1 /* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
27 ***********************************************************************
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
105 #include <sys/cdefs.h>
106 __FBSDID("$FreeBSD$");
108 #include "opt_wlan.h"
110 #include <sys/param.h>
112 #include <sys/conf.h>
113 #include <sys/endian.h>
114 #include <sys/firmware.h>
115 #include <sys/kernel.h>
116 #include <sys/malloc.h>
117 #include <sys/mbuf.h>
118 #include <sys/mutex.h>
119 #include <sys/module.h>
120 #include <sys/proc.h>
121 #include <sys/rman.h>
122 #include <sys/socket.h>
123 #include <sys/sockio.h>
124 #include <sys/sysctl.h>
125 #include <sys/linker.h>
127 #include <machine/bus.h>
128 #include <machine/endian.h>
129 #include <machine/resource.h>
131 #include <dev/pci/pcivar.h>
132 #include <dev/pci/pcireg.h>
137 #include <net/if_var.h>
138 #include <net/if_arp.h>
139 #include <net/if_dl.h>
140 #include <net/if_media.h>
141 #include <net/if_types.h>
143 #include <netinet/in.h>
144 #include <netinet/in_systm.h>
145 #include <netinet/if_ether.h>
146 #include <netinet/ip.h>
148 #include <net80211/ieee80211_var.h>
149 #include <net80211/ieee80211_regdomain.h>
150 #include <net80211/ieee80211_ratectl.h>
151 #include <net80211/ieee80211_radiotap.h>
153 #include <dev/iwm/if_iwmreg.h>
154 #include <dev/iwm/if_iwmvar.h>
155 #include <dev/iwm/if_iwm_config.h>
156 #include <dev/iwm/if_iwm_debug.h>
157 #include <dev/iwm/if_iwm_notif_wait.h>
158 #include <dev/iwm/if_iwm_util.h>
159 #include <dev/iwm/if_iwm_binding.h>
160 #include <dev/iwm/if_iwm_phy_db.h>
161 #include <dev/iwm/if_iwm_mac_ctxt.h>
162 #include <dev/iwm/if_iwm_phy_ctxt.h>
163 #include <dev/iwm/if_iwm_time_event.h>
164 #include <dev/iwm/if_iwm_power.h>
165 #include <dev/iwm/if_iwm_scan.h>
166 #include <dev/iwm/if_iwm_sta.h>
168 #include <dev/iwm/if_iwm_pcie_trans.h>
169 #include <dev/iwm/if_iwm_led.h>
170 #include <dev/iwm/if_iwm_fw.h>
172 /* From DragonflyBSD */
173 #define mtodoff(m, t, off) ((t)((m)->m_data + (off)))
175 const uint8_t iwm_nvm_channels[] = {
177 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
179 36, 40, 44, 48, 52, 56, 60, 64,
180 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
181 149, 153, 157, 161, 165
183 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS,
184 "IWM_NUM_CHANNELS is too small");
186 const uint8_t iwm_nvm_channels_8000[] = {
188 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
190 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92,
191 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
192 149, 153, 157, 161, 165, 169, 173, 177, 181
194 _Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000,
195 "IWM_NUM_CHANNELS_8000 is too small");
197 #define IWM_NUM_2GHZ_CHANNELS 14
198 #define IWM_N_HW_ADDR_MASK 0xF
201 * XXX For now, there's simply a fixed set of rate table entries
202 * that are populated.
204 const struct iwm_rate {
208 { 2, IWM_RATE_1M_PLCP },
209 { 4, IWM_RATE_2M_PLCP },
210 { 11, IWM_RATE_5M_PLCP },
211 { 22, IWM_RATE_11M_PLCP },
212 { 12, IWM_RATE_6M_PLCP },
213 { 18, IWM_RATE_9M_PLCP },
214 { 24, IWM_RATE_12M_PLCP },
215 { 36, IWM_RATE_18M_PLCP },
216 { 48, IWM_RATE_24M_PLCP },
217 { 72, IWM_RATE_36M_PLCP },
218 { 96, IWM_RATE_48M_PLCP },
219 { 108, IWM_RATE_54M_PLCP },
221 #define IWM_RIDX_CCK 0
222 #define IWM_RIDX_OFDM 4
223 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
224 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
225 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
227 struct iwm_nvm_section {
232 #define IWM_MVM_UCODE_ALIVE_TIMEOUT hz
233 #define IWM_MVM_UCODE_CALIB_TIMEOUT (2*hz)
235 struct iwm_mvm_alive_data {
237 uint32_t scd_base_addr;
240 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
241 static int iwm_firmware_store_section(struct iwm_softc *,
243 const uint8_t *, size_t);
244 static int iwm_set_default_calib(struct iwm_softc *, const void *);
245 static void iwm_fw_info_free(struct iwm_fw_info *);
246 static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type);
247 static int iwm_alloc_fwmem(struct iwm_softc *);
248 static int iwm_alloc_sched(struct iwm_softc *);
249 static int iwm_alloc_kw(struct iwm_softc *);
250 static int iwm_alloc_ict(struct iwm_softc *);
251 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
252 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
253 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
254 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
256 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
257 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
258 static void iwm_enable_interrupts(struct iwm_softc *);
259 static void iwm_restore_interrupts(struct iwm_softc *);
260 static void iwm_disable_interrupts(struct iwm_softc *);
261 static void iwm_ict_reset(struct iwm_softc *);
262 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
263 static void iwm_stop_device(struct iwm_softc *);
264 static void iwm_mvm_nic_config(struct iwm_softc *);
265 static int iwm_nic_rx_init(struct iwm_softc *);
266 static int iwm_nic_tx_init(struct iwm_softc *);
267 static int iwm_nic_init(struct iwm_softc *);
268 static int iwm_trans_pcie_fw_alive(struct iwm_softc *, uint32_t);
269 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
270 uint16_t, uint8_t *, uint16_t *);
271 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
272 uint16_t *, uint32_t);
273 static uint32_t iwm_eeprom_channel_flags(uint16_t);
274 static void iwm_add_channel_band(struct iwm_softc *,
275 struct ieee80211_channel[], int, int *, int, size_t,
277 static void iwm_init_channel_map(struct ieee80211com *, int, int *,
278 struct ieee80211_channel[]);
279 static struct iwm_nvm_data *
280 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
281 const uint16_t *, const uint16_t *,
282 const uint16_t *, const uint16_t *,
284 static void iwm_free_nvm_data(struct iwm_nvm_data *);
285 static void iwm_set_hw_address_family_8000(struct iwm_softc *,
286 struct iwm_nvm_data *,
289 static int iwm_get_sku(const struct iwm_softc *, const uint16_t *,
291 static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *);
292 static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *,
294 static int iwm_get_n_hw_addrs(const struct iwm_softc *,
296 static void iwm_set_radio_cfg(const struct iwm_softc *,
297 struct iwm_nvm_data *, uint32_t);
298 static struct iwm_nvm_data *
299 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *);
300 static int iwm_nvm_init(struct iwm_softc *);
301 static int iwm_pcie_load_section(struct iwm_softc *, uint8_t,
302 const struct iwm_fw_desc *);
303 static int iwm_pcie_load_firmware_chunk(struct iwm_softc *, uint32_t,
304 bus_addr_t, uint32_t);
305 static int iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
306 const struct iwm_fw_sects *,
308 static int iwm_pcie_load_cpu_sections(struct iwm_softc *,
309 const struct iwm_fw_sects *,
311 static int iwm_pcie_load_given_ucode_8000(struct iwm_softc *,
312 const struct iwm_fw_sects *);
313 static int iwm_pcie_load_given_ucode(struct iwm_softc *,
314 const struct iwm_fw_sects *);
315 static int iwm_start_fw(struct iwm_softc *, const struct iwm_fw_sects *);
316 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
317 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
318 static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *,
319 enum iwm_ucode_type);
320 static int iwm_run_init_mvm_ucode(struct iwm_softc *, int);
321 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
322 static int iwm_mvm_get_signal_strength(struct iwm_softc *,
323 struct iwm_rx_phy_info *);
324 static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *,
325 struct iwm_rx_packet *);
326 static int iwm_get_noise(struct iwm_softc *sc,
327 const struct iwm_mvm_statistics_rx_non_phy *);
328 static boolean_t iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct mbuf *,
329 uint32_t, boolean_t);
330 static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *,
331 struct iwm_rx_packet *,
333 static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *);
334 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
336 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
339 static const struct iwm_rate *
340 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
341 struct mbuf *, struct iwm_tx_cmd *);
342 static int iwm_tx(struct iwm_softc *, struct mbuf *,
343 struct ieee80211_node *, int);
344 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
345 const struct ieee80211_bpf_params *);
346 static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_vap *);
347 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
348 static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *);
349 static int iwm_release(struct iwm_softc *, struct iwm_node *);
350 static struct ieee80211_node *
351 iwm_node_alloc(struct ieee80211vap *,
352 const uint8_t[IEEE80211_ADDR_LEN]);
353 static void iwm_setrates(struct iwm_softc *, struct iwm_node *);
354 static int iwm_media_change(struct ifnet *);
355 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
356 static void iwm_endscan_cb(void *, int);
357 static void iwm_mvm_fill_sf_command(struct iwm_softc *,
358 struct iwm_sf_cfg_cmd *,
359 struct ieee80211_node *);
360 static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state);
361 static int iwm_send_bt_init_conf(struct iwm_softc *);
362 static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *);
363 static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t);
364 static int iwm_init_hw(struct iwm_softc *);
365 static void iwm_init(struct iwm_softc *);
366 static void iwm_start(struct iwm_softc *);
367 static void iwm_stop(struct iwm_softc *);
368 static void iwm_watchdog(void *);
369 static void iwm_parent(struct ieee80211com *);
372 iwm_desc_lookup(uint32_t);
373 static void iwm_nic_error(struct iwm_softc *);
374 static void iwm_nic_umac_error(struct iwm_softc *);
376 static void iwm_handle_rxb(struct iwm_softc *, struct mbuf *);
377 static void iwm_notif_intr(struct iwm_softc *);
378 static void iwm_intr(void *);
379 static int iwm_attach(device_t);
380 static int iwm_is_valid_ether_addr(uint8_t *);
381 static void iwm_preinit(void *);
382 static int iwm_detach_local(struct iwm_softc *sc, int);
383 static void iwm_init_task(void *);
384 static void iwm_radiotap_attach(struct iwm_softc *);
385 static struct ieee80211vap *
386 iwm_vap_create(struct ieee80211com *,
387 const char [IFNAMSIZ], int,
388 enum ieee80211_opmode, int,
389 const uint8_t [IEEE80211_ADDR_LEN],
390 const uint8_t [IEEE80211_ADDR_LEN]);
391 static void iwm_vap_delete(struct ieee80211vap *);
392 static void iwm_scan_start(struct ieee80211com *);
393 static void iwm_scan_end(struct ieee80211com *);
394 static void iwm_update_mcast(struct ieee80211com *);
395 static void iwm_set_channel(struct ieee80211com *);
396 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
397 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
398 static int iwm_detach(device_t);
405 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
407 const struct iwm_fw_cscheme_list *l = (const void *)data;
409 if (dlen < sizeof(*l) ||
410 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
413 /* we don't actually store anything for now, always use s/w crypto */
419 iwm_firmware_store_section(struct iwm_softc *sc,
420 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
422 struct iwm_fw_sects *fws;
423 struct iwm_fw_desc *fwone;
425 if (type >= IWM_UCODE_TYPE_MAX)
427 if (dlen < sizeof(uint32_t))
430 fws = &sc->sc_fw.fw_sects[type];
431 if (fws->fw_count >= IWM_UCODE_SECTION_MAX)
434 fwone = &fws->fw_sect[fws->fw_count];
436 /* first 32bit are device load offset */
437 memcpy(&fwone->offset, data, sizeof(uint32_t));
440 fwone->data = data + sizeof(uint32_t);
441 fwone->len = dlen - sizeof(uint32_t);
448 #define IWM_DEFAULT_SCAN_CHANNELS 40
450 /* iwlwifi: iwl-drv.c */
451 struct iwm_tlv_calib_data {
453 struct iwm_tlv_calib_ctrl calib;
457 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
459 const struct iwm_tlv_calib_data *def_calib = data;
460 uint32_t ucode_type = le32toh(def_calib->ucode_type);
462 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
463 device_printf(sc->sc_dev,
464 "Wrong ucode_type %u for default "
465 "calibration.\n", ucode_type);
469 sc->sc_default_calib[ucode_type].flow_trigger =
470 def_calib->calib.flow_trigger;
471 sc->sc_default_calib[ucode_type].event_trigger =
472 def_calib->calib.event_trigger;
478 iwm_set_ucode_api_flags(struct iwm_softc *sc, const uint8_t *data,
479 struct iwm_ucode_capabilities *capa)
481 const struct iwm_ucode_api *ucode_api = (const void *)data;
482 uint32_t api_index = le32toh(ucode_api->api_index);
483 uint32_t api_flags = le32toh(ucode_api->api_flags);
486 if (api_index >= howmany(IWM_NUM_UCODE_TLV_API, 32)) {
487 device_printf(sc->sc_dev,
488 "api flags index %d larger than supported by driver\n",
490 /* don't return an error so we can load FW that has more bits */
494 for (i = 0; i < 32; i++) {
495 if (api_flags & (1U << i))
496 setbit(capa->enabled_api, i + 32 * api_index);
503 iwm_set_ucode_capabilities(struct iwm_softc *sc, const uint8_t *data,
504 struct iwm_ucode_capabilities *capa)
506 const struct iwm_ucode_capa *ucode_capa = (const void *)data;
507 uint32_t api_index = le32toh(ucode_capa->api_index);
508 uint32_t api_flags = le32toh(ucode_capa->api_capa);
511 if (api_index >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) {
512 device_printf(sc->sc_dev,
513 "capa flags index %d larger than supported by driver\n",
515 /* don't return an error so we can load FW that has more bits */
519 for (i = 0; i < 32; i++) {
520 if (api_flags & (1U << i))
521 setbit(capa->enabled_capa, i + 32 * api_index);
528 iwm_fw_info_free(struct iwm_fw_info *fw)
530 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD);
532 /* don't touch fw->fw_status */
533 memset(fw->fw_sects, 0, sizeof(fw->fw_sects));
537 iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
539 struct iwm_fw_info *fw = &sc->sc_fw;
540 const struct iwm_tlv_ucode_header *uhdr;
541 const struct iwm_ucode_tlv *tlv;
542 struct iwm_ucode_capabilities *capa = &sc->ucode_capa;
543 enum iwm_ucode_tlv_type tlv_type;
544 const struct firmware *fwp;
547 uint32_t usniffer_img;
548 const uint8_t *tlv_data;
549 uint32_t paging_mem_size;
554 if (fw->fw_status == IWM_FW_STATUS_DONE &&
555 ucode_type != IWM_UCODE_INIT)
558 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS)
559 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0);
560 fw->fw_status = IWM_FW_STATUS_INPROGRESS;
562 if (fw->fw_fp != NULL)
563 iwm_fw_info_free(fw);
566 * Load firmware into driver memory.
570 fwp = firmware_get(sc->cfg->fw_name);
573 device_printf(sc->sc_dev,
574 "could not read firmware %s (error %d)\n",
575 sc->cfg->fw_name, error);
580 /* (Re-)Initialize default values. */
582 capa->max_probe_length = IWM_DEFAULT_MAX_PROBE_LENGTH;
583 capa->n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS;
584 memset(capa->enabled_capa, 0, sizeof(capa->enabled_capa));
585 memset(capa->enabled_api, 0, sizeof(capa->enabled_api));
586 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc));
589 * Parse firmware contents
592 uhdr = (const void *)fw->fw_fp->data;
593 if (*(const uint32_t *)fw->fw_fp->data != 0
594 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
595 device_printf(sc->sc_dev, "invalid firmware %s\n",
601 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%u.%u (API ver %u)",
602 IWM_UCODE_MAJOR(le32toh(uhdr->ver)),
603 IWM_UCODE_MINOR(le32toh(uhdr->ver)),
604 IWM_UCODE_API(le32toh(uhdr->ver)));
606 len = fw->fw_fp->datasize - sizeof(*uhdr);
608 while (len >= sizeof(*tlv)) {
610 tlv = (const void *)data;
612 tlv_len = le32toh(tlv->length);
613 tlv_type = le32toh(tlv->type);
614 tlv_data = tlv->data;
617 device_printf(sc->sc_dev,
618 "firmware too short: %zu bytes\n",
623 len -= roundup2(tlv_len, 4);
624 data += sizeof(tlv) + roundup2(tlv_len, 4);
626 switch ((int)tlv_type) {
627 case IWM_UCODE_TLV_PROBE_MAX_LEN:
628 if (tlv_len != sizeof(uint32_t)) {
629 device_printf(sc->sc_dev,
630 "%s: PROBE_MAX_LEN (%d) != sizeof(uint32_t)\n",
636 capa->max_probe_length =
637 le32_to_cpup((const uint32_t *)tlv_data);
638 /* limit it to something sensible */
639 if (capa->max_probe_length >
640 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) {
641 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
642 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
643 "ridiculous\n", __func__);
648 case IWM_UCODE_TLV_PAN:
650 device_printf(sc->sc_dev,
651 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n",
657 capa->flags |= IWM_UCODE_TLV_FLAGS_PAN;
659 case IWM_UCODE_TLV_FLAGS:
660 if (tlv_len < sizeof(uint32_t)) {
661 device_printf(sc->sc_dev,
662 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n",
668 if (tlv_len % sizeof(uint32_t)) {
669 device_printf(sc->sc_dev,
670 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) %% sizeof(uint32_t)\n",
677 * Apparently there can be many flags, but Linux driver
678 * parses only the first one, and so do we.
680 * XXX: why does this override IWM_UCODE_TLV_PAN?
