1 /* $OpenBSD: if_iwm.c,v 1.167 2017/04/04 00:40:52 claudio Exp $ */
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
27 ***********************************************************************
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
105 #include <sys/cdefs.h>
106 __FBSDID("$FreeBSD$");
108 #include "opt_wlan.h"
111 #include <sys/param.h>
113 #include <sys/conf.h>
114 #include <sys/endian.h>
115 #include <sys/firmware.h>
116 #include <sys/kernel.h>
117 #include <sys/malloc.h>
118 #include <sys/mbuf.h>
119 #include <sys/mutex.h>
120 #include <sys/module.h>
121 #include <sys/proc.h>
122 #include <sys/rman.h>
123 #include <sys/socket.h>
124 #include <sys/sockio.h>
125 #include <sys/sysctl.h>
126 #include <sys/linker.h>
128 #include <machine/bus.h>
129 #include <machine/endian.h>
130 #include <machine/resource.h>
132 #include <dev/pci/pcivar.h>
133 #include <dev/pci/pcireg.h>
138 #include <net/if_var.h>
139 #include <net/if_arp.h>
140 #include <net/if_dl.h>
141 #include <net/if_media.h>
142 #include <net/if_types.h>
144 #include <netinet/in.h>
145 #include <netinet/in_systm.h>
146 #include <netinet/if_ether.h>
147 #include <netinet/ip.h>
149 #include <net80211/ieee80211_var.h>
150 #include <net80211/ieee80211_regdomain.h>
151 #include <net80211/ieee80211_ratectl.h>
152 #include <net80211/ieee80211_radiotap.h>
154 #include <dev/iwm/if_iwmreg.h>
155 #include <dev/iwm/if_iwmvar.h>
156 #include <dev/iwm/if_iwm_config.h>
157 #include <dev/iwm/if_iwm_debug.h>
158 #include <dev/iwm/if_iwm_notif_wait.h>
159 #include <dev/iwm/if_iwm_util.h>
160 #include <dev/iwm/if_iwm_binding.h>
161 #include <dev/iwm/if_iwm_phy_db.h>
162 #include <dev/iwm/if_iwm_mac_ctxt.h>
163 #include <dev/iwm/if_iwm_phy_ctxt.h>
164 #include <dev/iwm/if_iwm_time_event.h>
165 #include <dev/iwm/if_iwm_power.h>
166 #include <dev/iwm/if_iwm_scan.h>
167 #include <dev/iwm/if_iwm_sf.h>
168 #include <dev/iwm/if_iwm_sta.h>
170 #include <dev/iwm/if_iwm_pcie_trans.h>
171 #include <dev/iwm/if_iwm_led.h>
172 #include <dev/iwm/if_iwm_fw.h>
174 /* From DragonflyBSD */
175 #define mtodoff(m, t, off) ((t)((m)->m_data + (off)))
177 const uint8_t iwm_nvm_channels[] = {
179 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
181 36, 40, 44, 48, 52, 56, 60, 64,
182 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
183 149, 153, 157, 161, 165
185 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS,
186 "IWM_NUM_CHANNELS is too small");
188 const uint8_t iwm_nvm_channels_8000[] = {
190 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
192 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92,
193 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
194 149, 153, 157, 161, 165, 169, 173, 177, 181
196 _Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000,
197 "IWM_NUM_CHANNELS_8000 is too small");
199 #define IWM_NUM_2GHZ_CHANNELS 14
200 #define IWM_N_HW_ADDR_MASK 0xF
203 * XXX For now, there's simply a fixed set of rate table entries
204 * that are populated.
206 const struct iwm_rate {
210 { 2, IWM_RATE_1M_PLCP },
211 { 4, IWM_RATE_2M_PLCP },
212 { 11, IWM_RATE_5M_PLCP },
213 { 22, IWM_RATE_11M_PLCP },
214 { 12, IWM_RATE_6M_PLCP },
215 { 18, IWM_RATE_9M_PLCP },
216 { 24, IWM_RATE_12M_PLCP },
217 { 36, IWM_RATE_18M_PLCP },
218 { 48, IWM_RATE_24M_PLCP },
219 { 72, IWM_RATE_36M_PLCP },
220 { 96, IWM_RATE_48M_PLCP },
221 { 108, IWM_RATE_54M_PLCP },
223 #define IWM_RIDX_CCK 0
224 #define IWM_RIDX_OFDM 4
225 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
226 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
227 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
229 struct iwm_nvm_section {
234 #define IWM_UCODE_ALIVE_TIMEOUT hz
235 #define IWM_UCODE_CALIB_TIMEOUT (2*hz)
237 struct iwm_alive_data {
239 uint32_t scd_base_addr;
242 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
243 static int iwm_firmware_store_section(struct iwm_softc *,
245 const uint8_t *, size_t);
246 static int iwm_set_default_calib(struct iwm_softc *, const void *);
247 static void iwm_fw_info_free(struct iwm_fw_info *);
248 static int iwm_read_firmware(struct iwm_softc *);
249 static int iwm_alloc_fwmem(struct iwm_softc *);
250 static int iwm_alloc_sched(struct iwm_softc *);
251 static int iwm_alloc_kw(struct iwm_softc *);
252 static int iwm_alloc_ict(struct iwm_softc *);
253 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
254 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
255 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
256 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
258 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
259 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
260 static void iwm_enable_interrupts(struct iwm_softc *);
261 static void iwm_restore_interrupts(struct iwm_softc *);
262 static void iwm_disable_interrupts(struct iwm_softc *);
263 static void iwm_ict_reset(struct iwm_softc *);
264 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
265 static void iwm_stop_device(struct iwm_softc *);
266 static void iwm_nic_config(struct iwm_softc *);
267 static int iwm_nic_rx_init(struct iwm_softc *);
268 static int iwm_nic_tx_init(struct iwm_softc *);
269 static int iwm_nic_init(struct iwm_softc *);
270 static int iwm_trans_pcie_fw_alive(struct iwm_softc *, uint32_t);
271 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
272 uint16_t, uint8_t *, uint16_t *);
273 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
274 uint16_t *, uint32_t);
275 static uint32_t iwm_eeprom_channel_flags(uint16_t);
276 static void iwm_add_channel_band(struct iwm_softc *,
277 struct ieee80211_channel[], int, int *, int, size_t,
279 static void iwm_init_channel_map(struct ieee80211com *, int, int *,
280 struct ieee80211_channel[]);
281 static struct iwm_nvm_data *
282 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
283 const uint16_t *, const uint16_t *,
284 const uint16_t *, const uint16_t *,
286 static void iwm_free_nvm_data(struct iwm_nvm_data *);
287 static void iwm_set_hw_address_family_8000(struct iwm_softc *,
288 struct iwm_nvm_data *,
291 static int iwm_get_sku(const struct iwm_softc *, const uint16_t *,
293 static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *);
294 static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *,
296 static int iwm_get_n_hw_addrs(const struct iwm_softc *,
298 static void iwm_set_radio_cfg(const struct iwm_softc *,
299 struct iwm_nvm_data *, uint32_t);
300 static struct iwm_nvm_data *
301 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *);
302 static int iwm_nvm_init(struct iwm_softc *);
303 static int iwm_pcie_load_section(struct iwm_softc *, uint8_t,
304 const struct iwm_fw_desc *);
305 static int iwm_pcie_load_firmware_chunk(struct iwm_softc *, uint32_t,
306 bus_addr_t, uint32_t);
307 static int iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
308 const struct iwm_fw_img *,
310 static int iwm_pcie_load_cpu_sections(struct iwm_softc *,
311 const struct iwm_fw_img *,
313 static int iwm_pcie_load_given_ucode_8000(struct iwm_softc *,
314 const struct iwm_fw_img *);
315 static int iwm_pcie_load_given_ucode(struct iwm_softc *,
316 const struct iwm_fw_img *);
317 static int iwm_start_fw(struct iwm_softc *, const struct iwm_fw_img *);
318 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
319 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
320 static int iwm_load_ucode_wait_alive(struct iwm_softc *,
321 enum iwm_ucode_type);
322 static int iwm_run_init_ucode(struct iwm_softc *, int);
323 static int iwm_config_ltr(struct iwm_softc *sc);
324 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
325 static void iwm_rx_rx_phy_cmd(struct iwm_softc *,
326 struct iwm_rx_packet *);
327 static int iwm_get_noise(struct iwm_softc *,
328 const struct iwm_statistics_rx_non_phy *);
329 static void iwm_handle_rx_statistics(struct iwm_softc *,
330 struct iwm_rx_packet *);
331 static bool iwm_rx_mpdu(struct iwm_softc *, struct mbuf *,
333 static int iwm_rx_tx_cmd_single(struct iwm_softc *,
334 struct iwm_rx_packet *,
336 static void iwm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *);
337 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
339 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
342 static const struct iwm_rate *
343 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
344 struct mbuf *, struct iwm_tx_cmd *);
345 static int iwm_tx(struct iwm_softc *, struct mbuf *,
346 struct ieee80211_node *, int);
347 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
348 const struct ieee80211_bpf_params *);
349 static int iwm_update_quotas(struct iwm_softc *, struct iwm_vap *);
350 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
351 static struct ieee80211_node *
352 iwm_node_alloc(struct ieee80211vap *,
353 const uint8_t[IEEE80211_ADDR_LEN]);
354 static uint8_t iwm_rate_from_ucode_rate(uint32_t);
355 static int iwm_rate2ridx(struct iwm_softc *, uint8_t);
356 static void iwm_setrates(struct iwm_softc *, struct iwm_node *, int);
357 static int iwm_media_change(struct ifnet *);
358 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
359 static void iwm_endscan_cb(void *, int);
360 static int iwm_send_bt_init_conf(struct iwm_softc *);
361 static boolean_t iwm_is_lar_supported(struct iwm_softc *);
362 static boolean_t iwm_is_wifi_mcc_supported(struct iwm_softc *);
363 static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *);
364 static void iwm_tt_tx_backoff(struct iwm_softc *, uint32_t);
365 static int iwm_init_hw(struct iwm_softc *);
366 static void iwm_init(struct iwm_softc *);
367 static void iwm_start(struct iwm_softc *);
368 static void iwm_stop(struct iwm_softc *);
369 static void iwm_watchdog(void *);
370 static void iwm_parent(struct ieee80211com *);
373 iwm_desc_lookup(uint32_t);
374 static void iwm_nic_error(struct iwm_softc *);
375 static void iwm_nic_umac_error(struct iwm_softc *);
377 static void iwm_handle_rxb(struct iwm_softc *, struct mbuf *);
378 static void iwm_notif_intr(struct iwm_softc *);
379 static void iwm_intr(void *);
380 static int iwm_attach(device_t);
381 static int iwm_is_valid_ether_addr(uint8_t *);
382 static void iwm_preinit(void *);
383 static int iwm_detach_local(struct iwm_softc *sc, int);
384 static void iwm_init_task(void *);
385 static void iwm_radiotap_attach(struct iwm_softc *);
386 static struct ieee80211vap *
387 iwm_vap_create(struct ieee80211com *,
388 const char [IFNAMSIZ], int,
389 enum ieee80211_opmode, int,
390 const uint8_t [IEEE80211_ADDR_LEN],
391 const uint8_t [IEEE80211_ADDR_LEN]);
392 static void iwm_vap_delete(struct ieee80211vap *);
393 static void iwm_xmit_queue_drain(struct iwm_softc *);
394 static void iwm_scan_start(struct ieee80211com *);
395 static void iwm_scan_end(struct ieee80211com *);
396 static void iwm_update_mcast(struct ieee80211com *);
397 static void iwm_set_channel(struct ieee80211com *);
398 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
399 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
400 static int iwm_detach(device_t);
402 static int iwm_lar_disable = 0;
403 TUNABLE_INT("hw.iwm.lar.disable", &iwm_lar_disable);
410 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
412 const struct iwm_fw_cscheme_list *l = (const void *)data;
414 if (dlen < sizeof(*l) ||
415 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
418 /* we don't actually store anything for now, always use s/w crypto */
424 iwm_firmware_store_section(struct iwm_softc *sc,
425 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
427 struct iwm_fw_img *fws;
428 struct iwm_fw_desc *fwone;
430 if (type >= IWM_UCODE_TYPE_MAX)
432 if (dlen < sizeof(uint32_t))
435 fws = &sc->sc_fw.img[type];
436 if (fws->fw_count >= IWM_UCODE_SECTION_MAX)
439 fwone = &fws->sec[fws->fw_count];
441 /* first 32bit are device load offset */
442 memcpy(&fwone->offset, data, sizeof(uint32_t));
445 fwone->data = data + sizeof(uint32_t);
446 fwone->len = dlen - sizeof(uint32_t);
453 #define IWM_DEFAULT_SCAN_CHANNELS 40
455 /* iwlwifi: iwl-drv.c */
456 struct iwm_tlv_calib_data {
458 struct iwm_tlv_calib_ctrl calib;
462 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
464 const struct iwm_tlv_calib_data *def_calib = data;
465 uint32_t ucode_type = le32toh(def_calib->ucode_type);
467 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
468 device_printf(sc->sc_dev,
469 "Wrong ucode_type %u for default "
470 "calibration.\n", ucode_type);
474 sc->sc_default_calib[ucode_type].flow_trigger =
475 def_calib->calib.flow_trigger;
476 sc->sc_default_calib[ucode_type].event_trigger =
477 def_calib->calib.event_trigger;
483 iwm_set_ucode_api_flags(struct iwm_softc *sc, const uint8_t *data,
484 struct iwm_ucode_capabilities *capa)
486 const struct iwm_ucode_api *ucode_api = (const void *)data;
487 uint32_t api_index = le32toh(ucode_api->api_index);
488 uint32_t api_flags = le32toh(ucode_api->api_flags);
491 if (api_index >= howmany(IWM_NUM_UCODE_TLV_API, 32)) {
492 device_printf(sc->sc_dev,
493 "api flags index %d larger than supported by driver\n",
495 /* don't return an error so we can load FW that has more bits */
499 for (i = 0; i < 32; i++) {
500 if (api_flags & (1U << i))
501 setbit(capa->enabled_api, i + 32 * api_index);
508 iwm_set_ucode_capabilities(struct iwm_softc *sc, const uint8_t *data,
509 struct iwm_ucode_capabilities *capa)
511 const struct iwm_ucode_capa *ucode_capa = (const void *)data;
512 uint32_t api_index = le32toh(ucode_capa->api_index);
513 uint32_t api_flags = le32toh(ucode_capa->api_capa);
516 if (api_index >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) {
517 device_printf(sc->sc_dev,
518 "capa flags index %d larger than supported by driver\n",
520 /* don't return an error so we can load FW that has more bits */
524 for (i = 0; i < 32; i++) {
525 if (api_flags & (1U << i))
526 setbit(capa->enabled_capa, i + 32 * api_index);
533 iwm_fw_info_free(struct iwm_fw_info *fw)
535 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD);
537 memset(fw->img, 0, sizeof(fw->img));
541 iwm_read_firmware(struct iwm_softc *sc)
543 struct iwm_fw_info *fw = &sc->sc_fw;
544 const struct iwm_tlv_ucode_header *uhdr;
545 const struct iwm_ucode_tlv *tlv;
546 struct iwm_ucode_capabilities *capa = &sc->sc_fw.ucode_capa;
547 enum iwm_ucode_tlv_type tlv_type;
548 const struct firmware *fwp;
551 uint32_t usniffer_img;
552 const uint8_t *tlv_data;
553 uint32_t paging_mem_size;
559 * Load firmware into driver memory.
562 fwp = firmware_get(sc->cfg->fw_name);
564 device_printf(sc->sc_dev,
565 "could not read firmware %s (error %d)\n",
566 sc->cfg->fw_name, error);
571 /* (Re-)Initialize default values. */
573 capa->max_probe_length = IWM_DEFAULT_MAX_PROBE_LENGTH;
574 capa->n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS;
575 memset(capa->enabled_capa, 0, sizeof(capa->enabled_capa));
576 memset(capa->enabled_api, 0, sizeof(capa->enabled_api));
577 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc));
580 * Parse firmware contents
583 uhdr = (const void *)fw->fw_fp->data;
584 if (*(const uint32_t *)fw->fw_fp->data != 0
585 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
586 device_printf(sc->sc_dev, "invalid firmware %s\n",
592 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%u.%u (API ver %u)",
593 IWM_UCODE_MAJOR(le32toh(uhdr->ver)),
594 IWM_UCODE_MINOR(le32toh(uhdr->ver)),
595 IWM_UCODE_API(le32toh(uhdr->ver)));
597 len = fw->fw_fp->datasize - sizeof(*uhdr);
599 while (len >= sizeof(*tlv)) {
601 tlv = (const void *)data;
603 tlv_len = le32toh(tlv->length);
604 tlv_type = le32toh(tlv->type);
605 tlv_data = tlv->data;
608 device_printf(sc->sc_dev,
609 "firmware too short: %zu bytes\n",
614 len -= roundup2(tlv_len, 4);
615 data += sizeof(*tlv) + roundup2(tlv_len, 4);
617 switch ((int)tlv_type) {
618 case IWM_UCODE_TLV_PROBE_MAX_LEN:
619 if (tlv_len != sizeof(uint32_t)) {
620 device_printf(sc->sc_dev,
621 "%s: PROBE_MAX_LEN (%u) != sizeof(uint32_t)\n",
626 capa->max_probe_length =
627 le32_to_cpup((const uint32_t *)tlv_data);
628 /* limit it to something sensible */
629 if (capa->max_probe_length >
630 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) {
631 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
632 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
633 "ridiculous\n", __func__);
638 case IWM_UCODE_TLV_PAN:
640 device_printf(sc->sc_dev,
641 "%s: IWM_UCODE_TLV_PAN: tlv_len (%u) > 0\n",
646 capa->flags |= IWM_UCODE_TLV_FLAGS_PAN;
648 case IWM_UCODE_TLV_FLAGS:
649 if (tlv_len < sizeof(uint32_t)) {
650 device_printf(sc->sc_dev,
651 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%u) < sizeof(uint32_t)\n",
656 if (tlv_len % sizeof(uint32_t)) {
657 device_printf(sc->sc_dev,
658 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%u) %% sizeof(uint32_t)\n",
664 * Apparently there can be many flags, but Linux driver
665 * parses only the first one, and so do we.
667 * XXX: why does this override IWM_UCODE_TLV_PAN?
