1 /* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
27 ***********************************************************************
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
105 #include <sys/cdefs.h>
106 __FBSDID("$FreeBSD$");
108 #include "opt_wlan.h"
111 #include <sys/param.h>
113 #include <sys/conf.h>
114 #include <sys/endian.h>
115 #include <sys/firmware.h>
116 #include <sys/kernel.h>
117 #include <sys/malloc.h>
118 #include <sys/mbuf.h>
119 #include <sys/mutex.h>
120 #include <sys/module.h>
121 #include <sys/proc.h>
122 #include <sys/rman.h>
123 #include <sys/socket.h>
124 #include <sys/sockio.h>
125 #include <sys/sysctl.h>
126 #include <sys/linker.h>
128 #include <machine/bus.h>
129 #include <machine/endian.h>
130 #include <machine/resource.h>
132 #include <dev/pci/pcivar.h>
133 #include <dev/pci/pcireg.h>
138 #include <net/if_var.h>
139 #include <net/if_arp.h>
140 #include <net/if_dl.h>
141 #include <net/if_media.h>
142 #include <net/if_types.h>
144 #include <netinet/in.h>
145 #include <netinet/in_systm.h>
146 #include <netinet/if_ether.h>
147 #include <netinet/ip.h>
149 #include <net80211/ieee80211_var.h>
150 #include <net80211/ieee80211_regdomain.h>
151 #include <net80211/ieee80211_ratectl.h>
152 #include <net80211/ieee80211_radiotap.h>
154 #include <dev/iwm/if_iwmreg.h>
155 #include <dev/iwm/if_iwmvar.h>
156 #include <dev/iwm/if_iwm_config.h>
157 #include <dev/iwm/if_iwm_debug.h>
158 #include <dev/iwm/if_iwm_notif_wait.h>
159 #include <dev/iwm/if_iwm_util.h>
160 #include <dev/iwm/if_iwm_binding.h>
161 #include <dev/iwm/if_iwm_phy_db.h>
162 #include <dev/iwm/if_iwm_mac_ctxt.h>
163 #include <dev/iwm/if_iwm_phy_ctxt.h>
164 #include <dev/iwm/if_iwm_time_event.h>
165 #include <dev/iwm/if_iwm_power.h>
166 #include <dev/iwm/if_iwm_scan.h>
168 #include <dev/iwm/if_iwm_pcie_trans.h>
169 #include <dev/iwm/if_iwm_led.h>
170 #include <dev/iwm/if_iwm_fw.h>
172 const uint8_t iwm_nvm_channels[] = {
174 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
176 36, 40, 44, 48, 52, 56, 60, 64,
177 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
178 149, 153, 157, 161, 165
180 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS,
181 "IWM_NUM_CHANNELS is too small");
183 const uint8_t iwm_nvm_channels_8000[] = {
185 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
187 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92,
188 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
189 149, 153, 157, 161, 165, 169, 173, 177, 181
191 _Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000,
192 "IWM_NUM_CHANNELS_8000 is too small");
194 #define IWM_NUM_2GHZ_CHANNELS 14
195 #define IWM_N_HW_ADDR_MASK 0xF
198 * XXX For now, there's simply a fixed set of rate table entries
199 * that are populated.
201 const struct iwm_rate {
205 { 2, IWM_RATE_1M_PLCP },
206 { 4, IWM_RATE_2M_PLCP },
207 { 11, IWM_RATE_5M_PLCP },
208 { 22, IWM_RATE_11M_PLCP },
209 { 12, IWM_RATE_6M_PLCP },
210 { 18, IWM_RATE_9M_PLCP },
211 { 24, IWM_RATE_12M_PLCP },
212 { 36, IWM_RATE_18M_PLCP },
213 { 48, IWM_RATE_24M_PLCP },
214 { 72, IWM_RATE_36M_PLCP },
215 { 96, IWM_RATE_48M_PLCP },
216 { 108, IWM_RATE_54M_PLCP },
218 #define IWM_RIDX_CCK 0
219 #define IWM_RIDX_OFDM 4
220 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
221 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
222 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
224 struct iwm_nvm_section {
229 #define IWM_MVM_UCODE_ALIVE_TIMEOUT hz
230 #define IWM_MVM_UCODE_CALIB_TIMEOUT (2*hz)
232 struct iwm_mvm_alive_data {
234 uint32_t scd_base_addr;
237 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
238 static int iwm_firmware_store_section(struct iwm_softc *,
240 const uint8_t *, size_t);
241 static int iwm_set_default_calib(struct iwm_softc *, const void *);
242 static void iwm_fw_info_free(struct iwm_fw_info *);
243 static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type);
244 static int iwm_alloc_fwmem(struct iwm_softc *);
245 static int iwm_alloc_sched(struct iwm_softc *);
246 static int iwm_alloc_kw(struct iwm_softc *);
247 static int iwm_alloc_ict(struct iwm_softc *);
248 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
249 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
250 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
251 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
253 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
254 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
255 static void iwm_enable_interrupts(struct iwm_softc *);
256 static void iwm_restore_interrupts(struct iwm_softc *);
257 static void iwm_disable_interrupts(struct iwm_softc *);
258 static void iwm_ict_reset(struct iwm_softc *);
259 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
260 static void iwm_stop_device(struct iwm_softc *);
261 static void iwm_mvm_nic_config(struct iwm_softc *);
262 static int iwm_nic_rx_init(struct iwm_softc *);
263 static int iwm_nic_tx_init(struct iwm_softc *);
264 static int iwm_nic_init(struct iwm_softc *);
265 static int iwm_enable_txq(struct iwm_softc *, int, int, int);
266 static int iwm_trans_pcie_fw_alive(struct iwm_softc *, uint32_t);
267 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
268 uint16_t, uint8_t *, uint16_t *);
269 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
270 uint16_t *, uint32_t);
271 static uint32_t iwm_eeprom_channel_flags(uint16_t);
272 static void iwm_add_channel_band(struct iwm_softc *,
273 struct ieee80211_channel[], int, int *, int, size_t,
275 static void iwm_init_channel_map(struct ieee80211com *, int, int *,
276 struct ieee80211_channel[]);
277 static struct iwm_nvm_data *
278 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
279 const uint16_t *, const uint16_t *,
280 const uint16_t *, const uint16_t *,
282 static void iwm_free_nvm_data(struct iwm_nvm_data *);
283 static void iwm_set_hw_address_family_8000(struct iwm_softc *,
284 struct iwm_nvm_data *,
287 static int iwm_get_sku(const struct iwm_softc *, const uint16_t *,
289 static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *);
290 static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *,
292 static int iwm_get_n_hw_addrs(const struct iwm_softc *,
294 static void iwm_set_radio_cfg(const struct iwm_softc *,
295 struct iwm_nvm_data *, uint32_t);
296 static struct iwm_nvm_data *
297 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *);
298 static int iwm_nvm_init(struct iwm_softc *);
299 static int iwm_pcie_load_section(struct iwm_softc *, uint8_t,
300 const struct iwm_fw_desc *);
301 static int iwm_pcie_load_firmware_chunk(struct iwm_softc *, uint32_t,
302 bus_addr_t, uint32_t);
303 static int iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
304 const struct iwm_fw_sects *,
306 static int iwm_pcie_load_cpu_sections(struct iwm_softc *,
307 const struct iwm_fw_sects *,
309 static int iwm_pcie_load_given_ucode_8000(struct iwm_softc *,
310 const struct iwm_fw_sects *);
311 static int iwm_pcie_load_given_ucode(struct iwm_softc *,
312 const struct iwm_fw_sects *);
313 static int iwm_start_fw(struct iwm_softc *, const struct iwm_fw_sects *);
314 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
315 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
316 static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *,
317 enum iwm_ucode_type);
318 static int iwm_run_init_mvm_ucode(struct iwm_softc *, int);
319 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
320 static int iwm_mvm_get_signal_strength(struct iwm_softc *,
321 struct iwm_rx_phy_info *);
322 static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *,
323 struct iwm_rx_packet *,
324 struct iwm_rx_data *);
325 static int iwm_get_noise(struct iwm_softc *sc,
326 const struct iwm_mvm_statistics_rx_non_phy *);
327 static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct mbuf *);
328 static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *,
329 struct iwm_rx_packet *,
331 static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *,
332 struct iwm_rx_data *);
333 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
335 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
338 static const struct iwm_rate *
339 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
340 struct mbuf *, struct iwm_tx_cmd *);
341 static int iwm_tx(struct iwm_softc *, struct mbuf *,
342 struct ieee80211_node *, int);
343 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
344 const struct ieee80211_bpf_params *);
345 static int iwm_mvm_flush_tx_path(struct iwm_softc *sc,
346 uint32_t tfd_msk, uint32_t flags);
347 static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *,
348 struct iwm_mvm_add_sta_cmd *,