681 * Intentional or a bug? Observations from
682 * current firmware file:
683 * 1) TLV_PAN is parsed first
684 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
685 * ==> this resets TLV_PAN to itself... hnnnk
687 capa->flags = le32_to_cpup((const uint32_t *)tlv_data);
689 case IWM_UCODE_TLV_CSCHEME:
690 if ((error = iwm_store_cscheme(sc,
691 tlv_data, tlv_len)) != 0) {
692 device_printf(sc->sc_dev,
693 "%s: iwm_store_cscheme(): returned %d\n",
699 case IWM_UCODE_TLV_NUM_OF_CPU:
700 if (tlv_len != sizeof(uint32_t)) {
701 device_printf(sc->sc_dev,
702 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) != sizeof(uint32_t)\n",
708 num_of_cpus = le32_to_cpup((const uint32_t *)tlv_data);
709 if (num_of_cpus == 2) {
710 fw->fw_sects[IWM_UCODE_REGULAR].is_dual_cpus =
712 fw->fw_sects[IWM_UCODE_INIT].is_dual_cpus =
714 fw->fw_sects[IWM_UCODE_WOWLAN].is_dual_cpus =
716 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) {
717 device_printf(sc->sc_dev,
718 "%s: Driver supports only 1 or 2 CPUs\n",
724 case IWM_UCODE_TLV_SEC_RT:
725 if ((error = iwm_firmware_store_section(sc,
726 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) {
727 device_printf(sc->sc_dev,
728 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n",
734 case IWM_UCODE_TLV_SEC_INIT:
735 if ((error = iwm_firmware_store_section(sc,
736 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) {
737 device_printf(sc->sc_dev,
738 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n",
744 case IWM_UCODE_TLV_SEC_WOWLAN:
745 if ((error = iwm_firmware_store_section(sc,
746 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) {
747 device_printf(sc->sc_dev,
748 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n",
754 case IWM_UCODE_TLV_DEF_CALIB:
755 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
756 device_printf(sc->sc_dev,
757 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n",
760 (int) sizeof(struct iwm_tlv_calib_data));
764 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
765 device_printf(sc->sc_dev,
766 "%s: iwm_set_default_calib() failed: %d\n",
772 case IWM_UCODE_TLV_PHY_SKU:
773 if (tlv_len != sizeof(uint32_t)) {
775 device_printf(sc->sc_dev,
776 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n",
781 sc->sc_fw.phy_config =
782 le32_to_cpup((const uint32_t *)tlv_data);
783 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config &
784 IWM_FW_PHY_CFG_TX_CHAIN) >>
785 IWM_FW_PHY_CFG_TX_CHAIN_POS;
786 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config &
787 IWM_FW_PHY_CFG_RX_CHAIN) >>
788 IWM_FW_PHY_CFG_RX_CHAIN_POS;
791 case IWM_UCODE_TLV_API_CHANGES_SET: {
792 if (tlv_len != sizeof(struct iwm_ucode_api)) {
796 if (iwm_set_ucode_api_flags(sc, tlv_data, capa)) {
803 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: {
804 if (tlv_len != sizeof(struct iwm_ucode_capa)) {
808 if (iwm_set_ucode_capabilities(sc, tlv_data, capa)) {
815 case 48: /* undocumented TLV */
816 case IWM_UCODE_TLV_SDIO_ADMA_ADDR:
817 case IWM_UCODE_TLV_FW_GSCAN_CAPA:
818 /* ignore, not used by current driver */
821 case IWM_UCODE_TLV_SEC_RT_USNIFFER:
822 if ((error = iwm_firmware_store_section(sc,
823 IWM_UCODE_REGULAR_USNIFFER, tlv_data,
828 case IWM_UCODE_TLV_PAGING:
829 if (tlv_len != sizeof(uint32_t)) {
833 paging_mem_size = le32_to_cpup((const uint32_t *)tlv_data);
835 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
836 "%s: Paging: paging enabled (size = %u bytes)\n",
837 __func__, paging_mem_size);
838 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) {
839 device_printf(sc->sc_dev,
840 "%s: Paging: driver supports up to %u bytes for paging image\n",
841 __func__, IWM_MAX_PAGING_IMAGE_SIZE);
845 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) {
846 device_printf(sc->sc_dev,
847 "%s: Paging: image isn't multiple %u\n",
848 __func__, IWM_FW_PAGING_SIZE);
853 sc->sc_fw.fw_sects[IWM_UCODE_REGULAR].paging_mem_size =
855 usniffer_img = IWM_UCODE_REGULAR_USNIFFER;
856 sc->sc_fw.fw_sects[usniffer_img].paging_mem_size =
860 case IWM_UCODE_TLV_N_SCAN_CHANNELS:
861 if (tlv_len != sizeof(uint32_t)) {
865 capa->n_scan_channels =
866 le32_to_cpup((const uint32_t *)tlv_data);
869 case IWM_UCODE_TLV_FW_VERSION:
870 if (tlv_len != sizeof(uint32_t) * 3) {
874 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver),
876 le32toh(((const uint32_t *)tlv_data)[0]),
877 le32toh(((const uint32_t *)tlv_data)[1]),
878 le32toh(((const uint32_t *)tlv_data)[2]));
881 case IWM_UCODE_TLV_FW_MEM_SEG:
885 device_printf(sc->sc_dev,
886 "%s: unknown firmware section %d, abort\n",
893 KASSERT(error == 0, ("unhandled error"));
897 device_printf(sc->sc_dev, "firmware parse error %d, "
898 "section type %d\n", error, tlv_type);
903 fw->fw_status = IWM_FW_STATUS_NONE;
904 if (fw->fw_fp != NULL)
905 iwm_fw_info_free(fw);
907 fw->fw_status = IWM_FW_STATUS_DONE;
914 * DMA resource routines
917 /* fwmem is used to load firmware onto the card */
919 iwm_alloc_fwmem(struct iwm_softc *sc)
921 /* Must be aligned on a 16-byte boundary. */
922 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
923 IWM_FH_MEM_TB_MAX_LENGTH, 16);
926 /* tx scheduler rings. not used? */
928 iwm_alloc_sched(struct iwm_softc *sc)
930 /* TX scheduler rings must be aligned on a 1KB boundary. */
931 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
932 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
935 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
937 iwm_alloc_kw(struct iwm_softc *sc)
939 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
942 /* interrupt cause table */
944 iwm_alloc_ict(struct iwm_softc *sc)
946 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
947 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
951 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
958 /* Allocate RX descriptors (256-byte aligned). */
959 size = IWM_RX_RING_COUNT * sizeof(uint32_t);
960 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
962 device_printf(sc->sc_dev,
963 "could not allocate RX ring DMA memory\n");
966 ring->desc = ring->desc_dma.vaddr;
968 /* Allocate RX status area (16-byte aligned). */
969 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
970 sizeof(*ring->stat), 16);
972 device_printf(sc->sc_dev,
973 "could not allocate RX status DMA memory\n");
976 ring->stat = ring->stat_dma.vaddr;
978 /* Create RX buffer DMA tag. */
979 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
980 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
981 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat);
983 device_printf(sc->sc_dev,
984 "%s: could not create RX buf DMA tag, error %d\n",
989 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */
990 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map);
992 device_printf(sc->sc_dev,
993 "%s: could not create RX buf DMA map, error %d\n",
998 * Allocate and map RX buffers.
1000 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1001 struct iwm_rx_data *data = &ring->data[i];
1002 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1004 device_printf(sc->sc_dev,
1005 "%s: could not create RX buf DMA map, error %d\n",
1011 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
1017 fail: iwm_free_rx_ring(sc, ring);
1022 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1024 /* Reset the ring state */
1028 * The hw rx ring index in shared memory must also be cleared,
1029 * otherwise the discrepancy can cause reprocessing chaos.
1031 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1035 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1039 iwm_dma_contig_free(&ring->desc_dma);
1040 iwm_dma_contig_free(&ring->stat_dma);
1042 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1043 struct iwm_rx_data *data = &ring->data[i];
1045 if (data->m != NULL) {
1046 bus_dmamap_sync(ring->data_dmat, data->map,
1047 BUS_DMASYNC_POSTREAD);
1048 bus_dmamap_unload(ring->data_dmat, data->map);
1052 if (data->map != NULL) {
1053 bus_dmamap_destroy(ring->data_dmat, data->map);
1057 if (ring->spare_map != NULL) {
1058 bus_dmamap_destroy(ring->data_dmat, ring->spare_map);
1059 ring->spare_map = NULL;
1061 if (ring->data_dmat != NULL) {
1062 bus_dma_tag_destroy(ring->data_dmat);
1063 ring->data_dmat = NULL;
1068 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
1080 /* Allocate TX descriptors (256-byte aligned). */
1081 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
1082 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1084 device_printf(sc->sc_dev,
1085 "could not allocate TX ring DMA memory\n");
1088 ring->desc = ring->desc_dma.vaddr;
1091 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
1092 * to allocate commands space for other rings.
1094 if (qid > IWM_MVM_CMD_QUEUE)
1097 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
1098 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
1100 device_printf(sc->sc_dev,
1101 "could not allocate TX cmd DMA memory\n");
1104 ring->cmd = ring->cmd_dma.vaddr;
1106 /* FW commands may require more mapped space than packets. */
1107 if (qid == IWM_MVM_CMD_QUEUE) {
1108 maxsize = IWM_RBUF_SIZE;
1112 nsegments = IWM_MAX_SCATTER - 2;
1115 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
1116 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize,
1117 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat);
1119 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
1123 paddr = ring->cmd_dma.paddr;
1124 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1125 struct iwm_tx_data *data = &ring->data[i];
1127 data->cmd_paddr = paddr;
1128 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
1129 + offsetof(struct iwm_tx_cmd, scratch);
1130 paddr += sizeof(struct iwm_device_cmd);
1132 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1134 device_printf(sc->sc_dev,
1135 "could not create TX buf DMA map\n");
1139 KASSERT(paddr == ring->cmd_dma.paddr + size,
1140 ("invalid physical address"));
1143 fail: iwm_free_tx_ring(sc, ring);
1148 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1152 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1153 struct iwm_tx_data *data = &ring->data[i];
1155 if (data->m != NULL) {
1156 bus_dmamap_sync(ring->data_dmat, data->map,
1157 BUS_DMASYNC_POSTWRITE);
1158 bus_dmamap_unload(ring->data_dmat, data->map);
1163 /* Clear TX descriptors. */
1164 memset(ring->desc, 0, ring->desc_dma.size);
1165 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1166 BUS_DMASYNC_PREWRITE);
1167 sc->qfullmsk &= ~(1 << ring->qid);
1171 if (ring->qid == IWM_MVM_CMD_QUEUE && sc->cmd_hold_nic_awake)
1172 iwm_pcie_clear_cmd_in_flight(sc);
1176 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1180 iwm_dma_contig_free(&ring->desc_dma);
1181 iwm_dma_contig_free(&ring->cmd_dma);
1183 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1184 struct iwm_tx_data *data = &ring->data[i];
1186 if (data->m != NULL) {
1187 bus_dmamap_sync(ring->data_dmat, data->map,
1188 BUS_DMASYNC_POSTWRITE);
1189 bus_dmamap_unload(ring->data_dmat, data->map);
1193 if (data->map != NULL) {
1194 bus_dmamap_destroy(ring->data_dmat, data->map);
1198 if (ring->data_dmat != NULL) {
1199 bus_dma_tag_destroy(ring->data_dmat);
1200 ring->data_dmat = NULL;
1205 * High-level hardware frobbing routines
1209 iwm_enable_interrupts(struct iwm_softc *sc)
1211 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1212 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1216 iwm_restore_interrupts(struct iwm_softc *sc)
1218 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1222 iwm_disable_interrupts(struct iwm_softc *sc)
1224 /* disable interrupts */
1225 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1227 /* acknowledge all interrupts */
1228 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1229 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1233 iwm_ict_reset(struct iwm_softc *sc)
1235 iwm_disable_interrupts(sc);
1237 /* Reset ICT table. */
1238 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1241 /* Set physical address of ICT table (4KB aligned). */
1242 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1243 IWM_CSR_DRAM_INT_TBL_ENABLE
1244 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER
1245 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1246 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1248 /* Switch to ICT interrupt mode in driver. */
1249 sc->sc_flags |= IWM_FLAG_USE_ICT;
1251 /* Re-enable interrupts. */
1252 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1253 iwm_enable_interrupts(sc);
1256 /* iwlwifi pcie/trans.c */
1259 * Since this .. hard-resets things, it's time to actually
1260 * mark the first vap (if any) as having no mac context.
1261 * It's annoying, but since the driver is potentially being
1262 * stop/start'ed whilst active (thanks openbsd port!) we
1263 * have to correctly track this.
1266 iwm_stop_device(struct iwm_softc *sc)
1268 struct ieee80211com *ic = &sc->sc_ic;
1269 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1273 /* tell the device to stop sending interrupts */
1274 iwm_disable_interrupts(sc);
1277 * FreeBSD-local: mark the first vap as not-uploaded,
1278 * so the next transition through auth/assoc
1279 * will correctly populate the MAC context.
1282 struct iwm_vap *iv = IWM_VAP(vap);
1283 iv->phy_ctxt = NULL;
1284 iv->is_uploaded = 0;
1287 /* device going down, Stop using ICT table */
1288 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1290 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1292 if (iwm_nic_lock(sc)) {
1293 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1295 /* Stop each Tx DMA channel */
1296 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1298 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1299 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl);
1302 /* Wait for DMA channels to be idle */
1303 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask,
1305 device_printf(sc->sc_dev,
1306 "Failing on timeout while stopping DMA channel: [0x%08x]\n",
1307 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG));
1311 iwm_pcie_rx_stop(sc);
1314 iwm_reset_rx_ring(sc, &sc->rxq);
1316 /* Reset all TX rings. */
1317 for (qid = 0; qid < nitems(sc->txq); qid++)
1318 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1320 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1321 /* Power-down device's busmaster DMA clocks */
1322 if (iwm_nic_lock(sc)) {
1323 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG,
1324 IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1330 /* Make sure (redundant) we've released our request to stay awake */
1331 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1332 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1334 /* Stop the device, and put it in low power state */
1337 /* Upon stop, the APM issues an interrupt if HW RF kill is set.
1338 * Clean again the interrupt here
1340 iwm_disable_interrupts(sc);
1341 /* stop and reset the on-board processor */
1342 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1345 * Even if we stop the HW, we still want the RF kill
1348 iwm_enable_rfkill_int(sc);
1349 iwm_check_rfkill(sc);
1352 /* iwlwifi: mvm/ops.c */
1354 iwm_mvm_nic_config(struct iwm_softc *sc)
1356 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1357 uint32_t reg_val = 0;
1358 uint32_t phy_config = iwm_mvm_get_phy_config(sc);
1360 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1361 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1362 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1363 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1364 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1365 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1368 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1369 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1370 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1371 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1373 /* radio configuration */
1374 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1375 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1376 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1378 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val);
1380 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1381 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1382 radio_cfg_step, radio_cfg_dash);
1385 * W/A : NIC is stuck in a reset state after Early PCIe power off
1386 * (PCIe power is lost before PERST# is asserted), causing ME FW
1387 * to lose ownership and not being able to obtain it back.
1389 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1390 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1391 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1392 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1397 iwm_nic_rx_init(struct iwm_softc *sc)
1400 * Initialize RX ring. This is from the iwn driver.
1402 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1405 iwm_pcie_rx_stop(sc);
1407 if (!iwm_nic_lock(sc))
1410 /* reset and flush pointers */
1411 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1412 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1413 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1414 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1416 /* Set physical address of RX ring (256-byte aligned). */
1418 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8);
1420 /* Set physical address of RX status (16-byte aligned). */
1422 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1425 * XXX 5000 HW isn't supported by the iwm(4) driver.
1426 * IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY is set because of HW bug in
1427 * the credit mechanism in 5000 HW RX FIFO
1428 * Direct rx interrupts to hosts
1429 * Rx buffer size 4 or 8k or 12k
1433 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1434 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1435 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1436 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1437 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1438 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1439 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1441 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1443 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1444 if (sc->cfg->host_interrupt_operation_mode)
1445 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1448 * Thus sayeth el jefe (iwlwifi) via a comment:
1450 * This value should initially be 0 (before preparing any
1451 * RBs), should be 8 after preparing the first 8 RBs (for example)
1453 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1461 iwm_nic_tx_init(struct iwm_softc *sc)
1465 if (!iwm_nic_lock(sc))
1468 /* Deactivate TX scheduler. */
1469 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1471 /* Set physical address of "keep warm" page (16-byte aligned). */
1472 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1474 /* Initialize TX rings. */
1475 for (qid = 0; qid < nitems(sc->txq); qid++) {
1476 struct iwm_tx_ring *txq = &sc->txq[qid];
1478 /* Set physical address of TX ring (256-byte aligned). */
1479 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1480 txq->desc_dma.paddr >> 8);
1481 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1482 "%s: loading ring %d descriptors (%p) at %lx\n",
1485 (unsigned long) (txq->desc_dma.paddr >> 8));
1488 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE);
1496 iwm_nic_init(struct iwm_softc *sc)
1501 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1504 iwm_mvm_nic_config(sc);
1506 if ((error = iwm_nic_rx_init(sc)) != 0)
1510 * Ditto for TX, from iwn
1512 if ((error = iwm_nic_tx_init(sc)) != 0)
1515 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1516 "%s: shadow registers enabled\n", __func__);
1517 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1523 iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo)
1525 if (!iwm_nic_lock(sc)) {
1526 device_printf(sc->sc_dev,
1527 "%s: cannot enable txq %d\n",
1533 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1535 if (qid == IWM_MVM_CMD_QUEUE) {
1536 /* unactivate before configuration */
1537 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1538 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE)
1539 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1543 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid));
1545 if (!iwm_nic_lock(sc)) {
1546 device_printf(sc->sc_dev,
1547 "%s: cannot enable txq %d\n", __func__, qid);
1550 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1553 iwm_write_mem32(sc, sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1554 /* Set scheduler window size and frame limit. */
1556 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1558 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1559 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1560 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1561 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1563 if (!iwm_nic_lock(sc)) {
1564 device_printf(sc->sc_dev,
1565 "%s: cannot enable txq %d\n", __func__, qid);
1568 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1569 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1570 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1571 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1572 IWM_SCD_QUEUE_STTS_REG_MSK);
1574 struct iwm_scd_txq_cfg_cmd cmd;
1579 memset(&cmd, 0, sizeof(cmd));
1580 cmd.scd_queue = qid;
1582 cmd.sta_id = sta_id;
1585 cmd.window = IWM_FRAME_LIMIT;
1587 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC,
1590 device_printf(sc->sc_dev,
1591 "cannot enable txq %d\n", qid);
1595 if (!iwm_nic_lock(sc))
1599 iwm_write_prph(sc, IWM_SCD_EN_CTRL,
1600 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid);
1604 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n",
1605 __func__, qid, fifo);
1611 iwm_trans_pcie_fw_alive(struct iwm_softc *sc, uint32_t scd_base_addr)
1615 int clear_dwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1616 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t);
1618 if (!iwm_nic_lock(sc))
1623 sc->scd_base_addr = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR);
1624 if (scd_base_addr != 0 &&
1625 scd_base_addr != sc->scd_base_addr) {
1626 device_printf(sc->sc_dev,
1627 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n",
1628 __func__, sc->scd_base_addr, scd_base_addr);
1633 /* reset context data, TX status and translation data */
1634 error = iwm_write_mem(sc,
1635 sc->scd_base_addr + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1636 NULL, clear_dwords);
1640 if (!iwm_nic_lock(sc))
1643 /* Set physical address of TX scheduler rings (1KB aligned). */
1644 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1646 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1650 /* enable command channel */
1651 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7);
1655 if (!iwm_nic_lock(sc))
1658 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1660 /* Enable DMA channels. */
1661 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1662 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1663 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1664 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1667 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1668 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1672 /* Enable L1-Active */
1673 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
1674 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1675 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1682 * NVM read access and content parsing. We do not support
1683 * external NVM or writing NVM.