668 * Intentional or a bug? Observations from
669 * current firmware file:
670 * 1) TLV_PAN is parsed first
671 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
672 * ==> this resets TLV_PAN to itself... hnnnk
674 capa->flags = le32_to_cpup((const uint32_t *)tlv_data);
676 case IWM_UCODE_TLV_CSCHEME:
677 if ((error = iwm_store_cscheme(sc,
678 tlv_data, tlv_len)) != 0) {
679 device_printf(sc->sc_dev,
680 "%s: iwm_store_cscheme(): returned %d\n",
685 case IWM_UCODE_TLV_NUM_OF_CPU:
686 if (tlv_len != sizeof(uint32_t)) {
687 device_printf(sc->sc_dev,
688 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%u) != sizeof(uint32_t)\n",
693 num_of_cpus = le32_to_cpup((const uint32_t *)tlv_data);
694 if (num_of_cpus == 2) {
695 fw->img[IWM_UCODE_REGULAR].is_dual_cpus =
697 fw->img[IWM_UCODE_INIT].is_dual_cpus =
699 fw->img[IWM_UCODE_WOWLAN].is_dual_cpus =
701 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) {
702 device_printf(sc->sc_dev,
703 "%s: Driver supports only 1 or 2 CPUs\n",
709 case IWM_UCODE_TLV_SEC_RT:
710 if ((error = iwm_firmware_store_section(sc,
711 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) {
712 device_printf(sc->sc_dev,
713 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n",
718 case IWM_UCODE_TLV_SEC_INIT:
719 if ((error = iwm_firmware_store_section(sc,
720 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) {
721 device_printf(sc->sc_dev,
722 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n",
727 case IWM_UCODE_TLV_SEC_WOWLAN:
728 if ((error = iwm_firmware_store_section(sc,
729 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) {
730 device_printf(sc->sc_dev,
731 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n",
736 case IWM_UCODE_TLV_DEF_CALIB:
737 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
738 device_printf(sc->sc_dev,
739 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%u) < sizeof(iwm_tlv_calib_data) (%zu)\n",
741 sizeof(struct iwm_tlv_calib_data));
745 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
746 device_printf(sc->sc_dev,
747 "%s: iwm_set_default_calib() failed: %d\n",
752 case IWM_UCODE_TLV_PHY_SKU:
753 if (tlv_len != sizeof(uint32_t)) {
755 device_printf(sc->sc_dev,
756 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%u) < sizeof(uint32_t)\n",
760 sc->sc_fw.phy_config =
761 le32_to_cpup((const uint32_t *)tlv_data);
762 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config &
763 IWM_FW_PHY_CFG_TX_CHAIN) >>
764 IWM_FW_PHY_CFG_TX_CHAIN_POS;
765 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config &
766 IWM_FW_PHY_CFG_RX_CHAIN) >>
767 IWM_FW_PHY_CFG_RX_CHAIN_POS;
770 case IWM_UCODE_TLV_API_CHANGES_SET: {
771 if (tlv_len != sizeof(struct iwm_ucode_api)) {
775 if (iwm_set_ucode_api_flags(sc, tlv_data, capa)) {
782 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: {
783 if (tlv_len != sizeof(struct iwm_ucode_capa)) {
787 if (iwm_set_ucode_capabilities(sc, tlv_data, capa)) {
794 case IWM_UCODE_TLV_CMD_VERSIONS:
795 case IWM_UCODE_TLV_SDIO_ADMA_ADDR:
796 case IWM_UCODE_TLV_FW_GSCAN_CAPA:
797 /* ignore, not used by current driver */
800 case IWM_UCODE_TLV_SEC_RT_USNIFFER:
801 if ((error = iwm_firmware_store_section(sc,
802 IWM_UCODE_REGULAR_USNIFFER, tlv_data,
807 case IWM_UCODE_TLV_PAGING:
808 if (tlv_len != sizeof(uint32_t)) {
812 paging_mem_size = le32_to_cpup((const uint32_t *)tlv_data);
814 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
815 "%s: Paging: paging enabled (size = %u bytes)\n",
816 __func__, paging_mem_size);
817 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) {
818 device_printf(sc->sc_dev,
819 "%s: Paging: driver supports up to %u bytes for paging image\n",
820 __func__, IWM_MAX_PAGING_IMAGE_SIZE);
824 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) {
825 device_printf(sc->sc_dev,
826 "%s: Paging: image isn't multiple %u\n",
827 __func__, IWM_FW_PAGING_SIZE);
832 sc->sc_fw.img[IWM_UCODE_REGULAR].paging_mem_size =
834 usniffer_img = IWM_UCODE_REGULAR_USNIFFER;
835 sc->sc_fw.img[usniffer_img].paging_mem_size =
839 case IWM_UCODE_TLV_N_SCAN_CHANNELS:
840 if (tlv_len != sizeof(uint32_t)) {
844 capa->n_scan_channels =
845 le32_to_cpup((const uint32_t *)tlv_data);
848 case IWM_UCODE_TLV_FW_VERSION:
849 if (tlv_len != sizeof(uint32_t) * 3) {
853 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver),
855 le32toh(((const uint32_t *)tlv_data)[0]),
856 le32toh(((const uint32_t *)tlv_data)[1]),
857 le32toh(((const uint32_t *)tlv_data)[2]));
860 case IWM_UCODE_TLV_FW_MEM_SEG:
864 device_printf(sc->sc_dev,
865 "%s: unknown firmware section %d, abort\n",
872 KASSERT(error == 0, ("unhandled error"));
876 device_printf(sc->sc_dev, "firmware parse error %d, "
877 "section type %d\n", error, tlv_type);
882 if (fw->fw_fp != NULL)
883 iwm_fw_info_free(fw);
890 * DMA resource routines
893 /* fwmem is used to load firmware onto the card */
895 iwm_alloc_fwmem(struct iwm_softc *sc)
897 /* Must be aligned on a 16-byte boundary. */
898 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
899 IWM_FH_MEM_TB_MAX_LENGTH, 16);
902 /* tx scheduler rings. not used? */
904 iwm_alloc_sched(struct iwm_softc *sc)
906 /* TX scheduler rings must be aligned on a 1KB boundary. */
907 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
908 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
911 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
913 iwm_alloc_kw(struct iwm_softc *sc)
915 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
918 /* interrupt cause table */
920 iwm_alloc_ict(struct iwm_softc *sc)
922 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
923 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
927 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
934 if (sc->cfg->mqrx_supported) {
935 count = IWM_RX_MQ_RING_COUNT;
936 descsz = sizeof(uint64_t);
938 count = IWM_RX_LEGACY_RING_COUNT;
939 descsz = sizeof(uint32_t);
942 /* Allocate RX descriptors (256-byte aligned). */
943 size = count * descsz;
944 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->free_desc_dma, size,
947 device_printf(sc->sc_dev,
948 "could not allocate RX ring DMA memory\n");
951 ring->desc = ring->free_desc_dma.vaddr;
953 /* Allocate RX status area (16-byte aligned). */
954 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
955 sizeof(*ring->stat), 16);
957 device_printf(sc->sc_dev,
958 "could not allocate RX status DMA memory\n");
961 ring->stat = ring->stat_dma.vaddr;
963 if (sc->cfg->mqrx_supported) {
964 size = count * sizeof(uint32_t);
965 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->used_desc_dma,
968 device_printf(sc->sc_dev,
969 "could not allocate RX ring DMA memory\n");
974 /* Create RX buffer DMA tag. */
975 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
976 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
977 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat);
979 device_printf(sc->sc_dev,
980 "%s: could not create RX buf DMA tag, error %d\n",
985 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */
986 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map);
988 device_printf(sc->sc_dev,
989 "%s: could not create RX buf DMA map, error %d\n",
995 * Allocate and map RX buffers.
997 for (i = 0; i < count; i++) {
998 struct iwm_rx_data *data = &ring->data[i];
999 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1001 device_printf(sc->sc_dev,
1002 "%s: could not create RX buf DMA map, error %d\n",
1008 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
1014 fail: iwm_free_rx_ring(sc, ring);
1019 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1021 /* Reset the ring state */
1025 * The hw rx ring index in shared memory must also be cleared,
1026 * otherwise the discrepancy can cause reprocessing chaos.
1029 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1033 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1037 iwm_dma_contig_free(&ring->free_desc_dma);
1038 iwm_dma_contig_free(&ring->stat_dma);
1039 iwm_dma_contig_free(&ring->used_desc_dma);
1041 count = sc->cfg->mqrx_supported ? IWM_RX_MQ_RING_COUNT :
1042 IWM_RX_LEGACY_RING_COUNT;
1044 for (i = 0; i < count; i++) {
1045 struct iwm_rx_data *data = &ring->data[i];
1047 if (data->m != NULL) {
1048 bus_dmamap_sync(ring->data_dmat, data->map,
1049 BUS_DMASYNC_POSTREAD);
1050 bus_dmamap_unload(ring->data_dmat, data->map);
1054 if (data->map != NULL) {
1055 bus_dmamap_destroy(ring->data_dmat, data->map);
1059 if (ring->spare_map != NULL) {
1060 bus_dmamap_destroy(ring->data_dmat, ring->spare_map);
1061 ring->spare_map = NULL;
1063 if (ring->data_dmat != NULL) {
1064 bus_dma_tag_destroy(ring->data_dmat);
1065 ring->data_dmat = NULL;
1070 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
1082 /* Allocate TX descriptors (256-byte aligned). */
1083 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
1084 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1086 device_printf(sc->sc_dev,
1087 "could not allocate TX ring DMA memory\n");
1090 ring->desc = ring->desc_dma.vaddr;
1093 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
1094 * to allocate commands space for other rings.
1096 if (qid > IWM_CMD_QUEUE)
1099 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
1100 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
1102 device_printf(sc->sc_dev,
1103 "could not allocate TX cmd DMA memory\n");
1106 ring->cmd = ring->cmd_dma.vaddr;
1108 /* FW commands may require more mapped space than packets. */
1109 if (qid == IWM_CMD_QUEUE) {
1110 maxsize = IWM_RBUF_SIZE;
1114 nsegments = IWM_MAX_SCATTER - 2;
1117 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
1118 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize,
1119 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat);
1121 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
1125 paddr = ring->cmd_dma.paddr;
1126 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1127 struct iwm_tx_data *data = &ring->data[i];
1129 data->cmd_paddr = paddr;
1130 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
1131 + offsetof(struct iwm_tx_cmd, scratch);
1132 paddr += sizeof(struct iwm_device_cmd);
1134 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1136 device_printf(sc->sc_dev,
1137 "could not create TX buf DMA map\n");
1141 KASSERT(paddr == ring->cmd_dma.paddr + size,
1142 ("invalid physical address"));
1145 fail: iwm_free_tx_ring(sc, ring);
1150 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1154 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1155 struct iwm_tx_data *data = &ring->data[i];
1157 if (data->m != NULL) {
1158 bus_dmamap_sync(ring->data_dmat, data->map,
1159 BUS_DMASYNC_POSTWRITE);
1160 bus_dmamap_unload(ring->data_dmat, data->map);
1165 /* Clear TX descriptors. */
1166 memset(ring->desc, 0, ring->desc_dma.size);
1167 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1168 BUS_DMASYNC_PREWRITE);
1169 sc->qfullmsk &= ~(1 << ring->qid);
1173 if (ring->qid == IWM_CMD_QUEUE && sc->cmd_hold_nic_awake)
1174 iwm_pcie_clear_cmd_in_flight(sc);
1178 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1182 iwm_dma_contig_free(&ring->desc_dma);
1183 iwm_dma_contig_free(&ring->cmd_dma);
1185 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1186 struct iwm_tx_data *data = &ring->data[i];
1188 if (data->m != NULL) {
1189 bus_dmamap_sync(ring->data_dmat, data->map,
1190 BUS_DMASYNC_POSTWRITE);
1191 bus_dmamap_unload(ring->data_dmat, data->map);
1195 if (data->map != NULL) {
1196 bus_dmamap_destroy(ring->data_dmat, data->map);
1200 if (ring->data_dmat != NULL) {
1201 bus_dma_tag_destroy(ring->data_dmat);
1202 ring->data_dmat = NULL;
1207 * High-level hardware frobbing routines
1211 iwm_enable_interrupts(struct iwm_softc *sc)
1213 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1214 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1218 iwm_restore_interrupts(struct iwm_softc *sc)
1220 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1224 iwm_disable_interrupts(struct iwm_softc *sc)
1226 /* disable interrupts */
1227 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1229 /* acknowledge all interrupts */
1230 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1231 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1235 iwm_ict_reset(struct iwm_softc *sc)
1237 iwm_disable_interrupts(sc);
1239 /* Reset ICT table. */
1240 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1243 /* Set physical address of ICT table (4KB aligned). */
1244 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1245 IWM_CSR_DRAM_INT_TBL_ENABLE
1246 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER
1247 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1248 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1250 /* Switch to ICT interrupt mode in driver. */
1251 sc->sc_flags |= IWM_FLAG_USE_ICT;
1253 /* Re-enable interrupts. */
1254 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1255 iwm_enable_interrupts(sc);
1258 /* iwlwifi pcie/trans.c */
1261 * Since this .. hard-resets things, it's time to actually
1262 * mark the first vap (if any) as having no mac context.
1263 * It's annoying, but since the driver is potentially being
1264 * stop/start'ed whilst active (thanks openbsd port!) we
1265 * have to correctly track this.
1268 iwm_stop_device(struct iwm_softc *sc)
1270 struct ieee80211com *ic = &sc->sc_ic;
1271 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1275 /* tell the device to stop sending interrupts */
1276 iwm_disable_interrupts(sc);
1279 * FreeBSD-local: mark the first vap as not-uploaded,
1280 * so the next transition through auth/assoc
1281 * will correctly populate the MAC context.
1284 struct iwm_vap *iv = IWM_VAP(vap);
1285 iv->phy_ctxt = NULL;
1286 iv->is_uploaded = 0;
1288 sc->sc_firmware_state = 0;
1289 sc->sc_flags &= ~IWM_FLAG_TE_ACTIVE;
1291 /* device going down, Stop using ICT table */
1292 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1294 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1296 if (iwm_nic_lock(sc)) {
1297 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1299 /* Stop each Tx DMA channel */
1300 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1302 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1303 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl);
1306 /* Wait for DMA channels to be idle */
1307 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask,
1309 device_printf(sc->sc_dev,
1310 "Failing on timeout while stopping DMA channel: [0x%08x]\n",
1311 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG));
1315 iwm_pcie_rx_stop(sc);
1318 iwm_reset_rx_ring(sc, &sc->rxq);
1320 /* Reset all TX rings. */
1321 for (qid = 0; qid < nitems(sc->txq); qid++)
1322 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1324 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1325 /* Power-down device's busmaster DMA clocks */
1326 if (iwm_nic_lock(sc)) {
1327 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG,
1328 IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1334 /* Make sure (redundant) we've released our request to stay awake */
1335 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1336 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1338 /* Stop the device, and put it in low power state */
1341 /* stop and reset the on-board processor */
1342 IWM_SETBITS(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1346 * Upon stop, the APM issues an interrupt if HW RF kill is set.
1348 iwm_disable_interrupts(sc);
1351 * Even if we stop the HW, we still want the RF kill
1354 iwm_enable_rfkill_int(sc);
1355 iwm_check_rfkill(sc);
1357 iwm_prepare_card_hw(sc);
1360 /* iwlwifi: mvm/ops.c */
1362 iwm_nic_config(struct iwm_softc *sc)
1364 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1365 uint32_t reg_val = 0;
1366 uint32_t phy_config = iwm_get_phy_config(sc);
1368 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1369 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1370 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1371 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1372 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1373 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1376 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1377 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1378 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1379 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1381 /* radio configuration */
1382 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1383 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1384 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1386 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG,
1387 IWM_CSR_HW_IF_CONFIG_REG_MSK_MAC_DASH |
1388 IWM_CSR_HW_IF_CONFIG_REG_MSK_MAC_STEP |
1389 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_STEP |
1390 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_DASH |
1391 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_TYPE |
1392 IWM_CSR_HW_IF_CONFIG_REG_BIT_RADIO_SI |
1393 IWM_CSR_HW_IF_CONFIG_REG_BIT_MAC_SI |
1396 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1397 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1398 radio_cfg_step, radio_cfg_dash);
1401 * W/A : NIC is stuck in a reset state after Early PCIe power off
1402 * (PCIe power is lost before PERST# is asserted), causing ME FW
1403 * to lose ownership and not being able to obtain it back.
1405 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1406 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1407 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1408 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1413 iwm_nic_rx_mq_init(struct iwm_softc *sc)
1417 if (!iwm_nic_lock(sc))
1421 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG, 0);
1422 /* Disable RX used and free queue operation. */
1423 iwm_write_prph(sc, IWM_RFH_RXF_RXQ_ACTIVE, 0);
1425 iwm_write_prph64(sc, IWM_RFH_Q0_FRBDCB_BA_LSB,
1426 sc->rxq.free_desc_dma.paddr);
1427 iwm_write_prph64(sc, IWM_RFH_Q0_URBDCB_BA_LSB,
1428 sc->rxq.used_desc_dma.paddr);
1429 iwm_write_prph64(sc, IWM_RFH_Q0_URBD_STTS_WPTR_LSB,
1430 sc->rxq.stat_dma.paddr);
1431 iwm_write_prph(sc, IWM_RFH_Q0_FRBDCB_WIDX, 0);
1432 iwm_write_prph(sc, IWM_RFH_Q0_FRBDCB_RIDX, 0);
1433 iwm_write_prph(sc, IWM_RFH_Q0_URBDCB_WIDX, 0);
1435 /* We configure only queue 0 for now. */
1436 enabled = ((1 << 0) << 16) | (1 << 0);
1438 /* Enable RX DMA, 4KB buffer size. */
1439 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG,
1440 IWM_RFH_DMA_EN_ENABLE_VAL |
1441 IWM_RFH_RXF_DMA_RB_SIZE_4K |
1442 IWM_RFH_RXF_DMA_MIN_RB_4_8 |
1443 IWM_RFH_RXF_DMA_DROP_TOO_LARGE_MASK |
1444 IWM_RFH_RXF_DMA_RBDCB_SIZE_512);
1446 /* Enable RX DMA snooping. */
1447 iwm_write_prph(sc, IWM_RFH_GEN_CFG,
1448 IWM_RFH_GEN_CFG_RFH_DMA_SNOOP |
1449 IWM_RFH_GEN_CFG_SERVICE_DMA_SNOOP |
1450 (sc->cfg->integrated ? IWM_RFH_GEN_CFG_RB_CHUNK_SIZE_64 :
1451 IWM_RFH_GEN_CFG_RB_CHUNK_SIZE_128));
1453 /* Enable the configured queue(s). */
1454 iwm_write_prph(sc, IWM_RFH_RXF_RXQ_ACTIVE, enabled);
1458 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1460 IWM_WRITE(sc, IWM_RFH_Q0_FRBDCB_WIDX_TRG, 8);
1466 iwm_nic_rx_legacy_init(struct iwm_softc *sc)
1470 iwm_pcie_rx_stop(sc);
1472 if (!iwm_nic_lock(sc))
1475 /* reset and flush pointers */
1476 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1477 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1478 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1479 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1481 /* Set physical address of RX ring (256-byte aligned). */
1483 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG,
1484 sc->rxq.free_desc_dma.paddr >> 8);
1486 /* Set physical address of RX status (16-byte aligned). */
1488 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1491 * XXX 5000 HW isn't supported by the iwm(4) driver.
1492 * IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY is set because of HW bug in
1493 * the credit mechanism in 5000 HW RX FIFO
1494 * Direct rx interrupts to hosts
1495 * Rx buffer size 4 or 8k or 12k
1499 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1500 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1501 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1502 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1503 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1504 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1505 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1507 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1509 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1510 if (sc->cfg->host_interrupt_operation_mode)
1511 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1515 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1521 iwm_nic_rx_init(struct iwm_softc *sc)
1523 if (sc->cfg->mqrx_supported)
1524 return iwm_nic_rx_mq_init(sc);
1526 return iwm_nic_rx_legacy_init(sc);
1530 iwm_nic_tx_init(struct iwm_softc *sc)
1534 if (!iwm_nic_lock(sc))
1537 /* Deactivate TX scheduler. */
1538 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1540 /* Set physical address of "keep warm" page (16-byte aligned). */
1541 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1543 /* Initialize TX rings. */
1544 for (qid = 0; qid < nitems(sc->txq); qid++) {
1545 struct iwm_tx_ring *txq = &sc->txq[qid];
1547 /* Set physical address of TX ring (256-byte aligned). */
1548 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1549 txq->desc_dma.paddr >> 8);
1550 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1551 "%s: loading ring %d descriptors (%p) at %lx\n",
1554 (unsigned long) (txq->desc_dma.paddr >> 8));
1557 iwm_set_bits_prph(sc, IWM_SCD_GP_CTRL,
1558 IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE |
1559 IWM_SCD_GP_CTRL_ENABLE_31_QUEUES);
1567 iwm_nic_init(struct iwm_softc *sc)
1572 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1577 if ((error = iwm_nic_rx_init(sc)) != 0)
1581 * Ditto for TX, from iwn
1583 if ((error = iwm_nic_tx_init(sc)) != 0)
1586 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1587 "%s: shadow registers enabled\n", __func__);
1588 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1594 iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo)
1600 if (!iwm_nic_lock(sc)) {
1601 device_printf(sc->sc_dev, "%s: cannot enable txq %d\n",
1606 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1608 if (qid == IWM_CMD_QUEUE) {
1609 /* Disable the scheduler. */
1610 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 0);
1612 /* Stop the TX queue prior to configuration. */
1613 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1614 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1615 (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1619 /* Disable aggregations for this queue. */
1620 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, qmsk);
1622 if (!iwm_nic_lock(sc)) {
1623 device_printf(sc->sc_dev,
1624 "%s: cannot enable txq %d\n", __func__, qid);
1627 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1631 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1632 /* Set scheduler window size and frame limit. */
1634 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1636 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1637 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1638 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1639 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1641 if (!iwm_nic_lock(sc)) {
1642 device_printf(sc->sc_dev,
1643 "%s: cannot enable txq %d\n", __func__, qid);
1646 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1647 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1648 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1649 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1650 IWM_SCD_QUEUE_STTS_REG_MSK);
1652 /* Enable the scheduler for this queue. */
1653 iwm_write_prph(sc, IWM_SCD_EN_CTRL, qmsk);
1655 struct iwm_scd_txq_cfg_cmd cmd;
1660 memset(&cmd, 0, sizeof(cmd));
1661 cmd.scd_queue = qid;
1663 cmd.sta_id = sta_id;
1666 cmd.window = IWM_FRAME_LIMIT;
1668 error = iwm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC,
1671 device_printf(sc->sc_dev,
1672 "cannot enable txq %d\n", qid);
1676 if (!iwm_nic_lock(sc))
1682 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n",
1683 __func__, qid, fifo);
1689 iwm_trans_pcie_fw_alive(struct iwm_softc *sc, uint32_t scd_base_addr)
1693 int clear_dwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1694 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t);
1696 if (!iwm_nic_lock(sc))
1701 sc->scd_base_addr = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR);
1702 if (scd_base_addr != 0 &&
1703 scd_base_addr != sc->scd_base_addr) {
1704 device_printf(sc->sc_dev,
1705 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n",
1706 __func__, sc->scd_base_addr, scd_base_addr);
1711 /* reset context data, TX status and translation data */
1712 error = iwm_write_mem(sc,
1713 sc->scd_base_addr + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1714 NULL, clear_dwords);
1718 if (!iwm_nic_lock(sc))
1721 /* Set physical address of TX scheduler rings (1KB aligned). */
1722 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1724 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1728 /* enable command channel */
1729 error = iwm_enable_txq(sc, 0 /* unused */, IWM_CMD_QUEUE, 7);
1733 if (!iwm_nic_lock(sc))
1736 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1738 /* Enable DMA channels. */
1739 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1740 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1741 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1742 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1745 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1746 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1750 /* Enable L1-Active */
1751 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
1752 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1753 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1760 * NVM read access and content parsing. We do not support
1761 * external NVM or writing NVM.