350 static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *,
352 static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *);
353 static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *);
354 static int iwm_mvm_add_int_sta_common(struct iwm_softc *,
355 struct iwm_int_sta *,
356 const uint8_t *, uint16_t, uint16_t);
357 static int iwm_mvm_add_aux_sta(struct iwm_softc *);
358 static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_vap *);
359 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
360 static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *);
361 static int iwm_release(struct iwm_softc *, struct iwm_node *);
362 static struct ieee80211_node *
363 iwm_node_alloc(struct ieee80211vap *,
364 const uint8_t[IEEE80211_ADDR_LEN]);
365 static void iwm_setrates(struct iwm_softc *, struct iwm_node *);
366 static int iwm_media_change(struct ifnet *);
367 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
368 static void iwm_endscan_cb(void *, int);
369 static void iwm_mvm_fill_sf_command(struct iwm_softc *,
370 struct iwm_sf_cfg_cmd *,
371 struct ieee80211_node *);
372 static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state);
373 static int iwm_send_bt_init_conf(struct iwm_softc *);
374 static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *);
375 static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t);
376 static int iwm_init_hw(struct iwm_softc *);
377 static void iwm_init(struct iwm_softc *);
378 static void iwm_start(struct iwm_softc *);
379 static void iwm_stop(struct iwm_softc *);
380 static void iwm_watchdog(void *);
381 static void iwm_parent(struct ieee80211com *);
384 iwm_desc_lookup(uint32_t);
385 static void iwm_nic_error(struct iwm_softc *);
386 static void iwm_nic_umac_error(struct iwm_softc *);
388 static void iwm_notif_intr(struct iwm_softc *);
389 static void iwm_intr(void *);
390 static int iwm_attach(device_t);
391 static int iwm_is_valid_ether_addr(uint8_t *);
392 static void iwm_preinit(void *);
393 static int iwm_detach_local(struct iwm_softc *sc, int);
394 static void iwm_init_task(void *);
395 static void iwm_radiotap_attach(struct iwm_softc *);
396 static struct ieee80211vap *
397 iwm_vap_create(struct ieee80211com *,
398 const char [IFNAMSIZ], int,
399 enum ieee80211_opmode, int,
400 const uint8_t [IEEE80211_ADDR_LEN],
401 const uint8_t [IEEE80211_ADDR_LEN]);
402 static void iwm_vap_delete(struct ieee80211vap *);
403 static void iwm_scan_start(struct ieee80211com *);
404 static void iwm_scan_end(struct ieee80211com *);
405 static void iwm_update_mcast(struct ieee80211com *);
406 static void iwm_set_channel(struct ieee80211com *);
407 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
408 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
409 static int iwm_detach(device_t);
416 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
418 const struct iwm_fw_cscheme_list *l = (const void *)data;
420 if (dlen < sizeof(*l) ||
421 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
424 /* we don't actually store anything for now, always use s/w crypto */
430 iwm_firmware_store_section(struct iwm_softc *sc,
431 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
433 struct iwm_fw_sects *fws;
434 struct iwm_fw_desc *fwone;
436 if (type >= IWM_UCODE_TYPE_MAX)
438 if (dlen < sizeof(uint32_t))
441 fws = &sc->sc_fw.fw_sects[type];
442 if (fws->fw_count >= IWM_UCODE_SECTION_MAX)
445 fwone = &fws->fw_sect[fws->fw_count];
447 /* first 32bit are device load offset */
448 memcpy(&fwone->offset, data, sizeof(uint32_t));
451 fwone->data = data + sizeof(uint32_t);
452 fwone->len = dlen - sizeof(uint32_t);
459 #define IWM_DEFAULT_SCAN_CHANNELS 40
461 /* iwlwifi: iwl-drv.c */
462 struct iwm_tlv_calib_data {
464 struct iwm_tlv_calib_ctrl calib;
468 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
470 const struct iwm_tlv_calib_data *def_calib = data;
471 uint32_t ucode_type = le32toh(def_calib->ucode_type);
473 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
474 device_printf(sc->sc_dev,
475 "Wrong ucode_type %u for default "
476 "calibration.\n", ucode_type);
480 sc->sc_default_calib[ucode_type].flow_trigger =
481 def_calib->calib.flow_trigger;
482 sc->sc_default_calib[ucode_type].event_trigger =
483 def_calib->calib.event_trigger;
489 iwm_set_ucode_api_flags(struct iwm_softc *sc, const uint8_t *data,
490 struct iwm_ucode_capabilities *capa)
492 const struct iwm_ucode_api *ucode_api = (const void *)data;
493 uint32_t api_index = le32toh(ucode_api->api_index);
494 uint32_t api_flags = le32toh(ucode_api->api_flags);
497 if (api_index >= howmany(IWM_NUM_UCODE_TLV_API, 32)) {
498 device_printf(sc->sc_dev,
499 "api flags index %d larger than supported by driver\n",
501 /* don't return an error so we can load FW that has more bits */
505 for (i = 0; i < 32; i++) {
506 if (api_flags & (1U << i))
507 setbit(capa->enabled_api, i + 32 * api_index);
514 iwm_set_ucode_capabilities(struct iwm_softc *sc, const uint8_t *data,
515 struct iwm_ucode_capabilities *capa)
517 const struct iwm_ucode_capa *ucode_capa = (const void *)data;
518 uint32_t api_index = le32toh(ucode_capa->api_index);
519 uint32_t api_flags = le32toh(ucode_capa->api_capa);
522 if (api_index >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) {
523 device_printf(sc->sc_dev,
524 "capa flags index %d larger than supported by driver\n",
526 /* don't return an error so we can load FW that has more bits */
530 for (i = 0; i < 32; i++) {
531 if (api_flags & (1U << i))
532 setbit(capa->enabled_capa, i + 32 * api_index);
539 iwm_fw_info_free(struct iwm_fw_info *fw)
541 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD);
543 /* don't touch fw->fw_status */
544 memset(fw->fw_sects, 0, sizeof(fw->fw_sects));
548 iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
550 struct iwm_fw_info *fw = &sc->sc_fw;
551 const struct iwm_tlv_ucode_header *uhdr;
552 struct iwm_ucode_tlv tlv;
553 struct iwm_ucode_capabilities *capa = &sc->ucode_capa;
554 enum iwm_ucode_tlv_type tlv_type;
555 const struct firmware *fwp;
557 uint32_t usniffer_img;
558 uint32_t paging_mem_size;
563 if (fw->fw_status == IWM_FW_STATUS_DONE &&
564 ucode_type != IWM_UCODE_INIT)
567 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS)
568 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0);
569 fw->fw_status = IWM_FW_STATUS_INPROGRESS;
571 if (fw->fw_fp != NULL)
572 iwm_fw_info_free(fw);
575 * Load firmware into driver memory.
579 fwp = firmware_get(sc->cfg->fw_name);
582 device_printf(sc->sc_dev,
583 "could not read firmware %s (error %d)\n",
584 sc->cfg->fw_name, error);
589 /* (Re-)Initialize default values. */
591 capa->max_probe_length = IWM_DEFAULT_MAX_PROBE_LENGTH;
592 capa->n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS;
593 memset(capa->enabled_capa, 0, sizeof(capa->enabled_capa));
594 memset(capa->enabled_api, 0, sizeof(capa->enabled_api));
595 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc));
598 * Parse firmware contents
601 uhdr = (const void *)fw->fw_fp->data;
602 if (*(const uint32_t *)fw->fw_fp->data != 0
603 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
604 device_printf(sc->sc_dev, "invalid firmware %s\n",
610 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)",
611 IWM_UCODE_MAJOR(le32toh(uhdr->ver)),
612 IWM_UCODE_MINOR(le32toh(uhdr->ver)),
613 IWM_UCODE_API(le32toh(uhdr->ver)));
615 len = fw->fw_fp->datasize - sizeof(*uhdr);
617 while (len >= sizeof(tlv)) {
619 const void *tlv_data;
621 memcpy(&tlv, data, sizeof(tlv));
622 tlv_len = le32toh(tlv.length);
623 tlv_type = le32toh(tlv.type);
630 device_printf(sc->sc_dev,
631 "firmware too short: %zu bytes\n",
637 switch ((int)tlv_type) {
638 case IWM_UCODE_TLV_PROBE_MAX_LEN:
639 if (tlv_len < sizeof(uint32_t)) {
640 device_printf(sc->sc_dev,
641 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n",
647 capa->max_probe_length =
648 le32toh(*(const uint32_t *)tlv_data);
649 /* limit it to something sensible */
650 if (capa->max_probe_length >
651 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) {
652 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
653 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
654 "ridiculous\n", __func__);
659 case IWM_UCODE_TLV_PAN:
661 device_printf(sc->sc_dev,
662 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n",
668 capa->flags |= IWM_UCODE_TLV_FLAGS_PAN;
670 case IWM_UCODE_TLV_FLAGS:
671 if (tlv_len < sizeof(uint32_t)) {
672 device_printf(sc->sc_dev,
673 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n",
680 * Apparently there can be many flags, but Linux driver
681 * parses only the first one, and so do we.
683 * XXX: why does this override IWM_UCODE_TLV_PAN?