1687 /* Default NVM size to read */
1688 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1690 #define IWM_NVM_WRITE_OPCODE 1
1691 #define IWM_NVM_READ_OPCODE 0
1693 /* load nvm chunk response */
1695 IWM_READ_NVM_CHUNK_SUCCEED = 0,
1696 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1
1700 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1701 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1703 struct iwm_nvm_access_cmd nvm_access_cmd = {
1704 .offset = htole16(offset),
1705 .length = htole16(length),
1706 .type = htole16(section),
1707 .op_code = IWM_NVM_READ_OPCODE,
1709 struct iwm_nvm_access_resp *nvm_resp;
1710 struct iwm_rx_packet *pkt;
1711 struct iwm_host_cmd cmd = {
1712 .id = IWM_NVM_ACCESS_CMD,
1713 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL,
1714 .data = { &nvm_access_cmd, },
1716 int ret, bytes_read, offset_read;
1719 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1721 ret = iwm_send_cmd(sc, &cmd);
1723 device_printf(sc->sc_dev,
1724 "Could not send NVM_ACCESS command (error=%d)\n", ret);
1730 /* Extract NVM response */
1731 nvm_resp = (void *)pkt->data;
1732 ret = le16toh(nvm_resp->status);
1733 bytes_read = le16toh(nvm_resp->length);
1734 offset_read = le16toh(nvm_resp->offset);
1735 resp_data = nvm_resp->data;
1737 if ((offset != 0) &&
1738 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) {
1740 * meaning of NOT_VALID_ADDRESS:
1741 * driver try to read chunk from address that is
1742 * multiple of 2K and got an error since addr is empty.
1743 * meaning of (offset != 0): driver already
1744 * read valid data from another chunk so this case
1747 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1748 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n",
1753 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1754 "NVM access command failed with status %d\n", ret);
1760 if (offset_read != offset) {
1761 device_printf(sc->sc_dev,
1762 "NVM ACCESS response with invalid offset %d\n",
1768 if (bytes_read > length) {
1769 device_printf(sc->sc_dev,
1770 "NVM ACCESS response with too much data "
1771 "(%d bytes requested, %d bytes received)\n",
1772 length, bytes_read);
1777 /* Write data to NVM */
1778 memcpy(data + offset, resp_data, bytes_read);
1782 iwm_free_resp(sc, &cmd);
1787 * Reads an NVM section completely.
1788 * NICs prior to 7000 family don't have a real NVM, but just read
1789 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1790 * by uCode, we need to manually check in this case that we don't
1791 * overflow and try to read more than the EEPROM size.
1792 * For 7000 family NICs, we supply the maximal size we can read, and
1793 * the uCode fills the response with as much data as we can,
1794 * without overflowing, so no check is needed.
1797 iwm_nvm_read_section(struct iwm_softc *sc,
1798 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read)
1800 uint16_t seglen, length, offset = 0;
1803 /* Set nvm section read length */
1804 length = IWM_NVM_DEFAULT_CHUNK_SIZE;
1808 /* Read the NVM until exhausted (reading less than requested) */
1809 while (seglen == length) {
1810 /* Check no memory assumptions fail and cause an overflow */
1811 if ((size_read + offset + length) >
1812 sc->cfg->eeprom_size) {
1813 device_printf(sc->sc_dev,
1814 "EEPROM size is too small for NVM\n");
1818 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen);
1820 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1821 "Cannot read NVM from section %d offset %d, length %d\n",
1822 section, offset, length);
1828 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1829 "NVM section %d read completed\n", section);
1835 * BEGIN IWM_NVM_PARSE
1838 /* iwlwifi/iwl-nvm-parse.c */
1840 /* NVM offsets (in words) definitions */
1841 enum iwm_nvm_offsets {
1842 /* NVM HW-Section offset (in words) definitions */
1845 /* NVM SW-Section offset (in words) definitions */
1846 IWM_NVM_SW_SECTION = 0x1C0,
1847 IWM_NVM_VERSION = 0,
1851 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1853 /* NVM calibration section offset (in words) definitions */
1854 IWM_NVM_CALIB_SECTION = 0x2B8,
1855 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1858 enum iwm_8000_nvm_offsets {
1859 /* NVM HW-Section offset (in words) definitions */
1860 IWM_HW_ADDR0_WFPM_8000 = 0x12,
1861 IWM_HW_ADDR1_WFPM_8000 = 0x16,
1862 IWM_HW_ADDR0_PCIE_8000 = 0x8A,
1863 IWM_HW_ADDR1_PCIE_8000 = 0x8E,
1864 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1,
1866 /* NVM SW-Section offset (in words) definitions */
1867 IWM_NVM_SW_SECTION_8000 = 0x1C0,
1868 IWM_NVM_VERSION_8000 = 0,
1869 IWM_RADIO_CFG_8000 = 0,
1871 IWM_N_HW_ADDRS_8000 = 3,
1873 /* NVM REGULATORY -Section offset (in words) definitions */
1874 IWM_NVM_CHANNELS_8000 = 0,
1875 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7,
1876 IWM_NVM_LAR_OFFSET_8000 = 0x507,
1877 IWM_NVM_LAR_ENABLED_8000 = 0x7,
1879 /* NVM calibration section offset (in words) definitions */
1880 IWM_NVM_CALIB_SECTION_8000 = 0x2B8,
1881 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000
1884 /* SKU Capabilities (actual values from NVM definition) */
1886 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1887 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1888 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1889 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1892 /* radio config bits (actual values from NVM definition) */
1893 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1894 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1895 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1896 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1897 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1898 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1900 #define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF)
1901 #define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF)
1902 #define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF)
1903 #define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF)
1904 #define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF)
1905 #define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF)
1907 #define DEFAULT_MAX_TX_POWER 16
1910 * enum iwm_nvm_channel_flags - channel flags in NVM
1911 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1912 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1913 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1914 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1915 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c
1916 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1917 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1918 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1919 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1920 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1922 enum iwm_nvm_channel_flags {
1923 IWM_NVM_CHANNEL_VALID = (1 << 0),
1924 IWM_NVM_CHANNEL_IBSS = (1 << 1),
1925 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
1926 IWM_NVM_CHANNEL_RADAR = (1 << 4),
1927 IWM_NVM_CHANNEL_DFS = (1 << 7),
1928 IWM_NVM_CHANNEL_WIDE = (1 << 8),
1929 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
1930 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
1931 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
1935 * Translate EEPROM flags to net80211.
1938 iwm_eeprom_channel_flags(uint16_t ch_flags)
1943 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0)
1944 nflags |= IEEE80211_CHAN_PASSIVE;
1945 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0)
1946 nflags |= IEEE80211_CHAN_NOADHOC;
1947 if (ch_flags & IWM_NVM_CHANNEL_RADAR) {
1948 nflags |= IEEE80211_CHAN_DFS;
1950 nflags |= IEEE80211_CHAN_NOADHOC;
1957 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[],
1958 int maxchans, int *nchans, int ch_idx, size_t ch_num,
1959 const uint8_t bands[])
1961 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags;
1967 for (; ch_idx < ch_num; ch_idx++) {
1968 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
1969 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1970 ieee = iwm_nvm_channels[ch_idx];
1972 ieee = iwm_nvm_channels_8000[ch_idx];
1974 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
1975 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1976 "Ch. %d Flags %x [%sGHz] - No traffic\n",
1978 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1983 nflags = iwm_eeprom_channel_flags(ch_flags);
1984 error = ieee80211_add_channel(chans, maxchans, nchans,
1985 ieee, 0, 0, nflags, bands);
1989 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1990 "Ch. %d Flags %x [%sGHz] - Added\n",
1992 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1998 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans,
1999 struct ieee80211_channel chans[])
2001 struct iwm_softc *sc = ic->ic_softc;
2002 struct iwm_nvm_data *data = sc->nvm_data;
2003 uint8_t bands[IEEE80211_MODE_BYTES];
2006 memset(bands, 0, sizeof(bands));
2007 /* 1-13: 11b/g channels. */
2008 setbit(bands, IEEE80211_MODE_11B);
2009 setbit(bands, IEEE80211_MODE_11G);
2010 iwm_add_channel_band(sc, chans, maxchans, nchans, 0,
2011 IWM_NUM_2GHZ_CHANNELS - 1, bands);
2013 /* 14: 11b channel only. */
2014 clrbit(bands, IEEE80211_MODE_11G);
2015 iwm_add_channel_band(sc, chans, maxchans, nchans,
2016 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands);
2018 if (data->sku_cap_band_52GHz_enable) {
2019 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
2020 ch_num = nitems(iwm_nvm_channels);
2022 ch_num = nitems(iwm_nvm_channels_8000);
2023 memset(bands, 0, sizeof(bands));
2024 setbit(bands, IEEE80211_MODE_11A);
2025 iwm_add_channel_band(sc, chans, maxchans, nchans,
2026 IWM_NUM_2GHZ_CHANNELS, ch_num, bands);
2031 iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data,
2032 const uint16_t *mac_override, const uint16_t *nvm_hw)
2034 const uint8_t *hw_addr;
2037 static const uint8_t reserved_mac[] = {
2038 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00
2041 hw_addr = (const uint8_t *)(mac_override +
2042 IWM_MAC_ADDRESS_OVERRIDE_8000);
2045 * Store the MAC address from MAO section.
2046 * No byte swapping is required in MAO section
2048 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr);
2051 * Force the use of the OTP MAC address in case of reserved MAC
2052 * address in the NVM, or if address is given but invalid.
2054 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) &&
2055 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) &&
2056 iwm_is_valid_ether_addr(data->hw_addr) &&
2057 !IEEE80211_IS_MULTICAST(data->hw_addr))
2060 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2061 "%s: mac address from nvm override section invalid\n",
2066 /* read the mac address from WFMP registers */
2067 uint32_t mac_addr0 =
2068 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0));
2069 uint32_t mac_addr1 =
2070 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1));
2072 hw_addr = (const uint8_t *)&mac_addr0;
2073 data->hw_addr[0] = hw_addr[3];
2074 data->hw_addr[1] = hw_addr[2];
2075 data->hw_addr[2] = hw_addr[1];
2076 data->hw_addr[3] = hw_addr[0];
2078 hw_addr = (const uint8_t *)&mac_addr1;
2079 data->hw_addr[4] = hw_addr[1];
2080 data->hw_addr[5] = hw_addr[0];
2085 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__);
2086 memset(data->hw_addr, 0, sizeof(data->hw_addr));
2090 iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2091 const uint16_t *phy_sku)
2093 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2094 return le16_to_cpup(nvm_sw + IWM_SKU);
2096 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000));
2100 iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2102 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2103 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
2105 return le32_to_cpup((const uint32_t *)(nvm_sw +
2106 IWM_NVM_VERSION_8000));
2110 iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2111 const uint16_t *phy_sku)
2113 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2114 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
2116 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000));
2120 iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2124 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2125 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
2127 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000));
2129 return n_hw_addr & IWM_N_HW_ADDR_MASK;
2133 iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data,
2136 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2137 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
2138 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
2139 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
2140 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
2144 /* set the radio configuration for family 8000 */
2145 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg);
2146 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg);
2147 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg);
2148 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg);
2149 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg);
2150 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg);
2154 iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data,
2155 const uint16_t *nvm_hw, const uint16_t *mac_override)
2157 #ifdef notyet /* for FAMILY 9000 */
2158 if (cfg->mac_addr_from_csr) {
2159 iwm_set_hw_address_from_csr(sc, data);
2162 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2163 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR);
2165 /* The byte order is little endian 16 bit, meaning 214365 */
2166 data->hw_addr[0] = hw_addr[1];
2167 data->hw_addr[1] = hw_addr[0];
2168 data->hw_addr[2] = hw_addr[3];
2169 data->hw_addr[3] = hw_addr[2];
2170 data->hw_addr[4] = hw_addr[5];
2171 data->hw_addr[5] = hw_addr[4];
2173 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw);
2176 if (!iwm_is_valid_ether_addr(data->hw_addr)) {
2177 device_printf(sc->sc_dev, "no valid mac address was found\n");
2184 static struct iwm_nvm_data *
2185 iwm_parse_nvm_data(struct iwm_softc *sc,
2186 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
2187 const uint16_t *nvm_calib, const uint16_t *mac_override,
2188 const uint16_t *phy_sku, const uint16_t *regulatory)
2190 struct iwm_nvm_data *data;
2191 uint32_t sku, radio_cfg;
2193 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2194 data = malloc(sizeof(*data) +
2195 IWM_NUM_CHANNELS * sizeof(uint16_t),
2196 M_DEVBUF, M_NOWAIT | M_ZERO);
2198 data = malloc(sizeof(*data) +
2199 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t),
2200 M_DEVBUF, M_NOWAIT | M_ZERO);
2205 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw);
2207 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku);
2208 iwm_set_radio_cfg(sc, data, radio_cfg);
2210 sku = iwm_get_sku(sc, nvm_sw, phy_sku);
2211 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
2212 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
2213 data->sku_cap_11n_enable = 0;
2215 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw);
2217 /* If no valid mac address was found - bail out */
2218 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) {
2219 free(data, M_DEVBUF);
2223 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2224 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS],
2225 IWM_NUM_CHANNELS * sizeof(uint16_t));
2227 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000],
2228 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t));
2235 iwm_free_nvm_data(struct iwm_nvm_data *data)
2238 free(data, M_DEVBUF);
2241 static struct iwm_nvm_data *
2242 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
2244 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku;
2246 /* Checking for required sections */
2247 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2248 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2249 !sections[sc->cfg->nvm_hw_section_num].data) {
2250 device_printf(sc->sc_dev,
2251 "Can't parse empty OTP/NVM sections\n");
2254 } else if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
2255 /* SW and REGULATORY sections are mandatory */
2256 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2257 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) {
2258 device_printf(sc->sc_dev,
2259 "Can't parse empty OTP/NVM sections\n");
2262 /* MAC_OVERRIDE or at least HW section must exist */
2263 if (!sections[sc->cfg->nvm_hw_section_num].data &&
2264 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) {
2265 device_printf(sc->sc_dev,
2266 "Can't parse mac_address, empty sections\n");
2270 /* PHY_SKU section is mandatory in B0 */
2271 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) {
2272 device_printf(sc->sc_dev,
2273 "Can't parse phy_sku in B0, empty sections\n");
2277 panic("unknown device family %d\n", sc->cfg->device_family);
2280 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data;
2281 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
2282 calib = (const uint16_t *)
2283 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
2284 regulatory = (const uint16_t *)
2285 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data;
2286 mac_override = (const uint16_t *)
2287 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data;
2288 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data;
2290 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override,
2291 phy_sku, regulatory);
2295 iwm_nvm_init(struct iwm_softc *sc)
2297 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS];
2298 int i, ret, section;
2299 uint32_t size_read = 0;
2300 uint8_t *nvm_buffer, *temp;
2303 memset(nvm_sections, 0, sizeof(nvm_sections));
2305 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS)
2308 /* load NVM values from nic */
2309 /* Read From FW NVM */
2310 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n");
2312 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO);
2315 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) {
2316 /* we override the constness for initial read */
2317 ret = iwm_nvm_read_section(sc, section, nvm_buffer,
2322 temp = malloc(len, M_DEVBUF, M_NOWAIT);
2327 memcpy(temp, nvm_buffer, len);
2329 nvm_sections[section].data = temp;
2330 nvm_sections[section].length = len;
2333 device_printf(sc->sc_dev, "OTP is blank\n");
2334 free(nvm_buffer, M_DEVBUF);
2336 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections);
2339 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
2340 "nvm version = %x\n", sc->nvm_data->nvm_version);
2342 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) {
2343 if (nvm_sections[i].data != NULL)
2344 free(nvm_sections[i].data, M_DEVBUF);
2351 iwm_pcie_load_section(struct iwm_softc *sc, uint8_t section_num,
2352 const struct iwm_fw_desc *section)
2354 struct iwm_dma_info *dma = &sc->fw_dma;
2357 uint32_t offset, chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, section->len);
2360 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2361 "%s: [%d] uCode section being loaded...\n",
2362 __func__, section_num);
2364 v_addr = dma->vaddr;
2365 p_addr = dma->paddr;
2367 for (offset = 0; offset < section->len; offset += chunk_sz) {
2368 uint32_t copy_size, dst_addr;
2369 int extended_addr = FALSE;
2371 copy_size = MIN(chunk_sz, section->len - offset);
2372 dst_addr = section->offset + offset;
2374 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2375 dst_addr <= IWM_FW_MEM_EXTENDED_END)
2376 extended_addr = TRUE;
2379 iwm_set_bits_prph(sc, IWM_LMPM_CHICK,
2380 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2382 memcpy(v_addr, (const uint8_t *)section->data + offset,
2384 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
2385 ret = iwm_pcie_load_firmware_chunk(sc, dst_addr, p_addr,
2389 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK,
2390 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2393 device_printf(sc->sc_dev,
2394 "%s: Could not load the [%d] uCode section\n",
2395 __func__, section_num);
2407 iwm_pcie_load_firmware_chunk(struct iwm_softc *sc, uint32_t dst_addr,
2408 bus_addr_t phy_addr, uint32_t byte_cnt)
2412 sc->sc_fw_chunk_done = 0;
2414 if (!iwm_nic_lock(sc))
2417 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2418 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
2420 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
2423 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
2424 phy_addr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
2426 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
2427 (iwm_get_dma_hi_addr(phy_addr)
2428 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
2430 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
2431 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
2432 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
2433 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
2435 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2436 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
2437 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
2438 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
2442 /* wait up to 5s for this segment to load */
2444 while (!sc->sc_fw_chunk_done) {
2445 ret = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz);
2451 device_printf(sc->sc_dev,
2452 "fw chunk addr 0x%x len %d failed to load\n",
2453 dst_addr, byte_cnt);
2461 iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
2462 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section)
2465 int i, ret = 0, sec_num = 0x1;
2466 uint32_t val, last_read_idx = 0;
2470 *first_ucode_section = 0;
2473 (*first_ucode_section)++;
2476 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2480 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2482 * PAGING_SEPARATOR_SECTION delimiter - separate between
2483 * CPU2 non paged to CPU2 paging sec.
2485 if (!image->fw_sect[i].data ||
2486 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2487 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2488 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2489 "Break since Data not valid or Empty section, sec = %d\n",
2493 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]);
2497 /* Notify the ucode of the loaded section number and status */
2498 if (iwm_nic_lock(sc)) {
2499 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS);
2500 val = val | (sec_num << shift_param);
2501 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val);
2502 sec_num = (sec_num << 1) | 0x1;
2507 *first_ucode_section = last_read_idx;
2509 iwm_enable_interrupts(sc);
2511 if (iwm_nic_lock(sc)) {
2513 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF);
2515 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
2523 iwm_pcie_load_cpu_sections(struct iwm_softc *sc,
2524 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section)
2528 uint32_t last_read_idx = 0;
2532 *first_ucode_section = 0;
2535 (*first_ucode_section)++;
2538 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2542 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2544 * PAGING_SEPARATOR_SECTION delimiter - separate between
2545 * CPU2 non paged to CPU2 paging sec.
