1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright (c) 2006 8 * Damien Bergamini <damien.bergamini@free.fr> 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 */ 22 23 #pragma ident "%Z%%M% %I% %E% SMI" 24 25 /* 26 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 27 */ 28 29 #include <sys/types.h> 30 #include <sys/byteorder.h> 31 #include <sys/conf.h> 32 #include <sys/cmn_err.h> 33 #include <sys/stat.h> 34 #include <sys/ddi.h> 35 #include <sys/sunddi.h> 36 #include <sys/strsubr.h> 37 #include <sys/ethernet.h> 38 #include <inet/common.h> 39 #include <inet/nd.h> 40 #include <inet/mi.h> 41 #include <sys/note.h> 42 #include <sys/stream.h> 43 #include <sys/strsun.h> 44 #include <sys/modctl.h> 45 #include <sys/devops.h> 46 #include <sys/dlpi.h> 47 #include <sys/mac.h> 48 #include <sys/mac_wifi.h> 49 #include <sys/net80211.h> 50 #include <sys/net80211_proto.h> 51 #include <sys/varargs.h> 52 #include <sys/policy.h> 53 #include <sys/pci.h> 54 55 #include "wpireg.h" 56 #include "wpivar.h" 57 #include <inet/wifi_ioctl.h> 58 59 #ifdef DEBUG 60 #define WPI_DEBUG_80211 (1 << 0) 61 #define WPI_DEBUG_CMD (1 << 1) 62 #define WPI_DEBUG_DMA (1 << 2) 63 #define WPI_DEBUG_EEPROM (1 << 3) 64 #define WPI_DEBUG_FW (1 << 4) 65 #define WPI_DEBUG_HW (1 << 5) 66 #define WPI_DEBUG_INTR (1 << 6) 67 #define WPI_DEBUG_MRR (1 << 7) 68 #define WPI_DEBUG_PIO (1 << 8) 69 #define WPI_DEBUG_RX (1 << 9) 70 #define WPI_DEBUG_SCAN (1 << 10) 71 #define WPI_DEBUG_TX (1 << 11) 72 #define WPI_DEBUG_RATECTL (1 << 12) 73 #define WPI_DEBUG_RADIO (1 << 13) 74 #define WPI_DEBUG_RESUME (1 << 14) 75 uint32_t wpi_dbg_flags = 0; 76 #define WPI_DBG(x) \ 77 wpi_dbg x 78 #else 79 #define WPI_DBG(x) 80 #endif 81 82 static void *wpi_soft_state_p = NULL; 83 static uint8_t wpi_fw_bin [] = { 84 #include "fw-wpi/ipw3945.ucode.hex" 85 }; 86 87 /* DMA attributes for a shared page */ 88 static ddi_dma_attr_t sh_dma_attr = { 89 DMA_ATTR_V0, /* version of this structure */ 90 0, /* lowest usable address */ 91 0xffffffffU, /* highest usable address */ 92 0xffffffffU, /* maximum DMAable byte count */ 93 0x1000, /* alignment in bytes */ 94 0x1000, /* burst sizes (any?) */ 95 1, /* minimum transfer */ 96 0xffffffffU, /* maximum transfer */ 97 0xffffffffU, /* maximum segment length */ 98 1, /* maximum number of segments */ 99 1, /* granularity */ 100 0, /* flags (reserved) */ 101 }; 102 103 /* DMA attributes for a ring descriptor */ 104 static ddi_dma_attr_t ring_desc_dma_attr = { 105 DMA_ATTR_V0, /* version of this structure */ 106 0, /* lowest usable address */ 107 0xffffffffU, /* highest usable address */ 108 0xffffffffU, /* maximum DMAable byte count */ 109 0x4000, /* alignment in bytes */ 110 0x100, /* burst sizes (any?) */ 111 1, /* minimum transfer */ 112 0xffffffffU, /* maximum transfer */ 113 0xffffffffU, /* maximum segment length */ 114 1, /* maximum number of segments */ 115 1, /* granularity */ 116 0, /* flags (reserved) */ 117 }; 118 119 120 /* DMA attributes for a tx cmd */ 121 static ddi_dma_attr_t tx_cmd_dma_attr = { 122 DMA_ATTR_V0, /* version of this structure */ 123 0, /* lowest usable address */ 124 0xffffffffU, /* highest usable address */ 125 0xffffffffU, /* maximum DMAable byte count */ 126 4, /* alignment in bytes */ 127 0x100, /* burst sizes (any?) */ 128 1, /* minimum transfer */ 129 0xffffffffU, /* maximum transfer */ 130 0xffffffffU, /* maximum segment length */ 131 1, /* maximum number of segments */ 132 1, /* granularity */ 133 0, /* flags (reserved) */ 134 }; 135 136 /* DMA attributes for a rx buffer */ 137 static ddi_dma_attr_t rx_buffer_dma_attr = { 138 DMA_ATTR_V0, /* version of this structure */ 139 0, /* lowest usable address */ 140 0xffffffffU, /* highest usable address */ 141 0xffffffffU, /* maximum DMAable byte count */ 142 1, /* alignment in bytes */ 143 0x100, /* burst sizes (any?) */ 144 1, /* minimum transfer */ 145 0xffffffffU, /* maximum transfer */ 146 0xffffffffU, /* maximum segment length */ 147 1, /* maximum number of segments */ 148 1, /* granularity */ 149 0, /* flags (reserved) */ 150 }; 151 152 /* 153 * DMA attributes for a tx buffer. 154 * the maximum number of segments is 4 for the hardware. 155 * now all the wifi drivers put the whole frame in a single 156 * descriptor, so we define the maximum number of segments 4, 157 * just the same as the rx_buffer. we consider leverage the HW 158 * ability in the future, that is why we don't define rx and tx 159 * buffer_dma_attr as the same. 160 */ 161 static ddi_dma_attr_t tx_buffer_dma_attr = { 162 DMA_ATTR_V0, /* version of this structure */ 163 0, /* lowest usable address */ 164 0xffffffffU, /* highest usable address */ 165 0xffffffffU, /* maximum DMAable byte count */ 166 1, /* alignment in bytes */ 167 0x100, /* burst sizes (any?) */ 168 1, /* minimum transfer */ 169 0xffffffffU, /* maximum transfer */ 170 0xffffffffU, /* maximum segment length */ 171 1, /* maximum number of segments */ 172 1, /* granularity */ 173 0, /* flags (reserved) */ 174 }; 175 176 /* DMA attributes for a load firmware */ 177 static ddi_dma_attr_t fw_buffer_dma_attr = { 178 DMA_ATTR_V0, /* version of this structure */ 179 0, /* lowest usable address */ 180 0xffffffffU, /* highest usable address */ 181 0x7fffffff, /* maximum DMAable byte count */ 182 4, /* alignment in bytes */ 183 0x100, /* burst sizes (any?) */ 184 1, /* minimum transfer */ 185 0xffffffffU, /* maximum transfer */ 186 0xffffffffU, /* maximum segment length */ 187 4, /* maximum number of segments */ 188 1, /* granularity */ 189 0, /* flags (reserved) */ 190 }; 191 192 /* regs access attributes */ 193 static ddi_device_acc_attr_t wpi_reg_accattr = { 194 DDI_DEVICE_ATTR_V0, 195 DDI_STRUCTURE_LE_ACC, 196 DDI_STRICTORDER_ACC, 197 DDI_DEFAULT_ACC 198 }; 199 200 /* DMA access attributes */ 201 static ddi_device_acc_attr_t wpi_dma_accattr = { 202 DDI_DEVICE_ATTR_V0, 203 DDI_NEVERSWAP_ACC, 204 DDI_STRICTORDER_ACC, 205 DDI_DEFAULT_ACC 206 }; 207 208 static int wpi_ring_init(wpi_sc_t *); 209 static void wpi_ring_free(wpi_sc_t *); 210 static int wpi_alloc_shared(wpi_sc_t *); 211 static void wpi_free_shared(wpi_sc_t *); 212 static int wpi_alloc_fw_dma(wpi_sc_t *); 213 static void wpi_free_fw_dma(wpi_sc_t *); 214 static int wpi_alloc_rx_ring(wpi_sc_t *); 215 static void wpi_reset_rx_ring(wpi_sc_t *); 216 static void wpi_free_rx_ring(wpi_sc_t *); 217 static int wpi_alloc_tx_ring(wpi_sc_t *, wpi_tx_ring_t *, int, int); 218 static void wpi_reset_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 219 static void wpi_free_tx_ring(wpi_sc_t *, wpi_tx_ring_t *); 220 221 static ieee80211_node_t *wpi_node_alloc(ieee80211com_t *); 222 static void wpi_node_free(ieee80211_node_t *); 223 static int wpi_newstate(ieee80211com_t *, enum ieee80211_state, int); 224 static int wpi_key_set(ieee80211com_t *, const struct ieee80211_key *, 225 const uint8_t mac[IEEE80211_ADDR_LEN]); 226 static void wpi_mem_lock(wpi_sc_t *); 227 static void wpi_mem_unlock(wpi_sc_t *); 228 static uint32_t wpi_mem_read(wpi_sc_t *, uint16_t); 229 static void wpi_mem_write(wpi_sc_t *, uint16_t, uint32_t); 230 static void wpi_mem_write_region_4(wpi_sc_t *, uint16_t, 231 const uint32_t *, int); 232 static uint16_t wpi_read_prom_word(wpi_sc_t *, uint32_t); 233 static int wpi_load_microcode(wpi_sc_t *); 234 static int wpi_load_firmware(wpi_sc_t *, uint32_t); 235 static void wpi_rx_intr(wpi_sc_t *, wpi_rx_desc_t *, 236 wpi_rx_data_t *); 237 static void wpi_tx_intr(wpi_sc_t *, wpi_rx_desc_t *, 238 wpi_rx_data_t *); 239 static void wpi_cmd_intr(wpi_sc_t *, wpi_rx_desc_t *); 240 static uint_t wpi_intr(caddr_t); 241 static uint_t wpi_notif_softintr(caddr_t); 242 static uint8_t wpi_plcp_signal(int); 243 static void wpi_read_eeprom(wpi_sc_t *); 244 static int wpi_cmd(wpi_sc_t *, int, const void *, int, int); 245 static int wpi_mrr_setup(wpi_sc_t *); 246 static void wpi_set_led(wpi_sc_t *, uint8_t, uint8_t, uint8_t); 247 static int wpi_auth(wpi_sc_t *); 248 static int wpi_scan(wpi_sc_t *); 249 static int wpi_config(wpi_sc_t *); 250 static void wpi_stop_master(wpi_sc_t *); 251 static int wpi_power_up(wpi_sc_t *); 252 static int wpi_reset(wpi_sc_t *); 253 static void wpi_hw_config(wpi_sc_t *); 254 static int wpi_init(wpi_sc_t *); 255 static void wpi_stop(wpi_sc_t *); 256 static void wpi_amrr_init(wpi_amrr_t *); 257 static void wpi_amrr_timeout(wpi_sc_t *); 258 static void wpi_amrr_ratectl(void *, ieee80211_node_t *); 259 260 static int wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd); 261 static int wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd); 262 263 /* 264 * GLD specific operations 265 */ 266 static int wpi_m_stat(void *arg, uint_t stat, uint64_t *val); 267 static int wpi_m_start(void *arg); 268 static void wpi_m_stop(void *arg); 269 static int wpi_m_unicst(void *arg, const uint8_t *macaddr); 270 static int wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m); 271 static int wpi_m_promisc(void *arg, boolean_t on); 272 static mblk_t *wpi_m_tx(void *arg, mblk_t *mp); 273 static void wpi_m_ioctl(void *arg, queue_t *wq, mblk_t *mp); 274 275 static void wpi_destroy_locks(wpi_sc_t *sc); 276 static int wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type); 277 static void wpi_thread(wpi_sc_t *sc); 278 279 /* 280 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 281 */ 282 static const struct ieee80211_rateset wpi_rateset_11b = 283 { 4, { 2, 4, 11, 22 } }; 284 285 static const struct ieee80211_rateset wpi_rateset_11g = 286 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 287 288 static const uint8_t wpi_ridx_to_signal[] = { 289 /* OFDM: IEEE Std 802.11a-1999, pp. 14 Table 80 */ 290 /* R1-R4 (ral/ural is R4-R1) */ 291 0xd, 0xf, 0x5, 0x7, 0x9, 0xb, 0x1, 0x3, 292 /* CCK: device-dependent */ 293 10, 20, 55, 110 294 }; 295 296 /* 297 * For mfthread only 298 */ 299 extern pri_t minclsyspri; 300 301 /* 302 * Module Loading Data & Entry Points 303 */ 304 DDI_DEFINE_STREAM_OPS(wpi_devops, nulldev, nulldev, wpi_attach, 305 wpi_detach, nodev, NULL, D_MP, NULL); 306 307 static struct modldrv wpi_modldrv = { 308 &mod_driverops, 309 "Intel(R) PRO/Wireless 3945ABG driver", 310 &wpi_devops 311 }; 312 313 static struct modlinkage wpi_modlinkage = { 314 MODREV_1, 315 &wpi_modldrv, 316 NULL 317 }; 318 319 int 320 _init(void) 321 { 322 int status; 323 324 status = ddi_soft_state_init(&wpi_soft_state_p, 325 sizeof (wpi_sc_t), 1); 326 if (status != DDI_SUCCESS) 327 return (status); 328 329 mac_init_ops(&wpi_devops, "wpi"); 330 status = mod_install(&wpi_modlinkage); 331 if (status != DDI_SUCCESS) { 332 mac_fini_ops(&wpi_devops); 333 ddi_soft_state_fini(&wpi_soft_state_p); 334 } 335 336 return (status); 337 } 338 339 int 340 _fini(void) 341 { 342 int status; 343 344 status = mod_remove(&wpi_modlinkage); 345 if (status == DDI_SUCCESS) { 346 mac_fini_ops(&wpi_devops); 347 ddi_soft_state_fini(&wpi_soft_state_p); 348 } 349 350 return (status); 351 } 352 353 int 354 _info(struct modinfo *mip) 355 { 356 return (mod_info(&wpi_modlinkage, mip)); 357 } 358 359 /* 360 * Mac Call Back entries 361 */ 362 mac_callbacks_t wpi_m_callbacks = { 363 MC_IOCTL, 364 wpi_m_stat, 365 wpi_m_start, 366 wpi_m_stop, 367 wpi_m_promisc, 368 wpi_m_multicst, 369 wpi_m_unicst, 370 wpi_m_tx, 371 NULL, 372 wpi_m_ioctl 373 }; 374 375 #ifdef DEBUG 376 void 377 wpi_dbg(uint32_t flags, const char *fmt, ...) 