2 * Copyright (c) 2012 Adrian Chadd <adrian@FreeBSD.org>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer,
10 * without modification.
11 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
12 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
13 * redistribution must be conditioned upon including a substantially
14 * similar Disclaimer requirement for further binary redistribution.
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
22 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
27 * THE POSSIBILITY OF SUCH DAMAGES.
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
34 * Driver for the Atheros Wireless LAN controller.
36 * This software is derived from work of Atsushi Onoe; his contribution
37 * is greatly appreciated.
43 * This is needed for register operations which are performed
44 * by the driver - eg, calls to ath_hal_gettsf32().
46 * It's also required for any AH_DEBUG checks in here, eg the
47 * module dependencies.
52 #include <sys/param.h>
53 #include <sys/systm.h>
54 #include <sys/sysctl.h>
56 #include <sys/malloc.h>
58 #include <sys/mutex.h>
59 #include <sys/kernel.h>
60 #include <sys/socket.h>
61 #include <sys/sockio.h>
62 #include <sys/errno.h>
63 #include <sys/callout.h>
65 #include <sys/endian.h>
66 #include <sys/kthread.h>
67 #include <sys/taskqueue.h>
69 #include <sys/module.h>
71 #include <sys/smp.h> /* for mp_ncpus */
73 #include <machine/bus.h>
76 #include <net/if_dl.h>
77 #include <net/if_media.h>
78 #include <net/if_types.h>
79 #include <net/if_arp.h>
80 #include <net/ethernet.h>
81 #include <net/if_llc.h>
83 #include <net80211/ieee80211_var.h>
84 #include <net80211/ieee80211_regdomain.h>
85 #ifdef IEEE80211_SUPPORT_SUPERG
86 #include <net80211/ieee80211_superg.h>
88 #ifdef IEEE80211_SUPPORT_TDMA
89 #include <net80211/ieee80211_tdma.h>
95 #include <netinet/in.h>
96 #include <netinet/if_ether.h>
99 #include <dev/ath/if_athvar.h>
100 #include <dev/ath/ath_hal/ah_devid.h> /* XXX for softled */
101 #include <dev/ath/ath_hal/ah_diagcodes.h>
103 #include <dev/ath/if_ath_debug.h>
104 #include <dev/ath/if_ath_misc.h>
105 #include <dev/ath/if_ath_tsf.h>
106 #include <dev/ath/if_ath_tx.h>
107 #include <dev/ath/if_ath_sysctl.h>
108 #include <dev/ath/if_ath_led.h>
109 #include <dev/ath/if_ath_keycache.h>
110 #include <dev/ath/if_ath_rx.h>
111 #include <dev/ath/if_ath_beacon.h>
112 #include <dev/ath/if_athdfs.h>
115 #include <dev/ath/ath_tx99/ath_tx99.h>
118 #include <dev/ath/if_ath_rx_edma.h>
121 * some general macros
123 #define INCR(_l, _sz) (_l) ++; (_l) &= ((_sz) - 1)
124 #define DECR(_l, _sz) (_l) --; (_l) &= ((_sz) - 1)
126 MALLOC_DECLARE(M_ATHDEV);
131 * + Add an RX lock, just to ensure we don't have things clash;
132 * + Make sure the FIFO is correctly flushed and reinitialised
134 * + Handle the "kickpcu" state where the FIFO overflows.
135 * + Implement a "flush" routine, which doesn't push any
136 * new frames into the FIFO.
137 * + Verify multi-descriptor frames work!
138 * + There's a "memory use after free" which needs to be tracked down
139 * and fixed ASAP. I've seen this in the legacy path too, so it
140 * may be a generic RX path issue.
144 * XXX shuffle the function orders so these pre-declarations aren't
147 static int ath_edma_rxfifo_alloc(struct ath_softc *sc, HAL_RX_QUEUE qtype,
149 static int ath_edma_rxfifo_flush(struct ath_softc *sc, HAL_RX_QUEUE qtype);
150 static void ath_edma_rxbuf_free(struct ath_softc *sc, struct ath_buf *bf);
151 static int ath_edma_recv_proc_queue(struct ath_softc *sc,
152 HAL_RX_QUEUE qtype, int dosched);
155 ath_edma_stoprecv(struct ath_softc *sc, int dodelay)
157 struct ath_hal *ah = sc->sc_ah;
160 ath_hal_stoppcurecv(ah);
161 ath_hal_setrxfilter(ah, 0);
162 ath_hal_stopdmarecv(ah);
166 /* Flush RX pending for each queue */
167 /* XXX should generic-ify this */
168 if (sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending) {
169 m_freem(sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending);
170 sc->sc_rxedma[HAL_RX_QUEUE_HP].m_rxpending = NULL;
173 if (sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending) {
174 m_freem(sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending);
175 sc->sc_rxedma[HAL_RX_QUEUE_LP].m_rxpending = NULL;
181 * Re-initialise the FIFO given the current buffer contents.