2547 if (!image->fw_sect[i].data ||
2548 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2549 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2550 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2551 "Break since Data not valid or Empty section, sec = %d\n",
2556 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]);
2561 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
2562 iwm_set_bits_prph(sc,
2563 IWM_CSR_UCODE_LOAD_STATUS_ADDR,
2564 (IWM_LMPM_CPU_UCODE_LOADING_COMPLETED |
2565 IWM_LMPM_CPU_HDRS_LOADING_COMPLETED |
2566 IWM_LMPM_CPU_UCODE_LOADING_STARTED) <<
2569 *first_ucode_section = last_read_idx;
2576 iwm_pcie_load_given_ucode(struct iwm_softc *sc,
2577 const struct iwm_fw_sects *image)
2580 int first_ucode_section;
2582 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2583 image->is_dual_cpus ? "Dual" : "Single");
2585 /* load to FW the binary non secured sections of CPU1 */
2586 ret = iwm_pcie_load_cpu_sections(sc, image, 1, &first_ucode_section);
2590 if (image->is_dual_cpus) {
2591 /* set CPU2 header address */
2592 if (iwm_nic_lock(sc)) {
2594 IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR,
2595 IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE);
2599 /* load to FW the binary sections of CPU2 */
2600 ret = iwm_pcie_load_cpu_sections(sc, image, 2,
2601 &first_ucode_section);
2606 iwm_enable_interrupts(sc);
2608 /* release CPU reset */
2609 IWM_WRITE(sc, IWM_CSR_RESET, 0);
2615 iwm_pcie_load_given_ucode_8000(struct iwm_softc *sc,
2616 const struct iwm_fw_sects *image)
2619 int first_ucode_section;
2621 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2622 image->is_dual_cpus ? "Dual" : "Single");
2624 /* configure the ucode to be ready to get the secured image */
2625 /* release CPU reset */
2626 if (iwm_nic_lock(sc)) {
2627 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET,
2628 IWM_RELEASE_CPU_RESET_BIT);
2632 /* load to FW the binary Secured sections of CPU1 */
2633 ret = iwm_pcie_load_cpu_sections_8000(sc, image, 1,
2634 &first_ucode_section);
2638 /* load to FW the binary sections of CPU2 */
2639 return iwm_pcie_load_cpu_sections_8000(sc, image, 2,
2640 &first_ucode_section);
2643 /* XXX Get rid of this definition */
2645 iwm_enable_fw_load_int(struct iwm_softc *sc)
2647 IWM_DPRINTF(sc, IWM_DEBUG_INTR, "Enabling FW load interrupt\n");
2648 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX;
2649 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
2652 /* XXX Add proper rfkill support code */
2654 iwm_start_fw(struct iwm_softc *sc,
2655 const struct iwm_fw_sects *fw)
2659 /* This may fail if AMT took ownership of the device */
2660 if (iwm_prepare_card_hw(sc)) {
2661 device_printf(sc->sc_dev,
2662 "%s: Exit HW not ready\n", __func__);
2667 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2669 iwm_disable_interrupts(sc);
2671 /* make sure rfkill handshake bits are cleared */
2672 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2673 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
2674 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
2676 /* clear (again), then enable host interrupts */
2677 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2679 ret = iwm_nic_init(sc);
2681 device_printf(sc->sc_dev, "%s: Unable to init nic\n", __func__);
2686 * Now, we load the firmware and don't want to be interrupted, even
2687 * by the RF-Kill interrupt (hence mask all the interrupt besides the
2688 * FH_TX interrupt which is needed to load the firmware). If the
2689 * RF-Kill switch is toggled, we will find out after having loaded
2690 * the firmware and return the proper value to the caller.
2692 iwm_enable_fw_load_int(sc);
2694 /* really make sure rfkill handshake bits are cleared */
2695 /* maybe we should write a few times more? just to make sure */
2696 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2697 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2699 /* Load the given image to the HW */
2700 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
2701 ret = iwm_pcie_load_given_ucode_8000(sc, fw);
2703 ret = iwm_pcie_load_given_ucode(sc, fw);
2705 /* XXX re-check RF-Kill state */
2712 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2714 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2715 .valid = htole32(valid_tx_ant),
2718 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2719 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2722 /* iwlwifi: mvm/fw.c */
2724 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2726 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2727 enum iwm_ucode_type ucode_type = sc->cur_ucode;
2729 /* Set parameters */
2730 phy_cfg_cmd.phy_cfg = htole32(iwm_mvm_get_phy_config(sc));
2731 phy_cfg_cmd.calib_control.event_trigger =
2732 sc->sc_default_calib[ucode_type].event_trigger;
2733 phy_cfg_cmd.calib_control.flow_trigger =
2734 sc->sc_default_calib[ucode_type].flow_trigger;
2736 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2737 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2738 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2739 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2743 iwm_alive_fn(struct iwm_softc *sc, struct iwm_rx_packet *pkt, void *data)
2745 struct iwm_mvm_alive_data *alive_data = data;
2746 struct iwm_mvm_alive_resp_ver1 *palive1;
2747 struct iwm_mvm_alive_resp_ver2 *palive2;
2748 struct iwm_mvm_alive_resp *palive;
2750 if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive1)) {
2751 palive1 = (void *)pkt->data;
2753 sc->support_umac_log = FALSE;
2754 sc->error_event_table =
2755 le32toh(palive1->error_event_table_ptr);
2756 sc->log_event_table =
2757 le32toh(palive1->log_event_table_ptr);
2758 alive_data->scd_base_addr = le32toh(palive1->scd_base_ptr);
2760 alive_data->valid = le16toh(palive1->status) ==
2761 IWM_ALIVE_STATUS_OK;
2762 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2763 "Alive VER1 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2764 le16toh(palive1->status), palive1->ver_type,
2765 palive1->ver_subtype, palive1->flags);
2766 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive2)) {
2767 palive2 = (void *)pkt->data;
2768 sc->error_event_table =
2769 le32toh(palive2->error_event_table_ptr);
2770 sc->log_event_table =
2771 le32toh(palive2->log_event_table_ptr);
2772 alive_data->scd_base_addr = le32toh(palive2->scd_base_ptr);
2773 sc->umac_error_event_table =
2774 le32toh(palive2->error_info_addr);
2776 alive_data->valid = le16toh(palive2->status) ==
2777 IWM_ALIVE_STATUS_OK;
2778 if (sc->umac_error_event_table)
2779 sc->support_umac_log = TRUE;
2781 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2782 "Alive VER2 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2783 le16toh(palive2->status), palive2->ver_type,
2784 palive2->ver_subtype, palive2->flags);
2786 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2787 "UMAC version: Major - 0x%x, Minor - 0x%x\n",
2788 palive2->umac_major, palive2->umac_minor);
2789 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive)) {
2790 palive = (void *)pkt->data;
2792 sc->error_event_table =
2793 le32toh(palive->error_event_table_ptr);
2794 sc->log_event_table =
2795 le32toh(palive->log_event_table_ptr);
2796 alive_data->scd_base_addr = le32toh(palive->scd_base_ptr);
2797 sc->umac_error_event_table =
2798 le32toh(palive->error_info_addr);
2800 alive_data->valid = le16toh(palive->status) ==
2801 IWM_ALIVE_STATUS_OK;
2802 if (sc->umac_error_event_table)
2803 sc->support_umac_log = TRUE;
2805 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2806 "Alive VER3 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2807 le16toh(palive->status), palive->ver_type,
2808 palive->ver_subtype, palive->flags);
2810 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2811 "UMAC version: Major - 0x%x, Minor - 0x%x\n",
2812 le32toh(palive->umac_major),
2813 le32toh(palive->umac_minor));
2820 iwm_wait_phy_db_entry(struct iwm_softc *sc,
2821 struct iwm_rx_packet *pkt, void *data)
2823 struct iwm_phy_db *phy_db = data;
2825 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) {
2826 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) {
2827 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n",
2828 __func__, pkt->hdr.code);
2833 if (iwm_phy_db_set_section(phy_db, pkt)) {
2834 device_printf(sc->sc_dev,
2835 "%s: iwm_phy_db_set_section failed\n", __func__);
2842 iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc,
2843 enum iwm_ucode_type ucode_type)
2845 struct iwm_notification_wait alive_wait;
2846 struct iwm_mvm_alive_data alive_data;
2847 const struct iwm_fw_sects *fw;
2848 enum iwm_ucode_type old_type = sc->cur_ucode;
2850 static const uint16_t alive_cmd[] = { IWM_MVM_ALIVE };
2852 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) {
2853 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n",
2857 fw = &sc->sc_fw.fw_sects[ucode_type];
2858 sc->cur_ucode = ucode_type;
2859 sc->ucode_loaded = FALSE;
2861 memset(&alive_data, 0, sizeof(alive_data));
2862 iwm_init_notification_wait(sc->sc_notif_wait, &alive_wait,
2863 alive_cmd, nitems(alive_cmd),
2864 iwm_alive_fn, &alive_data);
2866 error = iwm_start_fw(sc, fw);
2868 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error);
2869 sc->cur_ucode = old_type;
2870 iwm_remove_notification(sc->sc_notif_wait, &alive_wait);
2875 * Some things may run in the background now, but we
2876 * just wait for the ALIVE notification here.
2879 error = iwm_wait_notification(sc->sc_notif_wait, &alive_wait,
2880 IWM_MVM_UCODE_ALIVE_TIMEOUT);
2883 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
2884 uint32_t a = 0x5a5a5a5a, b = 0x5a5a5a5a;
2885 if (iwm_nic_lock(sc)) {
2886 a = iwm_read_prph(sc, IWM_SB_CPU_1_STATUS);
2887 b = iwm_read_prph(sc, IWM_SB_CPU_2_STATUS);
2890 device_printf(sc->sc_dev,
2891 "SecBoot CPU1 Status: 0x%x, CPU2 Status: 0x%x\n",
2894 sc->cur_ucode = old_type;
2898 if (!alive_data.valid) {
2899 device_printf(sc->sc_dev, "%s: Loaded ucode is not valid\n",
2901 sc->cur_ucode = old_type;
2905 iwm_trans_pcie_fw_alive(sc, alive_data.scd_base_addr);
2908 * configure and operate fw paging mechanism.
2909 * driver configures the paging flow only once, CPU2 paging image
2910 * included in the IWM_UCODE_INIT image.
2912 if (fw->paging_mem_size) {
2913 error = iwm_save_fw_paging(sc, fw);
2915 device_printf(sc->sc_dev,
2916 "%s: failed to save the FW paging image\n",
2921 error = iwm_send_paging_cmd(sc, fw);
2923 device_printf(sc->sc_dev,
2924 "%s: failed to send the paging cmd\n", __func__);
2925 iwm_free_fw_paging(sc);
2931 sc->ucode_loaded = TRUE;
2940 * follows iwlwifi/fw.c
2943 iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm)
2945 struct iwm_notification_wait calib_wait;
2946 static const uint16_t init_complete[] = {
2947 IWM_INIT_COMPLETE_NOTIF,
2948 IWM_CALIB_RES_NOTIF_PHY_DB
2952 /* do not operate with rfkill switch turned on */
2953 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2954 device_printf(sc->sc_dev,
2955 "radio is disabled by hardware switch\n");
2959 iwm_init_notification_wait(sc->sc_notif_wait,
2962 nitems(init_complete),
2963 iwm_wait_phy_db_entry,
2966 /* Will also start the device */
2967 ret = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_INIT);
2969 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n",
2976 ret = iwm_nvm_init(sc);
2978 device_printf(sc->sc_dev, "failed to read nvm\n");
2981 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr);
2985 ret = iwm_send_bt_init_conf(sc);
2987 device_printf(sc->sc_dev,
2988 "failed to send bt coex configuration: %d\n", ret);
2992 /* Init Smart FIFO. */
2993 ret = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF);
2997 /* Send TX valid antennas before triggering calibrations */
2998 ret = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc));
3000 device_printf(sc->sc_dev,
3001 "failed to send antennas before calibration: %d\n", ret);
3006 * Send phy configurations command to init uCode
3007 * to start the 16.0 uCode init image internal calibrations.
3009 ret = iwm_send_phy_cfg_cmd(sc);
3011 device_printf(sc->sc_dev,
3012 "%s: Failed to run INIT calibrations: %d\n",
3018 * Nothing to do but wait for the init complete notification
3019 * from the firmware.
3022 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait,
3023 IWM_MVM_UCODE_CALIB_TIMEOUT);
3030 iwm_remove_notification(sc->sc_notif_wait, &calib_wait);
3039 /* (re)stock rx ring, called at init-time and at runtime */
3041 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
3043 struct iwm_rx_ring *ring = &sc->rxq;
3044 struct iwm_rx_data *data = &ring->data[idx];
3046 bus_dmamap_t dmamap;
3047 bus_dma_segment_t seg;
3050 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
3054 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
3055 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m,
3056 &seg, &nsegs, BUS_DMA_NOWAIT);
3058 device_printf(sc->sc_dev,
3059 "%s: can't map mbuf, error %d\n", __func__, error);
3064 if (data->m != NULL)
3065 bus_dmamap_unload(ring->data_dmat, data->map);
3067 /* Swap ring->spare_map with data->map */
3069 data->map = ring->spare_map;
3070 ring->spare_map = dmamap;
3072 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
3075 /* Update RX descriptor. */
3076 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned"));
3077 ring->desc[idx] = htole32(seg.ds_addr >> 8);
3078 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3079 BUS_DMASYNC_PREWRITE);
3084 /* iwlwifi: mvm/rx.c */
3086 * iwm_mvm_get_signal_strength - use new rx PHY INFO API
3087 * values are reported by the fw as positive values - need to negate
3088 * to obtain their dBM. Account for missing antennas by replacing 0
3089 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
3092 iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
3094 int energy_a, energy_b, energy_c, max_energy;
3097 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
3098 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
3099 IWM_RX_INFO_ENERGY_ANT_A_POS;
3100 energy_a = energy_a ? -energy_a : -256;
3101 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
3102 IWM_RX_INFO_ENERGY_ANT_B_POS;
3103 energy_b = energy_b ? -energy_b : -256;
3104 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
3105 IWM_RX_INFO_ENERGY_ANT_C_POS;
3106 energy_c = energy_c ? -energy_c : -256;
3107 max_energy = MAX(energy_a, energy_b);
3108 max_energy = MAX(max_energy, energy_c);
3110 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3111 "energy In A %d B %d C %d , and max %d\n",
3112 energy_a, energy_b, energy_c, max_energy);
3118 iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3120 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
3122 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
3124 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
3128 * Retrieve the average noise (in dBm) among receivers.
3131 iwm_get_noise(struct iwm_softc *sc,
3132 const struct iwm_mvm_statistics_rx_non_phy *stats)
3134 int i, total, nbant, noise;
3136 total = nbant = noise = 0;
3137 for (i = 0; i < 3; i++) {
3138 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
3139 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n",
3150 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n",
3151 __func__, nbant, total);
3153 /* There should be at least one antenna but check anyway. */
3154 return (nbant == 0) ? -127 : (total / nbant) - 107;
3156 /* For now, just hard-code it to -96 to be safe */
3162 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
3164 * Handles the actual data of the Rx packet from the fw
3167 iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset,
3170 struct ieee80211com *ic = &sc->sc_ic;
3171 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3172 struct ieee80211_frame *wh;
3173 struct ieee80211_node *ni;
3174 struct ieee80211_rx_stats rxs;
3175 struct iwm_rx_phy_info *phy_info;
3176 struct iwm_rx_mpdu_res_start *rx_res;
3177 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, offset);
3179 uint32_t rx_pkt_status;
3182 phy_info = &sc->sc_last_phy_info;
3183 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
3184 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
3185 len = le16toh(rx_res->byte_count);
3186 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
3188 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
3189 device_printf(sc->sc_dev,
3190 "dsp size out of range [0,20]: %d\n",
3191 phy_info->cfg_phy_cnt);
3195 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
3196 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
3197 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3198 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
3202 rssi = iwm_mvm_get_signal_strength(sc, phy_info);
3204 /* Map it to relative value */
3205 rssi = rssi - sc->sc_noise;
3207 /* replenish ring for the buffer we're going to feed to the sharks */
3208 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
3209 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
3214 m->m_data = pkt->data + sizeof(*rx_res);
3215 m->m_pkthdr.len = m->m_len = len;
3217 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3218 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise);
3220 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
3222 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3223 "%s: phy_info: channel=%d, flags=0x%08x\n",
3225 le16toh(phy_info->channel),
3226 le16toh(phy_info->phy_flags));
3229 * Populate an RX state struct with the provided information.
3231 bzero(&rxs, sizeof(rxs));
3232 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
3233 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
3234 rxs.c_ieee = le16toh(phy_info->channel);
3235 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
3236 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
3238 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
3241 /* rssi is in 1/2db units */
3242 rxs.rssi = rssi * 2;
3243 rxs.nf = sc->sc_noise;
3245 if (ieee80211_radiotap_active_vap(vap)) {
3246 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
3249 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
3250 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3251 tap->wr_chan_freq = htole16(rxs.c_freq);
3252 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
3253 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
3254 tap->wr_dbm_antsignal = (int8_t)rssi;
3255 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
3256 tap->wr_tsft = phy_info->system_timestamp;
3257 switch (phy_info->rate) {
3259 case 10: tap->wr_rate = 2; break;
3260 case 20: tap->wr_rate = 4; break;
3261 case 55: tap->wr_rate = 11; break;
3262 case 110: tap->wr_rate = 22; break;
3264 case 0xd: tap->wr_rate = 12; break;
3265 case 0xf: tap->wr_rate = 18; break;
3266 case 0x5: tap->wr_rate = 24; break;
3267 case 0x7: tap->wr_rate = 36; break;
3268 case 0x9: tap->wr_rate = 48; break;
3269 case 0xb: tap->wr_rate = 72; break;
3270 case 0x1: tap->wr_rate = 96; break;
3271 case 0x3: tap->wr_rate = 108; break;
3272 /* Unknown rate: should not happen. */
3273 default: tap->wr_rate = 0;
3279 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
3280 ieee80211_input_mimo(ni, m, &rxs);
3281 ieee80211_free_node(ni);
3283 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
3284 ieee80211_input_mimo_all(ic, m, &rxs);
3290 fail: counter_u64_add(ic->ic_ierrors, 1);
3295 iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
3296 struct iwm_node *in)
3298 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data;
3299 struct ieee80211_node *ni = &in->in_ni;
3300 struct ieee80211vap *vap = ni->ni_vap;
3301 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
3302 int failack = tx_resp->failure_frame;
3304 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
3306 /* Update rate control statistics. */
3307 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n",
3309 (int) le16toh(tx_resp->status.status),
3310 (int) le16toh(tx_resp->status.sequence),
3311 tx_resp->frame_count,
3312 tx_resp->bt_kill_count,
3313 tx_resp->failure_rts,
3314 tx_resp->failure_frame,
3315 le32toh(tx_resp->initial_rate),
3316 (int) le16toh(tx_resp->wireless_media_time));
3318 if (status != IWM_TX_STATUS_SUCCESS &&
3319 status != IWM_TX_STATUS_DIRECT_DONE) {
3320 ieee80211_ratectl_tx_complete(vap, ni,
3321 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL);
3324 ieee80211_ratectl_tx_complete(vap, ni,
3325 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL);
3331 iwm_mvm_rx_tx_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3333 struct iwm_cmd_header *cmd_hdr = &pkt->hdr;
3334 int idx = cmd_hdr->idx;
3335 int qid = cmd_hdr->qid;
3336 struct iwm_tx_ring *ring = &sc->txq[qid];
3337 struct iwm_tx_data *txd = &ring->data[idx];
3338 struct iwm_node *in = txd->in;
3339 struct mbuf *m = txd->m;
3342 KASSERT(txd->done == 0, ("txd not done"));
3343 KASSERT(txd->in != NULL, ("txd without node"));
3344 KASSERT(txd->m != NULL, ("txd without mbuf"));
3346 sc->sc_tx_timer = 0;
3348 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in);
3350 /* Unmap and free mbuf. */
3351 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
3352 bus_dmamap_unload(ring->data_dmat, txd->map);
3354 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3355 "free txd %p, in %p\n", txd, txd->in);
3360 ieee80211_tx_complete(&in->in_ni, m, status);
3362 if (--ring->queued < IWM_TX_RING_LOMARK) {
3363 sc->qfullmsk &= ~(1 << ring->qid);
3364 if (sc->qfullmsk == 0) {
3375 * Process a "command done" firmware notification. This is where we wakeup
3376 * processes waiting for a synchronous command completion.