378 { 379 va_list ap; 380 381 if (flags & wpi_dbg_flags) { 382 va_start(ap, fmt); 383 vcmn_err(CE_NOTE, fmt, ap); 384 va_end(ap); 385 } 386 } 387 #endif 388 /* 389 * device operations 390 */ 391 int 392 wpi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 393 { 394 wpi_sc_t *sc; 395 ddi_acc_handle_t cfg_handle; 396 caddr_t cfg_base; 397 ieee80211com_t *ic; 398 int instance, err, i; 399 char strbuf[32]; 400 wifi_data_t wd = { 0 }; 401 mac_register_t *macp; 402 403 switch (cmd) { 404 case DDI_ATTACH: 405 break; 406 case DDI_RESUME: 407 sc = ddi_get_soft_state(wpi_soft_state_p, 408 ddi_get_instance(dip)); 409 ASSERT(sc != NULL); 410 mutex_enter(&sc->sc_glock); 411 sc->sc_flags &= ~WPI_F_SUSPEND; 412 mutex_exit(&sc->sc_glock); 413 if (sc->sc_flags & WPI_F_RUNNING) { 414 (void) wpi_init(sc); 415 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 416 } 417 WPI_DBG((WPI_DEBUG_RESUME, "wpi: resume \n")); 418 return (DDI_SUCCESS); 419 default: 420 err = DDI_FAILURE; 421 goto attach_fail1; 422 } 423 424 instance = ddi_get_instance(dip); 425 err = ddi_soft_state_zalloc(wpi_soft_state_p, instance); 426 if (err != DDI_SUCCESS) { 427 cmn_err(CE_WARN, 428 "wpi_attach(): failed to allocate soft state\n"); 429 goto attach_fail1; 430 } 431 sc = ddi_get_soft_state(wpi_soft_state_p, instance); 432 sc->sc_dip = dip; 433 434 err = ddi_regs_map_setup(dip, 0, &cfg_base, 0, 0, 435 &wpi_reg_accattr, &cfg_handle); 436 if (err != DDI_SUCCESS) { 437 cmn_err(CE_WARN, 438 "wpi_attach(): failed to map config spaces regs\n"); 439 goto attach_fail2; 440 } 441 sc->sc_rev = ddi_get8(cfg_handle, 442 (uint8_t *)(cfg_base + PCI_CONF_REVID)); 443 ddi_put8(cfg_handle, (uint8_t *)(cfg_base + 0x41), 0); 444 sc->sc_clsz = ddi_get16(cfg_handle, 445 (uint16_t *)(cfg_base + PCI_CONF_CACHE_LINESZ)); 446 ddi_regs_map_free(&cfg_handle); 447 if (!sc->sc_clsz) 448 sc->sc_clsz = 16; 449 sc->sc_clsz = (sc->sc_clsz << 2); 450 sc->sc_dmabuf_sz = roundup(0x1000 + sizeof (struct ieee80211_frame) + 451 IEEE80211_MTU + IEEE80211_CRC_LEN + 452 (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + 453 IEEE80211_WEP_CRCLEN), sc->sc_clsz); 454 /* 455 * Map operating registers 456 */ 457 err = ddi_regs_map_setup(dip, 1, &sc->sc_base, 458 0, 0, &wpi_reg_accattr, &sc->sc_handle); 459 if (err != DDI_SUCCESS) { 460 cmn_err(CE_WARN, 461 "wpi_attach(): failed to map device regs\n"); 462 goto attach_fail2; 463 } 464 465 /* 466 * Allocate shared page. 467 */ 468 err = wpi_alloc_shared(sc); 469 if (err != DDI_SUCCESS) { 470 cmn_err(CE_WARN, "failed to allocate shared page\n"); 471 goto attach_fail3; 472 } 473 474 /* 475 * Get the hw conf, including MAC address, then init all rings. 476 */ 477 wpi_read_eeprom(sc); 478 err = wpi_ring_init(sc); 479 if (err != DDI_SUCCESS) { 480 cmn_err(CE_WARN, "wpi_attach(): " 481 "failed to allocate and initialize ring\n"); 482 goto attach_fail4; 483 } 484 485 sc->sc_hdr = (const wpi_firmware_hdr_t *)wpi_fw_bin; 486 487 /* firmware image layout: |HDR|<--TEXT-->|<--DATA-->|<--BOOT-->| */ 488 sc->sc_text = (const char *)(sc->sc_hdr + 1); 489 sc->sc_data = sc->sc_text + LE_32(sc->sc_hdr->textsz); 490 sc->sc_boot = sc->sc_data + LE_32(sc->sc_hdr->datasz); 491 err = wpi_alloc_fw_dma(sc); 492 if (err != DDI_SUCCESS) { 493 cmn_err(CE_WARN, "wpi_attach(): " 494 "failed to allocate firmware dma\n"); 495 goto attach_fail5; 496 } 497 498 /* 499 * Initialize mutexs and condvars 500 */ 501 err = ddi_get_iblock_cookie(dip, 0, &sc->sc_iblk); 502 if (err != DDI_SUCCESS) { 503 cmn_err(CE_WARN, 504 "wpi_attach(): failed to do ddi_get_iblock_cookie()\n"); 505 goto attach_fail6; 506 } 507 mutex_init(&sc->sc_glock, NULL, MUTEX_DRIVER, sc->sc_iblk); 508 mutex_init(&sc->sc_tx_lock, NULL, MUTEX_DRIVER, sc->sc_iblk); 509 cv_init(&sc->sc_fw_cv, NULL, CV_DRIVER, NULL); 510 cv_init(&sc->sc_cmd_cv, NULL, CV_DRIVER, NULL); 511 cv_init(&sc->sc_tx_cv, "tx-ring", CV_DRIVER, NULL); 512 /* 513 * initialize the mfthread 514 */ 515 mutex_init(&sc->sc_mt_lock, NULL, MUTEX_DRIVER, 516 (void *) sc->sc_iblk); 517 cv_init(&sc->sc_mt_cv, NULL, CV_DRIVER, NULL); 518 sc->sc_mf_thread = NULL; 519 sc->sc_mf_thread_switch = 0; 520 /* 521 * Initialize the wifi part, which will be used by 522 * generic layer 523 */ 524 ic = &sc->sc_ic; 525 ic->ic_phytype = IEEE80211_T_OFDM; 526 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 527 ic->ic_state = IEEE80211_S_INIT; 528 ic->ic_maxrssi = 70; /* experimental number */ 529 ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_TXPMGT | 530 IEEE80211_C_PMGT | IEEE80211_C_SHSLOT; 531 532 /* 533 * use software WEP and TKIP, hardware CCMP; 534 */ 535 ic->ic_caps |= IEEE80211_C_AES_CCM; 536 ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */ 537 538 /* set supported .11b and .11g rates */ 539 ic->ic_sup_rates[IEEE80211_MODE_11B] = wpi_rateset_11b; 540 ic->ic_sup_rates[IEEE80211_MODE_11G] = wpi_rateset_11g; 541 542 /* set supported .11b and .11g channels (1 through 14) */ 543 for (i = 1; i <= 14; i++) { 544 ic->ic_sup_channels[i].ich_freq = 545 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 546 ic->ic_sup_channels[i].ich_flags = 547 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 548 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 549 } 550 ic->ic_ibss_chan = &ic->ic_sup_channels[0]; 551 ic->ic_xmit = wpi_send; 552 /* 553 * init Wifi layer 554 */ 555 ieee80211_attach(ic); 556 557 /* register WPA door */ 558 ieee80211_register_door(ic, ddi_driver_name(dip), 559 ddi_get_instance(dip)); 560 561 /* 562 * Override 80211 default routines 563 */ 564 sc->sc_newstate = ic->ic_newstate; 565 ic->ic_newstate = wpi_newstate; 566 ic->ic_node_alloc = wpi_node_alloc; 567 ic->ic_node_free = wpi_node_free; 568 ic->ic_crypto.cs_key_set = wpi_key_set; 569 ieee80211_media_init(ic); 570 /* 571 * initialize default tx key 572 */ 573 ic->ic_def_txkey = 0; 574 575 err = ddi_add_softintr(dip, DDI_SOFTINT_LOW, 576 &sc->sc_notif_softint_id, &sc->sc_iblk, NULL, wpi_notif_softintr, 577 (caddr_t)sc); 578 if (err != DDI_SUCCESS) { 579 cmn_err(CE_WARN, 580 "wpi_attach(): failed to do ddi_add_softintr()\n"); 581 goto attach_fail7; 582 } 583 584 /* 585 * Add the interrupt handler 586 */ 587 err = ddi_add_intr(dip, 0, &sc->sc_iblk, NULL, 588 wpi_intr, (caddr_t)sc); 589 if (err != DDI_SUCCESS) { 590 cmn_err(CE_WARN, 591 "wpi_attach(): failed to do ddi_add_intr()\n"); 592 goto attach_fail8; 593 } 594 595 /* 596 * Initialize pointer to device specific functions 597 */ 598 wd.wd_secalloc = WIFI_SEC_NONE; 599 wd.wd_opmode = ic->ic_opmode; 600 IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_macaddr); 601 602 macp = mac_alloc(MAC_VERSION); 603 if (err != DDI_SUCCESS) { 604 cmn_err(CE_WARN, 605 "wpi_attach(): failed to do mac_alloc()\n"); 606 goto attach_fail9; 607 } 608 609 macp->m_type_ident = MAC_PLUGIN_IDENT_WIFI; 610 macp->m_driver = sc; 611 macp->m_dip = dip; 612 macp->m_src_addr = ic->ic_macaddr; 613 macp->m_callbacks = &wpi_m_callbacks; 614 macp->m_min_sdu = 0; 615 macp->m_max_sdu = IEEE80211_MTU; 616 macp->m_pdata = &wd; 617 macp->m_pdata_size = sizeof (wd); 618 619 /* 620 * Register the macp to mac 621 */ 622 err = mac_register(macp, &ic->ic_mach); 623 mac_free(macp); 624 if (err != DDI_SUCCESS) { 625 cmn_err(CE_WARN, 626 "wpi_attach(): failed to do mac_register()\n"); 627 goto attach_fail9; 628 } 629 630 /* 631 * Create minor node of type DDI_NT_NET_WIFI 632 */ 633 (void) snprintf(strbuf, sizeof (strbuf), "wpi%d", instance); 634 err = ddi_create_minor_node(dip, strbuf, S_IFCHR, 635 instance + 1, DDI_NT_NET_WIFI, 0); 636 if (err != DDI_SUCCESS) 637 cmn_err(CE_WARN, 638 "wpi_attach(): failed to do ddi_create_minor_node()\n"); 639 640 /* 641 * Notify link is down now 642 */ 643 mac_link_update(ic->ic_mach, LINK_STATE_DOWN); 644 645 /* 646 * create the mf thread to handle the link status, 647 * recovery fatal error, etc. 648 */ 649 650 sc->sc_mf_thread_switch = 1; 651 if (sc->sc_mf_thread == NULL) 652 sc->sc_mf_thread = thread_create((caddr_t)NULL, 0, 653 wpi_thread, sc, 0, &p0, TS_RUN, minclsyspri); 654 655 sc->sc_flags |= WPI_F_ATTACHED; 656 657 return (DDI_SUCCESS); 658 attach_fail9: 659 ddi_remove_intr(dip, 0, sc->sc_iblk); 660 attach_fail8: 661 ddi_remove_softintr(sc->sc_notif_softint_id); 662 sc->sc_notif_softint_id = NULL; 663 attach_fail7: 664 ieee80211_detach(ic); 665 wpi_destroy_locks(sc); 666 attach_fail6: 667 wpi_free_fw_dma(sc); 668 attach_fail5: 669 wpi_ring_free(sc); 670 attach_fail4: 671 wpi_free_shared(sc); 672 attach_fail3: 673 ddi_regs_map_free(&sc->sc_handle); 674 attach_fail2: 675 ddi_soft_state_free(wpi_soft_state_p, instance); 676 attach_fail1: 677 return (err); 678 } 679 680 int 681 wpi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 682 { 683 wpi_sc_t *sc; 684 int err; 685 686 sc = ddi_get_soft_state(wpi_soft_state_p, ddi_get_instance(dip)); 687 ASSERT(sc != NULL); 688 689 switch (cmd) { 690 case DDI_DETACH: 691 break; 692 case DDI_SUSPEND: 693 if (sc->sc_flags & WPI_F_RUNNING) { 694 wpi_stop(sc); 695 } 696 mutex_enter(&sc->sc_glock); 697 sc->sc_flags |= WPI_F_SUSPEND; 698 mutex_exit(&sc->sc_glock); 699 WPI_DBG((WPI_DEBUG_RESUME, "wpi: suspend \n")); 700 return (DDI_SUCCESS); 701 default: 702 return (DDI_FAILURE); 703 } 704 if (!(sc->sc_flags & WPI_F_ATTACHED)) 705 return (DDI_FAILURE); 706 707 /* 708 * Destroy the mf_thread 709 */ 710 mutex_enter(&sc->sc_mt_lock); 711 sc->sc_mf_thread_switch = 0; 712 while (sc->sc_mf_thread != NULL) { 713 if (cv_wait_sig(&sc->sc_mt_cv, &sc->sc_mt_lock) == 0) 714 break; 715 } 716 mutex_exit(&sc->sc_mt_lock); 717 718 wpi_stop(sc); 719 720 /* 721 * Unregiste from the MAC layer subsystem 722 */ 723 err = mac_unregister(sc->sc_ic.ic_mach); 724 if (err != DDI_SUCCESS) 725 return (err); 726 727 mutex_enter(&sc->sc_glock); 728 wpi_free_fw_dma(sc); 729 wpi_ring_free(sc); 730 wpi_free_shared(sc); 731 mutex_exit(&sc->sc_glock); 732 733 ddi_remove_intr(dip, 0, sc->sc_iblk); 734 ddi_remove_softintr(sc->sc_notif_softint_id); 735 sc->sc_notif_softint_id = NULL; 736 737 /* 738 * detach ieee80211 739 */ 740 ieee80211_detach(&sc->sc_ic); 741 742 wpi_destroy_locks(sc); 743 744 ddi_regs_map_free(&sc->sc_handle); 745 ddi_remove_minor_node(dip, NULL); 746 ddi_soft_state_free(wpi_soft_state_p, ddi_get_instance(dip)); 747 748 return (DDI_SUCCESS); 749 } 750 751 static void 752 wpi_destroy_locks(wpi_sc_t *sc) 753 { 754 cv_destroy(&sc->sc_mt_cv); 755 mutex_destroy(&sc->sc_mt_lock); 756 cv_destroy(&sc->sc_tx_cv); 757 cv_destroy(&sc->sc_cmd_cv); 758 cv_destroy(&sc->sc_fw_cv); 759 mutex_destroy(&sc->sc_tx_lock); 760 mutex_destroy(&sc->sc_glock); 761 } 762 763 /* 764 * Allocate an area of memory and a DMA handle for accessing it 765 */ 766 static int 767 wpi_alloc_dma_mem(wpi_sc_t *sc, size_t memsize, ddi_dma_attr_t *dma_attr_p, 768 ddi_device_acc_attr_t *acc_attr_p, uint_t dma_flags, wpi_dma_t *dma_p) 769 { 770 caddr_t vaddr; 771 int err; 772 773 /* 774 * Allocate handle 775 */ 776 err = ddi_dma_alloc_handle(sc->sc_dip, dma_attr_p, 777 DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl); 778 if (err != DDI_SUCCESS) { 779 dma_p->dma_hdl = NULL; 780 return (DDI_FAILURE); 781 } 782 783 /* 784 * Allocate memory 785 */ 786 err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, acc_attr_p, 787 dma_flags & (DDI_DMA_CONSISTENT | DDI_DMA_STREAMING), 788 DDI_DMA_SLEEP, NULL, &vaddr, &dma_p->alength, &dma_p->acc_hdl); 789 if (err != DDI_SUCCESS) { 790 ddi_dma_free_handle(&dma_p->dma_hdl); 791 dma_p->dma_hdl = NULL; 792 dma_p->acc_hdl = NULL; 793 return (DDI_FAILURE); 794 } 795 796 /* 797 * Bind the two together 798 */ 799 dma_p->mem_va = vaddr; 800 err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL, 801 vaddr, dma_p->alength, dma_flags, DDI_DMA_SLEEP, NULL, 802 &dma_p->cookie, &dma_p->ncookies); 803 if (err != DDI_DMA_MAPPED) { 804 ddi_dma_mem_free(&dma_p->acc_hdl); 805 ddi_dma_free_handle(&dma_p->dma_hdl); 806 dma_p->acc_hdl = NULL; 807 dma_p->dma_hdl = NULL; 808 return (DDI_FAILURE); 809 } 810 811 dma_p->nslots = ~0U; 812 dma_p->size = ~0U; 813 dma_p->token = ~0U; 814 dma_p->offset = 0; 815 return (DDI_SUCCESS); 816 } 817 818 /* 819 * Free one allocated area of DMAable memory 820 */ 821 static void 822 wpi_free_dma_mem(wpi_dma_t *dma_p) 823 { 824 if (dma_p->dma_hdl != NULL) { 825 if (dma_p->ncookies) { 826 (void) ddi_dma_unbind_handle(dma_p->dma_hdl); 827 dma_p->ncookies = 0; 828 } 829 ddi_dma_free_handle(&dma_p->dma_hdl); 830 dma_p->dma_hdl = NULL; 831 } 832 833 if (dma_p->acc_hdl != NULL) { 834 ddi_dma_mem_free(&dma_p->acc_hdl); 835 dma_p->acc_hdl = NULL; 836 } 837 } 838 839 /* 840 * Allocate an area of dma memory for firmware load. 841 * Idealy, this allocation should be a one time action, that is, 842 * the memory will be freed after the firmware is uploaded to the 843 * card. but since a recovery mechanism for the fatal firmware need 844 * reload the firmware, and re-allocate dma at run time may be failed, 845 * so we allocate it at attach and keep it in the whole lifecycle of 846 * the driver. 