684 * Intentional or a bug? Observations from
685 * current firmware file:
686 * 1) TLV_PAN is parsed first
687 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
688 * ==> this resets TLV_PAN to itself... hnnnk
690 capa->flags = le32toh(*(const uint32_t *)tlv_data);
692 case IWM_UCODE_TLV_CSCHEME:
693 if ((error = iwm_store_cscheme(sc,
694 tlv_data, tlv_len)) != 0) {
695 device_printf(sc->sc_dev,
696 "%s: iwm_store_cscheme(): returned %d\n",
702 case IWM_UCODE_TLV_NUM_OF_CPU:
703 if (tlv_len != sizeof(uint32_t)) {
704 device_printf(sc->sc_dev,
705 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) != sizeof(uint32_t)\n",
711 num_of_cpus = le32toh(*(const uint32_t *)tlv_data);
712 if (num_of_cpus == 2) {
713 fw->fw_sects[IWM_UCODE_REGULAR].is_dual_cpus =
715 fw->fw_sects[IWM_UCODE_INIT].is_dual_cpus =
717 fw->fw_sects[IWM_UCODE_WOWLAN].is_dual_cpus =
719 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) {
720 device_printf(sc->sc_dev,
721 "%s: Driver supports only 1 or 2 CPUs\n",
727 case IWM_UCODE_TLV_SEC_RT:
728 if ((error = iwm_firmware_store_section(sc,
729 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) {
730 device_printf(sc->sc_dev,
731 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n",
737 case IWM_UCODE_TLV_SEC_INIT:
738 if ((error = iwm_firmware_store_section(sc,
739 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) {
740 device_printf(sc->sc_dev,
741 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n",
747 case IWM_UCODE_TLV_SEC_WOWLAN:
748 if ((error = iwm_firmware_store_section(sc,
749 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) {
750 device_printf(sc->sc_dev,
751 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n",
757 case IWM_UCODE_TLV_DEF_CALIB:
758 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
759 device_printf(sc->sc_dev,
760 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n",
763 (int) sizeof(struct iwm_tlv_calib_data));
767 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
768 device_printf(sc->sc_dev,
769 "%s: iwm_set_default_calib() failed: %d\n",
775 case IWM_UCODE_TLV_PHY_SKU:
776 if (tlv_len != sizeof(uint32_t)) {
778 device_printf(sc->sc_dev,
779 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n",
784 sc->sc_fw.phy_config =
785 le32toh(*(const uint32_t *)tlv_data);
786 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config &
787 IWM_FW_PHY_CFG_TX_CHAIN) >>
788 IWM_FW_PHY_CFG_TX_CHAIN_POS;
789 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config &
790 IWM_FW_PHY_CFG_RX_CHAIN) >>
791 IWM_FW_PHY_CFG_RX_CHAIN_POS;
794 case IWM_UCODE_TLV_API_CHANGES_SET: {
795 if (tlv_len != sizeof(struct iwm_ucode_api)) {
799 if (iwm_set_ucode_api_flags(sc, tlv_data, capa)) {
806 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: {
807 if (tlv_len != sizeof(struct iwm_ucode_capa)) {
811 if (iwm_set_ucode_capabilities(sc, tlv_data, capa)) {
818 case 48: /* undocumented TLV */
819 case IWM_UCODE_TLV_SDIO_ADMA_ADDR:
820 case IWM_UCODE_TLV_FW_GSCAN_CAPA:
821 /* ignore, not used by current driver */
824 case IWM_UCODE_TLV_SEC_RT_USNIFFER:
825 if ((error = iwm_firmware_store_section(sc,
826 IWM_UCODE_REGULAR_USNIFFER, tlv_data,
831 case IWM_UCODE_TLV_PAGING:
832 if (tlv_len != sizeof(uint32_t)) {
836 paging_mem_size = le32toh(*(const uint32_t *)tlv_data);
838 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
839 "%s: Paging: paging enabled (size = %u bytes)\n",
840 __func__, paging_mem_size);
841 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) {
842 device_printf(sc->sc_dev,
843 "%s: Paging: driver supports up to %u bytes for paging image\n",
844 __func__, IWM_MAX_PAGING_IMAGE_SIZE);
848 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) {
849 device_printf(sc->sc_dev,
850 "%s: Paging: image isn't multiple %u\n",
851 __func__, IWM_FW_PAGING_SIZE);
856 sc->sc_fw.fw_sects[IWM_UCODE_REGULAR].paging_mem_size =
858 usniffer_img = IWM_UCODE_REGULAR_USNIFFER;
859 sc->sc_fw.fw_sects[usniffer_img].paging_mem_size =
863 case IWM_UCODE_TLV_N_SCAN_CHANNELS:
864 if (tlv_len != sizeof(uint32_t)) {
868 capa->n_scan_channels =
869 le32toh(*(const uint32_t *)tlv_data);
872 case IWM_UCODE_TLV_FW_VERSION:
873 if (tlv_len != sizeof(uint32_t) * 3) {
877 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver),
879 le32toh(((const uint32_t *)tlv_data)[0]),
880 le32toh(((const uint32_t *)tlv_data)[1]),
881 le32toh(((const uint32_t *)tlv_data)[2]));
884 case IWM_UCODE_TLV_FW_MEM_SEG:
888 device_printf(sc->sc_dev,
889 "%s: unknown firmware section %d, abort\n",
895 len -= roundup(tlv_len, 4);
896 data += roundup(tlv_len, 4);
899 KASSERT(error == 0, ("unhandled error"));
903 device_printf(sc->sc_dev, "firmware parse error %d, "
904 "section type %d\n", error, tlv_type);
909 fw->fw_status = IWM_FW_STATUS_NONE;
910 if (fw->fw_fp != NULL)
911 iwm_fw_info_free(fw);
913 fw->fw_status = IWM_FW_STATUS_DONE;
920 * DMA resource routines
923 /* fwmem is used to load firmware onto the card */
925 iwm_alloc_fwmem(struct iwm_softc *sc)
927 /* Must be aligned on a 16-byte boundary. */
928 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
929 IWM_FH_MEM_TB_MAX_LENGTH, 16);
932 /* tx scheduler rings. not used? */
934 iwm_alloc_sched(struct iwm_softc *sc)
936 /* TX scheduler rings must be aligned on a 1KB boundary. */
937 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
938 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
941 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
943 iwm_alloc_kw(struct iwm_softc *sc)
945 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
948 /* interrupt cause table */
950 iwm_alloc_ict(struct iwm_softc *sc)
952 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
953 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
957 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
964 /* Allocate RX descriptors (256-byte aligned). */
965 size = IWM_RX_RING_COUNT * sizeof(uint32_t);
966 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
968 device_printf(sc->sc_dev,
969 "could not allocate RX ring DMA memory\n");
972 ring->desc = ring->desc_dma.vaddr;
974 /* Allocate RX status area (16-byte aligned). */
975 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
976 sizeof(*ring->stat), 16);
978 device_printf(sc->sc_dev,
979 "could not allocate RX status DMA memory\n");
982 ring->stat = ring->stat_dma.vaddr;
984 /* Create RX buffer DMA tag. */
985 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
986 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
987 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat);
989 device_printf(sc->sc_dev,
990 "%s: could not create RX buf DMA tag, error %d\n",
995 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */
996 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map);
998 device_printf(sc->sc_dev,
999 "%s: could not create RX buf DMA map, error %d\n",
1004 * Allocate and map RX buffers.
1006 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1007 struct iwm_rx_data *data = &ring->data[i];
1008 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1010 device_printf(sc->sc_dev,
1011 "%s: could not create RX buf DMA map, error %d\n",
1017 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
1023 fail: iwm_free_rx_ring(sc, ring);
1028 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1030 /* Reset the ring state */
1034 * The hw rx ring index in shared memory must also be cleared,
1035 * otherwise the discrepancy can cause reprocessing chaos.
1037 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1041 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1045 iwm_dma_contig_free(&ring->desc_dma);
1046 iwm_dma_contig_free(&ring->stat_dma);
1048 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1049 struct iwm_rx_data *data = &ring->data[i];
1051 if (data->m != NULL) {
1052 bus_dmamap_sync(ring->data_dmat, data->map,
1053 BUS_DMASYNC_POSTREAD);
1054 bus_dmamap_unload(ring->data_dmat, data->map);
1058 if (data->map != NULL) {
1059 bus_dmamap_destroy(ring->data_dmat, data->map);
1063 if (ring->spare_map != NULL) {
1064 bus_dmamap_destroy(ring->data_dmat, ring->spare_map);
1065 ring->spare_map = NULL;
1067 if (ring->data_dmat != NULL) {
1068 bus_dma_tag_destroy(ring->data_dmat);
1069 ring->data_dmat = NULL;
1074 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
1086 /* Allocate TX descriptors (256-byte aligned). */
1087 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
1088 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1090 device_printf(sc->sc_dev,
1091 "could not allocate TX ring DMA memory\n");
1094 ring->desc = ring->desc_dma.vaddr;
1097 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
1098 * to allocate commands space for other rings.
1100 if (qid > IWM_MVM_CMD_QUEUE)
1103 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
1104 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
1106 device_printf(sc->sc_dev,
1107 "could not allocate TX cmd DMA memory\n");
1110 ring->cmd = ring->cmd_dma.vaddr;
1112 /* FW commands may require more mapped space than packets. */
1113 if (qid == IWM_MVM_CMD_QUEUE) {
1114 maxsize = IWM_RBUF_SIZE;
1118 nsegments = IWM_MAX_SCATTER - 2;
1121 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
1122 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize,
1123 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat);
1125 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
1129 paddr = ring->cmd_dma.paddr;
1130 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1131 struct iwm_tx_data *data = &ring->data[i];
1133 data->cmd_paddr = paddr;
1134 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
1135 + offsetof(struct iwm_tx_cmd, scratch);
1136 paddr += sizeof(struct iwm_device_cmd);
1138 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1140 device_printf(sc->sc_dev,
1141 "could not create TX buf DMA map\n");
1145 KASSERT(paddr == ring->cmd_dma.paddr + size,
1146 ("invalid physical address"));
1149 fail: iwm_free_tx_ring(sc, ring);
1154 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1158 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1159 struct iwm_tx_data *data = &ring->data[i];
1161 if (data->m != NULL) {
1162 bus_dmamap_sync(ring->data_dmat, data->map,
1163 BUS_DMASYNC_POSTWRITE);
1164 bus_dmamap_unload(ring->data_dmat, data->map);
1169 /* Clear TX descriptors. */
1170 memset(ring->desc, 0, ring->desc_dma.size);
1171 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1172 BUS_DMASYNC_PREWRITE);
1173 sc->qfullmsk &= ~(1 << ring->qid);
1177 if (ring->qid == IWM_MVM_CMD_QUEUE && sc->cmd_hold_nic_awake)
1178 iwm_pcie_clear_cmd_in_flight(sc);
1182 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1186 iwm_dma_contig_free(&ring->desc_dma);
1187 iwm_dma_contig_free(&ring->cmd_dma);
1189 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1190 struct iwm_tx_data *data = &ring->data[i];
1192 if (data->m != NULL) {
1193 bus_dmamap_sync(ring->data_dmat, data->map,
1194 BUS_DMASYNC_POSTWRITE);
1195 bus_dmamap_unload(ring->data_dmat, data->map);
1199 if (data->map != NULL) {
1200 bus_dmamap_destroy(ring->data_dmat, data->map);
1204 if (ring->data_dmat != NULL) {
1205 bus_dma_tag_destroy(ring->data_dmat);
1206 ring->data_dmat = NULL;
1211 * High-level hardware frobbing routines
1215 iwm_enable_interrupts(struct iwm_softc *sc)
1217 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1218 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1222 iwm_restore_interrupts(struct iwm_softc *sc)
1224 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1228 iwm_disable_interrupts(struct iwm_softc *sc)
1230 /* disable interrupts */
1231 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1233 /* acknowledge all interrupts */
1234 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1235 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1239 iwm_ict_reset(struct iwm_softc *sc)
1241 iwm_disable_interrupts(sc);
1243 /* Reset ICT table. */
1244 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1247 /* Set physical address of ICT table (4KB aligned). */
1248 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1249 IWM_CSR_DRAM_INT_TBL_ENABLE
1250 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER
1251 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1252 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1254 /* Switch to ICT interrupt mode in driver. */
1255 sc->sc_flags |= IWM_FLAG_USE_ICT;
1257 /* Re-enable interrupts. */
1258 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1259 iwm_enable_interrupts(sc);
1262 /* iwlwifi pcie/trans.c */
1265 * Since this .. hard-resets things, it's time to actually
1266 * mark the first vap (if any) as having no mac context.