182 * Specifically, walk from head -> tail, pushing the FIFO contents
183 * back into the FIFO.
186 ath_edma_reinit_fifo(struct ath_softc *sc, HAL_RX_QUEUE qtype)
188 struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
192 ATH_RX_LOCK_ASSERT(sc);
195 for (j = 0; j < re->m_fifo_depth; j++) {
197 DPRINTF(sc, ATH_DEBUG_EDMA_RX,
198 "%s: Q%d: pos=%i, addr=0x%jx\n",
202 (uintmax_t)bf->bf_daddr);
203 ath_hal_putrxbuf(sc->sc_ah, bf->bf_daddr, qtype);
204 INCR(i, re->m_fifolen);
207 /* Ensure this worked out right */
208 if (i != re->m_fifo_tail) {
209 device_printf(sc->sc_dev, "%s: i (%d) != tail! (%d)\n",
219 * XXX TODO: this needs to reallocate the FIFO entries when a reset
220 * occurs, in case the FIFO is filled up and no new descriptors get
221 * thrown into the FIFO.
224 ath_edma_startrecv(struct ath_softc *sc)
226 struct ath_hal *ah = sc->sc_ah;
234 * Entries should only be written out if the
237 * XXX This isn't correct. I should be looking
238 * at the value of AR_RXDP_SIZE (0x0070) to determine
239 * how many entries are in here.
241 * A warm reset will clear the registers but not the FIFO.
243 * And I believe this is actually the address of the last
244 * handled buffer rather than the current FIFO pointer.
245 * So if no frames have been (yet) seen, we'll reinit the
248 * I'll chase that up at some point.
250 if (ath_hal_getrxbuf(sc->sc_ah, HAL_RX_QUEUE_HP) == 0) {
251 DPRINTF(sc, ATH_DEBUG_EDMA_RX,
252 "%s: Re-initing HP FIFO\n", __func__);
253 ath_edma_reinit_fifo(sc, HAL_RX_QUEUE_HP);
255 if (ath_hal_getrxbuf(sc->sc_ah, HAL_RX_QUEUE_LP) == 0) {
256 DPRINTF(sc, ATH_DEBUG_EDMA_RX,
257 "%s: Re-initing LP FIFO\n", __func__);
258 ath_edma_reinit_fifo(sc, HAL_RX_QUEUE_LP);
261 /* Add up to m_fifolen entries in each queue */
263 * These must occur after the above write so the FIFO buffers
264 * are pushed/tracked in the same order as the hardware will
267 ath_edma_rxfifo_alloc(sc, HAL_RX_QUEUE_HP,
268 sc->sc_rxedma[HAL_RX_QUEUE_HP].m_fifolen);
270 ath_edma_rxfifo_alloc(sc, HAL_RX_QUEUE_LP,
271 sc->sc_rxedma[HAL_RX_QUEUE_LP].m_fifolen);
274 ath_hal_startpcurecv(ah);
282 ath_edma_recv_flush(struct ath_softc *sc)
285 device_printf(sc->sc_dev, "%s: called\n", __func__);
291 ath_edma_recv_proc_queue(sc, HAL_RX_QUEUE_HP, 0);
292 ath_edma_recv_proc_queue(sc, HAL_RX_QUEUE_LP, 0);
300 * Process frames from the current queue.
304 * + Add a "dosched" flag, so we don't reschedule any FIFO frames
305 * to the hardware or re-kick the PCU after 'kickpcu' is set.
307 * + Perhaps split "check FIFO contents" and "handle frames", so
308 * we can run the "check FIFO contents" in ath_intr(), but
309 * "handle frames" in the RX tasklet.
312 ath_edma_recv_proc_queue(struct ath_softc *sc, HAL_RX_QUEUE qtype,
315 struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
316 struct ath_rx_status *rs;
320 struct ath_hal *ah = sc->sc_ah;
323 int ngood = 0, npkts = 0;
325 struct ath_buf *next;
329 tsf = ath_hal_gettsf64(ah);
330 nf = ath_hal_getchannoise(ah, sc->sc_curchan);
331 sc->sc_stats.ast_rx_noise = nf;
336 bf = re->m_fifo[re->m_fifo_head];
337 /* This shouldn't occur! */
339 device_printf(sc->sc_dev, "%s: Q%d: NULL bf?\n",
348 * Sync descriptor memory - this also syncs the buffer for us.