847 */ 848 static int 849 wpi_alloc_fw_dma(wpi_sc_t *sc) 850 { 851 int i, err = DDI_SUCCESS; 852 wpi_dma_t *dma_p; 853 854 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->textsz), 855 &fw_buffer_dma_attr, &wpi_dma_accattr, 856 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 857 &sc->sc_dma_fw_text); 858 dma_p = &sc->sc_dma_fw_text; 859 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 860 dma_p->ncookies, dma_p->cookie.dmac_address, 861 dma_p->cookie.dmac_size)); 862 if (err != DDI_SUCCESS) { 863 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 864 "text dma memory"); 865 goto fail; 866 } 867 for (i = 0; i < dma_p->ncookies; i++) { 868 sc->sc_fw_text_cookie[i] = dma_p->cookie; 869 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 870 } 871 err = wpi_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz), 872 &fw_buffer_dma_attr, &wpi_dma_accattr, 873 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 874 &sc->sc_dma_fw_data); 875 dma_p = &sc->sc_dma_fw_data; 876 WPI_DBG((WPI_DEBUG_DMA, "ncookies:%d addr1:%x size1:%x\n", 877 dma_p->ncookies, dma_p->cookie.dmac_address, 878 dma_p->cookie.dmac_size)); 879 if (err != DDI_SUCCESS) { 880 cmn_err(CE_WARN, "wpi_alloc_fw_dma(): failed to alloc" 881 "data dma memory"); 882 goto fail; 883 } 884 for (i = 0; i < dma_p->ncookies; i++) { 885 sc->sc_fw_data_cookie[i] = dma_p->cookie; 886 ddi_dma_nextcookie(dma_p->dma_hdl, &dma_p->cookie); 887 } 888 fail: 889 return (err); 890 } 891 892 static void 893 wpi_free_fw_dma(wpi_sc_t *sc) 894 { 895 wpi_free_dma_mem(&sc->sc_dma_fw_text); 896 wpi_free_dma_mem(&sc->sc_dma_fw_data); 897 } 898 899 /* 900 * Allocate a shared page between host and NIC. 901 */ 902 static int 903 wpi_alloc_shared(wpi_sc_t *sc) 904 { 905 int err = DDI_SUCCESS; 906 907 /* must be aligned on a 4K-page boundary */ 908 err = wpi_alloc_dma_mem(sc, sizeof (wpi_shared_t), 909 &sh_dma_attr, &wpi_dma_accattr, 910 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 911 &sc->sc_dma_sh); 912 if (err != DDI_SUCCESS) 913 goto fail; 914 sc->sc_shared = (wpi_shared_t *)sc->sc_dma_sh.mem_va; 915 return (err); 916 917 fail: 918 wpi_free_shared(sc); 919 return (err); 920 } 921 922 static void 923 wpi_free_shared(wpi_sc_t *sc) 924 { 925 wpi_free_dma_mem(&sc->sc_dma_sh); 926 } 927 928 static int 929 wpi_alloc_rx_ring(wpi_sc_t *sc) 930 { 931 wpi_rx_ring_t *ring; 932 wpi_rx_data_t *data; 933 int i, err = DDI_SUCCESS; 934 935 ring = &sc->sc_rxq; 936 ring->cur = 0; 937 938 err = wpi_alloc_dma_mem(sc, WPI_RX_RING_COUNT * sizeof (uint32_t), 939 &ring_desc_dma_attr, &wpi_dma_accattr, 940 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 941 &ring->dma_desc); 942 if (err != DDI_SUCCESS) { 943 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring desc failed\n")); 944 goto fail; 945 } 946 ring->desc = (uint32_t *)ring->dma_desc.mem_va; 947 948 /* 949 * Allocate Rx buffers. 950 */ 951 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 952 data = &ring->data[i]; 953 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 954 &rx_buffer_dma_attr, &wpi_dma_accattr, 955 DDI_DMA_READ | DDI_DMA_STREAMING, 956 &data->dma_data); 957 if (err != DDI_SUCCESS) { 958 WPI_DBG((WPI_DEBUG_DMA, "dma alloc rx ring buf[%d] " 959 "failed\n", i)); 960 goto fail; 961 } 962 963 ring->desc[i] = LE_32(data->dma_data.cookie.dmac_address); 964 } 965 966 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 967 968 return (err); 969 970 fail: 971 wpi_free_rx_ring(sc); 972 return (err); 973 } 974 975 static void 976 wpi_reset_rx_ring(wpi_sc_t *sc) 977 { 978 int ntries; 979 980 wpi_mem_lock(sc); 981 982 WPI_WRITE(sc, WPI_RX_CONFIG, 0); 983 for (ntries = 0; ntries < 2000; ntries++) { 984 if (WPI_READ(sc, WPI_RX_STATUS) & WPI_RX_IDLE) 985 break; 986 DELAY(1000); 987 } 988 #ifdef DEBUG 989 if (ntries == 2000) 990 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Rx ring\n")); 991 #endif 992 wpi_mem_unlock(sc); 993 994 sc->sc_rxq.cur = 0; 995 } 996 997 static void 998 wpi_free_rx_ring(wpi_sc_t *sc) 999 { 1000 int i; 1001 1002 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1003 if (sc->sc_rxq.data[i].dma_data.dma_hdl) 1004 WPI_DMA_SYNC(sc->sc_rxq.data[i].dma_data, 1005 DDI_DMA_SYNC_FORCPU); 1006 wpi_free_dma_mem(&sc->sc_rxq.data[i].dma_data); 1007 } 1008 1009 if (sc->sc_rxq.dma_desc.dma_hdl) 1010 WPI_DMA_SYNC(sc->sc_rxq.dma_desc, DDI_DMA_SYNC_FORDEV); 1011 wpi_free_dma_mem(&sc->sc_rxq.dma_desc); 1012 } 1013 1014 static int 1015 wpi_alloc_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring, int count, int qid) 1016 { 1017 wpi_tx_data_t *data; 1018 wpi_tx_desc_t *desc_h; 1019 uint32_t paddr_desc_h; 1020 wpi_tx_cmd_t *cmd_h; 1021 uint32_t paddr_cmd_h; 1022 int i, err = DDI_SUCCESS; 1023 1024 ring->qid = qid; 1025 ring->count = count; 1026 ring->queued = 0; 1027 ring->cur = 0; 1028 1029 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_desc_t), 1030 &ring_desc_dma_attr, &wpi_dma_accattr, 1031 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1032 &ring->dma_desc); 1033 if (err != DDI_SUCCESS) { 1034 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring desc[%d] failed\n", 1035 qid)); 1036 goto fail; 1037 } 1038 1039 /* update shared page with ring's base address */ 1040 sc->sc_shared->txbase[qid] = ring->dma_desc.cookie.dmac_address; 1041 1042 desc_h = (wpi_tx_desc_t *)ring->dma_desc.mem_va; 1043 paddr_desc_h = ring->dma_desc.cookie.dmac_address; 1044 1045 err = wpi_alloc_dma_mem(sc, count * sizeof (wpi_tx_cmd_t), 1046 &tx_cmd_dma_attr, &wpi_dma_accattr, 1047 DDI_DMA_RDWR | DDI_DMA_CONSISTENT, 1048 &ring->dma_cmd); 1049 if (err != DDI_SUCCESS) { 1050 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring cmd[%d] failed\n", 1051 qid)); 1052 goto fail; 1053 } 1054 1055 cmd_h = (wpi_tx_cmd_t *)ring->dma_cmd.mem_va; 1056 paddr_cmd_h = ring->dma_cmd.cookie.dmac_address; 1057 1058 /* 1059 * Allocate Tx buffers. 1060 */ 1061 ring->data = kmem_zalloc(sizeof (wpi_tx_data_t) * count, KM_NOSLEEP); 1062 if (ring->data == NULL) { 1063 WPI_DBG((WPI_DEBUG_DMA, "could not allocate tx data slots\n")); 1064 goto fail; 1065 } 1066 1067 for (i = 0; i < count; i++) { 1068 data = &ring->data[i]; 1069 err = wpi_alloc_dma_mem(sc, sc->sc_dmabuf_sz, 1070 &tx_buffer_dma_attr, &wpi_dma_accattr, 1071 DDI_DMA_WRITE | DDI_DMA_STREAMING, 1072 &data->dma_data); 1073 if (err != DDI_SUCCESS) { 1074 WPI_DBG((WPI_DEBUG_DMA, "dma alloc tx ring buf[%d] " 1075 "failed\n", i)); 1076 goto fail; 1077 } 1078 1079 data->desc = desc_h + i; 1080 data->paddr_desc = paddr_desc_h + 1081 ((caddr_t)data->desc - (caddr_t)desc_h); 1082 data->cmd = cmd_h + i; 1083 data->paddr_cmd = paddr_cmd_h + 1084 ((caddr_t)data->cmd - (caddr_t)cmd_h); 1085 } 1086 1087 return (err); 1088 1089 fail: 1090 if (ring->data) 1091 kmem_free(ring->data, sizeof (wpi_tx_data_t) * count); 1092 wpi_free_tx_ring(sc, ring); 1093 return (err); 1094 } 1095 1096 static void 1097 wpi_reset_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1098 { 1099 wpi_tx_data_t *data; 1100 int i, ntries; 1101 1102 wpi_mem_lock(sc); 1103 1104 WPI_WRITE(sc, WPI_TX_CONFIG(ring->qid), 0); 1105 for (ntries = 0; ntries < 100; ntries++) { 1106 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(ring->qid)) 1107 break; 1108 DELAY(10); 1109 } 1110 #ifdef DEBUG 1111 if (ntries == 100 && wpi_dbg_flags > 0) { 1112 WPI_DBG((WPI_DEBUG_DMA, "timeout resetting Tx ring %d\n", 1113 ring->qid)); 1114 } 1115 #endif 1116 wpi_mem_unlock(sc); 1117 1118 for (i = 0; i < ring->count; i++) { 1119 data = &ring->data[i]; 1120 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 1121 } 1122 1123 ring->queued = 0; 1124 ring->cur = 0; 1125 } 1126 1127 /*ARGSUSED*/ 1128 static void 1129 wpi_free_tx_ring(wpi_sc_t *sc, wpi_tx_ring_t *ring) 1130 { 1131 int i; 1132 1133 if (ring->dma_desc.dma_hdl != NULL) 1134 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 1135 wpi_free_dma_mem(&ring->dma_desc); 1136 1137 if (ring->dma_cmd.dma_hdl != NULL) 1138 WPI_DMA_SYNC(ring->dma_cmd, DDI_DMA_SYNC_FORDEV); 1139 wpi_free_dma_mem(&ring->dma_cmd); 1140 1141 if (ring->data != NULL) { 1142 for (i = 0; i < ring->count; i++) { 1143 if (ring->data[i].dma_data.dma_hdl) 1144 WPI_DMA_SYNC(ring->data[i].dma_data, 1145 DDI_DMA_SYNC_FORDEV); 1146 wpi_free_dma_mem(&ring->data[i].dma_data); 1147 } 1148 kmem_free(ring->data, ring->count * sizeof (wpi_tx_data_t)); 1149 } 1150 } 1151 1152 static int 1153 wpi_ring_init(wpi_sc_t *sc) 1154 { 1155 int i, err = DDI_SUCCESS; 1156 1157 for (i = 0; i < 4; i++) { 1158 err = wpi_alloc_tx_ring(sc, &sc->sc_txq[i], WPI_TX_RING_COUNT, 1159 i); 1160 if (err != DDI_SUCCESS) 1161 goto fail; 1162 } 1163 err = wpi_alloc_tx_ring(sc, &sc->sc_cmdq, WPI_CMD_RING_COUNT, 4); 1164 if (err != DDI_SUCCESS) 1165 goto fail; 1166 err = wpi_alloc_tx_ring(sc, &sc->sc_svcq, WPI_SVC_RING_COUNT, 5); 1167 if (err != DDI_SUCCESS) 1168 goto fail; 1169 err = wpi_alloc_rx_ring(sc); 1170 if (err != DDI_SUCCESS) 1171 goto fail; 1172 return (err); 1173 1174 fail: 1175 return (err); 1176 } 1177 1178 static void 1179 wpi_ring_free(wpi_sc_t *sc) 1180 { 1181 int i = 4; 1182 1183 wpi_free_rx_ring(sc); 1184 wpi_free_tx_ring(sc, &sc->sc_svcq); 1185 wpi_free_tx_ring(sc, &sc->sc_cmdq); 1186 while (--i >= 0) { 1187 wpi_free_tx_ring(sc, &sc->sc_txq[i]); 1188 } 1189 } 1190 1191 /* ARGSUSED */ 1192 static ieee80211_node_t * 1193 wpi_node_alloc(ieee80211com_t *ic) 1194 { 1195 wpi_amrr_t *amrr; 1196 1197 amrr = kmem_zalloc(sizeof (wpi_amrr_t), KM_SLEEP); 1198 if (amrr != NULL) 1199 wpi_amrr_init(amrr); 1200 return (&amrr->in); 1201 } 1202 1203 static void 1204 wpi_node_free(ieee80211_node_t *in) 1205 { 1206 ieee80211com_t *ic = in->in_ic; 1207 1208 ic->ic_node_cleanup(in); 1209 if (in->in_wpa_ie != NULL) 1210 ieee80211_free(in->in_wpa_ie); 1211 kmem_free(in, sizeof (wpi_amrr_t)); 1212 } 1213 1214 /*ARGSUSED*/ 1215 static int 1216 wpi_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg) 1217 { 1218 wpi_sc_t *sc = (wpi_sc_t *)ic; 1219 ieee80211_node_t *in = ic->ic_bss; 1220 enum ieee80211_state ostate; 1221 int i, err = WPI_SUCCESS; 1222 1223 mutex_enter(&sc->sc_glock); 1224 switch (nstate) { 1225 case IEEE80211_S_SCAN: 1226 ostate = ic->ic_state; 1227 switch (ostate) { 1228 default: 1229 break; 1230 case IEEE80211_S_INIT: 1231 /* make the link LED blink while we're scanning */ 1232 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 1233 1234 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1235 if ((err = wpi_scan(sc)) != 0) { 1236 WPI_DBG((WPI_DEBUG_80211, 1237 "could not initiate scan\n")); 1238 ic->ic_flags &= ~(IEEE80211_F_SCAN | 1239 IEEE80211_F_ASCAN); 1240 mutex_exit(&sc->sc_glock); 1241 return (err); 1242 } 1243 break; 1244 } 1245 ic->ic_state = nstate; 1246 sc->sc_clk = 0; 1247 1248 mutex_exit(&sc->sc_glock); 1249 return (WPI_SUCCESS); 1250 1251 case IEEE80211_S_AUTH: 1252 /* reset state to handle reassociations correctly */ 1253 sc->sc_config.state = 0; 1254 sc->sc_config.filter &= ~LE_32(WPI_FILTER_BSS); 1255 1256 if ((err = wpi_auth(sc)) != 0) { 1257 WPI_DBG((WPI_DEBUG_80211, 1258 "could not send authentication