1765 /* Default NVM size to read */
1766 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1768 #define IWM_NVM_WRITE_OPCODE 1
1769 #define IWM_NVM_READ_OPCODE 0
1771 /* load nvm chunk response */
1773 IWM_READ_NVM_CHUNK_SUCCEED = 0,
1774 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1
1778 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1779 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1781 struct iwm_nvm_access_cmd nvm_access_cmd = {
1782 .offset = htole16(offset),
1783 .length = htole16(length),
1784 .type = htole16(section),
1785 .op_code = IWM_NVM_READ_OPCODE,
1787 struct iwm_nvm_access_resp *nvm_resp;
1788 struct iwm_rx_packet *pkt;
1789 struct iwm_host_cmd cmd = {
1790 .id = IWM_NVM_ACCESS_CMD,
1791 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL,
1792 .data = { &nvm_access_cmd, },
1794 int ret, bytes_read, offset_read;
1797 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1799 ret = iwm_send_cmd(sc, &cmd);
1801 device_printf(sc->sc_dev,
1802 "Could not send NVM_ACCESS command (error=%d)\n", ret);
1808 /* Extract NVM response */
1809 nvm_resp = (void *)pkt->data;
1810 ret = le16toh(nvm_resp->status);
1811 bytes_read = le16toh(nvm_resp->length);
1812 offset_read = le16toh(nvm_resp->offset);
1813 resp_data = nvm_resp->data;
1815 if ((offset != 0) &&
1816 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) {
1818 * meaning of NOT_VALID_ADDRESS:
1819 * driver try to read chunk from address that is
1820 * multiple of 2K and got an error since addr is empty.
1821 * meaning of (offset != 0): driver already
1822 * read valid data from another chunk so this case
1825 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1826 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n",
1831 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1832 "NVM access command failed with status %d\n", ret);
1838 if (offset_read != offset) {
1839 device_printf(sc->sc_dev,
1840 "NVM ACCESS response with invalid offset %d\n",
1846 if (bytes_read > length) {
1847 device_printf(sc->sc_dev,
1848 "NVM ACCESS response with too much data "
1849 "(%d bytes requested, %d bytes received)\n",
1850 length, bytes_read);
1855 /* Write data to NVM */
1856 memcpy(data + offset, resp_data, bytes_read);
1860 iwm_free_resp(sc, &cmd);
1865 * Reads an NVM section completely.
1866 * NICs prior to 7000 family don't have a real NVM, but just read
1867 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1868 * by uCode, we need to manually check in this case that we don't
1869 * overflow and try to read more than the EEPROM size.
1870 * For 7000 family NICs, we supply the maximal size we can read, and
1871 * the uCode fills the response with as much data as we can,
1872 * without overflowing, so no check is needed.
1875 iwm_nvm_read_section(struct iwm_softc *sc,
1876 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read)
1878 uint16_t seglen, length, offset = 0;
1881 /* Set nvm section read length */
1882 length = IWM_NVM_DEFAULT_CHUNK_SIZE;
1886 /* Read the NVM until exhausted (reading less than requested) */
1887 while (seglen == length) {
1888 /* Check no memory assumptions fail and cause an overflow */
1889 if ((size_read + offset + length) >
1890 sc->cfg->eeprom_size) {
1891 device_printf(sc->sc_dev,
1892 "EEPROM size is too small for NVM\n");
1896 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen);
1898 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1899 "Cannot read NVM from section %d offset %d, length %d\n",
1900 section, offset, length);
1906 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1907 "NVM section %d read completed\n", section);
1913 * BEGIN IWM_NVM_PARSE
1916 /* iwlwifi/iwl-nvm-parse.c */
1918 /* NVM offsets (in words) definitions */
1919 enum iwm_nvm_offsets {
1920 /* NVM HW-Section offset (in words) definitions */
1923 /* NVM SW-Section offset (in words) definitions */
1924 IWM_NVM_SW_SECTION = 0x1C0,
1925 IWM_NVM_VERSION = 0,
1929 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1931 /* NVM calibration section offset (in words) definitions */
1932 IWM_NVM_CALIB_SECTION = 0x2B8,
1933 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1936 enum iwm_8000_nvm_offsets {
1937 /* NVM HW-Section offset (in words) definitions */
1938 IWM_HW_ADDR0_WFPM_8000 = 0x12,
1939 IWM_HW_ADDR1_WFPM_8000 = 0x16,
1940 IWM_HW_ADDR0_PCIE_8000 = 0x8A,
1941 IWM_HW_ADDR1_PCIE_8000 = 0x8E,
1942 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1,
1944 /* NVM SW-Section offset (in words) definitions */
1945 IWM_NVM_SW_SECTION_8000 = 0x1C0,
1946 IWM_NVM_VERSION_8000 = 0,
1947 IWM_RADIO_CFG_8000 = 0,
1949 IWM_N_HW_ADDRS_8000 = 3,
1951 /* NVM REGULATORY -Section offset (in words) definitions */
1952 IWM_NVM_CHANNELS_8000 = 0,
1953 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7,
1954 IWM_NVM_LAR_OFFSET_8000 = 0x507,
1955 IWM_NVM_LAR_ENABLED_8000 = 0x7,
1957 /* NVM calibration section offset (in words) definitions */
1958 IWM_NVM_CALIB_SECTION_8000 = 0x2B8,
1959 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000
1962 /* SKU Capabilities (actual values from NVM definition) */
1964 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1965 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1966 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1967 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1970 /* radio config bits (actual values from NVM definition) */
1971 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1972 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1973 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1974 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1975 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1976 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1978 #define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF)
1979 #define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF)
1980 #define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF)
1981 #define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF)
1982 #define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF)
1983 #define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF)
1986 * enum iwm_nvm_channel_flags - channel flags in NVM
1987 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1988 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1989 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1990 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1991 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c
1992 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1993 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1994 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1995 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1996 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1998 enum iwm_nvm_channel_flags {
1999 IWM_NVM_CHANNEL_VALID = (1 << 0),
2000 IWM_NVM_CHANNEL_IBSS = (1 << 1),
2001 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
2002 IWM_NVM_CHANNEL_RADAR = (1 << 4),
2003 IWM_NVM_CHANNEL_DFS = (1 << 7),
2004 IWM_NVM_CHANNEL_WIDE = (1 << 8),
2005 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
2006 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
2007 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
2011 * Translate EEPROM flags to net80211.
2014 iwm_eeprom_channel_flags(uint16_t ch_flags)
2019 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0)
2020 nflags |= IEEE80211_CHAN_PASSIVE;
2021 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0)
2022 nflags |= IEEE80211_CHAN_NOADHOC;
2023 if (ch_flags & IWM_NVM_CHANNEL_RADAR) {
2024 nflags |= IEEE80211_CHAN_DFS;
2026 nflags |= IEEE80211_CHAN_NOADHOC;
2033 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[],
2034 int maxchans, int *nchans, int ch_idx, size_t ch_num,
2035 const uint8_t bands[])
2037 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags;
2043 for (; ch_idx < ch_num; ch_idx++) {
2044 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
2045 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
2046 ieee = iwm_nvm_channels[ch_idx];
2048 ieee = iwm_nvm_channels_8000[ch_idx];
2050 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
2051 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
2052 "Ch. %d Flags %x [%sGHz] - No traffic\n",
2054 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
2059 nflags = iwm_eeprom_channel_flags(ch_flags);
2060 error = ieee80211_add_channel(chans, maxchans, nchans,
2061 ieee, 0, 0, nflags, bands);
2065 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
2066 "Ch. %d Flags %x [%sGHz] - Added\n",
2068 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
2074 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans,
2075 struct ieee80211_channel chans[])
2077 struct iwm_softc *sc = ic->ic_softc;
2078 struct iwm_nvm_data *data = sc->nvm_data;
2079 uint8_t bands[IEEE80211_MODE_BYTES];
2082 memset(bands, 0, sizeof(bands));
2083 /* 1-13: 11b/g channels. */
2084 setbit(bands, IEEE80211_MODE_11B);
2085 setbit(bands, IEEE80211_MODE_11G);
2086 iwm_add_channel_band(sc, chans, maxchans, nchans, 0,
2087 IWM_NUM_2GHZ_CHANNELS - 1, bands);
2089 /* 14: 11b channel only. */
2090 clrbit(bands, IEEE80211_MODE_11G);
2091 iwm_add_channel_band(sc, chans, maxchans, nchans,
2092 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands);
2094 if (data->sku_cap_band_52GHz_enable) {
2095 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
2096 ch_num = nitems(iwm_nvm_channels);
2098 ch_num = nitems(iwm_nvm_channels_8000);
2099 memset(bands, 0, sizeof(bands));
2100 setbit(bands, IEEE80211_MODE_11A);
2101 iwm_add_channel_band(sc, chans, maxchans, nchans,
2102 IWM_NUM_2GHZ_CHANNELS, ch_num, bands);
2107 iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data,
2108 const uint16_t *mac_override, const uint16_t *nvm_hw)
2110 const uint8_t *hw_addr;
2113 static const uint8_t reserved_mac[] = {
2114 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00
2117 hw_addr = (const uint8_t *)(mac_override +
2118 IWM_MAC_ADDRESS_OVERRIDE_8000);
2121 * Store the MAC address from MAO section.
2122 * No byte swapping is required in MAO section
2124 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr);
2127 * Force the use of the OTP MAC address in case of reserved MAC
2128 * address in the NVM, or if address is given but invalid.
2130 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) &&
2131 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) &&
2132 iwm_is_valid_ether_addr(data->hw_addr) &&
2133 !IEEE80211_IS_MULTICAST(data->hw_addr))
2136 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2137 "%s: mac address from nvm override section invalid\n",
2142 /* read the mac address from WFMP registers */
2143 uint32_t mac_addr0 =
2144 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0));
2145 uint32_t mac_addr1 =
2146 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1));
2148 hw_addr = (const uint8_t *)&mac_addr0;
2149 data->hw_addr[0] = hw_addr[3];
2150 data->hw_addr[1] = hw_addr[2];
2151 data->hw_addr[2] = hw_addr[1];
2152 data->hw_addr[3] = hw_addr[0];
2154 hw_addr = (const uint8_t *)&mac_addr1;
2155 data->hw_addr[4] = hw_addr[1];
2156 data->hw_addr[5] = hw_addr[0];
2161 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__);
2162 memset(data->hw_addr, 0, sizeof(data->hw_addr));
2166 iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2167 const uint16_t *phy_sku)
2169 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000)
2170 return le16_to_cpup(nvm_sw + IWM_SKU);
2172 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000));
2176 iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2178 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000)
2179 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
2181 return le32_to_cpup((const uint32_t *)(nvm_sw +
2182 IWM_NVM_VERSION_8000));
2186 iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2187 const uint16_t *phy_sku)
2189 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000)
2190 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
2192 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000));
2196 iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2200 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000)
2201 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
2203 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000));
2205 return n_hw_addr & IWM_N_HW_ADDR_MASK;
2209 iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data,
2212 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
2213 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
2214 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
2215 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
2216 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
2220 /* set the radio configuration for family 8000 */
2221 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg);
2222 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg);
2223 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg);
2224 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg);
2225 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg);
2226 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg);
2230 iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data,
2231 const uint16_t *nvm_hw, const uint16_t *mac_override)
2233 #ifdef notyet /* for FAMILY 9000 */
2234 if (cfg->mac_addr_from_csr) {
2235 iwm_set_hw_address_from_csr(sc, data);
2238 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
2239 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR);
2241 /* The byte order is little endian 16 bit, meaning 214365 */
2242 data->hw_addr[0] = hw_addr[1];
2243 data->hw_addr[1] = hw_addr[0];
2244 data->hw_addr[2] = hw_addr[3];
2245 data->hw_addr[3] = hw_addr[2];
2246 data->hw_addr[4] = hw_addr[5];
2247 data->hw_addr[5] = hw_addr[4];
2249 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw);
2252 if (!iwm_is_valid_ether_addr(data->hw_addr)) {
2253 device_printf(sc->sc_dev, "no valid mac address was found\n");
2260 static struct iwm_nvm_data *
2261 iwm_parse_nvm_data(struct iwm_softc *sc,
2262 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
2263 const uint16_t *nvm_calib, const uint16_t *mac_override,
2264 const uint16_t *phy_sku, const uint16_t *regulatory)
2266 struct iwm_nvm_data *data;
2267 uint32_t sku, radio_cfg;
2268 uint16_t lar_config;
2270 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
2271 data = malloc(sizeof(*data) +
2272 IWM_NUM_CHANNELS * sizeof(uint16_t),
2273 M_DEVBUF, M_NOWAIT | M_ZERO);
2275 data = malloc(sizeof(*data) +
2276 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t),
2277 M_DEVBUF, M_NOWAIT | M_ZERO);
2282 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw);
2284 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku);
2285 iwm_set_radio_cfg(sc, data, radio_cfg);
2287 sku = iwm_get_sku(sc, nvm_sw, phy_sku);
2288 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
2289 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
2290 data->sku_cap_11n_enable = 0;
2292 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw);
2294 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) {
2295 /* TODO: use IWL_NVM_EXT */
2296 uint16_t lar_offset = data->nvm_version < 0xE39 ?
2297 IWM_NVM_LAR_OFFSET_8000_OLD :
2298 IWM_NVM_LAR_OFFSET_8000;
2300 lar_config = le16_to_cpup(regulatory + lar_offset);
2301 data->lar_enabled = !!(lar_config &
2302 IWM_NVM_LAR_ENABLED_8000);
2305 /* If no valid mac address was found - bail out */
2306 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) {
2307 free(data, M_DEVBUF);
2311 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2312 memcpy(data->nvm_ch_flags, sc->cfg->nvm_type == IWM_NVM_SDP ?
2313 ®ulatory[0] : &nvm_sw[IWM_NVM_CHANNELS],
2314 IWM_NUM_CHANNELS * sizeof(uint16_t));
2316 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000],
2317 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t));
2324 iwm_free_nvm_data(struct iwm_nvm_data *data)
2327 free(data, M_DEVBUF);
2330 static struct iwm_nvm_data *
2331 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
2333 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku;
2335 /* Checking for required sections */
2336 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2337 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2338 !sections[sc->cfg->nvm_hw_section_num].data) {
2339 device_printf(sc->sc_dev,
2340 "Can't parse empty OTP/NVM sections\n");
2343 } else if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) {
2344 /* SW and REGULATORY sections are mandatory */
2345 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2346 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) {
2347 device_printf(sc->sc_dev,
2348 "Can't parse empty OTP/NVM sections\n");
2351 /* MAC_OVERRIDE or at least HW section must exist */
2352 if (!sections[sc->cfg->nvm_hw_section_num].data &&
2353 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) {
2354 device_printf(sc->sc_dev,
2355 "Can't parse mac_address, empty sections\n");
2359 /* PHY_SKU section is mandatory in B0 */
2360 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) {
2361 device_printf(sc->sc_dev,
2362 "Can't parse phy_sku in B0, empty sections\n");
2366 panic("unknown device family %d\n", sc->cfg->device_family);
2369 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data;
2370 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
2371 calib = (const uint16_t *)
2372 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
2373 regulatory = sc->cfg->nvm_type == IWM_NVM_SDP ?
2374 (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_REGULATORY_SDP].data :
2375 (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_REGULATORY].data;
2376 mac_override = (const uint16_t *)
2377 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data;
2378 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data;
2380 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override,
2381 phy_sku, regulatory);
2385 iwm_nvm_init(struct iwm_softc *sc)
2387 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS];
2388 int i, ret, section;
2389 uint32_t size_read = 0;
2390 uint8_t *nvm_buffer, *temp;
2393 memset(nvm_sections, 0, sizeof(nvm_sections));
2395 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS)
2398 /* load NVM values from nic */
2399 /* Read From FW NVM */
2400 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n");
2402 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO);
2405 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) {
2406 /* we override the constness for initial read */
2407 ret = iwm_nvm_read_section(sc, section, nvm_buffer,
2412 temp = malloc(len, M_DEVBUF, M_NOWAIT);
2417 memcpy(temp, nvm_buffer, len);
2419 nvm_sections[section].data = temp;
2420 nvm_sections[section].length = len;
2423 device_printf(sc->sc_dev, "OTP is blank\n");
2424 free(nvm_buffer, M_DEVBUF);
2426 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections);
2429 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
2430 "nvm version = %x\n", sc->nvm_data->nvm_version);
2432 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) {
2433 if (nvm_sections[i].data != NULL)
2434 free(nvm_sections[i].data, M_DEVBUF);
2441 iwm_pcie_load_section(struct iwm_softc *sc, uint8_t section_num,
2442 const struct iwm_fw_desc *section)
2444 struct iwm_dma_info *dma = &sc->fw_dma;
2447 uint32_t offset, chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, section->len);
2450 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2451 "%s: [%d] uCode section being loaded...\n",
2452 __func__, section_num);
2454 v_addr = dma->vaddr;
2455 p_addr = dma->paddr;
2457 for (offset = 0; offset < section->len; offset += chunk_sz) {
2458 uint32_t copy_size, dst_addr;
2459 int extended_addr = FALSE;
2461 copy_size = MIN(chunk_sz, section->len - offset);
2462 dst_addr = section->offset + offset;
2464 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2465 dst_addr <= IWM_FW_MEM_EXTENDED_END)
2466 extended_addr = TRUE;
2469 iwm_set_bits_prph(sc, IWM_LMPM_CHICK,
2470 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2472 memcpy(v_addr, (const uint8_t *)section->data + offset,
2474 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
2475 ret = iwm_pcie_load_firmware_chunk(sc, dst_addr, p_addr,
2479 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK,
2480 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2483 device_printf(sc->sc_dev,
2484 "%s: Could not load the [%d] uCode section\n",
2485 __func__, section_num);
2497 iwm_pcie_load_firmware_chunk(struct iwm_softc *sc, uint32_t dst_addr,
2498 bus_addr_t phy_addr, uint32_t byte_cnt)
2500 sc->sc_fw_chunk_done = 0;
2502 if (!iwm_nic_lock(sc))
2505 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2506 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
2508 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
2511 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
2512 phy_addr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
2514 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
2515 (iwm_get_dma_hi_addr(phy_addr)
2516 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
2518 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
2519 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
2520 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
2521 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
2523 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2524 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
2525 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
2526 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
2530 /* wait up to 5s for this segment to load */
2531 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz * 5);
2533 if (!sc->sc_fw_chunk_done) {
2534 device_printf(sc->sc_dev,
2535 "fw chunk addr 0x%x len %d failed to load\n",
2536 dst_addr, byte_cnt);
2544 iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
2545 const struct iwm_fw_img *image, int cpu, int *first_ucode_section)
2548 int i, ret = 0, sec_num = 0x1;
2549 uint32_t val, last_read_idx = 0;
2553 *first_ucode_section = 0;
2556 (*first_ucode_section)++;
2559 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2563 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2565 * PAGING_SEPARATOR_SECTION delimiter - separate between
2566 * CPU2 non paged to CPU2 paging sec.
