1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright (c) 2006 8 * Damien Bergamini <damien.bergamini@free.fr> 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 */ 22 23 /* 24 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/byteorder.h> 29 #include <sys/conf.h> 30 #include <sys/cmn_err.h> 31 #include <sys/stat.h> 32 #include <sys/ddi.h> 33 #include <sys/sunddi.h> 34 #include <sys/strsubr.h> 35 #include <sys/ethernet.h> 36 #include <inet/common.h> 37 #include <inet/nd.h> 38 #include <inet/mi.h> 39 #include <sys/note.h> 40 #include <sys/stream.h> 41 #include <sys/strsun.h> 42 #include <sys/modctl.h> 43 #include <sys/devops.h> 44 #include <sys/dlpi.h> 45 #include <sys/mac_provider.h> 46 #include <sys/mac_wifi.h> 47 #include <sys/net80211.h> 48 #include <sys/net80211_proto.h> 49 #include <sys/varargs.h> 50 #include <sys/policy.h> 51 #include <sys/pci.h> 52 53 #include "wpireg.h" 54 #include "wpivar.h" 55 #include <inet/wifi_ioctl.h> 56 57 #ifdef DEBUG 58 #define WPI_DEBUG_80211 (1 << 0) 59 #define WPI_DEBUG_CMD (1 << 1) 60 #define WPI_DEBUG_DMA (1 << 2) 61 #define WPI_DEBUG_EEPROM (1 << 3) 62 #define WPI_DEBUG_FW (1 << 4) 63 #define WPI_DEBUG_HW (1 << 5) 64 #define WPI_DEBUG_INTR (1 << 6) 65 #define WPI_DEBUG_MRR (1 << 7) 66 #define WPI_DEBUG_PIO (1 << 8) 67 #define WPI_DEBUG_RX (1 << 9) 68 #define WPI_DEBUG_SCAN (1 << 10) 69 #define WPI_DEBUG_TX (1 << 11) 70 #define WPI_DEBUG_RATECTL (1 << 12) 71 #define WPI_DEBUG_RADIO (1 << 13) 72 #define WPI_DEBUG_RESUME (1 << 14) 73 uint32_t wpi_dbg_flags = 0; 74 #define WPI_DBG(x) \ 75 wpi_dbg x 76 #else 77 #define WPI_DBG(x) 78 #endif 79 80 static void *wpi_soft_state_p = NULL; 81 static uint8_t wpi_fw_bin [] = { 82 #include "fw-wpi/ipw3945.ucode.hex" 83 }; 84 85 /* DMA attributes for a shared page */ 86 static ddi_dma_attr_t sh_dma_attr = { 87 DMA_ATTR_V0, /* version of this structure */ 88 0, /* lowest usable address */ 89 0xffffffffU, /* highest usable address */ 90 0xffffffffU, /* maximum DMAable byte count */ 91 0x1000, /* alignment in bytes */ 92 0x1000, /* burst sizes (any?) */ 93 1, /* minimum transfer */ 94 0xffffffffU, /* maximum transfer */ 95 0xffffffffU, /* maximum segment length */ 96 1, /* maximum number of segments */ 97 1, /* granularity */ 98 0, /* flags (reserved) */ 99 }; 100 101 /* DMA attributes for a ring descriptor */ 102 static ddi_dma_attr_t ring_desc_dma_attr = { 103 DMA_ATTR_V0, /* version of this structure */ 104 0, /* lowest usable address */ 105 0xffffffffU, /* highest usable address */ 106 0xffffffffU, /* maximum DMAable byte count */ 107 0x4000, /* alignment in bytes */ 108 0x100, /* burst sizes (any?) */ 109 1, /* minimum transfer */ 110 0xffffffffU, /* maximum transfer */ 111 0xffffffffU, /* maximum segment length */ 112 1, /* maximum number of segments */ 113 1, /* granularity */ 114 0, /* flags (reserved) */ 115 }; 116 117 118 /* DMA attributes for a tx cmd */ 119 static ddi_dma_attr_t tx_cmd_dma_attr = { 120 DMA_ATTR_V0, /* version of this structure */ 121 0, /* lowest usable address */ 122 0xffffffffU, /* highest usable address */ 123 0xffffffffU, /* maximum DMAable byte count */ 124 4, /* alignment in bytes */ 125 0x100, /* burst sizes (any?) */ 126 1, /* minimum transfer */ 127 0xffffffffU, /* maximum transfer */ 128 0xffffffffU, /* maximum segment length */ 129 1, /* maximum number of segments */ 130 1, /* granularity */ 131 0, /* flags (reserved) */ 132 }; 133 134 /* DMA attributes for a rx buffer */ 135 static ddi_dma_attr_t rx_buffer_dma_attr = { 136 DMA_ATTR_V0, /* version of this structure */ 137 0, /* lowest usable address */ 138 0xffffffffU, /* highest usable address */ 139 0xffffffffU, /* maximum DMAable byte count */ 140 1, /* alignment in bytes */ 141 0x100, /* burst sizes (any?) */ 142 1, /* minimum transfer */ 143 0xffffffffU, /* maximum transfer */ 144 0xffffffffU, /* maximum segment length */ 145 1, /* maximum number of segments */ 146 1, /* granularity */ 147 0, /* flags (reserved) */ 148 }; 149 150 /* 151 * DMA attributes for a tx buffer. 152 * the maximum number of segments is 4 for the hardware. 153 * now all the wifi drivers put the whole frame in a single 154 * descriptor, so we define the maximum number of segments 4, 155 * just the same as the rx_buffer. we consider leverage the HW 156 * ability in the future, that is why we don't define rx and tx 157 * buffer_dma_attr as the same. 158 */ 159 static ddi_dma_attr_t tx_buffer_dma_attr = { 160 DMA_ATTR_V0, /* version of this structure */ 161 0, /* lowest usable address */ 162 0xffffffffU, /* highest usable address */ 163 0xffffffffU, /* maximum DMAable byte count */ 164 1, /* alignment in bytes */ 165 0x100, /* burst sizes (any?) */ 166 1, /* minimum transfer */ 167 0xffffffffU, /* maximum transfer */ 168 0xffffffffU, /* maximum segment length */ 169 1, /* maximum number of segments */ 170 1, /* granularity */ 171 0, /* flags (reserved) */ 172 }; 173 174 /* DMA attributes for a load firmware */ 175 static ddi_dma_attr_t fw_buffer_dma_attr = { 176 DMA_ATTR_V0, /* version of this structure */ 177 0, /* lowest usable address */ 178 0xffffffffU, /* highest usable address */ 179 0x7fffffff, /* maximum DMAable byte count */ 180 4, /* alignment in bytes */ 181 0x100, /* burst sizes (any?) */ 182 1, /* minimum transfer */ 183 0xffffffffU, /* maximum transfer */ 184 0xffffffffU, /* maximum segment length */ 185 4, /* maximum number of segments */ 186 1, /* granularity */ 187 0, /* flags (reserved) */ 188 }; 189 190 /* regs access attributes */ 191 static ddi_device_acc_attr_t wpi_reg_accattr = { 192 DDI_DEVICE_ATTR_V0, 193 DDI_STRUCTURE_LE_ACC, 194 DDI_STRICTORDER_ACC, 195 DDI_DEFAULT_ACC 196 }; 197 198 /* DMA access attributes */ 199 static ddi_device_acc_attr_t wpi_dma_accattr = { 200 DDI_DEVICE_ATTR_V0, 201 DDI_NEVERSWAP_ACC, 202 DDI_STRICTORDER_ACC, 203 DDI_DEFAULT_ACC 204 }; 205 206 static int wpi_ring_init(wpi_sc_t *); 207 static void wpi_ring_free(wpi_sc_t *); 208 static int wpi_alloc_shared(wpi_sc_t *); 209 static void wpi_free_shared(wpi_sc_t *); 210 static int wpi_alloc_fw_dma(wpi_sc_t *); 211 static void wpi_free_fw_dma(wpi_sc_t *); 212 static int wpi_alloc_rx_ring(wpi_sc_t *); 213 static void wpi_reset_rx_ring(wpi_sc_t *); 214 static void wpi_free_rx_ring(wpi_sc_t *); 215 static int wpi_alloc_tx_ring(wpi_sc_t *, wpi_tx_ring_t *, int, int); 216 static void wpi_reset_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 217 static void wpi_free_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 218 219 static ieee80211_node_t *wpi_node_alloc(ieee80211com_t *); 220 static void wpi_node_free(ieee80211_node_t *); 221 static int wpi_newstate(ieee80211com_t *, enum ieee80211_state, int); 222 static int wpi_key_set(ieee80211com_t *, const struct ieee80211_key *, 223 const uint8_t mac[IEEE80211_ADDR_LEN]); 224 static void wpi_mem_lock(wpi_sc_t *); 225 static void wpi_mem_unlock(wpi_sc_t *); 226 static uint32_t wpi_mem_read(wpi_sc_t *, uint16_t); 227 static void wpi_mem_write(wpi_sc_t *, uint16_t, uint32_t); 228 static void wpi_mem_write_region_4(wpi_sc_t *, uint16_t, 229 const uint32_t *, int); 230 static uint16_t wpi_read_prom_word(wpi_sc_t *, uint32_t); 231 static int wpi_load_microcode(wpi_sc_t *); 232 static int wpi_load_firmware(wpi_sc_t *, uint32_t); 233 static void wpi_rx_intr(wpi_sc_t *, wpi_rx_desc_t *, 234 wpi_rx_data_t *); 235 static void wpi_tx_intr(wpi_sc_t *, wpi_rx_desc_t *, 236 wpi_rx_data_t *); 237 static void wpi_cmd_intr(wpi_sc_t *, wpi_rx_desc_t *); 238 static uint_t wpi_intr(caddr_t); 239 static uint_t wpi_notif_softintr(caddr_t); 240 static uint8_t wpi_plcp_signal(int); 241 static void wpi_read_eeprom(wpi_sc_t *); 242 static int wpi_cmd(wpi_sc_t *, int, const void *, int, int); 243 static int wpi_mrr_setup(wpi_sc_t *); 244 static void wpi_set_led(wpi_sc_t *, uint8_t, uint8_t, uint8_t); 245 static int wpi_auth(wpi_sc_t *); 246 static int wpi_scan(wpi_sc_t *); 247 static int wpi_config(wpi_sc_t *); 248 static void wpi_stop_master(wpi_sc_t *); 249 static int wpi_power_up(wpi_sc_t *); 250 static int wpi_reset(wpi_sc_t *); 251 static void wpi_hw_config(wpi_sc_t *); 252 static int wpi_init(wpi_sc_t *); 253 static void wpi_stop(wpi_sc_t *); 254 static int wpi_quiesce(dev_info_t *dip); 255 static void wpi_amrr_init(wpi_amrr_t *); 256 static void wpi_amrr_timeout(wpi_sc_t *); 257 static void wpi_amrr_ratectl(void *, ieee80211_node_t *); 258 259 static int wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd); 260 static int wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd); 261 262 /* 263 * GLD specific operations 264 */ 265 static int wpi_m_stat(void *arg, uint_t stat, uint64_t *val); 266 static int wpi_m_start(void *arg); 267 static void wpi_m_stop(void *arg); 268 static int wpi_m_unicst(void *arg, const uint8_t *macaddr); 269 static int wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m); 270 static int wpi_m_promisc(void *arg, boolean_t on); 271 static mblk_t *wpi_m_tx(void *arg, mblk_t *mp); 272 static void wpi_m_ioctl(void *arg, queue_t *wq, mblk_t *mp); 273 static int wpi_m_setprop(void *arg, const char *pr_name, 274 mac_prop_id_t wldp_pr_num, uint_t wldp_length, const void *wldp_buf); 275 static int wpi_m_getprop(void *arg, const char *pr_name, 276 mac_prop_id_t wldp_pr_num, uint_t pr_flags, uint_t wldp_lenth, 277 void *wldp_buf, uint_t *); 278 static void wpi_destroy_locks(wpi_sc_t *sc); 279 static int wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type); 280 static void wpi_thread(wpi_sc_t *sc); 281 282 /* 283 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 284 */ 285 static const struct ieee80211_rateset wpi_rateset_11b = 286 { 4, { 2, 4, 11, 22 } }; 287 288 static const struct ieee80211_rateset wpi_rateset_11g = 289 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 290 291 static const uint8_t wpi_ridx_to_signal[] = { 292 /* OFDM: IEEE Std 802.11a-1999, pp. 14 Table 80 */ 293 /* R1-R4 (ral/ural is R4-R1) */ 294 0xd, 0xf, 0x5, 0x7, 0x9, 0xb, 0x1, 0x3, 295 /* CCK: device-dependent */ 296 10, 20, 55, 110 297 }; 298 299 /* 300 * For mfthread only 301 */ 302 extern pri_t minclsyspri; 303 304 /* 305 * Module Loading Data & Entry Points 306 */ 307 DDI_DEFINE_STREAM_OPS(wpi_devops, nulldev, nulldev, wpi_attach, 308 wpi_detach, nodev, NULL, D_MP, NULL, wpi_quiesce); 309 310 static struct modldrv wpi_modldrv = { 311 &mod_driverops, 312 "Intel(R) PRO/Wireless 3945ABG driver", 313 &wpi_devops 314 }; 315 316 static struct modlinkage wpi_modlinkage = { 317 MODREV_1, 318 &wpi_modldrv, 319 NULL 320 }; 321 322 int 323 _init(void) 324 { 325 int status; 326 327 status = ddi_soft_state_init(&wpi_soft_state_p, 328 sizeof (wpi_sc_t), 1); 329 if (status != DDI_SUCCESS) 330 return (status); 331 332 mac_init_ops(&wpi_devops, "wpi"); 333 status = mod_install(&wpi_modlinkage); 334 if (status != DDI_SUCCESS) { 335 mac_fini_ops(&wpi_devops); 336 ddi_soft_state_fini(&wpi_soft_state_p); 337 } 338 339 return (status); 340 } 341 342 int 343 _fini(void) 344 { 345 int status; 346 347 status = mod_remove(&wpi_modlinkage); 348 if (status == DDI_SUCCESS) { 349 mac_fini_ops(&wpi_devops); 350 ddi_soft_state_fini(&wpi_soft_state_p); 351 } 352 353 return (status); 354 } 355 356 int 357 _info(struct modinfo *mip) 358 { 359 return (mod_info(&wpi_modlinkage, mip)); 360 } 361 362 /* 363 * Mac Call Back entries 364 */ 365 mac_callbacks_t wpi_m_callbacks = { 366 MC_IOCTL | MC_SETPROP | MC_GETPROP, 367 wpi_m_stat, 368 wpi_m_start, 369 wpi_m_stop, 370 wpi_m_promisc, 371 wpi_m_multicst, 372 wpi_m_unicst, 373 wpi_m_tx, 374 wpi_m_ioctl, 375 NULL, 376 NULL, 377 NULL, 378 wpi_m_setprop, 379 wpi_m_getprop 380 }; 381 382 #ifdef DEBUG 383 void 384 wpi_dbg(uint32_t flags, const char *fmt, ...) 