1267 * It's annoying, but since the driver is potentially being
1268 * stop/start'ed whilst active (thanks openbsd port!) we
1269 * have to correctly track this.
1272 iwm_stop_device(struct iwm_softc *sc)
1274 struct ieee80211com *ic = &sc->sc_ic;
1275 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1279 /* tell the device to stop sending interrupts */
1280 iwm_disable_interrupts(sc);
1283 * FreeBSD-local: mark the first vap as not-uploaded,
1284 * so the next transition through auth/assoc
1285 * will correctly populate the MAC context.
1288 struct iwm_vap *iv = IWM_VAP(vap);
1289 iv->phy_ctxt = NULL;
1290 iv->is_uploaded = 0;
1293 /* device going down, Stop using ICT table */
1294 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1296 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1298 if (iwm_nic_lock(sc)) {
1299 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1301 /* Stop each Tx DMA channel */
1302 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1304 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1305 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl);
1308 /* Wait for DMA channels to be idle */
1309 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask,
1311 device_printf(sc->sc_dev,
1312 "Failing on timeout while stopping DMA channel: [0x%08x]\n",
1313 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG));
1317 iwm_pcie_rx_stop(sc);
1320 iwm_reset_rx_ring(sc, &sc->rxq);
1322 /* Reset all TX rings. */
1323 for (qid = 0; qid < nitems(sc->txq); qid++)
1324 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1326 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1327 /* Power-down device's busmaster DMA clocks */
1328 if (iwm_nic_lock(sc)) {
1329 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG,
1330 IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1336 /* Make sure (redundant) we've released our request to stay awake */
1337 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1338 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1340 /* Stop the device, and put it in low power state */
1343 /* Upon stop, the APM issues an interrupt if HW RF kill is set.
1344 * Clean again the interrupt here
1346 iwm_disable_interrupts(sc);
1347 /* stop and reset the on-board processor */
1348 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1351 * Even if we stop the HW, we still want the RF kill
1354 iwm_enable_rfkill_int(sc);
1355 iwm_check_rfkill(sc);
1358 /* iwlwifi: mvm/ops.c */
1360 iwm_mvm_nic_config(struct iwm_softc *sc)
1362 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1363 uint32_t reg_val = 0;
1364 uint32_t phy_config = iwm_mvm_get_phy_config(sc);
1366 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1367 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1368 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1369 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1370 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1371 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1374 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1375 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1376 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1377 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1379 /* radio configuration */
1380 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1381 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1382 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1384 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val);
1386 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1387 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1388 radio_cfg_step, radio_cfg_dash);
1391 * W/A : NIC is stuck in a reset state after Early PCIe power off
1392 * (PCIe power is lost before PERST# is asserted), causing ME FW
1393 * to lose ownership and not being able to obtain it back.
1395 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1396 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1397 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1398 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1403 iwm_nic_rx_init(struct iwm_softc *sc)
1406 * Initialize RX ring. This is from the iwn driver.
1408 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1411 iwm_pcie_rx_stop(sc);
1413 if (!iwm_nic_lock(sc))
1416 /* reset and flush pointers */
1417 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1418 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1419 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1420 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1422 /* Set physical address of RX ring (256-byte aligned). */
1424 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8);
1426 /* Set physical address of RX status (16-byte aligned). */
1428 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1431 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1432 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1433 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1434 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1435 IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK |
1436 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1437 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1438 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1440 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1442 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1443 if (sc->cfg->host_interrupt_operation_mode)
1444 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1447 * Thus sayeth el jefe (iwlwifi) via a comment:
1449 * This value should initially be 0 (before preparing any
1450 * RBs), should be 8 after preparing the first 8 RBs (for example)
1452 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1460 iwm_nic_tx_init(struct iwm_softc *sc)
1464 if (!iwm_nic_lock(sc))
1467 /* Deactivate TX scheduler. */
1468 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1470 /* Set physical address of "keep warm" page (16-byte aligned). */
1471 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1473 /* Initialize TX rings. */
1474 for (qid = 0; qid < nitems(sc->txq); qid++) {
1475 struct iwm_tx_ring *txq = &sc->txq[qid];
1477 /* Set physical address of TX ring (256-byte aligned). */
1478 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1479 txq->desc_dma.paddr >> 8);
1480 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1481 "%s: loading ring %d descriptors (%p) at %lx\n",
1484 (unsigned long) (txq->desc_dma.paddr >> 8));
1487 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE);
1495 iwm_nic_init(struct iwm_softc *sc)
1500 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1503 iwm_mvm_nic_config(sc);
1505 if ((error = iwm_nic_rx_init(sc)) != 0)
1509 * Ditto for TX, from iwn
1511 if ((error = iwm_nic_tx_init(sc)) != 0)
1514 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1515 "%s: shadow registers enabled\n", __func__);
1516 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1521 const uint8_t iwm_mvm_ac_to_tx_fifo[] = {
1529 iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo)
1531 if (!iwm_nic_lock(sc)) {
1532 device_printf(sc->sc_dev,
1533 "%s: cannot enable txq %d\n",
1539 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1541 if (qid == IWM_MVM_CMD_QUEUE) {
1542 /* unactivate before configuration */
1543 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1544 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE)
1545 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1549 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid));
1551 if (!iwm_nic_lock(sc)) {
1552 device_printf(sc->sc_dev,
1553 "%s: cannot enable txq %d\n", __func__, qid);
1556 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1559 iwm_write_mem32(sc, sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1560 /* Set scheduler window size and frame limit. */
1562 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1564 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1565 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1566 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1567 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1569 if (!iwm_nic_lock(sc)) {
1570 device_printf(sc->sc_dev,
1571 "%s: cannot enable txq %d\n", __func__, qid);
1574 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1575 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1576 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1577 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1578 IWM_SCD_QUEUE_STTS_REG_MSK);
1580 struct iwm_scd_txq_cfg_cmd cmd;
1585 memset(&cmd, 0, sizeof(cmd));
1586 cmd.scd_queue = qid;
1588 cmd.sta_id = sta_id;
1591 cmd.window = IWM_FRAME_LIMIT;
1593 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC,
1596 device_printf(sc->sc_dev,
1597 "cannot enable txq %d\n", qid);
1601 if (!iwm_nic_lock(sc))
1605 iwm_write_prph(sc, IWM_SCD_EN_CTRL,
1606 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid);
1610 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n",
1611 __func__, qid, fifo);
1617 iwm_trans_pcie_fw_alive(struct iwm_softc *sc, uint32_t scd_base_addr)
1621 int clear_dwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1622 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t);
1624 if (!iwm_nic_lock(sc))
1629 sc->scd_base_addr = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR);
1630 if (scd_base_addr != 0 &&
1631 scd_base_addr != sc->scd_base_addr) {
1632 device_printf(sc->sc_dev,
1633 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n",
1634 __func__, sc->scd_base_addr, scd_base_addr);
1639 /* reset context data, TX status and translation data */
1640 error = iwm_write_mem(sc,
1641 sc->scd_base_addr + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1642 NULL, clear_dwords);
1646 if (!iwm_nic_lock(sc))
1649 /* Set physical address of TX scheduler rings (1KB aligned). */
1650 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1652 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1656 /* enable command channel */
1657 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7);
1661 if (!iwm_nic_lock(sc))
1664 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1666 /* Enable DMA channels. */
1667 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1668 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1669 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1670 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1673 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1674 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1678 /* Enable L1-Active */
1679 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
1680 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1681 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1688 * NVM read access and content parsing. We do not support
1689 * external NVM or writing NVM.
1693 /* Default NVM size to read */
1694 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1696 #define IWM_NVM_WRITE_OPCODE 1
1697 #define IWM_NVM_READ_OPCODE 0
1699 /* load nvm chunk response */
1701 IWM_READ_NVM_CHUNK_SUCCEED = 0,
1702 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1
1706 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1707 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1709 struct iwm_nvm_access_cmd nvm_access_cmd = {
1710 .offset = htole16(offset),
1711 .length = htole16(length),
1712 .type = htole16(section),
1713 .op_code = IWM_NVM_READ_OPCODE,
1715 struct iwm_nvm_access_resp *nvm_resp;
1716 struct iwm_rx_packet *pkt;
1717 struct iwm_host_cmd cmd = {
1718 .id = IWM_NVM_ACCESS_CMD,
1719 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL,
1720 .data = { &nvm_access_cmd, },
1722 int ret, bytes_read, offset_read;
1725 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1727 ret = iwm_send_cmd(sc, &cmd);
1729 device_printf(sc->sc_dev,
1730 "Could not send NVM_ACCESS command (error=%d)\n", ret);
1736 /* Extract NVM response */
1737 nvm_resp = (void *)pkt->data;
1738 ret = le16toh(nvm_resp->status);
1739 bytes_read = le16toh(nvm_resp->length);
1740 offset_read = le16toh(nvm_resp->offset);
1741 resp_data = nvm_resp->data;
1743 if ((offset != 0) &&
1744 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) {
1746 * meaning of NOT_VALID_ADDRESS:
1747 * driver try to read chunk from address that is
1748 * multiple of 2K and got an error since addr is empty.
1749 * meaning of (offset != 0): driver already
1750 * read valid data from another chunk so this case
1753 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1754 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n",
1759 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1760 "NVM access command failed with status %d\n", ret);
1766 if (offset_read != offset) {
1767 device_printf(sc->sc_dev,
1768 "NVM ACCESS response with invalid offset %d\n",
1774 if (bytes_read > length) {
1775 device_printf(sc->sc_dev,
1776 "NVM ACCESS response with too much data "
1777 "(%d bytes requested, %d bytes received)\n",
1778 length, bytes_read);
1783 /* Write data to NVM */
1784 memcpy(data + offset, resp_data, bytes_read);
1788 iwm_free_resp(sc, &cmd);
1793 * Reads an NVM section completely.
1794 * NICs prior to 7000 family don't have a real NVM, but just read
1795 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1796 * by uCode, we need to manually check in this case that we don't
1797 * overflow and try to read more than the EEPROM size.
