial_rw);
274 	} else {
275 		val = ddi_get32(sc->sc_io_handle,
276 		    (uint32_t *)((uintptr_t)(sc->mem) + (reg_offset)));
277 	}
278 
279 	return (val);
280 }
281 
282 /*
283  * Allocate an area of memory and a DMA handle for accessing it
284  */
285 static int
286 arn_alloc_dma_mem(dev_info_t *devinfo, ddi_dma_attr_t *dma_attr, size_t memsize,
287     ddi_device_acc_attr_t *attr_p, uint_t alloc_flags,
288     uint_t bind_flags, dma_area_t *dma_p)
289 {
290 	int err;
291 
292 	/*
293 	 * Allocate handle
294 	 */
295 	err = ddi_dma_alloc_handle(devinfo, dma_attr,
296 	    DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl);
297 	if (err != DDI_SUCCESS)
298 		return (DDI_FAILURE);
299 
300 	/*
301 	 * Allocate memory
302 	 */
303 	err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, attr_p,
304 	    alloc_flags, DDI_DMA_SLEEP, NULL, &dma_p->mem_va,
305 	    &dma_p->alength, &dma_p->acc_hdl);
306 	if (err != DDI_SUCCESS)
307 		return (DDI_FAILURE);
308 
309 	/*
310 	 * Bind the two together
311 	 */
312 	err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL,
313 	    dma_p->mem_va, dma_p->alength, bind_flags,
314 	    DDI_DMA_SLEEP, NULL, &dma_p->cookie, &dma_p->ncookies);
315 	if (err != DDI_DMA_MAPPED)
316 		return (DDI_FAILURE);
317 
318 	dma_p->nslots = ~0U;
319 	dma_p->size = ~0U;
320 	dma_p->token = ~0U;
321 	dma_p->offset = 0;
322 	return (DDI_SUCCESS);
323 }
324 
325 /*
326  * Free one allocated area of DMAable memory
327  */
328 static void
329 arn_free_dma_mem(dma_area_t *dma_p)
330 {
331 	if (dma_p->dma_hdl != NULL) {
332 		(void) ddi_dma_unbind_handle(dma_p->dma_hdl);
333 		if (dma_p->acc_hdl != NULL) {
334 			ddi_dma_mem_free(&dma_p->acc_hdl);
335 			dma_p->acc_hdl = NULL;
336 		}
337 		ddi_dma_free_handle(&dma_p->dma_hdl);
338 		dma_p->ncookies = 0;
339 		dma_p->dma_hdl = NULL;
340 	}
341 }
342 
343 /*
344  * Initialize tx, rx. or beacon buffer list. Allocate DMA memory for
345  * each buffer.
346  */
347 static int
348 arn_buflist_setup(dev_info_t *devinfo,
349     struct arn_softc *sc,
350     list_t *bflist,
351     struct ath_buf **pbf,
352     struct ath_desc **pds,
353     int nbuf,
354     uint_t dmabflags,
355     uint32_t buflen)
356 {
357 	int i, err;
358 	struct ath_buf *bf = *pbf;
359 	struct ath_desc *ds = *pds;
360 
361 	list_create(bflist, sizeof (struct ath_buf),
362 	    offsetof(struct ath_buf, bf_node));
363 	for (i = 0; i < nbuf; i++, bf++, ds++) {
364 		bf->bf_desc = ds;
365 		bf->bf_daddr = sc->sc_desc_dma.cookie.dmac_address +
366 		    ((uintptr_t)ds - (uintptr_t)sc->sc_desc);
367 		list_insert_tail(bflist, bf);
368 
369 		/* alloc DMA memory */
370 		err = arn_alloc_dma_mem(devinfo, &arn_dma_attr,
371 		    buflen, &arn_desc_accattr, DDI_DMA_STREAMING,
372 		    dmabflags, &bf->bf_dma);
373 		if (err != DDI_SUCCESS)
374 			return (err);
375 	}
376 	*pbf = bf;
377 	*pds = ds;
378 
379 	return (DDI_SUCCESS);
380 }
381 
382 /*
383  * Destroy tx, rx or beacon buffer list. Free DMA memory.
384  */
385 static void
386 arn_buflist_cleanup(list_t *buflist)
387 {
388 	struct ath_buf *bf;
389 
390 	if (!buflist)
391 		return;
392 
393 	bf = list_head(buflist);
394 	while (bf != NULL) {
395 		if (bf->bf_m != NULL) {
396 			freemsg(bf->bf_m);
397 			bf->bf_m = NULL;
398 		}
399 		/* Free DMA buffer */
400 		arn_free_dma_mem(&bf->bf_dma);
401 		if (bf->bf_in != NULL) {
402 			ieee80211_free_node(bf->bf_in);
403 			bf->bf_in = NULL;
404 		}
405 		list_remove(buflist, bf);
406 		bf = list_head(buflist);
407 	}
408 	list_destroy(buflist);
409 }
410 
411 static void
412 arn_desc_free(struct arn_softc *sc)
413 {
414 	arn_buflist_cleanup(&sc->sc_txbuf_list);
415 	arn_buflist_cleanup(&sc->sc_rxbuf_list);
416 #ifdef ARN_IBSS
417 	arn_buflist_cleanup(&sc->sc_bcbuf_list);
418 #endif
419 
420 	/* Free descriptor DMA buffer */
421 	arn_free_dma_mem(&sc->sc_desc_dma);
422 
423 	kmem_free((void *)sc->sc_vbufptr, sc->sc_vbuflen);
424 	sc->sc_vbufptr = NULL;
425 }
426 
427 static int
428 arn_desc_alloc(dev_info_t *devinfo, struct arn_softc *sc)
429 {
430 	int err;
431 	size_t size;
432 	struct ath_desc *ds;
433 	struct ath_buf *bf;
434 
435 #ifdef ARN_IBSS
436 	size = sizeof (struct ath_desc) * (ATH_TXBUF + ATH_RXBUF + ATH_BCBUF);
437 #else
438 	size = sizeof (struct ath_desc) * (ATH_TXBUF + ATH_RXBUF);
439 #endif
440 
441 	err = arn_alloc_dma_mem(devinfo, &arn_desc_dma_attr, size,
442 	    &arn_desc_accattr, DDI_DMA_CONSISTENT,
443 	    DDI_DMA_RDWR | DDI_DMA_CONSISTENT, &sc->sc_desc_dma);
444 
445 	/* virtual address of the first descriptor */
446 	sc->sc_desc = (struct ath_desc *)sc->sc_desc_dma.mem_va;
447 
448 	ds = sc->sc_desc;
449 	ARN_DBG((ARN_DBG_INIT, "arn: arn_desc_alloc(): DMA map: "
450 	    "%p (%d) -> %p\n",
451 	    sc->sc_desc, sc->sc_desc_dma.alength,
452 	    sc->sc_desc_dma.cookie.dmac_address));
453 
454 	/* allocate data structures to describe TX/RX DMA buffers */
455 #ifdef ARN_IBSS
456 	sc->sc_vbuflen = sizeof (struct ath_buf) * (ATH_TXBUF + ATH_RXBUF +
457 	    ATH_BCBUF);
458 #else
459 	sc->sc_vbuflen = sizeof (struct ath_buf) * (ATH_TXBUF + ATH_RXBUF);
460 #endif
461 	bf = (struct ath_buf *)kmem_zalloc(sc->sc_vbuflen, KM_SLEEP);
462 	sc->sc_vbufptr = bf;
463 
464 	/* DMA buffer size for each TX/RX packet */
465 #ifdef ARN_TX_AGGREGRATION
466 	sc->tx_dmabuf_size =
467 	    roundup((IEEE80211_MAX_MPDU_LEN + 3840 * 2),
468 	    min(sc->sc_cachelsz, (uint16_t)64));
469 #else
470 	sc->tx_dmabuf_size =
471 	    roundup(IEEE80211_MAX_MPDU_LEN, min(sc->sc_cachelsz, (uint16_t)64));
472 #endif
473 	sc->rx_dmabuf_size =
474 	    roundup(IEEE80211_MAX_MPDU_LEN, min(sc->sc_cachelsz, (uint16_t)64));
475 
476 	/* create RX buffer list */
477 	err = arn_buflist_setup(devinfo, sc, &sc->sc_rxbuf_list, &bf, &ds,
478 	    ATH_RXBUF, DDI_DMA_READ | DDI_DMA_STREAMING, sc->rx_dmabuf_size);
479 	if (err != DDI_SUCCESS) {
480 		arn_desc_free(sc);
481 		return (err);
482 	}
483 
484 	/* create TX buffer list */
485 	err = arn_buflist_setup(devinfo, sc, &sc->sc_txbuf_list, &bf, &ds,
486 	    ATH_TXBUF, DDI_DMA_STREAMING, sc->tx_dmabuf_size);
487 	if (err != DDI_SUCCESS) {
488 		arn_desc_free(sc);
489 		return (err);
490 	}
491 
492 	/* create beacon buffer list */
493 #ifdef ARN_IBSS
494 	err = arn_buflist_setup(devinfo, sc, &sc->sc_bcbuf_list, &bf, &ds,
495 	    ATH_BCBUF, DDI_DMA_STREAMING);
496 	if (err != DDI_SUCCESS) {
497 		arn_desc_free(sc);
498 		return (err);
499 	}
500 #endif
501 
502 	return (DDI_SUCCESS);
503 }
504 
505 static struct ath_rate_table *
506 /* LINTED E_STATIC_UNUSED */
507 arn_get_ratetable(struct arn_softc *sc, uint32_t mode)
508 {
509 	struct ath_rate_table *rate_table = NULL;
510 
511 	switch (mode) {
512 	case IEEE80211_MODE_11A:
513 		rate_table = sc->hw_rate_table[ATH9K_MODE_11A];
514 		break;
515 	case IEEE80211_MODE_11B:
516 		rate_table = sc->hw_rate_table[ATH9K_MODE_11B];
517 		break;
518 	case IEEE80211_MODE_11G:
519 		rate_table = sc->hw_rate_table[ATH9K_MODE_11G];
520 		break;
521 #ifdef ARB_11N
522 	case IEEE80211_MODE_11NA_HT20:
523 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NA_HT20];
524 		break;
525 	case IEEE80211_MODE_11NG_HT20:
526 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NG_HT20];
527 		break;
528 	case IEEE80211_MODE_11NA_HT40PLUS:
529 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NA_HT40PLUS];
530 		break;
531 	case IEEE80211_MODE_11NA_HT40MINUS:
532 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NA_HT40MINUS];
533 		break;
534 	case IEEE80211_MODE_11NG_HT40PLUS:
535 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NG_HT40PLUS];
536 		break;
537 	case IEEE80211_MODE_11NG_HT40MINUS:
538 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NG_HT40MINUS];
539 		break;
540 #endif
541 	default:
542 		ARN_DBG((ARN_DBG_FATAL, "arn: arn_get_ratetable(): "
543 		    "invalid mode %u\n", mode));
544 		return (NULL);
545 	}
546 
547 	return (rate_table);
548 
549 }
550 
551 static void
552 arn_setcurmode(struct arn_softc *sc, enum wireless_mode mode)
553 {
554 	struct ath_rate_table *rt;
555 	int i;
556 
557 	for (i = 0; i < sizeof (sc->asc_rixmap); i++)
558 		sc->asc_rixmap[i] = 0xff;
559 
560 	rt = sc->hw_rate_table[mode];
561 	ASSERT(rt != NULL);
562 
563 	for (i = 0; i < rt->rate_cnt; i++)
564 		sc->asc_rixmap[rt->info[i].dot11rate &
565 		    IEEE80211_RATE_VAL] = (uint8_t)i; /* LINT */
566 
567 	sc->sc_currates = rt;
568 	sc->sc_curmode = mode;
569 
570 	/*
571 	 * All protection frames are transmited at 2Mb/s for
572 	 * 11g, otherwise at 1Mb/s.
573 	 * XXX select protection rate index from rate table.
574 	 */
575 	sc->sc_protrix = (mode == ATH9K_MODE_11G ? 1 : 0);
576 }
577 
578 static enum wireless_mode
579 arn_chan2mode(struct ath9k_channel *chan)
580 {
581 	if (chan->chanmode == CHANNEL_A)
582 		return (ATH9K_MODE_11A);
583 	else if (chan->chanmode == CHANNEL_G)
584 		return (ATH9K_MODE_11G);
585 	else if (chan->chanmode == CHANNEL_B)
586 		return (ATH9K_MODE_11B);
587 	else if (chan->chanmode == CHANNEL_A_HT20)
588 		return (ATH9K_MODE_11NA_HT20);
589 	else if (chan->chanmode == CHANNEL_G_HT20)
590 		return (ATH9K_MODE_11NG_HT20);
591 	else if (chan->chanmode == CHANNEL_A_HT40PLUS)
592 		return (ATH9K_MODE_11NA_HT40PLUS);
593 	else if (chan->chanmode == CHANNEL_A_HT40MINUS)
594 		return (ATH9K_MODE_11NA_HT40MINUS);
595 	else if (chan->chanmode == CHANNEL_G_HT40PLUS)
596 		return (ATH9K_MODE_11NG_HT40PLUS);
597 	else if (chan->chanmode == CHANNEL_G_HT40MINUS)
598 		return (ATH9K_MODE_11NG_HT40MINUS);
599 
600 	return (ATH9K_MODE_11B);
601 }
602 
603 static void
604 arn_update_txpow(struct arn_softc *sc)
605 {
606 	struct ath_hal 	*ah = sc->sc_ah;
607 	uint32_t txpow;
608 
609 	if (sc->sc_curtxpow != sc->sc_config.txpowlimit) {
610 		(void) ath9k_hw_set_txpowerlimit(ah, sc->sc_config.txpowlimit);
611 		/* read back in case value is clamped */
612 		(void) ath9k_hw_getcapability(ah, ATH9K_CAP_TXPOW, 1, &txpow);
613 		sc->sc_curtxpow = (uint32_t)txpow;
614 	}
615 }
616 
617 uint8_t
618 parse_mpdudensity(uint8_t mpdudensity)
619 {
620 	/*
621 	 * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
622 	 *   0 for no restriction
623 	 *   1 for 1/4 us
624 	 *   2 for 1/2 us
625 	 *   3 for 1 us
626 	 *   4 for 2 us
627 	 *   5 for 4 us
628 	 *   6 for 8 us
629 	 *   7 for 16 us
630 	 */
631 	switch (mpdudensity) {
632 	case 0:
633 		return (0);
634 	case 1:
635 	case 2:
636 	case 3:
637 		/*
638 		 * Our lower layer calculations limit our
639 		 * precision to 1 microsecond
640 		 */
641 		return (1);
642 	case 4:
643 		return (2);
644 	case 5:
645 		return (4);
646 	case 6:
647 		return (8);
648 	case 7:
649 		return (16);
650 	default:
651 		return (0);
652 	}
653 }
654 
655 static void
656 arn_setup_rates(struct arn_softc *sc, uint32_t mode)
657 {
658 	int i, maxrates;
659 	struct ath_rate_table *rate_table = NULL;
660 	struct ieee80211_rateset *rateset;
661 	ieee80211com_t *ic = (ieee80211com_t *)sc;
662 
663 	/* rate_table = arn_get_ratetable(sc, mode); */
664 	switch (mode) {
665 	case IEEE80211_MODE_11A:
666 		rate_table = sc->hw_rate_table[ATH9K_MODE_11A];
667 		break;
668 	case IEEE80211_MODE_11B:
669 		rate_table = sc->hw_rate_table[ATH9K_MODE_11B];
670 		break;
671 	case IEEE80211_MODE_11G:
672 		rate_table = sc->hw_rate_table[ATH9K_MODE_11G];
673 		break;
674 #ifdef ARN_11N
675 	case IEEE80211_MODE_11NA_HT20:
676 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NA_HT20];
677 		break;
678 	case IEEE80211_MODE_11NG_HT20:
679 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NG_HT20];
680 		break;
681 	case IEEE80211_MODE_11NA_HT40PLUS:
682 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NA_HT40PLUS];
683 		break;
684 	case IEEE80211_MODE_11NA_HT40MINUS:
685 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NA_HT40MINUS];
686 		break;
687 	case IEEE80211_MODE_11NG_HT40PLUS:
688 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NG_HT40PLUS];
689 		break;
690 	case IEEE80211_MODE_11NG_HT40MINUS:
691 		rate_table = sc->hw_rate_table[ATH9K_MODE_11NG_HT40MINUS];
692 		break;
693 #endif
694 	default:
695 		ARN_DBG((ARN_DBG_RATE, "arn: arn_get_ratetable(): "
696 		    "invalid mode %u\n", mode));
697 		break;
698 	}
699 	if (rate_table == NULL)
700 		return;
701 	if (rate_table->rate_cnt > ATH_RATE_MAX) {
702 		ARN_DBG((ARN_DBG_RATE, "arn: arn_rate_setup(): "
703 		    "rate table too small (%u > %u)\n",
704 		    rate_table->rate_cnt, IEEE80211_RATE_MAXSIZE));
705 		maxrates = ATH_RATE_MAX;
706 	} else
707 		maxrates = rate_table->rate_cnt;
708 
709 	ARN_DBG((ARN_DBG_RATE, "arn: arn_rate_setup(): "
710 	    "maxrates is %d\n", maxrates));
711 
712 	rateset = &ic->ic_sup_rates[mode];
713 	for (i = 0; i < maxrates; i++) {
714 		rateset->ir_rates[i] = rate_table->info[i].dot11rate;
715 		ARN_DBG((ARN_DBG_RATE, "arn: arn_rate_setup(): "
716 		    "%d\n", rate_table->info[i].dot11rate));
717 	}
718 	rateset->ir_nrates = (uint8_t)maxrates; /* ??? */
719 }
720 
721 static int
722 arn_setup_channels(struct arn_softc *sc)
723 {
724 	struct ath_hal *ah = sc->sc_ah;
725 	ieee80211com_t *ic = (ieee80211com_t *)sc;
726 	int nchan, i, index;
727 	uint8_t regclassids[ATH_REGCLASSIDS_MAX];
728 	uint32_t nregclass = 0;
729 	struct ath9k_channel *c;
730 
731 	/* Fill in ah->ah_channels */
732 	if (!ath9k_regd_init_channels(ah, ATH_CHAN_MAX, (uint32_t *)&nchan,
733 	    regclassids, ATH_REGCLASSIDS_MAX, &nregclass, CTRY_DEFAULT,
734 	    B_FALSE, 1)) {
735 		uint32_t rd = ah->ah_currentRD;
736 		ARN_DBG((ARN_DBG_CHANNEL, "arn: arn_setup_channels(): "
737 		    "unable to collect channel list; "
738 		    "regdomain likely %u country code %u\n",
739 		    rd, CTRY_DEFAULT));
740 		return (EINVAL);
741 	}
742 
743 	ARN_DBG((ARN_DBG_CHANNEL, "arn: arn_setup_channels(): "
744 	    "number of channel is %d\n", nchan));
745 
746 	for (i = 0; i < nchan; i++) {
747 		c = &ah->ah_channels[i];
748 		uint32_t flags;
749 		index = ath9k_hw_mhz2ieee(ah, c->channel, c->channelFlags);
750 
751 		if (index > IEEE80211_CHAN_MAX) {
752 			ARN_DBG((ARN_DBG_CHANNEL,
753 			    "arn: arn_setup_channels(): "
754 			    "bad hal channel %d (%u/%x) ignored\n",
755 			    index, c->channel, c->channelFlags));
756 			continue;
757 		}
758 		/* NB: flags are known to be compatible */
759 		if (index < 0) {
760 			/*
761 			 * can't handle frequency <2400MHz (negative
762 			 * channels) right now
763 			 */
764 			ARN_DBG((ARN_DBG_CHANNEL,
765 			    "arn: arn_setup_channels(): "
766 			    "hal channel %d (%u/%x) "
767 			    "cannot be handled, ignored\n",
768 			    index, c->channel, c->channelFlags));
769 			continue;
770 		}
771 
772 		/*
773 		 * Calculate net80211 flags; most are compatible
774 		 * but some need massaging.  Note the static turbo
775 		 * conversion can be removed once net80211 is updated
776 		 * to understand static vs. dynamic turbo.