2568 if (!image->sec[i].data ||
2569 image->sec[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2570 image->sec[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2571 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2572 "Break since Data not valid or Empty section, sec = %d\n",
2576 ret = iwm_pcie_load_section(sc, i, &image->sec[i]);
2580 /* Notify the ucode of the loaded section number and status */
2581 if (iwm_nic_lock(sc)) {
2582 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS);
2583 val = val | (sec_num << shift_param);
2584 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val);
2585 sec_num = (sec_num << 1) | 0x1;
2590 *first_ucode_section = last_read_idx;
2592 iwm_enable_interrupts(sc);
2594 if (iwm_nic_lock(sc)) {
2596 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF);
2598 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
2606 iwm_pcie_load_cpu_sections(struct iwm_softc *sc,
2607 const struct iwm_fw_img *image, int cpu, int *first_ucode_section)
2611 uint32_t last_read_idx = 0;
2615 *first_ucode_section = 0;
2618 (*first_ucode_section)++;
2621 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2625 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2627 * PAGING_SEPARATOR_SECTION delimiter - separate between
2628 * CPU2 non paged to CPU2 paging sec.
2630 if (!image->sec[i].data ||
2631 image->sec[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2632 image->sec[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2633 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2634 "Break since Data not valid or Empty section, sec = %d\n",
2639 ret = iwm_pcie_load_section(sc, i, &image->sec[i]);
2644 *first_ucode_section = last_read_idx;
2651 iwm_pcie_load_given_ucode(struct iwm_softc *sc, const struct iwm_fw_img *image)
2654 int first_ucode_section;
2656 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2657 image->is_dual_cpus ? "Dual" : "Single");
2659 /* load to FW the binary non secured sections of CPU1 */
2660 ret = iwm_pcie_load_cpu_sections(sc, image, 1, &first_ucode_section);
2664 if (image->is_dual_cpus) {
2665 /* set CPU2 header address */
2666 if (iwm_nic_lock(sc)) {
2668 IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR,
2669 IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE);
2673 /* load to FW the binary sections of CPU2 */
2674 ret = iwm_pcie_load_cpu_sections(sc, image, 2,
2675 &first_ucode_section);
2680 iwm_enable_interrupts(sc);
2682 /* release CPU reset */
2683 IWM_WRITE(sc, IWM_CSR_RESET, 0);
2689 iwm_pcie_load_given_ucode_8000(struct iwm_softc *sc,
2690 const struct iwm_fw_img *image)
2693 int first_ucode_section;
2695 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2696 image->is_dual_cpus ? "Dual" : "Single");
2698 /* configure the ucode to be ready to get the secured image */
2699 /* release CPU reset */
2700 if (iwm_nic_lock(sc)) {
2701 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET,
2702 IWM_RELEASE_CPU_RESET_BIT);
2706 /* load to FW the binary Secured sections of CPU1 */
2707 ret = iwm_pcie_load_cpu_sections_8000(sc, image, 1,
2708 &first_ucode_section);
2712 /* load to FW the binary sections of CPU2 */
2713 return iwm_pcie_load_cpu_sections_8000(sc, image, 2,
2714 &first_ucode_section);
2717 /* XXX Get rid of this definition */
2719 iwm_enable_fw_load_int(struct iwm_softc *sc)
2721 IWM_DPRINTF(sc, IWM_DEBUG_INTR, "Enabling FW load interrupt\n");
2722 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX;
2723 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
2726 /* XXX Add proper rfkill support code */
2728 iwm_start_fw(struct iwm_softc *sc, const struct iwm_fw_img *fw)
2732 /* This may fail if AMT took ownership of the device */
2733 if (iwm_prepare_card_hw(sc)) {
2734 device_printf(sc->sc_dev,
2735 "%s: Exit HW not ready\n", __func__);
2740 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2742 iwm_disable_interrupts(sc);
2744 /* make sure rfkill handshake bits are cleared */
2745 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2746 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
2747 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
2749 /* clear (again), then enable host interrupts */
2750 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2752 ret = iwm_nic_init(sc);
2754 device_printf(sc->sc_dev, "%s: Unable to init nic\n", __func__);
2759 * Now, we load the firmware and don't want to be interrupted, even
2760 * by the RF-Kill interrupt (hence mask all the interrupt besides the
2761 * FH_TX interrupt which is needed to load the firmware). If the
2762 * RF-Kill switch is toggled, we will find out after having loaded
2763 * the firmware and return the proper value to the caller.
2765 iwm_enable_fw_load_int(sc);
2767 /* really make sure rfkill handshake bits are cleared */
2768 /* maybe we should write a few times more? just to make sure */
2769 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2770 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2772 /* Load the given image to the HW */
2773 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000)
2774 ret = iwm_pcie_load_given_ucode_8000(sc, fw);
2776 ret = iwm_pcie_load_given_ucode(sc, fw);
2778 /* XXX re-check RF-Kill state */
2785 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2787 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2788 .valid = htole32(valid_tx_ant),
2791 return iwm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2792 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2795 /* iwlwifi: mvm/fw.c */
2797 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2799 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2800 enum iwm_ucode_type ucode_type = sc->cur_ucode;
2802 /* Set parameters */
2803 phy_cfg_cmd.phy_cfg = htole32(iwm_get_phy_config(sc));
2804 phy_cfg_cmd.calib_control.event_trigger =
2805 sc->sc_default_calib[ucode_type].event_trigger;
2806 phy_cfg_cmd.calib_control.flow_trigger =
2807 sc->sc_default_calib[ucode_type].flow_trigger;
2809 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2810 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2811 return iwm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2812 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2816 iwm_alive_fn(struct iwm_softc *sc, struct iwm_rx_packet *pkt, void *data)
2818 struct iwm_alive_data *alive_data = data;
2819 struct iwm_alive_resp_v3 *palive3;
2820 struct iwm_alive_resp *palive;
2821 struct iwm_umac_alive *umac;
2822 struct iwm_lmac_alive *lmac1;
2823 struct iwm_lmac_alive *lmac2 = NULL;
2826 if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive)) {
2827 palive = (void *)pkt->data;
2828 umac = &palive->umac_data;
2829 lmac1 = &palive->lmac_data[0];
2830 lmac2 = &palive->lmac_data[1];
2831 status = le16toh(palive->status);
2833 palive3 = (void *)pkt->data;
2834 umac = &palive3->umac_data;
2835 lmac1 = &palive3->lmac_data;
2836 status = le16toh(palive3->status);
2839 sc->error_event_table[0] = le32toh(lmac1->error_event_table_ptr);
2841 sc->error_event_table[1] =
2842 le32toh(lmac2->error_event_table_ptr);
2843 sc->log_event_table = le32toh(lmac1->log_event_table_ptr);
2844 sc->umac_error_event_table = le32toh(umac->error_info_addr);
2845 alive_data->scd_base_addr = le32toh(lmac1->scd_base_ptr);
2846 alive_data->valid = status == IWM_ALIVE_STATUS_OK;
2847 if (sc->umac_error_event_table)
2848 sc->support_umac_log = TRUE;
2850 IWM_DPRINTF(sc, IWM_DEBUG_FW,
2851 "Alive ucode status 0x%04x revision 0x%01X 0x%01X\n",
2852 status, lmac1->ver_type, lmac1->ver_subtype);
2855 IWM_DPRINTF(sc, IWM_DEBUG_FW, "Alive ucode CDB\n");
2857 IWM_DPRINTF(sc, IWM_DEBUG_FW,
2858 "UMAC version: Major - 0x%x, Minor - 0x%x\n",
2859 le32toh(umac->umac_major),
2860 le32toh(umac->umac_minor));
2866 iwm_wait_phy_db_entry(struct iwm_softc *sc,
2867 struct iwm_rx_packet *pkt, void *data)
2869 struct iwm_phy_db *phy_db = data;
2871 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) {
2872 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) {
2873 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n",
2874 __func__, pkt->hdr.code);
2879 if (iwm_phy_db_set_section(phy_db, pkt)) {
2880 device_printf(sc->sc_dev,
2881 "%s: iwm_phy_db_set_section failed\n", __func__);
2888 iwm_load_ucode_wait_alive(struct iwm_softc *sc,
2889 enum iwm_ucode_type ucode_type)
2891 struct iwm_notification_wait alive_wait;
2892 struct iwm_alive_data alive_data;
2893 const struct iwm_fw_img *fw;
2894 enum iwm_ucode_type old_type = sc->cur_ucode;
2896 static const uint16_t alive_cmd[] = { IWM_ALIVE };
2898 fw = &sc->sc_fw.img[ucode_type];
2899 sc->cur_ucode = ucode_type;
2900 sc->ucode_loaded = FALSE;
2902 memset(&alive_data, 0, sizeof(alive_data));
2903 iwm_init_notification_wait(sc->sc_notif_wait, &alive_wait,
2904 alive_cmd, nitems(alive_cmd),
2905 iwm_alive_fn, &alive_data);
2907 error = iwm_start_fw(sc, fw);
2909 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error);
2910 sc->cur_ucode = old_type;
2911 iwm_remove_notification(sc->sc_notif_wait, &alive_wait);
2916 * Some things may run in the background now, but we
2917 * just wait for the ALIVE notification here.
2920 error = iwm_wait_notification(sc->sc_notif_wait, &alive_wait,
2921 IWM_UCODE_ALIVE_TIMEOUT);
2924 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) {
2925 uint32_t a = 0x5a5a5a5a, b = 0x5a5a5a5a;
2926 if (iwm_nic_lock(sc)) {
2927 a = iwm_read_prph(sc, IWM_SB_CPU_1_STATUS);
2928 b = iwm_read_prph(sc, IWM_SB_CPU_2_STATUS);
2931 device_printf(sc->sc_dev,
2932 "SecBoot CPU1 Status: 0x%x, CPU2 Status: 0x%x\n",
2935 sc->cur_ucode = old_type;
2939 if (!alive_data.valid) {
2940 device_printf(sc->sc_dev, "%s: Loaded ucode is not valid\n",
2942 sc->cur_ucode = old_type;
2946 iwm_trans_pcie_fw_alive(sc, alive_data.scd_base_addr);
2949 * configure and operate fw paging mechanism.
2950 * driver configures the paging flow only once, CPU2 paging image
2951 * included in the IWM_UCODE_INIT image.
2953 if (fw->paging_mem_size) {
2954 error = iwm_save_fw_paging(sc, fw);
2956 device_printf(sc->sc_dev,
2957 "%s: failed to save the FW paging image\n",
2962 error = iwm_send_paging_cmd(sc, fw);
2964 device_printf(sc->sc_dev,
2965 "%s: failed to send the paging cmd\n", __func__);
2966 iwm_free_fw_paging(sc);
2972 sc->ucode_loaded = TRUE;
2981 * follows iwlwifi/fw.c
2984 iwm_run_init_ucode(struct iwm_softc *sc, int justnvm)
2986 struct iwm_notification_wait calib_wait;
2987 static const uint16_t init_complete[] = {
2988 IWM_INIT_COMPLETE_NOTIF,
2989 IWM_CALIB_RES_NOTIF_PHY_DB
2993 /* do not operate with rfkill switch turned on */
2994 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2995 device_printf(sc->sc_dev,
2996 "radio is disabled by hardware switch\n");
3000 iwm_init_notification_wait(sc->sc_notif_wait,
3003 nitems(init_complete),
3004 iwm_wait_phy_db_entry,
3007 /* Will also start the device */
3008 ret = iwm_load_ucode_wait_alive(sc, IWM_UCODE_INIT);
3010 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n",
3015 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
3016 ret = iwm_send_bt_init_conf(sc);
3018 device_printf(sc->sc_dev,
3019 "failed to send bt coex configuration: %d\n", ret);
3026 ret = iwm_nvm_init(sc);
3028 device_printf(sc->sc_dev, "failed to read nvm\n");
3031 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr);
3035 /* Send TX valid antennas before triggering calibrations */
3036 ret = iwm_send_tx_ant_cfg(sc, iwm_get_valid_tx_ant(sc));
3038 device_printf(sc->sc_dev,
3039 "failed to send antennas before calibration: %d\n", ret);
3044 * Send phy configurations command to init uCode
3045 * to start the 16.0 uCode init image internal calibrations.
3047 ret = iwm_send_phy_cfg_cmd(sc);
3049 device_printf(sc->sc_dev,
3050 "%s: Failed to run INIT calibrations: %d\n",
3056 * Nothing to do but wait for the init complete notification
3057 * from the firmware.
3060 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait,
3061 IWM_UCODE_CALIB_TIMEOUT);
3068 iwm_remove_notification(sc->sc_notif_wait, &calib_wait);
3074 iwm_config_ltr(struct iwm_softc *sc)
3076 struct iwm_ltr_config_cmd cmd = {
3077 .flags = htole32(IWM_LTR_CFG_FLAG_FEATURE_ENABLE),
3080 if (!sc->sc_ltr_enabled)
3083 return iwm_send_cmd_pdu(sc, IWM_LTR_CONFIG, 0, sizeof(cmd), &cmd);
3090 /* (re)stock rx ring, called at init-time and at runtime */
3092 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
3094 struct iwm_rx_ring *ring = &sc->rxq;
3095 struct iwm_rx_data *data = &ring->data[idx];
3097 bus_dmamap_t dmamap;
3098 bus_dma_segment_t seg;
3101 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
3105 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
3106 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m,
3107 &seg, &nsegs, BUS_DMA_NOWAIT);
3109 device_printf(sc->sc_dev,
3110 "%s: can't map mbuf, error %d\n", __func__, error);
3115 if (data->m != NULL)
3116 bus_dmamap_unload(ring->data_dmat, data->map);
3118 /* Swap ring->spare_map with data->map */
3120 data->map = ring->spare_map;
3121 ring->spare_map = dmamap;
3123 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
3126 /* Update RX descriptor. */
3127 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned"));
3128 if (sc->cfg->mqrx_supported)
3129 ((uint64_t *)ring->desc)[idx] = htole64(seg.ds_addr);
3131 ((uint32_t *)ring->desc)[idx] = htole32(seg.ds_addr >> 8);
3132 bus_dmamap_sync(ring->free_desc_dma.tag, ring->free_desc_dma.map,
3133 BUS_DMASYNC_PREWRITE);
3139 iwm_rx_rx_phy_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3141 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
3143 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
3145 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
3149 * Retrieve the average noise (in dBm) among receivers.
3152 iwm_get_noise(struct iwm_softc *sc,
3153 const struct iwm_statistics_rx_non_phy *stats)
3155 int i, total, nbant, noise;
3157 total = nbant = noise = 0;
3158 for (i = 0; i < 3; i++) {
3159 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
3160 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n",
3171 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n",
3172 __func__, nbant, total);
3174 /* There should be at least one antenna but check anyway. */
3175 return (nbant == 0) ? -127 : (total / nbant) - 107;
3177 /* For now, just hard-code it to -96 to be safe */
3183 iwm_handle_rx_statistics(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3185 struct iwm_notif_statistics_v10 *stats = (void *)&pkt->data;
3187 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
3188 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general);
3191 /* iwlwifi: mvm/rx.c */
3193 * iwm_get_signal_strength - use new rx PHY INFO API
3194 * values are reported by the fw as positive values - need to negate
3195 * to obtain their dBM. Account for missing antennas by replacing 0
3196 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
3199 iwm_rx_get_signal_strength(struct iwm_softc *sc,
3200 struct iwm_rx_phy_info *phy_info)
3202 int energy_a, energy_b, energy_c, max_energy;
3205 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
3206 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
3207 IWM_RX_INFO_ENERGY_ANT_A_POS;
3208 energy_a = energy_a ? -energy_a : -256;
3209 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
3210 IWM_RX_INFO_ENERGY_ANT_B_POS;
3211 energy_b = energy_b ? -energy_b : -256;
3212 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
3213 IWM_RX_INFO_ENERGY_ANT_C_POS;
3214 energy_c = energy_c ? -energy_c : -256;
3215 max_energy = MAX(energy_a, energy_b);
3216 max_energy = MAX(max_energy, energy_c);
3218 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3219 "energy In A %d B %d C %d , and max %d\n",
3220 energy_a, energy_b, energy_c, max_energy);
3226 iwm_rxmq_get_signal_strength(struct iwm_softc *sc,
3227 struct iwm_rx_mpdu_desc *desc)
3229 int energy_a, energy_b;
3231 energy_a = desc->v1.energy_a;
3232 energy_b = desc->v1.energy_b;
3233 energy_a = energy_a ? -energy_a : -256;
3234 energy_b = energy_b ? -energy_b : -256;
3235 return MAX(energy_a, energy_b);
3239 * iwm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
3241 * Handles the actual data of the Rx packet from the fw
3244 iwm_rx_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset,
3247 struct ieee80211com *ic = &sc->sc_ic;
3248 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3249 struct ieee80211_frame *wh;
3250 struct ieee80211_rx_stats rxs;
3251 struct iwm_rx_phy_info *phy_info;
3252 struct iwm_rx_mpdu_res_start *rx_res;
3253 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, offset);
3255 uint32_t rx_pkt_status;
3258 phy_info = &sc->sc_last_phy_info;
3259 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
3260 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
3261 len = le16toh(rx_res->byte_count);
3262 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
3264 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
3265 device_printf(sc->sc_dev,
3266 "dsp size out of range [0,20]: %d\n",
3267 phy_info->cfg_phy_cnt);
3271 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
3272 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
3273 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3274 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
3278 rssi = iwm_rx_get_signal_strength(sc, phy_info);
3280 /* Map it to relative value */
3281 rssi = rssi - sc->sc_noise;
3283 /* replenish ring for the buffer we're going to feed to the sharks */
3284 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
3285 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
3290 m->m_data = pkt->data + sizeof(*rx_res);
3291 m->m_pkthdr.len = m->m_len = len;
3293 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3294 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise);
3296 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3297 "%s: phy_info: channel=%d, flags=0x%08x\n",
3299 le16toh(phy_info->channel),
3300 le16toh(phy_info->phy_flags));
3303 * Populate an RX state struct with the provided information.
3305 bzero(&rxs, sizeof(rxs));
3306 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
3307 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
3308 rxs.c_ieee = le16toh(phy_info->channel);
3309 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
3310 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
3312 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
3315 /* rssi is in 1/2db units */
3316 rxs.c_rssi = rssi * 2;
3317 rxs.c_nf = sc->sc_noise;
3318 if (ieee80211_add_rx_params(m, &rxs) == 0)
3321 if (ieee80211_radiotap_active_vap(vap)) {
3322 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
3325 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
3326 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3327 tap->wr_chan_freq = htole16(rxs.c_freq);
3328 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
3329 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
3330 tap->wr_dbm_antsignal = (int8_t)rssi;
3331 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
3332 tap->wr_tsft = phy_info->system_timestamp;
3333 switch (phy_info->rate) {
3335 case 10: tap->wr_rate = 2; break;
3336 case 20: tap->wr_rate = 4; break;
3337 case 55: tap->wr_rate = 11; break;
3338 case 110: tap->wr_rate = 22; break;
3340 case 0xd: tap->wr_rate = 12; break;
3341 case 0xf: tap->wr_rate = 18; break;
3342 case 0x5: tap->wr_rate = 24; break;
3343 case 0x7: tap->wr_rate = 36; break;
3344 case 0x9: tap->wr_rate = 48; break;
3345 case 0xb: tap->wr_rate = 72; break;
3346 case 0x1: tap->wr_rate = 96; break;
3347 case 0x3: tap->wr_rate = 108; break;
3348 /* Unknown rate: should not happen. */
3349 default: tap->wr_rate = 0;
3357 iwm_rx_mpdu_mq(struct iwm_softc *sc, struct mbuf *m, uint32_t offset,
3360 struct ieee80211com *ic = &sc->sc_ic;
3361 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3362 struct ieee80211_frame *wh;
3363 struct ieee80211_rx_stats rxs;
3364 struct iwm_rx_mpdu_desc *desc;
3365 struct iwm_rx_packet *pkt;
3367 uint32_t hdrlen, len, rate_n_flags;
3371 pkt = mtodo(m, offset);
3372 desc = (void *)pkt->data;
3374 if (!(desc->status & htole16(IWM_RX_MPDU_RES_STATUS_CRC_OK)) ||
3375 !(desc->status & htole16(IWM_RX_MPDU_RES_STATUS_OVERRUN_OK))) {
3376 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3377 "Bad CRC or FIFO: 0x%08X.\n", desc->status);
3381 channel = desc->v1.channel;
3382 len = le16toh(desc->mpdu_len);
3383 phy_info = le16toh(desc->phy_info);
3384 rate_n_flags = desc->v1.rate_n_flags;
3386 wh = mtodo(m, sizeof(*desc));
3387 m->m_data = pkt->data + sizeof(*desc);
3388 m->m_pkthdr.len = m->m_len = len;
3391 /* Account for padding following the frame header. */
3392 if ((desc->mac_flags2 & IWM_RX_MPDU_MFLG2_PAD)) {
3393 hdrlen = ieee80211_anyhdrsize(wh);
3394 memmove(mtodo(m, 2), mtodo(m, 0), hdrlen);
3395 m->m_data = mtodo(m, 2);
3396 wh = mtod(m, struct ieee80211_frame *);
3399 /* Map it to relative value */
3400 rssi = iwm_rxmq_get_signal_strength(sc, desc);
3401 rssi = rssi - sc->sc_noise;
3403 /* replenish ring for the buffer we're going to feed to the sharks */
3404 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
3405 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
3410 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3411 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise);
3414 * Populate an RX state struct with the provided information.