1798 * For 7000 family NICs, we supply the maximal size we can read, and
1799 * the uCode fills the response with as much data as we can,
1800 * without overflowing, so no check is needed.
1803 iwm_nvm_read_section(struct iwm_softc *sc,
1804 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read)
1806 uint16_t seglen, length, offset = 0;
1809 /* Set nvm section read length */
1810 length = IWM_NVM_DEFAULT_CHUNK_SIZE;
1814 /* Read the NVM until exhausted (reading less than requested) */
1815 while (seglen == length) {
1816 /* Check no memory assumptions fail and cause an overflow */
1817 if ((size_read + offset + length) >
1818 sc->cfg->eeprom_size) {
1819 device_printf(sc->sc_dev,
1820 "EEPROM size is too small for NVM\n");
1824 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen);
1826 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1827 "Cannot read NVM from section %d offset %d, length %d\n",
1828 section, offset, length);
1834 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1835 "NVM section %d read completed\n", section);
1841 * BEGIN IWM_NVM_PARSE
1844 /* iwlwifi/iwl-nvm-parse.c */
1846 /* NVM offsets (in words) definitions */
1847 enum iwm_nvm_offsets {
1848 /* NVM HW-Section offset (in words) definitions */
1851 /* NVM SW-Section offset (in words) definitions */
1852 IWM_NVM_SW_SECTION = 0x1C0,
1853 IWM_NVM_VERSION = 0,
1857 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1859 /* NVM calibration section offset (in words) definitions */
1860 IWM_NVM_CALIB_SECTION = 0x2B8,
1861 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1864 enum iwm_8000_nvm_offsets {
1865 /* NVM HW-Section offset (in words) definitions */
1866 IWM_HW_ADDR0_WFPM_8000 = 0x12,
1867 IWM_HW_ADDR1_WFPM_8000 = 0x16,
1868 IWM_HW_ADDR0_PCIE_8000 = 0x8A,
1869 IWM_HW_ADDR1_PCIE_8000 = 0x8E,
1870 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1,
1872 /* NVM SW-Section offset (in words) definitions */
1873 IWM_NVM_SW_SECTION_8000 = 0x1C0,
1874 IWM_NVM_VERSION_8000 = 0,
1875 IWM_RADIO_CFG_8000 = 0,
1877 IWM_N_HW_ADDRS_8000 = 3,
1879 /* NVM REGULATORY -Section offset (in words) definitions */
1880 IWM_NVM_CHANNELS_8000 = 0,
1881 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7,
1882 IWM_NVM_LAR_OFFSET_8000 = 0x507,
1883 IWM_NVM_LAR_ENABLED_8000 = 0x7,
1885 /* NVM calibration section offset (in words) definitions */
1886 IWM_NVM_CALIB_SECTION_8000 = 0x2B8,
1887 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000
1890 /* SKU Capabilities (actual values from NVM definition) */
1892 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1893 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1894 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1895 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1898 /* radio config bits (actual values from NVM definition) */
1899 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1900 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1901 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1902 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1903 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1904 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1906 #define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF)
1907 #define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF)
1908 #define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF)
1909 #define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF)
1910 #define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF)
1911 #define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF)
1913 #define DEFAULT_MAX_TX_POWER 16
1916 * enum iwm_nvm_channel_flags - channel flags in NVM
1917 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1918 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1919 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1920 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1921 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c
1922 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1923 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1924 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1925 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1926 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1928 enum iwm_nvm_channel_flags {
1929 IWM_NVM_CHANNEL_VALID = (1 << 0),
1930 IWM_NVM_CHANNEL_IBSS = (1 << 1),
1931 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
1932 IWM_NVM_CHANNEL_RADAR = (1 << 4),
1933 IWM_NVM_CHANNEL_DFS = (1 << 7),
1934 IWM_NVM_CHANNEL_WIDE = (1 << 8),
1935 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
1936 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
1937 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
1941 * Translate EEPROM flags to net80211.
1944 iwm_eeprom_channel_flags(uint16_t ch_flags)
1949 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0)
1950 nflags |= IEEE80211_CHAN_PASSIVE;
1951 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0)
1952 nflags |= IEEE80211_CHAN_NOADHOC;
1953 if (ch_flags & IWM_NVM_CHANNEL_RADAR) {
1954 nflags |= IEEE80211_CHAN_DFS;
1956 nflags |= IEEE80211_CHAN_NOADHOC;
1963 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[],
1964 int maxchans, int *nchans, int ch_idx, size_t ch_num,
1965 const uint8_t bands[])
1967 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags;
1973 for (; ch_idx < ch_num; ch_idx++) {
1974 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
1975 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1976 ieee = iwm_nvm_channels[ch_idx];
1978 ieee = iwm_nvm_channels_8000[ch_idx];
1980 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
1981 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1982 "Ch. %d Flags %x [%sGHz] - No traffic\n",
1984 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1989 nflags = iwm_eeprom_channel_flags(ch_flags);
1990 error = ieee80211_add_channel(chans, maxchans, nchans,
1991 ieee, 0, 0, nflags, bands);
1995 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1996 "Ch. %d Flags %x [%sGHz] - Added\n",
1998 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
2004 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans,
2005 struct ieee80211_channel chans[])
2007 struct iwm_softc *sc = ic->ic_softc;
2008 struct iwm_nvm_data *data = sc->nvm_data;
2009 uint8_t bands[IEEE80211_MODE_BYTES];
2012 memset(bands, 0, sizeof(bands));
2013 /* 1-13: 11b/g channels. */
2014 setbit(bands, IEEE80211_MODE_11B);
2015 setbit(bands, IEEE80211_MODE_11G);
2016 iwm_add_channel_band(sc, chans, maxchans, nchans, 0,
2017 IWM_NUM_2GHZ_CHANNELS - 1, bands);
2019 /* 14: 11b channel only. */
2020 clrbit(bands, IEEE80211_MODE_11G);
2021 iwm_add_channel_band(sc, chans, maxchans, nchans,
2022 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands);
2024 if (data->sku_cap_band_52GHz_enable) {
2025 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
2026 ch_num = nitems(iwm_nvm_channels);
2028 ch_num = nitems(iwm_nvm_channels_8000);
2029 memset(bands, 0, sizeof(bands));
2030 setbit(bands, IEEE80211_MODE_11A);
2031 iwm_add_channel_band(sc, chans, maxchans, nchans,
2032 IWM_NUM_2GHZ_CHANNELS, ch_num, bands);
2037 iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data,
2038 const uint16_t *mac_override, const uint16_t *nvm_hw)
2040 const uint8_t *hw_addr;
2043 static const uint8_t reserved_mac[] = {
2044 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00
2047 hw_addr = (const uint8_t *)(mac_override +
2048 IWM_MAC_ADDRESS_OVERRIDE_8000);
2051 * Store the MAC address from MAO section.
2052 * No byte swapping is required in MAO section
2054 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr);
2057 * Force the use of the OTP MAC address in case of reserved MAC
2058 * address in the NVM, or if address is given but invalid.
2060 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) &&
2061 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) &&
2062 iwm_is_valid_ether_addr(data->hw_addr) &&
2063 !IEEE80211_IS_MULTICAST(data->hw_addr))
2066 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2067 "%s: mac address from nvm override section invalid\n",
2072 /* read the mac address from WFMP registers */
2073 uint32_t mac_addr0 =
2074 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0));
2075 uint32_t mac_addr1 =
2076 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1));
2078 hw_addr = (const uint8_t *)&mac_addr0;
2079 data->hw_addr[0] = hw_addr[3];
2080 data->hw_addr[1] = hw_addr[2];
2081 data->hw_addr[2] = hw_addr[1];
2082 data->hw_addr[3] = hw_addr[0];
2084 hw_addr = (const uint8_t *)&mac_addr1;
2085 data->hw_addr[4] = hw_addr[1];
2086 data->hw_addr[5] = hw_addr[0];
2091 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__);
2092 memset(data->hw_addr, 0, sizeof(data->hw_addr));
2096 iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2097 const uint16_t *phy_sku)
2099 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2100 return le16_to_cpup(nvm_sw + IWM_SKU);
2102 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000));
2106 iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2108 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2109 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
2111 return le32_to_cpup((const uint32_t *)(nvm_sw +
2112 IWM_NVM_VERSION_8000));
2116 iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2117 const uint16_t *phy_sku)
2119 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2120 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
2122 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000));
2126 iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2130 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2131 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
2133 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000));
2135 return n_hw_addr & IWM_N_HW_ADDR_MASK;
2139 iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data,
2142 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2143 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
2144 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
2145 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
2146 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
2150 /* set the radio configuration for family 8000 */
2151 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg);
2152 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg);
2153 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg);
2154 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg);
2155 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg);
2156 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg);
2160 iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data,
2161 const uint16_t *nvm_hw, const uint16_t *mac_override)
2163 #ifdef notyet /* for FAMILY 9000 */
2164 if (cfg->mac_addr_from_csr) {
2165 iwm_set_hw_address_from_csr(sc, data);
2168 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2169 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR);
2171 /* The byte order is little endian 16 bit, meaning 214365 */
2172 data->hw_addr[0] = hw_addr[1];
2173 data->hw_addr[1] = hw_addr[0];
2174 data->hw_addr[2] = hw_addr[3];
2175 data->hw_addr[3] = hw_addr[2];
2176 data->hw_addr[4] = hw_addr[5];
2177 data->hw_addr[5] = hw_addr[4];
2179 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw);
2182 if (!iwm_is_valid_ether_addr(data->hw_addr)) {
2183 device_printf(sc->sc_dev, "no valid mac address was found\n");
2190 static struct iwm_nvm_data *
2191 iwm_parse_nvm_data(struct iwm_softc *sc,
2192 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
2193 const uint16_t *nvm_calib, const uint16_t *mac_override,
2194 const uint16_t *phy_sku, const uint16_t *regulatory)
2196 struct iwm_nvm_data *data;
2197 uint32_t sku, radio_cfg;
2199 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2200 data = malloc(sizeof(*data) +
2201 IWM_NUM_CHANNELS * sizeof(uint16_t),
2202 M_DEVBUF, M_NOWAIT | M_ZERO);
2204 data = malloc(sizeof(*data) +
2205 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t),
2206 M_DEVBUF, M_NOWAIT | M_ZERO);