385 { 386 va_list ap; 387 388 if (flags & wpi_dbg_flags) { 389 va_start(ap, fmt); 390 vcmn_err(CE_NOTE, fmt, ap); 391 va_end(ap); 392 } 393 } 394 #endif 395 /* 396 * device operations 397 */ 398 int 399 wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 400 { 401 wpi_sc_t *sc; 402 ddi_acc_handle_t cfg_handle; 403 caddr_t cfg_base; 404 ieee80211com_t *ic; 405 int instance, err, i; 406 char strbuf[32]; 407 wifi_data_t wd = { 0 }; 408 mac_register_t *macp; 409 410 switch (cmd) { 411 case DDI_ATTACH: 412 break; 413 case DDI_RESUME: 414 sc = ddi_get_soft_state(wpi_soft_state_p, 415 ddi_get_instance(dip)); 416 ASSERT(sc != NULL); 417 mutex_enter(&sc->sc_glock); 418 sc->sc_flags &= ~WPI_F_SUSPEND; 419 mutex_exit(&sc->sc_glock); 420 if (sc->sc_flags & WPI_F_RUNNING) { 421 (void) wpi_init(sc); 422 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 423 } 424 WPI_DBG((WPI_DEBUG_RESUME, "wpi: resume \n")); 425 return (DDI_SUCCESS); 426 default: 427 err = DDI_FAILURE; 428 goto attach_fail1; 429 } 430 431 instance = ddi_get_instance(dip); 432 err = ddi_soft_state_zalloc(wpi_soft_state_p, instance); 433 if (err != DDI_SUCCESS) { 434 cmn_err(CE_WARN, 435 "wpi_attach(): failed to allocate soft state\n"); 436 goto attach_fail1; 437 } 438 sc = ddi_get_soft_state(wpi_soft_state_p, instance); 439 sc->sc_dip = dip; 440 441 err = ddi_regs_map_setup(dip, 0, &cfg_base, 0, 0, 442 &wpi_reg_accattr, &cfg_handle); 443 if (err != DDI_SUCCESS) { 444 cmn_err(CE_WARN, 445 "wpi_attach(): failed to map config spaces regs\n"); 446 goto attach_fail2; 447 } 448 sc->sc_rev = ddi_get8(cfg_handle, 449 (uint8_t *)(cfg_base + PCI_CONF_REVID)); 450 ddi_put8(cfg_handle, (uint8_t *)(cfg_base + 0x41), 0); 451 sc->sc_clsz = ddi_get16(cfg_handle, 452 (uint16_t *)(cfg_base + PCI_CONF_CACHE_LINESZ)); 453 ddi_regs_map_free(&cfg_handle); 454 if (!sc->sc_clsz) 455 sc->sc_clsz = 16; 456 sc->sc_clsz = (sc->sc_clsz << 2); 457 sc->sc_dmabuf_sz = roundup(0x1000 + sizeof (struct ieee80211_frame) + 458 IEEE80211_MTU + IEEE80211_CRC_LEN + 459 (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + 460 IEEE80211_WEP_CRCLEN), sc->sc_clsz); 461 /* 462 * Map operating registers 463 */ 464 err = ddi_regs_map_setup(dip, 1, &sc->sc_base, 465 0, 0, &wpi_reg_accattr, &sc->sc_handle); 466 if (err != DDI_SUCCESS) { 467 cmn_err(CE_WARN, 468 "wpi_attach(): failed to map device regs\n"); 469 goto attach_fail2; 470 } 471 472 /* 473 * Allocate shared page. 474 */ 475 err = wpi_alloc_shared(sc); 476 if (err != DDI_SUCCESS) { 477 cmn_err(CE_WARN, "failed to allocate shared page\n"); 478 goto attach_fail3; 479 } 480 481 /* 482 * Get the hw conf, including MAC address, then init all rings. 483 */ 484 wpi_read_eeprom(sc); 485 err = wpi_ring_init(sc); 486 if (err != DDI_SUCCESS) { 487 cmn_err(CE_WARN, "wpi_attach(): " 488 "failed to allocate and initialize ring\n"); 489 goto attach_fail4; 490 } 491 492 sc->sc_hdr = (const wpi_firmware_hdr_t *)wpi_fw_bin; 493 494 /* firmware image layout: |HDR|<--TEXT-->|<--DATA-->|<--BOOT-->| */ 495 sc->sc_text = (const char *)(sc->sc_hdr + 1); 496 sc->sc_data = sc->sc_text + LE_32(sc->sc_hdr->textsz); 497 sc->sc_boot = sc->sc_data + LE_32(sc->sc_hdr->datasz); 498 err = wpi_alloc_fw_dma(sc); 499 if (err != DDI_SUCCESS) { 500 cmn_err(CE_WARN, "wpi_attach(): " 501 "failed to allocate firmware dma\n"); 502 goto attach_fail5; 503 } 504 505 /* 506 * Initialize mutexs and condvars 507 */ 508 err = ddi_get_iblock_cookie(dip, 0, &sc->sc_iblk); 509 if (err != DDI_SUCCESS) { 510 cmn_err(CE_WARN, 511 "wpi_attach(): failed to do ddi_get_iblock_cookie()\n"); 512 goto attach_fail6; 513 } 514 mutex_init(&sc->sc_glock, NULL, MUTEX_DRIVER, sc->sc_iblk); 515 mutex_init(&sc->sc_tx_lock, NULL, MUTEX_DRIVER, sc->sc_iblk); 516 cv_init(&sc->sc_fw_cv, NULL, CV_DRIVER, NULL); 517 cv_init(&sc->sc_cmd_cv, NULL, CV_DRIVER, NULL); 518 519 /* 520 * initialize the mfthread 521 */ 522 mutex_init(&sc->sc_mt_lock, NULL, MUTEX_DRIVER, 523 (void *) sc->sc_iblk); 524 cv_init(&sc->sc_mt_cv, NULL, CV_DRIVER, NULL); 525 sc->sc_mf_thread = NULL; 526 sc->sc_mf_thread_switch = 0; 527 /* 528 * Initialize the wifi part, which will be used by 529 * generic layer 530 */ 531 ic = &sc->sc_ic; 532 ic->ic_phytype = IEEE80211_T_OFDM; 533 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 534 ic->ic_state = IEEE80211_S_INIT; 535 ic->ic_maxrssi = 70; /* experimental number */ 536 ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_TXPMGT | 537 IEEE80211_C_PMGT | IEEE80211_C_SHSLOT; 538 539 /* 540 * use software WEP and TKIP, hardware CCMP; 541 */ 542 ic->ic_caps |= IEEE80211_C_AES_CCM; 543 ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */ 544 545 /* set supported .11b and .11g rates */ 546 ic->ic_sup_rates[IEEE80211_MODE_11B] = wpi_rateset_11b; 547 ic->ic_sup_rates[IEEE80211_MODE_11G] = wpi_rateset_11g; 548 549 /* set supported .11b and .11g channels (1 through 14) */ 550 for (i = 1; i <= 14; i++) { 551 ic->ic_sup_channels[i].ich_freq = 552 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 553 ic->ic_sup_channels[i].ich_flags = 554 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 555 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ | 556 IEEE80211_CHAN_PASSIVE; 557 } 558 ic->ic_ibss_chan = &ic->ic_sup_channels[0]; 559 ic->ic_xmit = wpi_send; 560 /* 561 * init Wifi layer 562 */ 563 ieee80211_attach(ic); 564 565 /* register WPA door */ 566 ieee80211_register_door(ic, ddi_driver_name(dip), 567 ddi_get_instance(dip)); 568 569 /* 570 * Override 80211 default routines 571 */ 572 sc->sc_newstate = ic->ic_newstate; 573 ic->ic_newstate = wpi_newstate; 574 ic->ic_node_alloc = wpi_node_alloc; 575 ic->ic_node_free = wpi_node_free; 576 ic->ic_crypto.cs_key_set = wpi_key_set; 577 ieee80211_media_init(ic); 578 /* 579 * initialize default tx key 580 */ 581 ic->ic_def_txkey = 0; 582 583 err = ddi_add_softintr(dip, DDI_SOFTINT_LOW, 584 &sc->sc_notif_softint_id, &sc->sc_iblk, NULL, wpi_notif_softintr, 585 (caddr_t)sc); 586 if (err != DDI_SUCCESS) { 587 cmn_err(CE_WARN, 588 "wpi_attach(): failed to do ddi_add_softintr()\n"); 589 goto attach_fail7; 590 } 591 592 /* 593 * Add the interrupt handler 594 */ 595 err = ddi_add_intr(dip, 0, &sc->sc_iblk, NULL, 596 wpi_intr, (caddr_t)sc); 597 if (err != DDI_SUCCESS) { 598 cmn_err(CE_WARN, 599 "wpi_attach(): failed to do ddi_add_intr()\n"); 600 goto attach_fail8; 601 } 602 603 /* 604 * Initialize pointer to device specific functions 605 */ 606 wd.wd_secalloc = WIFI_SEC_NONE; 607 wd.wd_opmode = ic->ic_opmode; 608 IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_macaddr); 609 610 macp = mac_alloc(MAC_VERSION); 611 if (err != DDI_SUCCESS) { 612 cmn_err(CE_WARN, 613 "wpi_attach(): failed to do mac_alloc()\n"); 614 goto attach_fail9; 615 } 616 617 macp->m_type_ident = MAC_PLUGIN_IDENT_WIFI; 618 macp->m_driver = sc; 619 macp->m_dip = dip; 620 macp->m_src_addr = ic->ic_macaddr; 621 macp->m_callbacks = &wpi_m_callbacks; 622 macp->m_min_sdu = 0; 623 macp->m_max_sdu = IEEE80211_MTU; 624 macp->m_pdata = &wd; 625 macp->m_pdata_size = sizeof (wd); 626 627 /* 628 * Register the macp to mac 629 */ 630 err = mac_register(macp, &ic->ic_mach); 631 mac_free(macp); 632 if (err != DDI_SUCCESS) { 633 cmn_err(CE_WARN, 634 "wpi_attach(): failed to do mac_register()\n"); 635 goto attach_fail9; 636 } 637 638 /* 639 * Create minor node of type DDI_NT_NET_WIFI 640 */ 641 (void) snprintf(strbuf, sizeof (strbuf), "wpi%d", instance); 642 err = ddi_create_minor_node(dip, strbuf, S_IFCHR, 643 instance + 1, DDI_NT_NET_WIFI, 0); 644 if (err != DDI_SUCCESS) 645 cmn_err(CE_WARN, 646 "wpi_attach(): failed to do ddi_create_minor_node()\n"); 647 648 /* 649 * Notify link is down now 650 */ 651 mac_link_update(ic->ic_mach, LINK_STATE_DOWN); 652 653 /* 654 * create the mf thread to handle the link status, 655 * recovery fatal error, etc. 656 */ 657 658 sc->sc_mf_thread_switch = 1; 659 if (sc->sc_mf_thread == NULL) 660 sc->sc_mf_thread = thread_create((caddr_t)NULL, 0, 661 wpi_thread, sc, 0, &p0, TS_RUN, minclsyspri); 662 663 sc->sc_flags |= WPI_F_ATTACHED; 664 665 return (DDI_SUCCESS); 666 attach_fail9: 667 ddi_remove_intr(dip, 0, sc->sc_iblk); 668 attach_fail8: 669 ddi_remove_softintr(sc->sc_notif_softint_id); 670 sc->sc_notif_softint_id = NULL; 671 attach_fail7: 672 ieee80211_detach(ic); 673 wpi_destroy_locks(sc); 674 attach_fail6: 675 wpi_free_fw_dma(sc); 676 attach_fail5: 677 wpi_ring_free(sc); 678 attach_fail4: 679 wpi_free_shared(sc); 680 attach_fail3: 681 ddi_regs_map_free(&sc->sc_handle); 682 attach_fail2: 683 ddi_soft_state_free(wpi_soft_state_p, instance); 684 attach_fail1: 685 return (err); 686 } 687 688 int 689 wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 690 { 691 wpi_sc_t *sc; 692 int err; 693 694 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 695 ASSERT(sc != NULL); 696 697 switch (cmd) { 698 case DDI_DETACH: 699 break; 700 case DDI_SUSPEND: 701 if (sc->sc_flags & WPI_F_RUNNING) { 702 wpi_stop(sc); 703 } 704 mutex_enter(&sc->sc_glock); 705 sc->sc_flags |= WPI_F_SUSPEND; 706 mutex_exit(&sc->sc_glock); 707 WPI_DBG((WPI_DEBUG_RESUME, "wpi: suspend \n")); 708 return (DDI_SUCCESS); 709 default: 710 return (DDI_FAILURE); 711 } 712 if (!(sc->sc_flags & WPI_F_ATTACHED)) 713 return (DDI_FAILURE); 714 715 err = mac_disable(sc->sc_ic.ic_mach); 716 if (err != DDI_SUCCESS) 717 return (err); 718 719 /* 720 * Destroy the mf_thread 721 */ 722 mutex_enter(&sc->sc_mt_lock); 723 sc->sc_mf_thread_switch = 0; 724 while (sc->sc_mf_thread != NULL) { 725 if (cv_wait_sig(&sc->sc_mt_cv, &sc->sc_mt_lock) == 0) 726 break; 727 } 728 mutex_exit(&sc->sc_mt_lock); 729 730 wpi_stop(sc); 731 732 /* 733 * Unregiste from the MAC layer subsystem 734 */ 735 (void) mac_unregister(sc->sc_ic.ic_mach); 736 737 mutex_enter(&sc->sc_glock); 738 wpi_free_fw_dma(sc); 739 wpi_ring_free(sc); 740 wpi_free_shared(sc); 741 mutex_exit(&sc->sc_glock); 742 743 ddi_remove_intr(dip, 0, sc->sc_iblk); 744 ddi_remove_softintr(sc->sc_notif_softint_id); 745 sc->sc_notif_softint_id = NULL; 746 747 /* 748 * detach ieee80211 749 */ 750 ieee80211_detach(&sc->sc_ic); 751 752 wpi_destroy_locks(sc); 753 754 ddi_regs_map_free(&sc->sc_handle); 755 ddi_remove_minor_node(dip, NULL); 756 ddi_soft_state_free(wpi_soft_state_p, ddi_get_instance(dip)); 757 758 return (DDI_SUCCESS); 759 } 760 761 static void 762 wpi_destroy_locks(wpi_sc_t *sc) 763 { 764 cv_destroy(&sc->sc_mt_cv); 765 mutex_destroy(&sc->sc_mt_lock); 766 cv_destroy(&sc->sc_cmd_cv); 767 cv_destroy(&sc->sc_fw_cv); 768 mutex_destroy(&sc->sc_tx_lock); 769 mutex_destroy(&sc->sc_glock); 770 } 771 772 /* 773 * Allocate an area of memory and a DMA handle for accessing it 774 */ 775 static int 776 wpi_alloc_dma_mem(wpi_sc_t *sc, size_t memsize, ddi_dma_attr_t *dma_attr_p, 777 ddi_device_acc_attr_t *acc_attr_p, uint_t dma_flags, wpi_dma_t *dma_p) 778 { 779 caddr_t vaddr; 780 int err; 781 782 /* 783 * Allocate handle 784 */ 785 err = ddi_dma_alloc_handle(sc->sc_dip, dma_attr_p, 786 DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl); 787 if (err != DDI_SUCCESS) { 788 dma_p->dma_hdl = NULL; 789 return (DDI_FAILURE); 790 } 791 792 /* 793 * Allocate memory 794 */ 795 err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, acc_attr_p, 796 dma_flags & (DDI_DMA_CONSISTENT | DDI_DMA_STREAMING), 797 DDI_DMA_SLEEP, NULL, &vaddr, &dma_p->alength, &dma_p->acc_hdl); 798 if (err != DDI_SUCCESS) { 799 ddi_dma_free_handle(&dma_p->dma_hdl); 800 dma_p->dma_hdl = NULL; 801 dma_p->acc_hdl = NULL; 802 return (DDI_FAILURE); 803 } 804 805 /* 806 * Bind the two together 807 */ 808 dma_p->mem_va = vaddr; 809 err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL, 810 vaddr, dma_p->alength, dma_flags, DDI_DMA_SLEEP, NULL, 811 &dma_p->cookie, &dma_p->ncookies); 812 if (err != DDI_DMA_MAPPED) { 813 ddi_dma_mem_free(&dma_p->acc_hdl); 814 ddi_dma_free_handle(&dma_p->dma_hdl); 815 dma_p->acc_hdl = NULL; 816 dma_p->dma_hdl = NULL; 817 return (DDI_FAILURE); 818 } 819 820 dma_p->nslots = ~0U; 821 dma_p->size = ~0U; 822 dma_p->token = ~0U; 823 dma_p->offset = 0; 824 return (DDI_SUCCESS); 825 } 826 827 /* 828 * Free one allocated area of DMAable memory 829 */ 830 static void 831 wpi_free_dma_mem(wpi_dma_t *dma_p) 832 { 833 if (dma_p->dma_hdl != NULL) { 834 if (dma_p->ncookies) { 835 (void) ddi_dma_unbind_handle(dma_p->dma_hdl); 836 dma_p->ncookies = 0; 837 } 838 ddi_dma_free_handle(&dma_p->dma_hdl); 839 dma_p->dma_hdl = NULL; 840 } 841 842 if (dma_p->acc_hdl != NULL) { 843 ddi_dma_mem_free(&dma_p->acc_hdl); 844 dma_p->acc_hdl = NULL; 845 } 846 } 847 848 /* 849 * Allocate an area of dma memory for firmware load. 850 * Idealy, this allocation should be a one time action, that is, 851 * the memory will be freed after the firmware is uploaded to the 852 * card. but since a recovery mechanism for the fatal firmware need 853 * reload the firmware, and re-allocate dma at run time may be failed, 854 * so we allocate it at attach and keep it in the whole lifecycle of 855 * the driver. 