request\n")); 1259 mutex_exit(&sc->sc_glock); 1260 return (err); 1261 } 1262 break; 1263 1264 case IEEE80211_S_RUN: 1265 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1266 /* link LED blinks while monitoring */ 1267 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 1268 break; 1269 } 1270 1271 if (ic->ic_opmode != IEEE80211_M_STA) { 1272 (void) wpi_auth(sc); 1273 /* need setup beacon here */ 1274 } 1275 WPI_DBG((WPI_DEBUG_80211, "wpi: associated.")); 1276 1277 /* update adapter's configuration */ 1278 sc->sc_config.state = LE_16(WPI_CONFIG_ASSOCIATED); 1279 /* short preamble/slot time are negotiated when associating */ 1280 sc->sc_config.flags &= ~LE_32(WPI_CONFIG_SHPREAMBLE | 1281 WPI_CONFIG_SHSLOT); 1282 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1283 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHSLOT); 1284 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1285 sc->sc_config.flags |= LE_32(WPI_CONFIG_SHPREAMBLE); 1286 sc->sc_config.filter |= LE_32(WPI_FILTER_BSS); 1287 if (ic->ic_opmode != IEEE80211_M_STA) 1288 sc->sc_config.filter |= LE_32(WPI_FILTER_BEACON); 1289 1290 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x\n", 1291 sc->sc_config.chan, sc->sc_config.flags)); 1292 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 1293 sizeof (wpi_config_t), 1); 1294 if (err != WPI_SUCCESS) { 1295 WPI_DBG((WPI_DEBUG_80211, 1296 "could not update configuration\n")); 1297 mutex_exit(&sc->sc_glock); 1298 return (err); 1299 } 1300 1301 /* start automatic rate control */ 1302 mutex_enter(&sc->sc_mt_lock); 1303 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1304 sc->sc_flags |= WPI_F_RATE_AUTO_CTL; 1305 /* set rate to some reasonable initial value */ 1306 i = in->in_rates.ir_nrates - 1; 1307 while (i > 0 && IEEE80211_RATE(i) > 72) 1308 i--; 1309 in->in_txrate = i; 1310 } else { 1311 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 1312 } 1313 mutex_exit(&sc->sc_mt_lock); 1314 1315 /* link LED always on while associated */ 1316 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 1317 break; 1318 1319 case IEEE80211_S_INIT: 1320 case IEEE80211_S_ASSOC: 1321 break; 1322 } 1323 1324 mutex_exit(&sc->sc_glock); 1325 return (sc->sc_newstate(ic, nstate, arg)); 1326 } 1327 1328 /*ARGSUSED*/ 1329 static int wpi_key_set(ieee80211com_t *ic, const struct ieee80211_key *k, 1330 const uint8_t mac[IEEE80211_ADDR_LEN]) 1331 { 1332 wpi_sc_t *sc = (wpi_sc_t *)ic; 1333 wpi_node_t node; 1334 int err; 1335 1336 switch (k->wk_cipher->ic_cipher) { 1337 case IEEE80211_CIPHER_WEP: 1338 case IEEE80211_CIPHER_TKIP: 1339 return (1); /* sofeware do it. */ 1340 case IEEE80211_CIPHER_AES_CCM: 1341 break; 1342 default: 1343 return (0); 1344 } 1345 sc->sc_config.filter &= ~(WPI_FILTER_NODECRYPTUNI | 1346 WPI_FILTER_NODECRYPTMUL); 1347 1348 mutex_enter(&sc->sc_glock); 1349 1350 /* update ap/multicast node */ 1351 (void) memset(&node, 0, sizeof (node)); 1352 if (IEEE80211_IS_MULTICAST(mac)) { 1353 (void) memset(node.bssid, 0xff, 6); 1354 node.id = WPI_ID_BROADCAST; 1355 } else { 1356 IEEE80211_ADDR_COPY(node.bssid, ic->ic_bss->in_bssid); 1357 node.id = WPI_ID_BSS; 1358 } 1359 if (k->wk_flags & IEEE80211_KEY_XMIT) { 1360 node.key_flags = 0; 1361 node.keyp = k->wk_keyix; 1362 } else { 1363 node.key_flags = (1 << 14); 1364 node.keyp = k->wk_keyix + 4; 1365 } 1366 (void) memcpy(node.key, k->wk_key, k->wk_keylen); 1367 node.key_flags |= (2 | (1 << 3) | (k->wk_keyix << 8)); 1368 node.sta_mask = 1; 1369 node.control = 1; 1370 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 1371 if (err != WPI_SUCCESS) { 1372 cmn_err(CE_WARN, "wpi_key_set():" 1373 "failed to update ap node\n"); 1374 mutex_exit(&sc->sc_glock); 1375 return (0); 1376 } 1377 mutex_exit(&sc->sc_glock); 1378 return (1); 1379 } 1380 1381 /* 1382 * Grab exclusive access to NIC memory. 1383 */ 1384 static void 1385 wpi_mem_lock(wpi_sc_t *sc) 1386 { 1387 uint32_t tmp; 1388 int ntries; 1389 1390 tmp = WPI_READ(sc, WPI_GPIO_CTL); 1391 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_MAC); 1392 1393 /* spin until we actually get the lock */ 1394 for (ntries = 0; ntries < 1000; ntries++) { 1395 if ((WPI_READ(sc, WPI_GPIO_CTL) & 1396 (WPI_GPIO_CLOCK | WPI_GPIO_SLEEP)) == WPI_GPIO_CLOCK) 1397 break; 1398 DELAY(10); 1399 } 1400 if (ntries == 1000) 1401 WPI_DBG((WPI_DEBUG_PIO, "could not lock memory\n")); 1402 } 1403 1404 /* 1405 * Release lock on NIC memory. 1406 */ 1407 static void 1408 wpi_mem_unlock(wpi_sc_t *sc) 1409 { 1410 uint32_t tmp = WPI_READ(sc, WPI_GPIO_CTL); 1411 WPI_WRITE(sc, WPI_GPIO_CTL, tmp & ~WPI_GPIO_MAC); 1412 } 1413 1414 static uint32_t 1415 wpi_mem_read(wpi_sc_t *sc, uint16_t addr) 1416 { 1417 WPI_WRITE(sc, WPI_READ_MEM_ADDR, WPI_MEM_4 | addr); 1418 return (WPI_READ(sc, WPI_READ_MEM_DATA)); 1419 } 1420 1421 static void 1422 wpi_mem_write(wpi_sc_t *sc, uint16_t addr, uint32_t data) 1423 { 1424 WPI_WRITE(sc, WPI_WRITE_MEM_ADDR, WPI_MEM_4 | addr); 1425 WPI_WRITE(sc, WPI_WRITE_MEM_DATA, data); 1426 } 1427 1428 static void 1429 wpi_mem_write_region_4(wpi_sc_t *sc, uint16_t addr, 1430 const uint32_t *data, int wlen) 1431 { 1432 for (; wlen > 0; wlen--, data++, addr += 4) 1433 wpi_mem_write(sc, addr, *data); 1434 } 1435 1436 /* 1437 * Read 16 bits from the EEPROM. We access EEPROM through the MAC instead of 1438 * using the traditional bit-bang method. 1439 */ 1440 static uint16_t 1441 wpi_read_prom_word(wpi_sc_t *sc, uint32_t addr) 1442 { 1443 uint32_t val; 1444 int ntries; 1445 1446 WPI_WRITE(sc, WPI_EEPROM_CTL, addr << 2); 1447 1448 wpi_mem_lock(sc); 1449 for (ntries = 0; ntries < 10; ntries++) { 1450 if ((val = WPI_READ(sc, WPI_EEPROM_CTL)) & WPI_EEPROM_READY) 1451 break; 1452 DELAY(10); 1453 } 1454 wpi_mem_unlock(sc); 1455 1456 if (ntries == 10) { 1457 WPI_DBG((WPI_DEBUG_PIO, "could not read EEPROM\n")); 1458 return (0xdead); 1459 } 1460 return (val >> 16); 1461 } 1462 1463 /* 1464 * The firmware boot code is small and is intended to be copied directly into 1465 * the NIC internal memory. 1466 */ 1467 static int 1468 wpi_load_microcode(wpi_sc_t *sc) 1469 { 1470 const char *ucode; 1471 int size; 1472 1473 ucode = sc->sc_boot; 1474 size = LE_32(sc->sc_hdr->bootsz); 1475 /* check that microcode size is a multiple of 4 */ 1476 if (size & 3) 1477 return (EINVAL); 1478 1479 size /= sizeof (uint32_t); 1480 1481 wpi_mem_lock(sc); 1482 1483 /* copy microcode image into NIC memory */ 1484 wpi_mem_write_region_4(sc, WPI_MEM_UCODE_BASE, (const uint32_t *)ucode, 1485 size); 1486 1487 wpi_mem_write(sc, WPI_MEM_UCODE_SRC, 0); 1488 wpi_mem_write(sc, WPI_MEM_UCODE_DST, WPI_FW_TEXT); 1489 wpi_mem_write(sc, WPI_MEM_UCODE_SIZE, size); 1490 1491 /* run microcode */ 1492 wpi_mem_write(sc, WPI_MEM_UCODE_CTL, WPI_UC_RUN); 1493 1494 wpi_mem_unlock(sc); 1495 1496 return (WPI_SUCCESS); 1497 } 1498 1499 /* 1500 * The firmware text and data segments are transferred to the NIC using DMA. 1501 * The driver just copies the firmware into DMA-safe memory and tells the NIC 1502 * where to find it. Once the NIC has copied the firmware into its internal 1503 * memory, we can free our local copy in the driver. 1504 */ 1505 static int 1506 wpi_load_firmware(wpi_sc_t *sc, uint32_t target) 1507 { 1508 const char *fw; 1509 int size; 1510 wpi_dma_t *dma_p; 1511 ddi_dma_cookie_t *cookie; 1512 wpi_tx_desc_t desc; 1513 int i, ntries, err = WPI_SUCCESS; 1514 1515 /* only text and data here */ 1516 if (target == WPI_FW_TEXT) { 1517 fw = sc->sc_text; 1518 size = LE_32(sc->sc_hdr->textsz); 1519 dma_p = &sc->sc_dma_fw_text; 1520 cookie = sc->sc_fw_text_cookie; 1521 } else { 1522 fw = sc->sc_data; 1523 size = LE_32(sc->sc_hdr->datasz); 1524 dma_p = &sc->sc_dma_fw_data; 1525 cookie = sc->sc_fw_data_cookie; 1526 } 1527 1528 /* copy firmware image to DMA-safe memory */ 1529 (void) memcpy(dma_p->mem_va, fw, size); 1530 1531 /* make sure the adapter will get up-to-date values */ 1532 (void) ddi_dma_sync(dma_p->dma_hdl, 0, size, DDI_DMA_SYNC_FORDEV); 1533 1534 (void) memset(&desc, 0, sizeof (desc)); 1535 desc.flags = LE_32(WPI_PAD32(size) << 28 | dma_p->ncookies << 24); 1536 for (i = 0; i < dma_p->ncookies; i++) { 1537 WPI_DBG((WPI_DEBUG_DMA, "cookie%d addr:%x size:%x\n", 1538 i, cookie[i].dmac_address, cookie[i].dmac_size)); 1539 desc.segs[i].addr = cookie[i].dmac_address; 1540 desc.segs[i].len = (uint32_t)cookie[i].dmac_size; 1541 } 1542 1543 wpi_mem_lock(sc); 1544 1545 /* tell adapter where to copy image in its internal memory */ 1546 WPI_WRITE(sc, WPI_FW_TARGET, target); 1547 1548 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0); 1549 1550 /* copy firmware descriptor into NIC memory */ 1551 WPI_WRITE_REGION_4(sc, WPI_TX_DESC(6), (uint32_t *)&desc, 1552 sizeof desc / sizeof (uint32_t)); 1553 1554 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0xfffff); 1555 WPI_WRITE(sc, WPI_TX_STATE(6), 0x4001); 1556 WPI_WRITE(sc, WPI_TX_CONFIG(6), 0x80000001); 1557 1558 /* wait while the adapter is busy copying the firmware */ 1559 for (ntries = 0; ntries < 100; ntries++) { 1560 if (WPI_READ(sc, WPI_TX_STATUS) & WPI_TX_IDLE(6)) 1561 break; 1562 DELAY(1000); 1563 } 1564 if (ntries == 100) { 1565 WPI_DBG((WPI_DEBUG_FW, "timeout transferring firmware\n")); 1566 err = ETIMEDOUT; 1567 } 1568 1569 WPI_WRITE(sc, WPI_TX_CREDIT(6), 0); 1570 1571 wpi_mem_unlock(sc); 1572 1573 return (err); 1574 } 1575 1576 /*ARGSUSED*/ 1577 static void 1578 wpi_rx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1579 { 1580 ieee80211com_t *ic = &sc->sc_ic; 1581 wpi_rx_ring_t *ring = &sc->sc_rxq; 1582 wpi_rx_stat_t *stat; 1583 wpi_rx_head_t *head; 1584 wpi_rx_tail_t *tail; 1585 ieee80211_node_t *in; 1586 struct ieee80211_frame *wh; 1587 mblk_t *mp; 1588 uint16_t len; 1589 1590 stat = (wpi_rx_stat_t *)(desc + 1); 1591 1592 if (stat->len > WPI_STAT_MAXLEN) { 1593 WPI_DBG((WPI_DEBUG_RX, "invalid rx statistic header\n")); 1594 return; 1595 } 1596 1597 head = (wpi_rx_head_t *)((caddr_t)(stat + 1) + stat->len); 1598 tail = (wpi_rx_tail_t *)((caddr_t)(head + 1) + LE_16(head->len)); 1599 1600 len = LE_16(head->len); 1601 1602 WPI_DBG((WPI_DEBUG_RX, "rx intr: idx=%d len=%d stat len=%d rssi=%d " 1603 "rate=%x chan=%d tstamp=%llu", ring->cur, LE_32(desc->len), 1604 len, (int8_t)stat->rssi, head->rate, head->chan, 1605 LE_64(tail->tstamp))); 1606 1607 if ((len < 20) || (len > sc->sc_dmabuf_sz)) { 1608 sc->sc_rx_err++; 1609 return; 1610 } 1611 1612 /* 1613 * Discard Rx frames with bad CRC early 1614 */ 1615 if ((LE_32(tail->flags) & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1616 WPI_DBG((WPI_DEBUG_RX, "rx tail flags error %x\n", 1617 LE_32(tail->flags))); 1618 sc->sc_rx_err++; 1619 return; 1620 } 1621 1622 /* update Rx descriptor */ 1623 /* ring->desc[ring->cur] = LE_32(data->dma_data.cookie.dmac_address); */ 1624 1625 #ifdef WPI_BPF 1626 #ifndef WPI_CURRENT 1627 if (sc->sc_drvbpf != NULL) { 1628 #else 1629 if (bpf_peers_present(sc->sc_drvbpf)) { 1630 #endif 1631 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1632 1633 tap->wr_flags = 0; 1634 tap->wr_rate = head->rate; 1635 tap->wr_chan_freq = 1636 LE_16(ic->ic_channels[head->chan].ic_freq); 1637 tap->wr_chan_flags = 1638 LE_16(ic->ic_channels[head->chan].ic_flags); 1639 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1640 tap->wr_dbm_antnoise = (int8_t)LE_16(stat->noise); 1641 tap->wr_tsft = tail->tstamp; 1642 tap->wr_antenna = (LE_16(head->flags) >> 4) & 0xf; 1643 switch (head->rate) { 1644 /* CCK rates */ 1645 case 10: tap->wr_rate = 2; break; 1646 case 20: tap->wr_rate = 4; break; 1647 case 55: tap->wr_rate = 11; break; 1648 case 110: tap->wr_rate = 22; break; 1649 /* OFDM rates */ 1650 case 0xd: tap->wr_rate = 12; break; 1651 case 0xf: tap->wr_rate = 18; break; 1652 case 0x5: tap->wr_rate = 24; break; 1653 case 0x7: tap->wr_rate = 36; break; 1654 case 0x9: tap->wr_rate = 48; break; 1655 case 0xb: tap->wr_rate = 72; break; 1656 case 0x1: tap->wr_rate = 96; break; 1657 case 0x3: tap->wr_rate = 108; break; 1658 /* unknown rate: should not happen */ 1659 default: tap->wr_rate = 0; 1660 } 1661 if (LE_16(head->flags) & 0x4) 1662 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1663 1664 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1665 } 1666 #endif 1667 /* grab a reference to the source node */ 1668 wh = (struct ieee80211_frame *)(head + 1); 1669 1670 #ifdef DEBUG 1671 if (wpi_dbg_flags & WPI_DEBUG_RX) 1672 ieee80211_dump_pkt((uint8_t *)wh, len, 0, 0); 1673 #endif 1674 1675 in = ieee80211_find_rxnode(ic, wh); 1676 mp = allocb(len, BPRI_MED); 1677 if (mp) { 1678 (void) memcpy(mp->b_wptr, wh, len); 1679 mp->b_wptr += len; 1680 1681 /* send the frame to the 802.11 layer */ 1682 (void) ieee80211_input(ic, mp, in, stat->rssi, 0); 1683 } else { 1684 sc->sc_rx_nobuf++; 1685 WPI_DBG((WPI_DEBUG_RX, 1686 "wpi_rx_intr(): alloc rx buf failed\n")); 1687 } 1688 /* release node reference */ 1689 ieee80211_free_node(in); 1690 } 1691 1692 /*ARGSUSED*/ 1693 static void 1694 wpi_tx_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc, wpi_rx_data_t *data) 1695 { 1696 ieee80211com_t *ic = &sc->sc_ic; 1697 wpi_tx_ring_t *ring = &sc->sc_txq[desc->qid & 0x3]; 1698 /* wpi_tx_data_t *txdata = &ring->data[desc->idx]; */ 1699 wpi_tx_stat_t *stat = (wpi_tx_stat_t *)(desc + 1); 1700 wpi_amrr_t *amrr = (wpi_amrr_t *)ic->ic_bss; 1701 1702 WPI_DBG((WPI_DEBUG_TX, "tx done: qid=%d idx=%d retries=%d nkill=%d " 1703 "rate=%x duration=%d status=%x\n", 1704 desc->qid, desc->idx, stat->ntries, stat->nkill, stat->rate, 1705 LE_32(stat->duration), LE_32(stat->status))); 1706 1707 amrr->txcnt++; 1708 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d cnt\n", amrr->txcnt)); 1709 if (stat->ntries > 0) { 1710 amrr->retrycnt++; 1711 sc->sc_tx_retries++; 1712 WPI_DBG((WPI_DEBUG_RATECTL, "tx: %d retries\n", 1713 amrr->retrycnt)); 1714 } 1715 1716 sc->sc_tx_timer = 0; 1717 1718 mutex_enter(&sc->sc_tx_lock); 1719 ring->queued--; 1720 if (ring->queued < 0) 1721 ring->queued = 0; 1722 if ((sc->sc_need_reschedule) && (ring->queued <= (ring->count << 3))) { 1723 sc->sc_need_reschedule = 0; 1724 mutex_exit(&sc->sc_tx_lock); 1725 mac_tx_update(ic->ic_mach); 1726 mutex_enter(&sc->sc_tx_lock); 1727 } 1728 mutex_exit(&sc->sc_tx_lock); 1729 } 1730 1731 static void 1732 wpi_cmd_intr(wpi_sc_t *sc, wpi_rx_desc_t *desc) 1733 { 1734 if ((desc->qid & 7) != 4) { 1735 return; /* not a command ack */ 1736 } 1737 mutex_enter(&sc->sc_glock); 1738 sc->sc_flags |= WPI_F_CMD_DONE; 1739 cv_signal(&sc->sc_cmd_cv); 1740 mutex_exit(&sc->sc_glock); 1741 } 1742 1743 static uint_t 1744 wpi_notif_softintr(caddr_t arg) 1745 { 1746 wpi_sc_t *sc = (wpi_sc_t *)arg; 1747 ieee80211com_t *ic = &sc->sc_ic; 1748 wpi_rx_desc_t *desc; 1749 wpi_rx_data_t *data; 1750 uint32_t hw; 1751 1752 mutex_enter(&sc->sc_glock); 1753 if (sc->sc_notif_softint_pending != 1) { 1754 mutex_exit(&sc->sc_glock); 1755 return (DDI_INTR_UNCLAIMED); 1756 } 1757 mutex_exit(&sc->sc_glock); 1758 1759 hw = LE_32(sc->sc_shared->next); 1760 1761 while (sc->sc_rxq.cur != hw) { 1762 data = &sc->sc_rxq.data[sc->sc_rxq.cur]; 1763 desc = (wpi_rx_desc_t *)data->dma_data.mem_va; 1764 1765 WPI_DBG((WPI_DEBUG_INTR, "rx notification hw = %d cur = %d " 1766 "qid=%x idx=%d flags=%x type=%d len=%d\n", 1767 hw, sc->sc_rxq.cur, desc->qid, desc->idx, desc->flags, 1768 desc->type, LE_32(desc->len))); 1769 1770 if (!(desc->qid & 0x80)) /* reply to a command */ 1771 wpi_cmd_intr(sc, desc); 1772 1773 switch (desc->type) { 1774 case WPI_RX_DONE: 1775 /* a 802.11 frame was received */ 1776 wpi_rx_intr(sc, desc, data); 1777 break; 1778 1779 case WPI_TX_DONE: 1780 /* a 802.11 frame has been transmitted */ 1781 wpi_tx_intr(sc, desc, data); 1782 break; 1783 1784 case WPI_UC_READY: 1785 { 1786 wpi_ucode_info_t *uc = 1787 (wpi_ucode_info_t *)(desc + 1); 1788 1789 /* the microcontroller is ready */ 1790 WPI_DBG((WPI_DEBUG_FW, 1791 "microcode alive notification version %x " 1792 "alive %x\n", LE_32(uc->version), 1793 LE_32(uc->valid))); 1794 1795 if (LE_32(uc->valid) != 1) { 1796 WPI_DBG((WPI_DEBUG_FW, 1797 "microcontroller initialization failed\n")); 1798 } 1799 break; 1800 } 1801 case WPI_STATE_CHANGED: 1802 { 1803 uint32_t *status = (uint32_t *)(desc + 1); 1804 1805 /* enabled/disabled notification */ 1806 WPI_DBG((WPI_DEBUG_RADIO, "state changed to %x\n", 1807 LE_32(*status))); 1808 1809 if (LE_32(*status) & 1) { 1810 /* 1811 * the radio button has to be pushed(OFF). It 1812 * is considered as a hw error, the 1813 * wpi_thread() tries to recover it after the 1814 * button is pushed again(ON) 1815 */ 1816 cmn_err(CE_NOTE, 1817 "wpi: Radio transmitter is off\n"); 1818 sc->sc_ostate = sc->sc_ic.ic_state; 1819 ieee80211_new_state(&sc->sc_ic, 1820 IEEE80211_S_INIT, -1); 1821 sc->sc_flags |= 1822 (WPI_F_HW_ERR_RECOVER | WPI_F_RADIO_OFF); 1823 } 1824 break; 1825 } 1826 case WPI_START_SCAN: 1827 { 1828 wpi_start_scan_t *scan = 1829 (wpi_start_scan_t *)(desc + 1); 1830 1831 WPI_DBG((WPI_DEBUG_SCAN, 1832 "scanning channel %d status %x\n", 1833 scan->chan, LE_32(scan->status))); 1834 1835 /* fix current channel */ 1836 ic->ic_curchan = &ic->ic_sup_channels[scan->chan]; 1837 break; 1838 } 1839 case WPI_STOP_SCAN: 1840 WPI_DBG((WPI_DEBUG_SCAN, "scan finished\n")); 1841 ieee80211_end_scan(ic); 1842 break; 1843 } 1844 1845 sc->sc_rxq.cur = (sc->sc_rxq.cur + 1) % WPI_RX_RING_COUNT; 1846 } 1847 1848 /* tell the firmware what we have processed */ 1849 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1850 WPI_WRITE(sc, WPI_RX_WIDX, hw & (~7)); 1851 mutex_enter(&sc->sc_glock); 1852 sc->sc_notif_softint_pending = 0; 1853 mutex_exit(&sc->sc_glock); 1854 1855 return (DDI_INTR_CLAIMED); 1856 } 1857 1858 static uint_t 1859 wpi_intr(caddr_t arg) 1860 { 1861 wpi_sc_t *sc = (wpi_sc_t *)arg; 1862 uint32_t r, rfh; 1863 1864 mutex_enter(&sc->sc_glock); 1865 if (sc->sc_flags & WPI_F_SUSPEND) { 1866 mutex_exit(&sc->sc_glock); 1867 return (DDI_INTR_UNCLAIMED); 1868 } 1869 1870 r = WPI_READ(sc, WPI_INTR); 1871 if (r == 0 || r == 0xffffffff) { 1872 mutex_exit(&sc->sc_glock); 1873 return (DDI_INTR_UNCLAIMED); 1874 } 1875 1876 WPI_DBG((WPI_DEBUG_INTR, "interrupt reg %x\n", r)); 1877 1878 rfh = WPI_READ(sc, WPI_INTR_STATUS); 1879 /* disable interrupts */ 1880 WPI_WRITE(sc, WPI_MASK, 0); 1881 /* ack interrupts */ 1882 WPI_WRITE(sc, WPI_INTR, r); 1883 WPI_WRITE(sc, WPI_INTR_STATUS, rfh); 1884 1885 if (sc->sc_notif_softint_id == NULL) { 1886 mutex_exit(&sc->sc_glock); 1887 return (DDI_INTR_CLAIMED); 1888 } 1889 1890 if (r & (WPI_SW_ERROR | WPI_HW_ERROR)) { 1891 WPI_DBG((WPI_DEBUG_FW, "fatal firmware error\n")); 1892 mutex_exit(&sc->sc_glock); 1893 wpi_stop(sc); 1894 sc->sc_ostate = sc->sc_ic.ic_state; 1895 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 1896 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 1897 return (DDI_INTR_CLAIMED); 1898 } 1899 1900 if ((r & (WPI_RX_INTR | WPI_RX_SWINT)) || 1901 (rfh & 0x40070000)) { 1902 sc->sc_notif_softint_pending = 1; 1903 ddi_trigger_softintr(sc->sc_notif_softint_id); 1904 } 1905 1906 if (r & WPI_ALIVE_INTR) { /* firmware initialized */ 1907 sc->sc_flags |= WPI_F_FW_INIT; 1908 cv_signal(&sc->sc_fw_cv); 1909 } 1910 1911 /* re-enable interrupts */ 1912 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 1913 mutex_exit(&sc->sc_glock); 1914 1915 return (DDI_INTR_CLAIMED); 1916 } 1917 1918 static uint8_t 1919 wpi_plcp_signal(int rate) 1920 { 1921 switch (rate) { 1922 /* CCK rates (returned values are device-dependent) */ 1923 case 2: return (10); 1924 case 4: return (20); 1925 case 11: return (55); 1926 case 22: return (110); 1927 1928 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */ 1929 /* R1-R4 (ral/ural is R4-R1) */ 1930 case 12: return (0xd); 1931 case 18: return (0xf); 1932 case 24: return (0x5); 1933 case 36: return (0x7); 1934 case 48: return (0x9); 1935 case 72: return (0xb); 1936 case 96: return (0x1); 1937 case 108: return (0x3); 1938 1939 /* unsupported rates (should not get there) */ 1940 default: return (0); 1941 } 1942 } 1943 1944 static mblk_t * 1945 wpi_m_tx(void *arg, mblk_t *mp) 1946 { 1947 wpi_sc_t *sc = (wpi_sc_t *)arg; 1948 ieee80211com_t *ic = &sc->sc_ic; 1949 mblk_t *next; 1950 1951 if (sc->sc_flags & WPI_F_SUSPEND) { 1952 freemsgchain(mp); 1953 return (NULL); 1954 } 1955 1956 if (ic->ic_state != IEEE80211_S_RUN) { 1957 freemsgchain(mp); 1958 return (NULL); 1959 } 1960 1961 while (mp != NULL) { 1962 next = mp->b_next; 1963 mp->b_next = NULL; 1964 if (wpi_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != 0) { 1965 mp->b_next = next; 1966 break; 1967 } 1968 mp = next; 1969 } 1970 return (mp); 1971 } 1972 1973 /* ARGSUSED */ 1974 static int 1975 wpi_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type) 1976 { 1977 wpi_sc_t *sc = (wpi_sc_t *)ic; 1978 wpi_tx_ring_t *ring; 1979 wpi_tx_desc_t *desc; 1980 wpi_tx_data_t *data; 1981 wpi_tx_cmd_t *cmd; 1982 wpi_cmd_data_t *tx; 1983 ieee80211_node_t *in; 1984 struct ieee80211_frame *wh; 1985 struct ieee80211_key *k; 1986 mblk_t *m, *m0; 1987 int rate, hdrlen, len, mblen, off, err = WPI_SUCCESS; 1988 1989 ring = ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA) ? 1990 (&sc->sc_txq[0]) : (&sc->sc_txq[1]); 1991 data = &ring->data[ring->cur]; 1992 desc = data->desc; 1993 cmd = data->cmd; 1994 bzero(desc, sizeof (*desc)); 1995 bzero(cmd, sizeof (*cmd)); 1996 1997 mutex_enter(&sc->sc_tx_lock); 1998 if (sc->sc_flags & WPI_F_SUSPEND) { 1999 mutex_exit(&sc->sc_tx_lock); 2000 if ((type & IEEE80211_FC0_TYPE_MASK) != 2001 IEEE80211_FC0_TYPE_DATA) { 2002 freemsg(mp); 2003 } 2004 err = WPI_FAIL; 2005 goto exit; 2006 } 2007 2008 if (ring->queued > ring->count - 64) { 2009 WPI_DBG((WPI_DEBUG_TX, "wpi_send(): no txbuf\n")); 2010 sc->sc_need_reschedule = 1; 2011 mutex_exit(&sc->sc_tx_lock); 2012 if ((type & IEEE80211_FC0_TYPE_MASK) != 2013 IEEE80211_FC0_TYPE_DATA) { 2014 freemsg(mp); 2015 } 2016 sc->sc_tx_nobuf++; 2017 err = WPI_FAIL; 2018 goto exit; 2019 } 2020 mutex_exit(&sc->sc_tx_lock); 2021 2022 hdrlen = sizeof (struct ieee80211_frame); 2023 2024 m = allocb(msgdsize(mp) + 32, BPRI_MED); 2025 if (m == NULL) { /* can not alloc buf, drop this package */ 2026 cmn_err(CE_WARN, 2027 "wpi_send(): failed to allocate msgbuf\n"); 2028 freemsg(mp); 2029 err = WPI_SUCCESS; 2030 goto exit; 2031 } 2032 for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) { 2033 mblen = MBLKL(m0); 2034 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen); 2035 off += mblen; 2036 } 2037 m->b_wptr += off; 2038 freemsg(mp); 2039 2040 wh = (struct ieee80211_frame *)m->b_rptr; 2041 2042 in = ieee80211_find_txnode(ic, wh->i_addr1); 2043 if (in == NULL) { 2044 cmn_err(CE_WARN, "wpi_send(): failed to find tx node\n"); 2045 freemsg(m); 2046 sc->sc_tx_err++; 2047 err = WPI_SUCCESS; 2048 goto exit; 2049 } 2050 2051 (void) ieee80211_encap(ic, m, in); 2052 2053 cmd->code = WPI_CMD_TX_DATA; 2054 cmd->flags = 0; 2055 cmd->qid = ring->qid; 2056 cmd->idx = ring->cur; 2057 2058 tx = (wpi_cmd_data_t *)cmd->data; 2059 tx->flags = 0; 2060 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2061 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2062 } else { 2063 tx->flags &= ~(LE_32(WPI_TX_NEED_ACK)); 2064 } 2065 2066 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2067 k = ieee80211_crypto_encap(ic, m); 2068 if (k == NULL) { 2069 freemsg(m); 2070 sc->sc_tx_err++; 2071 err = WPI_SUCCESS; 2072 goto exit; 2073 } 2074 2075 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 2076 tx->security = 2; /* for CCMP */ 2077 tx->flags |= LE_32(WPI_TX_NEED_ACK); 2078 (void) memcpy(&tx->key, k->wk_key, k->wk_keylen); 2079 } 2080 2081 /* packet header may have moved, reset our local pointer */ 