3416 bzero(&rxs, sizeof(rxs));
3417 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
3418 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
3419 rxs.c_ieee = channel;
3420 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee,
3421 channel <= 14 ? IEEE80211_CHAN_2GHZ : IEEE80211_CHAN_5GHZ);
3423 /* rssi is in 1/2db units */
3424 rxs.c_rssi = rssi * 2;
3425 rxs.c_nf = sc->sc_noise;
3426 if (ieee80211_add_rx_params(m, &rxs) == 0)
3429 if (ieee80211_radiotap_active_vap(vap)) {
3430 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
3433 if ((phy_info & IWM_RX_MPDU_PHY_SHORT_PREAMBLE) != 0)
3434 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3435 tap->wr_chan_freq = htole16(rxs.c_freq);
3436 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
3437 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
3438 tap->wr_dbm_antsignal = (int8_t)rssi;
3439 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
3440 tap->wr_tsft = desc->v1.gp2_on_air_rise;
3441 switch ((rate_n_flags & 0xff)) {
3443 case 10: tap->wr_rate = 2; break;
3444 case 20: tap->wr_rate = 4; break;
3445 case 55: tap->wr_rate = 11; break;
3446 case 110: tap->wr_rate = 22; break;
3448 case 0xd: tap->wr_rate = 12; break;
3449 case 0xf: tap->wr_rate = 18; break;
3450 case 0x5: tap->wr_rate = 24; break;
3451 case 0x7: tap->wr_rate = 36; break;
3452 case 0x9: tap->wr_rate = 48; break;
3453 case 0xb: tap->wr_rate = 72; break;
3454 case 0x1: tap->wr_rate = 96; break;
3455 case 0x3: tap->wr_rate = 108; break;
3456 /* Unknown rate: should not happen. */
3457 default: tap->wr_rate = 0;
3465 iwm_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset,
3468 struct epoch_tracker et;
3469 struct ieee80211com *ic;
3470 struct ieee80211_frame *wh;
3471 struct ieee80211_node *ni;
3476 ret = sc->cfg->mqrx_supported ?
3477 iwm_rx_mpdu_mq(sc, m, offset, stolen) :
3478 iwm_rx_rx_mpdu(sc, m, offset, stolen);
3480 counter_u64_add(ic->ic_ierrors, 1);
3484 wh = mtod(m, struct ieee80211_frame *);
3485 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
3489 NET_EPOCH_ENTER(et);
3491 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
3492 ieee80211_input_mimo(ni, m);
3493 ieee80211_free_node(ni);
3495 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
3496 ieee80211_input_mimo_all(ic, m);
3506 iwm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
3507 struct iwm_node *in)
3509 struct iwm_tx_resp *tx_resp = (void *)pkt->data;
3510 struct ieee80211_ratectl_tx_status *txs = &sc->sc_txs;
3511 struct ieee80211_node *ni = &in->in_ni;
3512 struct ieee80211vap *vap = ni->ni_vap;
3513 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
3514 int new_rate, cur_rate = vap->iv_bss->ni_txrate;
3515 boolean_t rate_matched;
3516 uint8_t tx_resp_rate;
3518 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
3520 /* Update rate control statistics. */
3521 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n",
3523 (int) le16toh(tx_resp->status.status),
3524 (int) le16toh(tx_resp->status.sequence),
3525 tx_resp->frame_count,
3526 tx_resp->bt_kill_count,
3527 tx_resp->failure_rts,
3528 tx_resp->failure_frame,
3529 le32toh(tx_resp->initial_rate),
3530 (int) le16toh(tx_resp->wireless_media_time));
3532 tx_resp_rate = iwm_rate_from_ucode_rate(le32toh(tx_resp->initial_rate));
3534 /* For rate control, ignore frames sent at different initial rate */
3535 rate_matched = (tx_resp_rate != 0 && tx_resp_rate == cur_rate);
3537 if (tx_resp_rate != 0 && cur_rate != 0 && !rate_matched) {
3538 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3539 "tx_resp_rate doesn't match ni_txrate (tx_resp_rate=%u "
3540 "ni_txrate=%d)\n", tx_resp_rate, cur_rate);
3543 txs->flags = IEEE80211_RATECTL_STATUS_SHORT_RETRY |
3544 IEEE80211_RATECTL_STATUS_LONG_RETRY;
3545 txs->short_retries = tx_resp->failure_rts;
3546 txs->long_retries = tx_resp->failure_frame;
3547 if (status != IWM_TX_STATUS_SUCCESS &&
3548 status != IWM_TX_STATUS_DIRECT_DONE) {
3550 case IWM_TX_STATUS_FAIL_SHORT_LIMIT:
3551 txs->status = IEEE80211_RATECTL_TX_FAIL_SHORT;
3553 case IWM_TX_STATUS_FAIL_LONG_LIMIT:
3554 txs->status = IEEE80211_RATECTL_TX_FAIL_LONG;
3556 case IWM_TX_STATUS_FAIL_LIFE_EXPIRE:
3557 txs->status = IEEE80211_RATECTL_TX_FAIL_EXPIRED;
3560 txs->status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED;
3564 txs->status = IEEE80211_RATECTL_TX_SUCCESS;
3568 ieee80211_ratectl_tx_complete(ni, txs);
3570 int rix = ieee80211_ratectl_rate(vap->iv_bss, NULL, 0);
3571 new_rate = vap->iv_bss->ni_txrate;
3572 if (new_rate != 0 && new_rate != cur_rate) {
3573 struct iwm_node *in = IWM_NODE(vap->iv_bss);
3574 iwm_setrates(sc, in, rix);
3575 iwm_send_lq_cmd(sc, &in->in_lq, FALSE);
3579 return (txs->status != IEEE80211_RATECTL_TX_SUCCESS);
3583 iwm_rx_tx_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3585 struct iwm_cmd_header *cmd_hdr;
3586 struct iwm_tx_ring *ring;
3587 struct iwm_tx_data *txd;
3588 struct iwm_node *in;
3590 int idx, qid, qmsk, status;
3592 cmd_hdr = &pkt->hdr;
3596 ring = &sc->txq[qid];
3597 txd = &ring->data[idx];
3601 KASSERT(txd->done == 0, ("txd not done"));
3602 KASSERT(txd->in != NULL, ("txd without node"));
3603 KASSERT(txd->m != NULL, ("txd without mbuf"));
3605 sc->sc_tx_timer = 0;
3607 status = iwm_rx_tx_cmd_single(sc, pkt, in);
3609 /* Unmap and free mbuf. */
3610 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
3611 bus_dmamap_unload(ring->data_dmat, txd->map);
3613 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3614 "free txd %p, in %p\n", txd, txd->in);
3619 ieee80211_tx_complete(&in->in_ni, m, status);
3622 if (--ring->queued < IWM_TX_RING_LOMARK && (sc->qfullmsk & qmsk) != 0) {
3623 sc->qfullmsk &= ~qmsk;
3624 if (sc->qfullmsk == 0)
3634 * Process a "command done" firmware notification. This is where we wakeup
3635 * processes waiting for a synchronous command completion.
3639 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3641 struct iwm_tx_ring *ring = &sc->txq[IWM_CMD_QUEUE];
3642 struct iwm_tx_data *data;
3644 if (pkt->hdr.qid != IWM_CMD_QUEUE) {
3645 return; /* Not a command ack. */
3648 /* XXX wide commands? */
3649 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
3650 "cmd notification type 0x%x qid %d idx %d\n",
3651 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx);
3653 data = &ring->data[pkt->hdr.idx];
3655 /* If the command was mapped in an mbuf, free it. */
3656 if (data->m != NULL) {
3657 bus_dmamap_sync(ring->data_dmat, data->map,
3658 BUS_DMASYNC_POSTWRITE);
3659 bus_dmamap_unload(ring->data_dmat, data->map);
3663 wakeup(&ring->desc[pkt->hdr.idx]);
3665 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) {
3666 device_printf(sc->sc_dev,
3667 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n",
3668 __func__, pkt->hdr.idx, ring->queued, ring->cur);
3669 /* XXX call iwm_force_nmi() */
3672 KASSERT(ring->queued > 0, ("ring->queued is empty?"));
3674 if (ring->queued == 0)
3675 iwm_pcie_clear_cmd_in_flight(sc);
3680 * necessary only for block ack mode
3683 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
3686 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
3689 scd_bc_tbl = sc->sched_dma.vaddr;
3691 len += 8; /* magic numbers came naturally from paris */
3692 len = roundup(len, 4) / 4;
3694 w_val = htole16(sta_id << 12 | len);
3696 /* Update TX scheduler. */
3697 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
3698 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3699 BUS_DMASYNC_PREWRITE);
3701 /* I really wonder what this is ?!? */
3702 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
3703 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
3704 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3705 BUS_DMASYNC_PREWRITE);
3711 iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate)
3715 for (i = 0; i < nitems(iwm_rates); i++) {
3716 if (iwm_rates[i].rate == rate)
3720 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3721 "%s: couldn't find an entry for rate=%d\n",
3728 * Fill in the rate related information for a transmit command.
3730 static const struct iwm_rate *
3731 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
3732 struct mbuf *m, struct iwm_tx_cmd *tx)
3734 struct ieee80211_node *ni = &in->in_ni;
3735 struct ieee80211_frame *wh;
3736 const struct ieee80211_txparam *tp = ni->ni_txparms;
3737 const struct iwm_rate *rinfo;
3739 int ridx, rate_flags;
3741 wh = mtod(m, struct ieee80211_frame *);
3742 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3744 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
3745 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
3747 if (type == IEEE80211_FC0_TYPE_MGT ||
3748 type == IEEE80211_FC0_TYPE_CTL ||
3749 (m->m_flags & M_EAPOL) != 0) {
3750 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate);
3751 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3752 "%s: MGT (%d)\n", __func__, tp->mgmtrate);
3753 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3754 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate);
3755 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3756 "%s: MCAST (%d)\n", __func__, tp->mcastrate);
3757 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
3758 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate);
3759 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3760 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate);
3762 /* for data frames, use RS table */
3763 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__);
3764 ridx = iwm_rate2ridx(sc, ni->ni_txrate);
3768 /* This is the index into the programmed table */
3769 tx->initial_rate_index = 0;
3770 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
3773 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3774 "%s: frame type=%d txrate %d\n",
3775 __func__, type, iwm_rates[ridx].rate);
3777 rinfo = &iwm_rates[ridx];
3779 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
3782 !! (IWM_RIDX_IS_CCK(ridx))
3785 /* XXX TODO: hard-coded TX antenna? */
3786 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_9000)
3787 rate_flags = IWM_RATE_MCS_ANT_B_MSK;
3789 rate_flags = IWM_RATE_MCS_ANT_A_MSK;
3790 if (IWM_RIDX_IS_CCK(ridx))
3791 rate_flags |= IWM_RATE_MCS_CCK_MSK;
3792 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
3799 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
3801 struct ieee80211com *ic = &sc->sc_ic;
3802 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3803 struct iwm_node *in = IWM_NODE(ni);
3804 struct iwm_tx_ring *ring;
3805 struct iwm_tx_data *data;
3806 struct iwm_tfd *desc;
3807 struct iwm_device_cmd *cmd;
3808 struct iwm_tx_cmd *tx;
3809 struct ieee80211_frame *wh;
3810 struct ieee80211_key *k = NULL;
3812 const struct iwm_rate *rinfo;
3815 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
3818 int i, totlen, error, pad;
3820 wh = mtod(m, struct ieee80211_frame *);
3821 hdrlen = ieee80211_anyhdrsize(wh);
3822 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3824 ring = &sc->txq[ac];
3825 desc = &ring->desc[ring->cur];
3826 data = &ring->data[ring->cur];
3828 /* Fill out iwm_tx_cmd to send to the firmware */
3829 cmd = &ring->cmd[ring->cur];
3830 cmd->hdr.code = IWM_TX_CMD;
3832 cmd->hdr.qid = ring->qid;
3833 cmd->hdr.idx = ring->cur;
3835 tx = (void *)cmd->data;
3836 memset(tx, 0, sizeof(*tx));
3838 rinfo = iwm_tx_fill_cmd(sc, in, m, tx);
3840 /* Encrypt the frame if need be. */
3841 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
3842 /* Retrieve key for TX && do software encryption. */
3843 k = ieee80211_crypto_encap(ni, m);
3848 /* 802.11 header may have moved. */
3849 wh = mtod(m, struct ieee80211_frame *);
3852 if (ieee80211_radiotap_active_vap(vap)) {
3853 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
3856 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
3857 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
3858 tap->wt_rate = rinfo->rate;
3860 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
3861 ieee80211_radiotap_tx(vap, m);
3865 totlen = m->m_pkthdr.len;
3866 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3867 flags |= IWM_TX_CMD_FLG_ACK;
3870 if (type == IEEE80211_FC0_TYPE_DATA &&
3871 totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold &&
3872 !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3873 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
3876 tx->sta_id = IWM_STATION_ID;
3878 if (type == IEEE80211_FC0_TYPE_MGT) {
3879 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3881 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3882 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
3883 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC);
3884 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) {
3885 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3887 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT);
3890 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3894 /* First segment length must be a multiple of 4. */
3895 flags |= IWM_TX_CMD_FLG_MH_PAD;
3896 tx->offload_assist |= htole16(1 << IWM_TX_CMD_OFFLD_PAD);
3897 pad = 4 - (hdrlen & 3);
3899 tx->offload_assist = 0;
3903 tx->len = htole16(totlen);
3904 tx->tid_tspec = tid;
3905 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
3907 /* Set physical address of "scratch area". */
3908 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
3909 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
3911 /* Copy 802.11 header in TX command. */
3912 memcpy((uint8_t *)tx + sizeof(*tx), wh, hdrlen);
3914 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
3917 tx->tx_flags |= htole32(flags);
3919 /* Trim 802.11 header. */
3921 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3922 segs, &nsegs, BUS_DMA_NOWAIT);
3924 if (error != EFBIG) {
3925 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3930 /* Too many DMA segments, linearize mbuf. */
3931 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2);
3933 device_printf(sc->sc_dev,
3934 "%s: could not defrag mbuf\n", __func__);
3940 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3941 segs, &nsegs, BUS_DMA_NOWAIT);
3943 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3953 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3954 "sending txd %p, in %p\n", data, data->in);
3955 KASSERT(data->in != NULL, ("node is NULL"));
3957 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3958 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n",
3959 ring->qid, ring->cur, totlen, nsegs,
3960 le32toh(tx->tx_flags),
3961 le32toh(tx->rate_n_flags),
3962 tx->initial_rate_index
3965 /* Fill TX descriptor. */
3966 memset(desc, 0, sizeof(*desc));
3967 desc->num_tbs = 2 + nsegs;
3969 desc->tbs[0].lo = htole32(data->cmd_paddr);
3970 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr) |
3972 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
3973 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr) |
3974 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) +
3975 hdrlen + pad - TB0_SIZE) << 4));
3977 /* Other DMA segments are for data payload. */
3978 for (i = 0; i < nsegs; i++) {
3980 desc->tbs[i + 2].lo = htole32(seg->ds_addr);
3981 desc->tbs[i + 2].hi_n_len =
3982 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) |
3986 bus_dmamap_sync(ring->data_dmat, data->map,
3987 BUS_DMASYNC_PREWRITE);
3988 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
3989 BUS_DMASYNC_PREWRITE);
3990 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3991 BUS_DMASYNC_PREWRITE);
3994 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
3998 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
3999 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
4001 /* Mark TX ring as full if we reach a certain threshold. */
4002 if (++ring->queued > IWM_TX_RING_HIMARK) {
4003 sc->qfullmsk |= 1 << ring->qid;
4010 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
4011 const struct ieee80211_bpf_params *params)
4013 struct ieee80211com *ic = ni->ni_ic;
4014 struct iwm_softc *sc = ic->ic_softc;
4017 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
4018 "->%s begin\n", __func__);
4020 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
4022 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
4023 "<-%s not RUNNING\n", __func__);
4029 if (params == NULL) {
4030 error = iwm_tx(sc, m, ni, 0);
4032 error = iwm_tx(sc, m, ni, 0);
4034 if (sc->sc_tx_timer == 0)
4035 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4036 sc->sc_tx_timer = 5;
4047 * Note that there are transports that buffer frames before they reach
4048 * the firmware. This means that after flush_tx_path is called, the
4049 * queue might not be empty. The race-free way to handle this is to:
4050 * 1) set the station as draining
4051 * 2) flush the Tx path
4052 * 3) wait for the transport queues to be empty
4055 iwm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags)
4058 struct iwm_tx_path_flush_cmd flush_cmd = {
4059 .queues_ctl = htole32(tfd_msk),
4060 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
4063 ret = iwm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags,
4064 sizeof(flush_cmd), &flush_cmd);
4066 device_printf(sc->sc_dev,
4067 "Flushing tx queue failed: %d\n", ret);
4076 iwm_update_quotas(struct iwm_softc *sc, struct iwm_vap *ivp)
4078 struct iwm_time_quota_cmd cmd;
4079 int i, idx, ret, num_active_macs, quota, quota_rem;
4080 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
4081 int n_ifs[IWM_MAX_BINDINGS] = {0, };
4084 memset(&cmd, 0, sizeof(cmd));
4086 /* currently, PHY ID == binding ID */
4088 id = ivp->phy_ctxt->id;
4089 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
4090 colors[id] = ivp->phy_ctxt->color;
4097 * The FW's scheduling session consists of
4098 * IWM_MAX_QUOTA fragments. Divide these fragments
4099 * equally between all the bindings that require quota
4101 num_active_macs = 0;
4102 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
4103 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
4104 num_active_macs += n_ifs[i];
4109 if (num_active_macs) {
4110 quota = IWM_MAX_QUOTA / num_active_macs;
4111 quota_rem = IWM_MAX_QUOTA % num_active_macs;
4114 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
4118 cmd.quotas[idx].id_and_color =
4119 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
4121 if (n_ifs[i] <= 0) {
4122 cmd.quotas[idx].quota = htole32(0);
4123 cmd.quotas[idx].max_duration = htole32(0);
4125 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
4126 cmd.quotas[idx].max_duration = htole32(0);
4131 /* Give the remainder of the session to the first binding */
4132 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
4134 ret = iwm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
4137 device_printf(sc->sc_dev,
4138 "%s: Failed to send quota: %d\n", __func__, ret);
4147 * ieee80211 routines
4151 * Change to AUTH state in 80211 state machine. Roughly matches what
4152 * Linux does in bss_info_changed().
4155 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
4157 struct ieee80211_node *ni;
4158 struct iwm_node *in;
4159 struct iwm_vap *iv = IWM_VAP(vap);
4164 * XXX i have a feeling that the vap node is being
4165 * freed from underneath us. Grr.
4167 ni = ieee80211_ref_node(vap->iv_bss);
4169 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
4170 "%s: called; vap=%p, bss ni=%p\n",
4174 IWM_DPRINTF(sc, IWM_DEBUG_STATE, "%s: Current node bssid: %s\n",
4175 __func__, ether_sprintf(ni->ni_bssid));
4181 * Firmware bug - it'll crash if the beacon interval is less
4182 * than 16. We can't avoid connecting at all, so refuse the
4183 * station state change, this will cause net80211 to abandon
4184 * attempts to connect to this AP, and eventually wpa_s will
4185 * blacklist the AP...
4187 if (ni->ni_intval < 16) {
4188 device_printf(sc->sc_dev,
4189 "AP %s beacon interval is %d, refusing due to firmware bug!\n",
4190 ether_sprintf(ni->ni_bssid), ni->ni_intval);
4195 error = iwm_allow_mcast(vap, sc);
4197 device_printf(sc->sc_dev,
4198 "%s: failed to set multicast\n", __func__);
4203 * This is where it deviates from what Linux does.
4205 * Linux iwlwifi doesn't reset the nic each time, nor does it
4206 * call ctxt_add() here. Instead, it adds it during vap creation,
4207 * and always does a mac_ctx_changed().
4209 * The openbsd port doesn't attempt to do that - it reset things
4210 * at odd states and does the add here.
4212 * So, until the state handling is fixed (ie, we never reset
4213 * the NIC except for a firmware failure, which should drag
4214 * the NIC back to IDLE, re-setup and re-add all the mac/phy
4215 * contexts that are required), let's do a dirty hack here.