777 		 */
778 
779 		flags = c->channelFlags & (CHANNEL_ALL | CHANNEL_PASSIVE);
780 
781 		if (ic->ic_sup_channels[index].ich_freq == 0) {
782 			ic->ic_sup_channels[index].ich_freq = c->channel;
783 			ic->ic_sup_channels[index].ich_flags = flags;
784 		} else {
785 			/* channels overlap; e.g. 11g and 11b */
786 			ic->ic_sup_channels[index].ich_flags |= flags;
787 		}
788 		if ((c->channelFlags & CHANNEL_G) == CHANNEL_G) {
789 			sc->sc_have11g = 1;
790 			ic->ic_caps |= IEEE80211_C_SHPREAMBLE |
791 			    IEEE80211_C_SHSLOT;	/* short slot time */
792 		}
793 	}
794 
795 	return (0);
796 }
797 
798 uint32_t
799 arn_chan2flags(ieee80211com_t *isc, struct ieee80211_channel *chan)
800 {
801 	uint32_t channel_mode;
802 	switch (ieee80211_chan2mode(isc, chan)) {
803 	case IEEE80211_MODE_11NA:
804 		if (chan->ich_flags & IEEE80211_CHAN_HT40U)
805 			channel_mode = CHANNEL_A_HT40PLUS;
806 		else if (chan->ich_flags & IEEE80211_CHAN_HT40D)
807 			channel_mode = CHANNEL_A_HT40MINUS;
808 		else
809 			channel_mode = CHANNEL_A_HT20;
810 		break;
811 	case IEEE80211_MODE_11NG:
812 		if (chan->ich_flags & IEEE80211_CHAN_HT40U)
813 			channel_mode = CHANNEL_G_HT40PLUS;
814 		else if (chan->ich_flags & IEEE80211_CHAN_HT40D)
815 			channel_mode = CHANNEL_G_HT40MINUS;
816 		else
817 			channel_mode = CHANNEL_G_HT20;
818 		break;
819 	case IEEE80211_MODE_TURBO_G:
820 	case IEEE80211_MODE_STURBO_A:
821 	case IEEE80211_MODE_TURBO_A:
822 		channel_mode = 0;
823 		break;
824 	case IEEE80211_MODE_11A:
825 		channel_mode = CHANNEL_A;
826 		break;
827 	case IEEE80211_MODE_11G:
828 		channel_mode = CHANNEL_B;
829 		break;
830 	case IEEE80211_MODE_11B:
831 		channel_mode = CHANNEL_G;
832 		break;
833 	case IEEE80211_MODE_FH:
834 		channel_mode = 0;
835 		break;
836 	default:
837 		break;
838 	}
839 
840 	return (channel_mode);
841 }
842 
843 /*
844  * Update internal state after a channel change.
845  */
846 void
847 arn_chan_change(struct arn_softc *sc, struct ieee80211_channel *chan)
848 {
849 	struct ieee80211com *ic = &sc->sc_isc;
850 	enum ieee80211_phymode mode;
851 	enum wireless_mode wlmode;
852 
853 	/*
854 	 * Change channels and update the h/w rate map
855 	 * if we're switching; e.g. 11a to 11b/g.
856 	 */
857 	mode = ieee80211_chan2mode(ic, chan);
858 	switch (mode) {
859 	case IEEE80211_MODE_11A:
860 		wlmode = ATH9K_MODE_11A;
861 		break;
862 	case IEEE80211_MODE_11B:
863 		wlmode = ATH9K_MODE_11B;
864 		break;
865 	case IEEE80211_MODE_11G:
866 		wlmode = ATH9K_MODE_11B;
867 		break;
868 	default:
869 		break;
870 	}
871 	if (wlmode != sc->sc_curmode)
872 		arn_setcurmode(sc, wlmode);
873 
874 }
875 
876 /*
877  * Set/change channels.  If the channel is really being changed, it's done
878  * by reseting the chip.  To accomplish this we must first cleanup any pending
879  * DMA, then restart stuff.
880  */
881 static int
882 arn_set_channel(struct arn_softc *sc, struct ath9k_channel *hchan)
883 {
884 	struct ath_hal *ah = sc->sc_ah;
885 	ieee80211com_t *ic = &sc->sc_isc;
886 	boolean_t fastcc = B_TRUE;
887 	boolean_t  stopped;
888 	struct ieee80211_channel chan;
889 	enum wireless_mode curmode;
890 
891 	if (sc->sc_flags & SC_OP_INVALID)
892 		return (EIO);
893 
894 	if (hchan->channel != sc->sc_ah->ah_curchan->channel ||
895 	    hchan->channelFlags != sc->sc_ah->ah_curchan->channelFlags ||
896 	    (sc->sc_flags & SC_OP_CHAINMASK_UPDATE) ||
897 	    (sc->sc_flags & SC_OP_FULL_RESET)) {
898 		int status;
899 
900 		/*
901 		 * This is only performed if the channel settings have
902 		 * actually changed.
903 		 *
904 		 * To switch channels clear any pending DMA operations;
905 		 * wait long enough for the RX fifo to drain, reset the
906 		 * hardware at the new frequency, and then re-enable
907 		 * the relevant bits of the h/w.
908 		 */
909 		(void) ath9k_hw_set_interrupts(ah, 0);	/* disable interrupts */
910 		arn_draintxq(sc, B_FALSE);	/* clear pending tx frames */
911 		stopped = arn_stoprecv(sc);	/* turn off frame recv */
912 
913 		/*
914 		 * XXX: do not flush receive queue here. We don't want
915 		 * to flush data frames already in queue because of
916 		 * changing channel.
917 		 */
918 
919 		if (!stopped || (sc->sc_flags & SC_OP_FULL_RESET))
920 			fastcc = B_FALSE;
921 
922 		ARN_DBG((ARN_DBG_CHANNEL, "arn: arn_set_channel(): "
923 		    "(%u MHz) -> (%u MHz), cflags:%x, chanwidth: %d\n",
924 		    sc->sc_ah->ah_curchan->channel,
925 		    hchan->channel, hchan->channelFlags, sc->tx_chan_width));
926 
927 		if (!ath9k_hw_reset(ah, hchan, sc->tx_chan_width,
928 		    sc->sc_tx_chainmask, sc->sc_rx_chainmask,
929 		    sc->sc_ht_extprotspacing, fastcc, &status)) {
930 			ARN_DBG((ARN_DBG_FATAL, "arn: arn_set_channel(): "
931 			    "unable to reset channel %u (%uMhz) "
932 			    "flags 0x%x hal status %u\n",
933 			    ath9k_hw_mhz2ieee(ah, hchan->channel,
934 			    hchan->channelFlags),
935 			    hchan->channel, hchan->channelFlags, status));
936 			return (EIO);
937 		}
938 
939 		sc->sc_curchan = *hchan;
940 
941 		sc->sc_flags &= ~SC_OP_CHAINMASK_UPDATE;
942 		sc->sc_flags &= ~SC_OP_FULL_RESET;
943 
944 		if (arn_startrecv(sc) != 0) {
945 			arn_problem("arn: arn_set_channel(): "
946 			    "unable to restart recv logic\n");
947 			return (EIO);
948 		}
949 
950 		chan.ich_freq = hchan->channel;
951 		chan.ich_flags = hchan->channelFlags;
952 		ic->ic_ibss_chan = &chan;
953 
954 		/*
955 		 * Change channels and update the h/w rate map
956 		 * if we're switching; e.g. 11a to 11b/g.
957 		 */
958 		curmode = arn_chan2mode(hchan);
959 		if (curmode != sc->sc_curmode)
960 			arn_setcurmode(sc, arn_chan2mode(hchan));
961 
962 		arn_update_txpow(sc);
963 
964 		(void) ath9k_hw_set_interrupts(ah, sc->sc_imask);
965 	}
966 
967 	return (0);
968 }
969 
970 /*
971  *  This routine performs the periodic noise floor calibration function
972  *  that is used to adjust and optimize the chip performance.  This
973  *  takes environmental changes (location, temperature) into account.
974  *  When the task is complete, it reschedules itself depending on the
975  *  appropriate interval that was calculated.
976  */
977 static void
978 arn_ani_calibrate(void *arg)
979 
980 {
981 	ieee80211com_t *ic = (ieee80211com_t *)arg;
982 	struct arn_softc *sc = (struct arn_softc *)ic;
983 	struct ath_hal *ah = sc->sc_ah;
984 	boolean_t longcal = B_FALSE;
985 	boolean_t shortcal = B_FALSE;
986 	boolean_t aniflag = B_FALSE;
987 	unsigned int timestamp = drv_hztousec(ddi_get_lbolt())/1000;
988 	uint32_t cal_interval;
989 
990 	/*
991 	 * don't calibrate when we're scanning.
992 	 * we are most likely not on our home channel.
993 	 */
994 	if (ic->ic_state != IEEE80211_S_RUN)
995 		goto settimer;
996 
997 	/* Long calibration runs independently of short calibration. */
998 	if ((timestamp - sc->sc_ani.sc_longcal_timer) >= ATH_LONG_CALINTERVAL) {
999 		longcal = B_TRUE;
1000 		ARN_DBG((ARN_DBG_CALIBRATE, "arn: "
1001 		    "%s: longcal @%lu\n", __func__, drv_hztousec));
1002 		sc->sc_ani.sc_longcal_timer = timestamp;
1003 	}
1004 
1005 	/* Short calibration applies only while sc_caldone is FALSE */
1006 	if (!sc->sc_ani.sc_caldone) {
1007 		if ((timestamp - sc->sc_ani.sc_shortcal_timer) >=
1008 		    ATH_SHORT_CALINTERVAL) {
1009 			shortcal = B_TRUE;
1010 			ARN_DBG((ARN_DBG_CALIBRATE, "arn: "
1011 			    "%s: shortcal @%lu\n",
1012 			    __func__, drv_hztousec));
1013 			sc->sc_ani.sc_shortcal_timer = timestamp;
1014 			sc->sc_ani.sc_resetcal_timer = timestamp;
1015 		}
1016 	} else {
1017 		if ((timestamp - sc->sc_ani.sc_resetcal_timer) >=
1018 		    ATH_RESTART_CALINTERVAL) {
1019 			ath9k_hw_reset_calvalid(ah, ah->ah_curchan,
1020 						&sc->sc_ani.sc_caldone);
1021 			if (sc->sc_ani.sc_caldone)
1022 				sc->sc_ani.sc_resetcal_timer = timestamp;
1023 		}
1024 	}
1025 
1026 	/* Verify whether we must check ANI */
1027 	if ((timestamp - sc->sc_ani.sc_checkani_timer) >=
1028 	    ATH_ANI_POLLINTERVAL) {
1029 		aniflag = B_TRUE;
1030 		sc->sc_ani.sc_checkani_timer = timestamp;
1031 	}
1032 
1033 	/* Skip all processing if there's nothing to do. */
1034 	if (longcal || shortcal || aniflag) {
1035 		/* Call ANI routine if necessary */
1036 		if (aniflag)
1037 			ath9k_hw_ani_monitor(ah, &sc->sc_halstats,
1038 			    ah->ah_curchan);
1039 
1040 		/* Perform calibration if necessary */
1041 		if (longcal || shortcal) {
1042 			boolean_t iscaldone = B_FALSE;
1043 
1044 			if (ath9k_hw_calibrate(ah, ah->ah_curchan,
1045 			    sc->sc_rx_chainmask, longcal, &iscaldone)) {
1046 				if (longcal)
1047 					sc->sc_ani.sc_noise_floor =
1048 					    ath9k_hw_getchan_noise(ah,
1049 					    ah->ah_curchan);
1050 
1051 				ARN_DBG((ARN_DBG_CALIBRATE, "arn: "
1052 				    "%s: calibrate chan %u/%x nf: %d\n",
1053 				    __func__,
1054 				    ah->ah_curchan->channel,
1055 				    ah->ah_curchan->channelFlags,
1056 				    sc->sc_ani.sc_noise_floor));
1057 			} else {
1058 				ARN_DBG((ARN_DBG_CALIBRATE, "arn: "
1059 				    "%s: calibrate chan %u/%x failed\n",
1060 				    __func__,
1061 				    ah->ah_curchan->channel,
1062 				    ah->ah_curchan->channelFlags));
1063 			}
1064 			sc->sc_ani.sc_caldone = iscaldone;
1065 		}
1066 	}
1067 
1068 settimer:
1069 	/*
1070 	 * Set timer interval based on previous results.
1071 	 * The interval must be the shortest necessary to satisfy ANI,
1072 	 * short calibration and long calibration.
1073 	 */
1074 	cal_interval = ATH_LONG_CALINTERVAL;
1075 	if (sc->sc_ah->ah_config.enable_ani)
1076 		cal_interval =
1077 		    min(cal_interval, (uint32_t)ATH_ANI_POLLINTERVAL);
1078 
1079 	if (!sc->sc_ani.sc_caldone)
1080 		cal_interval = min(cal_interval,
1081 		    (uint32_t)ATH_SHORT_CALINTERVAL);
1082 
1083 	sc->sc_scan_timer = 0;
1084 	sc->sc_scan_timer = timeout(arn_ani_calibrate, (void *)sc,
1085 	    drv_usectohz(cal_interval * 1000));
1086 }
1087 
1088 static void
1089 arn_stop_caltimer(struct arn_softc *sc)
1090 {
1091 	timeout_id_t tmp_id = 0;
1092 
1093 	while ((sc->sc_cal_timer != 0) && (tmp_id != sc->sc_cal_timer)) {
1094 		tmp_id = sc->sc_cal_timer;
1095 		(void) untimeout(tmp_id);
1096 	}
1097 	sc->sc_cal_timer = 0;
1098 }
1099 
1100 static uint_t
1101 arn_isr(caddr_t arg)
1102 {
1103 	/* LINTED E_BAD_PTR_CAST_ALIGN */
1104 	struct arn_softc *sc = (struct arn_softc *)arg;
1105 	struct ath_hal *ah = sc->sc_ah;
1106 	enum ath9k_int status;
1107 	ieee80211com_t *ic = (ieee80211com_t *)sc;
1108 
1109 	ARN_LOCK(sc);
1110 
1111 	if (sc->sc_flags & SC_OP_INVALID) {
1112 		/*
1113 		 * The hardware is not ready/present, don't
1114 		 * touch anything. Note this can happen early
1115 		 * on if the IRQ is shared.