2082 wh = (struct ieee80211_frame *)m->b_rptr; 2083 } 2084 2085 len = msgdsize(m); 2086 2087 #ifdef DEBUG 2088 if (wpi_dbg_flags & WPI_DEBUG_TX) 2089 ieee80211_dump_pkt((uint8_t *)wh, hdrlen, 0, 0); 2090 #endif 2091 2092 /* pickup a rate */ 2093 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2094 IEEE80211_FC0_TYPE_MGT) { 2095 /* mgmt frames are sent at the lowest available bit-rate */ 2096 rate = 2; 2097 } else { 2098 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) { 2099 rate = ic->ic_fixed_rate; 2100 } else 2101 rate = in->in_rates.ir_rates[in->in_txrate]; 2102 } 2103 rate &= IEEE80211_RATE_VAL; 2104 WPI_DBG((WPI_DEBUG_RATECTL, "tx rate[%d of %d] = %x", 2105 in->in_txrate, in->in_rates.ir_nrates, rate)); 2106 #ifdef WPI_BPF 2107 #ifndef WPI_CURRENT 2108 if (sc->sc_drvbpf != NULL) { 2109 #else 2110 if (bpf_peers_present(sc->sc_drvbpf)) { 2111 #endif 2112 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2113 2114 tap->wt_flags = 0; 2115 tap->wt_chan_freq = LE_16(ic->ic_curchan->ic_freq); 2116 tap->wt_chan_flags = LE_16(ic->ic_curchan->ic_flags); 2117 tap->wt_rate = rate; 2118 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2119 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2120 2121 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0); 2122 } 2123 #endif 2124 2125 tx->flags |= (LE_32(WPI_TX_AUTO_SEQ)); 2126 tx->flags |= LE_32(WPI_TX_BT_DISABLE | WPI_TX_CALIBRATION); 2127 2128 /* retrieve destination node's id */ 2129 tx->id = IEEE80211_IS_MULTICAST(wh->i_addr1) ? WPI_ID_BROADCAST : 2130 WPI_ID_BSS; 2131 2132 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 2133 IEEE80211_FC0_TYPE_MGT) { 2134 /* tell h/w to set timestamp in probe responses */ 2135 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2136 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2137 tx->flags |= LE_32(WPI_TX_INSERT_TSTAMP); 2138 2139 if (((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2140 IEEE80211_FC0_SUBTYPE_ASSOC_REQ) || 2141 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 2142 IEEE80211_FC0_SUBTYPE_REASSOC_REQ)) 2143 tx->timeout = 3; 2144 else 2145 tx->timeout = 2; 2146 } else 2147 tx->timeout = 0; 2148 2149 tx->rate = wpi_plcp_signal(rate); 2150 2151 /* be very persistant at sending frames out */ 2152 tx->rts_ntries = 7; 2153 tx->data_ntries = 15; 2154 2155 tx->cck_mask = 0x0f; 2156 tx->ofdm_mask = 0xff; 2157 tx->lifetime = LE_32(0xffffffff); 2158 2159 tx->len = LE_16(len); 2160 2161 /* save and trim IEEE802.11 header */ 2162 (void) memcpy(tx + 1, m->b_rptr, hdrlen); 2163 m->b_rptr += hdrlen; 2164 (void) memcpy(data->dma_data.mem_va, m->b_rptr, len - hdrlen); 2165 2166 WPI_DBG((WPI_DEBUG_TX, "sending data: qid=%d idx=%d len=%d", ring->qid, 2167 ring->cur, len)); 2168 2169 /* first scatter/gather segment is used by the tx data command */ 2170 desc->flags = LE_32(WPI_PAD32(len) << 28 | (2) << 24); 2171 desc->segs[0].addr = LE_32(data->paddr_cmd); 2172 desc->segs[0].len = LE_32( 2173 roundup(4 + sizeof (wpi_cmd_data_t) + hdrlen, 4)); 2174 desc->segs[1].addr = LE_32(data->dma_data.cookie.dmac_address); 2175 desc->segs[1].len = LE_32(len - hdrlen); 2176 2177 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2178 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2179 2180 mutex_enter(&sc->sc_tx_lock); 2181 ring->queued++; 2182 mutex_exit(&sc->sc_tx_lock); 2183 2184 /* kick ring */ 2185 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2186 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2187 freemsg(m); 2188 /* release node reference */ 2189 ieee80211_free_node(in); 2190 2191 ic->ic_stats.is_tx_bytes += len; 2192 ic->ic_stats.is_tx_frags++; 2193 2194 if (sc->sc_tx_timer == 0) 2195 sc->sc_tx_timer = 5; 2196 exit: 2197 return (err); 2198 } 2199 2200 static void 2201 wpi_m_ioctl(void* arg, queue_t *wq, mblk_t *mp) 2202 { 2203 wpi_sc_t *sc = (wpi_sc_t *)arg; 2204 ieee80211com_t *ic = &sc->sc_ic; 2205 int err; 2206 2207 err = ieee80211_ioctl(ic, wq, mp); 2208 if (err == ENETRESET) { 2209 (void) ieee80211_new_state(ic, 2210 IEEE80211_S_SCAN, -1); 2211 } 2212 } 2213 2214 /*ARGSUSED*/ 2215 static int 2216 wpi_m_stat(void *arg, uint_t stat, uint64_t *val) 2217 { 2218 wpi_sc_t *sc = (wpi_sc_t *)arg; 2219 ieee80211com_t *ic = &sc->sc_ic; 2220 ieee80211_node_t *in = ic->ic_bss; 2221 struct ieee80211_rateset *rs = &in->in_rates; 2222 2223 mutex_enter(&sc->sc_glock); 2224 switch (stat) { 2225 case MAC_STAT_IFSPEED: 2226 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ? 2227 (rs->ir_rates[in->in_txrate] & IEEE80211_RATE_VAL) 2228 : ic->ic_fixed_rate) * 5000000ull; 2229 break; 2230 case MAC_STAT_NOXMTBUF: 2231 *val = sc->sc_tx_nobuf; 2232 break; 2233 case MAC_STAT_NORCVBUF: 2234 *val = sc->sc_rx_nobuf; 2235 break; 2236 case MAC_STAT_IERRORS: 2237 *val = sc->sc_rx_err; 2238 break; 2239 case MAC_STAT_RBYTES: 2240 *val = ic->ic_stats.is_rx_bytes; 2241 break; 2242 case MAC_STAT_IPACKETS: 2243 *val = ic->ic_stats.is_rx_frags; 2244 break; 2245 case MAC_STAT_OBYTES: 2246 *val = ic->ic_stats.is_tx_bytes; 2247 break; 2248 case MAC_STAT_OPACKETS: 2249 *val = ic->ic_stats.is_tx_frags; 2250 break; 2251 case MAC_STAT_OERRORS: 2252 case WIFI_STAT_TX_FAILED: 2253 *val = sc->sc_tx_err; 2254 break; 2255 case WIFI_STAT_TX_RETRANS: 2256 *val = sc->sc_tx_retries; 2257 break; 2258 case WIFI_STAT_FCS_ERRORS: 2259 case WIFI_STAT_WEP_ERRORS: 2260 case WIFI_STAT_TX_FRAGS: 2261 case WIFI_STAT_MCAST_TX: 2262 case WIFI_STAT_RTS_SUCCESS: 2263 case WIFI_STAT_RTS_FAILURE: 2264 case WIFI_STAT_ACK_FAILURE: 2265 case WIFI_STAT_RX_FRAGS: 2266 case WIFI_STAT_MCAST_RX: 2267 case WIFI_STAT_RX_DUPS: 2268 mutex_exit(&sc->sc_glock); 2269 return (ieee80211_stat(ic, stat, val)); 2270 default: 2271 mutex_exit(&sc->sc_glock); 2272 return (ENOTSUP); 2273 } 2274 mutex_exit(&sc->sc_glock); 2275 2276 return (WPI_SUCCESS); 2277 2278 } 2279 2280 static int 2281 wpi_m_start(void *arg) 2282 { 2283 wpi_sc_t *sc = (wpi_sc_t *)arg; 2284 ieee80211com_t *ic = &sc->sc_ic; 2285 int err; 2286 2287 err = wpi_init(sc); 2288 if (err != WPI_SUCCESS) { 2289 wpi_stop(sc); 2290 DELAY(1000000); 2291 err = wpi_init(sc); 2292 } 2293 2294 if (err) { 2295 /* 2296 * The hw init err(eg. RF is OFF). Return Success to make 2297 * the 'plumb' succeed. The wpi_thread() tries to re-init 2298 * background. 2299 */ 2300 mutex_enter(&sc->sc_glock); 2301 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2302 mutex_exit(&sc->sc_glock); 2303 return (WPI_SUCCESS); 2304 } 2305 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2306 mutex_enter(&sc->sc_glock); 2307 sc->sc_flags |= WPI_F_RUNNING; 2308 mutex_exit(&sc->sc_glock); 2309 2310 return (WPI_SUCCESS); 2311 } 2312 2313 static void 2314 wpi_m_stop(void *arg) 2315 { 2316 wpi_sc_t *sc = (wpi_sc_t *)arg; 2317 ieee80211com_t *ic = &sc->sc_ic; 2318 2319 wpi_stop(sc); 2320 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2321 mutex_enter(&sc->sc_mt_lock); 2322 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2323 sc->sc_flags &= ~WPI_F_RATE_AUTO_CTL; 2324 mutex_exit(&sc->sc_mt_lock); 2325 mutex_enter(&sc->sc_glock); 2326 sc->sc_flags &= ~WPI_F_RUNNING; 2327 mutex_exit(&sc->sc_glock); 2328 } 2329 2330 /*ARGSUSED*/ 2331 static int 2332 wpi_m_unicst(void *arg, const uint8_t *macaddr) 2333 { 2334 wpi_sc_t *sc = (wpi_sc_t *)arg; 2335 ieee80211com_t *ic = &sc->sc_ic; 2336 int err; 2337 2338 if (!IEEE80211_ADDR_EQ(ic->ic_macaddr, macaddr)) { 2339 IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr); 2340 mutex_enter(&sc->sc_glock); 2341 err = wpi_config(sc); 2342 mutex_exit(&sc->sc_glock); 2343 if (err != WPI_SUCCESS) { 2344 cmn_err(CE_WARN, 2345 "wpi_m_unicst(): " 2346 "failed to configure device\n"); 2347 goto fail; 2348 } 2349 } 2350 return (WPI_SUCCESS); 2351 fail: 2352 return (err); 2353 } 2354 2355 /*ARGSUSED*/ 2356 static int 2357 wpi_m_multicst(void *arg, boolean_t add, const uint8_t *m) 2358 { 2359 return (WPI_SUCCESS); 2360 } 2361 2362 /*ARGSUSED*/ 2363 static int 2364 wpi_m_promisc(void *arg, boolean_t on) 2365 { 2366 return (WPI_SUCCESS); 2367 } 2368 2369 static void 2370 wpi_thread(wpi_sc_t *sc) 2371 { 2372 ieee80211com_t *ic = &sc->sc_ic; 2373 clock_t clk; 2374 int times = 0, err, n = 0, timeout = 0; 2375 uint32_t tmp; 2376 2377 mutex_enter(&sc->sc_mt_lock); 2378 while (sc->sc_mf_thread_switch) { 2379 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2380 if (tmp & WPI_GPIO_HW_RF_KILL) { 2381 sc->sc_flags &= ~WPI_F_RADIO_OFF; 2382 } else { 2383 sc->sc_flags |= WPI_F_RADIO_OFF; 2384 } 2385 /* 2386 * If in SUSPEND or the RF is OFF, do nothing 2387 */ 2388 if ((sc->sc_flags & WPI_F_SUSPEND) || 2389 (sc->sc_flags & WPI_F_RADIO_OFF)) { 2390 mutex_exit(&sc->sc_mt_lock); 2391 delay(drv_usectohz(100000)); 2392 mutex_enter(&sc->sc_mt_lock); 2393 continue; 2394 } 2395 2396 /* 2397 * recovery fatal error 2398 */ 2399 if (ic->ic_mach && 2400 (sc->sc_flags & WPI_F_HW_ERR_RECOVER)) { 2401 2402 WPI_DBG((WPI_DEBUG_FW, 2403 "wpi_thread(): " 2404 "try to recover fatal hw error: %d\n", times++)); 2405 2406 wpi_stop(sc); 2407 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2408 2409 mutex_exit(&sc->sc_mt_lock); 2410 delay(drv_usectohz(2000000)); 2411 mutex_enter(&sc->sc_mt_lock); 2412 err = wpi_init(sc); 2413 if (err != WPI_SUCCESS) { 2414 n++; 2415 if (n < 3) 2416 continue; 2417 } 2418 n = 0; 2419 if (!err) 2420 sc->sc_flags |= WPI_F_RUNNING; 2421 sc->sc_flags &= ~WPI_F_HW_ERR_RECOVER; 2422 mutex_exit(&sc->sc_mt_lock); 2423 delay(drv_usectohz(2000000)); 2424 if (sc->sc_ostate != IEEE80211_S_INIT) 2425 ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); 2426 mutex_enter(&sc->sc_mt_lock); 2427 } 2428 2429 /* 2430 * rate ctl 2431 */ 2432 if (ic->ic_mach && 2433 (sc->sc_flags & WPI_F_RATE_AUTO_CTL)) { 2434 clk = ddi_get_lbolt(); 2435 if (clk > sc->sc_clk + drv_usectohz(500000)) { 2436 wpi_amrr_timeout(sc); 2437 } 2438 } 2439 mutex_exit(&sc->sc_mt_lock); 2440 delay(drv_usectohz(100000)); 2441 mutex_enter(&sc->sc_mt_lock); 2442 if (sc->sc_tx_timer) { 2443 timeout++; 2444 if (timeout == 10) { 2445 sc->sc_tx_timer--; 2446 if (sc->sc_tx_timer == 0) { 2447 sc->sc_flags |= WPI_F_HW_ERR_RECOVER; 2448 sc->sc_ostate = IEEE80211_S_RUN; 2449 } 2450 timeout = 0; 2451 } 2452 } 2453 } 2454 sc->sc_mf_thread = NULL; 2455 cv_signal(&sc->sc_mt_cv); 2456 mutex_exit(&sc->sc_mt_lock); 2457 } 2458 2459 /* 2460 * Extract various information from EEPROM. 2461 */ 2462 static void 2463 wpi_read_eeprom(wpi_sc_t *sc) 2464 { 2465 ieee80211com_t *ic = &sc->sc_ic; 2466 uint16_t val; 2467 int i; 2468 2469 /* read MAC address */ 2470 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 0); 2471 ic->ic_macaddr[0] = val & 0xff; 2472 ic->ic_macaddr[1] = val >> 8; 2473 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 1); 2474 ic->ic_macaddr[2] = val & 0xff; 2475 ic->ic_macaddr[3] = val >> 8; 2476 val = wpi_read_prom_word(sc, WPI_EEPROM_MAC + 2); 2477 ic->ic_macaddr[4] = val & 0xff; 2478 ic->ic_macaddr[5] = val >> 8; 2479 2480 WPI_DBG((WPI_DEBUG_EEPROM, 2481 "mac:%2x:%2x:%2x:%2x:%2x:%2x\n", 2482 ic->ic_macaddr[0], ic->ic_macaddr[1], 2483 ic->ic_macaddr[2], ic->ic_macaddr[3], 2484 ic->ic_macaddr[4], ic->ic_macaddr[5])); 2485 /* read power settings for 2.4GHz channels */ 2486 for (i = 0; i < 14; i++) { 2487 sc->sc_pwr1[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR1 + i); 2488 sc->sc_pwr2[i] = wpi_read_prom_word(sc, WPI_EEPROM_PWR2 + i); 2489 WPI_DBG((WPI_DEBUG_EEPROM, 2490 "channel %d pwr1 0x%04x pwr2 0x%04x\n", i + 1, 2491 sc->sc_pwr1[i], sc->sc_pwr2[i])); 2492 } 2493 } 2494 2495 /* 2496 * Send a command to the firmware. 