4217 if (iv->is_uploaded) {
4218 if ((error = iwm_mac_ctxt_changed(sc, vap)) != 0) {
4219 device_printf(sc->sc_dev,
4220 "%s: failed to update MAC\n", __func__);
4224 if ((error = iwm_mac_ctxt_add(sc, vap)) != 0) {
4225 device_printf(sc->sc_dev,
4226 "%s: failed to add MAC\n", __func__);
4230 sc->sc_firmware_state = 1;
4232 if ((error = iwm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
4233 in->in_ni.ni_chan, 1, 1)) != 0) {
4234 device_printf(sc->sc_dev,
4235 "%s: failed update phy ctxt\n", __func__);
4238 iv->phy_ctxt = &sc->sc_phyctxt[0];
4240 if ((error = iwm_binding_add_vif(sc, iv)) != 0) {
4241 device_printf(sc->sc_dev,
4242 "%s: binding update cmd\n", __func__);
4245 sc->sc_firmware_state = 2;
4247 * Authentication becomes unreliable when powersaving is left enabled
4248 * here. Powersaving will be activated again when association has
4249 * finished or is aborted.
4251 iv->ps_disabled = TRUE;
4252 error = iwm_power_update_mac(sc);
4253 iv->ps_disabled = FALSE;
4255 device_printf(sc->sc_dev,
4256 "%s: failed to update power management\n",
4260 if ((error = iwm_add_sta(sc, in)) != 0) {
4261 device_printf(sc->sc_dev,
4262 "%s: failed to add sta\n", __func__);
4265 sc->sc_firmware_state = 3;
4268 * Prevent the FW from wandering off channel during association
4269 * by "protecting" the session with a time event.
4271 /* XXX duration is in units of TU, not MS */
4272 duration = IWM_TE_SESSION_PROTECTION_MAX_TIME_MS;
4273 iwm_protect_session(sc, iv, duration, 500 /* XXX magic number */, TRUE);
4279 ieee80211_free_node(ni);
4283 static struct ieee80211_node *
4284 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
4286 return malloc(sizeof (struct iwm_node), M_80211_NODE,
4291 iwm_rate_from_ucode_rate(uint32_t rate_n_flags)
4293 uint8_t plcp = rate_n_flags & 0xff;
4296 for (i = 0; i <= IWM_RIDX_MAX; i++) {
4297 if (iwm_rates[i].plcp == plcp)
4298 return iwm_rates[i].rate;
4304 iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx)
4309 for (i = 0; i < rs->rs_nrates; i++) {
4310 rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL);
4311 if (rval == iwm_rates[ridx].rate)
4312 return rs->rs_rates[i];
4319 iwm_rate2ridx(struct iwm_softc *sc, uint8_t rate)
4323 for (i = 0; i <= IWM_RIDX_MAX; i++) {
4324 if (iwm_rates[i].rate == rate)
4328 device_printf(sc->sc_dev,
4329 "%s: WARNING: device rate for %u not found!\n",
4337 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in, int rix)
4339 struct ieee80211_node *ni = &in->in_ni;
4340 struct iwm_lq_cmd *lq = &in->in_lq;
4341 struct ieee80211_rateset *rs = &ni->ni_rates;
4342 int nrates = rs->rs_nrates;
4343 int i, ridx, tab = 0;
4346 KASSERT(rix >= 0 && rix < nrates, ("invalid rix"));
4348 if (nrates > nitems(lq->rs_table)) {
4349 device_printf(sc->sc_dev,
4350 "%s: node supports %d rates, driver handles "
4351 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
4355 device_printf(sc->sc_dev,
4356 "%s: node supports 0 rates, odd!\n", __func__);
4359 nrates = imin(rix + 1, nrates);
4361 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4362 "%s: nrates=%d\n", __func__, nrates);
4364 /* then construct a lq_cmd based on those */
4365 memset(lq, 0, sizeof(*lq));
4366 lq->sta_id = IWM_STATION_ID;
4368 /* For HT, always enable RTS/CTS to avoid excessive retries. */
4369 if (ni->ni_flags & IEEE80211_NODE_HT)
4370 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK;
4373 * are these used? (we don't do SISO or MIMO)
4374 * need to set them to non-zero, though, or we get an error.
4376 lq->single_stream_ant_msk = 1;
4377 lq->dual_stream_ant_msk = 1;
4380 * Build the actual rate selection table.
4381 * The lowest bits are the rates. Additionally,
4382 * CCK needs bit 9 to be set. The rest of the bits
4383 * we add to the table select the tx antenna
4384 * Note that we add the rates in the highest rate first
4385 * (opposite of ni_rates).
4387 for (i = 0; i < nrates; i++) {
4388 int rate = rs->rs_rates[rix - i] & IEEE80211_RATE_VAL;
4391 /* Map 802.11 rate to HW rate index. */
4392 ridx = iwm_rate2ridx(sc, rate);
4398 txant = iwm_get_valid_tx_ant(sc);
4399 nextant = 1<<(ffs(txant)-1);
4402 nextant = iwm_get_valid_tx_ant(sc);
4404 tab = iwm_rates[ridx].plcp;
4405 tab |= nextant << IWM_RATE_MCS_ANT_POS;
4406 if (IWM_RIDX_IS_CCK(ridx))
4407 tab |= IWM_RATE_MCS_CCK_MSK;
4408 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4409 "station rate i=%d, rate=%d, hw=%x\n",
4410 i, iwm_rates[ridx].rate, tab);
4411 lq->rs_table[i] = htole32(tab);
4413 /* then fill the rest with the lowest possible rate */
4414 for (i = nrates; i < nitems(lq->rs_table); i++) {
4415 KASSERT(tab != 0, ("invalid tab"));
4416 lq->rs_table[i] = htole32(tab);
4421 iwm_media_change(struct ifnet *ifp)
4423 struct ieee80211vap *vap = ifp->if_softc;
4424 struct ieee80211com *ic = vap->iv_ic;
4425 struct iwm_softc *sc = ic->ic_softc;
4428 error = ieee80211_media_change(ifp);
4429 if (error != ENETRESET)
4433 if (ic->ic_nrunning > 0) {
4442 iwm_bring_down_firmware(struct iwm_softc *sc, struct ieee80211vap *vap)
4444 struct iwm_vap *ivp = IWM_VAP(vap);
4447 /* Avoid Tx watchdog triggering, when transfers get dropped here. */
4448 sc->sc_tx_timer = 0;
4451 if (sc->sc_firmware_state == 3) {
4452 iwm_xmit_queue_drain(sc);
4453 // iwm_flush_tx_path(sc, 0xf, IWM_CMD_SYNC);
4454 error = iwm_rm_sta(sc, vap, TRUE);
4456 device_printf(sc->sc_dev,
4457 "%s: Failed to remove station: %d\n",
4461 if (sc->sc_firmware_state == 3) {
4462 error = iwm_mac_ctxt_changed(sc, vap);
4464 device_printf(sc->sc_dev,
4465 "%s: Failed to change mac context: %d\n",
4469 if (sc->sc_firmware_state == 3) {
4470 error = iwm_sf_update(sc, vap, FALSE);
4472 device_printf(sc->sc_dev,
4473 "%s: Failed to update smart FIFO: %d\n",
4477 if (sc->sc_firmware_state == 3) {
4478 error = iwm_rm_sta_id(sc, vap);
4480 device_printf(sc->sc_dev,
4481 "%s: Failed to remove station id: %d\n",
4485 if (sc->sc_firmware_state == 3) {
4486 error = iwm_update_quotas(sc, NULL);
4488 device_printf(sc->sc_dev,
4489 "%s: Failed to update PHY quota: %d\n",
4493 if (sc->sc_firmware_state == 3) {
4494 /* XXX Might need to specify bssid correctly. */
4495 error = iwm_mac_ctxt_changed(sc, vap);
4497 device_printf(sc->sc_dev,
4498 "%s: Failed to change mac context: %d\n",
4502 if (sc->sc_firmware_state == 3) {
4503 sc->sc_firmware_state = 2;
4505 if (sc->sc_firmware_state > 1) {
4506 error = iwm_binding_remove_vif(sc, ivp);
4508 device_printf(sc->sc_dev,
4509 "%s: Failed to remove channel ctx: %d\n",
4513 if (sc->sc_firmware_state > 1) {
4514 sc->sc_firmware_state = 1;
4516 ivp->phy_ctxt = NULL;
4517 if (sc->sc_firmware_state > 0) {
4518 error = iwm_mac_ctxt_changed(sc, vap);
4520 device_printf(sc->sc_dev,
4521 "%s: Failed to change mac context: %d\n",
4525 if (sc->sc_firmware_state > 0) {
4526 error = iwm_power_update_mac(sc);
4528 device_printf(sc->sc_dev,
4529 "%s: failed to update power management\n",
4533 sc->sc_firmware_state = 0;
4537 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
4539 struct iwm_vap *ivp = IWM_VAP(vap);
4540 struct ieee80211com *ic = vap->iv_ic;
4541 struct iwm_softc *sc = ic->ic_softc;
4542 struct iwm_node *in;
4545 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4546 "switching state %s -> %s arg=0x%x\n",
4547 ieee80211_state_name[vap->iv_state],
4548 ieee80211_state_name[nstate],
4551 IEEE80211_UNLOCK(ic);
4554 if ((sc->sc_flags & IWM_FLAG_SCAN_RUNNING) &&
4555 (nstate == IEEE80211_S_AUTH ||
4556 nstate == IEEE80211_S_ASSOC ||
4557 nstate == IEEE80211_S_RUN)) {
4558 /* Stop blinking for a scan, when authenticating. */
4559 iwm_led_blink_stop(sc);
4562 if (vap->iv_state == IEEE80211_S_RUN && nstate != IEEE80211_S_RUN) {
4563 iwm_led_disable(sc);
4564 /* disable beacon filtering if we're hopping out of RUN */
4565 iwm_disable_beacon_filter(sc);
4566 if (((in = IWM_NODE(vap->iv_bss)) != NULL))
4570 if ((vap->iv_state == IEEE80211_S_AUTH ||
4571 vap->iv_state == IEEE80211_S_ASSOC ||
4572 vap->iv_state == IEEE80211_S_RUN) &&
4573 (nstate == IEEE80211_S_INIT ||
4574 nstate == IEEE80211_S_SCAN ||
4575 nstate == IEEE80211_S_AUTH)) {
4576 iwm_stop_session_protection(sc, ivp);
4579 if ((vap->iv_state == IEEE80211_S_RUN ||
4580 vap->iv_state == IEEE80211_S_ASSOC) &&
4581 nstate == IEEE80211_S_INIT) {
4583 * In this case, iv_newstate() wants to send an 80211 frame on
4584 * the network that we are leaving. So we need to call it,
4585 * before tearing down all the firmware state.
4589 ivp->iv_newstate(vap, nstate, arg);
4590 IEEE80211_UNLOCK(ic);
4592 iwm_bring_down_firmware(sc, vap);
4599 case IEEE80211_S_INIT:
4600 case IEEE80211_S_SCAN:
4603 case IEEE80211_S_AUTH:
4604 iwm_bring_down_firmware(sc, vap);
4605 if ((error = iwm_auth(vap, sc)) != 0) {
4606 device_printf(sc->sc_dev,
4607 "%s: could not move to auth state: %d\n",
4609 iwm_bring_down_firmware(sc, vap);
4616 case IEEE80211_S_ASSOC:
4618 * EBS may be disabled due to previous failures reported by FW.
4619 * Reset EBS status here assuming environment has been changed.
4621 sc->last_ebs_successful = TRUE;
4624 case IEEE80211_S_RUN:
4625 in = IWM_NODE(vap->iv_bss);
4626 /* Update the association state, now we have it all */
4627 /* (eg associd comes in at this point */
4628 error = iwm_update_sta(sc, in);
4630 device_printf(sc->sc_dev,
4631 "%s: failed to update STA\n", __func__);
4637 error = iwm_mac_ctxt_changed(sc, vap);
4639 device_printf(sc->sc_dev,
4640 "%s: failed to update MAC: %d\n", __func__, error);
4643 iwm_sf_update(sc, vap, FALSE);
4644 iwm_enable_beacon_filter(sc, ivp);
4645 iwm_power_update_mac(sc);
4646 iwm_update_quotas(sc, ivp);
4647 int rix = ieee80211_ratectl_rate(&in->in_ni, NULL, 0);
4648 iwm_setrates(sc, in, rix);
4650 if ((error = iwm_send_lq_cmd(sc, &in->in_lq, TRUE)) != 0) {
4651 device_printf(sc->sc_dev,
4652 "%s: IWM_LQ_CMD failed: %d\n", __func__, error);
4664 return (ivp->iv_newstate(vap, nstate, arg));
4668 iwm_endscan_cb(void *arg, int pending)
4670 struct iwm_softc *sc = arg;
4671 struct ieee80211com *ic = &sc->sc_ic;
4673 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
4677 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
4681 iwm_send_bt_init_conf(struct iwm_softc *sc)
4683 struct iwm_bt_coex_cmd bt_cmd;
4685 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI);
4686 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET);
4688 return iwm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd),
4693 iwm_is_lar_supported(struct iwm_softc *sc)
4695 boolean_t nvm_lar = sc->nvm_data->lar_enabled;
4696 boolean_t tlv_lar = iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_SUPPORT);
4698 if (iwm_lar_disable)
4702 * Enable LAR only if it is supported by the FW (TLV) &&
4703 * enabled in the NVM
4705 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000)
4706 return nvm_lar && tlv_lar;
4712 iwm_is_wifi_mcc_supported(struct iwm_softc *sc)
4714 return iwm_fw_has_api(sc, IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) ||
4715 iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC);
4719 iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2)
4721 struct iwm_mcc_update_cmd mcc_cmd;
4722 struct iwm_host_cmd hcmd = {
4723 .id = IWM_MCC_UPDATE_CMD,
4724 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB),
4725 .data = { &mcc_cmd },
4729 struct iwm_rx_packet *pkt;
4730 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL;
4731 struct iwm_mcc_update_resp *mcc_resp;
4735 int resp_v2 = iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2);
4737 if (!iwm_is_lar_supported(sc)) {
4738 IWM_DPRINTF(sc, IWM_DEBUG_LAR, "%s: no LAR support\n",
4743 memset(&mcc_cmd, 0, sizeof(mcc_cmd));
4744 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]);
4745 if (iwm_is_wifi_mcc_supported(sc))
4746 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT;
4748 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW;
4751 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd);
4753 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1);
4755 IWM_DPRINTF(sc, IWM_DEBUG_LAR,
4756 "send MCC update to FW with '%c%c' src = %d\n",
4757 alpha2[0], alpha2[1], mcc_cmd.source_id);
4759 ret = iwm_send_cmd(sc, &hcmd);
4764 pkt = hcmd.resp_pkt;
4766 /* Extract MCC response */
4768 mcc_resp = (void *)pkt->data;
4769 mcc = mcc_resp->mcc;
4770 n_channels = le32toh(mcc_resp->n_channels);
4772 mcc_resp_v1 = (void *)pkt->data;
4773 mcc = mcc_resp_v1->mcc;
4774 n_channels = le32toh(mcc_resp_v1->n_channels);
4777 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */
4779 mcc = 0x3030; /* "00" - world */
4781 IWM_DPRINTF(sc, IWM_DEBUG_LAR,
4782 "regulatory domain '%c%c' (%d channels available)\n",
4783 mcc >> 8, mcc & 0xff, n_channels);
4785 iwm_free_resp(sc, &hcmd);
4791 iwm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff)
4793 struct iwm_host_cmd cmd = {
4794 .id = IWM_REPLY_THERMAL_MNG_BACKOFF,
4795 .len = { sizeof(uint32_t), },
4796 .data = { &backoff, },
4799 if (iwm_send_cmd(sc, &cmd) != 0) {
4800 device_printf(sc->sc_dev,
4801 "failed to change thermal tx backoff\n");
4806 iwm_init_hw(struct iwm_softc *sc)
4808 struct ieee80211com *ic = &sc->sc_ic;
4811 sc->sf_state = IWM_SF_UNINIT;
4813 if ((error = iwm_start_hw(sc)) != 0) {
4814 printf("iwm_start_hw: failed %d\n", error);
4818 if ((error = iwm_run_init_ucode(sc, 0)) != 0) {
4819 printf("iwm_run_init_ucode: failed %d\n", error);
4824 * should stop and start HW since that INIT
4827 iwm_stop_device(sc);
4828 sc->sc_ps_disabled = FALSE;
4829 if ((error = iwm_start_hw(sc)) != 0) {
4830 device_printf(sc->sc_dev, "could not initialize hardware\n");
4834 /* omstart, this time with the regular firmware */
4835 error = iwm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR);
4837 device_printf(sc->sc_dev, "could not load firmware\n");
4841 error = iwm_sf_update(sc, NULL, FALSE);
4843 device_printf(sc->sc_dev, "Failed to initialize Smart Fifo\n");
4845 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
4846 device_printf(sc->sc_dev, "bt init conf failed\n");
4850 error = iwm_send_tx_ant_cfg(sc, iwm_get_valid_tx_ant(sc));
4852 device_printf(sc->sc_dev, "antenna config failed\n");
4856 /* Send phy db control command and then phy db calibration */
4857 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0)
4860 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) {
4861 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n");
4865 /* Add auxiliary station for scanning */
4866 if ((error = iwm_add_aux_sta(sc)) != 0) {
4867 device_printf(sc->sc_dev, "add_aux_sta failed\n");
4871 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
4873 * The channel used here isn't relevant as it's
4874 * going to be overwritten in the other flows.
4875 * For now use the first channel we have.
4877 if ((error = iwm_phy_ctxt_add(sc,
4878 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
4882 /* Initialize tx backoffs to the minimum. */
4883 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
4884 iwm_tt_tx_backoff(sc, 0);
4886 if (iwm_config_ltr(sc) != 0)
4887 device_printf(sc->sc_dev, "PCIe LTR configuration failed\n");
4889 error = iwm_power_update_device(sc);
4893 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0)
4896 if (iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) {
4897 if ((error = iwm_config_umac_scan(sc)) != 0)
4901 /* Enable Tx queues. */
4902 for (ac = 0; ac < WME_NUM_AC; ac++) {
4903 error = iwm_enable_txq(sc, IWM_STATION_ID, ac,
4904 iwm_ac_to_tx_fifo[ac]);
4909 if ((error = iwm_disable_beacon_filter(sc)) != 0) {
4910 device_printf(sc->sc_dev, "failed to disable beacon filter\n");
4917 iwm_stop_device(sc);
4921 /* Allow multicast from our BSSID. */
4923 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
4925 struct ieee80211_node *ni = vap->iv_bss;
4926 struct iwm_mcast_filter_cmd *cmd;
4930 size = roundup(sizeof(*cmd), 4);
4931 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
4934 cmd->filter_own = 1;
4938 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
4940 error = iwm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
4941 IWM_CMD_SYNC, size, cmd);
4942 free(cmd, M_DEVBUF);
4952 iwm_init(struct iwm_softc *sc)
4956 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
4959 sc->sc_generation++;
4960 sc->sc_flags &= ~IWM_FLAG_STOPPED;
4962 if ((error = iwm_init_hw(sc)) != 0) {
4963 printf("iwm_init_hw failed %d\n", error);
4969 * Ok, firmware loaded and we are jogging
4971 sc->sc_flags |= IWM_FLAG_HW_INITED;
4975 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
4977 struct iwm_softc *sc;
4983 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
4987 error = mbufq_enqueue(&sc->sc_snd, m);
4998 * Dequeue packets from sendq and call send.
5001 iwm_start(struct iwm_softc *sc)
5003 struct ieee80211_node *ni;
5007 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
5008 while (sc->qfullmsk == 0 &&
5009 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
5010 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
5011 if (iwm_tx(sc, m, ni, ac) != 0) {
5012 if_inc_counter(ni->ni_vap->iv_ifp,
5013 IFCOUNTER_OERRORS, 1);
5014 ieee80211_free_node(ni);
5017 if (sc->sc_tx_timer == 0) {
5018 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog,
5021 sc->sc_tx_timer = 15;
5023 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
5027 iwm_stop(struct iwm_softc *sc)
5030 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
5031 sc->sc_flags |= IWM_FLAG_STOPPED;
5032 sc->sc_generation++;
5033 iwm_led_blink_stop(sc);
5034 sc->sc_tx_timer = 0;
5035 iwm_stop_device(sc);
5036 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5040 iwm_watchdog(void *arg)
5042 struct iwm_softc *sc = arg;
5043 struct ieee80211com *ic = &sc->sc_ic;
5045 if (sc->sc_attached == 0)
5048 if (sc->sc_tx_timer > 0) {
5049 if (--sc->sc_tx_timer == 0) {
5050 device_printf(sc->sc_dev, "device timeout\n");
5054 ieee80211_restart_all(ic);
5055 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
5058 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
5063 iwm_parent(struct ieee80211com *ic)
5065 struct iwm_softc *sc = ic->ic_softc;
5069 if (ic->ic_nrunning > 0) {
5070 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
5074 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
5078 ieee80211_start_all(ic);
5082 * The interrupt side of things
5086 * error dumping routines are from iwlwifi/mvm/utils.c
5090 * Note: This structure is read from the device with IO accesses,
5091 * and the reading already does the endian conversion. As it is
5092 * read with uint32_t-sized accesses, any members with a different size
5093 * need to be ordered correctly though!