1116 		 */
1117 		ARN_UNLOCK(sc);
1118 		return (DDI_INTR_UNCLAIMED);
1119 	}
1120 	if (!ath9k_hw_intrpend(ah)) {	/* shared irq, not for us */
1121 		ARN_UNLOCK(sc);
1122 		return (DDI_INTR_UNCLAIMED);
1123 	}
1124 
1125 	/*
1126 	 * Figure out the reason(s) for the interrupt. Note
1127 	 * that the hal returns a pseudo-ISR that may include
1128 	 * bits we haven't explicitly enabled so we mask the
1129 	 * value to insure we only process bits we requested.
1130 	 */
1131 	(void) ath9k_hw_getisr(ah, &status); /* NB: clears ISR too */
1132 
1133 	status &= sc->sc_imask; /* discard unasked-for bits */
1134 
1135 	/*
1136 	 * If there are no status bits set, then this interrupt was not
1137 	 * for me (should have been caught above).
1138 	 */
1139 	if (!status) {
1140 		ARN_UNLOCK(sc);
1141 		return (DDI_INTR_UNCLAIMED);
1142 	}
1143 
1144 	sc->sc_intrstatus = status;
1145 
1146 	if (status & ATH9K_INT_FATAL) {
1147 		/* need a chip reset */
1148 		ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1149 		    "ATH9K_INT_FATAL\n"));
1150 		goto reset;
1151 	} else if (status & ATH9K_INT_RXORN) {
1152 		/* need a chip reset */
1153 		ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1154 		    "ATH9K_INT_RXORN\n"));
1155 		goto reset;
1156 	} else {
1157 		if (status & ATH9K_INT_RXEOL) {
1158 			/*
1159 			 * NB: the hardware should re-read the link when
1160 			 * RXE bit is written, but it doesn't work
1161 			 * at least on older hardware revs.
1162 			 */
1163 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1164 			    "ATH9K_INT_RXEOL\n"));
1165 			sc->sc_rxlink = NULL;
1166 		}
1167 		if (status & ATH9K_INT_TXURN) {
1168 			/* bump tx trigger level */
1169 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1170 			    "ATH9K_INT_TXURN\n"));
1171 			(void) ath9k_hw_updatetxtriglevel(ah, B_TRUE);
1172 		}
1173 		/* XXX: optimize this */
1174 		if (status & ATH9K_INT_RX) {
1175 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1176 			    "ATH9K_INT_RX\n"));
1177 			sc->sc_rx_pend = 1;
1178 			ddi_trigger_softintr(sc->sc_softint_id);
1179 		}
1180 		if (status & ATH9K_INT_TX) {
1181 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1182 			    "ATH9K_INT_TX\n"));
1183 			if (ddi_taskq_dispatch(sc->sc_tq,
1184 			    arn_tx_int_proc, sc, DDI_NOSLEEP) !=
1185 			    DDI_SUCCESS) {
1186 				arn_problem("arn: arn_isr(): "
1187 				    "No memory for tx taskq\n");
1188 				}
1189 			}
1190 #ifdef ARN_ATH9K_INT_MIB
1191 		if (status & ATH9K_INT_MIB) {
1192 			/*
1193 			 * Disable interrupts until we service the MIB
1194 			 * interrupt; otherwise it will continue to
1195 			 * fire.
1196 			 */
1197 			(void) ath9k_hw_set_interrupts(ah, 0);
1198 			/*
1199 			 * Let the hal handle the event. We assume
1200 			 * it will clear whatever condition caused
1201 			 * the interrupt.
1202 			 */
1203 			ath9k_hw_procmibevent(ah, &sc->sc_halstats);
1204 			(void) ath9k_hw_set_interrupts(ah, sc->sc_imask);
1205 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1206 			    "ATH9K_INT_MIB\n"));
1207 		}
1208 #endif
1209 
1210 #ifdef ARN_ATH9K_INT_TIM_TIMER
1211 		if (status & ATH9K_INT_TIM_TIMER) {
1212 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1213 			    "ATH9K_INT_TIM_TIMER\n"));
1214 			if (!(ah->ah_caps.hw_caps &
1215 			    ATH9K_HW_CAP_AUTOSLEEP)) {
1216 				/*
1217 				 * Clear RxAbort bit so that we can
1218 				 * receive frames
1219 				 */
1220 				ath9k_hw_setrxabort(ah, 0);
1221 				goto reset;
1222 			}
1223 		}
1224 #endif
1225 
1226 		if (status & ATH9K_INT_BMISS) {
1227 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1228 			    "ATH9K_INT_BMISS\n"));
1229 #ifdef ARN_HW_BEACON_MISS_HANDLE
1230 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1231 			    "handle beacon mmiss by H/W mechanism\n"));
1232 			if (ddi_taskq_dispatch(sc->sc_tq, arn_bmiss_proc,
1233 			    sc, DDI_NOSLEEP) != DDI_SUCCESS) {
1234 				arn_problem("arn: arn_isr(): "
1235 				    "No memory available for bmiss taskq\n");
1236 			}
1237 #else
1238 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1239 			    "handle beacon mmiss by S/W mechanism\n"));
1240 #endif /* ARN_HW_BEACON_MISS_HANDLE */
1241 		}
1242 
1243 		ARN_UNLOCK(sc);
1244 
1245 #ifdef ARN_ATH9K_INT_CST
1246 		/* carrier sense timeout */
1247 		if (status & ATH9K_INT_CST) {
1248 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1249 			    "ATH9K_INT_CST\n"));
1250 			return (DDI_INTR_CLAIMED);
1251 		}
1252 #endif
1253 
1254 		if (status & ATH9K_INT_SWBA) {
1255 			ARN_DBG((ARN_DBG_INTERRUPT, "arn: arn_isr(): "
1256 			    "ATH9K_INT_SWBA\n"));
1257 			/* This will occur only in Host-AP or Ad-Hoc mode */
1258 			return (DDI_INTR_CLAIMED);
1259 		}
1260 	}
1261 
1262 	return (DDI_INTR_CLAIMED);
1263 reset:
1264 	ARN_DBG((ARN_DBG_INTERRUPT, "Rset for fatal err\n"));
1265 	(void) arn_reset(ic);
1266 	ARN_UNLOCK(sc);
1267 	return (DDI_INTR_CLAIMED);
1268 }
1269 
1270 static int
1271 arn_get_channel(struct arn_softc *sc, struct ieee80211_channel *chan)
1272 {
1273 	int i;
1274 
1275 	for (i = 0; i < sc->sc_ah->ah_nchan; i++) {
1276 		if (sc->sc_ah->ah_channels[i].channel == chan->ich_freq)
1277 			return (i);
1278 	}
1279 
1280 	return (-1);
1281 }
1282 
1283 int
1284 arn_reset(ieee80211com_t *ic)
1285 {
1286 	struct arn_softc *sc = (struct arn_softc *)ic;
1287 	struct ath_hal *ah = sc->sc_ah;
1288 	int status;
1289 	int error = 0;
1290 
1291 	(void) ath9k_hw_set_interrupts(ah, 0);
1292 	arn_draintxq(sc, 0);
1293 	(void) arn_stoprecv(sc);
1294 
1295 	if (!ath9k_hw_reset(ah, sc->sc_ah->ah_curchan, sc->tx_chan_width,
1296 	    sc->sc_tx_chainmask, sc->sc_rx_chainmask,
1297 	    sc->sc_ht_extprotspacing, B_FALSE, &status)) {
1298 		ARN_DBG((ARN_DBG_RESET, "arn: arn_reset(): "
1299 		    "unable to reset hardware; hal status %u\n", status));
1300 		error = EIO;
1301 	}
1302 
1303 	if (arn_startrecv(sc) != 0)
1304 		ARN_DBG((ARN_DBG_RESET, "arn: arn_reset(): "
1305 		    "unable to start recv logic\n"));
1306 
1307 	/*
1308 	 * We may be doing a reset in response to a request
1309 	 * that changes the channel so update any state that
1310 	 * might change as a result.
1311 	 */
1312 	arn_setcurmode(sc, arn_chan2mode(sc->sc_ah->ah_curchan));
1313 
1314 	arn_update_txpow(sc);
1315 
1316 	if (sc->sc_flags & SC_OP_BEACONS)
1317 		arn_beacon_config(sc);	/* restart beacons */
1318 
1319 	(void) ath9k_hw_set_interrupts(ah, sc->sc_imask);
1320 
1321 	return (error);
1322 }
1323 
1324 int
1325 arn_get_hal_qnum(uint16_t queue, struct arn_softc *sc)
1326 {
1327 	int qnum;
1328 
1329 	switch (queue) {
1330 	case WME_AC_VO:
1331 		qnum = sc->sc_haltype2q[ATH9K_WME_AC_VO];
1332 		break;
1333 	case WME_AC_VI:
1334 		qnum = sc->sc_haltype2q[ATH9K_WME_AC_VI];
1335 		break;
1336 	case WME_AC_BE:
1337 		qnum = sc->sc_haltype2q[ATH9K_WME_AC_BE];
1338 		break;
1339 	case WME_AC_BK:
1340 		qnum = sc->sc_haltype2q[ATH9K_WME_AC_BK];
1341 		break;
1342 	default:
1343 		qnum = sc->sc_haltype2q[ATH9K_WME_AC_BE];
1344 		break;
1345 	}
1346 
1347 	return (qnum);
1348 }
1349 
1350 static struct {
1351 	uint32_t version;
1352 	const char *name;
1353 } ath_mac_bb_names[] = {
1354 	{ AR_SREV_VERSION_5416_PCI,	"5416" },
1355 	{ AR_SREV_VERSION_5416_PCIE,	"5418" },
1356 	{ AR_SREV_VERSION_9100,		"9100" },
1357 	{ AR_SREV_VERSION_9160,		"9160" },
1358 	{ AR_SREV_VERSION_9280,		"9280" },
1359 	{ AR_SREV_VERSION_9285,		"9285" }
1360 };
1361 
1362 static struct {
1363 	uint16_t version;
1364 	const char *name;
1365 } ath_rf_names[] = {
1366 	{ 0,				"5133" },
1367 	{ AR_RAD5133_SREV_MAJOR,	"5133" },
1368 	{ AR_RAD5122_SREV_MAJOR,	"5122" },
1369 	{ AR_RAD2133_SREV_MAJOR,	"2133" },
1370 	{ AR_RAD2122_SREV_MAJOR,	"2122" }
1371 };
1372 
1373 /*
1374  * Return the MAC/BB name. "????" is returned if the MAC/BB is unknown.
1375  */
1376 
1377 static const char *
1378 arn_mac_bb_name(uint32_t mac_bb_version)
1379 {
1380 	int i;
1381 
1382 	for (i = 0; i < ARRAY_SIZE(ath_mac_bb_names); i++) {
1383 		if (ath_mac_bb_names[i].version == mac_bb_version) {
1384 			return (ath_mac_bb_names[i].name);
1385 		}
1386 	}
1387 
1388 	return ("????");
1389 }
1390 
1391 /*
1392  * Return the RF name. "????" is returned if the RF is unknown.
1393  */
1394 
1395 static const char *
1396 arn_rf_name(uint16_t rf_version)
1397 {
1398 	int i;
1399 
1400 	for (i = 0; i < ARRAY_SIZE(ath_rf_names); i++) {
1401 		if (ath_rf_names[i].version == rf_version) {
1402 			return (ath_rf_names[i].name);
1403 		}
1404 	}
1405 
1406 	return ("????");
1407 }
1408 
1409 static void
1410 arn_next_scan(void *arg)
1411 {
1412 	ieee80211com_t *ic = arg;
1413 	struct arn_softc *sc = (struct arn_softc *)ic;
1414 
1415 	sc->sc_scan_timer = 0;
1416 	if (ic->ic_state == IEEE80211_S_SCAN) {
1417 		sc->sc_scan_timer = timeout(arn_next_scan, (void *)sc,
1418 		    drv_usectohz(arn_dwelltime * 1000));
1419 		ieee80211_next_scan(ic);
1420 	}
1421 }
1422 
1423 static void
1424 arn_stop_scantimer(struct arn_softc *sc)
1425 {
1426 	timeout_id_t tmp_id = 0;
1427 
1428 	while ((sc->sc_scan_timer != 0) && (tmp_id != sc->sc_scan_timer)) {
1429 		tmp_id = sc->sc_scan_timer;
1430 		(void) untimeout(tmp_id);
1431 	}
1432 	sc->sc_scan_timer = 0;
1433 }
1434 
1435 static int32_t
1436 arn_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg)
1437 {
1438 	struct arn_softc *sc = (struct arn_softc *)ic;
1439 	struct ath_hal *ah = sc->sc_ah;
1440 	struct ieee80211_node *in;
1441 	int32_t i, error;
1442 	uint8_t *bssid;
1443 	uint32_t rfilt;
1444 	enum ieee80211_state ostate;
1445 	struct ath9k_channel *channel;
1446 	int pos;
1447 
1448 	/* Should set up & init LED here */
1449 
1450 	if (sc->sc_flags & SC_OP_INVALID)
1451 		return (0);
1452 
1453 	ostate = ic->ic_state;
1454 	ARN_DBG((ARN_DBG_INIT, "arn: arn_newstate(): "
1455 	    "%x -> %x!\n", ostate, nstate));
1456 
1457 	ARN_LOCK(sc);
1458 
1459 	if (nstate != IEEE80211_S_SCAN)
1460 		arn_stop_scantimer(sc);
1461 	if (nstate != IEEE80211_S_RUN)
1462 		arn_stop_caltimer(sc);
1463 
1464 	/* Should set LED here */
1465 
1466 	if (nstate == IEEE80211_S_INIT) {
1467 		sc->sc_imask &= ~(ATH9K_INT_SWBA | ATH9K_INT_BMISS);
1468 		/*
1469 		 * Disable interrupts.
1470 		 */
1471 		(void) ath9k_hw_set_interrupts
1472 		    (ah, sc->sc_imask &~ ATH9K_INT_GLOBAL);
1473 
1474 #ifdef ARN_IBSS
1475 		if (ic->ic_opmode == IEEE80211_M_IBSS) {
1476 			(void) ath9k_hw_stoptxdma(ah, sc->sc_beaconq);
1477 			arn_beacon_return(sc);
1478 		}
1479 #endif
1480 		ARN_UNLOCK(sc);
1481 		ieee80211_stop_watchdog(ic);
1482 		goto done;
1483 	}
1484 	in = ic->ic_bss;
1485 
1486 	pos = arn_get_channel(sc, ic->ic_curchan);
1487 
1488 	if (pos == -1) {
1489 		ARN_DBG((ARN_DBG_FATAL, "arn: "
1490 		    "%s: Invalid channel\n", __func__));
1491 		error = EINVAL;
1492 		ARN_UNLOCK(sc);
1493 		goto bad;
1494 	}
1495 
1496 	if (in->in_htcap & IEEE80211_HTCAP_CHWIDTH40) {
1497 		arn_update_chainmask(sc);
1498 		sc->tx_chan_width = ATH9K_HT_MACMODE_2040;
1499 	} else
1500 		sc->tx_chan_width = ATH9K_HT_MACMODE_20;
1501 
1502 	sc->sc_ah->ah_channels[pos].chanmode =
1503 	    arn_chan2flags(ic, ic->ic_curchan);
1504 	channel = &sc->sc_ah->ah_channels[pos];
1505 	if (channel == NULL) {
1506 		arn_problem("arn_newstate(): channel == NULL");
1507 		ARN_UNLOCK(sc);
1508 		goto bad;
1509 	}
1510 	error = arn_set_channel(sc, channel);
1511 	if (error != 0) {
1512 		if (nstate != IEEE80211_S_SCAN) {
1513 			ARN_UNLOCK(sc);
1514 			ieee80211_reset_chan(ic);
1515 			goto bad;
1516 		}
1517 	}
1518 
1519 	/*
1520 	 * Get the receive filter according to the
1521 	 * operating mode and state
1522 	 */
1523 	rfilt = arn_calcrxfilter(sc);
1524 
1525 	if (nstate == IEEE80211_S_SCAN)
1526 		bssid = ic->ic_macaddr;
1527 	else
1528 		bssid = in->in_bssid;
1529 
1530 	ath9k_hw_setrxfilter(ah, rfilt);
1531 
1532 	if (nstate == IEEE80211_S_RUN && ic->ic_opmode != IEEE80211_M_IBSS)
1533 		ath9k_hw_write_associd(ah, bssid, in->in_associd);
1534 	else
1535 		ath9k_hw_write_associd(ah, bssid, 0);
1536 
1537 	/* Check for WLAN_CAPABILITY_PRIVACY ? */
1538 	if (ic->ic_flags & IEEE80211_F_PRIVACY) {
1539 		for (i = 0; i < IEEE80211_WEP_NKID; i++) {
1540 			if (ath9k_hw_keyisvalid(ah, (uint16_t)i))
1541 				(void) ath9k_hw_keysetmac(ah, (uint16_t)i,
1542 				    bssid);
1543 		}
1544 	}
1545 
1546 	if (nstate == IEEE80211_S_RUN) {
1547 		switch (ic->ic_opmode) {
1548 #ifdef ARN_IBSS
1549 		case IEEE80211_M_IBSS:
1550 			/*
1551 			 * Allocate and setup the beacon frame.