3380 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3382 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE];
3383 struct iwm_tx_data *data;
3385 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) {
3386 return; /* Not a command ack. */
3389 /* XXX wide commands? */
3390 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
3391 "cmd notification type 0x%x qid %d idx %d\n",
3392 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx);
3394 data = &ring->data[pkt->hdr.idx];
3396 /* If the command was mapped in an mbuf, free it. */
3397 if (data->m != NULL) {
3398 bus_dmamap_sync(ring->data_dmat, data->map,
3399 BUS_DMASYNC_POSTWRITE);
3400 bus_dmamap_unload(ring->data_dmat, data->map);
3404 wakeup(&ring->desc[pkt->hdr.idx]);
3406 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) {
3407 device_printf(sc->sc_dev,
3408 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n",
3409 __func__, pkt->hdr.idx, ring->queued, ring->cur);
3410 /* XXX call iwm_force_nmi() */
3413 KASSERT(ring->queued > 0, ("ring->queued is empty?"));
3415 if (ring->queued == 0)
3416 iwm_pcie_clear_cmd_in_flight(sc);
3421 * necessary only for block ack mode
3424 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
3427 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
3430 scd_bc_tbl = sc->sched_dma.vaddr;
3432 len += 8; /* magic numbers came naturally from paris */
3433 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE)
3434 len = roundup(len, 4) / 4;
3436 w_val = htole16(sta_id << 12 | len);
3438 /* Update TX scheduler. */
3439 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
3440 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3441 BUS_DMASYNC_PREWRITE);
3443 /* I really wonder what this is ?!? */
3444 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
3445 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
3446 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3447 BUS_DMASYNC_PREWRITE);
3453 * Take an 802.11 (non-n) rate, find the relevant rate
3454 * table entry. return the index into in_ridx[].
3456 * The caller then uses that index back into in_ridx
3457 * to figure out the rate index programmed /into/
3458 * the firmware for this given node.
3461 iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in,
3467 for (i = 0; i < nitems(in->in_ridx); i++) {
3468 r = iwm_rates[in->in_ridx[i]].rate;
3473 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3474 "%s: couldn't find an entry for rate=%d\n",
3478 /* XXX Return the first */
3479 /* XXX TODO: have it return the /lowest/ */
3484 iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate)
3488 for (i = 0; i < nitems(iwm_rates); i++) {
3489 if (iwm_rates[i].rate == rate)
3493 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3494 "%s: couldn't find an entry for rate=%d\n",
3501 * Fill in the rate related information for a transmit command.
3503 static const struct iwm_rate *
3504 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
3505 struct mbuf *m, struct iwm_tx_cmd *tx)
3507 struct ieee80211_node *ni = &in->in_ni;
3508 struct ieee80211_frame *wh;
3509 const struct ieee80211_txparam *tp = ni->ni_txparms;
3510 const struct iwm_rate *rinfo;
3512 int ridx, rate_flags;
3514 wh = mtod(m, struct ieee80211_frame *);
3515 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3517 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
3518 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
3520 if (type == IEEE80211_FC0_TYPE_MGT) {
3521 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate);
3522 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3523 "%s: MGT (%d)\n", __func__, tp->mgmtrate);
3524 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3525 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate);
3526 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3527 "%s: MCAST (%d)\n", __func__, tp->mcastrate);
3528 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
3529 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate);
3530 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3531 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate);
3532 } else if (m->m_flags & M_EAPOL) {
3533 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate);
3534 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3535 "%s: EAPOL\n", __func__);
3536 } else if (type == IEEE80211_FC0_TYPE_DATA) {
3539 /* for data frames, use RS table */
3540 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__);
3541 /* XXX pass pktlen */
3542 (void) ieee80211_ratectl_rate(ni, NULL, 0);
3543 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate);
3544 ridx = in->in_ridx[i];
3546 /* This is the index into the programmed table */
3547 tx->initial_rate_index = i;
3548 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
3550 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3551 "%s: start with i=%d, txrate %d\n",
3552 __func__, i, iwm_rates[ridx].rate);
3554 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate);
3555 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DEFAULT (%d)\n",
3556 __func__, tp->mgmtrate);
3559 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3560 "%s: frame type=%d txrate %d\n",
3561 __func__, type, iwm_rates[ridx].rate);
3563 rinfo = &iwm_rates[ridx];
3565 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
3568 !! (IWM_RIDX_IS_CCK(ridx))
3571 /* XXX TODO: hard-coded TX antenna? */
3572 rate_flags = 1 << IWM_RATE_MCS_ANT_POS;
3573 if (IWM_RIDX_IS_CCK(ridx))
3574 rate_flags |= IWM_RATE_MCS_CCK_MSK;
3575 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
3582 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
3584 struct ieee80211com *ic = &sc->sc_ic;
3585 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3586 struct iwm_node *in = IWM_NODE(ni);
3587 struct iwm_tx_ring *ring;
3588 struct iwm_tx_data *data;
3589 struct iwm_tfd *desc;
3590 struct iwm_device_cmd *cmd;
3591 struct iwm_tx_cmd *tx;
3592 struct ieee80211_frame *wh;
3593 struct ieee80211_key *k = NULL;
3595 const struct iwm_rate *rinfo;
3598 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
3601 int i, totlen, error, pad;
3603 wh = mtod(m, struct ieee80211_frame *);
3604 hdrlen = ieee80211_anyhdrsize(wh);
3605 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3607 ring = &sc->txq[ac];
3608 desc = &ring->desc[ring->cur];
3609 memset(desc, 0, sizeof(*desc));
3610 data = &ring->data[ring->cur];
3612 /* Fill out iwm_tx_cmd to send to the firmware */
3613 cmd = &ring->cmd[ring->cur];
3614 cmd->hdr.code = IWM_TX_CMD;
3616 cmd->hdr.qid = ring->qid;
3617 cmd->hdr.idx = ring->cur;
3619 tx = (void *)cmd->data;
3620 memset(tx, 0, sizeof(*tx));
3622 rinfo = iwm_tx_fill_cmd(sc, in, m, tx);
3624 /* Encrypt the frame if need be. */
3625 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
3626 /* Retrieve key for TX && do software encryption. */
3627 k = ieee80211_crypto_encap(ni, m);
3632 /* 802.11 header may have moved. */
3633 wh = mtod(m, struct ieee80211_frame *);
3636 if (ieee80211_radiotap_active_vap(vap)) {
3637 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
3640 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
3641 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
3642 tap->wt_rate = rinfo->rate;
3644 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
3645 ieee80211_radiotap_tx(vap, m);
3649 totlen = m->m_pkthdr.len;
3652 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3653 flags |= IWM_TX_CMD_FLG_ACK;
3656 if (type == IEEE80211_FC0_TYPE_DATA
3657 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold)
3658 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3659 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
3662 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3663 type != IEEE80211_FC0_TYPE_DATA)
3664 tx->sta_id = sc->sc_aux_sta.sta_id;
3666 tx->sta_id = IWM_STATION_ID;
3668 if (type == IEEE80211_FC0_TYPE_MGT) {
3669 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3671 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3672 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
3673 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC);
3674 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) {
3675 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3677 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT);
3680 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3684 /* First segment length must be a multiple of 4. */
3685 flags |= IWM_TX_CMD_FLG_MH_PAD;
3686 pad = 4 - (hdrlen & 3);
3690 tx->driver_txop = 0;
3691 tx->next_frame_len = 0;
3693 tx->len = htole16(totlen);
3694 tx->tid_tspec = tid;
3695 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
3697 /* Set physical address of "scratch area". */
3698 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
3699 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
3701 /* Copy 802.11 header in TX command. */
3702 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen);
3704 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
3707 tx->tx_flags |= htole32(flags);
3709 /* Trim 802.11 header. */
3711 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3712 segs, &nsegs, BUS_DMA_NOWAIT);
3714 if (error != EFBIG) {
3715 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3720 /* Too many DMA segments, linearize mbuf. */
3721 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2);
3723 device_printf(sc->sc_dev,
3724 "%s: could not defrag mbuf\n", __func__);
3730 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3731 segs, &nsegs, BUS_DMA_NOWAIT);
3733 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3743 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3744 "sending txd %p, in %p\n", data, data->in);
3745 KASSERT(data->in != NULL, ("node is NULL"));
3747 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3748 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n",
3749 ring->qid, ring->cur, totlen, nsegs,
3750 le32toh(tx->tx_flags),
3751 le32toh(tx->rate_n_flags),
3752 tx->initial_rate_index
3755 /* Fill TX descriptor. */
3756 desc->num_tbs = 2 + nsegs;
3758 desc->tbs[0].lo = htole32(data->cmd_paddr);
3759 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3761 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
3762 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3763 ((sizeof(struct iwm_cmd_header) + sizeof(*tx)
3764 + hdrlen + pad - TB0_SIZE) << 4);
3766 /* Other DMA segments are for data payload. */
3767 for (i = 0; i < nsegs; i++) {
3769 desc->tbs[i+2].lo = htole32(seg->ds_addr);
3770 desc->tbs[i+2].hi_n_len = \
3771 htole16(iwm_get_dma_hi_addr(seg->ds_addr))
3772 | ((seg->ds_len) << 4);
3775 bus_dmamap_sync(ring->data_dmat, data->map,
3776 BUS_DMASYNC_PREWRITE);
3777 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
3778 BUS_DMASYNC_PREWRITE);
3779 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3780 BUS_DMASYNC_PREWRITE);
3783 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
3787 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
3788 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3790 /* Mark TX ring as full if we reach a certain threshold. */
3791 if (++ring->queued > IWM_TX_RING_HIMARK) {
3792 sc->qfullmsk |= 1 << ring->qid;
3799 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3800 const struct ieee80211_bpf_params *params)
3802 struct ieee80211com *ic = ni->ni_ic;
3803 struct iwm_softc *sc = ic->ic_softc;
3806 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3807 "->%s begin\n", __func__);
3809 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
3811 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3812 "<-%s not RUNNING\n", __func__);
3818 if (params == NULL) {
3819 error = iwm_tx(sc, m, ni, 0);
3821 error = iwm_tx(sc, m, ni, 0);
3823 sc->sc_tx_timer = 5;
3834 * Note that there are transports that buffer frames before they reach
3835 * the firmware. This means that after flush_tx_path is called, the
3836 * queue might not be empty. The race-free way to handle this is to:
3837 * 1) set the station as draining
3838 * 2) flush the Tx path
3839 * 3) wait for the transport queues to be empty
3842 iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags)
3845 struct iwm_tx_path_flush_cmd flush_cmd = {
3846 .queues_ctl = htole32(tfd_msk),
3847 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
3850 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags,
3851 sizeof(flush_cmd), &flush_cmd);
3853 device_printf(sc->sc_dev,
3854 "Flushing tx queue failed: %d\n", ret);
3863 iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_vap *ivp)
3865 struct iwm_time_quota_cmd cmd;
3866 int i, idx, ret, num_active_macs, quota, quota_rem;
3867 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
3868 int n_ifs[IWM_MAX_BINDINGS] = {0, };
3871 memset(&cmd, 0, sizeof(cmd));
3873 /* currently, PHY ID == binding ID */
3875 id = ivp->phy_ctxt->id;
3876 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
3877 colors[id] = ivp->phy_ctxt->color;
3884 * The FW's scheduling session consists of
3885 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments
3886 * equally between all the bindings that require quota
3888 num_active_macs = 0;
3889 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
3890 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
3891 num_active_macs += n_ifs[i];
3896 if (num_active_macs) {
3897 quota = IWM_MVM_MAX_QUOTA / num_active_macs;
3898 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs;
3901 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
3905 cmd.quotas[idx].id_and_color =
3906 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
3908 if (n_ifs[i] <= 0) {
3909 cmd.quotas[idx].quota = htole32(0);
3910 cmd.quotas[idx].max_duration = htole32(0);
3912 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
3913 cmd.quotas[idx].max_duration = htole32(0);
3918 /* Give the remainder of the session to the first binding */
3919 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
3921 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
3924 device_printf(sc->sc_dev,
3925 "%s: Failed to send quota: %d\n", __func__, ret);
3934 * ieee80211 routines
3938 * Change to AUTH state in 80211 state machine. Roughly matches what
3939 * Linux does in bss_info_changed().
3942 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
3944 struct ieee80211_node *ni;
3945 struct iwm_node *in;
3946 struct iwm_vap *iv = IWM_VAP(vap);
3951 * XXX i have a feeling that the vap node is being
3952 * freed from underneath us. Grr.
3954 ni = ieee80211_ref_node(vap->iv_bss);
3956 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
3957 "%s: called; vap=%p, bss ni=%p\n",
3965 * Firmware bug - it'll crash if the beacon interval is less
3966 * than 16. We can't avoid connecting at all, so refuse the
3967 * station state change, this will cause net80211 to abandon
3968 * attempts to connect to this AP, and eventually wpa_s will
3969 * blacklist the AP...
3971 if (ni->ni_intval < 16) {
3972 device_printf(sc->sc_dev,
3973 "AP %s beacon interval is %d, refusing due to firmware bug!\n",
3974 ether_sprintf(ni->ni_bssid), ni->ni_intval);
3979 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON);
3983 error = iwm_allow_mcast(vap, sc);
3985 device_printf(sc->sc_dev,
3986 "%s: failed to set multicast\n", __func__);
3991 * This is where it deviates from what Linux does.
3993 * Linux iwlwifi doesn't reset the nic each time, nor does it
3994 * call ctxt_add() here. Instead, it adds it during vap creation,
3995 * and always does a mac_ctx_changed().
3997 * The openbsd port doesn't attempt to do that - it reset things
3998 * at odd states and does the add here.
4000 * So, until the state handling is fixed (ie, we never reset
4001 * the NIC except for a firmware failure, which should drag
4002 * the NIC back to IDLE, re-setup and re-add all the mac/phy
4003 * contexts that are required), let's do a dirty hack here.
4005 if (iv->is_uploaded) {
4006 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
4007 device_printf(sc->sc_dev,
4008 "%s: failed to update MAC\n", __func__);
4011 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
4012 in->in_ni.ni_chan, 1, 1)) != 0) {
4013 device_printf(sc->sc_dev,
4014 "%s: failed update phy ctxt\n", __func__);
4017 iv->phy_ctxt = &sc->sc_phyctxt[0];
4019 if ((error = iwm_mvm_binding_add_vif(sc, iv)) != 0) {
4020 device_printf(sc->sc_dev,
4021 "%s: binding update cmd\n", __func__);
4024 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
4025 device_printf(sc->sc_dev,
4026 "%s: failed to update sta\n", __func__);
4030 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) {
4031 device_printf(sc->sc_dev,
4032 "%s: failed to add MAC\n", __func__);
4035 if ((error = iwm_mvm_power_update_mac(sc)) != 0) {
4036 device_printf(sc->sc_dev,
4037 "%s: failed to update power management\n",
4041 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
4042 in->in_ni.ni_chan, 1, 1)) != 0) {
4043 device_printf(sc->sc_dev,
4044 "%s: failed add phy ctxt!\n", __func__);
4048 iv->phy_ctxt = &sc->sc_phyctxt[0];
4050 if ((error = iwm_mvm_binding_add_vif(sc, iv)) != 0) {
4051 device_printf(sc->sc_dev,
4052 "%s: binding add cmd\n", __func__);
4055 if ((error = iwm_mvm_add_sta(sc, in)) != 0) {
4056 device_printf(sc->sc_dev,
4057 "%s: failed to add sta\n", __func__);
4063 * Prevent the FW from wandering off channel during association
4064 * by "protecting" the session with a time event.
4066 /* XXX duration is in units of TU, not MS */
4067 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS;
4068 iwm_mvm_protect_session(sc, iv, duration, 500 /* XXX magic number */);
4073 ieee80211_free_node(ni);
4078 iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc)
4080 struct iwm_node *in = IWM_NODE(vap->iv_bss);
4083 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
4084 device_printf(sc->sc_dev,
4085 "%s: failed to update STA\n", __func__);
4090 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
4091 device_printf(sc->sc_dev,
4092 "%s: failed to update MAC\n", __func__);
4100 iwm_release(struct iwm_softc *sc, struct iwm_node *in)
4105 * Ok, so *technically* the proper set of calls for going
4106 * from RUN back to SCAN is:
4108 * iwm_mvm_power_mac_disable(sc, in);
4109 * iwm_mvm_mac_ctxt_changed(sc, vap);
4110 * iwm_mvm_rm_sta(sc, in);
4111 * iwm_mvm_update_quotas(sc, NULL);
4112 * iwm_mvm_mac_ctxt_changed(sc, in);
4113 * iwm_mvm_binding_remove_vif(sc, IWM_VAP(in->in_ni.ni_vap));
4114 * iwm_mvm_mac_ctxt_remove(sc, in);
4116 * However, that freezes the device not matter which permutations
4117 * and modifications are attempted. Obviously, this driver is missing
4118 * something since it works in the Linux driver, but figuring out what
4119 * is missing is a little more complicated. Now, since we're going
4120 * back to nothing anyway, we'll just do a complete device reset.
4121 * Up your's, device!
4124 * Just using 0xf for the queues mask is fine as long as we only
4125 * get here from RUN state.
4128 mbufq_drain(&sc->sc_snd);
4129 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC);
4131 * We seem to get away with just synchronously sending the
4132 * IWM_TXPATH_FLUSH command.