856 */ 857 static int 858 wpi_alloc_fw_dma(wpi_sc_t *sc) 859 { 860 int i, err = DDI_SUCCESS; 861 wpi_dma_t *dma_p; 862 863 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->textsz), 864 &fw_buffer_dma_attr, &wpi_dma_accattr, 865 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 866 &sc->sc_dma_fw_text); 867 dma_p = &sc->sc_dma_fw_text; 868 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 869 dma_p->ncookies, dma_p->cookie.dmac_address, 870 dma_p->cookie.dmac_size)); 871 if (err != DDI_SUCCESS) { 872 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 873 "text dma memory"); 874 goto fail; 875 } 876 for (i = 0; i < dma_p->ncookies; i++) { 877 sc->sc_fw_text_cookie[i] = dma_p->cookie; 878 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 879 } 880 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz), 881 &fw_buffer_dma_attr, &wpi_dma_accattr, 882 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 883 &sc->sc_dma_fw_data); 884 dma_p = &sc->sc_dma_fw_data; 885 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 886 dma_p->ncookies, dma_p->cookie.dmac_address, 887 dma_p->cookie.dmac_size)); 888 if (err != DDI_SUCCESS) { 889 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 890 "data dma memory"); 891 goto fail; 892 } 893 for (i = 0; i < dma_p->ncookies; i++) { 894 sc->sc_fw_data_cookie[i] = dma_p->cookie; 895 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 896 } 897 fail: 898 return (err); 899 } 900 901 static void 902 wpi_free_fw_dma(wpi_sc_t *sc) 903 { 904 wpi_free_dma_mem(&sc->sc_dma_fw_text); 905 wpi_free_dma_mem(&sc->sc_dma_fw_data); 906 } 907 908 /* 909 * Allocate a shared page between host and NIC. 910 */ 911 static int 912 wpi_alloc_shared(wpi_sc_t *sc) 913 { 914 int err = DDI_SUCCESS; 915 916 /* must be aligned on a 4K-page boundary */ 917 err = wpi_alloc_dma_mem(sc, sizeof (wpi_shared_t), 918 &sh_dma_attr, &wpi_dma_accattr, 919 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 920 &sc->sc_dma_sh); 921 if (err != DDI_SUCCESS) 922 goto fail; 923 sc->sc_shared = (wpi_shared_t *)sc->sc_dma_sh.mem_va; 924 return (err); 925 926 fail: 927 wpi_free_shared(sc); 928 return (err); 929 } 930 931 static void 932 wpi_free_shared(wpi_sc_t *sc) 933 { 934 wpi_free_dma_mem(&sc->sc_dma_sh); 935 } 936 937 static int 938 wpi_alloc_rx_ring(wpi_sc_t *sc) 939 { 940 wpi_rx_ring_t *ring; 941 wpi_rx_data_t *data; 942 int i, err = DDI_SUCCESS; 943 944 ring = &sc->sc_rxq; 945 ring->cur = 0; 946 947 err = wpi_alloc_dma_mem(sc, WPI_RX_RING_COUNT * sizeof (uint32_t), 948 &ring_desc_dma_attr, &wpi_dma_accattr, 949 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 950 &ring->dma_desc); 951 if (err != DDI_SUCCESS) { 952 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring desc failed\n")); 953 goto fail; 954 } 955 ring->desc = (uint32_t *)ring->dma_desc.mem_va; 956 957 /* 958 * Allocate Rx buffers. 959 */ 960 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 961 data = &ring->data[i]; 962 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 963 &rx_buffer_dma_attr, &wpi_dma_accattr, 964 DDI_DMA_READ | DDI_DMA_STREAMING, 965 &data->dma_data); 966 if (err != DDI_SUCCESS) { 967 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring buf[%d] " 968 "failed\n", i)); 969 goto fail; 970 } 971 972 ring->desc[i] = LE_32(data->dma_data.cookie.dmac_address); 973 } 974 975 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 976 977 return (err); 978 979 fail: 980 wpi_free_rx_ring(sc); 981 return (err); 982 } 983 984 static void 985 wpi_reset_rx_ring(wpi_sc_t *sc) 986 { 987 int ntries; 988 989 wpi_mem_lock(sc); 990 991 WPI_WRITE(sc, WPI_RX_CONFIG, 0); 992 for (ntries = 0; ntries < 2000; ntries++) { 993 if (WPI_READ(sc, WPI_RX_STATUS) & WPI_RX_IDLE) 994 break; 995 DELAY(1000); 996 } 997 if (ntries == 2000) 998 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Rx ring\n")); 999 1000 wpi_mem_unlock(sc); 1001 1002 sc->sc_rxq.cur = 0; 1003 } 1004 1005 static void 1006 wpi_free_rx_ring(wpi_sc_t *sc) 1007 { 1008 int i; 1009 1010 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1011 if (sc->sc_rxq.data[i].dma_data.dma_hdl) 1012 WPI_DMA_SYNC(sc->sc_rxq.data[i].dma_data, 1013 DDI_DMA_SYNC_FORCPU); 1014 wpi_free_dma_mem(&sc->sc_rxq.data[i].dma_data); 1015 } 1016 1017 if (sc->sc_rxq.dma_desc.dma_hdl) 1018 WPI_DMA_SYNC(sc->sc_rxq.dma_desc, DDI_DMA_SYNC_FORDEV); 1019 wpi_free_dma_mem(&sc->sc_rxq.dma_desc); 1020 } 1021 1022 static int 1023 wpi_alloc_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring, int count, int qid) 1024 { 1025 wpi_tx_data_t *data; 1026 wpi_tx_desc_t *desc_h; 1027 uint32_t paddr_desc_h; 1028 wpi_tx_cmd_t *cmd_h; 1029 uint32_t paddr_cmd_h; 1030 int i, err = DDI_SUCCESS; 1031 1032 ring->qid = qid; 1033 ring->count = count; 1034 ring->queued = 0; 1035 ring->cur = 0; 1036 1037 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_desc_t), 1038 &ring_desc_dma_attr, &wpi_dma_accattr, 1039 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1040 &ring->dma_desc); 1041 if (err != DDI_SUCCESS) { 1042 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring desc[%d] failed\n", 1043 qid)); 1044 goto fail; 1045 } 1046 1047 /* update shared page with ring's base address */ 1048 sc->sc_shared->txbase[qid] = ring->dma_desc.cookie.dmac_address; 1049 1050 desc_h = (wpi_tx_desc_t *)ring->dma_desc.mem_va; 1051 paddr_desc_h = ring->dma_desc.cookie.dmac_address; 1052 1053 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_cmd_t), 1054 &tx_cmd_dma_attr, &wpi_dma_accattr, 1055 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1056 &ring->dma_cmd); 1057 if (err != DDI_SUCCESS) { 1058 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring cmd[%d] failed\n", 1059 qid)); 1060 goto fail; 1061 } 1062 1063 cmd_h = (wpi_tx_cmd_t *)ring->dma_cmd.mem_va; 1064 paddr_cmd_h = ring->dma_cmd.cookie.dmac_address; 1065 1066 /* 1067 * Allocate Tx buffers. 1068 */ 1069 ring->data = kmem_zalloc(sizeof (wpi_tx_data_t) * count, KM_NOSLEEP); 1070 if (ring->data == NULL) { 1071 WPI_DBG((WPI_DEBUG_DMA, "could not allocate tx data slots\n")); 1072 goto fail; 1073 } 1074 1075 for (i = 0; i < count; i++) { 1076 data = &ring->data[i]; 1077 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 1078 &tx_buffer_dma_attr, &wpi_dma_accattr, 1079 DDI_DMA_WRITE | DDI_DMA_STREAMING, 1080 &data->dma_data); 1081 if (err != DDI_SUCCESS) { 1082 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring buf[%d] " 1083 "failed\n", i)); 1084 goto fail; 1085 } 1086 1087 data->desc = desc_h + i; 1088 data->paddr_desc = paddr_desc_h + 1089 ((uintptr_t)data->desc - (uintptr_t)desc_h); 1090 data->cmd = cmd_h + i; 1091 data->paddr_cmd = paddr_cmd_h + 1092 ((uintptr_t)data->cmd - (uintptr_t)cmd_h); 1093 } 1094 1095 return (err); 1096 1097 fail: 1098 wpi_free_tx_ring(sc, ring); 1099 return (err); 1100 } 1101 1102 static void 1103 wpi_reset_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1104 { 1105 wpi_tx_data_t *data; 1106 int i, ntries; 1107 1108 wpi_mem_lock(sc); 1109 1110 WPI_WRITE(sc, WPI_TX_CONFIG(ring->qid), 0); 1111 for (ntries = 0; ntries < 100; ntries++) { 1112 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(ring->qid)) 1113 break; 1114 DELAY(10); 1115 } 1116 #ifdef DEBUG 1117 if (ntries == 100 && wpi_dbg_flags > 0) { 1118 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Tx ring %d\n", 1119 ring->qid)); 1120 } 1121 #endif 1122 wpi_mem_unlock(sc); 1123 1124 if (!(sc->sc_flags & WPI_F_QUIESCED)) { 1125 for (i = 0; i < ring->count; i++) { 1126 data = &ring->data[i]; 1127 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 1128 } 1129 } 1130 1131 ring->queued = 0; 1132 ring->cur = 0; 1133 } 1134 1135 /*ARGSUSED*/ 1136 static void 1137 wpi_free_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1138 { 1139 int i; 1140 1141 if (ring->dma_desc.dma_hdl != NULL) 1142 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 1143 wpi_free_dma_mem(&ring->dma_desc); 1144 1145 if (ring->dma_cmd.dma_hdl != NULL) 1146 WPI_DMA_SYNC(ring->dma_cmd, DDI_DMA_SYNC_FORDEV); 1147 wpi_free_dma_mem(&ring->dma_cmd); 1148 1149 if (ring->data != NULL) { 1150 for (i = 0; i < ring->count; i++) { 1151 if (ring->data[i].dma_data.dma_hdl) 1152 WPI_DMA_SYNC(ring->data[i].dma_data, 1153 DDI_DMA_SYNC_FORDEV); 1154 wpi_free_dma_mem(&ring->data[i].dma_data); 1155 } 1156 kmem_free(ring->data, ring->count * sizeof (wpi_tx_data_t)); 1157 ring->data = NULL; 1158 } 1159 } 1160 1161 static int 1162 wpi_ring_init(wpi_sc_t *sc) 1163 { 1164 int i, err = DDI_SUCCESS; 1165 1166 for (i = 0; i < 4; i++) { 1167 err = wpi_alloc_tx_ring(sc, &sc->sc_txq[i], WPI_TX_RING_COUNT, 1168 i); 1169 if (err != DDI_SUCCESS) 1170 goto fail; 1171 } 1172 err = wpi_alloc_tx_ring(sc, &sc->sc_cmdq, WPI_CMD_RING_COUNT, 4); 1173 if (err != DDI_SUCCESS) 1174 goto fail; 1175 err = wpi_alloc_tx_ring(sc, &sc->sc_svcq, WPI_SVC_RING_COUNT, 5); 1176 if (err != DDI_SUCCESS) 1177 goto fail; 1178 err = wpi_alloc_rx_ring(sc); 1179 if (err != DDI_SUCCESS) 1180 goto fail; 1181 return (err); 1182 1183 fail: 1184 return (err); 1185 } 1186 1187 static void 1188 wpi_ring_free(wpi_sc_t *sc) 1189 { 1190 int i = 4; 1191 1192 wpi_free_rx_ring(sc); 1193 wpi_free_tx_ring(sc, &sc->sc_svcq); 1194 wpi_free_tx_ring(sc, &sc->sc_cmdq); 1195 while (--i >= 0) { 1196 wpi_free_tx_ring(sc, &sc->sc_txq[i]); 1197 } 1198 } 1199 1200 /* ARGSUSED */ 1201 static ieee80211_node_t * 1202 wpi_node_alloc(ieee80211com_t *ic) 1203 { 1204 wpi_amrr_t *amrr; 1205 1206 amrr = kmem_zalloc(sizeof (wpi_amrr_t), KM_SLEEP); 1207 if (amrr != NULL) 1208 wpi_amrr_init(amrr); 1209 return (&amrr->in); 1210 } 1211 1212 static void 1213 wpi_node_free(ieee80211_node_t *in) 1214 { 1215 ieee80211com_t *ic = in->in_ic; 1216 1217 ic->ic_node_cleanup(in); 1218 if (in->in_wpa_ie != NULL) 1219 ieee80211_free(in->in_wpa_ie); 1220 kmem_free(in, sizeof (wpi_amrr_t)); 1221 } 1222 1223 /*ARGSUSED*/ 1224 static int 1225 wpi_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg) 1226 { 1227 wpi_sc_t *sc = (wpi_sc_t *)ic; 1228 ieee80211_node_t *in = ic->ic_bss; 1229 enum ieee80211_state ostate; 1230 int i, err = WPI_SUCCESS; 1231 1232 mutex_enter(&sc->sc_glock); 1233 ostate = ic->ic_state; 1234 switch (nstate) { 1235 case IEEE80211_S_SCAN: 1236 switch (ostate) { 1237 case IEEE80211_S_INIT: 1238 { 1239 wpi_node_t node; 1240 1241 sc->sc_flags |= WPI_F_SCANNING; 1242 sc->sc_scan_next = 0; 1243 1244 /* make the link LED blink while we're scanning */ 1245 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1246 1247 /* 1248 * clear association to receive beacons from all 1249 * BSS'es 1250 */ 1251 sc->sc_config.state = 0; 1252 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1253 1254 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x " 1255 "filter %x\n", 1256 sc->sc_config.chan, sc->sc_config.flags, 1257 sc->sc_config.filter)); 1258 1259 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1260 sizeof (wpi_config_t), 1); 1261 if (err != WPI_SUCCESS) { 1262 cmn_err(CE_WARN, 1263 "could not clear association\n"); 1264 sc->sc_flags &= ~WPI_F_SCANNING; 1265 mutex_exit(&sc->sc_glock); 1266 return (err); 1267 } 1268 1269 /* add broadcast node to send probe request */ 1270 (void) memset(&node, 0, sizeof (node)); 1271 (void) memset(&node.bssid, 0xff, IEEE80211_ADDR_LEN); 1272 node.id = WPI_ID_BROADCAST; 1273 1274 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, 1275 sizeof (node), 1); 1276 if (err != WPI_SUCCESS) { 1277 cmn_err(CE_WARN, 1278 "could not add broadcast node\n"); 1279 sc->sc_flags &= ~WPI_F_SCANNING; 1280 mutex_exit(&sc->sc_glock); 1281 return (err); 1282 } 1283 break; 1284 } 1285 case IEEE80211_S_SCAN: 1286 mutex_exit(&sc->sc_glock); 1287 /* step to next channel before actual FW scan */ 1288 err = sc->sc_newstate(ic, nstate, arg); 1289 mutex_enter(&sc->sc_glock); 1290 if ((err != 0) || ((err = wpi_scan(sc)) != 0)) { 1291 cmn_err(CE_WARN, 1292 "could not initiate scan\n"); 1293 sc->sc_flags &= ~WPI_F_SCANNING; 1294 ieee80211_cancel_scan(ic); 1295 } 1296 mutex_exit(&sc->sc_glock); 1297 return (err); 1298 default: 1299 break; 1300 } 1301 sc->sc_clk = 0; 1302 break; 1303 1304 case IEEE80211_S_AUTH: 1305 if (ostate == IEEE80211_S_SCAN) { 1306 sc->sc_flags &= ~WPI_F_SCANNING; 1307 } 1308 1309 /* reset state to handle reassociations correctly */ 1310 sc->sc_config.state = 0; 1311 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1312 1313 if ((err = wpi_auth(sc)) != 0) { 1314 WPI_DBG((WPI_DEBUG_80211, 1315 "could not send authentication request\n")); 1316 mutex_exit(&sc->sc_glock); 1317 return (err); 1318 } 1319 break; 1320 1321 case IEEE80211_S_RUN: 1322 if (ostate == IEEE80211_S_SCAN) { 1323 sc->sc_flags &= ~WPI_F_SCANNING; 1324 } 1325 1326 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1327 /* link LED blinks while monitoring */ 1328 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 1329 break; 1330 } 1331 1332 if (ic->ic_opmode != IEEE80211_M_STA) { 1333 (void) wpi_auth(sc); 1334 /* need setup beacon here */ 1335 } 1336 WPI_DBG((WPI_DEBUG_80211, "wpi: associated.")); 1337 1338 /* update adapter's configuration */ 