350 * EDMA descriptors are in cached memory.
352 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap,
353 BUS_DMASYNC_POSTREAD);
354 rs = &bf->bf_status.ds_rxstat;
355 bf->bf_rxstatus = ath_hal_rxprocdesc(ah, ds, bf->bf_daddr,
358 if (sc->sc_debug & ATH_DEBUG_RECV_DESC)
359 ath_printrxbuf(sc, bf, 0, bf->bf_rxstatus == HAL_OK);
361 if (bf->bf_rxstatus == HAL_EINPROGRESS)
365 * Completed descriptor.
367 * In the future we'll call ath_rx_pkt(), but it first
368 * has to be taught about EDMA RX queues (so it can
369 * access sc_rxpending correctly.)
371 DPRINTF(sc, ATH_DEBUG_EDMA_RX,
372 "%s: Q%d: completed!\n", __func__, qtype);
376 * Remove the FIFO entry and place it on the completion
379 re->m_fifo[re->m_fifo_head] = NULL;
380 TAILQ_INSERT_TAIL(&rxlist, bf, bf_list);
382 /* Bump the descriptor FIFO stats */
383 INCR(re->m_fifo_head, re->m_fifolen);
385 /* XXX check it doesn't fall below 0 */
386 } while (re->m_fifo_depth > 0);
388 /* Append some more fresh frames to the FIFO */
390 ath_edma_rxfifo_alloc(sc, qtype, re->m_fifolen);
394 /* Handle the completed descriptors */
395 TAILQ_FOREACH_SAFE(bf, &rxlist, bf_list, next) {
397 * Skip the RX descriptor status - start at the data offset
399 m_adj(bf->bf_m, sc->sc_rx_statuslen);
401 /* Handle the frame */
403 * Note: this may or may not free bf->bf_m and sync/unmap
406 rs = &bf->bf_status.ds_rxstat;
407 if (ath_rx_pkt(sc, rs, bf->bf_rxstatus, tsf, nf, qtype, bf))
411 /* Free in one set, inside the lock */
413 TAILQ_FOREACH_SAFE(bf, &rxlist, bf_list, next) {
414 /* Free the buffer/mbuf */
415 ath_edma_rxbuf_free(sc, bf);
419 /* rx signal state monitoring */
420 ath_hal_rxmonitor(ah, &sc->sc_halstats, sc->sc_curchan);
424 CTR2(ATH_KTR_INTR, "ath edma rx proc: npkts=%d, ngood=%d",
427 /* Handle resched and kickpcu appropriately */
429 if (dosched && sc->sc_kickpcu) {
430 CTR0(ATH_KTR_ERR, "ath_edma_recv_proc_queue(): kickpcu");
431 device_printf(sc->sc_dev,
432 "%s: handled npkts %d ngood %d\n",
433 __func__, npkts, ngood);
436 * XXX TODO: what should occur here? Just re-poke and
437 * re-enable the RX FIFO?
447 ath_edma_recv_tasklet(void *arg, int npending)
449 struct ath_softc *sc = (struct ath_softc *) arg;
450 struct ifnet *ifp = sc->sc_ifp;
451 #ifdef IEEE80211_SUPPORT_SUPERG
452 struct ieee80211com *ic = ifp->if_l2com;
455 DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: called; npending=%d\n",
460 if (sc->sc_inreset_cnt > 0) {
461 device_printf(sc->sc_dev, "%s: sc_inreset_cnt > 0; skipping\n",
469 ath_edma_recv_proc_queue(sc, HAL_RX_QUEUE_HP, 1);
470 ath_edma_recv_proc_queue(sc, HAL_RX_QUEUE_LP, 1);
472 /* XXX inside IF_LOCK ? */
473 if ((ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) {
474 #ifdef IEEE80211_SUPPORT_SUPERG
475 ieee80211_ff_age_all(ic, 100);
477 if (! IFQ_IS_EMPTY(&ifp->if_snd))
480 if (ath_dfs_tasklet_needed(sc, sc->sc_curchan))
481 taskqueue_enqueue(sc->sc_tq, &sc->sc_dfstask);
489 * Allocate an RX mbuf for the given ath_buf and initialise
492 * + Allocate a 4KB mbuf;
493 * + Setup the DMA map for the given buffer;
494 * + Keep a pointer to the start of the mbuf - that's where the
496 * + Take a pointer to the start of the RX buffer, set the
497 * mbuf "start" to be there;
501 ath_edma_rxbuf_init(struct ath_softc *sc, struct ath_buf *bf)
508 ATH_RX_LOCK_ASSERT(sc);
510 m = m_getm(NULL, sc->sc_edma_bufsize, M_DONTWAIT, MT_DATA);
512 return (ENOBUFS); /* XXX ?*/
514 /* XXX warn/enforce alignment */
516 len = m->m_ext.ext_size;
518 device_printf(sc->sc_dev, "%s: called: m=%p, size=%d, mtod=%p\n",
525 m->m_pkthdr.len = m->m_len = m->m_ext.ext_size;
528 * Create DMA mapping.