4134 // iwm_trans_wait_tx_queue_empty(sc, tfd_msk);
4135 iwm_stop_device(sc);
4144 iwm_mvm_power_mac_disable(sc, in);
4146 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
4147 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error);
4151 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) {
4152 device_printf(sc->sc_dev, "sta remove fail %d\n", error);
4155 error = iwm_mvm_rm_sta(sc, in);
4157 iwm_mvm_update_quotas(sc, NULL);
4158 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
4159 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error);
4162 iwm_mvm_binding_remove_vif(sc, IWM_VAP(in->in_ni.ni_vap));
4164 iwm_mvm_mac_ctxt_remove(sc, in);
4170 static struct ieee80211_node *
4171 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
4173 return malloc(sizeof (struct iwm_node), M_80211_NODE,
4178 iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx)
4183 for (i = 0; i < rs->rs_nrates; i++) {
4184 rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL);
4185 if (rval == iwm_rates[ridx].rate)
4186 return rs->rs_rates[i];
4193 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in)
4195 struct ieee80211_node *ni = &in->in_ni;
4196 struct iwm_lq_cmd *lq = &in->in_lq;
4197 int nrates = ni->ni_rates.rs_nrates;
4198 int i, ridx, tab = 0;
4201 if (nrates > nitems(lq->rs_table)) {
4202 device_printf(sc->sc_dev,
4203 "%s: node supports %d rates, driver handles "
4204 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
4208 device_printf(sc->sc_dev,
4209 "%s: node supports 0 rates, odd!\n", __func__);
4214 * XXX .. and most of iwm_node is not initialised explicitly;
4215 * it's all just 0x0 passed to the firmware.
4218 /* first figure out which rates we should support */
4219 /* XXX TODO: this isn't 11n aware /at all/ */
4220 memset(&in->in_ridx, -1, sizeof(in->in_ridx));
4221 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4222 "%s: nrates=%d\n", __func__, nrates);
4225 * Loop over nrates and populate in_ridx from the highest
4226 * rate to the lowest rate. Remember, in_ridx[] has
4227 * IEEE80211_RATE_MAXSIZE entries!
4229 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) {
4230 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL;
4232 /* Map 802.11 rate to HW rate index. */
4233 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++)
4234 if (iwm_rates[ridx].rate == rate)
4236 if (ridx > IWM_RIDX_MAX) {
4237 device_printf(sc->sc_dev,
4238 "%s: WARNING: device rate for %d not found!\n",
4241 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4242 "%s: rate: i: %d, rate=%d, ridx=%d\n",
4247 in->in_ridx[i] = ridx;
4251 /* then construct a lq_cmd based on those */
4252 memset(lq, 0, sizeof(*lq));
4253 lq->sta_id = IWM_STATION_ID;
4255 /* For HT, always enable RTS/CTS to avoid excessive retries. */
4256 if (ni->ni_flags & IEEE80211_NODE_HT)
4257 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK;
4260 * are these used? (we don't do SISO or MIMO)
4261 * need to set them to non-zero, though, or we get an error.
4263 lq->single_stream_ant_msk = 1;
4264 lq->dual_stream_ant_msk = 1;
4267 * Build the actual rate selection table.
4268 * The lowest bits are the rates. Additionally,
4269 * CCK needs bit 9 to be set. The rest of the bits
4270 * we add to the table select the tx antenna
4271 * Note that we add the rates in the highest rate first
4272 * (opposite of ni_rates).
4275 * XXX TODO: this should be looping over the min of nrates
4276 * and LQ_MAX_RETRY_NUM. Sigh.
4278 for (i = 0; i < nrates; i++) {
4283 txant = iwm_mvm_get_valid_tx_ant(sc);
4284 nextant = 1<<(ffs(txant)-1);
4287 nextant = iwm_mvm_get_valid_tx_ant(sc);
4290 * Map the rate id into a rate index into
4291 * our hardware table containing the
4292 * configuration to use for this rate.
4294 ridx = in->in_ridx[i];
4295 tab = iwm_rates[ridx].plcp;
4296 tab |= nextant << IWM_RATE_MCS_ANT_POS;
4297 if (IWM_RIDX_IS_CCK(ridx))
4298 tab |= IWM_RATE_MCS_CCK_MSK;
4299 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4300 "station rate i=%d, rate=%d, hw=%x\n",
4301 i, iwm_rates[ridx].rate, tab);
4302 lq->rs_table[i] = htole32(tab);
4304 /* then fill the rest with the lowest possible rate */
4305 for (i = nrates; i < nitems(lq->rs_table); i++) {
4306 KASSERT(tab != 0, ("invalid tab"));
4307 lq->rs_table[i] = htole32(tab);
4312 iwm_media_change(struct ifnet *ifp)
4314 struct ieee80211vap *vap = ifp->if_softc;
4315 struct ieee80211com *ic = vap->iv_ic;
4316 struct iwm_softc *sc = ic->ic_softc;
4319 error = ieee80211_media_change(ifp);
4320 if (error != ENETRESET)
4324 if (ic->ic_nrunning > 0) {
4334 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
4336 struct iwm_vap *ivp = IWM_VAP(vap);
4337 struct ieee80211com *ic = vap->iv_ic;
4338 struct iwm_softc *sc = ic->ic_softc;
4339 struct iwm_node *in;
4342 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4343 "switching state %s -> %s\n",
4344 ieee80211_state_name[vap->iv_state],
4345 ieee80211_state_name[nstate]);
4346 IEEE80211_UNLOCK(ic);
4349 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state)
4350 iwm_led_blink_stop(sc);
4352 /* disable beacon filtering if we're hopping out of RUN */
4353 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) {
4354 iwm_mvm_disable_beacon_filter(sc);
4356 if (((in = IWM_NODE(vap->iv_bss)) != NULL))
4359 if (nstate == IEEE80211_S_INIT) {
4362 error = ivp->iv_newstate(vap, nstate, arg);
4363 IEEE80211_UNLOCK(ic);
4365 iwm_release(sc, NULL);
4372 * It's impossible to directly go RUN->SCAN. If we iwm_release()
4373 * above then the card will be completely reinitialized,
4374 * so the driver must do everything necessary to bring the card
4375 * from INIT to SCAN.
4377 * Additionally, upon receiving deauth frame from AP,
4378 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH
4379 * state. This will also fail with this driver, so bring the FSM
4380 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well.
4382 * XXX TODO: fix this for FreeBSD!
4384 if (nstate == IEEE80211_S_SCAN ||
4385 nstate == IEEE80211_S_AUTH ||
4386 nstate == IEEE80211_S_ASSOC) {
4387 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4388 "Force transition to INIT; MGT=%d\n", arg);
4391 /* Always pass arg as -1 since we can't Tx right now. */
4393 * XXX arg is just ignored anyway when transitioning
4394 * to IEEE80211_S_INIT.
4396 vap->iv_newstate(vap, IEEE80211_S_INIT, -1);
4397 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4398 "Going INIT->SCAN\n");
4399 nstate = IEEE80211_S_SCAN;
4400 IEEE80211_UNLOCK(ic);
4406 case IEEE80211_S_INIT:
4407 case IEEE80211_S_SCAN:
4408 if (vap->iv_state == IEEE80211_S_AUTH ||
4409 vap->iv_state == IEEE80211_S_ASSOC) {
4413 myerr = ivp->iv_newstate(vap, nstate, arg);
4414 IEEE80211_UNLOCK(ic);
4416 error = iwm_mvm_rm_sta(sc, vap, FALSE);
4418 device_printf(sc->sc_dev,
4419 "%s: Failed to remove station: %d\n",
4422 error = iwm_mvm_mac_ctxt_changed(sc, vap);
4424 device_printf(sc->sc_dev,
4425 "%s: Failed to change mac context: %d\n",
4428 error = iwm_mvm_binding_remove_vif(sc, ivp);
4430 device_printf(sc->sc_dev,
4431 "%s: Failed to remove channel ctx: %d\n",
4434 ivp->phy_ctxt = NULL;
4441 case IEEE80211_S_AUTH:
4442 if ((error = iwm_auth(vap, sc)) != 0) {
4443 device_printf(sc->sc_dev,
4444 "%s: could not move to auth state: %d\n",
4450 case IEEE80211_S_ASSOC:
4451 if ((error = iwm_assoc(vap, sc)) != 0) {
4452 device_printf(sc->sc_dev,
4453 "%s: failed to associate: %d\n", __func__,
4459 case IEEE80211_S_RUN:
4461 struct iwm_host_cmd cmd = {
4463 .len = { sizeof(in->in_lq), },
4464 .flags = IWM_CMD_SYNC,
4467 /* Update the association state, now we have it all */
4468 /* (eg associd comes in at this point */
4469 error = iwm_assoc(vap, sc);
4471 device_printf(sc->sc_dev,
4472 "%s: failed to update association state: %d\n",
4478 in = IWM_NODE(vap->iv_bss);
4479 iwm_mvm_enable_beacon_filter(sc, in);
4480 iwm_mvm_power_update_mac(sc);
4481 iwm_mvm_update_quotas(sc, ivp);
4482 iwm_setrates(sc, in);
4484 cmd.data[0] = &in->in_lq;
4485 if ((error = iwm_send_cmd(sc, &cmd)) != 0) {
4486 device_printf(sc->sc_dev,
4487 "%s: IWM_LQ_CMD failed\n", __func__);
4490 iwm_mvm_led_enable(sc);
4500 return (ivp->iv_newstate(vap, nstate, arg));
4504 iwm_endscan_cb(void *arg, int pending)
4506 struct iwm_softc *sc = arg;
4507 struct ieee80211com *ic = &sc->sc_ic;
4509 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
4513 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
4517 * Aging and idle timeouts for the different possible scenarios
4518 * in default configuration
4520 static const uint32_t
4521 iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4523 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF),
4524 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF)
4527 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF),
4528 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF)
4531 htole32(IWM_SF_MCAST_AGING_TIMER_DEF),
4532 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF)
4535 htole32(IWM_SF_BA_AGING_TIMER_DEF),
4536 htole32(IWM_SF_BA_IDLE_TIMER_DEF)
4539 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF),
4540 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF)
4545 * Aging and idle timeouts for the different possible scenarios
4546 * in single BSS MAC configuration.
4548 static const uint32_t
4549 iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4551 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER),
4552 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER)
4555 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER),
4556 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER)
4559 htole32(IWM_SF_MCAST_AGING_TIMER),
4560 htole32(IWM_SF_MCAST_IDLE_TIMER)
4563 htole32(IWM_SF_BA_AGING_TIMER),
4564 htole32(IWM_SF_BA_IDLE_TIMER)
4567 htole32(IWM_SF_TX_RE_AGING_TIMER),
4568 htole32(IWM_SF_TX_RE_IDLE_TIMER)
4573 iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd,
4574 struct ieee80211_node *ni)
4576 int i, j, watermark;
4578 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN);
4581 * If we are in association flow - check antenna configuration
4582 * capabilities of the AP station, and choose the watermark accordingly.
4585 if (ni->ni_flags & IEEE80211_NODE_HT) {
4587 if (ni->ni_rxmcs[2] != 0)
4588 watermark = IWM_SF_W_MARK_MIMO3;
4589 else if (ni->ni_rxmcs[1] != 0)
4590 watermark = IWM_SF_W_MARK_MIMO2;
4593 watermark = IWM_SF_W_MARK_SISO;
4595 watermark = IWM_SF_W_MARK_LEGACY;
4597 /* default watermark value for unassociated mode. */
4599 watermark = IWM_SF_W_MARK_MIMO2;
4601 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark);
4603 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) {
4604 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) {
4605 sf_cmd->long_delay_timeouts[i][j] =
4606 htole32(IWM_SF_LONG_DELAY_AGING_TIMER);
4611 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout,
4612 sizeof(iwm_sf_full_timeout));
4614 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def,
4615 sizeof(iwm_sf_full_timeout_def));
4620 iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state)
4622 struct ieee80211com *ic = &sc->sc_ic;
4623 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4624 struct iwm_sf_cfg_cmd sf_cmd = {
4625 .state = htole32(IWM_SF_FULL_ON),
4629 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
4630 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF);
4632 switch (new_state) {
4634 case IWM_SF_INIT_OFF:
4635 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL);
4637 case IWM_SF_FULL_ON:
4638 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss);
4641 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE,
4642 "Invalid state: %d. not sending Smart Fifo cmd\n",
4647 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC,
4648 sizeof(sf_cmd), &sf_cmd);
4653 iwm_send_bt_init_conf(struct iwm_softc *sc)
4655 struct iwm_bt_coex_cmd bt_cmd;
4657 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI);
4658 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET);
4660 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd),
4665 iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2)
4667 struct iwm_mcc_update_cmd mcc_cmd;
4668 struct iwm_host_cmd hcmd = {
4669 .id = IWM_MCC_UPDATE_CMD,
4670 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB),
4671 .data = { &mcc_cmd },
4675 struct iwm_rx_packet *pkt;
4676 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL;
4677 struct iwm_mcc_update_resp *mcc_resp;
4681 int resp_v2 = fw_has_capa(&sc->ucode_capa,
4682 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2);
4684 memset(&mcc_cmd, 0, sizeof(mcc_cmd));
4685 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]);
4686 if (fw_has_api(&sc->ucode_capa, IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) ||
4687 fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC))
4688 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT;
4690 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW;
4693 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd);
4695 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1);
4697 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4698 "send MCC update to FW with '%c%c' src = %d\n",
4699 alpha2[0], alpha2[1], mcc_cmd.source_id);
4701 ret = iwm_send_cmd(sc, &hcmd);
4706 pkt = hcmd.resp_pkt;
4708 /* Extract MCC response */
4710 mcc_resp = (void *)pkt->data;
4711 mcc = mcc_resp->mcc;
4712 n_channels = le32toh(mcc_resp->n_channels);
4714 mcc_resp_v1 = (void *)pkt->data;
4715 mcc = mcc_resp_v1->mcc;
4716 n_channels = le32toh(mcc_resp_v1->n_channels);
4719 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */
4721 mcc = 0x3030; /* "00" - world */
4723 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4724 "regulatory domain '%c%c' (%d channels available)\n",
4725 mcc >> 8, mcc & 0xff, n_channels);
4727 iwm_free_resp(sc, &hcmd);
4733 iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff)
4735 struct iwm_host_cmd cmd = {
4736 .id = IWM_REPLY_THERMAL_MNG_BACKOFF,
4737 .len = { sizeof(uint32_t), },
4738 .data = { &backoff, },
4741 if (iwm_send_cmd(sc, &cmd) != 0) {
4742 device_printf(sc->sc_dev,
4743 "failed to change thermal tx backoff\n");
4748 iwm_init_hw(struct iwm_softc *sc)
4750 struct ieee80211com *ic = &sc->sc_ic;
4753 if ((error = iwm_start_hw(sc)) != 0) {
4754 printf("iwm_start_hw: failed %d\n", error);
4758 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) {
4759 printf("iwm_run_init_mvm_ucode: failed %d\n", error);
4764 * should stop and start HW since that INIT
4767 iwm_stop_device(sc);
4768 sc->sc_ps_disabled = FALSE;
4769 if ((error = iwm_start_hw(sc)) != 0) {
4770 device_printf(sc->sc_dev, "could not initialize hardware\n");
4774 /* omstart, this time with the regular firmware */
4775 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR);
4777 device_printf(sc->sc_dev, "could not load firmware\n");
4781 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
4782 device_printf(sc->sc_dev, "bt init conf failed\n");
4786 error = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc));
4788 device_printf(sc->sc_dev, "antenna config failed\n");
4792 /* Send phy db control command and then phy db calibration */
4793 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0)
4796 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) {
4797 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n");
4801 /* Add auxiliary station for scanning */
4802 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) {
4803 device_printf(sc->sc_dev, "add_aux_sta failed\n");
4807 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
4809 * The channel used here isn't relevant as it's
4810 * going to be overwritten in the other flows.
4811 * For now use the first channel we have.
4813 if ((error = iwm_mvm_phy_ctxt_add(sc,
4814 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
4818 /* Initialize tx backoffs to the minimum. */
4819 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
4820 iwm_mvm_tt_tx_backoff(sc, 0);
4822 error = iwm_mvm_power_update_device(sc);
4826 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) {
4827 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0)
4831 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) {
4832 if ((error = iwm_mvm_config_umac_scan(sc)) != 0)
4836 /* Enable Tx queues. */
4837 for (ac = 0; ac < WME_NUM_AC; ac++) {
4838 error = iwm_enable_txq(sc, IWM_STATION_ID, ac,
4839 iwm_mvm_ac_to_tx_fifo[ac]);
4844 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) {
4845 device_printf(sc->sc_dev, "failed to disable beacon filter\n");
4852 iwm_stop_device(sc);
4856 /* Allow multicast from our BSSID. */
4858 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
4860 struct ieee80211_node *ni = vap->iv_bss;
4861 struct iwm_mcast_filter_cmd *cmd;
4865 size = roundup(sizeof(*cmd), 4);
4866 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
4869 cmd->filter_own = 1;
4873 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
4875 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
4876 IWM_CMD_SYNC, size, cmd);
4877 free(cmd, M_DEVBUF);
4887 iwm_init(struct iwm_softc *sc)
4891 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
4894 sc->sc_generation++;
4895 sc->sc_flags &= ~IWM_FLAG_STOPPED;
4897 if ((error = iwm_init_hw(sc)) != 0) {
4898 printf("iwm_init_hw failed %d\n", error);
4904 * Ok, firmware loaded and we are jogging
4906 sc->sc_flags |= IWM_FLAG_HW_INITED;
4907 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4911 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
4913 struct iwm_softc *sc;
4919 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
4923 error = mbufq_enqueue(&sc->sc_snd, m);
4934 * Dequeue packets from sendq and call send.
4937 iwm_start(struct iwm_softc *sc)
4939 struct ieee80211_node *ni;
4943 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
4944 while (sc->qfullmsk == 0 &&
4945 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
4946 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
4947 if (iwm_tx(sc, m, ni, ac) != 0) {
4948 if_inc_counter(ni->ni_vap->iv_ifp,
4949 IFCOUNTER_OERRORS, 1);
4950 ieee80211_free_node(ni);
4953 sc->sc_tx_timer = 15;
4955 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
4959 iwm_stop(struct iwm_softc *sc)
4962 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
4963 sc->sc_flags |= IWM_FLAG_STOPPED;
4964 sc->sc_generation++;
4965 iwm_led_blink_stop(sc);
4966 sc->sc_tx_timer = 0;
4967 iwm_stop_device(sc);
4968 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
4972 iwm_watchdog(void *arg)
4974 struct iwm_softc *sc = arg;
4975 struct ieee80211com *ic = &sc->sc_ic;
4977 if (sc->sc_tx_timer > 0) {
4978 if (--sc->sc_tx_timer == 0) {
4979 device_printf(sc->sc_dev, "device timeout\n");
4983 ieee80211_restart_all(ic);
4984 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
4988 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4992 iwm_parent(struct ieee80211com *ic)
4994 struct iwm_softc *sc = ic->ic_softc;
4998 if (ic->ic_nrunning > 0) {
4999 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
5003 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
5007 ieee80211_start_all(ic);
5011 * The interrupt side of things
5015 * error dumping routines are from iwlwifi/mvm/utils.c
5019 * Note: This structure is read from the device with IO accesses,
5020 * and the reading already does the endian conversion. As it is
5021 * read with uint32_t-sized accesses, any members with a different size
5022 * need to be ordered correctly though!