2497 */ 2498 static int 2499 wpi_cmd(wpi_sc_t *sc, int code, const void *buf, int size, int async) 2500 { 2501 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2502 wpi_tx_desc_t *desc; 2503 wpi_tx_cmd_t *cmd; 2504 2505 ASSERT(size <= sizeof (cmd->data)); 2506 ASSERT(mutex_owned(&sc->sc_glock)); 2507 2508 WPI_DBG((WPI_DEBUG_CMD, "wpi_cmd() # code[%d]", code)); 2509 desc = ring->data[ring->cur].desc; 2510 cmd = ring->data[ring->cur].cmd; 2511 2512 cmd->code = (uint8_t)code; 2513 cmd->flags = 0; 2514 cmd->qid = ring->qid; 2515 cmd->idx = ring->cur; 2516 (void) memcpy(cmd->data, buf, size); 2517 2518 desc->flags = LE_32(WPI_PAD32(size) << 28 | 1 << 24); 2519 desc->segs[0].addr = ring->data[ring->cur].paddr_cmd; 2520 desc->segs[0].len = 4 + size; 2521 2522 /* kick cmd ring */ 2523 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2524 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2525 2526 if (async) 2527 return (WPI_SUCCESS); 2528 else { 2529 clock_t clk; 2530 sc->sc_flags &= ~WPI_F_CMD_DONE; 2531 clk = ddi_get_lbolt() + drv_usectohz(2000000); 2532 while (!(sc->sc_flags & WPI_F_CMD_DONE)) { 2533 if (cv_timedwait(&sc->sc_cmd_cv, &sc->sc_glock, clk) 2534 < 0) 2535 break; 2536 } 2537 if (sc->sc_flags & WPI_F_CMD_DONE) 2538 return (WPI_SUCCESS); 2539 else 2540 return (WPI_FAIL); 2541 } 2542 } 2543 2544 /* 2545 * Configure h/w multi-rate retries. 2546 */ 2547 static int 2548 wpi_mrr_setup(wpi_sc_t *sc) 2549 { 2550 wpi_mrr_setup_t mrr; 2551 int i, err; 2552 2553 /* CCK rates (not used with 802.11a) */ 2554 for (i = WPI_CCK1; i <= WPI_CCK11; i++) { 2555 mrr.rates[i].flags = 0; 2556 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2557 /* fallback to the immediate lower CCK rate (if any) */ 2558 mrr.rates[i].next = (i == WPI_CCK1) ? WPI_CCK1 : i - 1; 2559 /* try one time at this rate before falling back to "next" */ 2560 mrr.rates[i].ntries = 1; 2561 } 2562 2563 /* OFDM rates (not used with 802.11b) */ 2564 for (i = WPI_OFDM6; i <= WPI_OFDM54; i++) { 2565 mrr.rates[i].flags = 0; 2566 mrr.rates[i].signal = wpi_ridx_to_signal[i]; 2567 /* fallback to the immediate lower OFDM rate (if any) */ 2568 mrr.rates[i].next = (i == WPI_OFDM6) ? WPI_OFDM6 : i - 1; 2569 /* try one time at this rate before falling back to "next" */ 2570 mrr.rates[i].ntries = 1; 2571 } 2572 2573 /* setup MRR for control frames */ 2574 mrr.which = LE_32(WPI_MRR_CTL); 2575 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2576 if (err != WPI_SUCCESS) { 2577 WPI_DBG((WPI_DEBUG_MRR, 2578 "could not setup MRR for control frames\n")); 2579 return (err); 2580 } 2581 2582 /* setup MRR for data frames */ 2583 mrr.which = LE_32(WPI_MRR_DATA); 2584 err = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof (mrr), 1); 2585 if (err != WPI_SUCCESS) { 2586 WPI_DBG((WPI_DEBUG_MRR, 2587 "could not setup MRR for data frames\n")); 2588 return (err); 2589 } 2590 2591 return (WPI_SUCCESS); 2592 } 2593 2594 static void 2595 wpi_set_led(wpi_sc_t *sc, uint8_t which, uint8_t off, uint8_t on) 2596 { 2597 wpi_cmd_led_t led; 2598 2599 led.which = which; 2600 led.unit = LE_32(100000); /* on/off in unit of 100ms */ 2601 led.off = off; 2602 led.on = on; 2603 2604 (void) wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof (led), 1); 2605 } 2606 2607 static int 2608 wpi_auth(wpi_sc_t *sc) 2609 { 2610 ieee80211com_t *ic = &sc->sc_ic; 2611 ieee80211_node_t *in = ic->ic_bss; 2612 wpi_node_t node; 2613 int err; 2614 2615 /* update adapter's configuration */ 2616 IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid); 2617 sc->sc_config.chan = ieee80211_chan2ieee(ic, in->in_chan); 2618 if (ic->ic_curmode == IEEE80211_MODE_11B) { 2619 sc->sc_config.cck_mask = 0x03; 2620 sc->sc_config.ofdm_mask = 0; 2621 } else if ((in->in_chan != IEEE80211_CHAN_ANYC) && 2622 (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) { 2623 sc->sc_config.cck_mask = 0; 2624 sc->sc_config.ofdm_mask = 0x15; 2625 } else { /* assume 802.11b/g */ 2626 sc->sc_config.cck_mask = 0x0f; 2627 sc->sc_config.ofdm_mask = 0xff; 2628 } 2629 2630 WPI_DBG((WPI_DEBUG_80211, "config chan %d flags %x cck %x ofdm %x" 2631 " bssid:%02x:%02x:%02x:%02x:%02x:%2x\n", 2632 sc->sc_config.chan, sc->sc_config.flags, 2633 sc->sc_config.cck_mask, sc->sc_config.ofdm_mask, 2634 sc->sc_config.bssid[0], sc->sc_config.bssid[1], 2635 sc->sc_config.bssid[2], sc->sc_config.bssid[3], 2636 sc->sc_config.bssid[4], sc->sc_config.bssid[5])); 2637 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2638 sizeof (wpi_config_t), 1); 2639 if (err != WPI_SUCCESS) { 2640 cmn_err(CE_WARN, "wpi_auth(): failed to configurate chan%d\n", 2641 sc->sc_config.chan); 2642 return (err); 2643 } 2644 2645 /* add default node */ 2646 (void) memset(&node, 0, sizeof (node)); 2647 IEEE80211_ADDR_COPY(node.bssid, in->in_bssid); 2648 node.id = WPI_ID_BSS; 2649 node.rate = wpi_plcp_signal(2); 2650 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 1); 2651 if (err != WPI_SUCCESS) { 2652 cmn_err(CE_WARN, "wpi_auth(): failed to add BSS node\n"); 2653 return (err); 2654 } 2655 2656 err = wpi_mrr_setup(sc); 2657 if (err != WPI_SUCCESS) { 2658 cmn_err(CE_WARN, "wpi_auth(): failed to setup MRR\n"); 2659 return (err); 2660 } 2661 2662 return (WPI_SUCCESS); 2663 } 2664 2665 /* 2666 * Send a scan request to the firmware. 2667 */ 2668 static int 2669 wpi_scan(wpi_sc_t *sc) 2670 { 2671 ieee80211com_t *ic = &sc->sc_ic; 2672 wpi_tx_ring_t *ring = &sc->sc_cmdq; 2673 wpi_tx_desc_t *desc; 2674 wpi_tx_data_t *data; 2675 wpi_tx_cmd_t *cmd; 2676 wpi_scan_hdr_t *hdr; 2677 wpi_scan_chan_t *chan; 2678 struct ieee80211_frame *wh; 2679 ieee80211_node_t *in = ic->ic_bss; 2680 struct ieee80211_rateset *rs; 2681 enum ieee80211_phymode mode; 2682 uint8_t *frm; 2683 int i, pktlen, nrates; 2684 2685 data = &ring->data[ring->cur]; 2686 desc = data->desc; 2687 cmd = (wpi_tx_cmd_t *)data->dma_data.mem_va; 2688 2689 cmd->code = WPI_CMD_SCAN; 2690 cmd->flags = 0; 2691 cmd->qid = ring->qid; 2692 cmd->idx = ring->cur; 2693 2694 hdr = (wpi_scan_hdr_t *)cmd->data; 2695 (void) memset(hdr, 0, sizeof (wpi_scan_hdr_t)); 2696 hdr->first = 1; 2697 hdr->nchan = 14; 2698 hdr->len = hdr->nchan * sizeof (wpi_scan_chan_t); 2699 hdr->quiet = LE_16(5); 2700 hdr->threshold = LE_16(1); 2701 hdr->filter = LE_32(5); 2702 hdr->rate = wpi_plcp_signal(2); 2703 hdr->id = WPI_ID_BROADCAST; 2704 hdr->mask = LE_32(0xffffffff); 2705 hdr->esslen = ic->ic_des_esslen; 2706 if (ic->ic_des_esslen) 2707 bcopy(ic->ic_des_essid, hdr->essid, ic->ic_des_esslen); 2708 else 2709 bzero(hdr->essid, sizeof (hdr->essid)); 2710 /* 2711 * Build a probe request frame. Most of the following code is a 2712 * copy & paste of what is done in net80211. Unfortunately, the 2713 * functions to add IEs are static and thus can't be reused here. 2714 */ 2715 wh = (struct ieee80211_frame *)(hdr + 1); 2716 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2717 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2718 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2719 (void) memset(wh->i_addr1, 0xff, 6); 2720 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_macaddr); 2721 (void) memset(wh->i_addr3, 0xff, 6); 2722 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 2723 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 2724 2725 frm = (uint8_t *)(wh + 1); 2726 2727 /* add essid IE */ 2728 *frm++ = IEEE80211_ELEMID_SSID; 2729 *frm++ = in->in_esslen; 2730 (void) memcpy(frm, in->in_essid, in->in_esslen); 2731 frm += in->in_esslen; 2732 2733 mode = ieee80211_chan2mode(ic, ic->ic_curchan); 2734 rs = &ic->ic_sup_rates[mode]; 2735 2736 /* add supported rates IE */ 2737 *frm++ = IEEE80211_ELEMID_RATES; 2738 nrates = rs->ir_nrates; 2739 if (nrates > IEEE80211_RATE_SIZE) 2740 nrates = IEEE80211_RATE_SIZE; 2741 *frm++ = (uint8_t)nrates; 2742 (void) memcpy(frm, rs->ir_rates, nrates); 2743 frm += nrates; 2744 2745 /* add supported xrates IE */ 2746 if (rs->ir_nrates > IEEE80211_RATE_SIZE) { 2747 nrates = rs->ir_nrates - IEEE80211_RATE_SIZE; 2748 *frm++ = IEEE80211_ELEMID_XRATES; 2749 *frm++ = (uint8_t)nrates; 2750 (void) memcpy(frm, rs->ir_rates + IEEE80211_RATE_SIZE, nrates); 2751 frm += nrates; 2752 } 2753 2754 /* add optionnal IE (usually an RSN IE) */ 2755 if (ic->ic_opt_ie != NULL) { 2756 (void) memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); 2757 frm += ic->ic_opt_ie_len; 2758 } 2759 2760 /* setup length of probe request */ 2761 hdr->pbrlen = LE_16(frm - (uint8_t *)wh); 2762 2763 /* align on a 4-byte boundary */ 2764 chan = (wpi_scan_chan_t *)frm; 2765 for (i = 1; i <= hdr->nchan; i++, chan++) { 2766 chan->flags = 3; 2767 chan->chan = (uint8_t)i; 2768 chan->magic = LE_16(0x62ab); 2769 chan->active = LE_16(20); 2770 chan->passive = LE_16(120); 2771 2772 frm += sizeof (wpi_scan_chan_t); 2773 } 2774 2775 pktlen = frm - (uint8_t *)cmd; 2776 2777 desc->flags = LE_32(WPI_PAD32(pktlen) << 28 | 1 << 24); 2778 desc->segs[0].addr = LE_32(data->dma_data.cookie.dmac_address); 2779 desc->segs[0].len = LE_32(pktlen); 2780 2781 WPI_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV); 2782 WPI_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV); 2783 2784 /* kick cmd ring */ 2785 ring->cur = (ring->cur + 1) % WPI_CMD_RING_COUNT; 2786 WPI_WRITE(sc, WPI_TX_WIDX, ring->qid << 8 | ring->cur); 2787 2788 return (WPI_SUCCESS); /* will be notified async. of failure/success */ 2789 } 2790 2791 static int 2792 wpi_config(wpi_sc_t *sc) 2793 { 2794 ieee80211com_t *ic = &sc->sc_ic; 2795 wpi_txpower_t txpower; 2796 wpi_power_t power; 2797 #ifdef WPI_BLUE_COEXISTENCE 2798 wpi_bluetooth_t bluetooth; 2799 #endif 2800 wpi_node_t node; 2801 int err; 2802 2803 /* Intel's binary only daemon is a joke.. */ 2804 2805 /* set Tx power for 2.4GHz channels (values read from EEPROM) */ 2806 (void) memset(&txpower, 0, sizeof (txpower)); 2807 (void) memcpy(txpower.pwr1, sc->sc_pwr1, 14 * sizeof (uint16_t)); 2808 (void) memcpy(txpower.pwr2, sc->sc_pwr2, 14 * sizeof (uint16_t)); 2809 err = wpi_cmd(sc, WPI_CMD_TXPOWER, &txpower, sizeof (txpower), 0); 2810 if (err != WPI_SUCCESS) { 2811 cmn_err(CE_WARN, "wpi_config(): failed to set txpower\n"); 2812 return (err); 2813 } 2814 2815 /* set power mode */ 2816 (void) memset(&power, 0, sizeof (power)); 2817 power.flags = LE_32(0x8); 2818 err = wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &power, sizeof (power), 0); 2819 if (err != WPI_SUCCESS) { 2820 cmn_err(CE_WARN, "wpi_config(): failed to set power mode\n"); 2821 return (err); 2822 } 2823 #ifdef WPI_BLUE_COEXISTENCE 2824 /* configure bluetooth coexistence */ 2825 (void) memset(&bluetooth, 0, sizeof (bluetooth)); 2826 bluetooth.flags = 3; 2827 bluetooth.lead = 0xaa; 2828 bluetooth.kill = 1; 2829 err = wpi_cmd(sc, WPI_CMD_BLUETOOTH, &bluetooth, 2830 sizeof (bluetooth), 0); 2831 if (err != WPI_SUCCESS) { 2832 cmn_err(CE_WARN, 2833 "wpi_config(): " 2834 "failed to configurate bluetooth coexistence\n"); 2835 return (err); 2836 } 2837 #endif 2838 /* configure adapter */ 2839 (void) memset(&sc->sc_config, 0, sizeof (wpi_config_t)); 2840 IEEE80211_ADDR_COPY(sc->sc_config.myaddr, ic->ic_macaddr); 2841 sc->sc_config.