530 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat,
531 bf->bf_dmamap, m, bf->bf_segs, &bf->bf_nseg, BUS_DMA_NOWAIT);
533 device_printf(sc->sc_dev, "%s: failed; error=%d\n",
541 * Populate ath_buf fields.
544 bf->bf_desc = mtod(m, struct ath_desc *);
545 bf->bf_daddr = bf->bf_segs[0].ds_addr;
546 bf->bf_lastds = bf->bf_desc; /* XXX only really for TX? */
549 /* Zero the descriptor */
550 memset(bf->bf_desc, '\0', sc->sc_rx_statuslen);
554 * Adjust mbuf header and length/size to compensate for the
557 m_adj(m, sc->sc_rx_statuslen);
565 static struct ath_buf *
566 ath_edma_rxbuf_alloc(struct ath_softc *sc)
571 ATH_RX_LOCK_ASSERT(sc);
573 /* Allocate buffer */
574 bf = TAILQ_FIRST(&sc->sc_rxbuf);
575 /* XXX shouldn't happen upon startup? */
579 /* Remove it from the free list */
580 TAILQ_REMOVE(&sc->sc_rxbuf, bf, bf_list);
582 /* Assign RX mbuf to it */
583 error = ath_edma_rxbuf_init(sc, bf);
585 device_printf(sc->sc_dev,
586 "%s: bf=%p, rxbuf alloc failed! error=%d\n",
590 TAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list);
598 ath_edma_rxbuf_free(struct ath_softc *sc, struct ath_buf *bf)
601 ATH_RX_LOCK_ASSERT(sc);
603 /* We're doing this multiple times? */
604 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
612 TAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list);
616 * Allocate up to 'n' entries and push them onto the hardware FIFO.
618 * Return how many entries were successfully pushed onto the
622 ath_edma_rxfifo_alloc(struct ath_softc *sc, HAL_RX_QUEUE qtype, int nbufs)
624 struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
628 ATH_RX_LOCK_ASSERT(sc);
631 * Allocate buffers until the FIFO is full or nbufs is reached.
633 for (i = 0; i < nbufs && re->m_fifo_depth < re->m_fifolen; i++) {
634 /* Ensure the FIFO is already blank, complain loudly! */
635 if (re->m_fifo[re->m_fifo_tail] != NULL) {
636 device_printf(sc->sc_dev,
637 "%s: Q%d: fifo[%d] != NULL (%p)\n",
641 re->m_fifo[re->m_fifo_tail]);
644 ath_edma_rxbuf_free(sc, re->m_fifo[re->m_fifo_tail]);
646 /* XXX check it's not < 0 */
647 re->m_fifo[re->m_fifo_tail] = NULL;
650 bf = ath_edma_rxbuf_alloc(sc);
651 /* XXX should ensure the FIFO is not NULL? */
653 device_printf(sc->sc_dev, "%s: Q%d: alloc failed?\n",
659 re->m_fifo[re->m_fifo_tail] = bf;
662 * Flush the descriptor contents before it's handed to the
665 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap,
666 BUS_DMASYNC_PREREAD);
668 /* Write to the RX FIFO */
669 DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: Q%d: putrxbuf=%p\n",
673 ath_hal_putrxbuf(sc->sc_ah, bf->bf_daddr, qtype);
676 INCR(re->m_fifo_tail, re->m_fifolen);
680 * Return how many were allocated.