5024 struct iwm_error_event_table {
5025 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5026 uint32_t error_id; /* type of error */
5027 uint32_t trm_hw_status0; /* TRM HW status */
5028 uint32_t trm_hw_status1; /* TRM HW status */
5029 uint32_t blink2; /* branch link */
5030 uint32_t ilink1; /* interrupt link */
5031 uint32_t ilink2; /* interrupt link */
5032 uint32_t data1; /* error-specific data */
5033 uint32_t data2; /* error-specific data */
5034 uint32_t data3; /* error-specific data */
5035 uint32_t bcon_time; /* beacon timer */
5036 uint32_t tsf_low; /* network timestamp function timer */
5037 uint32_t tsf_hi; /* network timestamp function timer */
5038 uint32_t gp1; /* GP1 timer register */
5039 uint32_t gp2; /* GP2 timer register */
5040 uint32_t fw_rev_type; /* firmware revision type */
5041 uint32_t major; /* uCode version major */
5042 uint32_t minor; /* uCode version minor */
5043 uint32_t hw_ver; /* HW Silicon version */
5044 uint32_t brd_ver; /* HW board version */
5045 uint32_t log_pc; /* log program counter */
5046 uint32_t frame_ptr; /* frame pointer */
5047 uint32_t stack_ptr; /* stack pointer */
5048 uint32_t hcmd; /* last host command header */
5049 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
5051 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
5053 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
5055 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
5057 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
5059 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */
5060 uint32_t wait_event; /* wait event() caller address */
5061 uint32_t l2p_control; /* L2pControlField */
5062 uint32_t l2p_duration; /* L2pDurationField */
5063 uint32_t l2p_mhvalid; /* L2pMhValidBits */
5064 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
5065 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
5067 uint32_t u_timestamp; /* indicate when the date and time of the
5069 uint32_t flow_handler; /* FH read/write pointers, RX credit */
5070 } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */;
5073 * UMAC error struct - relevant starting from family 8000 chip.
5074 * Note: This structure is read from the device with IO accesses,
5075 * and the reading already does the endian conversion. As it is
5076 * read with u32-sized accesses, any members with a different size
5077 * need to be ordered correctly though!
5079 struct iwm_umac_error_event_table {
5080 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5081 uint32_t error_id; /* type of error */
5082 uint32_t blink1; /* branch link */
5083 uint32_t blink2; /* branch link */
5084 uint32_t ilink1; /* interrupt link */
5085 uint32_t ilink2; /* interrupt link */
5086 uint32_t data1; /* error-specific data */
5087 uint32_t data2; /* error-specific data */
5088 uint32_t data3; /* error-specific data */
5089 uint32_t umac_major;
5090 uint32_t umac_minor;
5091 uint32_t frame_pointer; /* core register 27*/
5092 uint32_t stack_pointer; /* core register 28 */
5093 uint32_t cmd_header; /* latest host cmd sent to UMAC */
5094 uint32_t nic_isr_pref; /* ISR status register */
5097 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
5098 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
5104 } advanced_lookup[] = {
5105 { "NMI_INTERRUPT_WDG", 0x34 },
5106 { "SYSASSERT", 0x35 },
5107 { "UCODE_VERSION_MISMATCH", 0x37 },
5108 { "BAD_COMMAND", 0x38 },
5109 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
5110 { "FATAL_ERROR", 0x3D },
5111 { "NMI_TRM_HW_ERR", 0x46 },
5112 { "NMI_INTERRUPT_TRM", 0x4C },
5113 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
5114 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
5115 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
5116 { "NMI_INTERRUPT_HOST", 0x66 },
5117 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
5118 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
5119 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
5120 { "ADVANCED_SYSASSERT", 0 },
5124 iwm_desc_lookup(uint32_t num)
5128 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
5129 if (advanced_lookup[i].num == num)
5130 return advanced_lookup[i].name;
5132 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
5133 return advanced_lookup[i].name;
5137 iwm_nic_umac_error(struct iwm_softc *sc)
5139 struct iwm_umac_error_event_table table;
5142 base = sc->umac_error_event_table;
5144 if (base < 0x800000) {
5145 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n",
5150 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5151 device_printf(sc->sc_dev, "reading errlog failed\n");
5155 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5156 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n");
5157 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5158 sc->sc_flags, table.valid);
5161 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id,
5162 iwm_desc_lookup(table.error_id));
5163 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1);
5164 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2);
5165 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n",
5167 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n",
5169 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1);
5170 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2);
5171 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3);
5172 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major);
5173 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor);
5174 device_printf(sc->sc_dev, "0x%08X | frame pointer\n",
5175 table.frame_pointer);
5176 device_printf(sc->sc_dev, "0x%08X | stack pointer\n",
5177 table.stack_pointer);
5178 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header);
5179 device_printf(sc->sc_dev, "0x%08X | isr status reg\n",
5180 table.nic_isr_pref);
5184 * Support for dumping the error log seemed like a good idea ...
5185 * but it's mostly hex junk and the only sensible thing is the
5186 * hw/ucode revision (which we know anyway). Since it's here,
5187 * I'll just leave it in, just in case e.g. the Intel guys want to
5188 * help us decipher some "ADVANCED_SYSASSERT" later.
5191 iwm_nic_error(struct iwm_softc *sc)
5193 struct iwm_error_event_table table;
5196 device_printf(sc->sc_dev, "dumping device error log\n");
5197 base = sc->error_event_table;
5198 if (base < 0x800000) {
5199 device_printf(sc->sc_dev,
5200 "Invalid error log pointer 0x%08x\n", base);
5204 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5205 device_printf(sc->sc_dev, "reading errlog failed\n");
5210 device_printf(sc->sc_dev, "errlog not found, skipping\n");
5214 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5215 device_printf(sc->sc_dev, "Start Error Log Dump:\n");
5216 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5217 sc->sc_flags, table.valid);
5220 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
5221 iwm_desc_lookup(table.error_id));
5222 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n",
5223 table.trm_hw_status0);
5224 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n",
5225 table.trm_hw_status1);
5226 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
5227 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
5228 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
5229 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
5230 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
5231 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
5232 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
5233 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
5234 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
5235 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
5236 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
5237 device_printf(sc->sc_dev, "%08X | uCode revision type\n",
5239 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major);
5240 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor);
5241 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
5242 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
5243 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
5244 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
5245 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
5246 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
5247 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
5248 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
5249 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id);
5250 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
5251 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
5252 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
5253 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
5254 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
5255 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
5256 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
5257 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
5259 if (sc->umac_error_event_table)
5260 iwm_nic_umac_error(sc);
5265 iwm_handle_rxb(struct iwm_softc *sc, struct mbuf *m)
5267 struct ieee80211com *ic = &sc->sc_ic;
5268 struct iwm_cmd_response *cresp;
5270 uint32_t offset = 0;
5271 uint32_t maxoff = IWM_RBUF_SIZE;
5273 boolean_t stolen = FALSE;
5275 #define HAVEROOM(a) \
5276 ((a) + sizeof(uint32_t) + sizeof(struct iwm_cmd_header) < maxoff)
5278 while (HAVEROOM(offset)) {
5279 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *,
5281 int qid, idx, code, len;
5286 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code);
5289 * randomly get these from the firmware, no idea why.
5290 * they at least seem harmless, so just ignore them for now
5292 if ((pkt->hdr.code == 0 && (qid & ~0x80) == 0 && idx == 0) ||
5293 pkt->len_n_flags == htole32(IWM_FH_RSCSR_FRAME_INVALID)) {
5297 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5298 "rx packet qid=%d idx=%d type=%x\n",
5299 qid & ~0x80, pkt->hdr.idx, code);
5301 len = le32toh(pkt->len_n_flags) & IWM_FH_RSCSR_FRAME_SIZE_MSK;
5302 len += sizeof(uint32_t); /* account for status word */
5303 nextoff = offset + roundup2(len, IWM_FH_RSCSR_FRAME_ALIGN);
5305 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt);
5308 case IWM_REPLY_RX_PHY_CMD:
5309 iwm_mvm_rx_rx_phy_cmd(sc, pkt);
5312 case IWM_REPLY_RX_MPDU_CMD: {
5314 * If this is the last frame in the RX buffer, we
5315 * can directly feed the mbuf to the sharks here.
5317 struct iwm_rx_packet *nextpkt = mtodoff(m,
5318 struct iwm_rx_packet *, nextoff);
5319 if (!HAVEROOM(nextoff) ||
5320 (nextpkt->hdr.code == 0 &&
5321 (nextpkt->hdr.qid & ~0x80) == 0 &&
5322 nextpkt->hdr.idx == 0) ||
5323 (nextpkt->len_n_flags ==
5324 htole32(IWM_FH_RSCSR_FRAME_INVALID))) {
5325 if (iwm_mvm_rx_rx_mpdu(sc, m, offset, stolen)) {
5327 /* Make sure we abort the loop */
5334 * Use m_copym instead of m_split, because that
5335 * makes it easier to keep a valid rx buffer in
5336 * the ring, when iwm_mvm_rx_rx_mpdu() fails.
5338 * We need to start m_copym() at offset 0, to get the
5339 * M_PKTHDR flag preserved.
5341 m1 = m_copym(m, 0, M_COPYALL, M_NOWAIT);
5343 if (iwm_mvm_rx_rx_mpdu(sc, m1, offset, stolen))
5352 iwm_mvm_rx_tx_cmd(sc, pkt);
5355 case IWM_MISSED_BEACONS_NOTIFICATION: {
5356 struct iwm_missed_beacons_notif *resp;
5359 /* XXX look at mac_id to determine interface ID */
5360 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5362 resp = (void *)pkt->data;
5363 missed = le32toh(resp->consec_missed_beacons);
5365 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
5366 "%s: MISSED_BEACON: mac_id=%d, "
5367 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
5370 le32toh(resp->mac_id),
5371 le32toh(resp->consec_missed_beacons_since_last_rx),
5372 le32toh(resp->consec_missed_beacons),
5373 le32toh(resp->num_expected_beacons),
5374 le32toh(resp->num_recvd_beacons));
5380 /* XXX no net80211 locking? */
5381 if (vap->iv_state == IEEE80211_S_RUN &&
5382 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
5383 if (missed > vap->iv_bmissthreshold) {
5384 /* XXX bad locking; turn into task */
5386 ieee80211_beacon_miss(ic);
5394 case IWM_MFUART_LOAD_NOTIFICATION:
5400 case IWM_CALIB_RES_NOTIF_PHY_DB:
5403 case IWM_STATISTICS_NOTIFICATION: {
5404 struct iwm_notif_statistics *stats;
5405 stats = (void *)pkt->data;
5406 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
5407 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general);
5411 case IWM_NVM_ACCESS_CMD:
5412 case IWM_MCC_UPDATE_CMD:
5413 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) {
5414 memcpy(sc->sc_cmd_resp,
5415 pkt, sizeof(sc->sc_cmd_resp));
5419 case IWM_MCC_CHUB_UPDATE_CMD: {
5420 struct iwm_mcc_chub_notif *notif;
5421 notif = (void *)pkt->data;
5423 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8;
5424 sc->sc_fw_mcc[1] = notif->mcc & 0xff;
5425 sc->sc_fw_mcc[2] = '\0';
5426 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
5427 "fw source %d sent CC '%s'\n",
5428 notif->source_id, sc->sc_fw_mcc);
5432 case IWM_DTS_MEASUREMENT_NOTIFICATION:
5433 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP,
5434 IWM_DTS_MEASUREMENT_NOTIF_WIDE): {
5435 struct iwm_dts_measurement_notif_v1 *notif;
5437 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) {
5438 device_printf(sc->sc_dev,
5439 "Invalid DTS_MEASUREMENT_NOTIFICATION\n");
5442 notif = (void *)pkt->data;
5443 IWM_DPRINTF(sc, IWM_DEBUG_TEMP,
5444 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n",
5449 case IWM_PHY_CONFIGURATION_CMD:
5450 case IWM_TX_ANT_CONFIGURATION_CMD:
5452 case IWM_MAC_CONTEXT_CMD:
5453 case IWM_REPLY_SF_CFG_CMD:
5454 case IWM_POWER_TABLE_CMD:
5455 case IWM_PHY_CONTEXT_CMD:
5456 case IWM_BINDING_CONTEXT_CMD:
5457 case IWM_TIME_EVENT_CMD:
5458 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD):
5459 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC):
5460 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_ABORT_UMAC):
5461 case IWM_SCAN_OFFLOAD_REQUEST_CMD:
5462 case IWM_SCAN_OFFLOAD_ABORT_CMD:
5463 case IWM_REPLY_BEACON_FILTERING_CMD:
5464 case IWM_MAC_PM_POWER_TABLE:
5465 case IWM_TIME_QUOTA_CMD:
5466 case IWM_REMOVE_STA:
5467 case IWM_TXPATH_FLUSH:
5469 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP,
5470 IWM_FW_PAGING_BLOCK_CMD):
5472 case IWM_REPLY_THERMAL_MNG_BACKOFF:
5473 cresp = (void *)pkt->data;
5474 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) {
5475 memcpy(sc->sc_cmd_resp,
5476 pkt, sizeof(*pkt)+sizeof(*cresp));
5481 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */
5484 case IWM_INIT_COMPLETE_NOTIF:
5487 case IWM_SCAN_OFFLOAD_COMPLETE: {
5488 struct iwm_periodic_scan_complete *notif;
5489 notif = (void *)pkt->data;
5490 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5491 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5492 ieee80211_runtask(ic, &sc->sc_es_task);
5497 case IWM_SCAN_ITERATION_COMPLETE: {
5498 struct iwm_lmac_scan_complete_notif *notif;
5499 notif = (void *)pkt->data;
5500 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task);
5504 case IWM_SCAN_COMPLETE_UMAC: {
5505 struct iwm_umac_scan_complete *notif;
5506 notif = (void *)pkt->data;
5508 IWM_DPRINTF(sc, IWM_DEBUG_SCAN,
5509 "UMAC scan complete, status=0x%x\n",
5511 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5512 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5513 ieee80211_runtask(ic, &sc->sc_es_task);
5518 case IWM_SCAN_ITERATION_COMPLETE_UMAC: {
5519 struct iwm_umac_scan_iter_complete_notif *notif;
5520 notif = (void *)pkt->data;
5522 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration "
5523 "complete, status=0x%x, %d channels scanned\n",
5524 notif->status, notif->scanned_channels);
5525 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task);
5529 case IWM_REPLY_ERROR: {
5530 struct iwm_error_resp *resp;
5531 resp = (void *)pkt->data;
5533 device_printf(sc->sc_dev,
5534 "firmware error 0x%x, cmd 0x%x\n",
5535 le32toh(resp->error_type),
5540 case IWM_TIME_EVENT_NOTIFICATION: {
5541 struct iwm_time_event_notif *notif;
5542 notif = (void *)pkt->data;
5544 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5545 "TE notif status = 0x%x action = 0x%x\n",
5546 notif->status, notif->action);
5550 case IWM_MCAST_FILTER_CMD:
5553 case IWM_SCD_QUEUE_CFG: {
5554 struct iwm_scd_txq_cfg_rsp *rsp;
5555 rsp = (void *)pkt->data;
5557 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
5558 "queue cfg token=0x%x sta_id=%d "
5559 "tid=%d scd_queue=%d\n",
5560 rsp->token, rsp->sta_id, rsp->tid,
5566 device_printf(sc->sc_dev,
5567 "frame %d/%d %x UNHANDLED (this should "
5568 "not happen)\n", qid & ~0x80, idx,
5574 * Why test bit 0x80? The Linux driver:
5576 * There is one exception: uCode sets bit 15 when it
5577 * originates the response/notification, i.e. when the
5578 * response/notification is not a direct response to a
5579 * command sent by the driver. For example, uCode issues
5580 * IWM_REPLY_RX when it sends a received frame to the driver;
5581 * it is not a direct response to any driver command.
5583 * Ok, so since when is 7 == 15? Well, the Linux driver
5584 * uses a slightly different format for pkt->hdr, and "qid"
5585 * is actually the upper byte of a two-byte field.
5587 if (!(qid & (1 << 7)))
5588 iwm_cmd_done(sc, pkt);
5598 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
5599 * Basic structure from if_iwn
5602 iwm_notif_intr(struct iwm_softc *sc)
5606 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
5607 BUS_DMASYNC_POSTREAD);
5609 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
5614 while (sc->rxq.cur != hw) {
5615 struct iwm_rx_ring *ring = &sc->rxq;
5616 struct iwm_rx_data *data = &ring->data[ring->cur];
5618 bus_dmamap_sync(ring->data_dmat, data->map,
5619 BUS_DMASYNC_POSTREAD);
5621 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5622 "%s: hw = %d cur = %d\n", __func__, hw, ring->cur);
5623 iwm_handle_rxb(sc, data->m);
5625 ring->cur = (ring->cur + 1) % IWM_RX_RING_COUNT;
5629 * Tell the firmware that it can reuse the ring entries that
5630 * we have just processed.
5631 * Seems like the hardware gets upset unless we align
5634 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1;
5635 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, rounddown2(hw, 8));
5641 struct iwm_softc *sc = arg;
5647 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
5649 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
5650 uint32_t *ict = sc->ict_dma.vaddr;
5653 tmp = htole32(ict[sc->ict_cur]);
5658 * ok, there was something. keep plowing until we have all.
5663 ict[sc->ict_cur] = 0;
5664 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
5665 tmp = htole32(ict[sc->ict_cur]);
5668 /* this is where the fun begins. don't ask */
5669 if (r1 == 0xffffffff)
5672 /* i am not expected to understand this */
5675 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
5677 r1 = IWM_READ(sc, IWM_CSR_INT);
5678 /* "hardware gone" (where, fishing?) */
5679 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
5681 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
5683 if (r1 == 0 && r2 == 0) {
5687 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
5689 /* Safely ignore these bits for debug checks below */
5690 r1 &= ~(IWM_CSR_INT_BIT_ALIVE | IWM_CSR_INT_BIT_SCD);
5692 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
5694 struct ieee80211com *ic = &sc->sc_ic;
5695 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5700 /* Dump driver status (TX and RX rings) while we're here. */
5701 device_printf(sc->sc_dev, "driver status:\n");
5702 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) {
5703 struct iwm_tx_ring *ring = &sc->txq[i];
5704 device_printf(sc->sc_dev,
5705 " tx ring %2d: qid=%-2d cur=%-3d "
5707 i, ring->qid, ring->cur, ring->queued);
5709 device_printf(sc->sc_dev,
5710 " rx ring: cur=%d\n", sc->rxq.cur);
5711 device_printf(sc->sc_dev,
5712 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state);
5714 /* Don't stop the device; just do a VAP restart */
5718 printf("%s: null vap\n", __func__);
5722 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; "
5723 "restarting\n", __func__, vap->iv_state);
5725 ieee80211_restart_all(ic);
5729 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
5730 handled |= IWM_CSR_INT_BIT_HW_ERR;
5731 device_printf(sc->sc_dev, "hardware error, stopping device\n");
5737 /* firmware chunk loaded */
5738 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
5739 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
5740 handled |= IWM_CSR_INT_BIT_FH_TX;
5741 sc->sc_fw_chunk_done = 1;
5745 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
5746 handled |= IWM_CSR_INT_BIT_RF_KILL;
5747 if (iwm_check_rfkill(sc)) {
5748 device_printf(sc->sc_dev,
5749 "%s: rfkill switch, disabling interface\n",
5756 * The Linux driver uses periodic interrupts to avoid races.