1552 			 * Stop any previous beacon DMA.
1553 			 */
1554 			(void) ath9k_hw_stoptxdma(ah, sc->sc_beaconq);
1555 			arn_beacon_return(sc);
1556 			error = arn_beacon_alloc(sc, in);
1557 			if (error != 0) {
1558 				ARN_UNLOCK(sc);
1559 				goto bad;
1560 			}
1561 			/*
1562 			 * If joining an adhoc network defer beacon timer
1563 			 * configuration to the next beacon frame so we
1564 			 * have a current TSF to use.  Otherwise we're
1565 			 * starting an ibss/bss so there's no need to delay.
1566 			 */
1567 			if (ic->ic_opmode == IEEE80211_M_IBSS &&
1568 			    ic->ic_bss->in_tstamp.tsf != 0) {
1569 				sc->sc_bsync = 1;
1570 			} else {
1571 				arn_beacon_config(sc);
1572 			}
1573 			break;
1574 #endif /* ARN_IBSS */
1575 		case IEEE80211_M_STA:
1576 			if (ostate != IEEE80211_S_RUN) {
1577 				/*
1578 				 * Defer beacon timer configuration to the next
1579 				 * beacon frame so we have a current TSF to use.
1580 				 * Any TSF collected when scanning is likely old
1581 				 */
1582 #ifdef ARN_IBSS
1583 				sc->sc_bsync = 1;
1584 #else
1585 				/* Configure the beacon and sleep timers. */
1586 				arn_beacon_config(sc);
1587 				/* Reset rssi stats */
1588 				sc->sc_halstats.ns_avgbrssi =
1589 				    ATH_RSSI_DUMMY_MARKER;
1590 				sc->sc_halstats.ns_avgrssi =
1591 				    ATH_RSSI_DUMMY_MARKER;
1592 				sc->sc_halstats.ns_avgtxrssi =
1593 				    ATH_RSSI_DUMMY_MARKER;
1594 				sc->sc_halstats.ns_avgtxrate =
1595 				    ATH_RATE_DUMMY_MARKER;
1596 /* end */
1597 
1598 #endif /* ARN_IBSS */
1599 			}
1600 			break;
1601 		default:
1602 			break;
1603 		}
1604 	} else {
1605 		sc->sc_imask &= ~(ATH9K_INT_SWBA | ATH9K_INT_BMISS);
1606 		(void) ath9k_hw_set_interrupts(ah, sc->sc_imask);
1607 	}
1608 
1609 	/*
1610 	 * Reset the rate control state.
1611 	 */
1612 	arn_rate_ctl_reset(sc, nstate);
1613 
1614 	ARN_UNLOCK(sc);
1615 done:
1616 	/*
1617 	 * Invoke the parent method to complete the work.
1618 	 */
1619 	error = sc->sc_newstate(ic, nstate, arg);
1620 
1621 	/*
1622 	 * Finally, start any timers.
1623 	 */
1624 	if (nstate == IEEE80211_S_RUN) {
1625 		ieee80211_start_watchdog(ic, 1);
1626 		ASSERT(sc->sc_cal_timer == 0);
1627 		sc->sc_cal_timer = timeout(arn_ani_calibrate, (void *)sc,
1628 		    drv_usectohz(100 * 1000));
1629 	} else if ((nstate == IEEE80211_S_SCAN) && (ostate != nstate)) {
1630 		/* start ap/neighbor scan timer */
1631 		/* ASSERT(sc->sc_scan_timer == 0); */
1632 		if (sc->sc_scan_timer != 0) {
1633 			(void) untimeout(sc->sc_scan_timer);
1634 			sc->sc_scan_timer = 0;
1635 		}
1636 		sc->sc_scan_timer = timeout(arn_next_scan, (void *)sc,
1637 		    drv_usectohz(arn_dwelltime * 1000));
1638 	}
1639 
1640 bad:
1641 	return (error);
1642 }
1643 
1644 static void
1645 arn_watchdog(void *arg)
1646 {
1647 	struct arn_softc *sc = arg;
1648 	ieee80211com_t *ic = &sc->sc_isc;
1649 	int ntimer = 0;
1650 
1651 	ARN_LOCK(sc);
1652 	ic->ic_watchdog_timer = 0;
1653 	if (sc->sc_flags & SC_OP_INVALID) {
1654 		ARN_UNLOCK(sc);
1655 		return;
1656 	}
1657 
1658 	if (ic->ic_state == IEEE80211_S_RUN) {
1659 		/*
1660 		 * Start the background rate control thread if we
1661 		 * are not configured to use a fixed xmit rate.
1662 		 */
1663 #ifdef ARN_LEGACY_RC
1664 		if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) {
1665 			sc->sc_stats.ast_rate_calls ++;
1666 			if (ic->ic_opmode == IEEE80211_M_STA)
1667 				arn_rate_ctl(ic, ic->ic_bss);
1668 			else
1669 				ieee80211_iterate_nodes(&ic->ic_sta,
1670 				    arn_rate_ctl, sc);
1671 		}
1672 #endif /* ARN_LEGACY_RC */
1673 
1674 #ifdef ARN_HW_BEACON_MISS_HANDLE
1675 	/* nothing to do here */
1676 #else
1677 	/* currently set 10 seconds as beacon miss threshold */
1678 	if (ic->ic_beaconmiss++ > 100) {
1679 		ARN_DBG((ARN_DBG_BEACON, "arn_watchdog():"
1680 		    "Beacon missed for 10 seconds, run"
1681 		    "ieee80211_new_state(ic, IEEE80211_S_INIT, -1)\n"));
1682 		ARN_UNLOCK(sc);
1683 		(void) ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1684 		return;
1685 	}
1686 #endif /* ARN_HW_BEACON_MISS_HANDLE */
1687 
1688 		ntimer = 1;
1689 	}
1690 	ARN_UNLOCK(sc);
1691 
1692 	ieee80211_watchdog(ic);
1693 	if (ntimer != 0)
1694 		ieee80211_start_watchdog(ic, ntimer);
1695 }
1696 
1697 /* ARGSUSED */
1698 static struct ieee80211_node *
1699 arn_node_alloc(ieee80211com_t *ic)
1700 {
1701 	struct ath_node *an;
1702 #ifdef ARN_TX_AGGREGATION
1703 	struct arn_softc *sc = (struct arn_softc *)ic;
1704 #endif
1705 
1706 	an = kmem_zalloc(sizeof (struct ath_node), KM_SLEEP);
1707 
1708 	/* legacy rate control */
1709 #ifdef ARN_LEGACY_RC
1710 	arn_rate_update(sc, &an->an_node, 0);
1711 #endif
1712 
1713 #ifdef ARN_TX_AGGREGATION
1714 	if (sc->sc_flags & SC_OP_TXAGGR) {
1715 		arn_tx_node_init(sc, an);
1716 	}
1717 #endif /* ARN_TX_AGGREGATION */
1718 
1719 	an->last_rssi = ATH_RSSI_DUMMY_MARKER;
1720 
1721 	return ((an != NULL) ? &an->an_node : NULL);
1722 }
1723 
1724 static void
1725 arn_node_free(struct ieee80211_node *in)
1726 {
1727 	ieee80211com_t *ic = in->in_ic;
1728 	struct arn_softc *sc = (struct arn_softc *)ic;
1729 	struct ath_buf *bf;
1730 	struct ath_txq *txq;
1731 	int32_t i;
1732 
1733 #ifdef ARN_TX_AGGREGATION
1734 	if (sc->sc_flags & SC_OP_TXAGGR)
1735 		arn_tx_node_cleanup(sc, in);
1736 #endif /* TX_AGGREGATION */
1737 
1738 	for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
1739 		if (ARN_TXQ_SETUP(sc, i)) {
1740 			txq = &sc->sc_txq[i];
1741 			mutex_enter(&txq->axq_lock);
1742 			bf = list_head(&txq->axq_list);
1743 			while (bf != NULL) {
1744 				if (bf->bf_in == in) {
1745 					bf->bf_in = NULL;
1746 				}
1747 				bf = list_next(&txq->axq_list, bf);
1748 			}
1749 			mutex_exit(&txq->axq_lock);
1750 		}
1751 	}
1752 
1753 	ic->ic_node_cleanup(in);
1754 
1755 	if (in->in_wpa_ie != NULL)
1756 		ieee80211_free(in->in_wpa_ie);
1757 
1758 	if (in->in_wme_ie != NULL)
1759 		ieee80211_free(in->in_wme_ie);
1760 
1761 	if (in->in_htcap_ie != NULL)
1762 		ieee80211_free(in->in_htcap_ie);
1763 
1764 	kmem_free(in, sizeof (struct ath_node));
1765 }
1766 
1767 /*
1768  * Allocate tx/rx key slots for TKIP.  We allocate one slot for
1769  * each key. MIC is right after the decrypt/encrypt key.
1770  */
1771 static uint16_t
1772 arn_key_alloc_pair(struct arn_softc *sc, ieee80211_keyix *txkeyix,
1773     ieee80211_keyix *rxkeyix)
1774 {
1775 	uint16_t i, keyix;
1776 
1777 	ASSERT(!sc->sc_splitmic);
1778 	for (i = 0; i < ARRAY_SIZE(sc->sc_keymap)/4; i++) {
1779 		uint8_t b = sc->sc_keymap[i];
1780 		if (b == 0xff)
1781 			continue;
1782 		for (keyix = i * NBBY; keyix < (i + 1) * NBBY;
1783 		    keyix++, b >>= 1) {
1784 			if ((b & 1) || is_set(keyix+64, sc->sc_keymap)) {
1785 				/* full pair unavailable */
1786 				continue;
1787 			}
1788 			set_bit(keyix, sc->sc_keymap);
1789 			set_bit(keyix+64, sc->sc_keymap);
1790 			ARN_DBG((ARN_DBG_KEYCACHE,
1791 			    "arn_key_alloc_pair(): key pair %u,%u\n",
1792 			    keyix, keyix+64));
1793 			*txkeyix = *rxkeyix = keyix;
1794 			return (1);
1795 		}
1796 	}
1797 	ARN_DBG((ARN_DBG_KEYCACHE, "arn_key_alloc_pair():"
1798 	    " out of pair space\n"));
1799 
1800 	return (0);
1801 }
1802 
1803 /*
1804  * Allocate tx/rx key slots for TKIP.  We allocate two slots for
1805  * each key, one for decrypt/encrypt and the other for the MIC.
1806  */
1807 static int
1808 arn_key_alloc_2pair(struct arn_softc *sc, ieee80211_keyix *txkeyix,
1809     ieee80211_keyix *rxkeyix)
1810 {
1811 	uint16_t i, keyix;
1812 
1813 	ASSERT(sc->sc_splitmic);
1814 	for (i = 0; i < ARRAY_SIZE(sc->sc_keymap)/4; i++) {
1815 		uint8_t b = sc->sc_keymap[i];
1816 		if (b != 0xff) {
1817 			/*
1818 			 * One or more slots in this byte are free.
1819 			 */
1820 			keyix = i*NBBY;
1821 			while (b & 1) {
1822 		again:
1823 				keyix++;
1824 				b >>= 1;
1825 			}
1826 			/* XXX IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV */
1827 			if (is_set(keyix+32, sc->sc_keymap) ||
1828 			    is_set(keyix+64, sc->sc_keymap) ||
1829 			    is_set(keyix+32+64, sc->sc_keymap)) {
1830 				/* full pair unavailable */
1831 				if (keyix == (i+1)*NBBY) {
1832 					/* no slots were appropriate, advance */
1833 					continue;
1834 				}
1835 				goto again;
1836 			}
1837 			set_bit(keyix, sc->sc_keymap);
1838 			set_bit(keyix+64, sc->sc_keymap);
1839 			set_bit(keyix+32, sc->sc_keymap);
1840 			set_bit(keyix+32+64, sc->sc_keymap);
1841 			ARN_DBG((ARN_DBG_KEYCACHE,
1842 			    "arn_key_alloc_2pair(): key pair %u,%u %u,%u\n",
1843 			    keyix, keyix+64,
1844 			    keyix+32, keyix+32+64));
1845 			*txkeyix = *rxkeyix = keyix;
1846 			return (1);
1847 		}
1848 	}
1849 	ARN_DBG((ARN_DBG_KEYCACHE, "arn_key_alloc_2pair(): "
1850 	    " out of pair space\n"));
1851 
1852 	return (0);
1853 }
1854 /*
1855  * Allocate a single key cache slot.
1856  */
1857 static int
1858 arn_key_alloc_single(struct arn_softc *sc, ieee80211_keyix *txkeyix,
1859     ieee80211_keyix *rxkeyix)
1860 {
1861 	uint16_t i, keyix;
1862 
1863 	/* try i,i+32,i+64,i+32+64 to minimize key pair conflicts */
1864 	for (i = 0; i < ARRAY_SIZE(sc->sc_keymap); i++) {
1865 		uint8_t b = sc->sc_keymap[i];
1866 
1867 		if (b != 0xff) {
1868 			/*
1869 			 * One or more slots are free.
1870 			 */
1871 			keyix = i*NBBY;
1872 			while (b & 1)
1873 				keyix++, b >>= 1;
1874 			set_bit(keyix, sc->sc_keymap);
1875 			ARN_DBG((ARN_DBG_KEYCACHE, "arn_key_alloc_single(): "
1876 			    "key %u\n", keyix));
1877 			*txkeyix = *rxkeyix = keyix;
1878 			return (1);
1879 		}
1880 	}
1881 	return (0);
1882 }
1883 
1884 /*
1885  * Allocate one or more key cache slots for a unicast key.  The
1886  * key itself is needed only to identify the cipher.  For hardware
1887  * TKIP with split cipher+MIC keys we allocate two key cache slot
1888  * pairs so that we can setup separate TX and RX MIC keys.  Note
1889  * that the MIC key for a TKIP key at slot i is assumed by the
1890  * hardware to be at slot i+64.  This limits TKIP keys to the first
1891  * 64 entries.
1892  */
1893 /* ARGSUSED */
1894 int
1895 arn_key_alloc(ieee80211com_t *ic, const struct ieee80211_key *k,
1896     ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
1897 {
1898 	struct arn_softc *sc = (struct arn_softc *)ic;
1899 
1900 	/*
1901 	 * We allocate two pair for TKIP when using the h/w to do
1902 	 * the MIC.  For everything else, including software crypto,
1903 	 * we allocate a single entry.  Note that s/w crypto requires
1904 	 * a pass-through slot on the 5211 and 5212.  The 5210 does
1905 	 * not support pass-through cache entries and we map all
1906 	 * those requests to slot 0.
1907 	 */
1908 	if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
1909 		return (arn_key_alloc_single(sc, keyix, rxkeyix));
1910 	} else if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP &&
1911 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
1912 		if (sc->sc_splitmic)
1913 			return (arn_key_alloc_2pair(sc, keyix, rxkeyix));
1914 		else
1915 			return (arn_key_alloc_pair(sc, keyix, rxkeyix));
1916 	} else {
1917 		return (arn_key_alloc_single(sc, keyix, rxkeyix));
1918 	}
1919 }
1920 
1921 /*
1922  * Delete an entry in the key cache allocated by ath_key_alloc.
1923  */
1924 int
1925 arn_key_delete(ieee80211com_t *ic, const struct ieee80211_key *k)
1926 {
1927 	struct arn_softc *sc = (struct arn_softc *)ic;
1928 	struct ath_hal *ah = sc->sc_ah;
1929 	const struct ieee80211_cipher *cip = k->wk_cipher;
1930 	ieee80211_keyix keyix = k->wk_keyix;
1931 
1932 	ARN_DBG((ARN_DBG_KEYCACHE, "arn_key_delete():"
1933 	    " delete key %u ic_cipher=0x%x\n", keyix, cip->ic_cipher));
1934 
1935 	(void) ath9k_hw_keyreset(ah, keyix);
1936 	/*
1937 	 * Handle split tx/rx keying required for TKIP with h/w MIC.
1938 	 */
1939 	if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
1940 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && sc->sc_splitmic)
1941 		(void) ath9k_hw_keyreset(ah, keyix+32);		/* RX key */
1942 
1943 	if (keyix >= IEEE80211_WEP_NKID) {
1944 		/*
1945 		 * Don't touch keymap entries for global keys so
1946 		 * they are never considered for dynamic allocation.
1947 		 */
1948 		clr_bit(keyix, sc->sc_keymap);
1949 		if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
1950 		    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
1951 			/*
1952 			 * If splitmic is true +64 is TX key MIC,
1953 			 * else +64 is RX key + RX key MIC.