5095 struct iwm_error_event_table {
5096 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5097 uint32_t error_id; /* type of error */
5098 uint32_t trm_hw_status0; /* TRM HW status */
5099 uint32_t trm_hw_status1; /* TRM HW status */
5100 uint32_t blink2; /* branch link */
5101 uint32_t ilink1; /* interrupt link */
5102 uint32_t ilink2; /* interrupt link */
5103 uint32_t data1; /* error-specific data */
5104 uint32_t data2; /* error-specific data */
5105 uint32_t data3; /* error-specific data */
5106 uint32_t bcon_time; /* beacon timer */
5107 uint32_t tsf_low; /* network timestamp function timer */
5108 uint32_t tsf_hi; /* network timestamp function timer */
5109 uint32_t gp1; /* GP1 timer register */
5110 uint32_t gp2; /* GP2 timer register */
5111 uint32_t fw_rev_type; /* firmware revision type */
5112 uint32_t major; /* uCode version major */
5113 uint32_t minor; /* uCode version minor */
5114 uint32_t hw_ver; /* HW Silicon version */
5115 uint32_t brd_ver; /* HW board version */
5116 uint32_t log_pc; /* log program counter */
5117 uint32_t frame_ptr; /* frame pointer */
5118 uint32_t stack_ptr; /* stack pointer */
5119 uint32_t hcmd; /* last host command header */
5120 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
5122 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
5124 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
5126 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
5128 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
5130 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */
5131 uint32_t wait_event; /* wait event() caller address */
5132 uint32_t l2p_control; /* L2pControlField */
5133 uint32_t l2p_duration; /* L2pDurationField */
5134 uint32_t l2p_mhvalid; /* L2pMhValidBits */
5135 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
5136 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
5138 uint32_t u_timestamp; /* indicate when the date and time of the
5140 uint32_t flow_handler; /* FH read/write pointers, RX credit */
5141 } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */;
5144 * UMAC error struct - relevant starting from family 8000 chip.
5145 * Note: This structure is read from the device with IO accesses,
5146 * and the reading already does the endian conversion. As it is
5147 * read with u32-sized accesses, any members with a different size
5148 * need to be ordered correctly though!
5150 struct iwm_umac_error_event_table {
5151 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5152 uint32_t error_id; /* type of error */
5153 uint32_t blink1; /* branch link */
5154 uint32_t blink2; /* branch link */
5155 uint32_t ilink1; /* interrupt link */
5156 uint32_t ilink2; /* interrupt link */
5157 uint32_t data1; /* error-specific data */
5158 uint32_t data2; /* error-specific data */
5159 uint32_t data3; /* error-specific data */
5160 uint32_t umac_major;
5161 uint32_t umac_minor;
5162 uint32_t frame_pointer; /* core register 27*/
5163 uint32_t stack_pointer; /* core register 28 */
5164 uint32_t cmd_header; /* latest host cmd sent to UMAC */
5165 uint32_t nic_isr_pref; /* ISR status register */
5168 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
5169 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
5175 } advanced_lookup[] = {
5176 { "NMI_INTERRUPT_WDG", 0x34 },
5177 { "SYSASSERT", 0x35 },
5178 { "UCODE_VERSION_MISMATCH", 0x37 },
5179 { "BAD_COMMAND", 0x38 },
5180 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
5181 { "FATAL_ERROR", 0x3D },
5182 { "NMI_TRM_HW_ERR", 0x46 },
5183 { "NMI_INTERRUPT_TRM", 0x4C },
5184 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
5185 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
5186 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
5187 { "NMI_INTERRUPT_HOST", 0x66 },
5188 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
5189 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
5190 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
5191 { "ADVANCED_SYSASSERT", 0 },
5195 iwm_desc_lookup(uint32_t num)
5199 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
5200 if (advanced_lookup[i].num == num)
5201 return advanced_lookup[i].name;
5203 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
5204 return advanced_lookup[i].name;
5208 iwm_nic_umac_error(struct iwm_softc *sc)
5210 struct iwm_umac_error_event_table table;
5213 base = sc->umac_error_event_table;
5215 if (base < 0x800000) {
5216 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n",
5221 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5222 device_printf(sc->sc_dev, "reading errlog failed\n");
5226 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5227 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n");
5228 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5229 sc->sc_flags, table.valid);
5232 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id,
5233 iwm_desc_lookup(table.error_id));
5234 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1);
5235 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2);
5236 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n",
5238 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n",
5240 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1);
5241 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2);
5242 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3);
5243 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major);
5244 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor);
5245 device_printf(sc->sc_dev, "0x%08X | frame pointer\n",
5246 table.frame_pointer);
5247 device_printf(sc->sc_dev, "0x%08X | stack pointer\n",
5248 table.stack_pointer);
5249 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header);
5250 device_printf(sc->sc_dev, "0x%08X | isr status reg\n",
5251 table.nic_isr_pref);
5255 * Support for dumping the error log seemed like a good idea ...
5256 * but it's mostly hex junk and the only sensible thing is the
5257 * hw/ucode revision (which we know anyway). Since it's here,
5258 * I'll just leave it in, just in case e.g. the Intel guys want to
5259 * help us decipher some "ADVANCED_SYSASSERT" later.
5262 iwm_nic_error(struct iwm_softc *sc)
5264 struct iwm_error_event_table table;
5267 device_printf(sc->sc_dev, "dumping device error log\n");
5268 base = sc->error_event_table[0];
5269 if (base < 0x800000) {
5270 device_printf(sc->sc_dev,
5271 "Invalid error log pointer 0x%08x\n", base);
5275 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5276 device_printf(sc->sc_dev, "reading errlog failed\n");
5281 device_printf(sc->sc_dev, "errlog not found, skipping\n");
5285 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5286 device_printf(sc->sc_dev, "Start Error Log Dump:\n");
5287 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5288 sc->sc_flags, table.valid);
5291 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
5292 iwm_desc_lookup(table.error_id));
5293 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n",
5294 table.trm_hw_status0);
5295 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n",
5296 table.trm_hw_status1);
5297 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
5298 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
5299 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
5300 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
5301 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
5302 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
5303 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
5304 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
5305 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
5306 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
5307 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
5308 device_printf(sc->sc_dev, "%08X | uCode revision type\n",
5310 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major);
5311 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor);
5312 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
5313 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
5314 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
5315 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
5316 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
5317 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
5318 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
5319 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
5320 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id);
5321 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
5322 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
5323 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
5324 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
5325 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
5326 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
5327 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
5328 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
5330 if (sc->umac_error_event_table)
5331 iwm_nic_umac_error(sc);
5336 iwm_handle_rxb(struct iwm_softc *sc, struct mbuf *m)
5338 struct ieee80211com *ic = &sc->sc_ic;
5339 struct iwm_cmd_response *cresp;
5341 uint32_t offset = 0;
5342 uint32_t maxoff = IWM_RBUF_SIZE;
5344 boolean_t stolen = FALSE;
5346 #define HAVEROOM(a) \
5347 ((a) + sizeof(uint32_t) + sizeof(struct iwm_cmd_header) < maxoff)
5349 while (HAVEROOM(offset)) {
5350 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *,
5352 int qid, idx, code, len;
5357 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code);
5360 * randomly get these from the firmware, no idea why.
5361 * they at least seem harmless, so just ignore them for now
5363 if ((pkt->hdr.code == 0 && (qid & ~0x80) == 0 && idx == 0) ||
5364 pkt->len_n_flags == htole32(IWM_FH_RSCSR_FRAME_INVALID)) {
5368 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5369 "rx packet qid=%d idx=%d type=%x\n",
5370 qid & ~0x80, pkt->hdr.idx, code);
5372 len = iwm_rx_packet_len(pkt);
5373 len += sizeof(uint32_t); /* account for status word */
5374 nextoff = offset + roundup2(len, IWM_FH_RSCSR_FRAME_ALIGN);
5376 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt);
5379 case IWM_REPLY_RX_PHY_CMD:
5380 iwm_rx_rx_phy_cmd(sc, pkt);
5383 case IWM_REPLY_RX_MPDU_CMD: {
5385 * If this is the last frame in the RX buffer, we
5386 * can directly feed the mbuf to the sharks here.
5388 struct iwm_rx_packet *nextpkt = mtodoff(m,
5389 struct iwm_rx_packet *, nextoff);
5390 if (!HAVEROOM(nextoff) ||
5391 (nextpkt->hdr.code == 0 &&
5392 (nextpkt->hdr.qid & ~0x80) == 0 &&
5393 nextpkt->hdr.idx == 0) ||
5394 (nextpkt->len_n_flags ==
5395 htole32(IWM_FH_RSCSR_FRAME_INVALID))) {
5396 if (iwm_rx_mpdu(sc, m, offset, stolen)) {
5398 /* Make sure we abort the loop */
5405 * Use m_copym instead of m_split, because that
5406 * makes it easier to keep a valid rx buffer in
5407 * the ring, when iwm_rx_mpdu() fails.
5409 * We need to start m_copym() at offset 0, to get the
5410 * M_PKTHDR flag preserved.
5412 m1 = m_copym(m, 0, M_COPYALL, M_NOWAIT);
5414 if (iwm_rx_mpdu(sc, m1, offset, stolen))
5423 iwm_rx_tx_cmd(sc, pkt);
5426 case IWM_MISSED_BEACONS_NOTIFICATION: {
5427 struct iwm_missed_beacons_notif *resp;
5430 /* XXX look at mac_id to determine interface ID */
5431 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5433 resp = (void *)pkt->data;
5434 missed = le32toh(resp->consec_missed_beacons);
5436 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
5437 "%s: MISSED_BEACON: mac_id=%d, "
5438 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
5441 le32toh(resp->mac_id),
5442 le32toh(resp->consec_missed_beacons_since_last_rx),
5443 le32toh(resp->consec_missed_beacons),
5444 le32toh(resp->num_expected_beacons),
5445 le32toh(resp->num_recvd_beacons));
5451 /* XXX no net80211 locking? */
5452 if (vap->iv_state == IEEE80211_S_RUN &&
5453 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
5454 if (missed > vap->iv_bmissthreshold) {
5455 /* XXX bad locking; turn into task */
5457 ieee80211_beacon_miss(ic);
5465 case IWM_MFUART_LOAD_NOTIFICATION:
5471 case IWM_CALIB_RES_NOTIF_PHY_DB:
5474 case IWM_STATISTICS_NOTIFICATION:
5475 iwm_handle_rx_statistics(sc, pkt);
5478 case IWM_NVM_ACCESS_CMD:
5479 case IWM_MCC_UPDATE_CMD:
5480 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) {
5481 memcpy(sc->sc_cmd_resp,
5482 pkt, sizeof(sc->sc_cmd_resp));
5486 case IWM_MCC_CHUB_UPDATE_CMD: {
5487 struct iwm_mcc_chub_notif *notif;
5488 notif = (void *)pkt->data;
5490 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8;
5491 sc->sc_fw_mcc[1] = notif->mcc & 0xff;
5492 sc->sc_fw_mcc[2] = '\0';
5493 IWM_DPRINTF(sc, IWM_DEBUG_LAR,
5494 "fw source %d sent CC '%s'\n",
5495 notif->source_id, sc->sc_fw_mcc);
5499 case IWM_DTS_MEASUREMENT_NOTIFICATION:
5500 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP,
5501 IWM_DTS_MEASUREMENT_NOTIF_WIDE): {
5502 struct iwm_dts_measurement_notif_v1 *notif;
5504 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) {
5505 device_printf(sc->sc_dev,
5506 "Invalid DTS_MEASUREMENT_NOTIFICATION\n");
5509 notif = (void *)pkt->data;
5510 IWM_DPRINTF(sc, IWM_DEBUG_TEMP,
5511 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n",
5516 case IWM_PHY_CONFIGURATION_CMD:
5517 case IWM_TX_ANT_CONFIGURATION_CMD:
5519 case IWM_MAC_CONTEXT_CMD:
5520 case IWM_REPLY_SF_CFG_CMD:
5521 case IWM_POWER_TABLE_CMD:
5522 case IWM_LTR_CONFIG:
5523 case IWM_PHY_CONTEXT_CMD:
5524 case IWM_BINDING_CONTEXT_CMD:
5525 case IWM_TIME_EVENT_CMD:
5526 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD):
5527 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC):
5528 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_ABORT_UMAC):
5529 case IWM_SCAN_OFFLOAD_REQUEST_CMD:
5530 case IWM_SCAN_OFFLOAD_ABORT_CMD:
5531 case IWM_REPLY_BEACON_FILTERING_CMD:
5532 case IWM_MAC_PM_POWER_TABLE:
5533 case IWM_TIME_QUOTA_CMD:
5534 case IWM_REMOVE_STA:
5535 case IWM_TXPATH_FLUSH:
5537 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP,
5538 IWM_FW_PAGING_BLOCK_CMD):
5540 case IWM_REPLY_THERMAL_MNG_BACKOFF:
5541 cresp = (void *)pkt->data;
5542 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) {
5543 memcpy(sc->sc_cmd_resp,
5544 pkt, sizeof(*pkt)+sizeof(*cresp));
5549 case IWM_PHY_DB_CMD:
5552 case IWM_INIT_COMPLETE_NOTIF:
5555 case IWM_SCAN_OFFLOAD_COMPLETE:
5556 iwm_rx_lmac_scan_complete_notif(sc, pkt);
5557 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5558 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5559 ieee80211_runtask(ic, &sc->sc_es_task);
5563 case IWM_SCAN_ITERATION_COMPLETE: {
5564 struct iwm_lmac_scan_complete_notif *notif;
5565 notif = (void *)pkt->data;
5569 case IWM_SCAN_COMPLETE_UMAC:
5570 iwm_rx_umac_scan_complete_notif(sc, pkt);
5571 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5572 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5573 ieee80211_runtask(ic, &sc->sc_es_task);
5577 case IWM_SCAN_ITERATION_COMPLETE_UMAC: {
5578 struct iwm_umac_scan_iter_complete_notif *notif;
5579 notif = (void *)pkt->data;
5581 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration "
5582 "complete, status=0x%x, %d channels scanned\n",
5583 notif->status, notif->scanned_channels);
5587 case IWM_REPLY_ERROR: {
5588 struct iwm_error_resp *resp;
5589 resp = (void *)pkt->data;
5591 device_printf(sc->sc_dev,
5592 "firmware error 0x%x, cmd 0x%x\n",
5593 le32toh(resp->error_type),
5598 case IWM_TIME_EVENT_NOTIFICATION:
5599 iwm_rx_time_event_notif(sc, pkt);
5603 * Firmware versions 21 and 22 generate some DEBUG_LOG_MSG
5604 * messages. Just ignore them for now.
5606 case IWM_DEBUG_LOG_MSG:
5609 case IWM_MCAST_FILTER_CMD:
5612 case IWM_SCD_QUEUE_CFG: {
5613 struct iwm_scd_txq_cfg_rsp *rsp;
5614 rsp = (void *)pkt->data;
5616 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
5617 "queue cfg token=0x%x sta_id=%d "
5618 "tid=%d scd_queue=%d\n",
5619 rsp->token, rsp->sta_id, rsp->tid,
5625 device_printf(sc->sc_dev,
5626 "frame %d/%d %x UNHANDLED (this should "
5627 "not happen)\n", qid & ~0x80, idx,
5633 * Why test bit 0x80? The Linux driver:
5635 * There is one exception: uCode sets bit 15 when it
5636 * originates the response/notification, i.e. when the
5637 * response/notification is not a direct response to a
5638 * command sent by the driver. For example, uCode issues
5639 * IWM_REPLY_RX when it sends a received frame to the driver;
5640 * it is not a direct response to any driver command.
5642 * Ok, so since when is 7 == 15? Well, the Linux driver
5643 * uses a slightly different format for pkt->hdr, and "qid"
5644 * is actually the upper byte of a two-byte field.
5646 if (!(qid & (1 << 7)))
5647 iwm_cmd_done(sc, pkt);
5657 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
5658 * Basic structure from if_iwn
5661 iwm_notif_intr(struct iwm_softc *sc)
5667 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
5668 BUS_DMASYNC_POSTREAD);
5670 if (sc->cfg->mqrx_supported) {
5671 count = IWM_RX_MQ_RING_COUNT;
5672 wreg = IWM_RFH_Q0_FRBDCB_WIDX_TRG;
5674 count = IWM_RX_LEGACY_RING_COUNT;
5675 wreg = IWM_FH_RSCSR_CHNL0_WPTR;
5678 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
5683 while (sc->rxq.cur != hw) {
5684 struct iwm_rx_ring *ring = &sc->rxq;
5685 struct iwm_rx_data *data = &ring->data[ring->cur];
5687 bus_dmamap_sync(ring->data_dmat, data->map,
5688 BUS_DMASYNC_POSTREAD);
5690 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5691 "%s: hw = %d cur = %d\n", __func__, hw, ring->cur);
5692 iwm_handle_rxb(sc, data->m);
5694 ring->cur = (ring->cur + 1) % count;
5698 * Tell the firmware that it can reuse the ring entries that
5699 * we have just processed.
5700 * Seems like the hardware gets upset unless we align
5703 hw = (hw == 0) ? count - 1 : hw - 1;
5704 IWM_WRITE(sc, wreg, rounddown2(hw, 8));
5710 struct iwm_softc *sc = arg;
5716 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
5718 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
5719 uint32_t *ict = sc->ict_dma.vaddr;
5722 tmp = htole32(ict[sc->ict_cur]);
5727 * ok, there was something. keep plowing until we have all.
5732 ict[sc->ict_cur] = 0;
5733 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
5734 tmp = htole32(ict[sc->ict_cur]);
5737 /* this is where the fun begins. don't ask */
5738 if (r1 == 0xffffffff)
5741 /* i am not expected to understand this */
5744 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
5746 r1 = IWM_READ(sc, IWM_CSR_INT);
5747 /* "hardware gone" (where, fishing?) */
5748 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
5750 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
5752 if (r1 == 0 && r2 == 0) {
5756 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
5758 /* Safely ignore these bits for debug checks below */
5759 r1 &= ~(IWM_CSR_INT_BIT_ALIVE | IWM_CSR_INT_BIT_SCD);
5761 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
5763 struct ieee80211com *ic = &sc->sc_ic;
5764 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5769 /* Dump driver status (TX and RX rings) while we're here. */
5770 device_printf(sc->sc_dev, "driver status:\n");
5771 for (i = 0; i < IWM_MAX_QUEUES; i++) {
5772 struct iwm_tx_ring *ring = &sc->txq[i];
5773 device_printf(sc->sc_dev,
5774 " tx ring %2d: qid=%-2d cur=%-3d "
5776 i, ring->qid, ring->cur, ring->queued);
5778 device_printf(sc->sc_dev,
5779 " rx ring: cur=%d\n", sc->rxq.cur);
5780 device_printf(sc->sc_dev,
5781 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state);
5783 /* Reset our firmware state tracking. */
5784 sc->sc_firmware_state = 0;
5785 /* Don't stop the device; just do a VAP restart */
5789 printf("%s: null vap\n", __func__);
5793 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; "
5794 "restarting\n", __func__, vap->iv_state);
5796 ieee80211_restart_all(ic);
5800 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
5801 handled |= IWM_CSR_INT_BIT_HW_ERR;
5802 device_printf(sc->sc_dev, "hardware error, stopping device\n");
5808 /* firmware chunk loaded */
5809 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
5810 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
5811 handled |= IWM_CSR_INT_BIT_FH_TX;
5812 sc->sc_fw_chunk_done = 1;
5816 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
5817 handled |= IWM_CSR_INT_BIT_RF_KILL;
5818 if (iwm_check_rfkill(sc)) {
5819 device_printf(sc->sc_dev,
5820 "%s: rfkill switch, disabling interface\n",
5827 * The Linux driver uses periodic interrupts to avoid races.
5828 * We cargo-cult like it's going out of fashion.