5757 * We cargo-cult like it's going out of fashion.
5759 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
5760 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
5761 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
5762 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
5764 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
5768 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
5769 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
5770 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
5774 /* enable periodic interrupt, see above */
5775 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
5776 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
5777 IWM_CSR_INT_PERIODIC_ENA);
5780 if (__predict_false(r1 & ~handled))
5781 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5782 "%s: unhandled interrupts: %x\n", __func__, r1);
5786 iwm_restore_interrupts(sc);
5793 * Autoconf glue-sniffing
5795 #define PCI_VENDOR_INTEL 0x8086
5796 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
5797 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
5798 #define PCI_PRODUCT_INTEL_WL_3165_1 0x3165
5799 #define PCI_PRODUCT_INTEL_WL_3165_2 0x3166
5800 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
5801 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
5802 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
5803 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
5804 #define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3
5805 #define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4
5807 static const struct iwm_devices {
5809 const struct iwm_cfg *cfg;
5811 { PCI_PRODUCT_INTEL_WL_3160_1, &iwm3160_cfg },
5812 { PCI_PRODUCT_INTEL_WL_3160_2, &iwm3160_cfg },
5813 { PCI_PRODUCT_INTEL_WL_3165_1, &iwm3165_cfg },
5814 { PCI_PRODUCT_INTEL_WL_3165_2, &iwm3165_cfg },
5815 { PCI_PRODUCT_INTEL_WL_7260_1, &iwm7260_cfg },
5816 { PCI_PRODUCT_INTEL_WL_7260_2, &iwm7260_cfg },
5817 { PCI_PRODUCT_INTEL_WL_7265_1, &iwm7265_cfg },
5818 { PCI_PRODUCT_INTEL_WL_7265_2, &iwm7265_cfg },
5819 { PCI_PRODUCT_INTEL_WL_8260_1, &iwm8260_cfg },
5820 { PCI_PRODUCT_INTEL_WL_8260_2, &iwm8260_cfg },
5824 iwm_probe(device_t dev)
5828 for (i = 0; i < nitems(iwm_devices); i++) {
5829 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
5830 pci_get_device(dev) == iwm_devices[i].device) {
5831 device_set_desc(dev, iwm_devices[i].cfg->name);
5832 return (BUS_PROBE_DEFAULT);
5840 iwm_dev_check(device_t dev)
5842 struct iwm_softc *sc;
5846 sc = device_get_softc(dev);
5848 devid = pci_get_device(dev);
5849 for (i = 0; i < nitems(iwm_devices); i++) {
5850 if (iwm_devices[i].device == devid) {
5851 sc->cfg = iwm_devices[i].cfg;
5855 device_printf(dev, "unknown adapter type\n");
5860 #define PCI_CFG_RETRY_TIMEOUT 0x041
5863 iwm_pci_attach(device_t dev)
5865 struct iwm_softc *sc;
5866 int count, error, rid;
5869 sc = device_get_softc(dev);
5871 /* We disable the RETRY_TIMEOUT register (0x41) to keep
5872 * PCI Tx retries from interfering with C3 CPU state */
5873 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
5875 /* Enable bus-mastering and hardware bug workaround. */
5876 pci_enable_busmaster(dev);
5877 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
5879 if (reg & PCIM_STATUS_INTxSTATE) {
5880 reg &= ~PCIM_STATUS_INTxSTATE;
5882 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
5885 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
5887 if (sc->sc_mem == NULL) {
5888 device_printf(sc->sc_dev, "can't map mem space\n");
5891 sc->sc_st = rman_get_bustag(sc->sc_mem);
5892 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
5894 /* Install interrupt handler. */
5897 if (pci_alloc_msi(dev, &count) == 0)
5899 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
5900 (rid != 0 ? 0 : RF_SHAREABLE));
5901 if (sc->sc_irq == NULL) {
5902 device_printf(dev, "can't map interrupt\n");
5905 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
5906 NULL, iwm_intr, sc, &sc->sc_ih);
5907 if (sc->sc_ih == NULL) {
5908 device_printf(dev, "can't establish interrupt");
5911 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
5917 iwm_pci_detach(device_t dev)
5919 struct iwm_softc *sc = device_get_softc(dev);
5921 if (sc->sc_irq != NULL) {
5922 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
5923 bus_release_resource(dev, SYS_RES_IRQ,
5924 rman_get_rid(sc->sc_irq), sc->sc_irq);
5925 pci_release_msi(dev);
5927 if (sc->sc_mem != NULL)
5928 bus_release_resource(dev, SYS_RES_MEMORY,
5929 rman_get_rid(sc->sc_mem), sc->sc_mem);
5935 iwm_attach(device_t dev)
5937 struct iwm_softc *sc = device_get_softc(dev);
5938 struct ieee80211com *ic = &sc->sc_ic;
5943 sc->sc_attached = 1;
5945 mbufq_init(&sc->sc_snd, ifqmaxlen);
5946 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
5947 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0);
5948 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
5950 sc->sc_notif_wait = iwm_notification_wait_init(sc);
5951 if (sc->sc_notif_wait == NULL) {
5952 device_printf(dev, "failed to init notification wait struct\n");
5957 sc->sc_phy_db = iwm_phy_db_init(sc);
5958 if (!sc->sc_phy_db) {
5959 device_printf(dev, "Cannot init phy_db\n");
5964 error = iwm_pci_attach(dev);
5968 sc->sc_wantresp = -1;
5970 /* Check device type */
5971 error = iwm_dev_check(dev);
5975 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
5977 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have
5978 * changed, and now the revision step also includes bit 0-1 (no more
5979 * "dash" value). To keep hw_rev backwards compatible - we'll store it
5980 * in the old format.
5982 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
5983 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) |
5984 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2);
5986 if (iwm_prepare_card_hw(sc) != 0) {
5987 device_printf(dev, "could not initialize hardware\n");
5991 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
5996 * In order to recognize C step the driver should read the
5997 * chip version id located at the AUX bus MISC address.
5999 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
6000 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
6003 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
6004 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6005 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6008 device_printf(sc->sc_dev,
6009 "Failed to wake up the nic\n");
6013 if (iwm_nic_lock(sc)) {
6014 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG);
6015 hw_step |= IWM_ENABLE_WFPM;
6016 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step);
6017 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG);
6018 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF;
6020 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) |
6021 (IWM_SILICON_C_STEP << 2);
6024 device_printf(sc->sc_dev, "Failed to lock the nic\n");
6029 /* special-case 7265D, it has the same PCI IDs. */
6030 if (sc->cfg == &iwm7265_cfg &&
6031 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) {
6032 sc->cfg = &iwm7265d_cfg;
6035 /* Allocate DMA memory for firmware transfers. */
6036 if ((error = iwm_alloc_fwmem(sc)) != 0) {
6037 device_printf(dev, "could not allocate memory for firmware\n");
6041 /* Allocate "Keep Warm" page. */
6042 if ((error = iwm_alloc_kw(sc)) != 0) {
6043 device_printf(dev, "could not allocate keep warm page\n");
6047 /* We use ICT interrupts */
6048 if ((error = iwm_alloc_ict(sc)) != 0) {
6049 device_printf(dev, "could not allocate ICT table\n");
6053 /* Allocate TX scheduler "rings". */
6054 if ((error = iwm_alloc_sched(sc)) != 0) {
6055 device_printf(dev, "could not allocate TX scheduler rings\n");
6059 /* Allocate TX rings */
6060 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
6061 if ((error = iwm_alloc_tx_ring(sc,
6062 &sc->txq[txq_i], txq_i)) != 0) {
6064 "could not allocate TX ring %d\n",
6070 /* Allocate RX ring. */
6071 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
6072 device_printf(dev, "could not allocate RX ring\n");
6076 /* Clear pending interrupts. */
6077 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
6080 ic->ic_name = device_get_nameunit(sc->sc_dev);
6081 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
6082 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
6084 /* Set device capabilities. */
6087 IEEE80211_C_WPA | /* WPA/RSN */
6090 IEEE80211_C_SHSLOT | /* short slot time supported */
6091 IEEE80211_C_SHPREAMBLE /* short preamble supported */
6092 // IEEE80211_C_BGSCAN /* capable of bg scanning */
6094 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
6095 sc->sc_phyctxt[i].id = i;
6096 sc->sc_phyctxt[i].color = 0;
6097 sc->sc_phyctxt[i].ref = 0;
6098 sc->sc_phyctxt[i].channel = NULL;
6101 /* Default noise floor */
6105 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
6107 sc->sc_preinit_hook.ich_func = iwm_preinit;
6108 sc->sc_preinit_hook.ich_arg = sc;
6109 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
6110 device_printf(dev, "config_intrhook_establish failed\n");
6115 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
6116 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
6117 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
6120 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6121 "<-%s\n", __func__);
6125 /* Free allocated memory if something failed during attachment. */
6127 iwm_detach_local(sc, 0);
6133 iwm_is_valid_ether_addr(uint8_t *addr)
6135 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 };
6137 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr))
6144 iwm_wme_update(struct ieee80211com *ic)
6146 #define IWM_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */
6147 struct iwm_softc *sc = ic->ic_softc;
6148 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6149 struct iwm_vap *ivp = IWM_VAP(vap);
6150 struct iwm_node *in;
6151 struct wmeParams tmp[WME_NUM_AC];
6158 for (aci = 0; aci < WME_NUM_AC; aci++)
6159 tmp[aci] = ic->ic_wme.wme_chanParams.cap_wmeParams[aci];
6160 IEEE80211_UNLOCK(ic);
6163 for (aci = 0; aci < WME_NUM_AC; aci++) {
6164 const struct wmeParams *ac = &tmp[aci];
6165 ivp->queue_params[aci].aifsn = ac->wmep_aifsn;
6166 ivp->queue_params[aci].cw_min = IWM_EXP2(ac->wmep_logcwmin);
6167 ivp->queue_params[aci].cw_max = IWM_EXP2(ac->wmep_logcwmax);
6168 ivp->queue_params[aci].edca_txop =
6169 IEEE80211_TXOP_TO_US(ac->wmep_txopLimit);
6171 ivp->have_wme = TRUE;
6172 if (ivp->is_uploaded && vap->iv_bss != NULL) {
6173 in = IWM_NODE(vap->iv_bss);
6175 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
6176 device_printf(sc->sc_dev,
6177 "%s: failed to update MAC\n", __func__);
6188 iwm_preinit(void *arg)
6190 struct iwm_softc *sc = arg;
6191 device_t dev = sc->sc_dev;
6192 struct ieee80211com *ic = &sc->sc_ic;
6195 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6196 "->%s\n", __func__);
6199 if ((error = iwm_start_hw(sc)) != 0) {
6200 device_printf(dev, "could not initialize hardware\n");
6205 error = iwm_run_init_mvm_ucode(sc, 1);
6206 iwm_stop_device(sc);
6212 "hw rev 0x%x, fw ver %s, address %s\n",
6213 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
6214 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr));
6216 /* not all hardware can do 5GHz band */
6217 if (!sc->nvm_data->sku_cap_band_52GHz_enable)
6218 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
6219 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
6222 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
6226 * At this point we've committed - if we fail to do setup,
6227 * we now also have to tear down the net80211 state.
6229 ieee80211_ifattach(ic);
6230 ic->ic_vap_create = iwm_vap_create;
6231 ic->ic_vap_delete = iwm_vap_delete;
6232 ic->ic_raw_xmit = iwm_raw_xmit;
6233 ic->ic_node_alloc = iwm_node_alloc;
6234 ic->ic_scan_start = iwm_scan_start;
6235 ic->ic_scan_end = iwm_scan_end;
6236 ic->ic_update_mcast = iwm_update_mcast;
6237 ic->ic_getradiocaps = iwm_init_channel_map;
6238 ic->ic_set_channel = iwm_set_channel;
6239 ic->ic_scan_curchan = iwm_scan_curchan;
6240 ic->ic_scan_mindwell = iwm_scan_mindwell;
6241 ic->ic_wme.wme_update = iwm_wme_update;
6242 ic->ic_parent = iwm_parent;
6243 ic->ic_transmit = iwm_transmit;
6244 iwm_radiotap_attach(sc);
6246 ieee80211_announce(ic);
6248 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6249 "<-%s\n", __func__);
6250 config_intrhook_disestablish(&sc->sc_preinit_hook);
6254 config_intrhook_disestablish(&sc->sc_preinit_hook);
6255 iwm_detach_local(sc, 0);
6259 * Attach the interface to 802.11 radiotap.
6262 iwm_radiotap_attach(struct iwm_softc *sc)
6264 struct ieee80211com *ic = &sc->sc_ic;
6266 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6267 "->%s begin\n", __func__);
6268 ieee80211_radiotap_attach(ic,
6269 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
6270 IWM_TX_RADIOTAP_PRESENT,
6271 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
6272 IWM_RX_RADIOTAP_PRESENT);
6273 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6274 "->%s end\n", __func__);
6277 static struct ieee80211vap *
6278 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
6279 enum ieee80211_opmode opmode, int flags,
6280 const uint8_t bssid[IEEE80211_ADDR_LEN],
6281 const uint8_t mac[IEEE80211_ADDR_LEN])
6283 struct iwm_vap *ivp;
6284 struct ieee80211vap *vap;
6286 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
6288 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO);
6290 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
6291 vap->iv_bmissthreshold = 10; /* override default */
6292 /* Override with driver methods. */
6293 ivp->iv_newstate = vap->iv_newstate;
6294 vap->iv_newstate = iwm_newstate;
6296 ivp->id = IWM_DEFAULT_MACID;
6297 ivp->color = IWM_DEFAULT_COLOR;
6299 ivp->have_wme = FALSE;
6301 ieee80211_ratectl_init(vap);
6302 /* Complete setup. */
6303 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status,
6305 ic->ic_opmode = opmode;
6311 iwm_vap_delete(struct ieee80211vap *vap)
6313 struct iwm_vap *ivp = IWM_VAP(vap);
6315 ieee80211_ratectl_deinit(vap);
6316 ieee80211_vap_detach(vap);
6317 free(ivp, M_80211_VAP);
6321 iwm_scan_start(struct ieee80211com *ic)
6323 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6324 struct iwm_softc *sc = ic->ic_softc;
6328 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6329 /* This should not be possible */
6330 device_printf(sc->sc_dev,
6331 "%s: Previous scan not completed yet\n", __func__);
6333 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN))
6334 error = iwm_mvm_umac_scan(sc);
6336 error = iwm_mvm_lmac_scan(sc);
6338 device_printf(sc->sc_dev, "could not initiate scan\n");
6340 ieee80211_cancel_scan(vap);
6342 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING;
6343 iwm_led_blink_start(sc);
6349 iwm_scan_end(struct ieee80211com *ic)
6351 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6352 struct iwm_softc *sc = ic->ic_softc;
6355 iwm_led_blink_stop(sc);
6356 if (vap->iv_state == IEEE80211_S_RUN)
6357 iwm_mvm_led_enable(sc);
6358 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6360 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because
6361 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq
6364 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
6365 iwm_mvm_scan_stop_wait(sc);
6370 * Make sure we don't race, if sc_es_task is still enqueued here.
6371 * This is to make sure that it won't call ieee80211_scan_done
6372 * when we have already started the next scan.
6374 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL);
6378 iwm_update_mcast(struct ieee80211com *ic)
6383 iwm_set_channel(struct ieee80211com *ic)
6388 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
6393 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
6399 iwm_init_task(void *arg1)
6401 struct iwm_softc *sc = arg1;
6404 while (sc->sc_flags & IWM_FLAG_BUSY)
6405 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
6406 sc->sc_flags |= IWM_FLAG_BUSY;
6408 if (sc->sc_ic.ic_nrunning > 0)
6410 sc->sc_flags &= ~IWM_FLAG_BUSY;
6411 wakeup(&sc->sc_flags);
6416 iwm_resume(device_t dev)
6418 struct iwm_softc *sc = device_get_softc(dev);
6422 * We disable the RETRY_TIMEOUT register (0x41) to keep
6423 * PCI Tx retries from interfering with C3 CPU state.
6425 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
6426 iwm_init_task(device_get_softc(dev));
6429 if (sc->sc_flags & IWM_FLAG_SCANNING) {
6430 sc->sc_flags &= ~IWM_FLAG_SCANNING;
6436 ieee80211_resume_all(&sc->sc_ic);
6442 iwm_suspend(device_t dev)
6445 struct iwm_softc *sc = device_get_softc(dev);
6447 do_stop = !! (sc->sc_ic.ic_nrunning > 0);
6449 ieee80211_suspend_all(&sc->sc_ic);
6454 sc->sc_flags |= IWM_FLAG_SCANNING;
6462 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
6464 struct iwm_fw_info *fw = &sc->sc_fw;
6465 device_t dev = sc->sc_dev;
6468 if (!sc->sc_attached)
6470 sc->sc_attached = 0;
6473 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task);
6475 callout_drain(&sc->sc_led_blink_to);
6476 callout_drain(&sc->sc_watchdog_to);
6477 iwm_stop_device(sc);
6479 ieee80211_ifdetach(&sc->sc_ic);
6482 iwm_phy_db_free(sc->sc_phy_db);
6483 sc->sc_phy_db = NULL;
6485 iwm_free_nvm_data(sc->nvm_data);
6487 /* Free descriptor rings */
6488 iwm_free_rx_ring(sc, &sc->rxq);
6489 for (i = 0; i < nitems(sc->txq); i++)
6490 iwm_free_tx_ring(sc, &sc->txq[i]);
6493 if (fw->fw_fp != NULL)
6494 iwm_fw_info_free(fw);
6496 /* Free scheduler */
6497 iwm_dma_contig_free(&sc->sched_dma);
6498 iwm_dma_contig_free(&sc->ict_dma);
6499 iwm_dma_contig_free(&sc->kw_dma);
6500 iwm_dma_contig_free(&sc->fw_dma);
6502 iwm_free_fw_paging(sc);
6504 /* Finished with the hardware - detach things */
6505 iwm_pci_detach(dev);
6507 if (sc->sc_notif_wait != NULL) {
6508 iwm_notification_wait_free(sc->sc_notif_wait);
6509 sc->sc_notif_wait = NULL;
6512 mbufq_drain(&sc->sc_snd);
6513 IWM_LOCK_DESTROY(sc);
6519 iwm_detach(device_t dev)
6521 struct iwm_softc *sc = device_get_softc(dev);
6523 return (iwm_detach_local(sc, 1));
6526 static device_method_t iwm_pci_methods[] = {
6527 /* Device interface */
6528 DEVMETHOD(device_probe, iwm_probe),
6529 DEVMETHOD(device_attach, iwm_attach),
6530 DEVMETHOD(device_detach, iwm_detach),
6531 DEVMETHOD(device_suspend, iwm_suspend),
6532 DEVMETHOD(device_resume, iwm_resume),
6537 static driver_t iwm_pci_driver = {
6540 sizeof (struct iwm_softc)
6543 static devclass_t iwm_devclass;
6545 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
6546 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
6547 MODULE_DEPEND(iwm, pci, 1, 1, 1);
6548 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
projects / FreeBSD / FreeBSD.git / blob