1954 			 */
1955 			clr_bit(keyix+64, sc->sc_keymap);
1956 			if (sc->sc_splitmic) {
1957 				/* Rx key */
1958 				clr_bit(keyix+32, sc->sc_keymap);
1959 				/* RX key MIC */
1960 				clr_bit(keyix+32+64, sc->sc_keymap);
1961 			}
1962 		}
1963 	}
1964 	return (1);
1965 }
1966 
1967 /*
1968  * Set a TKIP key into the hardware.  This handles the
1969  * potential distribution of key state to multiple key
1970  * cache slots for TKIP.
1971  */
1972 static int
1973 arn_keyset_tkip(struct arn_softc *sc, const struct ieee80211_key *k,
1974     struct ath9k_keyval *hk, const uint8_t mac[IEEE80211_ADDR_LEN])
1975 {
1976 	uint8_t *key_rxmic = NULL;
1977 	uint8_t *key_txmic = NULL;
1978 	uint8_t  *key = (uint8_t *)&(k->wk_key[0]);
1979 	struct ath_hal *ah = sc->sc_ah;
1980 
1981 	key_txmic = key + 16;
1982 	key_rxmic = key + 24;
1983 
1984 	if (mac == NULL) {
1985 		/* Group key installation */
1986 		(void) memcpy(hk->kv_mic,  key_rxmic, sizeof (hk->kv_mic));
1987 		return (ath9k_hw_set_keycache_entry(ah, k->wk_keyix, hk,
1988 		    mac, B_FALSE));
1989 	}
1990 	if (!sc->sc_splitmic) {
1991 		/*
1992 		 * data key goes at first index,
1993 		 * the hal handles the MIC keys at index+64.
1994 		 */
1995 		(void) memcpy(hk->kv_mic, key_rxmic, sizeof (hk->kv_mic));
1996 		(void) memcpy(hk->kv_txmic, key_txmic, sizeof (hk->kv_txmic));
1997 		return (ath9k_hw_set_keycache_entry(ah, k->wk_keyix, hk,
1998 		    mac, B_FALSE));
1999 	}
2000 	/*
2001 	 * TX key goes at first index, RX key at +32.
2002 	 * The hal handles the MIC keys at index+64.
2003 	 */
2004 	(void) memcpy(hk->kv_mic, key_txmic, sizeof (hk->kv_mic));
2005 	if (!(ath9k_hw_set_keycache_entry(ah, k->wk_keyix, hk, NULL,
2006 	    B_FALSE))) {
2007 		/* Txmic entry failed. No need to proceed further */
2008 		ARN_DBG((ARN_DBG_KEYCACHE,
2009 		    "%s Setting TX MIC Key Failed\n", __func__));
2010 		return (0);
2011 	}
2012 
2013 	(void) memcpy(hk->kv_mic, key_rxmic, sizeof (hk->kv_mic));
2014 
2015 	/* XXX delete tx key on failure? */
2016 	return (ath9k_hw_set_keycache_entry(ah, k->wk_keyix, hk, mac, B_FALSE));
2017 
2018 }
2019 
2020 int
2021 arn_key_set(ieee80211com_t *ic, const struct ieee80211_key *k,
2022     const uint8_t mac[IEEE80211_ADDR_LEN])
2023 {
2024 	struct arn_softc *sc = (struct arn_softc *)ic;
2025 	const struct ieee80211_cipher *cip = k->wk_cipher;
2026 	struct ath9k_keyval hk;
2027 
2028 	/* cipher table */
2029 	static const uint8_t ciphermap[] = {
2030 		ATH9K_CIPHER_WEP,		/* IEEE80211_CIPHER_WEP */
2031 		ATH9K_CIPHER_TKIP,		/* IEEE80211_CIPHER_TKIP */
2032 		ATH9K_CIPHER_AES_OCB,	/* IEEE80211_CIPHER_AES_OCB */
2033 		ATH9K_CIPHER_AES_CCM,	/* IEEE80211_CIPHER_AES_CCM */
2034 		ATH9K_CIPHER_CKIP,		/* IEEE80211_CIPHER_CKIP */
2035 		ATH9K_CIPHER_CLR,		/* IEEE80211_CIPHER_NONE */
2036 	};
2037 
2038 	bzero(&hk, sizeof (hk));
2039 
2040 	/*
2041 	 * Software crypto uses a "clear key" so non-crypto
2042 	 * state kept in the key cache are maintainedd so that
2043 	 * rx frames have an entry to match.
2044 	 */
2045 	if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) {
2046 		ASSERT(cip->ic_cipher < 6);
2047 		hk.kv_type = ciphermap[cip->ic_cipher];
2048 		hk.kv_len = k->wk_keylen;
2049 		bcopy(k->wk_key, hk.kv_val, k->wk_keylen);
2050 	} else {
2051 		hk.kv_type = ATH9K_CIPHER_CLR;
2052 	}
2053 
2054 	if (hk.kv_type == ATH9K_CIPHER_TKIP &&
2055 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
2056 		return (arn_keyset_tkip(sc, k, &hk, mac));
2057 	} else {
2058 		return (ath9k_hw_set_keycache_entry(sc->sc_ah,
2059 		    k->wk_keyix, &hk, mac, B_FALSE));
2060 	}
2061 }
2062 
2063 /*
2064  * Enable/Disable short slot timing
2065  */
2066 void
2067 arn_set_shortslot(ieee80211com_t *ic, int onoff)
2068 {
2069 	struct ath_hal *ah = ((struct arn_softc *)ic)->sc_ah;
2070 
2071 	if (onoff)
2072 		(void) ath9k_hw_setslottime(ah, ATH9K_SLOT_TIME_9);
2073 	else
2074 		(void) ath9k_hw_setslottime(ah, ATH9K_SLOT_TIME_20);
2075 }
2076 
2077 static int
2078 arn_open(struct arn_softc *sc)
2079 {
2080 	ieee80211com_t *ic = (ieee80211com_t *)sc;
2081 	struct ieee80211_channel *curchan = ic->ic_curchan;
2082 	struct ath9k_channel *init_channel;
2083 	int error = 0, pos, status;
2084 
2085 	ARN_LOCK_ASSERT(sc);
2086 
2087 	pos = arn_get_channel(sc, curchan);
2088 	if (pos == -1) {
2089 		ARN_DBG((ARN_DBG_FATAL, "arn: "
2090 		    "%s: Invalid channel\n", __func__));
2091 		error = EINVAL;
2092 		goto error;
2093 	}
2094 
2095 	sc->tx_chan_width = ATH9K_HT_MACMODE_20;
2096 
2097 	if (sc->sc_curmode == ATH9K_MODE_11A) {
2098 		sc->sc_ah->ah_channels[pos].chanmode = CHANNEL_A;
2099 	} else {
2100 		sc->sc_ah->ah_channels[pos].chanmode = CHANNEL_G;
2101 	}
2102 
2103 	init_channel = &sc->sc_ah->ah_channels[pos];
2104 
2105 	/* Reset SERDES registers */
2106 	ath9k_hw_configpcipowersave(sc->sc_ah, 0);
2107 
2108 	/*
2109 	 * The basic interface to setting the hardware in a good
2110 	 * state is ``reset''.	On return the hardware is known to
2111 	 * be powered up and with interrupts disabled.	This must
2112 	 * be followed by initialization of the appropriate bits
2113 	 * and then setup of the interrupt mask.
2114 	 */
2115 	if (!ath9k_hw_reset(sc->sc_ah, init_channel,
2116 	    sc->tx_chan_width, sc->sc_tx_chainmask,
2117 	    sc->sc_rx_chainmask, sc->sc_ht_extprotspacing,
2118 	    B_FALSE, &status)) {
2119 		ARN_DBG((ARN_DBG_FATAL, "arn: "
2120 		    "%s: unable to reset hardware; hal status %u "
2121 		    "(freq %u flags 0x%x)\n", __func__, status,
2122 		    init_channel->channel, init_channel->channelFlags));
2123 
2124 		error = EIO;
2125 		goto error;
2126 	}
2127 
2128 	/*
2129 	 * This is needed only to setup initial state
2130 	 * but it's best done after a reset.
2131 	 */
2132 	arn_update_txpow(sc);
2133 
2134 	/*
2135 	 * Setup the hardware after reset:
2136 	 * The receive engine is set going.
2137 	 * Frame transmit is handled entirely
2138 	 * in the frame output path; there's nothing to do
2139 	 * here except setup the interrupt mask.
2140 	 */
2141 	if (arn_startrecv(sc) != 0) {
2142 		ARN_DBG((ARN_DBG_INIT, "arn: "
2143 		    "%s: unable to start recv logic\n", __func__));
2144 		error = EIO;
2145 		goto error;
2146 	}
2147 
2148 	/* Setup our intr mask. */
2149 	sc->sc_imask = ATH9K_INT_RX | ATH9K_INT_TX |
2150 	    ATH9K_INT_RXEOL | ATH9K_INT_RXORN |
2151 	    ATH9K_INT_FATAL | ATH9K_INT_GLOBAL;
2152 #ifdef ARN_ATH9K_HW_CAP_GTT
2153 	if (sc->sc_ah->ah_caps.hw_caps & ATH9K_HW_CAP_GTT)
2154 		sc->sc_imask |= ATH9K_INT_GTT;
2155 #endif
2156 
2157 #ifdef ARN_ATH9K_HW_CAP_GTT
2158 	if (sc->sc_ah->ah_caps.hw_caps & ATH9K_HW_CAP_HT)
2159 		sc->sc_imask |= ATH9K_INT_CST;
2160 #endif
2161 
2162 	/*
2163 	 * Enable MIB interrupts when there are hardware phy counters.
2164 	 * Note we only do this (at the moment) for station mode.
2165 	 */
2166 #ifdef ARN_ATH9K_INT_MIB
2167 	if (ath9k_hw_phycounters(sc->sc_ah) &&
2168 	    ((sc->sc_ah->ah_opmode == ATH9K_M_STA) ||
2169 	    (sc->sc_ah->ah_opmode == ATH9K_M_IBSS)))
2170 		sc->sc_imask |= ATH9K_INT_MIB;
2171 #endif
2172 	/*
2173 	 * Some hardware processes the TIM IE and fires an
2174 	 * interrupt when the TIM bit is set.  For hardware
2175 	 * that does, if not overridden by configuration,
2176 	 * enable the TIM interrupt when operating as station.
2177 	 */
2178 #ifdef ARN_ATH9K_INT_TIM
2179 	if ((sc->sc_ah->ah_caps.hw_caps & ATH9K_HW_CAP_ENHANCEDPM) &&
2180 	    (sc->sc_ah->ah_opmode == ATH9K_M_STA) &&
2181 	    !sc->sc_config.swBeaconProcess)
2182 		sc->sc_imask |= ATH9K_INT_TIM;
2183 #endif
2184 	if (arn_chan2mode(init_channel) != sc->sc_curmode)
2185 		arn_setcurmode(sc, arn_chan2mode(init_channel));
2186 	ARN_DBG((ARN_DBG_INIT, "arn: "
2187 	    "%s: current mode after arn_setcurmode is %d\n",
2188 	    __func__, sc->sc_curmode));
2189 
2190 	sc->sc_isrunning = 1;
2191 
2192 	/* Disable BMISS interrupt when we're not associated */
2193 	sc->sc_imask &= ~(ATH9K_INT_SWBA | ATH9K_INT_BMISS);
2194 	(void) ath9k_hw_set_interrupts(sc->sc_ah, sc->sc_imask);
2195 
2196 	return (0);
2197 
2198 error:
2199 	return (error);
2200 }
2201 
2202 static void
2203 arn_close(struct arn_softc *sc)
2204 {
2205 	ieee80211com_t *ic = (ieee80211com_t *)sc;
2206 	struct ath_hal *ah = sc->sc_ah;
2207 
2208 	ARN_LOCK_ASSERT(sc);
2209 
2210 	if (!sc->sc_isrunning)
2211 		return;
2212 
2213 	/*
2214 	 * Shutdown the hardware and driver
2215 	 * Note that some of this work is not possible if the
2216 	 * hardware is gone (invalid).
2217 	 */
2218 	ARN_UNLOCK(sc);
2219 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2220 	ieee80211_stop_watchdog(ic);
2221 	ARN_LOCK(sc);
2222 
2223 	/*
2224 	 * make sure h/w will not generate any interrupt
2225 	 * before setting the invalid flag.
2226 	 */
2227 	(void) ath9k_hw_set_interrupts(ah, 0);
2228 
2229 	if (!(sc->sc_flags & SC_OP_INVALID)) {
2230 		arn_draintxq(sc, 0);
2231 		(void) arn_stoprecv(sc);
2232 		(void) ath9k_hw_phy_disable(ah);
2233 	} else {
2234 		sc->sc_rxlink = NULL;
2235 	}
2236 
2237 	sc->sc_isrunning = 0;
2238 }
2239 
2240 /*
2241  * MAC callback functions
2242  */
2243 static int
2244 arn_m_stat(void *arg, uint_t stat, uint64_t *val)
2245 {
2246 	struct arn_softc *sc = arg;
2247 	ieee80211com_t *ic = (ieee80211com_t *)sc;
2248 	struct ieee80211_node *in;
2249 	struct ieee80211_rateset *rs;
2250 
2251 	ARN_LOCK(sc);
2252 	switch (stat) {
2253 	case MAC_STAT_IFSPEED:
2254 		in = ic->ic_bss;
2255 		rs = &in->in_rates;
2256 		*val = (rs->ir_rates[in->in_txrate] & IEEE80211_RATE_VAL) / 2 *
2257 		    1000000ull;
2258 		break;
2259 	case MAC_STAT_NOXMTBUF:
2260 		*val = sc->sc_stats.ast_tx_nobuf +
2261 		    sc->sc_stats.ast_tx_nobufmgt;
2262 		break;
2263 	case MAC_STAT_IERRORS:
2264 		*val = sc->sc_stats.ast_rx_tooshort;
2265 		break;
2266 	case MAC_STAT_RBYTES:
2267 		*val = ic->ic_stats.is_rx_bytes;
2268 		break;
2269 	case MAC_STAT_IPACKETS:
2270 		*val = ic->ic_stats.is_rx_frags;
2271 		break;
2272 	case MAC_STAT_OBYTES:
2273 		*val = ic->ic_stats.is_tx_bytes;
2274 		break;
2275 	case MAC_STAT_OPACKETS:
2276 		*val = ic->ic_stats.is_tx_frags;
2277 		break;
2278 	case MAC_STAT_OERRORS:
2279 	case WIFI_STAT_TX_FAILED:
2280 		*val = sc->sc_stats.ast_tx_fifoerr +
2281 		    sc->sc_stats.ast_tx_xretries +
2282 		    sc->sc_stats.ast_tx_discard;
2283 		break;
2284 	case WIFI_STAT_TX_RETRANS:
2285 		*val = sc->sc_stats.ast_tx_xretries;
2286 		break;
2287 	case WIFI_STAT_FCS_ERRORS:
2288 		*val = sc->sc_stats.ast_rx_crcerr;
2289 		break;
2290 	case WIFI_STAT_WEP_ERRORS:
2291 		*val = sc->sc_stats.ast_rx_badcrypt;
2292 		break;
2293 	case WIFI_STAT_TX_FRAGS:
2294 	case WIFI_STAT_MCAST_TX:
2295 	case WIFI_STAT_RTS_SUCCESS:
2296 	case WIFI_STAT_RTS_FAILURE:
2297 	case WIFI_STAT_ACK_FAILURE:
2298 	case WIFI_STAT_RX_FRAGS:
2299 	case WIFI_STAT_MCAST_RX:
2300 	case WIFI_STAT_RX_DUPS:
2301 		ARN_UNLOCK(sc);
2302 		return (ieee80211_stat(ic, stat, val));
2303 	default:
2304 		ARN_UNLOCK(sc);
2305 		return (ENOTSUP);
2306 	}
2307 	ARN_UNLOCK(sc);
2308 
2309 	return (0);
2310 }
2311 
2312 int
2313 arn_m_start(void *arg)
2314 {
2315 	struct arn_softc *sc = arg;
2316 	int err = 0;
2317 
2318 	ARN_LOCK(sc);
2319 
2320 	/*
2321 	 * Stop anything previously setup.  This is safe
2322 	 * whether this is the first time through or not.