1339 sc->sc_config.state = LE_16(WPI_CONFIG_ASSOCIATED); 1340 /* short preamble/slot time are negotiated when associating */ 1341 sc->sc_config.flags &= ~LE_32(WPI_CONFIG_SHPREAMBLE | 1342 WPI_CONFIG_SHSLOT); 1343 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1344 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHSLOT); 1345 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1346 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHPREAMBLE); 1347 sc->sc_config.filter |= LE_32(WPI_FILTER_BSS); 1348 if (ic->ic_opmode != IEEE80211_M_STA) 1349 sc->sc_config.filter |= LE_32(WPI_FILTER_BEACON); 1350 1351 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x\n", 1352 sc->sc_config.chan, sc->sc_config.flags)); 1353 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1354 sizeof (wpi_config_t), 1); 1355 if (err != WPI_SUCCESS) { 1356 WPI_DBG((WPI_DEBUG_80211, 1357 "could not update configuration\n")); 1358 mutex_exit(&sc->sc_glock); 1359 return (err); 1360 } 1361 1362 /* start automatic rate control */ 1363 mutex_enter(&sc->sc_mt_lock); 1364 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1365 sc->sc_flags |= WPI_F_RATE_AUTO_CTL; 1366 /* set rate to some reasonable initial value */ 1367 i = in->in_rates.ir_nrates - 1; 1368 while (i > 0 && IEEE80211_RATE(i) > 72) 1369 i--; 1370 in->in_txrate = i; 1371 } else { 1372 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 1373 } 1374 mutex_exit(&sc->sc_mt_lock); 1375 1376 /* link LED always on while associated */ 1377 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 1378 break; 1379 1380 case IEEE80211_S_INIT: 1381 sc->sc_flags &= ~WPI_F_SCANNING; 1382 break; 1383 1384 case IEEE80211_S_ASSOC: 1385 sc->sc_flags &= ~WPI_F_SCANNING; 1386 break; 1387 } 1388 1389 mutex_exit(&sc->sc_glock); 1390 return (sc->sc_newstate(ic, nstate, arg)); 1391 } 1392 1393 /*ARGSUSED*/ 1394 static int wpi_key_set(ieee80211com_t *ic, const struct ieee80211_key *k, 1395 const uint8_t mac[IEEE80211_ADDR_LEN]) 1396 { 1397 wpi_sc_t *sc = (wpi_sc_t *)ic; 1398 wpi_node_t node; 1399 int err; 1400 1401 switch (k->wk_cipher->ic_cipher) { 1402 case IEEE80211_CIPHER_WEP: 1403 case IEEE80211_CIPHER_TKIP: 1404 return (1); /* sofeware do it. */ 1405 case IEEE80211_CIPHER_AES_CCM: 1406 break; 1407 default: 1408 return (0); 1409 } 1410 sc->sc_config.filter &= ~(WPI_FILTER_NODECRYPTUNI | 1411 WPI_FILTER_NODECRYPTMUL); 1412 1413 mutex_enter(&sc->sc_glock); 1414 1415 /* update ap/multicast node */ 1416 (void) memset(&node, 0, sizeof (node)); 1417 if (IEEE80211_IS_MULTICAST(mac)) { 1418 (void) memset(node.bssid, 0xff, 6); 1419 node.id = WPI_ID_BROADCAST; 1420 } else { 1421 IEEE80211_ADDR_COPY(node.bssid, ic->ic_bss->in_bssid); 1422 node.id = WPI_ID_BSS; 1423 } 1424 if (k->wk_flags & IEEE80211_KEY_XMIT) { 1425 node.key_flags = 0; 1426 node.keyp = k->wk_keyix; 1427 } else { 1428 node.key_flags = (1 << 14); 1429 node.keyp = k->wk_keyix + 4; 1430 } 1431 (void) memcpy(node.key, k->wk_key, k->wk_keylen); 1432 node.key_flags |= (2 | (1 << 3) | (k->wk_keyix << 8)); 1433 node.sta_mask = 1; 1434 node.control = 1; 1435 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 1436 if (err != WPI_SUCCESS) { 1437 cmn_err(CE_WARN, "wpi_key_set():" 1438 "failed to update ap node\n"); 1439 mutex_exit(&sc->sc_glock); 1440 return (0); 1441 } 1442 mutex_exit(&sc->sc_glock); 1443 return (1); 1444 } 1445 1446 /* 1447 * Grab exclusive access to NIC memory. 1448 */ 1449 static void 1450 wpi_mem_lock(wpi_sc_t *sc) 1451 { 1452 uint32_t tmp; 1453 int ntries; 1454 1455 tmp = WPI_READ(sc, WPI_GPIO_CTL); 1456 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_MAC); 1457 1458 /* spin until we actually get the lock */ 1459 for (ntries = 0; ntries < 1000; ntries++) { 1460 if ((WPI_READ(sc, WPI_GPIO_CTL) & 1461 (WPI_GPIO_CLOCK | WPI_GPIO_SLEEP)) == WPI_GPIO_CLOCK) 1462 break; 1463 DELAY(10); 1464 } 1465 if (ntries == 1000) 1466 WPI_DBG((WPI_DEBUG_PIO, "could not lock memory\n")); 1467 } 1468 1469 /* 1470 * Release lock on NIC memory. 1471 */ 1472 static void 1473 wpi_mem_unlock(wpi_sc_t *sc) 1474 { 1475 uint32_t tmp = WPI_READ(sc, WPI_GPIO_CTL); 1476 WPI_WRITE(sc, WPI_GPIO_CTL, tmp & ~WPI_GPIO_MAC); 1477 } 1478 1479 static uint32_t 1480 wpi_mem_read(wpi_sc_t *sc, uint16_t addr) 1481 { 1482 WPI_WRITE(sc, WPI_READ_MEM_ADDR, WPI_MEM_4 | addr); 1483 return (WPI_READ(sc, WPI_READ_MEM_DATA)); 1484 } 1485 1486 static void 1487 wpi_mem_write(wpi_sc_t *sc, uint16_t addr, uint32_t data) 1488 { 1489 WPI_WRITE(sc, WPI_WRITE_MEM_ADDR, WPI_MEM_4 | addr); 1490 WPI_WRITE(sc, WPI_WRITE_MEM_DATA, data); 1491 } 1492 1493 static void 1494 wpi_mem_write_region_4(wpi_sc_t *sc, uint16_t addr, 1495 const uint32_t *data, int wlen) 1496 { 1497 for (; wlen > 0; wlen--, data++, addr += 4) 1498 wpi_mem_write(sc, addr, *data); 1499 } 1500 1501 /* 1502 * Read 16 bits from the EEPROM. We access EEPROM through the MAC instead of 1503 * using the traditional bit-bang method. 1504 */ 1505 static uint16_t 1506 wpi_read_prom_word(wpi_sc_t *sc, uint32_t addr) 1507 { 1508 uint32_t val; 1509 int ntries; 1510 1511 WPI_WRITE(sc, WPI_EEPROM_CTL, addr << 2); 1512 1513 wpi_mem_lock(sc); 1514 for (ntries = 0; ntries < 10; ntries++) { 1515 if ((val = WPI_READ(sc, WPI_EEPROM_CTL)) & WPI_EEPROM_READY) 1516 break; 1517 DELAY(10); 1518 } 1519 wpi_mem_unlock(sc); 1520 1521 if (ntries == 10) { 1522 WPI_DBG((WPI_DEBUG_PIO, "could not read EEPROM\n")); 1523 return (0xdead); 1524 } 1525 return (val >> 16); 1526 } 1527 1528 /* 1529 * The firmware boot code is small and is intended to be copied directly into 1530 * the NIC internal memory. 1531 */ 1532 static int 1533 wpi_load_microcode(wpi_sc_t *sc) 1534 { 1535 const char *ucode; 1536 int size; 1537 1538 ucode = sc->sc_boot; 1539 size = LE_32(sc->sc_hdr->bootsz); 1540 /* check that microcode size is a multiple of 4 */ 1541 if (size & 3) 1542 return (EINVAL); 1543 1544 size /= sizeof (uint32_t); 1545 1546 wpi_mem_lock(sc); 1547 1548 /* copy microcode image into NIC memory */ 1549 wpi_mem_write_region_4(sc, WPI_MEM_UCODE_BASE, (const uint32_t *)ucode, 1550 size); 1551 1552 wpi_mem_write(sc, WPI_MEM_UCODE_SRC, 0); 1553 wpi_mem_write(sc, WPI_MEM_UCODE_DST, WPI_FW_TEXT); 1554 wpi_mem_write(sc, WPI_MEM_UCODE_SIZE, size); 1555 1556 /* run microcode */ 1557 wpi_mem_write(sc, WPI_MEM_UCODE_CTL, WPI_UC_RUN); 1558 1559 wpi_mem_unlock(sc); 1560 1561 return (WPI_SUCCESS); 1562 } 1563 1564 /* 1565 * The firmware text and data segments are transferred to the NIC using DMA. 1566 * The driver just copies the firmware into DMA-safe memory and tells the NIC 1567 * where to find it. Once the NIC has copied the firmware into its internal 1568 * memory, we can free our local copy in the driver. 1569 */ 1570 static int 1571 wpi_load_firmware(wpi_sc_t *sc, uint32_t target) 1572 { 1573 const char *fw; 1574 int size; 1575 wpi_dma_t *dma_p; 1576 ddi_dma_cookie_t *cookie; 1577 wpi_tx_desc_t desc; 1578 int i, ntries, err = WPI_SUCCESS; 1579 1580 /* only text and data here */ 1581 if (target == WPI_FW_TEXT) { 1582 fw = sc->sc_text; 1583 size = LE_32(sc->sc_hdr->textsz); 1584 dma_p = &sc->sc_dma_fw_text; 1585 cookie = sc->sc_fw_text_cookie; 1586 } else { 1587 fw = sc->sc_data; 1588 size = LE_32(sc->sc_hdr->datasz); 1589 dma_p = &sc->sc_dma_fw_data; 1590 cookie = sc->sc_fw_data_cookie; 1591 } 1592 1593 /* copy firmware image to DMA-safe memory */ 1594 (void) memcpy(dma_p->mem_va, fw, size); 1595 1596 /* make sure the adapter will get up-to-date values */ 1597 (void) ddi_dma_sync(dma_p->dma_hdl, 0, size, DDI_DMA_SYNC_FORDEV); 1598 1599 (void) memset(&desc, 0, sizeof (desc)); 1600 desc.flags = LE_32(WPI_PAD32(size) << 28 | dma_p->ncookies << 24); 1601 for (i = 0; i < dma_p->ncookies; i++) { 1602 WPI_DBG((WPI_DEBUG_DMA, "cookie%d addr:%x size:%x\n", 1603 i, cookie[i].dmac_address, cookie[i].dmac_size)); 1604 desc.segs[i].addr = cookie[i].dmac_address; 1605 desc.segs[i].len = (uint32_t)cookie[i].dmac_size; 1606 } 1607 1608 wpi_mem_lock(sc); 1609 1610 /* tell adapter where to copy image in its internal memory */ 1611 WPI_WRITE(sc, WPI_FW_TARGET, target); 1612 1613 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0); 1614 1615 /* copy firmware descriptor into NIC memory */ 1616 WPI_WRITE_REGION_4(sc, WPI_TX_DESC(6), (uint32_t *)&desc, 1617 sizeof desc / sizeof (uint32_t)); 1618 1619 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0xfffff); 1620 WPI_WRITE(sc, WPI_TX_STATE(6), 0x4001); 1621 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0x80000001); 1622 1623 /* wait while the adapter is busy copying the firmware */ 1624 for (ntries = 0; ntries < 100; ntries++) { 1625 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(6)) 1626 break; 1627 DELAY(1000); 1628 } 1629 if (ntries == 100) { 1630 WPI_DBG((WPI_DEBUG_FW, "timeout transferring firmware\n")); 1631 err = ETIMEDOUT; 1632 } 1633 1634 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0); 1635 1636 wpi_mem_unlock(sc); 1637 1638 return (err); 1639 } 1640 1641 /*ARGSUSED*/ 1642 static void 1643 wpi_rx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1644 { 1645 ieee80211com_t *ic = &sc->sc_ic; 1646 wpi_rx_ring_t *ring = &sc->sc_rxq; 1647 wpi_rx_stat_t *stat; 1648 wpi_rx_head_t *head; 1649 wpi_rx_tail_t *tail; 1650 ieee80211_node_t *in; 1651 struct ieee80211_frame *wh; 1652 mblk_t *mp; 1653 uint16_t len; 1654 1655 stat = (wpi_rx_stat_t *)(desc + 1); 1656 1657 if (stat->len > WPI_STAT_MAXLEN) { 1658 WPI_DBG((WPI_DEBUG_RX, "invalid rx statistic header\n")); 1659 return; 1660 } 1661 1662 head = (wpi_rx_head_t *)((caddr_t)(stat + 1) + stat->len); 1663 tail = (wpi_rx_tail_t *)((caddr_t)(head + 1) + LE_16(head->len)); 1664 1665 len = LE_16(head->len); 1666 1667 WPI_DBG((WPI_DEBUG_RX, "rx intr: idx=%d len=%d stat len=%d rssi=%d " 1668 "rate=%x chan=%d tstamp=%llu", ring->cur, LE_32(desc->len), 1669 len, (int8_t)stat->rssi, head->rate, head->chan, 1670 LE_64(tail->tstamp))); 1671 1672 if ((len < 20) || (len > sc->sc_dmabuf_sz)) { 1673 sc->sc_rx_err++; 1674 return; 1675 } 1676 1677 /* 1678 * Discard Rx frames with bad CRC early 1679 */ 1680 if ((LE_32(tail->flags) & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1681 WPI_DBG((WPI_DEBUG_RX, "rx tail flags error %x\n", 1682 LE_32(tail->flags))); 1683 sc->sc_rx_err++; 1684 return; 1685 } 1686 1687 /* update Rx descriptor */ 1688 /* ring->desc[ring->cur] = LE_32(data->dma_data.cookie.dmac_address); */ 1689 1690 #ifdef WPI_BPF 1691 #ifndef WPI_CURRENT 1692 if (sc->sc_drvbpf != NULL) { 1693 #else 1694 if (bpf_peers_present(sc->sc_drvbpf)) { 1695 #endif 1696 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1697 1698 tap->wr_flags = 0; 1699 tap->wr_rate = head->rate; 1700 tap->wr_chan_freq = 1701 LE_16(ic->ic_channels[head->chan].ic_freq); 1702 tap->wr_chan_flags = 1703 LE_16(ic->ic_channels[head->chan].ic_flags); 1704 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1705 tap->wr_dbm_antnoise = (int8_t)LE_16(stat->noise); 1706 tap->wr_tsft = tail->tstamp; 1707 tap->wr_antenna = (LE_16(head->flags) >> 4) & 0xf; 1708 switch (head->rate) { 1709 /* CCK rates */ 1710 case 10: tap->wr_rate = 2; break; 1711 case 20: tap->wr_rate = 4; break; 1712 case 55: tap->wr_rate = 11; break; 1713 case 110: tap->wr_rate = 22; break; 1714 /* OFDM rates */ 1715 case 0xd: tap->wr_rate = 12; break; 1716 case 0xf: tap->wr_rate = 18; break; 1717 case 0x5: tap->wr_rate = 24; break; 1718 case 0x7: tap->wr_rate = 36; break; 1719 case 0x9: tap->wr_rate = 48; break; 1720 case 0xb: tap->wr_rate = 72; break; 1721 case 0x1: tap->wr_rate = 96; break; 1722 case 0x3: tap->wr_rate = 108; break; 1723 /* unknown rate: should not happen */ 1724 default: tap->wr_rate = 0; 1725 } 1726 if (LE_16(head->flags) & 0x4) 1727 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1728 1729 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1730 } 1731 #endif 1732 /* grab a reference to the source node */ 1733 wh = (struct ieee80211_frame *)(head + 1); 1734 1735 #ifdef DEBUG 1736 if (wpi_dbg_flags & WPI_DEBUG_RX) 1737 ieee80211_dump_pkt((uint8_t *)wh, len, 0, 0); 1738 #endif 1739 1740 in = ieee80211_find_rxnode(ic, wh); 1741 mp = allocb(len, BPRI_MED); 1742 if (mp) { 1743 (void) memcpy(mp->b_wptr, wh, len); 1744 mp->b_wptr += len; 1745 1746 /* send the frame to the 802.11 layer */ 1747 (void) ieee80211_input(ic, mp, in, stat->rssi, 0); 1748 } else { 1749 sc->sc_rx_nobuf++; 1750 WPI_DBG((WPI_DEBUG_RX, 1751 "wpi_rx_intr(): alloc rx buf failed\n")); 1752 } 1753 /* release node reference */ 1754 ieee80211_free_node(in); 1755 } 1756 1757 /*ARGSUSED*/ 1758 static void 1759 wpi_tx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1760 { 1761 ieee80211com_t *ic = &sc->sc_ic; 1762 wpi_tx_ring_t *ring = &sc->sc_txq[desc->qid & 0x3]; 1763 /* wpi_tx_data_t *txdata = &ring->data[desc->idx]; */ 1764 wpi_tx_stat_t *stat = (wpi_tx_stat_t *)(desc + 1); 1765 wpi_amrr_t *amrr = (wpi_amrr_t *)ic->ic_bss; 1766 1767 WPI_DBG((WPI_DEBUG_TX, "tx done: qid=%d idx=%d retries=%d nkill=%d " 1768 "rate=%x duration=%d status=%x\n", 1769 desc->qid, desc->idx, stat->ntries, stat->nkill, stat->rate, 1770 LE_32(stat->duration), LE_32(stat->status))); 1771 1772 amrr->txcnt++; 1773 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d cnt\n", amrr->txcnt)); 1774 if (stat->ntries > 0) { 1775 amrr->retrycnt++; 1776 sc->sc_tx_retries++; 1777 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d retries\n", 1778 amrr->retrycnt)); 1779 } 1780 1781 sc->sc_tx_timer = 0; 1782 1783 mutex_enter(&sc->sc_tx_lock); 1784 ring->queued--; 1785 if (ring->queued < 0) 1786 ring->queued = 0; 1787 if ((sc->sc_need_reschedule) && (ring->queued <= (ring->count << 3))) { 1788 sc->sc_need_reschedule = 0; 1789 mutex_exit(&sc->sc_tx_lock); 1790 mac_tx_update(ic->ic_mach); 1791 mutex_enter(&sc->sc_tx_lock); 1792 } 1793 mutex_exit(&sc->sc_tx_lock); 1794 } 1795 1796 static void 1797 wpi_cmd_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc) 1798 { 1799 if ((desc->qid & 7) != 4) { 1800 return; /* not a command ack */ 1801 } 1802 mutex_enter(&sc->sc_glock); 1803 sc->sc_flags |= WPI_F_CMD_DONE; 1804 cv_signal(&sc->sc_cmd_cv); 1805 mutex_exit(&sc->sc_glock); 1806 } 1807 1808 static uint_t 1809 wpi_notif_softintr(caddr_t arg) 1810 { 1811 wpi_sc_t *sc = (wpi_sc_t *)arg; 1812 wpi_rx_desc_t *desc; 1813 wpi_rx_data_t *data; 1814 uint32_t hw; 1815 1816 mutex_enter(&sc->sc_glock); 1817 if (sc->sc_notif_softint_pending != 1) { 1818 mutex_exit(&sc->sc_glock); 1819 return (DDI_INTR_UNCLAIMED); 1820 } 1821 mutex_exit(&sc->sc_glock); 1822 1823 hw = LE_32(sc->sc_shared->next); 1824 1825 while (sc->sc_rxq.cur != hw) { 1826 data = &sc->sc_rxq.data[sc->sc_rxq.cur]; 1827 desc = (wpi_rx_desc_t *)data->dma_data.mem_va; 1828 1829 WPI_DBG((WPI_DEBUG_INTR, "rx notification hw = %d cur = %d " 1830 "qid=%x idx=%d flags=%x type=%d len=%d\n", 1831 hw, sc->sc_rxq.cur, desc->qid, desc->idx, desc->flags, 1832 desc->type, LE_32(desc->len))); 1833 1834 if (!(desc->qid & 0x80)) /* reply to a command */ 1835 wpi_cmd_intr(sc, desc); 1836 1837 switch (desc->type) { 1838 case WPI_RX_DONE: 1839 /* a 802.11 frame was received */ 1840 wpi_rx_intr(sc, desc, data); 1841 break; 1842 1843 case WPI_TX_DONE: 1844 /* a 802.11 frame has been transmitted */ 1845 wpi_tx_intr(sc, desc, data); 1846 break; 1847 1848 case WPI_UC_READY: 1849 { 1850 wpi_ucode_info_t *uc = 1851 (wpi_ucode_info_t *)(desc + 1); 1852 1853 /* the microcontroller is ready */ 1854 WPI_DBG((WPI_DEBUG_FW, 1855 "microcode alive notification version %x " 1856 "alive %x\n", LE_32(uc->version), 1857 LE_32(uc->valid))); 1858 1859 if (LE_32(uc->valid) != 1) { 1860 WPI_DBG((WPI_DEBUG_FW, 1861 "microcontroller initialization failed\n")); 1862 } 1863 break; 1864 } 1865 case WPI_STATE_CHANGED: 1866 { 1867 uint32_t *status = (uint32_t *)(desc + 1); 1868 1869 /* enabled/disabled notification */ 1870 WPI_DBG((WPI_DEBUG_RADIO, "state changed to %x\n", 1871 LE_32(*status))); 1872 1873 if (LE_32(*status) & 1) { 1874 /* 1875 * the radio button has to be pushed(OFF). It 1876 * is considered as a hw error, the 1877 * wpi_thread() tries to recover it after the 1878 * button is pushed again(ON) 1879 */ 1880 cmn_err(CE_NOTE, 1881 "wpi: Radio transmitter is off\n"); 1882 sc->sc_ostate = sc->sc_ic.ic_state; 1883 ieee80211_new_state(&sc->sc_ic, 1884 IEEE80211_S_INIT, -1); 1885 sc->sc_flags |= 1886 (WPI_F_HW_ERR_RECOVER | WPI_F_RADIO_OFF); 1887 } 1888 break; 1889 } 1890 case WPI_START_SCAN: 1891 { 1892 wpi_start_scan_t *scan = 1893 (wpi_start_scan_t *)(desc + 1); 1894 1895 WPI_DBG((WPI_DEBUG_SCAN, 1896 "scanning channel %d status %x\n", 1897 scan->chan, LE_32(scan->status))); 1898 1899 break; 1900 } 1901 case WPI_STOP_SCAN: 1902 { 1903 wpi_stop_scan_t *scan = 1904 (wpi_stop_scan_t *)(desc + 1); 1905 1906 WPI_DBG((WPI_DEBUG_SCAN, 1907 "completed channel %d (burst of %d) status %02x\n", 1908 scan->chan, scan->nchan, scan->status)); 1909 1910 sc->sc_scan_pending = 0; 1911 sc->sc_scan_next++; 1912 break; 1913 } 1914 default: 1915 break; 1916 } 1917 1918 sc->sc_rxq.cur = (sc->sc_rxq.cur + 1) % WPI_RX_RING_COUNT; 1919 } 1920 1921 /* tell the firmware what we have processed */ 1922 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1923 WPI_WRITE(sc, WPI_RX_WIDX, hw & (~7)); 1924 mutex_enter(&sc->sc_glock); 1925 sc->sc_notif_softint_pending = 0; 1926 mutex_exit(&sc->sc_glock); 1927 1928 return (DDI_INTR_CLAIMED); 1929 } 1930 1931 static uint_t 1932 wpi_intr(caddr_t arg) 1933 { 1934 wpi_sc_t *sc = (wpi_sc_t *)arg; 1935 uint32_t r, rfh; 1936 1937 mutex_enter(&sc->sc_glock); 1938 if (sc->sc_flags & WPI_F_SUSPEND) { 1939 mutex_exit(&sc->sc_glock); 1940 return (DDI_INTR_UNCLAIMED); 1941 } 1942 1943 r = WPI_READ(sc, WPI_INTR); 1944 if (r == 0 || r == 0xffffffff) { 1945 mutex_exit(&sc->sc_glock); 1946 return (DDI_INTR_UNCLAIMED); 1947 } 1948 1949 WPI_DBG((WPI_DEBUG_INTR, "interrupt reg %x\n", r)); 1950 1951 rfh = WPI_READ(sc, WPI_INTR_STATUS); 1952 /* disable interrupts */ 1953 WPI_WRITE(sc, WPI_MASK, 0); 1954 /* ack interrupts */ 1955 WPI_WRITE(sc, WPI_INTR, r); 1956 WPI_WRITE(sc, WPI_INTR_STATUS, rfh); 1957 1958 if (sc->sc_notif_softint_id == NULL) { 1959 mutex_exit(&sc->sc_glock); 1960 return (DDI_INTR_CLAIMED); 1961 } 1962 1963 if (r & (WPI_SW_ERROR | WPI_HW_ERROR)) { 1964 WPI_DBG((WPI_DEBUG_FW, "fatal firmware error\n")); 1965 mutex_exit(&sc->sc_glock); 1966 wpi_stop(sc); 1967 if (!(sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 1968 sc->sc_ostate = sc->sc_ic.ic_state; 1969 } 1970 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 1971 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 1972 return (DDI_INTR_CLAIMED); 1973 } 1974 1975 if ((r & (WPI_RX_INTR | WPI_RX_SWINT)) || 1976 (rfh & 0x40070000)) { 1977 sc->sc_notif_softint_pending = 1; 1978 ddi_trigger_softintr(sc->sc_notif_softint_id); 1979 } 1980 1981 if (r & WPI_ALIVE_INTR) { /* firmware initialized */ 1982 sc->sc_flags |= WPI_F_FW_INIT; 1983 cv_signal(&sc->sc_fw_cv); 1984 } 1985 1986 /* re-enable interrupts */ 1987 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 1988 mutex_exit(&sc->sc_glock); 1989 1990 return (DDI_INTR_CLAIMED); 1991 } 1992 1993 static uint8_t 1994 wpi_plcp_signal(int rate) 1995 { 1996 switch (rate) { 1997 /* CCK rates (returned values are device-dependent) */ 1998 case 2: return (10); 1999 case 4: return (20); 2000 case 11: return (55); 2001 case 22: return (110); 2002 2003 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 2004 /* R1-R4 (ral/ural is R4-R1) */ 2005 case 12: return (0xd); 2006 case 18: return (0xf); 2007 case 24: return (0x5); 2008 case 36: return (0x7); 2009 case 48: return (0x9); 2010 case 72: return (0xb); 2011 case 96: return (0x1); 2012 case 108: return (0x3); 2013 2014 /* unsupported rates (should not get there) */ 2015 default: return (0); 2016 } 2017 } 2018 2019 static mblk_t * 2020 wpi_m_tx(void *arg, mblk_t *mp) 2021 { 2022 wpi_sc_t *sc = (wpi_sc_t *)arg; 2023 ieee80211com_t *ic = &sc->sc_ic; 2024 mblk_t *next; 2025 2026 if (sc->sc_flags & WPI_F_SUSPEND) { 2027 freemsgchain(mp); 2028 return (NULL); 2029 } 2030 2031 if (ic->ic_state != IEEE80211_S_RUN) { 2032 freemsgchain(mp); 2033 return (NULL); 2034 } 2035 2036 while (mp != NULL) { 2037 next = mp->b_next; 2038 mp->b_next = NULL; 2039 if (wpi_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != 0) { 2040 mp->b_next = next; 2041 break; 2042 } 2043 mp = next; 2044 } 2045 return (mp); 2046 } 2047 2048 /* ARGSUSED */ 2049 static int 2050 wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type) 2051 { 2052 wpi_sc_t *sc = (wpi_sc_t *)ic; 2053 wpi_tx_ring_t *ring; 2054 wpi_tx_desc_t *desc; 2055 wpi_tx_data_t *data; 2056 wpi_tx_cmd_t *cmd; 2057 wpi_cmd_data_t *tx; 2058 ieee80211_node_t *in; 2059 struct ieee80211_frame *wh; 2060 struct ieee80211_key *k; 2061 mblk_t *m, *m0; 2062 int rate, hdrlen, len, mblen, off, err = WPI_SUCCESS; 2063 2064 ring = ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA) ? 2065 (&sc->sc_txq[0]) : (&sc->sc_txq[1]); 2066 data = &ring->data[ring->cur]; 2067 desc = data->desc; 2068 cmd = data->cmd; 2069 bzero(desc, sizeof (*desc)); 2070 bzero(cmd, sizeof (*cmd)); 2071 2072 mutex_enter(&sc->sc_tx_lock); 2073 if (sc->sc_flags & WPI_F_SUSPEND) { 2074 mutex_exit(&sc->sc_tx_lock); 2075 if ((type & IEEE80211_FC0_TYPE_MASK) != 2076 IEEE80211_FC0_TYPE_DATA) { 2077 freemsg(mp); 2078 } 2079 err = ENXIO; 2080 goto exit; 2081 } 2082 2083 if (ring->queued > ring->count - 64) { 2084 WPI_DBG((WPI_DEBUG_TX, "wpi_send(): no txbuf\n")); 2085 sc->sc_need_reschedule = 1; 2086 mutex_exit(&sc->sc_tx_lock); 2087 if ((type & IEEE80211_FC0_TYPE_MASK) != 2088 IEEE80211_FC0_TYPE_DATA) { 2089 freemsg(mp); 2090 } 2091 sc->sc_tx_nobuf++; 2092 err = ENOMEM; 2093 goto exit; 2094 } 2095 mutex_exit(&sc->sc_tx_lock); 2096 2097 hdrlen = sizeof (struct ieee80211_frame); 2098 2099 m = allocb(msgdsize(mp) + 32, BPRI_MED); 2100 if (m == NULL) { /* can not alloc buf, drop this package */ 2101 cmn_err(CE_WARN, 2102 "wpi_send(): failed to allocate msgbuf\n"); 2103 freemsg(mp); 2104 err = WPI_SUCCESS; 2105 goto exit; 2106 } 2107 for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) { 2108 mblen = MBLKL(m0); 2109 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen); 2110 off += mblen; 2111 } 2112 m->b_wptr += off; 2113 freemsg(mp); 2114 2115 wh = (struct ieee80211_frame *)m->b_rptr; 2116 2117 in = ieee80211_find_txnode(ic, wh->i_addr1); 2118 if (in == NULL) { 2119 cmn_err(CE_WARN, "wpi_send(): failed to find tx node\n"); 2120 freemsg(m); 2121 sc->sc_tx_err++; 2122 err = WPI_SUCCESS; 2123 goto exit; 2124 } 2125 2126 (void) ieee80211_encap(ic, m, in); 2127 2128 cmd->code = WPI_CMD_TX_DATA; 2129 cmd->flags = 0; 2130 cmd->qid = ring->qid; 2131 cmd->idx = ring->cur; 2132 2133 tx = (wpi_cmd_data_t *)cmd->data; 2134 tx->flags = 0; 2135 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2136 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2137 } else { 2138 tx->flags &= ~(LE_32(WPI_TX_NEED_ACK)); 2139 } 2140 2141 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2142 k = ieee80211_crypto_encap(ic, m); 2143 if (k == NULL) { 2144 freemsg(m); 2145 sc->sc_tx_err++; 2146 err = WPI_SUCCESS; 2147 goto exit; 2148 } 2149 2150 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 2151 tx->security = 2; /* for CCMP */ 2152 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2153 (void) memcpy(&tx->key, k->wk_key, k->wk_keylen); 2154 } 2155 2156 /* packet header may have moved, reset our local pointer */ 2157 wh = (struct ieee80211_frame *)m->b_rptr; 2158 } 2159 2160 len = msgdsize(m); 2161 2162 #ifdef DEBUG 2163 if (wpi_dbg_flags & WPI_DEBUG_TX) 2164 ieee80211_dump_pkt((uint8_t *)wh, hdrlen, 0, 0); 2165 #endif 2166 2167 /* pickup a rate */ 2168 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2169 IEEE80211_FC0_TYPE_MGT) { 2170 /* mgmt frames are sent at the lowest available bit-rate */ 2171 rate = 2; 2172 } else { 2173 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) { 2174 rate = ic->ic_fixed_rate; 2175 } else 2176 rate = in->in_rates.ir_rates[in->in_txrate]; 2177 } 2178 rate &= IEEE80211_RATE_VAL; 2179 WPI_DBG((WPI_DEBUG_RATECTL, "tx rate[%d of %d] = %x", 2180 in->in_txrate, in->in_rates.ir_nrates, rate)); 2181 #ifdef WPI_BPF 2182 #ifndef WPI_CURRENT 2183 if (sc->sc_drvbpf != NULL) { 2184 #else 2185 if (bpf_peers_present(sc->sc_drvbpf)) { 2186 #endif 2187 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2188 2189 tap->wt_flags = 0; 2190 tap->wt_chan_freq = LE_16(ic->ic_curchan->ic_freq); 2191 tap->wt_chan_flags = LE_16(ic->ic_curchan->ic_flags); 2192 tap->wt_rate = rate; 2193 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2194 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2195 2196 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 2197 } 2198 #endif 2199 2200 tx->flags |= (LE_32(WPI_TX_AUTO_SEQ)); 2201 tx->flags |= LE_32(WPI_TX_BT_DISABLE | WPI_TX_CALIBRATION); 2202 2203 /* retrieve destination node's id */ 2204 tx->id = IEEE80211_IS_MULTICAST(wh->i_addr1) ? WPI_ID_BROADCAST : 2205 WPI_ID_BSS; 2206 2207 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2208 IEEE80211_FC0_TYPE_MGT) { 2209 /* tell h/w to set timestamp in probe responses */ 2210 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2211 