5830 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
5831 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
5832 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
5833 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
5835 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
5839 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
5840 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
5841 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
5845 /* enable periodic interrupt, see above */
5846 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
5847 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
5848 IWM_CSR_INT_PERIODIC_ENA);
5851 if (__predict_false(r1 & ~handled))
5852 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5853 "%s: unhandled interrupts: %x\n", __func__, r1);
5857 iwm_restore_interrupts(sc);
5864 * Autoconf glue-sniffing
5866 #define PCI_VENDOR_INTEL 0x8086
5867 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
5868 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
5869 #define PCI_PRODUCT_INTEL_WL_3165_1 0x3165
5870 #define PCI_PRODUCT_INTEL_WL_3165_2 0x3166
5871 #define PCI_PRODUCT_INTEL_WL_3168_1 0x24fb
5872 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
5873 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
5874 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
5875 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
5876 #define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3
5877 #define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4
5878 #define PCI_PRODUCT_INTEL_WL_8265_1 0x24fd
5879 #define PCI_PRODUCT_INTEL_WL_9560_1 0x9df0
5880 #define PCI_PRODUCT_INTEL_WL_9560_2 0xa370
5881 #define PCI_PRODUCT_INTEL_WL_9260_1 0x2526
5883 static const struct iwm_devices {
5885 const struct iwm_cfg *cfg;
5887 { PCI_PRODUCT_INTEL_WL_3160_1, &iwm3160_cfg },
5888 { PCI_PRODUCT_INTEL_WL_3160_2, &iwm3160_cfg },
5889 { PCI_PRODUCT_INTEL_WL_3165_1, &iwm3165_cfg },
5890 { PCI_PRODUCT_INTEL_WL_3165_2, &iwm3165_cfg },
5891 { PCI_PRODUCT_INTEL_WL_3168_1, &iwm3168_cfg },
5892 { PCI_PRODUCT_INTEL_WL_7260_1, &iwm7260_cfg },
5893 { PCI_PRODUCT_INTEL_WL_7260_2, &iwm7260_cfg },
5894 { PCI_PRODUCT_INTEL_WL_7265_1, &iwm7265_cfg },
5895 { PCI_PRODUCT_INTEL_WL_7265_2, &iwm7265_cfg },
5896 { PCI_PRODUCT_INTEL_WL_8260_1, &iwm8260_cfg },
5897 { PCI_PRODUCT_INTEL_WL_8260_2, &iwm8260_cfg },
5898 { PCI_PRODUCT_INTEL_WL_8265_1, &iwm8265_cfg },
5899 { PCI_PRODUCT_INTEL_WL_9560_1, &iwm9560_cfg },
5900 { PCI_PRODUCT_INTEL_WL_9560_2, &iwm9560_cfg },
5901 { PCI_PRODUCT_INTEL_WL_9260_1, &iwm9260_cfg },
5905 iwm_probe(device_t dev)
5909 for (i = 0; i < nitems(iwm_devices); i++) {
5910 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
5911 pci_get_device(dev) == iwm_devices[i].device) {
5912 device_set_desc(dev, iwm_devices[i].cfg->name);
5913 return (BUS_PROBE_DEFAULT);
5921 iwm_dev_check(device_t dev)
5923 struct iwm_softc *sc;
5927 sc = device_get_softc(dev);
5929 devid = pci_get_device(dev);
5930 for (i = 0; i < nitems(iwm_devices); i++) {
5931 if (iwm_devices[i].device == devid) {
5932 sc->cfg = iwm_devices[i].cfg;
5936 device_printf(dev, "unknown adapter type\n");
5941 #define PCI_CFG_RETRY_TIMEOUT 0x041
5944 iwm_pci_attach(device_t dev)
5946 struct iwm_softc *sc;
5947 int count, error, rid;
5950 sc = device_get_softc(dev);
5952 /* We disable the RETRY_TIMEOUT register (0x41) to keep
5953 * PCI Tx retries from interfering with C3 CPU state */
5954 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
5956 /* Enable bus-mastering and hardware bug workaround. */
5957 pci_enable_busmaster(dev);
5958 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
5960 if (reg & PCIM_STATUS_INTxSTATE) {
5961 reg &= ~PCIM_STATUS_INTxSTATE;
5963 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
5966 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
5968 if (sc->sc_mem == NULL) {
5969 device_printf(sc->sc_dev, "can't map mem space\n");
5972 sc->sc_st = rman_get_bustag(sc->sc_mem);
5973 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
5975 /* Install interrupt handler. */
5978 if (pci_alloc_msi(dev, &count) == 0)
5980 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
5981 (rid != 0 ? 0 : RF_SHAREABLE));
5982 if (sc->sc_irq == NULL) {
5983 device_printf(dev, "can't map interrupt\n");
5986 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
5987 NULL, iwm_intr, sc, &sc->sc_ih);
5988 if (sc->sc_ih == NULL) {
5989 device_printf(dev, "can't establish interrupt");
5992 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
5998 iwm_pci_detach(device_t dev)
6000 struct iwm_softc *sc = device_get_softc(dev);
6002 if (sc->sc_irq != NULL) {
6003 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
6004 bus_release_resource(dev, SYS_RES_IRQ,
6005 rman_get_rid(sc->sc_irq), sc->sc_irq);
6006 pci_release_msi(dev);
6008 if (sc->sc_mem != NULL)
6009 bus_release_resource(dev, SYS_RES_MEMORY,
6010 rman_get_rid(sc->sc_mem), sc->sc_mem);
6014 iwm_attach(device_t dev)
6016 struct iwm_softc *sc = device_get_softc(dev);
6017 struct ieee80211com *ic = &sc->sc_ic;
6022 sc->sc_attached = 1;
6024 mbufq_init(&sc->sc_snd, ifqmaxlen);
6025 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
6026 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0);
6027 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
6029 error = iwm_dev_check(dev);
6033 sc->sc_notif_wait = iwm_notification_wait_init(sc);
6034 if (sc->sc_notif_wait == NULL) {
6035 device_printf(dev, "failed to init notification wait struct\n");
6039 sc->sf_state = IWM_SF_UNINIT;
6042 sc->sc_phy_db = iwm_phy_db_init(sc);
6043 if (!sc->sc_phy_db) {
6044 device_printf(dev, "Cannot init phy_db\n");
6048 /* Set EBS as successful as long as not stated otherwise by the FW. */
6049 sc->last_ebs_successful = TRUE;
6052 error = iwm_pci_attach(dev);
6056 sc->sc_wantresp = -1;
6058 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
6060 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have
6061 * changed, and now the revision step also includes bit 0-1 (no more
6062 * "dash" value). To keep hw_rev backwards compatible - we'll store it
6063 * in the old format.
6065 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) {
6069 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) |
6070 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2);
6072 if (iwm_prepare_card_hw(sc) != 0) {
6073 device_printf(dev, "could not initialize hardware\n");
6078 * In order to recognize C step the driver should read the
6079 * chip version id located at the AUX bus MISC address.
6081 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
6082 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
6085 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
6086 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6087 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6090 device_printf(sc->sc_dev,
6091 "Failed to wake up the nic\n");
6095 if (iwm_nic_lock(sc)) {
6096 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG);
6097 hw_step |= IWM_ENABLE_WFPM;
6098 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step);
6099 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG);
6100 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF;
6102 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) |
6103 (IWM_SILICON_C_STEP << 2);
6106 device_printf(sc->sc_dev, "Failed to lock the nic\n");
6111 /* special-case 7265D, it has the same PCI IDs. */
6112 if (sc->cfg == &iwm7265_cfg &&
6113 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) {
6114 sc->cfg = &iwm7265d_cfg;
6117 /* Allocate DMA memory for firmware transfers. */
6118 if ((error = iwm_alloc_fwmem(sc)) != 0) {
6119 device_printf(dev, "could not allocate memory for firmware\n");
6123 /* Allocate "Keep Warm" page. */
6124 if ((error = iwm_alloc_kw(sc)) != 0) {
6125 device_printf(dev, "could not allocate keep warm page\n");
6129 /* We use ICT interrupts */
6130 if ((error = iwm_alloc_ict(sc)) != 0) {
6131 device_printf(dev, "could not allocate ICT table\n");
6135 /* Allocate TX scheduler "rings". */
6136 if ((error = iwm_alloc_sched(sc)) != 0) {
6137 device_printf(dev, "could not allocate TX scheduler rings\n");
6141 /* Allocate TX rings */
6142 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
6143 if ((error = iwm_alloc_tx_ring(sc,
6144 &sc->txq[txq_i], txq_i)) != 0) {
6146 "could not allocate TX ring %d\n",
6152 /* Allocate RX ring. */
6153 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
6154 device_printf(dev, "could not allocate RX ring\n");
6158 /* Clear pending interrupts. */
6159 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
6162 ic->ic_name = device_get_nameunit(sc->sc_dev);
6163 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
6164 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
6166 /* Set device capabilities. */
6169 IEEE80211_C_WPA | /* WPA/RSN */
6172 IEEE80211_C_SHSLOT | /* short slot time supported */
6173 IEEE80211_C_SHPREAMBLE /* short preamble supported */
6174 // IEEE80211_C_BGSCAN /* capable of bg scanning */
6176 /* Advertise full-offload scanning */
6177 ic->ic_flags_ext = IEEE80211_FEXT_SCAN_OFFLOAD;
6178 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
6179 sc->sc_phyctxt[i].id = i;
6180 sc->sc_phyctxt[i].color = 0;
6181 sc->sc_phyctxt[i].ref = 0;
6182 sc->sc_phyctxt[i].channel = NULL;
6185 /* Default noise floor */
6189 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
6192 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
6193 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
6194 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
6197 error = iwm_read_firmware(sc);
6200 } else if (sc->sc_fw.fw_fp == NULL) {
6202 * XXX Add a solution for properly deferring firmware load
6207 sc->sc_preinit_hook.ich_func = iwm_preinit;
6208 sc->sc_preinit_hook.ich_arg = sc;
6209 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
6211 "config_intrhook_establish failed\n");
6216 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6217 "<-%s\n", __func__);
6221 /* Free allocated memory if something failed during attachment. */
6223 iwm_detach_local(sc, 0);
6229 iwm_is_valid_ether_addr(uint8_t *addr)
6231 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 };
6233 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr))
6240 iwm_wme_update(struct ieee80211com *ic)
6242 #define IWM_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */
6243 struct iwm_softc *sc = ic->ic_softc;
6244 struct chanAccParams chp;
6245 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6246 struct iwm_vap *ivp = IWM_VAP(vap);
6247 struct iwm_node *in;
6248 struct wmeParams tmp[WME_NUM_AC];
6254 ieee80211_wme_ic_getparams(ic, &chp);
6257 for (aci = 0; aci < WME_NUM_AC; aci++)
6258 tmp[aci] = chp.cap_wmeParams[aci];
6259 IEEE80211_UNLOCK(ic);
6262 for (aci = 0; aci < WME_NUM_AC; aci++) {
6263 const struct wmeParams *ac = &tmp[aci];
6264 ivp->queue_params[aci].aifsn = ac->wmep_aifsn;
6265 ivp->queue_params[aci].cw_min = IWM_EXP2(ac->wmep_logcwmin);
6266 ivp->queue_params[aci].cw_max = IWM_EXP2(ac->wmep_logcwmax);
6267 ivp->queue_params[aci].edca_txop =
6268 IEEE80211_TXOP_TO_US(ac->wmep_txopLimit);
6270 ivp->have_wme = TRUE;
6271 if (ivp->is_uploaded && vap->iv_bss != NULL) {
6272 in = IWM_NODE(vap->iv_bss);
6274 if ((error = iwm_mac_ctxt_changed(sc, vap)) != 0) {
6275 device_printf(sc->sc_dev,
6276 "%s: failed to update MAC\n", __func__);
6287 iwm_preinit(void *arg)
6289 struct iwm_softc *sc = arg;
6290 device_t dev = sc->sc_dev;
6291 struct ieee80211com *ic = &sc->sc_ic;
6294 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6295 "->%s\n", __func__);
6298 if ((error = iwm_start_hw(sc)) != 0) {
6299 device_printf(dev, "could not initialize hardware\n");
6304 error = iwm_run_init_ucode(sc, 1);
6305 iwm_stop_device(sc);
6311 "hw rev 0x%x, fw ver %s, address %s\n",
6312 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
6313 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr));
6315 /* not all hardware can do 5GHz band */
6316 if (!sc->nvm_data->sku_cap_band_52GHz_enable)
6317 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
6318 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
6321 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
6325 * At this point we've committed - if we fail to do setup,
6326 * we now also have to tear down the net80211 state.
6328 ieee80211_ifattach(ic);
6329 ic->ic_vap_create = iwm_vap_create;
6330 ic->ic_vap_delete = iwm_vap_delete;
6331 ic->ic_raw_xmit = iwm_raw_xmit;
6332 ic->ic_node_alloc = iwm_node_alloc;
6333 ic->ic_scan_start = iwm_scan_start;
6334 ic->ic_scan_end = iwm_scan_end;
6335 ic->ic_update_mcast = iwm_update_mcast;
6336 ic->ic_getradiocaps = iwm_init_channel_map;
6337 ic->ic_set_channel = iwm_set_channel;
6338 ic->ic_scan_curchan = iwm_scan_curchan;
6339 ic->ic_scan_mindwell = iwm_scan_mindwell;
6340 ic->ic_wme.wme_update = iwm_wme_update;
6341 ic->ic_parent = iwm_parent;
6342 ic->ic_transmit = iwm_transmit;
6343 iwm_radiotap_attach(sc);
6345 ieee80211_announce(ic);
6347 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6348 "<-%s\n", __func__);
6349 config_intrhook_disestablish(&sc->sc_preinit_hook);
6353 config_intrhook_disestablish(&sc->sc_preinit_hook);
6354 iwm_detach_local(sc, 0);
6358 * Attach the interface to 802.11 radiotap.
6361 iwm_radiotap_attach(struct iwm_softc *sc)
6363 struct ieee80211com *ic = &sc->sc_ic;
6365 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6366 "->%s begin\n", __func__);
6367 ieee80211_radiotap_attach(ic,
6368 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
6369 IWM_TX_RADIOTAP_PRESENT,
6370 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
6371 IWM_RX_RADIOTAP_PRESENT);
6372 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6373 "->%s end\n", __func__);
6376 static struct ieee80211vap *
6377 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
6378 enum ieee80211_opmode opmode, int flags,
6379 const uint8_t bssid[IEEE80211_ADDR_LEN],
6380 const uint8_t mac[IEEE80211_ADDR_LEN])
6382 struct iwm_vap *ivp;
6383 struct ieee80211vap *vap;
6385 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
6387 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO);
6389 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
6390 vap->iv_bmissthreshold = 10; /* override default */
6391 /* Override with driver methods. */
6392 ivp->iv_newstate = vap->iv_newstate;
6393 vap->iv_newstate = iwm_newstate;
6395 ivp->id = IWM_DEFAULT_MACID;
6396 ivp->color = IWM_DEFAULT_COLOR;
6398 ivp->have_wme = FALSE;
6399 ivp->ps_disabled = FALSE;
6401 ieee80211_ratectl_init(vap);
6402 /* Complete setup. */
6403 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status,
6405 ic->ic_opmode = opmode;
6411 iwm_vap_delete(struct ieee80211vap *vap)
6413 struct iwm_vap *ivp = IWM_VAP(vap);
6415 ieee80211_ratectl_deinit(vap);
6416 ieee80211_vap_detach(vap);
6417 free(ivp, M_80211_VAP);
6421 iwm_xmit_queue_drain(struct iwm_softc *sc)
6424 struct ieee80211_node *ni;
6426 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
6427 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
6428 ieee80211_free_node(ni);
6434 iwm_scan_start(struct ieee80211com *ic)
6436 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6437 struct iwm_softc *sc = ic->ic_softc;
6441 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6442 /* This should not be possible */
6443 device_printf(sc->sc_dev,
6444 "%s: Previous scan not completed yet\n", __func__);
6446 if (iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_UMAC_SCAN))
6447 error = iwm_umac_scan(sc);
6449 error = iwm_lmac_scan(sc);
6451 device_printf(sc->sc_dev, "could not initiate scan\n");
6453 ieee80211_cancel_scan(vap);
6455 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING;
6456 iwm_led_blink_start(sc);
6462 iwm_scan_end(struct ieee80211com *ic)
6464 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6465 struct iwm_softc *sc = ic->ic_softc;
6468 iwm_led_blink_stop(sc);
6469 if (vap->iv_state == IEEE80211_S_RUN)
6471 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6473 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because
6474 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq
6477 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
6478 iwm_scan_stop_wait(sc);
6483 * Make sure we don't race, if sc_es_task is still enqueued here.
6484 * This is to make sure that it won't call ieee80211_scan_done
6485 * when we have already started the next scan.
6487 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL);
6491 iwm_update_mcast(struct ieee80211com *ic)
6496 iwm_set_channel(struct ieee80211com *ic)
6501 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
6506 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
6511 iwm_init_task(void *arg1)
6513 struct iwm_softc *sc = arg1;
6516 while (sc->sc_flags & IWM_FLAG_BUSY)
6517 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
6518 sc->sc_flags |= IWM_FLAG_BUSY;
6520 if (sc->sc_ic.ic_nrunning > 0)
6522 sc->sc_flags &= ~IWM_FLAG_BUSY;
6523 wakeup(&sc->sc_flags);
6528 iwm_resume(device_t dev)
6530 struct iwm_softc *sc = device_get_softc(dev);
6534 * We disable the RETRY_TIMEOUT register (0x41) to keep
6535 * PCI Tx retries from interfering with C3 CPU state.
6537 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
6539 if (!sc->sc_attached)
6542 iwm_init_task(device_get_softc(dev));
6545 if (sc->sc_flags & IWM_FLAG_SCANNING) {
6546 sc->sc_flags &= ~IWM_FLAG_SCANNING;
6552 ieee80211_resume_all(&sc->sc_ic);
6558 iwm_suspend(device_t dev)
6561 struct iwm_softc *sc = device_get_softc(dev);
6563 do_stop = !! (sc->sc_ic.ic_nrunning > 0);
6565 if (!sc->sc_attached)
6568 ieee80211_suspend_all(&sc->sc_ic);
6573 sc->sc_flags |= IWM_FLAG_SCANNING;
6581 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
6583 struct iwm_fw_info *fw = &sc->sc_fw;
6584 device_t dev = sc->sc_dev;
6587 if (!sc->sc_attached)
6589 sc->sc_attached = 0;
6591 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task);
6593 iwm_stop_device(sc);
6596 iwm_xmit_queue_drain(sc);
6598 ieee80211_ifdetach(&sc->sc_ic);
6600 callout_drain(&sc->sc_led_blink_to);
6601 callout_drain(&sc->sc_watchdog_to);
6603 iwm_phy_db_free(sc->sc_phy_db);
6604 sc->sc_phy_db = NULL;
6606 iwm_free_nvm_data(sc->nvm_data);
6608 /* Free descriptor rings */
6609 iwm_free_rx_ring(sc, &sc->rxq);
6610 for (i = 0; i < nitems(sc->txq); i++)
6611 iwm_free_tx_ring(sc, &sc->txq[i]);
6614 if (fw->fw_fp != NULL)
6615 iwm_fw_info_free(fw);
6617 /* Free scheduler */
6618 iwm_dma_contig_free(&sc->sched_dma);
6619 iwm_dma_contig_free(&sc->ict_dma);
6620 iwm_dma_contig_free(&sc->kw_dma);
6621 iwm_dma_contig_free(&sc->fw_dma);
6623 iwm_free_fw_paging(sc);
6625 /* Finished with the hardware - detach things */
6626 iwm_pci_detach(dev);
6628 if (sc->sc_notif_wait != NULL) {
6629 iwm_notification_wait_free(sc->sc_notif_wait);
6630 sc->sc_notif_wait = NULL;
6633 IWM_LOCK_DESTROY(sc);
6639 iwm_detach(device_t dev)
6641 struct iwm_softc *sc = device_get_softc(dev);
6643 return (iwm_detach_local(sc, 1));
6646 static device_method_t iwm_pci_methods[] = {
6647 /* Device interface */
6648 DEVMETHOD(device_probe, iwm_probe),
6649 DEVMETHOD(device_attach, iwm_attach),
6650 DEVMETHOD(device_detach, iwm_detach),
6651 DEVMETHOD(device_suspend, iwm_suspend),
6652 DEVMETHOD(device_resume, iwm_resume),
6657 static driver_t iwm_pci_driver = {
6660 sizeof (struct iwm_softc)
6663 static devclass_t iwm_devclass;
6665 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
6666 MODULE_PNP_INFO("U16:device;P:#;T:vendor=0x8086", pci, iwm_pci_driver,
6667 iwm_devices, nitems(iwm_devices));
6668 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
6669 MODULE_DEPEND(iwm, pci, 1, 1, 1);
6670 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
projects / FreeBSD / FreeBSD.git / blob