682 DPRINTF(sc, ATH_DEBUG_EDMA_RX, "%s: Q%d: nbufs=%d, nalloced=%d\n",
691 ath_edma_rxfifo_flush(struct ath_softc *sc, HAL_RX_QUEUE qtype)
693 struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
696 ATH_RX_LOCK_ASSERT(sc);
698 for (i = 0; i < re->m_fifolen; i++) {
699 if (re->m_fifo[i] != NULL) {
701 struct ath_buf *bf = re->m_fifo[i];
703 if (sc->sc_debug & ATH_DEBUG_RECV_DESC)
704 ath_printrxbuf(sc, bf, 0, HAL_OK);
706 ath_edma_rxbuf_free(sc, re->m_fifo[i]);
707 re->m_fifo[i] = NULL;
712 if (re->m_rxpending != NULL) {
713 m_freem(re->m_rxpending);
714 re->m_rxpending = NULL;
716 re->m_fifo_head = re->m_fifo_tail = re->m_fifo_depth = 0;
722 * Setup the initial RX FIFO structure.
725 ath_edma_setup_rxfifo(struct ath_softc *sc, HAL_RX_QUEUE qtype)
727 struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
729 ATH_RX_LOCK_ASSERT(sc);
731 if (! ath_hal_getrxfifodepth(sc->sc_ah, qtype, &re->m_fifolen)) {
732 device_printf(sc->sc_dev, "%s: qtype=%d, failed\n",
737 device_printf(sc->sc_dev, "%s: type=%d, FIFO depth = %d entries\n",
742 /* Allocate ath_buf FIFO array, pre-zero'ed */
743 re->m_fifo = malloc(sizeof(struct ath_buf *) * re->m_fifolen,
746 if (re->m_fifo == NULL) {
747 device_printf(sc->sc_dev, "%s: malloc failed\n",
753 * Set initial "empty" state.
755 re->m_rxpending = NULL;
756 re->m_fifo_head = re->m_fifo_tail = re->m_fifo_depth = 0;
762 ath_edma_rxfifo_free(struct ath_softc *sc, HAL_RX_QUEUE qtype)
764 struct ath_rx_edma *re = &sc->sc_rxedma[qtype];
766 device_printf(sc->sc_dev, "%s: called; qtype=%d\n",
770 free(re->m_fifo, M_ATHDEV);
776 ath_edma_dma_rxsetup(struct ath_softc *sc)
781 * Create RX DMA tag and buffers.
783 error = ath_descdma_setup_rx_edma(sc, &sc->sc_rxdma, &sc->sc_rxbuf,
784 "rx", ath_rxbuf, sc->sc_rx_statuslen);
789 (void) ath_edma_setup_rxfifo(sc, HAL_RX_QUEUE_HP);
790 (void) ath_edma_setup_rxfifo(sc, HAL_RX_QUEUE_LP);
797 ath_edma_dma_rxteardown(struct ath_softc *sc)
801 ath_edma_rxfifo_flush(sc, HAL_RX_QUEUE_HP);
802 ath_edma_rxfifo_free(sc, HAL_RX_QUEUE_HP);
804 ath_edma_rxfifo_flush(sc, HAL_RX_QUEUE_LP);
805 ath_edma_rxfifo_free(sc, HAL_RX_QUEUE_LP);
808 /* Free RX ath_buf */
809 /* Free RX DMA tag */
810 if (sc->sc_rxdma.dd_desc_len != 0)
811 ath_descdma_cleanup(sc, &sc->sc_rxdma, &sc->sc_rxbuf);
817 ath_recv_setup_edma(struct ath_softc *sc)
820 /* Set buffer size to 4k */
821 sc->sc_edma_bufsize = 4096;
823 /* Fetch EDMA field and buffer sizes */
824 (void) ath_hal_getrxstatuslen(sc->sc_ah, &sc->sc_rx_statuslen);
826 /* Configure the hardware with the RX buffer size */
827 (void) ath_hal_setrxbufsize(sc->sc_ah, sc->sc_edma_bufsize -
828 sc->sc_rx_statuslen);
830 device_printf(sc->sc_dev, "RX status length: %d\n",
831 sc->sc_rx_statuslen);
832 device_printf(sc->sc_dev, "RX buffer size: %d\n",
833 sc->sc_edma_bufsize);
835 sc->sc_rx.recv_stop = ath_edma_stoprecv;
836 sc->sc_rx.recv_start = ath_edma_startrecv;
837 sc->sc_rx.recv_flush = ath_edma_recv_flush;
838 sc->sc_rx.recv_tasklet = ath_edma_recv_tasklet;
839 sc->sc_rx.recv_rxbuf_init = ath_edma_rxbuf_init;
841 sc->sc_rx.recv_setup = ath_edma_dma_rxsetup;
842 sc->sc_rx.recv_teardown = ath_edma_dma_rxteardown;
projects / FreeBSD / FreeBSD.git / blob