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2212 tx->flags |= LE_32(WPI_TX_INSERT_TSTAMP); 2213 2214 if (((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2215 IEEE80211_FC0_SUBTYPE_ASSOC_REQ) || 2216 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2217 IEEE80211_FC0_SUBTYPE_REASSOC_REQ)) 2218 tx->timeout = 3; 2219 else 2220 tx->timeout = 2; 2221 } else 2222 tx->timeout = 0; 2223 2224 tx->rate = wpi_plcp_signal(rate); 2225 2226 /* be very persistant at sending frames out */ 2227 tx->rts_ntries = 7; 2228 tx->data_ntries = 15; 2229 2230 tx->cck_mask = 0x0f; 2231 tx->ofdm_mask = 0xff; 2232 tx->lifetime = LE_32(0xffffffff); 2233 2234 tx->len = LE_16(len); 2235 2236 /* save and trim IEEE802.11 header */ 2237 (void) memcpy(tx + 1, m->b_rptr, hdrlen); 2238 m->b_rptr += hdrlen; 2239 (void) memcpy(data->dma_data.mem_va, m->b_rptr, len - hdrlen); 2240 2241 WPI_DBG((WPI_DEBUG_TX, "sending data: qid=%d idx=%d len=%d", ring->qid, 2242 ring->cur, len)); 2243 2244 /* first scatter/gather segment is used by the tx data command */ 2245 desc->flags = LE_32(WPI_PAD32(len) << 28 | (2) << 24); 2246 desc->segs[0].addr = LE_32(data->paddr_cmd); 2247 desc->segs[0].len = LE_32( 2248 roundup(4 + sizeof (wpi_cmd_data_t) + hdrlen, 4)); 2249 desc->segs[1].addr = LE_32(data->dma_data.cookie.dmac_address); 2250 desc->segs[1].len = LE_32(len - hdrlen); 2251 2252 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2253 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2254 2255 mutex_enter(&sc->sc_tx_lock); 2256 ring->queued++; 2257 mutex_exit(&sc->sc_tx_lock); 2258 2259 /* kick ring */ 2260 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2261 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2262 freemsg(m); 2263 /* release node reference */ 2264 ieee80211_free_node(in); 2265 2266 ic->ic_stats.is_tx_bytes += len; 2267 ic->ic_stats.is_tx_frags++; 2268 2269 if (sc->sc_tx_timer == 0) 2270 sc->sc_tx_timer = 5; 2271 exit: 2272 return (err); 2273 } 2274 2275 static void 2276 wpi_m_ioctl(void* arg, queue_t *wq, mblk_t *mp) 2277 { 2278 wpi_sc_t *sc = (wpi_sc_t *)arg; 2279 ieee80211com_t *ic = &sc->sc_ic; 2280 int err; 2281 2282 err = ieee80211_ioctl(ic, wq, mp); 2283 if (err == ENETRESET) { 2284 /* 2285 * This is special for the hidden AP connection. 2286 * In any case, we should make sure only one 'scan' 2287 * in the driver for a 'connect' CLI command. So 2288 * when connecting to a hidden AP, the scan is just 2289 * sent out to the air when we know the desired 2290 * essid of the AP we want to connect. 2291 */ 2292 if (ic->ic_des_esslen) { 2293 if (sc->sc_flags & WPI_F_RUNNING) { 2294 wpi_m_stop(sc); 2295 (void) wpi_m_start(sc); 2296 (void) ieee80211_new_state(ic, 2297 IEEE80211_S_SCAN, -1); 2298 } 2299 } 2300 } 2301 } 2302 2303 /* 2304 * Callback functions for get/set properties 2305 */ 2306 /* ARGSUSED */ 2307 static int 2308 wpi_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_name, 2309 uint_t pr_flags, uint_t wldp_length, void *wldp_buf, uint_t *perm) 2310 { 2311 int err = 0; 2312 wpi_sc_t *sc = (wpi_sc_t *)arg; 2313 2314 err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_name, 2315 pr_flags, wldp_length, wldp_buf, perm); 2316 2317 return (err); 2318 } 2319 static int 2320 wpi_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_name, 2321 uint_t wldp_length, const void *wldp_buf) 2322 { 2323 int err; 2324 wpi_sc_t *sc = (wpi_sc_t *)arg; 2325 ieee80211com_t *ic = &sc->sc_ic; 2326 2327 err = ieee80211_setprop(ic, pr_name, wldp_pr_name, 2328 wldp_length, wldp_buf); 2329 2330 if (err == ENETRESET) { 2331 if (ic->ic_des_esslen) { 2332 if (sc->sc_flags & WPI_F_RUNNING) { 2333 wpi_m_stop(sc); 2334 (void) wpi_m_start(sc); 2335 (void) ieee80211_new_state(ic, 2336 IEEE80211_S_SCAN, -1); 2337 } 2338 } 2339 2340 err = 0; 2341 } 2342 2343 return (err); 2344 } 2345 2346 /*ARGSUSED*/ 2347 static int 2348 wpi_m_stat(void *arg, uint_t stat, uint64_t *val) 2349 { 2350 wpi_sc_t *sc = (wpi_sc_t *)arg; 2351 ieee80211com_t *ic = &sc->sc_ic; 2352 ieee80211_node_t *in; 2353 2354 mutex_enter(&sc->sc_glock); 2355 switch (stat) { 2356 case MAC_STAT_IFSPEED: 2357 in = ic->ic_bss; 2358 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ? 2359 IEEE80211_RATE(in->in_txrate) : 2360 ic->ic_fixed_rate) / 2 * 1000000; 2361 break; 2362 case MAC_STAT_NOXMTBUF: 2363 *val = sc->sc_tx_nobuf; 2364 break; 2365 case MAC_STAT_NORCVBUF: 2366 *val = sc->sc_rx_nobuf; 2367 break; 2368 case MAC_STAT_IERRORS: 2369 *val = sc->sc_rx_err; 2370 break; 2371 case MAC_STAT_RBYTES: 2372 *val = ic->ic_stats.is_rx_bytes; 2373 break; 2374 case MAC_STAT_IPACKETS: 2375 *val = ic->ic_stats.is_rx_frags; 2376 break; 2377 case MAC_STAT_OBYTES: 2378 *val = ic->ic_stats.is_tx_bytes; 2379 break; 2380 case MAC_STAT_OPACKETS: 2381 *val = ic->ic_stats.is_tx_frags; 2382 break; 2383 case MAC_STAT_OERRORS: 2384 case WIFI_STAT_TX_FAILED: 2385 *val = sc->sc_tx_err; 2386 break; 2387 case WIFI_STAT_TX_RETRANS: 2388 *val = sc->sc_tx_retries; 2389 break; 2390 case WIFI_STAT_FCS_ERRORS: 2391 case WIFI_STAT_WEP_ERRORS: 2392 case WIFI_STAT_TX_FRAGS: 2393 case WIFI_STAT_MCAST_TX: 2394 case WIFI_STAT_RTS_SUCCESS: 2395 case WIFI_STAT_RTS_FAILURE: 2396 case WIFI_STAT_ACK_FAILURE: 2397 case WIFI_STAT_RX_FRAGS: 2398 case WIFI_STAT_MCAST_RX: 2399 case WIFI_STAT_RX_DUPS: 2400 mutex_exit(&sc->sc_glock); 2401 return (ieee80211_stat(ic, stat, val)); 2402 default: 2403 mutex_exit(&sc->sc_glock); 2404 return (ENOTSUP); 2405 } 2406 mutex_exit(&sc->sc_glock); 2407 2408 return (WPI_SUCCESS); 2409 2410 } 2411 2412 static int 2413 wpi_m_start(void *arg) 2414 { 2415 wpi_sc_t *sc = (wpi_sc_t *)arg; 2416 ieee80211com_t *ic = &sc->sc_ic; 2417 int err; 2418 2419 err = wpi_init(sc); 2420 if (err != WPI_SUCCESS) { 2421 wpi_stop(sc); 2422 DELAY(1000000); 2423 err = wpi_init(sc); 2424 } 2425 2426 if (err) { 2427 /* 2428 * The hw init err(eg. RF is OFF). Return Success to make 2429 * the 'plumb' succeed. The wpi_thread() tries to re-init 2430 * background. 2431 */ 2432 mutex_enter(&sc->sc_glock); 2433 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2434 mutex_exit(&sc->sc_glock); 2435 return (WPI_SUCCESS); 2436 } 2437 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2438 mutex_enter(&sc->sc_glock); 2439 sc->sc_flags |= WPI_F_RUNNING; 2440 mutex_exit(&sc->sc_glock); 2441 2442 return (WPI_SUCCESS); 2443 } 2444 2445 static void 2446 wpi_m_stop(void *arg) 2447 { 2448 wpi_sc_t *sc = (wpi_sc_t *)arg; 2449 ieee80211com_t *ic = &sc->sc_ic; 2450 2451 wpi_stop(sc); 2452 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2453 mutex_enter(&sc->sc_mt_lock); 2454 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2455 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 2456 mutex_exit(&sc->sc_mt_lock); 2457 mutex_enter(&sc->sc_glock); 2458 sc->sc_flags &= ~WPI_F_RUNNING; 2459 mutex_exit(&sc->sc_glock); 2460 } 2461 2462 /*ARGSUSED*/ 2463 static int 2464 wpi_m_unicst(void *arg, const uint8_t *macaddr) 2465 { 2466 wpi_sc_t *sc = (wpi_sc_t *)arg; 2467 ieee80211com_t *ic = &sc->sc_ic; 2468 int err; 2469 2470 if (!IEEE80211_ADDR_EQ(ic->ic_macaddr, macaddr)) { 2471 IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr); 2472 mutex_enter(&sc->sc_glock); 2473 err = wpi_config(sc); 2474 mutex_exit(&sc->sc_glock); 2475 if (err != WPI_SUCCESS) { 2476 cmn_err(CE_WARN, 2477 "wpi_m_unicst(): " 2478 "failed to configure device\n"); 2479 goto fail; 2480 } 2481 } 2482 return (WPI_SUCCESS); 2483 fail: 2484 return (err); 2485 } 2486 2487 /*ARGSUSED*/ 2488 static int 2489 wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m) 2490 { 2491 return (WPI_SUCCESS); 2492 } 2493 2494 /*ARGSUSED*/ 2495 static int 2496 wpi_m_promisc(void *arg, boolean_t on) 2497 { 2498 return (WPI_SUCCESS); 2499 } 2500 2501 static void 2502 wpi_thread(wpi_sc_t *sc) 2503 { 2504 ieee80211com_t *ic = &sc->sc_ic; 2505 clock_t clk; 2506 int times = 0, err, n = 0, timeout = 0; 2507 uint32_t tmp; 2508 2509 mutex_enter(&sc->sc_mt_lock); 2510 while (sc->sc_mf_thread_switch) { 2511 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2512 if (tmp & WPI_GPIO_HW_RF_KILL) { 2513 sc->sc_flags &= ~WPI_F_RADIO_OFF; 2514 } else { 2515 sc->sc_flags |= WPI_F_RADIO_OFF; 2516 } 2517 /* 2518 * If in SUSPEND or the RF is OFF, do nothing 2519 */ 2520 if ((sc->sc_flags & WPI_F_SUSPEND) || 2521 (sc->sc_flags & WPI_F_RADIO_OFF)) { 2522 mutex_exit(&sc->sc_mt_lock); 2523 delay(drv_usectohz(100000)); 2524 mutex_enter(&sc->sc_mt_lock); 2525 continue; 2526 } 2527 2528 /* 2529 * recovery fatal error 2530 */ 2531 if (ic->ic_mach && 2532 (sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 2533 2534 WPI_DBG((WPI_DEBUG_FW, 2535 "wpi_thread(): " 2536 "try to recover fatal hw error: %d\n", times++)); 2537 2538 wpi_stop(sc); 2539 mutex_exit(&sc->sc_mt_lock); 2540 2541 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2542 delay(drv_usectohz(2000000)); 2543 2544 mutex_enter(&sc->sc_mt_lock); 2545 err = wpi_init(sc); 2546 if (err != WPI_SUCCESS) { 2547 n++; 2548 if (n < 3) 2549 continue; 2550 } 2551 n = 0; 2552 if (!err) 2553 sc->sc_flags |= WPI_F_RUNNING; 2554 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2555 mutex_exit(&sc->sc_mt_lock); 2556 delay(drv_usectohz(2000000)); 2557 if (sc->sc_ostate != IEEE80211_S_INIT) 2558 ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); 2559 mutex_enter(&sc->sc_mt_lock); 2560 } 2561 2562 /* 2563 * scan next channel 2564 */ 2565 if (ic->ic_mach && 2566 (sc->sc_flags & WPI_F_SCANNING) && sc->sc_scan_next) { 2567 2568 WPI_DBG((WPI_DEBUG_SCAN, 2569 "wpi_thread(): " 2570 "wait for probe response\n")); 2571 2572 sc->sc_scan_next--; 2573 mutex_exit(&sc->sc_mt_lock); 2574 delay(drv_usectohz(200000)); 2575 ieee80211_next_scan(ic); 2576 mutex_enter(&sc->sc_mt_lock); 2577 } 2578 2579 /* 2580 * rate ctl 2581 */ 2582 if (ic->ic_mach && 2583 (sc->sc_flags & WPI_F_RATE_AUTO_CTL)) { 2584 clk = ddi_get_lbolt(); 2585 if (clk > sc->sc_clk + drv_usectohz(500000)) { 2586 wpi_amrr_timeout(sc); 2587 } 2588 } 2589 mutex_exit(&sc->sc_mt_lock); 2590 delay(drv_usectohz(100000)); 2591 mutex_enter(&sc->sc_mt_lock); 2592 if (sc->sc_tx_timer) { 2593 timeout++; 2594 if (timeout == 10) { 2595 sc->sc_tx_timer--; 2596 if (sc->sc_tx_timer == 0) { 2597 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2598 sc->sc_ostate = IEEE80211_S_RUN; 2599 WPI_DBG((WPI_DEBUG_FW, 2600 "wpi_thread(): send fail\n")); 2601 } 2602 timeout = 0; 2603 } 2604 } 2605 } 2606 sc->sc_mf_thread = NULL; 2607 cv_signal(&sc->sc_mt_cv); 2608 mutex_exit(&sc->sc_mt_lock); 2609 } 2610 2611 /* 2612 * Extract various information from EEPROM. 2613 */ 2614 static void 2615 wpi_read_eeprom(wpi_sc_t *sc) 2616 { 2617 ieee80211com_t *ic = &sc->sc_ic; 2618 uint16_t val; 2619 int i; 2620 2621 /* read MAC address */ 2622 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 0); 2623 ic->ic_macaddr[0] = val & 0xff; 2624 ic->ic_macaddr[1] = val >> 8; 2625 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 1); 2626 ic->ic_macaddr[2] = val & 0xff; 2627 ic->ic_macaddr[3] = val >> 8; 2628 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 2); 2629 ic->ic_macaddr[4] = val & 0xff; 2630 ic->ic_macaddr[5] = val >> 8; 2631 2632 WPI_DBG((WPI_DEBUG_EEPROM, 2633 "mac:%2x:%2x:%2x:%2x:%2x:%2x\n", 2634 ic->ic_macaddr[0], ic->ic_macaddr[1], 2635 ic->ic_macaddr[2], ic->ic_macaddr[3], 2636 ic->ic_macaddr[4], ic->ic_macaddr[5])); 2637 /* read power settings for 2.4GHz channels */ 2638 for (i = 0; i < 14; i++) { 2639 sc->sc_pwr1[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR1 + i); 2640 sc->sc_pwr2[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR2 + i); 2641 WPI_DBG((WPI_DEBUG_EEPROM, 2642 "channel %d pwr1 0x%04x pwr2 0x%04x\n", i + 1, 2643 sc->sc_pwr1[i], sc->sc_pwr2[i])); 2644 } 2645 } 2646 2647 /* 2648 * Send a command to the firmware. 2649 */ 2650 static int 2651 wpi_cmd(wpi_sc_t *sc, int code, const void *buf, int size, int async) 2652 { 2653 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2654 wpi_tx_desc_t *desc; 2655 wpi_tx_cmd_t *cmd; 2656 2657 ASSERT(size <= sizeof (cmd->data)); 2658 ASSERT(mutex_owned(&sc->sc_glock)); 2659 2660 WPI_DBG((WPI_DEBUG_CMD, "wpi_cmd() # code[%d]", code)); 2661 desc = ring->data[ring->cur].desc; 2662 cmd = ring->data[ring->cur].cmd; 2663 2664 cmd->code = (uint8_t)code; 2665 cmd->flags = 0; 2666 cmd->qid = ring->qid; 2667 cmd->idx = ring->cur; 2668 (void) memcpy(cmd->data, buf, size); 2669 2670 desc->flags = LE_32(WPI_PAD32(size) << 28 | 1 << 24); 2671 desc->segs[0].addr = ring->data[ring->cur].paddr_cmd; 2672 desc->segs[0].len = 4 + size; 2673 2674 /* kick cmd ring */ 2675 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2676 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2677 2678 if (async) 2679 return (WPI_SUCCESS); 2680 else { 2681 clock_t clk; 2682 sc->sc_flags &= ~WPI_F_CMD_DONE; 2683 clk = ddi_get_lbolt() + drv_usectohz(2000000); 2684 while (!