2211 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw);
2213 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku);
2214 iwm_set_radio_cfg(sc, data, radio_cfg);
2216 sku = iwm_get_sku(sc, nvm_sw, phy_sku);
2217 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
2218 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
2219 data->sku_cap_11n_enable = 0;
2221 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw);
2223 /* If no valid mac address was found - bail out */
2224 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) {
2225 free(data, M_DEVBUF);
2229 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2230 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS],
2231 IWM_NUM_CHANNELS * sizeof(uint16_t));
2233 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000],
2234 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t));
2241 iwm_free_nvm_data(struct iwm_nvm_data *data)
2244 free(data, M_DEVBUF);
2247 static struct iwm_nvm_data *
2248 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
2250 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku;
2252 /* Checking for required sections */
2253 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2254 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2255 !sections[sc->cfg->nvm_hw_section_num].data) {
2256 device_printf(sc->sc_dev,
2257 "Can't parse empty OTP/NVM sections\n");
2260 } else if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
2261 /* SW and REGULATORY sections are mandatory */
2262 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2263 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) {
2264 device_printf(sc->sc_dev,
2265 "Can't parse empty OTP/NVM sections\n");
2268 /* MAC_OVERRIDE or at least HW section must exist */
2269 if (!sections[sc->cfg->nvm_hw_section_num].data &&
2270 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) {
2271 device_printf(sc->sc_dev,
2272 "Can't parse mac_address, empty sections\n");
2276 /* PHY_SKU section is mandatory in B0 */
2277 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) {
2278 device_printf(sc->sc_dev,
2279 "Can't parse phy_sku in B0, empty sections\n");
2283 panic("unknown device family %d\n", sc->cfg->device_family);
2286 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data;
2287 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
2288 calib = (const uint16_t *)
2289 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
2290 regulatory = (const uint16_t *)
2291 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data;
2292 mac_override = (const uint16_t *)
2293 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data;
2294 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data;
2296 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override,
2297 phy_sku, regulatory);
2301 iwm_nvm_init(struct iwm_softc *sc)
2303 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS];
2304 int i, ret, section;
2305 uint32_t size_read = 0;
2306 uint8_t *nvm_buffer, *temp;
2309 memset(nvm_sections, 0, sizeof(nvm_sections));
2311 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS)
2314 /* load NVM values from nic */
2315 /* Read From FW NVM */
2316 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n");
2318 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO);
2321 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) {
2322 /* we override the constness for initial read */
2323 ret = iwm_nvm_read_section(sc, section, nvm_buffer,
2328 temp = malloc(len, M_DEVBUF, M_NOWAIT);
2333 memcpy(temp, nvm_buffer, len);
2335 nvm_sections[section].data = temp;
2336 nvm_sections[section].length = len;
2339 device_printf(sc->sc_dev, "OTP is blank\n");
2340 free(nvm_buffer, M_DEVBUF);
2342 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections);
2345 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
2346 "nvm version = %x\n", sc->nvm_data->nvm_version);
2348 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) {
2349 if (nvm_sections[i].data != NULL)
2350 free(nvm_sections[i].data, M_DEVBUF);
2357 iwm_pcie_load_section(struct iwm_softc *sc, uint8_t section_num,
2358 const struct iwm_fw_desc *section)
2360 struct iwm_dma_info *dma = &sc->fw_dma;
2363 uint32_t offset, chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, section->len);
2366 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2367 "%s: [%d] uCode section being loaded...\n",
2368 __func__, section_num);
2370 v_addr = dma->vaddr;
2371 p_addr = dma->paddr;
2373 for (offset = 0; offset < section->len; offset += chunk_sz) {
2374 uint32_t copy_size, dst_addr;
2375 int extended_addr = FALSE;
2377 copy_size = MIN(chunk_sz, section->len - offset);
2378 dst_addr = section->offset + offset;
2380 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2381 dst_addr <= IWM_FW_MEM_EXTENDED_END)
2382 extended_addr = TRUE;
2385 iwm_set_bits_prph(sc, IWM_LMPM_CHICK,
2386 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2388 memcpy(v_addr, (const uint8_t *)section->data + offset,
2390 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
2391 ret = iwm_pcie_load_firmware_chunk(sc, dst_addr, p_addr,
2395 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK,
2396 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2399 device_printf(sc->sc_dev,
2400 "%s: Could not load the [%d] uCode section\n",
2401 __func__, section_num);
2413 iwm_pcie_load_firmware_chunk(struct iwm_softc *sc, uint32_t dst_addr,
2414 bus_addr_t phy_addr, uint32_t byte_cnt)
2418 sc->sc_fw_chunk_done = 0;
2420 if (!iwm_nic_lock(sc))
2423 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2424 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
2426 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
2429 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
2430 phy_addr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
2432 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
2433 (iwm_get_dma_hi_addr(phy_addr)
2434 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
2436 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
2437 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
2438 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
2439 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
2441 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2442 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
2443 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
2444 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
2448 /* wait up to 5s for this segment to load */
2450 while (!sc->sc_fw_chunk_done) {
2451 ret = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz);
2457 device_printf(sc->sc_dev,
2458 "fw chunk addr 0x%x len %d failed to load\n",
2459 dst_addr, byte_cnt);
2467 iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
2468 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section)
2471 int i, ret = 0, sec_num = 0x1;
2472 uint32_t val, last_read_idx = 0;
2476 *first_ucode_section = 0;
2479 (*first_ucode_section)++;
2482 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2486 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2488 * PAGING_SEPARATOR_SECTION delimiter - separate between
2489 * CPU2 non paged to CPU2 paging sec.
2491 if (!image->fw_sect[i].data ||
2492 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2493 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2494 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2495 "Break since Data not valid or Empty section, sec = %d\n",
2499 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]);
2503 /* Notify the ucode of the loaded section number and status */
2504 if (iwm_nic_lock(sc)) {
2505 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS);
2506 val = val | (sec_num << shift_param);
2507 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val);
2508 sec_num = (sec_num << 1) | 0x1;
2513 *first_ucode_section = last_read_idx;
2515 iwm_enable_interrupts(sc);
2517 if (iwm_nic_lock(sc)) {
2519 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF);
2521 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
2529 iwm_pcie_load_cpu_sections(struct iwm_softc *sc,
2530 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section)
2534 uint32_t last_read_idx = 0;
2538 *first_ucode_section = 0;
2541 (*first_ucode_section)++;
2544 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2548 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2550 * PAGING_SEPARATOR_SECTION delimiter - separate between
2551 * CPU2 non paged to CPU2 paging sec.
2553 if (!image->fw_sect[i].data ||
2554 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2555 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2556 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2557 "Break since Data not valid or Empty section, sec = %d\n",
2562 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]);
2567 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
2568 iwm_set_bits_prph(sc,
2569 IWM_CSR_UCODE_LOAD_STATUS_ADDR,
2570 (IWM_LMPM_CPU_UCODE_LOADING_COMPLETED |
2571 IWM_LMPM_CPU_HDRS_LOADING_COMPLETED |
2572 IWM_LMPM_CPU_UCODE_LOADING_STARTED) <<
2575 *first_ucode_section = last_read_idx;
2582 iwm_pcie_load_given_ucode(struct iwm_softc *sc,
2583 const struct iwm_fw_sects *image)
2586 int first_ucode_section;
2588 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2589 image->is_dual_cpus ? "Dual" : "Single");
2591 /* load to FW the binary non secured sections of CPU1 */
2592 ret = iwm_pcie_load_cpu_sections(sc, image, 1, &first_ucode_section);
2596 if (image->is_dual_cpus) {
2597 /* set CPU2 header address */
2598 if (iwm_nic_lock(sc)) {
2600 IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR,
2601 IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE);
2605 /* load to FW the binary sections of CPU2 */
2606 ret = iwm_pcie_load_cpu_sections(sc, image, 2,
2607 &first_ucode_section);
2612 iwm_enable_interrupts(sc);
2614 /* release CPU reset */
2615 IWM_WRITE(sc, IWM_CSR_RESET, 0);
2621 iwm_pcie_load_given_ucode_8000(struct iwm_softc *sc,
2622 const struct iwm_fw_sects *image)
2625 int first_ucode_section;
2627 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2628 image->is_dual_cpus ? "Dual" : "Single");
2630 /* configure the ucode to be ready to get the secured image */
2631 /* release CPU reset */
2632 if (iwm_nic_lock(sc)) {
2633 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET,
2634 IWM_RELEASE_CPU_RESET_BIT);
2638 /* load to FW the binary Secured sections of CPU1 */
2639 ret = iwm_pcie_load_cpu_sections_8000(sc, image, 1,
2640 &first_ucode_section);
2644 /* load to FW the binary sections of CPU2 */
2645 return iwm_pcie_load_cpu_sections_8000(sc, image, 2,
2646 &first_ucode_section);
2649 /* XXX Get rid of this definition */
2651 iwm_enable_fw_load_int(struct iwm_softc *sc)
2653 IWM_DPRINTF(sc, IWM_DEBUG_INTR, "Enabling FW load interrupt\n");
2654 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX;
2655 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
2658 /* XXX Add proper rfkill support code */
2660 iwm_start_fw(struct iwm_softc *sc,
2661 const struct iwm_fw_sects *fw)
2665 /* This may fail if AMT took ownership of the device */
2666 if (iwm_prepare_card_hw(sc)) {
2667 device_printf(sc->sc_dev,
2668 "%s: Exit HW not ready\n", __func__);
2673 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2675 iwm_disable_interrupts(sc);
2677 /* make sure rfkill handshake bits are cleared */
2678 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2679 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
2680 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
2682 /* clear (again), then enable host interrupts */
2683 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2685 ret = iwm_nic_init(sc);
2687 device_printf(sc->sc_dev, "%s: Unable to init nic\n", __func__);
2692 * Now, we load the firmware and don't want to be interrupted, even
2693 * by the RF-Kill interrupt (hence mask all the interrupt besides the
2694 * FH_TX interrupt which is needed to load the firmware). If the
2695 * RF-Kill switch is toggled, we will find out after having loaded
2696 * the firmware and return the proper value to the caller.