2323 	 */
2324 
2325 	arn_close(sc);
2326 
2327 	if ((err = arn_open(sc)) != 0) {
2328 		ARN_UNLOCK(sc);
2329 		return (err);
2330 	}
2331 
2332 	/* H/W is reday now */
2333 	sc->sc_flags &= ~SC_OP_INVALID;
2334 
2335 	ARN_UNLOCK(sc);
2336 
2337 	return (0);
2338 }
2339 
2340 static void
2341 arn_m_stop(void *arg)
2342 {
2343 	struct arn_softc *sc = arg;
2344 
2345 	ARN_LOCK(sc);
2346 	arn_close(sc);
2347 
2348 	/* disable HAL and put h/w to sleep */
2349 	(void) ath9k_hw_disable(sc->sc_ah);
2350 	ath9k_hw_configpcipowersave(sc->sc_ah, 1);
2351 
2352 	/* XXX: hardware will not be ready in suspend state */
2353 	sc->sc_flags |= SC_OP_INVALID;
2354 	ARN_UNLOCK(sc);
2355 }
2356 
2357 static int
2358 arn_m_promisc(void *arg, boolean_t on)
2359 {
2360 	struct arn_softc *sc = arg;
2361 	struct ath_hal *ah = sc->sc_ah;
2362 	uint32_t rfilt;
2363 
2364 	ARN_LOCK(sc);
2365 
2366 	rfilt = ath9k_hw_getrxfilter(ah);
2367 	if (on)
2368 		rfilt |= ATH9K_RX_FILTER_PROM;
2369 	else
2370 		rfilt &= ~ATH9K_RX_FILTER_PROM;
2371 	sc->sc_promisc = on;
2372 	ath9k_hw_setrxfilter(ah, rfilt);
2373 
2374 	ARN_UNLOCK(sc);
2375 
2376 	return (0);
2377 }
2378 
2379 static int
2380 arn_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2381 {
2382 	struct arn_softc *sc = arg;
2383 	struct ath_hal *ah = sc->sc_ah;
2384 	uint32_t val, index, bit;
2385 	uint8_t pos;
2386 	uint32_t *mfilt = sc->sc_mcast_hash;
2387 
2388 	ARN_LOCK(sc);
2389 
2390 	/* calculate XOR of eight 6bit values */
2391 	val = ARN_LE_READ_32(mca + 0);
2392 	pos = (val >> 18) ^ (val >> 12) ^ (val >> 6) ^ val;
2393 	val = ARN_LE_READ_32(mca + 3);
2394 	pos ^= (val >> 18) ^ (val >> 12) ^ (val >> 6) ^ val;
2395 	pos &= 0x3f;
2396 	index = pos / 32;
2397 	bit = 1 << (pos % 32);
2398 
2399 	if (add) {	/* enable multicast */
2400 		sc->sc_mcast_refs[pos]++;
2401 		mfilt[index] |= bit;
2402 	} else {	/* disable multicast */
2403 		if (--sc->sc_mcast_refs[pos] == 0)
2404 			mfilt[index] &= ~bit;
2405 	}
2406 	ath9k_hw_setmcastfilter(ah, mfilt[0], mfilt[1]);
2407 
2408 	ARN_UNLOCK(sc);
2409 	return (0);
2410 }
2411 
2412 static int
2413 arn_m_unicst(void *arg, const uint8_t *macaddr)
2414 {
2415 	struct arn_softc *sc = arg;
2416 	struct ath_hal *ah = sc->sc_ah;
2417 	ieee80211com_t *ic = (ieee80211com_t *)sc;
2418 
2419 	ARN_DBG((ARN_DBG_XMIT, "ath: ath_gld_saddr(): "
2420 	    "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
2421 	    macaddr[0], macaddr[1], macaddr[2],
2422 	    macaddr[3], macaddr[4], macaddr[5]));
2423 
2424 	ARN_LOCK(sc);
2425 	IEEE80211_ADDR_COPY(sc->sc_isc.ic_macaddr, macaddr);
2426 	(void) ath9k_hw_setmac(ah, sc->sc_isc.ic_macaddr);
2427 	(void) arn_reset(ic);
2428 	ARN_UNLOCK(sc);
2429 	return (0);
2430 }
2431 
2432 static mblk_t *
2433 arn_m_tx(void *arg, mblk_t *mp)
2434 {
2435 	struct arn_softc *sc = arg;
2436 	int error = 0;
2437 	mblk_t *next;
2438 	ieee80211com_t *ic = (ieee80211com_t *)sc;
2439 
2440 	/*
2441 	 * No data frames go out unless we're associated; this
2442 	 * should not happen as the 802.11 layer does not enable
2443 	 * the xmit queue until we enter the RUN state.
2444 	 */
2445 	if (ic->ic_state != IEEE80211_S_RUN) {
2446 		ARN_DBG((ARN_DBG_XMIT, "arn: arn_m_tx(): "
2447 		    "discard, state %u\n", ic->ic_state));
2448 		sc->sc_stats.ast_tx_discard++;
2449 		freemsgchain(mp);
2450 		return (NULL);
2451 	}
2452 
2453 	while (mp != NULL) {
2454 		next = mp->b_next;
2455 		mp->b_next = NULL;
2456 		error = arn_tx(ic, mp, IEEE80211_FC0_TYPE_DATA);
2457 		if (error != 0) {
2458 			mp->b_next = next;
2459 			if (error == ENOMEM) {
2460 				break;
2461 			} else {
2462 				freemsgchain(mp);
2463 				return (NULL);
2464 			}
2465 		}
2466 		mp = next;
2467 	}
2468 
2469 	return (mp);
2470 }
2471 
2472 static void
2473 arn_m_ioctl(void *arg, queue_t *wq, mblk_t *mp)
2474 {
2475 	struct arn_softc *sc = arg;
2476 	int32_t err;
2477 
2478 	err = ieee80211_ioctl(&sc->sc_isc, wq, mp);
2479 
2480 	ARN_LOCK(sc);
2481 	if (err == ENETRESET) {
2482 		if (!(sc->sc_flags & SC_OP_INVALID)) {
2483 			ARN_UNLOCK(sc);
2484 
2485 			(void) arn_m_start(sc);
2486 
2487 			(void) ieee80211_new_state(&sc->sc_isc,
2488 			    IEEE80211_S_SCAN, -1);
2489 			ARN_LOCK(sc);
2490 		}
2491 	}
2492 	ARN_UNLOCK(sc);
2493 }
2494 
2495 static int
2496 arn_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2497     uint_t wldp_length, const void *wldp_buf)
2498 {
2499 	struct arn_softc *sc = arg;
2500 	int	err;
2501 
2502 	err = ieee80211_setprop(&sc->sc_isc, pr_name, wldp_pr_num,
2503 	    wldp_length, wldp_buf);
2504 
2505 	ARN_LOCK(sc);
2506 
2507 	if (err == ENETRESET) {
2508 		if (!(sc->sc_flags & SC_OP_INVALID)) {
2509 			ARN_UNLOCK(sc);
2510 			(void) arn_m_start(sc);
2511 			(void) ieee80211_new_state(&sc->sc_isc,
2512 			    IEEE80211_S_SCAN, -1);
2513 			ARN_LOCK(sc);
2514 		}
2515 		err = 0;
2516 	}
2517 
2518 	ARN_UNLOCK(sc);
2519 
2520 	return (err);
2521 }
2522 
2523 /* ARGSUSED */
2524 static int
2525 arn_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2526     uint_t wldp_length, void *wldp_buf)
2527 {
2528 	struct arn_softc *sc = arg;
2529 	int	err = 0;
2530 
2531 	err = ieee80211_getprop(&sc->sc_isc, pr_name, wldp_pr_num,
2532 	    wldp_length, wldp_buf);
2533 
2534 	return (err);
2535 }
2536 
2537 static void
2538 arn_m_propinfo(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2539     mac_prop_info_handle_t prh)
2540 {
2541 	struct arn_softc *sc = arg;
2542 
2543 	ieee80211_propinfo(&sc->sc_isc, pr_name, wldp_pr_num, prh);
2544 }
2545 
2546 /* return bus cachesize in 4B word units */
2547 static void
2548 arn_pci_config_cachesize(struct arn_softc *sc)
2549 {
2550 	uint8_t csz;
2551 
2552 	/*
2553 	 * Cache line size is used to size and align various
2554 	 * structures used to communicate with the hardware.
2555 	 */
2556 	csz = pci_config_get8(sc->sc_cfg_handle, PCI_CONF_CACHE_LINESZ);
2557 	if (csz == 0) {
2558 		/*
2559 		 * We must have this setup properly for rx buffer
2560 		 * DMA to work so force a reasonable value here if it
2561 		 * comes up zero.
2562 		 */
2563 		csz = ATH_DEF_CACHE_BYTES / sizeof (uint32_t);
2564 		pci_config_put8(sc->sc_cfg_handle, PCI_CONF_CACHE_LINESZ,
2565 		    csz);
2566 	}
2567 	sc->sc_cachelsz = csz << 2;
2568 }
2569 
2570 static int
2571 arn_pci_setup(struct arn_softc *sc)
2572 {
2573 	uint16_t command;
2574 
2575 	/*
2576 	 * Enable memory mapping and bus mastering
2577 	 */
2578 	ASSERT(sc != NULL);
2579 	command = pci_config_get16(sc->sc_cfg_handle, PCI_CONF_COMM);
2580 	command	|= PCI_COMM_MAE | PCI_COMM_ME;
2581 	pci_config_put16(sc->sc_cfg_handle, PCI_CONF_COMM, command);
2582 	command = pci_config_get16(sc->sc_cfg_handle, PCI_CONF_COMM);
2583 	if ((command & PCI_COMM_MAE) == 0) {
2584 		arn_problem("arn: arn_pci_setup(): "
2585 		    "failed to enable memory mapping\n");
2586 		return (EIO);
2587 	}
2588 	if ((command & PCI_COMM_ME) == 0) {
2589 		arn_problem("arn: arn_pci_setup(): "
2590 		    "failed to enable bus mastering\n");
2591 		return (EIO);
2592 	}
2593 	ARN_DBG((ARN_DBG_INIT, "arn: arn_pci_setup(): "
2594 	    "set command reg to 0x%x \n", command));
2595 
2596 	return (0);
2597 }
2598 
2599 static void
2600 arn_get_hw_encap(struct arn_softc *sc)
2601 {
2602 	ieee80211com_t *ic;
2603 	struct ath_hal *ah;
2604 
2605 	ic = (ieee80211com_t *)sc;
2606 	ah = sc->sc_ah;
2607 
2608 	if (ath9k_hw_getcapability(ah, ATH9K_CAP_CIPHER,
2609 	    ATH9K_CIPHER_AES_CCM, NULL))
2610 		ic->ic_caps |= IEEE80211_C_AES_CCM;
2611 	if (ath9k_hw_getcapability(ah, ATH9K_CAP_CIPHER,
2612 	    ATH9K_CIPHER_AES_OCB, NULL))
2613 		ic->ic_caps |= IEEE80211_C_AES;
2614 	if (ath9k_hw_getcapability(ah, ATH9K_CAP_CIPHER,
2615 	    ATH9K_CIPHER_TKIP, NULL))
2616 		ic->ic_caps |= IEEE80211_C_TKIP;
2617 	if (ath9k_hw_getcapability(ah, ATH9K_CAP_CIPHER,
2618 	    ATH9K_CIPHER_WEP, NULL))
2619 		ic->ic_caps |= IEEE80211_C_WEP;
2620 	if (ath9k_hw_getcapability(ah, ATH9K_CAP_CIPHER,
2621 	    ATH9K_CIPHER_MIC, NULL))
2622 		ic->ic_caps |= IEEE80211_C_TKIPMIC;
2623 }
2624 
2625 static void
2626 arn_setup_ht_cap(struct arn_softc *sc)
2627 {
2628 #define	ATH9K_HT_CAP_MAXRXAMPDU_65536 0x3	/* 2 ^ 16 */
2629 #define	ATH9K_HT_CAP_MPDUDENSITY_8 0x6		/* 8 usec */
2630 
2631 	/* LINTED E_FUNC_SET_NOT_USED */
2632 	uint8_t tx_streams;
2633 	uint8_t rx_streams;
2634 
2635 	arn_ht_conf *ht_info = &sc->sc_ht_conf;
2636 
2637 	ht_info->ht_supported = B_TRUE;
2638 
2639 	/* Todo: IEEE80211_HTCAP_SMPS */
2640 	ht_info->cap = IEEE80211_HTCAP_CHWIDTH40|
2641 	    IEEE80211_HTCAP_SHORTGI40 |
2642 	    IEEE80211_HTCAP_DSSSCCK40;
2643 
2644 	ht_info->ampdu_factor = ATH9K_HT_CAP_MAXRXAMPDU_65536;
2645 	ht_info->ampdu_density = ATH9K_HT_CAP_MPDUDENSITY_8;
2646 
2647 	/* set up supported mcs set */
2648 	(void) memset(&ht_info->rx_mcs_mask, 0, sizeof (ht_info->rx_mcs_mask));
2649 	tx_streams = ISP2(sc->sc_ah->ah_caps.tx_chainmask) ? 1 : 2;
2650 	rx_streams = ISP2(sc->sc_ah->ah_caps.rx_chainmask) ? 1 : 2;
2651 
2652 	ht_info->rx_mcs_mask[0] = 0xff;
2653 	if (rx_streams >= 2)
2654 		ht_info->rx_mcs_mask[1] = 0xff;
2655 }
2656 
2657 /* xxx should be used for ht rate set negotiating ? */
2658 static void
2659 arn_overwrite_11n_rateset(struct arn_softc *sc)
2660 {
2661 	uint8_t *ht_rs = sc->sc_ht_conf.rx_mcs_mask;
2662 	int mcs_idx, mcs_count = 0;
2663 	int i, j;
2664 
2665 	(void) memset(&ieee80211_rateset_11n, 0,
2666 	    sizeof (ieee80211_rateset_11n));
2667 	for (i = 0; i < 10; i++) {
2668 		for (j = 0; j < 8; j++) {
2669 			if (ht_rs[i] & (1 << j)) {
2670 				mcs_idx = i * 8 + j;
2671 				if (mcs_idx >= IEEE80211_HTRATE_MAXSIZE) {
2672 					break;
2673 				}
2674 
2675 				ieee80211_rateset_11n.rs_rates[mcs_idx] =
2676 				    (uint8_t)mcs_idx;
2677 				mcs_count++;
2678 			}
2679 		}
2680 	}
2681 
2682 	ieee80211_rateset_11n.rs_nrates = (uint8_t)mcs_count;
2683 
2684 	ARN_DBG((ARN_DBG_RATE, "arn_overwrite_11n_rateset(): "
2685 	    "MCS rate set supported by this station is as follows:\n"));
2686 
2687 	for (i = 0; i < ieee80211_rateset_11n.rs_nrates; i++) {
2688 		ARN_DBG((ARN_DBG_RATE, "MCS rate %d is %d\n",
2689 		    i, ieee80211_rateset_11n.rs_rates[i]));
2690 	}
2691 
2692 }
2693 
2694 /*
2695  * Update WME parameters for a transmit queue.
2696  */
2697 static int
2698 arn_tx_queue_update(struct arn_softc *sc, int ac)
2699 {
2700 #define	ATH_EXPONENT_TO_VALUE(v)	((1<<v)-1)
2701 #define	ATH_TXOP_TO_US(v)		(v<<5)
2702 	ieee80211com_t *ic = (ieee80211com_t *)sc;
2703 	struct ath_txq *txq;
2704 	struct wmeParams *wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac];
2705 	struct ath_hal *ah = sc->sc_ah;
2706 	struct ath9k_tx_queue_info qi;
2707 
2708 	txq = &sc->sc_txq[arn_get_hal_qnum(ac, sc)];
2709 	(void) ath9k_hw_get_txq_props(ah, txq->axq_qnum, &qi);
2710 
2711 	/*
2712 	 * TXQ_FLAG_TXOKINT_ENABLE = 0x0001
2713 	 * TXQ_FLAG_TXERRINT_ENABLE = 0x0001
2714 	 * TXQ_FLAG_TXDESCINT_ENABLE = 0x0002
2715 	 * TXQ_FLAG_TXEOLINT_ENABLE = 0x0004
2716 	 * TXQ_FLAG_TXURNINT_ENABLE = 0x0008
2717 	 * TXQ_FLAG_BACKOFF_DISABLE = 0x0010
2718 	 * TXQ_FLAG_COMPRESSION_ENABLE = 0x0020
2719 	 * TXQ_FLAG_RDYTIME_EXP_POLICY_ENABLE = 0x0040
2720 	 * TXQ_FLAG_FRAG_BURST_BACKOFF_ENABLE = 0x0080
2721 	 */
2722 
2723 	/* xxx should update these flags here? */
2724 #if 0
2725 	qi.tqi_qflags = TXQ_FLAG_TXOKINT_ENABLE |
2726 	    TXQ_FLAG_TXERRINT_ENABLE |
2727 	    TXQ_FLAG_TXDESCINT_ENABLE |
2728 	    TXQ_FLAG_TXURNINT_ENABLE;
2729 #endif
2730 
2731 	qi.tqi_aifs = wmep->wmep_aifsn;
2732 	qi.tqi_cwmin = ATH_EXPONENT_TO_VALUE(wmep->wmep_logcwmin);
2733 	qi.tqi_cwmax = ATH_EXPONENT_TO_VALUE(wmep->wmep_logcwmax);
2734 	qi.tqi_readyTime = 0;
2735 	qi.tqi_burstTime = ATH_TXOP_TO_US(wmep->wmep_txopLimit);
2736 
2737 	ARN_DBG((ARN_DBG_INIT,
2738 	    "%s:"
2739 	    "Q%u"
2740 	    "qflags 0x%x"
2741 	    "aifs %u"
2742 	    "cwmin %u"
2743 	    "cwmax %u"
2744 	    "burstTime %u\n",
2745 	    __func__,
2746 	    txq->axq_qnum,
2747 	    qi.tqi_qflags,
2748 	    qi.tqi_aifs,
2749 	    qi.tqi_cwmin,
2750 	    qi.tqi_cwmax,
2751 	    qi.tqi_burstTime));
2752 
2753 	if (!ath9k_hw_set_txq_props(ah, txq->axq_qnum, &qi)) {
2754 		arn_problem("unable to update hardware queue "
2755 		    "parameters for %s traffic!\n",
2756 		    ieee80211_wme_acnames[ac]);
2757 		return (0);
2758 	} else {
2759 		/* push to H/W */
2760 		(void) ath9k_hw_resettxqueue(ah, txq->axq_qnum);
2761 		return (1);
2762 	}
2763 
2764 #undef ATH_TXOP_TO_US
2765 #undef ATH_EXPONENT_TO_VALUE
2766 }
2767 
2768 /* Update WME parameters */
2769 static int
2770 arn_wme_update(ieee80211com_t *ic)
2771 {
2772 	struct arn_softc *sc = (struct arn_softc *)ic;
2773 
2774 	/* updateing */
2775 	return (!arn_tx_queue_update(sc, WME_AC_BE) ||
2776 	    !arn_tx_queue_update(sc, WME_AC_BK) ||
2777 	    !arn_tx_queue_update(sc, WME_AC_VI) ||
2778 	    !arn_tx_queue_update(sc, WME_AC_VO) ? EIO : 0);
2779 }
2780 
2781 /*
2782  * Update tx/rx chainmask. For legacy association,
2783  * hard code chainmask to 1x1, for 11n association, use
2784  * the chainmask configuration.