(sc->sc_flags & WPI_F_CMD_DONE)) { 2685 if (cv_timedwait(&sc->sc_cmd_cv, &sc->sc_glock, clk) 2686 < 0) 2687 break; 2688 } 2689 if (sc->sc_flags & WPI_F_CMD_DONE) 2690 return (WPI_SUCCESS); 2691 else 2692 return (WPI_FAIL); 2693 } 2694 } 2695 2696 /* 2697 * Configure h/w multi-rate retries. 2698 */ 2699 static int 2700 wpi_mrr_setup(wpi_sc_t *sc) 2701 { 2702 wpi_mrr_setup_t mrr; 2703 int i, err; 2704 2705 /* CCK rates (not used with 802.11a) */ 2706 for (i = WPI_CCK1; i <= WPI_CCK11; i++) { 2707 mrr.rates[i].flags = 0; 2708 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2709 /* fallback to the immediate lower CCK rate (if any) */ 2710 mrr.rates[i].next = (i == WPI_CCK1) ? WPI_CCK1 : i - 1; 2711 /* try one time at this rate before falling back to "next" */ 2712 mrr.rates[i].ntries = 1; 2713 } 2714 2715 /* OFDM rates (not used with 802.11b) */ 2716 for (i = WPI_OFDM6; i <= WPI_OFDM54; i++) { 2717 mrr.rates[i].flags = 0; 2718 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2719 /* fallback to the immediate lower OFDM rate (if any) */ 2720 mrr.rates[i].next = (i == WPI_OFDM6) ? WPI_OFDM6 : i - 1; 2721 /* try one time at this rate before falling back to "next" */ 2722 mrr.rates[i].ntries = 1; 2723 } 2724 2725 /* setup MRR for control frames */ 2726 mrr.which = LE_32(WPI_MRR_CTL); 2727 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2728 if (err != WPI_SUCCESS) { 2729 WPI_DBG((WPI_DEBUG_MRR, 2730 "could not setup MRR for control frames\n")); 2731 return (err); 2732 } 2733 2734 /* setup MRR for data frames */ 2735 mrr.which = LE_32(WPI_MRR_DATA); 2736 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2737 if (err != WPI_SUCCESS) { 2738 WPI_DBG((WPI_DEBUG_MRR, 2739 "could not setup MRR for data frames\n")); 2740 return (err); 2741 } 2742 2743 return (WPI_SUCCESS); 2744 } 2745 2746 static void 2747 wpi_set_led(wpi_sc_t *sc, uint8_t which, uint8_t off, uint8_t on) 2748 { 2749 wpi_cmd_led_t led; 2750 2751 led.which = which; 2752 led.unit = LE_32(100000); /* on/off in unit of 100ms */ 2753 led.off = off; 2754 led.on = on; 2755 2756 (void) wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof (led), 1); 2757 } 2758 2759 static int 2760 wpi_auth(wpi_sc_t *sc) 2761 { 2762 ieee80211com_t *ic = &sc->sc_ic; 2763 ieee80211_node_t *in = ic->ic_bss; 2764 wpi_node_t node; 2765 int err; 2766 2767 /* update adapter's configuration */ 2768 IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid); 2769 sc->sc_config.chan = ieee80211_chan2ieee(ic, in->in_chan); 2770 if (ic->ic_curmode == IEEE80211_MODE_11B) { 2771 sc->sc_config.cck_mask = 0x03; 2772 sc->sc_config.ofdm_mask = 0; 2773 } else if ((in->in_chan != IEEE80211_CHAN_ANYC) && 2774 (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) { 2775 sc->sc_config.cck_mask = 0; 2776 sc->sc_config.ofdm_mask = 0x15; 2777 } else { /* assume 802.11b/g */ 2778 sc->sc_config.cck_mask = 0x0f; 2779 sc->sc_config.ofdm_mask = 0xff; 2780 } 2781 2782 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x cck %x ofdm %x" 2783 " bssid:%02x:%02x:%02x:%02x:%02x:%2x\n", 2784 sc->sc_config.chan, sc->sc_config.flags, 2785 sc->sc_config.cck_mask, sc->sc_config.ofdm_mask, 2786 sc->sc_config.bssid[0], sc->sc_config.bssid[1], 2787 sc->sc_config.bssid[2], sc->sc_config.bssid[3], 2788 sc->sc_config.bssid[4], sc->sc_config.bssid[5])); 2789 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2790 sizeof (wpi_config_t), 1); 2791 if (err != WPI_SUCCESS) { 2792 cmn_err(CE_WARN, "wpi_auth(): failed to configurate chan%d\n", 2793 sc->sc_config.chan); 2794 return (err); 2795 } 2796 2797 /* add default node */ 2798 (void) memset(&node, 0, sizeof (node)); 2799 IEEE80211_ADDR_COPY(node.bssid, in->in_bssid); 2800 node.id = WPI_ID_BSS; 2801 node.rate = wpi_plcp_signal(2); 2802 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 2803 if (err != WPI_SUCCESS) { 2804 cmn_err(CE_WARN, "wpi_auth(): failed to add BSS node\n"); 2805 return (err); 2806 } 2807 2808 err = wpi_mrr_setup(sc); 2809 if (err != WPI_SUCCESS) { 2810 cmn_err(CE_WARN, "wpi_auth(): failed to setup MRR\n"); 2811 return (err); 2812 } 2813 2814 return (WPI_SUCCESS); 2815 } 2816 2817 /* 2818 * Send a scan request to the firmware. 2819 */ 2820 static int 2821 wpi_scan(wpi_sc_t *sc) 2822 { 2823 ieee80211com_t *ic = &sc->sc_ic; 2824 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2825 wpi_tx_desc_t *desc; 2826 wpi_tx_data_t *data; 2827 wpi_tx_cmd_t *cmd; 2828 wpi_scan_hdr_t *hdr; 2829 wpi_scan_chan_t *chan; 2830 struct ieee80211_frame *wh; 2831 ieee80211_node_t *in = ic->ic_bss; 2832 uint8_t essid[IEEE80211_NWID_LEN+1]; 2833 struct ieee80211_rateset *rs; 2834 enum ieee80211_phymode mode; 2835 uint8_t *frm; 2836 int i, pktlen, nrates; 2837 2838 /* previous scan not completed */ 2839 if (sc->sc_scan_pending) { 2840 WPI_DBG((WPI_DEBUG_SCAN, "previous scan not completed\n")); 2841 return (WPI_SUCCESS); 2842 } 2843 2844 data = &ring->data[ring->cur]; 2845 desc = data->desc; 2846 cmd = (wpi_tx_cmd_t *)data->dma_data.mem_va; 2847 2848 cmd->code = WPI_CMD_SCAN; 2849 cmd->flags = 0; 2850 cmd->qid = ring->qid; 2851 cmd->idx = ring->cur; 2852 2853 hdr = (wpi_scan_hdr_t *)cmd->data; 2854 (void) memset(hdr, 0, sizeof (wpi_scan_hdr_t)); 2855 hdr->first = 1; 2856 hdr->nchan = 1; 2857 hdr->len = hdr->nchan * sizeof (wpi_scan_chan_t); 2858 hdr->quiet = LE_16(50); 2859 hdr->threshold = LE_16(1); 2860 hdr->filter = LE_32(5); 2861 hdr->rate = wpi_plcp_signal(2); 2862 hdr->id = WPI_ID_BROADCAST; 2863 hdr->mask = LE_32(0xffffffff); 2864 hdr->esslen = ic->ic_des_esslen; 2865 2866 if (ic->ic_des_esslen) { 2867 bcopy(ic->ic_des_essid, essid, ic->ic_des_esslen); 2868 essid[ic->ic_des_esslen] = '\0'; 2869 WPI_DBG((WPI_DEBUG_SCAN, "directed scan %s\n", essid)); 2870 2871 bcopy(ic->ic_des_essid, hdr->essid, ic->ic_des_esslen); 2872 } else { 2873 bzero(hdr->essid, sizeof (hdr->essid)); 2874 } 2875 2876 /* 2877 * Build a probe request frame. Most of the following code is a 2878 * copy & paste of what is done in net80211. Unfortunately, the 2879 * functions to add IEs are static and thus can't be reused here. 2880 */ 2881 wh = (struct ieee80211_frame *)(hdr + 1); 2882 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2883 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2884 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2885 (void) memset(wh->i_addr1, 0xff, 6); 2886 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_macaddr); 2887 (void) memset(wh->i_addr3, 0xff, 6); 2888 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 2889 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 2890 2891 frm = (uint8_t *)(wh + 1); 2892 2893 /* add essid IE */ 2894 if (in->in_esslen) { 2895 bcopy(in->in_essid, essid, in->in_esslen); 2896 essid[in->in_esslen] = '\0'; 2897 WPI_DBG((WPI_DEBUG_SCAN, "probe with ESSID %s\n", 2898 essid)); 2899 } 2900 *frm++ = IEEE80211_ELEMID_SSID; 2901 *frm++ = in->in_esslen; 2902 (void) memcpy(frm, in->in_essid, in->in_esslen); 2903 frm += in->in_esslen; 2904 2905 mode = ieee80211_chan2mode(ic, ic->ic_curchan); 2906 rs = &ic->ic_sup_rates[mode]; 2907 2908 /* add supported rates IE */ 2909 *frm++ = IEEE80211_ELEMID_RATES; 2910 nrates = rs->ir_nrates; 2911 if (nrates > IEEE80211_RATE_SIZE) 2912 nrates = IEEE80211_RATE_SIZE; 2913 *frm++ = (uint8_t)nrates; 2914 (void) memcpy(frm, rs->ir_rates, nrates); 2915 frm += nrates; 2916 2917 /* add supported xrates IE */ 2918 if (rs->ir_nrates > IEEE80211_RATE_SIZE) { 2919 nrates = rs->ir_nrates - IEEE80211_RATE_SIZE; 2920 *frm++ = IEEE80211_ELEMID_XRATES; 2921 *frm++ = (uint8_t)nrates; 2922 (void) memcpy(frm, rs->ir_rates + IEEE80211_RATE_SIZE, nrates); 2923 frm += nrates; 2924 } 2925 2926 /* add optionnal IE (usually an RSN IE) */ 2927 if (ic->ic_opt_ie != NULL) { 2928 (void) memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); 2929 frm += ic->ic_opt_ie_len; 2930 } 2931 2932 /* setup length of probe request */ 2933 hdr->pbrlen = LE_16((uintptr_t)frm - (uintptr_t)wh); 2934 2935 /* align on a 4-byte boundary */ 2936 chan = (wpi_scan_chan_t *)frm; 2937 for (i = 1; i <= hdr->nchan; i++, chan++) { 2938 if (ic->ic_des_esslen) { 2939 chan->flags = 0x3; 2940 } else { 2941 chan->flags = 0x1; 2942 } 2943 chan->chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2944 chan->magic = LE_16(0x62ab); 2945 chan->active = LE_16(50); 2946 chan->passive = LE_16(120); 2947 2948 frm += sizeof (wpi_scan_chan_t); 2949 } 2950 2951 pktlen = (uintptr_t)frm - (uintptr_t)cmd; 2952 2953 desc->flags = LE_32(WPI_PAD32(pktlen) << 28 | 1 << 24); 2954 desc->segs[0].addr = LE_32(data->dma_data.cookie.dmac_address); 2955 desc->segs[0].len = LE_32(pktlen); 2956 2957 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2958 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2959 2960 /* kick cmd ring */ 2961 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2962 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2963 2964 sc->sc_scan_pending = 1; 2965 2966 return (WPI_SUCCESS); /* will be notified async. of failure/success */ 2967 } 2968 2969 static int 2970 wpi_config(wpi_sc_t *sc) 2971 { 2972 ieee80211com_t *ic = &sc->sc_ic; 2973 wpi_txpower_t txpower; 2974 wpi_power_t power; 2975 #ifdef WPI_BLUE_COEXISTENCE 2976 wpi_bluetooth_t bluetooth; 2977 #endif 2978 wpi_node_t node; 2979 int err; 2980 2981 /* Intel's binary only daemon is a joke.. */ 2982 2983 /* set Tx power for 2.4GHz channels (values read from EEPROM) */ 2984 (void) memset(&txpower, 0, sizeof (txpower)); 2985 (void) memcpy(txpower.pwr1, sc->sc_pwr1, 14 * sizeof (uint16_t)); 2986 (void) memcpy(txpower.pwr2, sc->sc_pwr2, 14 * sizeof (uint16_t)); 2987 err = wpi_cmd(sc, WPI_CMD_TXPOWER, &txpower, sizeof (txpower), 0); 2988 if (err != WPI_SUCCESS) { 2989 cmn_err(CE_WARN, "wpi_config(): failed to set txpower\n"); 2990 return (err); 2991 } 2992 2993 /* set power mode */ 2994 (void) memset(&power, 0, sizeof (power)); 2995 power.flags = LE_32(0x8); 2996 err = wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &power, sizeof (power), 0); 2997 if (err != WPI_SUCCESS) { 2998 cmn_err(CE_WARN, "wpi_config(): failed to set power mode\n"); 2999 return (err); 3000 } 3001 #ifdef WPI_BLUE_COEXISTENCE 3002 /* configure bluetooth coexistence */ 3003 (void) memset(&bluetooth, 0, sizeof (bluetooth)); 3004 bluetooth.flags = 3; 3005 bluetooth.lead = 0xaa; 3006 bluetooth.kill = 1; 3007 err = wpi_cmd(sc, WPI_CMD_BLUETOOTH, &bluetooth, 3008 sizeof (bluetooth), 0); 3009 if (err != WPI_SUCCESS) { 3010 cmn_err(CE_WARN, 3011 "wpi_config(): " 3012 "failed to configurate bluetooth coexistence\n"); 3013 return (err); 3014 } 3015 #endif 3016 /* configure adapter */ 3017 (void) memset(&sc->sc_config, 0, sizeof (wpi_config_t)); 3018 IEEE80211_ADDR_COPY(sc->sc_config.myaddr, ic->ic_macaddr); 3019 sc->sc_config.