2698 iwm_enable_fw_load_int(sc);
2700 /* really make sure rfkill handshake bits are cleared */
2701 /* maybe we should write a few times more? just to make sure */
2702 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2703 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2705 /* Load the given image to the HW */
2706 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
2707 ret = iwm_pcie_load_given_ucode_8000(sc, fw);
2709 ret = iwm_pcie_load_given_ucode(sc, fw);
2711 /* XXX re-check RF-Kill state */
2718 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2720 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2721 .valid = htole32(valid_tx_ant),
2724 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2725 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2728 /* iwlwifi: mvm/fw.c */
2730 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2732 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2733 enum iwm_ucode_type ucode_type = sc->cur_ucode;
2735 /* Set parameters */
2736 phy_cfg_cmd.phy_cfg = htole32(iwm_mvm_get_phy_config(sc));
2737 phy_cfg_cmd.calib_control.event_trigger =
2738 sc->sc_default_calib[ucode_type].event_trigger;
2739 phy_cfg_cmd.calib_control.flow_trigger =
2740 sc->sc_default_calib[ucode_type].flow_trigger;
2742 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2743 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2744 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2745 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2749 iwm_alive_fn(struct iwm_softc *sc, struct iwm_rx_packet *pkt, void *data)
2751 struct iwm_mvm_alive_data *alive_data = data;
2752 struct iwm_mvm_alive_resp_ver1 *palive1;
2753 struct iwm_mvm_alive_resp_ver2 *palive2;
2754 struct iwm_mvm_alive_resp *palive;
2756 if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive1)) {
2757 palive1 = (void *)pkt->data;
2759 sc->support_umac_log = FALSE;
2760 sc->error_event_table =
2761 le32toh(palive1->error_event_table_ptr);
2762 sc->log_event_table =
2763 le32toh(palive1->log_event_table_ptr);
2764 alive_data->scd_base_addr = le32toh(palive1->scd_base_ptr);
2766 alive_data->valid = le16toh(palive1->status) ==
2767 IWM_ALIVE_STATUS_OK;
2768 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2769 "Alive VER1 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2770 le16toh(palive1->status), palive1->ver_type,
2771 palive1->ver_subtype, palive1->flags);
2772 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive2)) {
2773 palive2 = (void *)pkt->data;
2774 sc->error_event_table =
2775 le32toh(palive2->error_event_table_ptr);
2776 sc->log_event_table =
2777 le32toh(palive2->log_event_table_ptr);
2778 alive_data->scd_base_addr = le32toh(palive2->scd_base_ptr);
2779 sc->umac_error_event_table =
2780 le32toh(palive2->error_info_addr);
2782 alive_data->valid = le16toh(palive2->status) ==
2783 IWM_ALIVE_STATUS_OK;
2784 if (sc->umac_error_event_table)
2785 sc->support_umac_log = TRUE;
2787 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2788 "Alive VER2 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2789 le16toh(palive2->status), palive2->ver_type,
2790 palive2->ver_subtype, palive2->flags);
2792 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2793 "UMAC version: Major - 0x%x, Minor - 0x%x\n",
2794 palive2->umac_major, palive2->umac_minor);
2795 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive)) {
2796 palive = (void *)pkt->data;
2798 sc->error_event_table =
2799 le32toh(palive->error_event_table_ptr);
2800 sc->log_event_table =
2801 le32toh(palive->log_event_table_ptr);
2802 alive_data->scd_base_addr = le32toh(palive->scd_base_ptr);
2803 sc->umac_error_event_table =
2804 le32toh(palive->error_info_addr);
2806 alive_data->valid = le16toh(palive->status) ==
2807 IWM_ALIVE_STATUS_OK;
2808 if (sc->umac_error_event_table)
2809 sc->support_umac_log = TRUE;
2811 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2812 "Alive VER3 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2813 le16toh(palive->status), palive->ver_type,
2814 palive->ver_subtype, palive->flags);
2816 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2817 "UMAC version: Major - 0x%x, Minor - 0x%x\n",
2818 le32toh(palive->umac_major),
2819 le32toh(palive->umac_minor));
2826 iwm_wait_phy_db_entry(struct iwm_softc *sc,
2827 struct iwm_rx_packet *pkt, void *data)
2829 struct iwm_phy_db *phy_db = data;
2831 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) {
2832 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) {
2833 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n",
2834 __func__, pkt->hdr.code);
2839 if (iwm_phy_db_set_section(phy_db, pkt)) {
2840 device_printf(sc->sc_dev,
2841 "%s: iwm_phy_db_set_section failed\n", __func__);
2848 iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc,
2849 enum iwm_ucode_type ucode_type)
2851 struct iwm_notification_wait alive_wait;
2852 struct iwm_mvm_alive_data alive_data;
2853 const struct iwm_fw_sects *fw;
2854 enum iwm_ucode_type old_type = sc->cur_ucode;
2856 static const uint16_t alive_cmd[] = { IWM_MVM_ALIVE };
2858 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) {
2859 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n",
2863 fw = &sc->sc_fw.fw_sects[ucode_type];
2864 sc->cur_ucode = ucode_type;
2865 sc->ucode_loaded = FALSE;
2867 memset(&alive_data, 0, sizeof(alive_data));
2868 iwm_init_notification_wait(sc->sc_notif_wait, &alive_wait,
2869 alive_cmd, nitems(alive_cmd),
2870 iwm_alive_fn, &alive_data);
2872 error = iwm_start_fw(sc, fw);
2874 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error);
2875 sc->cur_ucode = old_type;
2876 iwm_remove_notification(sc->sc_notif_wait, &alive_wait);
2881 * Some things may run in the background now, but we
2882 * just wait for the ALIVE notification here.
2885 error = iwm_wait_notification(sc->sc_notif_wait, &alive_wait,
2886 IWM_MVM_UCODE_ALIVE_TIMEOUT);
2889 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
2890 uint32_t a = 0x5a5a5a5a, b = 0x5a5a5a5a;
2891 if (iwm_nic_lock(sc)) {
2892 a = iwm_read_prph(sc, IWM_SB_CPU_1_STATUS);
2893 b = iwm_read_prph(sc, IWM_SB_CPU_2_STATUS);
2896 device_printf(sc->sc_dev,
2897 "SecBoot CPU1 Status: 0x%x, CPU2 Status: 0x%x\n",
2900 sc->cur_ucode = old_type;
2904 if (!alive_data.valid) {
2905 device_printf(sc->sc_dev, "%s: Loaded ucode is not valid\n",
2907 sc->cur_ucode = old_type;
2911 iwm_trans_pcie_fw_alive(sc, alive_data.scd_base_addr);
2914 * configure and operate fw paging mechanism.
2915 * driver configures the paging flow only once, CPU2 paging image
2916 * included in the IWM_UCODE_INIT image.
2918 if (fw->paging_mem_size) {
2919 error = iwm_save_fw_paging(sc, fw);
2921 device_printf(sc->sc_dev,
2922 "%s: failed to save the FW paging image\n",
2927 error = iwm_send_paging_cmd(sc, fw);
2929 device_printf(sc->sc_dev,
2930 "%s: failed to send the paging cmd\n", __func__);
2931 iwm_free_fw_paging(sc);
2937 sc->ucode_loaded = TRUE;
2946 * follows iwlwifi/fw.c
2949 iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm)
2951 struct iwm_notification_wait calib_wait;
2952 static const uint16_t init_complete[] = {
2953 IWM_INIT_COMPLETE_NOTIF,
2954 IWM_CALIB_RES_NOTIF_PHY_DB
2958 /* do not operate with rfkill switch turned on */
2959 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2960 device_printf(sc->sc_dev,
2961 "radio is disabled by hardware switch\n");
2965 iwm_init_notification_wait(sc->sc_notif_wait,
2968 nitems(init_complete),
2969 iwm_wait_phy_db_entry,
2972 /* Will also start the device */
2973 ret = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_INIT);
2975 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n",
2982 ret = iwm_nvm_init(sc);
2984 device_printf(sc->sc_dev, "failed to read nvm\n");
2987 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr);
2991 ret = iwm_send_bt_init_conf(sc);
2993 device_printf(sc->sc_dev,
2994 "failed to send bt coex configuration: %d\n", ret);
2998 /* Init Smart FIFO. */
2999 ret = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF);
3003 /* Send TX valid antennas before triggering calibrations */
3004 ret = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc));
3006 device_printf(sc->sc_dev,
3007 "failed to send antennas before calibration: %d\n", ret);
3012 * Send phy configurations command to init uCode
3013 * to start the 16.0 uCode init image internal calibrations.
3015 ret = iwm_send_phy_cfg_cmd(sc);
3017 device_printf(sc->sc_dev,
3018 "%s: Failed to run INIT calibrations: %d\n",
3024 * Nothing to do but wait for the init complete notification
3025 * from the firmware.
3028 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait,
3029 IWM_MVM_UCODE_CALIB_TIMEOUT);
3036 iwm_remove_notification(sc->sc_notif_wait, &calib_wait);
3045 /* (re)stock rx ring, called at init-time and at runtime */
3047 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
3049 struct iwm_rx_ring *ring = &sc->rxq;
3050 struct iwm_rx_data *data = &ring->data[idx];
3052 bus_dmamap_t dmamap;
3053 bus_dma_segment_t seg;
3056 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
3060 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
3061 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m,
3062 &seg, &nsegs, BUS_DMA_NOWAIT);
3064 device_printf(sc->sc_dev,
3065 "%s: can't map mbuf, error %d\n", __func__, error);
3070 if (data->m != NULL)
3071 bus_dmamap_unload(ring->data_dmat, data->map);
3073 /* Swap ring->spare_map with data->map */
3075 data->map = ring->spare_map;
3076 ring->spare_map = dmamap;
3078 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
3081 /* Update RX descriptor. */
3082 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned"));
3083 ring->desc[idx] = htole32(seg.ds_addr >> 8);
3084 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3085 BUS_DMASYNC_PREWRITE);
3090 /* iwlwifi: mvm/rx.c */
3092 * iwm_mvm_get_signal_strength - use new rx PHY INFO API
3093 * values are reported by the fw as positive values - need to negate
3094 * to obtain their dBM. Account for missing antennas by replacing 0
3095 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
3098 iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
3100 int energy_a, energy_b, energy_c, max_energy;
3103 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
3104 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
3105 IWM_RX_INFO_ENERGY_ANT_A_POS;
3106 energy_a = energy_a ? -energy_a : -256;
3107 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
3108 IWM_RX_INFO_ENERGY_ANT_B_POS;
3109 energy_b = energy_b ? -energy_b : -256;
3110 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
3111 IWM_RX_INFO_ENERGY_ANT_C_POS;
3112 energy_c = energy_c ? -energy_c : -256;
3113 max_energy = MAX(energy_a, energy_b);
3114 max_energy = MAX(max_energy, energy_c);
3116 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3117 "energy In A %d B %d C %d , and max %d\n",
3118 energy_a, energy_b, energy_c, max_energy);
3124 iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc,
3125 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
3127 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
3129 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
3130 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3132 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
3136 * Retrieve the average noise (in dBm) among receivers.