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2842 sc->sc_config.flags = LE_32(WPI_CONFIG_TSF | WPI_CONFIG_AUTO | 2843 WPI_CONFIG_24GHZ); 2844 sc->sc_config.filter = 0; 2845 switch (ic->ic_opmode) { 2846 case IEEE80211_M_STA: 2847 sc->sc_config.mode = WPI_MODE_STA; 2848 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST); 2849 break; 2850 case IEEE80211_M_IBSS: 2851 case IEEE80211_M_AHDEMO: 2852 sc->sc_config.mode = WPI_MODE_IBSS; 2853 break; 2854 case IEEE80211_M_HOSTAP: 2855 sc->sc_config.mode = WPI_MODE_HOSTAP; 2856 break; 2857 case IEEE80211_M_MONITOR: 2858 sc->sc_config.mode = WPI_MODE_MONITOR; 2859 sc->sc_config.filter |= LE_32(WPI_FILTER_MULTICAST | 2860 WPI_FILTER_CTL | WPI_FILTER_PROMISC); 2861 break; 2862 } 2863 sc->sc_config.cck_mask = 0x0f; /* not yet negotiated */ 2864 sc->sc_config.ofdm_mask = 0xff; /* not yet negotiated */ 2865 err = wpi_cmd(sc, WPI_CMD_CONFIGURE, &sc->sc_config, 2866 sizeof (wpi_config_t), 0); 2867 if (err != WPI_SUCCESS) { 2868 cmn_err(CE_WARN, "wpi_config(): " 2869 "failed to set configure command\n"); 2870 return (err); 2871 } 2872 2873 /* add broadcast node */ 2874 (void) memset(&node, 0, sizeof (node)); 2875 (void) memset(node.bssid, 0xff, 6); 2876 node.id = WPI_ID_BROADCAST; 2877 node.rate = wpi_plcp_signal(2); 2878 err = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof (node), 0); 2879 if (err != WPI_SUCCESS) { 2880 cmn_err(CE_WARN, "wpi_config(): " 2881 "failed to add broadcast node\n"); 2882 return (err); 2883 } 2884 2885 return (WPI_SUCCESS); 2886 } 2887 2888 static void 2889 wpi_stop_master(wpi_sc_t *sc) 2890 { 2891 uint32_t tmp; 2892 int ntries; 2893 2894 tmp = WPI_READ(sc, WPI_RESET); 2895 WPI_WRITE(sc, WPI_RESET, tmp | WPI_STOP_MASTER); 2896 2897 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2898 if ((tmp & WPI_GPIO_PWR_STATUS) == WPI_GPIO_PWR_SLEEP) 2899 return; /* already asleep */ 2900 2901 for (ntries = 0; ntries < 2000; ntries++) { 2902 if (WPI_READ(sc, WPI_RESET) & WPI_MASTER_DISABLED) 2903 break; 2904 DELAY(1000); 2905 } 2906 if (ntries == 2000) 2907 WPI_DBG((WPI_DEBUG_HW, "timeout waiting for master\n")); 2908 } 2909 2910 static int 2911 wpi_power_up(wpi_sc_t *sc) 2912 { 2913 uint32_t tmp; 2914 int ntries; 2915 2916 wpi_mem_lock(sc); 2917 tmp = wpi_mem_read(sc, WPI_MEM_POWER); 2918 wpi_mem_write(sc, WPI_MEM_POWER, tmp & ~0x03000000); 2919 wpi_mem_unlock(sc); 2920 2921 for (ntries = 0; ntries < 5000; ntries++) { 2922 if (WPI_READ(sc, WPI_GPIO_STATUS) & WPI_POWERED) 2923 break; 2924 DELAY(10); 2925 } 2926 if (ntries == 5000) { 2927 cmn_err(CE_WARN, 2928 "wpi_power_up(): timeout waiting for NIC to power up\n"); 2929 return (ETIMEDOUT); 2930 } 2931 return (WPI_SUCCESS); 2932 } 2933 2934 static int 2935 wpi_reset(wpi_sc_t *sc) 2936 { 2937 uint32_t tmp; 2938 int ntries; 2939 2940 /* clear any pending interrupts */ 2941 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 2942 2943 tmp = WPI_READ(sc, WPI_PLL_CTL); 2944 WPI_WRITE(sc, WPI_PLL_CTL, tmp | WPI_PLL_INIT); 2945 2946 tmp = WPI_READ(sc, WPI_CHICKEN); 2947 WPI_WRITE(sc, WPI_CHICKEN, tmp | WPI_CHICKEN_RXNOLOS); 2948 2949 tmp = WPI_READ(sc, WPI_GPIO_CTL); 2950 WPI_WRITE(sc, WPI_GPIO_CTL, tmp | WPI_GPIO_INIT); 2951 2952 /* wait for clock stabilization */ 2953 for (ntries = 0; ntries < 1000; ntries++) { 2954 if (WPI_READ(sc, WPI_GPIO_CTL) & WPI_GPIO_CLOCK) 2955 break; 2956 DELAY(10); 2957 } 2958 if (ntries == 1000) { 2959 cmn_err(CE_WARN, 2960 "wpi_reset(): timeout waiting for clock stabilization\n"); 2961 return (ETIMEDOUT); 2962 } 2963 2964 /* initialize EEPROM */ 2965 tmp = WPI_READ(sc, WPI_EEPROM_STATUS); 2966 if ((tmp & WPI_EEPROM_VERSION) == 0) { 2967 cmn_err(CE_WARN, "wpi_reset(): EEPROM not found\n"); 2968 return (EIO); 2969 } 2970 WPI_WRITE(sc, WPI_EEPROM_STATUS, tmp & ~WPI_EEPROM_LOCKED); 2971 2972 return (WPI_SUCCESS); 2973 } 2974 2975 static void 2976 wpi_hw_config(wpi_sc_t *sc) 2977 { 2978 uint16_t val; 2979 uint32_t hw; 2980 2981 /* voodoo from the Linux "driver".. */ 2982 hw = WPI_READ(sc, WPI_HWCONFIG); 2983 2984 if ((sc->sc_rev & 0xc0) == 0x40) 2985 hw |= WPI_HW_ALM_MB; 2986 else if (!(sc->sc_rev & 0x80)) 2987 hw |= WPI_HW_ALM_MM; 2988 2989 val = wpi_read_prom_word(sc, WPI_EEPROM_CAPABILITIES); 2990 if ((val & 0xff) == 0x80) 2991 hw |= WPI_HW_SKU_MRC; 2992 2993 val = wpi_read_prom_word(sc, WPI_EEPROM_REVISION); 2994 hw &= ~WPI_HW_REV_D; 2995 if ((val & 0xf0) == 0xd0) 2996 hw |= WPI_HW_REV_D; 2997 2998 val = wpi_read_prom_word(sc, WPI_EEPROM_TYPE); 2999 if ((val & 0xff) > 1) 3000 hw |= WPI_HW_TYPE_B; 3001 3002 WPI_DBG((WPI_DEBUG_HW, "setting h/w config %x\n", hw)); 3003 WPI_WRITE(sc, WPI_HWCONFIG, hw); 3004 } 3005 3006 static int 3007 wpi_init(wpi_sc_t *sc) 3008 { 3009 uint32_t tmp; 3010 int qid, ntries, err; 3011 clock_t clk; 3012 3013 mutex_enter(&sc->sc_glock); 3014 sc->sc_flags &= ~WPI_F_FW_INIT; 3015 3016 (void) wpi_reset(sc); 3017 3018 wpi_mem_lock(sc); 3019 wpi_mem_write(sc, WPI_MEM_CLOCK1, 0xa00); 3020 DELAY(20); 3021 tmp = wpi_mem_read(sc, WPI_MEM_PCIDEV); 3022 wpi_mem_write(sc, WPI_MEM_PCIDEV, tmp | 0x800); 3023 wpi_mem_unlock(sc); 3024 3025 (void) wpi_power_up(sc); 3026 wpi_hw_config(sc); 3027 3028 tmp = WPI_READ(sc, WPI_GPIO_CTL); 3029 if (!(tmp & WPI_GPIO_HW_RF_KILL)) { 3030 cmn_err(CE_WARN, "wpi_init(): Radio transmitter is off\n"); 3031 goto fail1; 3032 } 3033 3034 /* init Rx ring */ 3035 wpi_mem_lock(sc); 3036 WPI_WRITE(sc, WPI_RX_BASE, sc->sc_rxq.dma_desc.cookie.dmac_address); 3037 WPI_WRITE(sc, WPI_RX_RIDX_PTR, 3038 (uint32_t)(sc->sc_dma_sh.cookie.dmac_address + 3039 offsetof(wpi_shared_t, next))); 3040 WPI_WRITE(sc, WPI_RX_WIDX, (WPI_RX_RING_COUNT - 1) & (~7)); 3041 WPI_WRITE(sc, WPI_RX_CONFIG, 0xa9601010); 3042 wpi_mem_unlock(sc); 3043 3044 /* init Tx rings */ 3045 wpi_mem_lock(sc); 3046 wpi_mem_write(sc, WPI_MEM_MODE, 2); /* bypass mode */ 3047 wpi_mem_write(sc, WPI_MEM_RA, 1); /* enable RA0 */ 3048 wpi_mem_write(sc, WPI_MEM_TXCFG, 0x3f); /* enable all 6 Tx rings */ 3049 wpi_mem_write(sc, WPI_MEM_BYPASS1, 0x10000); 3050 wpi_mem_write(sc, WPI_MEM_BYPASS2, 0x30002); 3051 wpi_mem_write(sc, WPI_MEM_MAGIC4, 4); 3052 wpi_mem_write(sc, WPI_MEM_MAGIC5, 5); 3053 3054 WPI_WRITE(sc, WPI_TX_BASE_PTR, sc->sc_dma_sh.cookie.dmac_address); 3055 WPI_WRITE(sc, WPI_MSG_CONFIG, 0xffff05a5); 3056 3057 for (qid = 0; qid < 6; qid++) { 3058 WPI_WRITE(sc, WPI_TX_CTL(qid), 0); 3059 WPI_WRITE(sc, WPI_TX_BASE(qid), 0); 3060 WPI_WRITE(sc, WPI_TX_CONFIG(qid), 0x80200008); 3061 } 3062 wpi_mem_unlock(sc); 3063 3064 /* clear "radio off" and "disable command" bits (reversed logic) */ 3065 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_RADIO_OFF); 3066 WPI_WRITE(sc, WPI_UCODE_CLR, WPI_DISABLE_CMD); 3067 3068 /* clear any pending interrupts */ 3069 WPI_WRITE(sc, WPI_INTR, 0xffffffff); 3070 3071 /* enable interrupts */ 3072 WPI_WRITE(sc, WPI_MASK, WPI_INTR_MASK); 3073 3074 /* load firmware boot code into NIC */ 3075 err = wpi_load_microcode(sc); 3076 if (err != WPI_SUCCESS) { 3077 cmn_err(CE_WARN, "wpi_init(): failed to load microcode\n"); 3078 goto fail1; 3079 } 3080 3081 /* load firmware .text segment into NIC */ 3082 err = wpi_load_firmware(sc, WPI_FW_TEXT); 3083 if (err != WPI_SUCCESS) { 3084 cmn_err(CE_WARN, "wpi_init(): " 3085 "failed to load firmware(text)\n"); 3086 goto fail1; 3087 } 3088 3089 /* load firmware .data segment into NIC */ 3090 err = wpi_load_firmware(sc, WPI_FW_DATA); 3091 if (err != WPI_SUCCESS) { 3092 cmn_err(CE_WARN, "wpi_init(): " 3093 "failed to load firmware(data)\n"); 3094 goto fail1; 3095 } 3096 3097 /* now press "execute" ;-) */ 3098 tmp = WPI_READ(sc, WPI_RESET); 3099 tmp &= ~(WPI_MASTER_DISABLED | WPI_STOP_MASTER | WPI_NEVO_RESET); 3100 WPI_WRITE(sc, WPI_RESET, tmp); 3101 3102 /* ..and wait at most one second for adapter to initialize */ 3103 clk = ddi_get_lbolt() + drv_usectohz(2000000); 3104 while (!(sc->sc_flags & WPI_F_FW_INIT)) { 3105 if (cv_timedwait(&sc->sc_fw_cv, &sc->sc_glock, clk) < 0) 3106 break; 3107 } 3108 if (!(sc->sc_flags & WPI_F_FW_INIT)) { 3109 cmn_err(CE_WARN, 3110 "wpi_init(): timeout waiting for firmware init\n"); 3111 goto fail1; 3112 } 3113 3114 /* wait for thermal sensors to calibrate */ 3115 for (ntries = 0; ntries < 1000; ntries++) { 3116 if (WPI_READ(sc, WPI_TEMPERATURE) != 0) 3117 break; 3118 DELAY(10); 3119 } 3120 3121 if (ntries == 1000) { 3122 WPI_DBG((WPI_DEBUG_HW, 3123 "wpi_init(): timeout waiting for thermal sensors " 3124 "calibration\n")); 3125 } 3126 3127 WPI_DBG((WPI_DEBUG_HW, "temperature %d\n", 3128 (int)WPI_READ(sc, WPI_TEMPERATURE))); 3129 3130 err = wpi_config(sc); 3131 if (err) { 3132 cmn_err(CE_WARN, "wpi_init(): failed to configure device\n"); 3133 goto fail1; 3134 } 3135 3136 mutex_exit(&sc->sc_glock); 3137 return (WPI_SUCCESS); 3138 3139 fail1: 3140 err = WPI_FAIL; 3141 mutex_exit(&sc->sc_glock); 3142 return (err); 3143 } 3144 3145 static void 3146 wpi_stop(wpi_sc_t *sc) 3147 { 3148 uint32_t tmp; 3149 int ac; 3150 3151 3152 mutex_enter(&sc->sc_glock); 3153 /* disable interrupts */ 3154 WPI_WRITE(sc, WPI_MASK, 0); 3155 WPI_WRITE(sc, WPI_INTR, WPI_INTR_MASK); 3156 WPI_WRITE(sc, WPI_INTR_STATUS, 0xff); 3157 WPI_WRITE(sc, WPI_INTR_STATUS, 0x00070000); 3158 3159 wpi_mem_lock(sc); 3160 wpi_mem_write(sc, WPI_MEM_MODE, 0); 3161 wpi_mem_unlock(sc); 3162 3163 /* reset all Tx rings */ 3164 for (ac = 0; ac < 4; ac++) 3165 wpi_reset_tx_ring(sc, &sc->sc_txq[ac]); 3166 wpi_reset_tx_ring(sc, &sc->sc_cmdq); 3167 wpi_reset_tx_ring(sc, &sc->sc_svcq); 3168 3169 /* reset Rx ring */ 3170 wpi_reset_rx_ring(sc); 3171 3172 wpi_mem_lock(sc); 3173 wpi_mem_write(sc, WPI_MEM_CLOCK2, 0x200); 3174 wpi_mem_unlock(sc); 3175 3176 DELAY(5); 3177 3178 wpi_stop_master(sc); 3179 3180 sc->sc_tx_timer = 0; 3181 tmp = WPI_READ(sc, WPI_RESET); 3182 WPI_WRITE(sc, WPI_RESET, tmp | WPI_SW_RESET); 3183 mutex_exit(&sc->sc_glock); 3184 } 3185 3186 /* 3187 * Naive implementation of the Adaptive Multi Rate Retry algorithm: 3188 * "IEEE 802.11 Rate Adaptation: A Practical Approach" 3189 * Mathieu Lacage, Hossein Manshaei, Thierry Turletti 3190 * INRIA Sophia - Projet Planete 3191 * http://www-sop.inria.fr/rapports/sophia/RR-5208.html 3192 */ 3193 #define is_success(amrr) \ 3194 ((amrr)->retrycnt < (amrr)->txcnt / 10) 3195 #define is_failure(amrr) \ 3196 ((amrr)->retrycnt > (amrr)->txcnt / 3) 3197 #define is_enough(amrr) \ 3198 ((amrr)->txcnt > 100) 3199 #define is_min_rate(in) \ 3200 ((in)->in_txrate == 0) 3201 #define is_max_rate(in) \ 3202 ((in)->in_txrate == (in)->in_rates.ir_nrates - 1) 3203 #define increase_rate(in) \ 3204 ((in)->in_txrate++) 3205 #define decrease_rate(in) \ 3206 ((in)->in_txrate--) 3207 #define reset_cnt(amrr) \ 3208 { (amrr)->txcnt = (amrr)->retrycnt = 0; } 3209 3210 #define WPI_AMRR_MIN_SUCCESS_THRESHOLD 1 3211 #define WPI_AMRR_MAX_SUCCESS_THRESHOLD 15 3212 3213 static void 3214 wpi_amrr_init(wpi_amrr_t *amrr) 3215 { 3216 amrr->success = 0; 3217 amrr->recovery = 0; 3218 amrr->txcnt = amrr->retrycnt = 0; 3219 amrr->success_threshold = WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3220 } 3221 3222 static void 3223 wpi_amrr_timeout(wpi_sc_t *sc) 3224 { 3225 ieee80211com_t *ic = &sc->sc_ic; 3226 3227 WPI_DBG((WPI_DEBUG_RATECTL, "wpi_amrr_timeout() enter\n")); 3228 if (ic->ic_opmode == IEEE80211_M_STA) 3229 wpi_amrr_ratectl(NULL, ic->ic_bss); 3230 else 3231 ieee80211_iterate_nodes(&ic->ic_sta, wpi_amrr_ratectl, NULL); 3232 sc->sc_clk = ddi_get_lbolt(); 3233 } 3234 3235 /* ARGSUSED */ 3236 static void 3237 wpi_amrr_ratectl(void *arg, ieee80211_node_t *in) 3238 { 3239 wpi_amrr_t *amrr = (wpi_amrr_t *)in; 3240 int need_change = 0; 3241 3242 if (is_success(amrr) && is_enough(amrr)) { 3243 amrr->success++; 3244 if (amrr->success >= amrr->success_threshold && 3245 !is_max_rate(in)) { 3246 amrr->recovery = 1; 3247 amrr->success = 0; 3248 increase_rate(in); 3249 WPI_DBG((WPI_DEBUG_RATECTL, 3250 "AMRR increasing rate %d (txcnt=%d retrycnt=%d)\n", 3251 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3252 need_change = 1; 3253 } else { 3254 amrr->recovery = 0; 3255 } 3256 } else if (is_failure(amrr)) { 3257 amrr->success = 0; 3258 if (!is_min_rate(in)) { 3259 if (amrr->recovery) { 3260 amrr->success_threshold++; 3261 if (amrr->success_threshold > 3262 WPI_AMRR_MAX_SUCCESS_THRESHOLD) 3263 amrr->success_threshold = 3264 WPI_AMRR_MAX_SUCCESS_THRESHOLD; 3265 } else { 3266 amrr->success_threshold = 3267 WPI_AMRR_MIN_SUCCESS_THRESHOLD; 3268 } 3269 decrease_rate(in); 3270 WPI_DBG((WPI_DEBUG_RATECTL, 3271 "AMRR decreasing rate %d (txcnt=%d retrycnt=%d)\n", 3272 in->in_txrate, amrr->txcnt, amrr->retrycnt)); 3273 need_change = 1; 3274 } 3275 amrr->recovery = 0; /* paper is incorrect */ 3276 } 3277 3278 if (is_enough(amrr) || need_change) 3279 reset_cnt(amrr); 3280 } 3281