2785  */
2786 void
2787 arn_update_chainmask(struct arn_softc *sc)
2788 {
2789 	boolean_t is_ht = B_FALSE;
2790 	sc->sc_flags |= SC_OP_CHAINMASK_UPDATE;
2791 
2792 	is_ht = sc->sc_ht_conf.ht_supported;
2793 	if (is_ht) {
2794 		sc->sc_tx_chainmask = sc->sc_ah->ah_caps.tx_chainmask;
2795 		sc->sc_rx_chainmask = sc->sc_ah->ah_caps.rx_chainmask;
2796 	} else {
2797 		sc->sc_tx_chainmask = 1;
2798 		sc->sc_rx_chainmask = 1;
2799 	}
2800 
2801 	ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
2802 	    "tx_chainmask = %d, rx_chainmask = %d\n",
2803 	    sc->sc_tx_chainmask, sc->sc_rx_chainmask));
2804 }
2805 
2806 static int
2807 arn_resume(dev_info_t *devinfo)
2808 {
2809 	struct arn_softc *sc;
2810 	int ret = DDI_SUCCESS;
2811 
2812 	sc = ddi_get_soft_state(arn_soft_state_p, ddi_get_instance(devinfo));
2813 	if (sc == NULL) {
2814 		ARN_DBG((ARN_DBG_INIT, "ath: ath_resume(): "
2815 		    "failed to get soft state\n"));
2816 		return (DDI_FAILURE);
2817 	}
2818 
2819 	ARN_LOCK(sc);
2820 	/*
2821 	 * Set up config space command register(s). Refuse
2822 	 * to resume on failure.
2823 	 */
2824 	if (arn_pci_setup(sc) != 0) {
2825 		ARN_DBG((ARN_DBG_INIT, "ath: ath_resume(): "
2826 		    "ath_pci_setup() failed\n"));
2827 		ARN_UNLOCK(sc);
2828 		return (DDI_FAILURE);
2829 	}
2830 
2831 	if (!(sc->sc_flags & SC_OP_INVALID))
2832 		ret = arn_open(sc);
2833 	ARN_UNLOCK(sc);
2834 
2835 	return (ret);
2836 }
2837 
2838 static int
2839 arn_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2840 {
2841 	struct arn_softc *sc;
2842 	int		instance;
2843 	int		status;
2844 	int32_t		err;
2845 	uint16_t	vendor_id;
2846 	uint16_t	device_id;
2847 	uint32_t	i;
2848 	uint32_t	val;
2849 	char		strbuf[32];
2850 	ieee80211com_t *ic;
2851 	struct ath_hal *ah;
2852 	wifi_data_t wd = { 0 };
2853 	mac_register_t *macp;
2854 
2855 	switch (cmd) {
2856 	case DDI_ATTACH:
2857 		break;
2858 	case DDI_RESUME:
2859 		return (arn_resume(devinfo));
2860 	default:
2861 		return (DDI_FAILURE);
2862 	}
2863 
2864 	instance = ddi_get_instance(devinfo);
2865 	if (ddi_soft_state_zalloc(arn_soft_state_p, instance) != DDI_SUCCESS) {
2866 		ARN_DBG((ARN_DBG_ATTACH, "arn: "
2867 		    "%s: Unable to alloc softstate\n", __func__));
2868 		return (DDI_FAILURE);
2869 	}
2870 
2871 	sc = ddi_get_soft_state(arn_soft_state_p, ddi_get_instance(devinfo));
2872 	ic = (ieee80211com_t *)sc;
2873 	sc->sc_dev = devinfo;
2874 
2875 	mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2876 	mutex_init(&sc->sc_serial_rw, NULL, MUTEX_DRIVER, NULL);
2877 	mutex_init(&sc->sc_txbuflock, NULL, MUTEX_DRIVER, NULL);
2878 	mutex_init(&sc->sc_rxbuflock, NULL, MUTEX_DRIVER, NULL);
2879 	mutex_init(&sc->sc_resched_lock, NULL, MUTEX_DRIVER, NULL);
2880 #ifdef ARN_IBSS
2881 	mutex_init(&sc->sc_bcbuflock, NULL, MUTEX_DRIVER, NULL);
2882 #endif
2883 
2884 	sc->sc_flags |= SC_OP_INVALID;
2885 
2886 	err = pci_config_setup(devinfo, &sc->sc_cfg_handle);
2887 	if (err != DDI_SUCCESS) {
2888 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
2889 		    "pci_config_setup() failed"));
2890 		goto attach_fail0;
2891 	}
2892 
2893 	if (arn_pci_setup(sc) != 0)
2894 		goto attach_fail1;
2895 
2896 	/* Cache line size set up */
2897 	arn_pci_config_cachesize(sc);
2898 
2899 	vendor_id = pci_config_get16(sc->sc_cfg_handle, PCI_CONF_VENID);
2900 	device_id = pci_config_get16(sc->sc_cfg_handle, PCI_CONF_DEVID);
2901 	ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): vendor 0x%x, "
2902 	    "device id 0x%x, cache size %d\n",
2903 	    vendor_id, device_id,
2904 	    pci_config_get8(sc->sc_cfg_handle, PCI_CONF_CACHE_LINESZ)));
2905 
2906 	pci_config_put8(sc->sc_cfg_handle, PCI_CONF_LATENCY_TIMER, 0xa8);
2907 	val = pci_config_get32(sc->sc_cfg_handle, 0x40);
2908 	if ((val & 0x0000ff00) != 0)
2909 		pci_config_put32(sc->sc_cfg_handle, 0x40, val & 0xffff00ff);
2910 
2911 	err = ddi_regs_map_setup(devinfo, 1,
2912 	    &sc->mem, 0, 0, &arn_reg_accattr, &sc->sc_io_handle);
2913 	ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
2914 	    "regs map1 = %x err=%d\n", sc->mem, err));
2915 	if (err != DDI_SUCCESS) {
2916 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
2917 		    "ddi_regs_map_setup() failed"));
2918 		goto attach_fail1;
2919 	}
2920 
2921 	ah = ath9k_hw_attach(device_id, sc, sc->mem, &status);
2922 	if (ah == NULL) {
2923 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
2924 		    "unable to attach hw: H/W status %u\n",
2925 		    status));
2926 		goto attach_fail2;
2927 	}
2928 	sc->sc_ah = ah;
2929 
2930 	ath9k_hw_getmac(ah, ic->ic_macaddr);
2931 
2932 	/* Get the hardware key cache size. */
2933 	sc->sc_keymax = ah->ah_caps.keycache_size;
2934 	if (sc->sc_keymax > ATH_KEYMAX) {
2935 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
2936 		    "Warning, using only %u entries in %u key cache\n",
2937 		    ATH_KEYMAX, sc->sc_keymax));
2938 		sc->sc_keymax = ATH_KEYMAX;
2939 	}
2940 
2941 	/*
2942 	 * Reset the key cache since some parts do not
2943 	 * reset the contents on initial power up.
2944 	 */
2945 	for (i = 0; i < sc->sc_keymax; i++)
2946 		(void) ath9k_hw_keyreset(ah, (uint16_t)i);
2947 	/*
2948 	 * Mark key cache slots associated with global keys
2949 	 * as in use.  If we knew TKIP was not to be used we
2950 	 * could leave the +32, +64, and +32+64 slots free.
2951 	 * XXX only for splitmic.
2952 	 */
2953 	for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2954 		set_bit(i, sc->sc_keymap);
2955 		set_bit(i + 32, sc->sc_keymap);
2956 		set_bit(i + 64, sc->sc_keymap);
2957 		set_bit(i + 32 + 64, sc->sc_keymap);
2958 	}
2959 
2960 	/* Collect the channel list using the default country code */
2961 	err = arn_setup_channels(sc);
2962 	if (err == EINVAL) {
2963 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
2964 		    "ERR:arn_setup_channels\n"));
2965 		goto attach_fail3;
2966 	}
2967 
2968 	/* default to STA mode */
2969 	sc->sc_ah->ah_opmode = ATH9K_M_STA;
2970 
2971 	/* Setup rate tables */
2972 	arn_rate_attach(sc);
2973 	arn_setup_rates(sc, IEEE80211_MODE_11A);
2974 	arn_setup_rates(sc, IEEE80211_MODE_11B);
2975 	arn_setup_rates(sc, IEEE80211_MODE_11G);
2976 
2977 	/* Setup current mode here */
2978 	arn_setcurmode(sc, ATH9K_MODE_11G);
2979 
2980 	/* 802.11g features */
2981 	if (sc->sc_have11g)
2982 		ic->ic_caps |= IEEE80211_C_SHPREAMBLE |
2983 		    IEEE80211_C_SHSLOT;		/* short slot time */
2984 
2985 	/* Temp workaround */
2986 	sc->sc_mrretry = 1;
2987 	sc->sc_config.ath_aggr_prot = 0;
2988 
2989 	/* Setup tx/rx descriptors */
2990 	err = arn_desc_alloc(devinfo, sc);
2991 	if (err != DDI_SUCCESS) {
2992 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
2993 		    "failed to allocate descriptors: %d\n", err));
2994 		goto attach_fail3;
2995 	}
2996 
2997 	if ((sc->sc_tq = ddi_taskq_create(devinfo, "ath_taskq", 1,
2998 	    TASKQ_DEFAULTPRI, 0)) == NULL) {
2999 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3000 		    "ERR:ddi_taskq_create\n"));
3001 		goto attach_fail4;
3002 	}
3003 
3004 	/*
3005 	 * Allocate hardware transmit queues: one queue for
3006 	 * beacon frames and one data queue for each QoS
3007 	 * priority.  Note that the hal handles reseting
3008 	 * these queues at the needed time.
3009 	 */
3010 #ifdef ARN_IBSS
3011 	sc->sc_beaconq = arn_beaconq_setup(ah);
3012 	if (sc->sc_beaconq == (-1)) {
3013 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3014 		    "unable to setup a beacon xmit queue\n"));
3015 		goto attach_fail4;
3016 	}
3017 #endif
3018 #ifdef ARN_HOSTAP
3019 	sc->sc_cabq = arn_txq_setup(sc, ATH9K_TX_QUEUE_CAB, 0);
3020 	if (sc->sc_cabq == NULL) {
3021 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3022 		    "unable to setup CAB xmit queue\n"));
3023 		goto attach_fail4;
3024 	}
3025 
3026 	sc->sc_config.cabqReadytime = ATH_CABQ_READY_TIME;
3027 	ath_cabq_update(sc);
3028 #endif
3029 
3030 	for (i = 0; i < ARRAY_SIZE(sc->sc_haltype2q); i++)
3031 		sc->sc_haltype2q[i] = -1;
3032 
3033 	/* Setup data queues */
3034 	/* NB: ensure BK queue is the lowest priority h/w queue */
3035 	if (!arn_tx_setup(sc, ATH9K_WME_AC_BK)) {
3036 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3037 		    "unable to setup xmit queue for BK traffic\n"));
3038 		goto attach_fail4;
3039 	}
3040 	if (!arn_tx_setup(sc, ATH9K_WME_AC_BE)) {
3041 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3042 		    "unable to setup xmit queue for BE traffic\n"));
3043 		goto attach_fail4;
3044 	}
3045 	if (!arn_tx_setup(sc, ATH9K_WME_AC_VI)) {
3046 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3047 		    "unable to setup xmit queue for VI traffic\n"));
3048 		goto attach_fail4;
3049 	}
3050 	if (!arn_tx_setup(sc, ATH9K_WME_AC_VO)) {
3051 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3052 		    "unable to setup xmit queue for VO traffic\n"));
3053 		goto attach_fail4;
3054 	}
3055 
3056 	/*
3057 	 * Initializes the noise floor to a reasonable default value.
3058 	 * Later on this will be updated during ANI processing.
3059 	 */
3060 
3061 	sc->sc_ani.sc_noise_floor = ATH_DEFAULT_NOISE_FLOOR;
3062 
3063 
3064 	if (ath9k_hw_getcapability(ah, ATH9K_CAP_CIPHER,
3065 	    ATH9K_CIPHER_TKIP, NULL)) {
3066 		/*
3067 		 * Whether we should enable h/w TKIP MIC.
3068 		 * XXX: if we don't support WME TKIP MIC, then we wouldn't
3069 		 * report WMM capable, so it's always safe to turn on
3070 		 * TKIP MIC in this case.
3071 		 */
3072 		(void) ath9k_hw_setcapability(sc->sc_ah, ATH9K_CAP_TKIP_MIC,
3073 		    0, 1, NULL);
3074 	}
3075 
3076 	/* Get cipher releated capability information */
3077 	arn_get_hw_encap(sc);
3078 
3079 	/*
3080 	 * Check whether the separate key cache entries
3081 	 * are required to handle both tx+rx MIC keys.
3082 	 * With split mic keys the number of stations is limited
3083 	 * to 27 otherwise 59.