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 3020 sc->sc_config.flags = LE_32(WPI_CONFIG_TSF | WPI_CONFIG_AUTO | 3021 WPI_CONFIG_24GHZ); 3022 sc->sc_config.filter = 0; 3023 switch (ic->ic_opmode) { 3024 case IEEE80211_M_STA: 3025 sc->sc_config.mode = WPI_MODE_STA; 3026 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST); 3027 break; 3028 case IEEE80211_M_IBSS: 3029 case IEEE80211_M_AHDEMO: 3030 sc->sc_config.mode = WPI_MODE_IBSS; 3031 break; 3032 case IEEE80211_M_HOSTAP: 3033 sc->sc_config.mode = WPI_MODE_HOSTAP; 3034 break; 3035 case IEEE80211_M_MONITOR: 3036 sc->sc_config.mode = WPI_MODE_MONITOR; 3037 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST | 3038 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 3039 break; 3040 } 3041 sc->sc_config.cck_mask = 0x0f; /* not yet negotiated */ 3042 sc->sc_config.ofdm_mask = 0xff; /* not yet negotiated */ 3043 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 3044 sizeof (wpi_config_t), 0); 3045 if (err != WPI_SUCCESS) { 3046 cmn_err(CE_WARN, "wpi_config(): " 3047 "failed to set configure command\n"); 3048 return (err); 3049 } 3050 3051 /* add broadcast node */ 3052 (void) memset(&node, 0, sizeof (node)); 3053 (void) memset(node.bssid, 0xff, 6); 3054 node.id = WPI_ID_BROADCAST; 3055 node.rate = wpi_plcp_signal(2); 3056 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 0); 3057 if (err != WPI_SUCCESS) { 3058 cmn_err(CE_WARN, "wpi_config(): " 3059 "failed to add broadcast node\n"); 3060 return (err); 3061 } 3062 3063 return (WPI_SUCCESS); 3064 } 3065 3066 static void 3067 wpi_stop_master(wpi_sc_t *sc) 3068 { 3069 uint32_t tmp; 3070 int ntries; 3071 3072 tmp = WPI_READ(sc, WPI_RESET); 3073 WPI_WRITE(sc, WPI_RESET, tmp | WPI_STOP_MASTER); 3074 3075 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3076 if ((tmp & WPI_GPIO_PWR_STATUS) == WPI_GPIO_PWR_SLEEP) 3077 return; /* already asleep */ 3078 3079 for (ntries = 0; ntries < 2000; ntries++) { 3080 if (WPI_READ(sc, WPI_RESET) & WPI_MASTER_DISABLED) 3081 break; 3082 DELAY(1000); 3083 } 3084 if (ntries == 2000) 3085 WPI_DBG((WPI_DEBUG_HW, "timeout waiting for master\n")); 3086 } 3087 3088 static int 3089 wpi_power_up(wpi_sc_t *sc) 3090 { 3091 uint32_t tmp; 3092 int ntries; 3093 3094 wpi_mem_lock(sc); 3095 tmp = wpi_mem_read(sc, WPI_MEM_POWER); 3096 wpi_mem_write(sc, WPI_MEM_POWER, tmp & ~0x03000000); 3097 wpi_mem_unlock(sc); 3098 3099 for (ntries = 0; ntries < 5000; ntries++) { 3100 if (WPI_READ(sc, WPI_GPIO_STATUS) & WPI_POWERED) 3101 break; 3102 DELAY(10); 3103 } 3104 if (ntries == 5000) { 3105 cmn_err(CE_WARN, 3106 "wpi_power_up(): timeout waiting for NIC to power up\n"); 3107 return (ETIMEDOUT); 3108 } 3109 return (WPI_SUCCESS); 3110 } 3111 3112 static int 3113 wpi_reset(wpi_sc_t *sc) 3114 { 3115 uint32_t tmp; 3116 int ntries; 3117 3118 /* clear any pending interrupts */ 3119 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 3120 3121 tmp = WPI_READ(sc, WPI_PLL_CTL); 3122 WPI_WRITE(sc, WPI_PLL_CTL, tmp | WPI_PLL_INIT); 3123 3124 tmp = WPI_READ(sc, WPI_CHICKEN); 3125 WPI_WRITE(sc, WPI_CHICKEN, tmp | WPI_CHICKEN_RXNOLOS); 3126 3127 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3128 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_INIT); 3129 3130 /* wait for clock stabilization */ 3131 for (ntries = 0; ntries < 1000; ntries++) { 3132 if (WPI_READ(sc, WPI_GPIO_CTL) & WPI_GPIO_CLOCK) 3133 break; 3134 DELAY(10); 3135 } 3136 if (ntries == 1000) { 3137 cmn_err(CE_WARN, 3138 "wpi_reset(): timeout waiting for clock stabilization\n"); 3139 return (ETIMEDOUT); 3140 } 3141 3142 /* initialize EEPROM */ 3143 tmp = WPI_READ(sc, WPI_EEPROM_STATUS); 3144 if ((tmp & WPI_EEPROM_VERSION) == 0) { 3145 cmn_err(CE_WARN, "wpi_reset(): EEPROM not found\n"); 3146 return (EIO); 3147 } 3148 WPI_WRITE(sc, WPI_EEPROM_STATUS, tmp & ~WPI_EEPROM_LOCKED); 3149 3150 return (WPI_SUCCESS); 3151 } 3152 3153 static void 3154 wpi_hw_config(wpi_sc_t *sc) 3155 { 3156 uint16_t val; 3157 uint32_t hw; 3158 3159 /* voodoo from the Linux "driver".. */ 3160 hw = WPI_READ(sc, WPI_HWCONFIG); 3161 3162 if ((sc->sc_rev & 0xc0) == 0x40) 3163 hw |= WPI_HW_ALM_MB; 3164 else if (!(sc->sc_rev & 0x80)) 3165 hw |= WPI_HW_ALM_MM; 3166 3167 val = wpi_read_prom_word(sc, WPI_EEPROM_CAPABILITIES); 3168 if ((val & 0xff) == 0x80) 3169 hw |= WPI_HW_SKU_MRC; 3170 3171 val = wpi_read_prom_word(sc, WPI_EEPROM_REVISION); 3172 hw &= ~WPI_HW_REV_D; 3173 if ((val & 0xf0) == 0xd0) 3174 hw |= WPI_HW_REV_D; 3175 3176 val = wpi_read_prom_word(sc, WPI_EEPROM_TYPE); 3177 if ((val & 0xff) > 1) 3178 hw |= WPI_HW_TYPE_B; 3179 3180 WPI_DBG((WPI_DEBUG_HW, "setting h/w config %x\n", hw)); 3181 WPI_WRITE(sc, WPI_HWCONFIG, hw); 3182 } 3183 3184 static int 3185 wpi_init(wpi_sc_t *sc) 3186 { 3187 uint32_t tmp; 3188 int qid, ntries, err; 3189 clock_t clk; 3190 3191 mutex_enter(&sc->sc_glock); 3192 sc->sc_flags &= ~WPI_F_FW_INIT; 3193 3194 (void) wpi_reset(sc); 3195 3196 wpi_mem_lock(sc); 3197 wpi_mem_write(sc, WPI_MEM_CLOCK1, 0xa00); 3198 DELAY(20); 3199 tmp = wpi_mem_read(sc, WPI_MEM_PCIDEV); 3200 wpi_mem_write(sc, WPI_MEM_PCIDEV, tmp | 0x800); 3201 wpi_mem_unlock(sc); 3202 3203 (void) wpi_power_up(sc); 3204 wpi_hw_config(sc); 3205 3206 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3207 if (!(tmp & WPI_GPIO_HW_RF_KILL)) { 3208 cmn_err(CE_WARN, "wpi_init(): Radio transmitter is off\n"); 3209 goto fail1; 3210 } 3211 3212 /* init Rx ring */ 3213 wpi_mem_lock(sc); 3214 WPI_WRITE(sc, WPI_RX_BASE, sc->sc_rxq.dma_desc.cookie.dmac_address); 3215 WPI_WRITE(sc, WPI_RX_RIDX_PTR, 3216 (uint32_t)(sc->sc_dma_sh.cookie.dmac_address + 3217 offsetof(wpi_shared_t, next))); 3218 WPI_WRITE(sc, WPI_RX_WIDX, (WPI_RX_RING_COUNT - 1) & (~7)); 3219 WPI_WRITE(sc, WPI_RX_CONFIG, 0xa9601010); 3220 wpi_mem_unlock(sc); 3221 3222 /* init Tx rings */ 3223 wpi_mem_lock(sc); 3224 wpi_mem_write(sc, WPI_MEM_MODE, 2); /* bypass mode */ 3225 wpi_mem_write(sc, WPI_MEM_RA, 1); /* enable RA0 */ 3226 wpi_mem_write(sc, WPI_MEM_TXCFG, 0x3f); /* enable all 6 Tx rings */ 3227 wpi_mem_write(sc, WPI_MEM_BYPASS1, 0x10000); 3228 wpi_mem_write(sc, WPI_MEM_BYPASS2, 0x30002); 3229 wpi_mem_write(sc, WPI_MEM_MAGIC4, 4); 3230 wpi_mem_write(sc, WPI_MEM_MAGIC5, 5); 3231 3232 WPI_WRITE(sc, WPI_TX_BASE_PTR, sc->sc_dma_sh.cookie.dmac_address); 3233 WPI_WRITE(sc, WPI_MSG_CONFIG, 0xffff05a5); 3234 3235 for (qid = 0; qid < 6; qid++) { 3236 WPI_WRITE(sc, WPI_TX_CTL(qid), 0); 3237 WPI_WRITE(sc, WPI_TX_BASE(qid), 0); 3238 WPI_WRITE(sc, WPI_TX_CONFIG(qid), 0x80200008); 3239 } 3240 wpi_mem_unlock(sc); 3241 3242 /* clear "radio off" and "disable command" bits (reversed logic) */ 3243 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_RADIO_OFF); 3244 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_DISABLE_CMD); 3245 3246 /* clear any pending interrupts */ 3247 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 3248 3249 /* enable interrupts */ 3250 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 3251 3252 /* load firmware boot code into NIC */ 3253 err = wpi_load_microcode(sc); 3254 if (err != WPI_SUCCESS) { 3255 cmn_err(CE_WARN, "wpi_init(): failed to load microcode\n"); 3256 goto fail1; 3257 } 3258 3259 /* load firmware .text segment into NIC */ 3260 err = wpi_load_firmware(sc, WPI_FW_TEXT); 3261 if (err != WPI_SUCCESS) { 3262 cmn_err(CE_WARN, "wpi_init(): " 3263 "failed to load firmware(text)\n"); 3264 goto fail1; 3265 } 3266 3267 /* load firmware .data segment into NIC */ 3268 err = wpi_load_firmware(sc, WPI_FW_DATA); 3269 if (err != WPI_SUCCESS) { 3270 cmn_err(CE_WARN, "wpi_init(): " 3271 "failed to load firmware(data)\n"); 3272 goto fail1; 3273 } 3274 3275 /* now press "execute" ;-) */ 3276 tmp = WPI_READ(sc, WPI_RESET); 3277 tmp &= ~(WPI_MASTER_DISABLED | WPI_STOP_MASTER | WPI_NEVO_RESET); 3278 WPI_WRITE(sc, WPI_RESET, tmp); 3279 3280 /* ..and wait at most one second for adapter to initialize */ 3281 clk = ddi_get_lbolt() + drv_usectohz(2000000); 3282 while (!(sc->sc_flags & WPI_F_FW_INIT)) { 3283 if (cv_timedwait(&sc->sc_fw_cv, &sc->sc_glock, clk) < 0) 3284 break; 3285 } 3286 if (!(sc->sc_flags & WPI_F_FW_INIT)) { 3287 cmn_err(CE_WARN, 3288 "wpi_init(): timeout waiting for firmware init\n"); 3289 goto fail1; 3290 } 3291 3292 /* wait for thermal sensors to calibrate */ 3293 for (ntries = 0; ntries < 1000; ntries++) { 3294 if (WPI_READ(sc, WPI_TEMPERATURE) != 0) 3295 break; 3296 DELAY(10); 3297 } 3298 3299 if (ntries == 1000) { 3300 WPI_DBG((WPI_DEBUG_HW, 3301 "wpi_init(): timeout waiting for thermal sensors " 3302 "calibration\n")); 3303 } 3304 3305 WPI_DBG((WPI_DEBUG_HW, "temperature %d\n", 3306 (int)WPI_READ(sc, WPI_TEMPERATURE))); 3307 3308 err = wpi_config(sc); 3309 if (err) { 3310 cmn_err(CE_WARN, "wpi_init(): failed to configure device\n"); 3311 goto fail1; 3312 } 3313 3314 mutex_exit(&sc->sc_glock); 3315 return (WPI_SUCCESS); 3316 3317 fail1: 3318 err = WPI_FAIL; 3319 mutex_exit(&sc->sc_glock); 3320 return (err); 3321 } 3322 3323 /* 3324 * quiesce(9E) entry point. 3325 * This function is called when the system is single-threaded at high 3326 * PIL with preemption disabled. Therefore, this function must not be 3327 * blocked. 3328 * This function returns DDI_SUCCESS on success, or DDI_FAILURE on failure. 3329 * DDI_FAILURE indicates an error condition and should almost never happen. 3330 */ 3331 static int 3332 wpi_quiesce(dev_info_t *dip) 3333 { 3334 wpi_sc_t *sc; 3335 3336 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 3337 if (sc == NULL) 3338 return (DDI_FAILURE); 3339 3340 #ifdef DEBUG 3341 /* by pass any messages, if it's quiesce */ 3342 wpi_dbg_flags = 0; 3343 #endif 3344 3345 /* 3346 * No more blocking is allowed while we are in the 3347 * quiesce(9E) entry point. 3348 */ 3349 sc->sc_flags |= WPI_F_QUIESCED; 3350 3351 /* 3352 * Disable and mask all interrupts. 3353 */ 3354 wpi_stop(sc); 3355 return (DDI_SUCCESS); 3356 } 3357 3358 static void 3359 wpi_stop(wpi_sc_t *sc) 3360 { 3361 uint32_t tmp; 3362 int ac; 3363 3364 /* no mutex operation, if it's quiesced */ 3365 if (!(sc->sc_flags & WPI_F_QUIESCED)) 3366 mutex_enter(&sc->sc_glock); 3367 3368 /* disable interrupts */ 3369 WPI_WRITE(sc, WPI_MASK, 0); 3370 WPI_WRITE(sc, WPI_INTR, WPI_INTR_MASK); 3371 WPI_WRITE(sc, WPI_INTR_STATUS, 0xff); 3372 WPI_WRITE(sc, WPI_INTR_STATUS, 0x00070000); 3373 3374 wpi_mem_lock(sc); 3375 wpi_mem_write(sc, WPI_MEM_MODE, 0); 3376 wpi_mem_unlock(sc); 3377 3378 /* reset all Tx rings */ 3379 for (ac = 0; ac < 4; ac++) 3380 wpi_reset_tx_ring(sc, &sc->sc_txq[ac]); 3381 wpi_reset_tx_ring(sc, &sc->sc_cmdq); 3382 wpi_reset_tx_ring(sc, &sc->sc_svcq); 3383 3384 /* reset Rx ring */ 3385 wpi_reset_rx_ring(sc); 3386 3387 wpi_mem_lock(sc); 3388 wpi_mem_write(sc, WPI_MEM_CLOCK2, 0x200); 3389 wpi_mem_unlock(sc); 3390 3391 DELAY(5); 3392 3393 wpi_stop_master(sc); 3394 3395 sc->sc_tx_timer = 0; 3396 sc->sc_flags &= ~WPI_F_SCANNING; 3397 sc->sc_scan_pending = 0; 3398 sc->sc_scan_next = 0; 3399 3400 tmp = WPI_READ(sc, WPI_RESET); 3401 WPI_WRITE(sc, WPI_RESET, tmp | WPI_SW_RESET); 3402 3403 /* no mutex operation, if it's quiesced */ 3404 if (!(sc->sc_flags & WPI_F_QUIESCED)) 3405 mutex_exit(&sc->sc_glock); 3406 } 3407 3408 /* 3409 * Naive implementation of the Adaptive Multi Rate Retry algorithm: 3410 * "IEEE 802.11 Rate Adaptation: A Practical Approach" 3411 * Mathieu Lacage, Hossein Manshaei, Thierry Turletti 3412 * INRIA Sophia - Projet Planete 3413 * http://www-sop.inria.fr/rapports/sophia/RR-5208.html 3414 */ 3415 #define is_success(amrr) \ 3416 ((amrr)->retrycnt < (amrr)->txcnt / 10) 3417 #define is_failure(amrr) \ 3418 ((amrr)->retrycnt > (amrr)->txcnt / 3) 3419 #define is_enough(amrr) \ 3420 ((amrr)->txcnt > 100) 3421 #define is_min_rate(in) \ 3422 ((in)->in_txrate == 0) 3423 #define is_max_rate(in) \ 3424 ((in)->in_txrate == (in)->in_rates.ir_nrates - 1) 3425 #define increase_rate(in) \ 3426 ((in)->in_txrate++) 3427 #define decrease_rate(in) \ 3428 ((in)->in_txrate--) 3429 #define reset_cnt(amrr) \ 3430 { (amrr)->txcnt = (amrr)->retrycnt = 0; } 3431 3432 #define WPI_AMRR_MIN_SUCCESS_THRESHOLD 1 3433 #define WPI_AMRR_MAX_SUCCESS_THRESHOLD 15 3434 3435 static void 3436 wpi_amrr_init(wpi_amrr_t *amrr) 3437 { 3438 amrr->success = 0; 3439 amrr->recovery = 0; 3440 amrr->txcnt = amrr->retrycnt = 0; 3441 amrr->success_threshold = WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3442 } 3443 3444 static void 3445 wpi_amrr_timeout(wpi_sc_t *sc) 3446 { 3447 ieee80211com_t *ic = &sc->sc_ic; 3448 3449 WPI_DBG((WPI_DEBUG_RATECTL, "wpi_amrr_timeout() enter\n")); 3450 if (ic->ic_opmode == IEEE80211_M_STA) 3451 wpi_amrr_ratectl(NULL, ic->ic_bss); 3452 else 3453 ieee80211_iterate_nodes(&ic->ic_sta, wpi_amrr_ratectl, NULL); 3454 sc->sc_clk = ddi_get_lbolt(); 3455 } 3456 3457 /* ARGSUSED */ 3458 static void 3459 wpi_amrr_ratectl(void *arg, ieee80211_node_t *in) 3460 { 3461 wpi_amrr_t *amrr = (wpi_amrr_t *)in; 3462 int need_change = 0; 3463 3464 if (is_success(amrr) && is_enough(amrr)) { 3465 amrr->success++; 3466 if (amrr->success >= amrr->success_threshold && 3467 !is_max_rate(in)) { 3468 amrr->recovery = 1; 3469 amrr->success = 0; 3470 increase_rate(in); 3471 WPI_DBG((WPI_DEBUG_RATECTL, 3472 "AMRR increasing rate %d (txcnt=%d retrycnt=%d)\n", 3473 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3474 need_change = 1; 3475 } else { 3476 amrr->recovery = 0; 3477 } 3478 } else if (is_failure(amrr)) { 3479 amrr->success = 0; 3480 if (!is_min_rate(in)) { 3481 if (amrr->recovery) { 3482 amrr->success_threshold++; 3483 if (amrr->success_threshold > 3484 WPI_AMRR_MAX_SUCCESS_THRESHOLD) 3485 amrr->success_threshold = 3486 WPI_AMRR_MAX_SUCCESS_THRESHOLD; 3487 } else { 3488 amrr->success_threshold = 3489 WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3490 } 3491 decrease_rate(in); 3492 WPI_DBG((WPI_DEBUG_RATECTL, 3493 "AMRR decreasing rate %d (txcnt=%d retrycnt=%d)\n", 3494 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3495 need_change = 1; 3496 } 3497 amrr->recovery = 0; /* paper is incorrect */ 3498 } 3499 3500 if (is_enough(amrr) || need_change) 3501 reset_cnt(amrr); 3502 } 3503