3084 	 */
3085 	if (ath9k_hw_getcapability(ah, ATH9K_CAP_CIPHER,
3086 	    ATH9K_CIPHER_TKIP, NULL) &&
3087 	    ath9k_hw_getcapability(ah, ATH9K_CAP_CIPHER,
3088 	    ATH9K_CIPHER_MIC, NULL) &&
3089 	    ath9k_hw_getcapability(ah, ATH9K_CAP_TKIP_SPLIT,
3090 	    0, NULL))
3091 		sc->sc_splitmic = 1;
3092 
3093 	/* turn on mcast key search if possible */
3094 	if (!ath9k_hw_getcapability(ah, ATH9K_CAP_MCAST_KEYSRCH, 0, NULL))
3095 		(void) ath9k_hw_setcapability(ah, ATH9K_CAP_MCAST_KEYSRCH, 1,
3096 		    1, NULL);
3097 
3098 	sc->sc_config.txpowlimit = ATH_TXPOWER_MAX;
3099 	sc->sc_config.txpowlimit_override = 0;
3100 
3101 	/* 11n Capabilities */
3102 	if (ah->ah_caps.hw_caps & ATH9K_HW_CAP_HT) {
3103 		sc->sc_flags |= SC_OP_TXAGGR;
3104 		sc->sc_flags |= SC_OP_RXAGGR;
3105 		arn_setup_ht_cap(sc);
3106 		arn_overwrite_11n_rateset(sc);
3107 	}
3108 
3109 	sc->sc_tx_chainmask = 1;
3110 	sc->sc_rx_chainmask = 1;
3111 	ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3112 	    "tx_chainmask = %d, rx_chainmask = %d\n",
3113 	    sc->sc_tx_chainmask, sc->sc_rx_chainmask));
3114 
3115 	/* arn_update_chainmask(sc); */
3116 
3117 	(void) ath9k_hw_setcapability(ah, ATH9K_CAP_DIVERSITY, 1, B_TRUE, NULL);
3118 	sc->sc_defant = ath9k_hw_getdefantenna(ah);
3119 
3120 	ath9k_hw_getmac(ah, sc->sc_myaddr);
3121 	if (ah->ah_caps.hw_caps & ATH9K_HW_CAP_BSSIDMASK) {
3122 		ath9k_hw_getbssidmask(ah, sc->sc_bssidmask);
3123 		ATH_SET_VAP_BSSID_MASK(sc->sc_bssidmask);
3124 		(void) ath9k_hw_setbssidmask(ah, sc->sc_bssidmask);
3125 	}
3126 
3127 	/* set default value to short slot time */
3128 	sc->sc_slottime = ATH9K_SLOT_TIME_9;
3129 	(void) ath9k_hw_setslottime(ah, ATH9K_SLOT_TIME_9);
3130 
3131 	/* initialize beacon slots */
3132 	for (i = 0; i < ARRAY_SIZE(sc->sc_bslot); i++)
3133 		sc->sc_bslot[i] = ATH_IF_ID_ANY;
3134 
3135 	/* Save MISC configurations */
3136 	sc->sc_config.swBeaconProcess = 1;
3137 
3138 	/* Support QoS/WME */
3139 	ic->ic_caps |= IEEE80211_C_WME;
3140 	ic->ic_wme.wme_update = arn_wme_update;
3141 
3142 	/* Support 802.11n/HT */
3143 	if (sc->sc_ht_conf.ht_supported) {
3144 		ic->ic_htcaps =
3145 		    IEEE80211_HTCAP_CHWIDTH40 |
3146 		    IEEE80211_HTCAP_SHORTGI40 |
3147 		    IEEE80211_HTCAP_DSSSCCK40 |
3148 		    IEEE80211_HTCAP_MAXAMSDU_7935 |
3149 		    IEEE80211_HTC_HT |
3150 		    IEEE80211_HTC_AMSDU |
3151 		    IEEE80211_HTCAP_RXSTBC_2STREAM;
3152 
3153 #ifdef ARN_TX_AGGREGATION
3154 	ic->ic_htcaps |= IEEE80211_HTC_AMPDU;
3155 #endif
3156 	}
3157 
3158 	/* Header padding requested by driver */
3159 	ic->ic_flags |= IEEE80211_F_DATAPAD;
3160 	/* Support WPA/WPA2 */
3161 	ic->ic_caps |= IEEE80211_C_WPA;
3162 #if 0
3163 	ic->ic_caps |= IEEE80211_C_TXFRAG; /* handle tx frags */
3164 	ic->ic_caps |= IEEE80211_C_BGSCAN; /* capable of bg scanning */
3165 #endif
3166 	ic->ic_phytype = IEEE80211_T_HT;
3167 	ic->ic_opmode = IEEE80211_M_STA;
3168 	ic->ic_state = IEEE80211_S_INIT;
3169 	ic->ic_maxrssi = ARN_MAX_RSSI;
3170 	ic->ic_set_shortslot = arn_set_shortslot;
3171 	ic->ic_xmit = arn_tx;
3172 	ieee80211_attach(ic);
3173 
3174 	ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3175 	    "ic->ic_curchan->ich_freq: %d\n", ic->ic_curchan->ich_freq));
3176 
3177 	/* different instance has different WPA door */
3178 	(void) snprintf(ic->ic_wpadoor, MAX_IEEE80211STR, "%s_%s%d", WPA_DOOR,
3179 	    ddi_driver_name(devinfo),
3180 	    ddi_get_instance(devinfo));
3181 
3182 	if (sc->sc_ht_conf.ht_supported) {
3183 		sc->sc_recv_action = ic->ic_recv_action;
3184 		ic->ic_recv_action = arn_ampdu_recv_action;
3185 		// sc->sc_send_action = ic->ic_send_action;
3186 		// ic->ic_send_action = arn_ampdu_send_action;
3187 
3188 		ic->ic_ampdu_rxmax = sc->sc_ht_conf.ampdu_factor;
3189 		ic->ic_ampdu_density = sc->sc_ht_conf.ampdu_density;
3190 		ic->ic_ampdu_limit = ic->ic_ampdu_rxmax;
3191 	}
3192 
3193 	/* Override 80211 default routines */
3194 	sc->sc_newstate = ic->ic_newstate;
3195 	ic->ic_newstate = arn_newstate;
3196 #ifdef ARN_IBSS
3197 	sc->sc_recv_mgmt = ic->ic_recv_mgmt;
3198 	ic->ic_recv_mgmt = arn_recv_mgmt;
3199 #endif
3200 	ic->ic_watchdog = arn_watchdog;
3201 	ic->ic_node_alloc = arn_node_alloc;
3202 	ic->ic_node_free = arn_node_free;
3203 	ic->ic_crypto.cs_key_alloc = arn_key_alloc;
3204 	ic->ic_crypto.cs_key_delete = arn_key_delete;
3205 	ic->ic_crypto.cs_key_set = arn_key_set;
3206 
3207 	ieee80211_media_init(ic);
3208 
3209 	/*
3210 	 * initialize default tx key
3211 	 */
3212 	ic->ic_def_txkey = 0;
3213 
3214 	sc->sc_rx_pend = 0;
3215 	(void) ath9k_hw_set_interrupts(sc->sc_ah, 0);
3216 	err = ddi_add_softintr(devinfo, DDI_SOFTINT_LOW,
3217 	    &sc->sc_softint_id, NULL, 0, arn_softint_handler, (caddr_t)sc);
3218 	if (err != DDI_SUCCESS) {
3219 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3220 		    "ddi_add_softintr() failed....\n"));
3221 		goto attach_fail5;
3222 	}
3223 
3224 	if (ddi_get_iblock_cookie(devinfo, 0, &sc->sc_iblock)
3225 	    != DDI_SUCCESS) {
3226 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3227 		    "Can not get iblock cookie for INT\n"));
3228 		goto attach_fail6;
3229 	}
3230 
3231 	if (ddi_add_intr(devinfo, 0, NULL, NULL, arn_isr,
3232 	    (caddr_t)sc) != DDI_SUCCESS) {
3233 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3234 		    "Can not set intr for ARN driver\n"));
3235 		goto attach_fail6;
3236 	}
3237 
3238 	/*
3239 	 * Provide initial settings for the WiFi plugin; whenever this
3240 	 * information changes, we need to call mac_plugindata_update()
3241 	 */
3242 	wd.wd_opmode = ic->ic_opmode;
3243 	wd.wd_secalloc = WIFI_SEC_NONE;
3244 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
3245 
3246 	ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3247 	    "IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid)"
3248 	    "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
3249 	    wd.wd_bssid[0], wd.wd_bssid[1], wd.wd_bssid[2],
3250 	    wd.wd_bssid[3], wd.wd_bssid[4], wd.wd_bssid[5]));
3251 
3252 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
3253 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3254 		    "MAC version mismatch\n"));
3255 		goto attach_fail7;
3256 	}
3257 
3258 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
3259 	macp->m_driver		= sc;
3260 	macp->m_dip		= devinfo;
3261 	macp->m_src_addr	= ic->ic_macaddr;
3262 	macp->m_callbacks	= &arn_m_callbacks;
3263 	macp->m_min_sdu		= 0;
3264 	macp->m_max_sdu		= IEEE80211_MTU;
3265 	macp->m_pdata		= &wd;
3266 	macp->m_pdata_size	= sizeof (wd);
3267 
3268 	err = mac_register(macp, &ic->ic_mach);
3269 	mac_free(macp);
3270 	if (err != 0) {
3271 		ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3272 		    "mac_register err %x\n", err));
3273 		goto attach_fail7;
3274 	}
3275 
3276 	/* Create minor node of type DDI_NT_NET_WIFI */
3277 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
3278 	    ARN_NODENAME, instance);
3279 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
3280 	    instance + 1, DDI_NT_NET_WIFI, 0);
3281 	if (err != DDI_SUCCESS)
3282 		ARN_DBG((ARN_DBG_ATTACH, "WARN: arn: arn_attach(): "
3283 		    "Create minor node failed - %d\n", err));
3284 
3285 	/* Notify link is down now */
3286 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
3287 
3288 	sc->sc_promisc = B_FALSE;
3289 	bzero(sc->sc_mcast_refs, sizeof (sc->sc_mcast_refs));
3290 	bzero(sc->sc_mcast_hash, sizeof (sc->sc_mcast_hash));
3291 
3292 	ARN_DBG((ARN_DBG_ATTACH, "arn: arn_attach(): "
3293 	    "Atheros AR%s MAC/BB Rev:%x "
3294 	    "AR%s RF Rev:%x: mem=0x%lx\n",
3295 	    arn_mac_bb_name(ah->ah_macVersion),
3296 	    ah->ah_macRev,
3297 	    arn_rf_name((ah->ah_analog5GhzRev & AR_RADIO_SREV_MAJOR)),
3298 	    ah->ah_phyRev,
3299 	    (unsigned long)sc->mem));
3300 
3301 	/* XXX: hardware will not be ready until arn_open() being called */
3302 	sc->sc_flags |= SC_OP_INVALID;
3303 	sc->sc_isrunning = 0;
3304 
3305 	return (DDI_SUCCESS);
3306 
3307 attach_fail7:
3308 	ddi_remove_intr(devinfo, 0, sc->sc_iblock);
3309 attach_fail6:
3310 	ddi_remove_softintr(sc->sc_softint_id);
3311 attach_fail5:
3312 	(void) ieee80211_detach(ic);
3313 attach_fail4:
3314 	arn_desc_free(sc);
3315 	if (sc->sc_tq)
3316 		ddi_taskq_destroy(sc->sc_tq);
3317 attach_fail3:
3318 	ath9k_hw_detach(ah);
3319 attach_fail2:
3320 	ddi_regs_map_free(&sc->sc_io_handle);
3321 attach_fail1:
3322 	pci_config_teardown(&sc->sc_cfg_handle);
3323 attach_fail0:
3324 	sc->sc_flags |= SC_OP_INVALID;
3325 	/* cleanup tx queues */
3326 	mutex_destroy(&sc->sc_txbuflock);
3327 	for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
3328 		if (ARN_TXQ_SETUP(sc, i)) {
3329 			/* arn_tx_cleanupq(asc, &asc->sc_txq[i]); */
3330 			mutex_destroy(&((&sc->sc_txq[i])->axq_lock));
3331 		}
3332 	}
3333 	mutex_destroy(&sc->sc_rxbuflock);
3334 	mutex_destroy(&sc->sc_serial_rw);
3335 	mutex_destroy(&sc->sc_genlock);
3336 	mutex_destroy(&sc->sc_resched_lock);
3337 #ifdef ARN_IBSS
3338 	mutex_destroy(&sc->sc_bcbuflock);
3339 #endif
3340 
3341 	ddi_soft_state_free(arn_soft_state_p, instance);
3342 
3343 	return (DDI_FAILURE);
3344 
3345 }
3346 
3347 /*
3348  * Suspend transmit/receive for powerdown
3349  */
3350 static int
3351 arn_suspend(struct arn_softc *sc)
3352 {
3353 	ARN_LOCK(sc);
3354 	arn_close(sc);
3355 	ARN_UNLOCK(sc);
3356 
3357 	return (DDI_SUCCESS);
3358 }
3359 
3360 static int32_t
3361 arn_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
3362 {
3363 	struct arn_softc *sc;
3364 	int i;
3365 
3366 	sc = ddi_get_soft_state(arn_soft_state_p, ddi_get_instance(devinfo));
3367 	ASSERT(sc != NULL);
3368 
3369 	switch (cmd) {
3370 	case DDI_DETACH:
3371 		break;
3372 
3373 	case DDI_SUSPEND:
3374 		return (arn_suspend(sc));
3375 
3376 	default:
3377 		return (DDI_FAILURE);
3378 	}
3379 
3380 	if (mac_disable(sc->sc_isc.ic_mach) != 0)
3381 		return (DDI_FAILURE);
3382 
3383 	arn_stop_scantimer(sc);
3384 	arn_stop_caltimer(sc);
3385 
3386 	/* disable interrupts */
3387 	(void) ath9k_hw_set_interrupts(sc->sc_ah, 0);
3388 
3389 	/*
3390 	 * Unregister from the MAC layer subsystem
3391 	 */
3392 	(void) mac_unregister(sc->sc_isc.ic_mach);
3393 
3394 	/* free intterrupt resources */
3395 	ddi_remove_intr(devinfo, 0, sc->sc_iblock);
3396 	ddi_remove_softintr(sc->sc_softint_id);
3397 
3398 	/*
3399 	 * NB: the order of these is important:
3400 	 * o call the 802.11 layer before detaching the hal to
3401 	 *   insure callbacks into the driver to delete global
3402 	 *   key cache entries can be handled
3403 	 * o reclaim the tx queue data structures after calling
3404 	 *   the 802.11 layer as we'll get called back to reclaim
3405 	 *   node state and potentially want to use them
3406 	 * o to cleanup the tx queues the hal is called, so detach
3407 	 *   it last
3408 	 */
3409 	ieee80211_detach(&sc->sc_isc);
3410 
3411 	arn_desc_free(sc);
3412 
3413 	ddi_taskq_destroy(sc->sc_tq);
3414 
3415 	if (!(sc->sc_flags & SC_OP_INVALID))
3416 		(void) ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_AWAKE);
3417 
3418 	/* cleanup tx queues */
3419 	mutex_destroy(&sc->sc_txbuflock);
3420 	for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
3421 		if (ARN_TXQ_SETUP(sc, i)) {
3422 			arn_tx_cleanupq(sc, &sc->sc_txq[i]);
3423 			mutex_destroy(&((&sc->sc_txq[i])->axq_lock));
3424 		}
3425 	}
3426 
3427 	ath9k_hw_detach(sc->sc_ah);
3428 
3429 	/* free io handle */
3430 	ddi_regs_map_free(&sc->sc_io_handle);
3431 	pci_config_teardown(&sc->sc_cfg_handle);
3432 
3433 	/* destroy locks */
3434 	mutex_destroy(&sc->sc_genlock);
3435 	mutex_destroy(&sc->sc_serial_rw);
3436 	mutex_destroy(&sc->sc_rxbuflock);
3437 	mutex_destroy(&sc->sc_resched_lock);
3438 #ifdef ARN_IBSS
3439 	mutex_destroy(&sc->sc_bcbuflock);
3440 #endif
3441 
3442 	ddi_remove_minor_node(devinfo, NULL);
3443 	ddi_soft_state_free(arn_soft_state_p, ddi_get_instance(devinfo));
3444 
3445 	return (DDI_SUCCESS);
3446 }
3447 
3448 /*
3449  * quiesce(9E) entry point.
3450  *
3451  * This function is called when the system is single-threaded at high
3452  * PIL with preemption disabled. Therefore, this function must not be
3453  * blocked.
3454  *
3455  * This function returns DDI_SUCCESS on success, or DDI_FAILURE on failure.
3456  * DDI_FAILURE indicates an error condition and should almost never happen.
3457  */
3458 static int32_t
3459 arn_quiesce(dev_info_t *devinfo)
3460 {
3461 	struct arn_softc *sc;
3462 	int i;
3463 	struct ath_hal *ah;
3464 
3465 	sc = ddi_get_soft_state(arn_soft_state_p, ddi_get_instance(devinfo));
3466 
3467 	if (sc == NULL || (ah = sc->sc_ah) == NULL)
3468 		return (DDI_FAILURE);
3469 
3470 	/*
3471 	 * Disable interrupts
3472 	 */
3473 	(void) ath9k_hw_set_interrupts(ah, 0);
3474 
3475 	/*
3476 	 * Disable TX HW
3477 	 */
3478 	for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
3479 		if (ARN_TXQ_SETUP(sc, i))
3480 			(void) ath9k_hw_stoptxdma(ah, sc->sc_txq[i].axq_qnum);
3481 	}
3482 
3483 	/*
3484 	 * Disable RX HW
3485 	 */
3486 	ath9k_hw_stoppcurecv(ah);
3487 	ath9k_hw_setrxfilter(ah, 0);
3488 	(void) ath9k_hw_stopdmarecv(ah);
3489 	drv_usecwait(3000);
3490 
3491 	/*
3492 	 * Power down HW
3493 	 */
3494 	(void) ath9k_hw_phy_disable(ah);
3495 
3496 	return (DDI_SUCCESS);
3497 }
3498 
3499 DDI_DEFINE_STREAM_OPS(arn_dev_ops, nulldev, nulldev, arn_attach, arn_detach,
3500     nodev, NULL, D_MP, NULL, arn_quiesce);
3501 
3502 static struct modldrv arn_modldrv = {
3503 	&mod_driverops, /* Type of module.  This one is a driver */
3504 	"arn-Atheros 9000 series driver:2.0", /* short description */
3505 	&arn_dev_ops /* driver specific ops */
3506 };
3507 
3508 static struct modlinkage modlinkage = {
3509 	MODREV_1, (void *)&arn_modldrv, NULL
3510 };
3511 
3512 int
3513 _info(struct modinfo *modinfop)
3514 {
3515 	return (mod_info(&modlinkage, modinfop));
3516 }
3517 
3518 int
3519 _init(void)
3520 {
3521 	int status;
3522 
3523 	status = ddi_soft_state_init
3524 	    (&arn_soft_state_p, sizeof (struct arn_softc), 1);
3525 	if (status != 0)
3526 		return (status);
3527 
3528 	mutex_init(&arn_loglock, NULL, MUTEX_DRIVER, NULL);
3529 	mac_init_ops(&arn_dev_ops, "arn");
3530 	status = mod_install(&modlinkage);
3531 	if (status != 0) {
3532 		mac_fini_ops(&arn_dev_ops);
3533 		mutex_destroy(&arn_loglock);
3534 		ddi_soft_state_fini(&arn_soft_state_p);
3535 	}
3536 
3537 	return (status);
3538 }
3539 
3540 int
3541 _fini(void)
3542 {
3543 	int status;
3544 
3545 	status = mod_remove(&modlinkage);
3546 	if (status == 0) {
3547 		mac_fini_ops(&arn_dev_ops);
3548 		mutex_destroy(&arn_loglock);
3549 		ddi_soft_state_fini(&arn_soft_state_p);
3550 	}
3551 	return (status);
3552 }
3553