3139 iwm_get_noise(struct iwm_softc *sc,
3140 const struct iwm_mvm_statistics_rx_non_phy *stats)
3142 int i, total, nbant, noise;
3144 total = nbant = noise = 0;
3145 for (i = 0; i < 3; i++) {
3146 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
3147 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n",
3158 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n",
3159 __func__, nbant, total);
3161 /* There should be at least one antenna but check anyway. */
3162 return (nbant == 0) ? -127 : (total / nbant) - 107;
3164 /* For now, just hard-code it to -96 to be safe */
3170 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
3172 * Handles the actual data of the Rx packet from the fw
3175 iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, struct mbuf *m)
3177 struct ieee80211com *ic = &sc->sc_ic;
3178 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3179 struct ieee80211_frame *wh;
3180 struct ieee80211_node *ni;
3181 struct ieee80211_rx_stats rxs;
3182 struct iwm_rx_phy_info *phy_info;
3183 struct iwm_rx_mpdu_res_start *rx_res;
3184 struct iwm_rx_packet *pkt = mtod(m, struct iwm_rx_packet *);
3186 uint32_t rx_pkt_status;
3189 phy_info = &sc->sc_last_phy_info;
3190 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
3191 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
3192 len = le16toh(rx_res->byte_count);
3193 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
3195 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
3196 device_printf(sc->sc_dev,
3197 "dsp size out of range [0,20]: %d\n",
3198 phy_info->cfg_phy_cnt);
3202 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
3203 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
3204 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3205 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
3209 rssi = iwm_mvm_get_signal_strength(sc, phy_info);
3211 /* Map it to relative value */
3212 rssi = rssi - sc->sc_noise;
3214 /* replenish ring for the buffer we're going to feed to the sharks */
3215 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
3216 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
3221 m->m_data = pkt->data + sizeof(*rx_res);
3222 m->m_pkthdr.len = m->m_len = len;
3224 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3225 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise);
3227 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
3229 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3230 "%s: phy_info: channel=%d, flags=0x%08x\n",
3232 le16toh(phy_info->channel),
3233 le16toh(phy_info->phy_flags));
3236 * Populate an RX state struct with the provided information.
3238 bzero(&rxs, sizeof(rxs));
3239 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
3240 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
3241 rxs.c_ieee = le16toh(phy_info->channel);
3242 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
3243 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
3245 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
3248 /* rssi is in 1/2db units */
3249 rxs.c_rssi = rssi * 2;
3250 rxs.c_nf = sc->sc_noise;
3251 if (ieee80211_add_rx_params(m, &rxs) == 0) {
3253 ieee80211_free_node(ni);
3257 if (ieee80211_radiotap_active_vap(vap)) {
3258 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
3261 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
3262 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3263 tap->wr_chan_freq = htole16(rxs.c_freq);
3264 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
3265 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
3266 tap->wr_dbm_antsignal = (int8_t)rssi;
3267 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
3268 tap->wr_tsft = phy_info->system_timestamp;
3269 switch (phy_info->rate) {
3271 case 10: tap->wr_rate = 2; break;
3272 case 20: tap->wr_rate = 4; break;
3273 case 55: tap->wr_rate = 11; break;
3274 case 110: tap->wr_rate = 22; break;
3276 case 0xd: tap->wr_rate = 12; break;
3277 case 0xf: tap->wr_rate = 18; break;
3278 case 0x5: tap->wr_rate = 24; break;
3279 case 0x7: tap->wr_rate = 36; break;
3280 case 0x9: tap->wr_rate = 48; break;
3281 case 0xb: tap->wr_rate = 72; break;
3282 case 0x1: tap->wr_rate = 96; break;
3283 case 0x3: tap->wr_rate = 108; break;
3284 /* Unknown rate: should not happen. */
3285 default: tap->wr_rate = 0;
3291 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
3292 ieee80211_input_mimo(ni, m);
3293 ieee80211_free_node(ni);
3295 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
3296 ieee80211_input_mimo_all(ic, m);
3303 counter_u64_add(ic->ic_ierrors, 1);
3307 iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
3308 struct iwm_node *in)
3310 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data;
3311 struct ieee80211_ratectl_tx_status *txs = &sc->sc_txs;
3312 struct ieee80211_node *ni = &in->in_ni;
3313 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
3315 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
3317 /* Update rate control statistics. */
3318 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n",
3320 (int) le16toh(tx_resp->status.status),
3321 (int) le16toh(tx_resp->status.sequence),
3322 tx_resp->frame_count,
3323 tx_resp->bt_kill_count,
3324 tx_resp->failure_rts,
3325 tx_resp->failure_frame,
3326 le32toh(tx_resp->initial_rate),
3327 (int) le16toh(tx_resp->wireless_media_time));
3329 txs->flags = IEEE80211_RATECTL_STATUS_SHORT_RETRY |
3330 IEEE80211_RATECTL_STATUS_LONG_RETRY;
3331 txs->short_retries = tx_resp->failure_rts;
3332 txs->long_retries = tx_resp->failure_frame;
3333 if (status != IWM_TX_STATUS_SUCCESS &&
3334 status != IWM_TX_STATUS_DIRECT_DONE) {
3336 case IWM_TX_STATUS_FAIL_SHORT_LIMIT:
3337 txs->status = IEEE80211_RATECTL_TX_FAIL_SHORT;
3339 case IWM_TX_STATUS_FAIL_LONG_LIMIT:
3340 txs->status = IEEE80211_RATECTL_TX_FAIL_LONG;
3342 case IWM_TX_STATUS_FAIL_LIFE_EXPIRE:
3343 txs->status = IEEE80211_RATECTL_TX_FAIL_EXPIRED;
3346 txs->status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED;
3350 txs->status = IEEE80211_RATECTL_TX_SUCCESS;
3352 ieee80211_ratectl_tx_complete(ni, txs);
3354 return (txs->status != IEEE80211_RATECTL_TX_SUCCESS);
3358 iwm_mvm_rx_tx_cmd(struct iwm_softc *sc,
3359 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
3361 struct iwm_cmd_header *cmd_hdr = &pkt->hdr;
3362 int idx = cmd_hdr->idx;
3363 int qid = cmd_hdr->qid;
3364 struct iwm_tx_ring *ring = &sc->txq[qid];
3365 struct iwm_tx_data *txd = &ring->data[idx];
3366 struct iwm_node *in = txd->in;
3367 struct mbuf *m = txd->m;
3370 KASSERT(txd->done == 0, ("txd not done"));
3371 KASSERT(txd->in != NULL, ("txd without node"));
3372 KASSERT(txd->m != NULL, ("txd without mbuf"));
3374 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3376 sc->sc_tx_timer = 0;
3378 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in);
3380 /* Unmap and free mbuf. */
3381 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
3382 bus_dmamap_unload(ring->data_dmat, txd->map);
3384 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3385 "free txd %p, in %p\n", txd, txd->in);
3390 ieee80211_tx_complete(&in->in_ni, m, status);
3392 if (--ring->queued < IWM_TX_RING_LOMARK) {
3393 sc->qfullmsk &= ~(1 << ring->qid);
3394 if (sc->qfullmsk == 0) {
3405 * Process a "command done" firmware notification. This is where we wakeup
3406 * processes waiting for a synchronous command completion.
3410 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3412 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE];
3413 struct iwm_tx_data *data;
3415 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) {
3416 return; /* Not a command ack. */
3419 /* XXX wide commands? */
3420 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
3421 "cmd notification type 0x%x qid %d idx %d\n",
3422 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx);
3424 data = &ring->data[pkt->hdr.idx];
3426 /* If the command was mapped in an mbuf, free it. */
3427 if (data->m != NULL) {
3428 bus_dmamap_sync(ring->data_dmat, data->map,
3429 BUS_DMASYNC_POSTWRITE);
3430 bus_dmamap_unload(ring->data_dmat, data->map);
3434 wakeup(&ring->desc[pkt->hdr.idx]);
3436 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) {
3437 device_printf(sc->sc_dev,
3438 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n",
3439 __func__, pkt->hdr.idx, ring->queued, ring->cur);
3440 /* XXX call iwm_force_nmi() */
3443 KASSERT(ring->queued > 0, ("ring->queued is empty?"));
3445 if (ring->queued == 0)
3446 iwm_pcie_clear_cmd_in_flight(sc);
3451 * necessary only for block ack mode
3454 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
3457 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
3460 scd_bc_tbl = sc->sched_dma.vaddr;
3462 len += 8; /* magic numbers came naturally from paris */
3463 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE)
3464 len = roundup(len, 4) / 4;
3466 w_val = htole16(sta_id << 12 | len);
3468 /* Update TX scheduler. */
3469 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
3470 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3471 BUS_DMASYNC_PREWRITE);
3473 /* I really wonder what this is ?!? */
3474 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
3475 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
3476 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3477 BUS_DMASYNC_PREWRITE);
3483 * Take an 802.11 (non-n) rate, find the relevant rate
3484 * table entry. return the index into in_ridx[].
3486 * The caller then uses that index back into in_ridx
3487 * to figure out the rate index programmed /into/
3488 * the firmware for this given node.
3491 iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in,
3497 for (i = 0; i < nitems(in->in_ridx); i++) {
3498 r = iwm_rates[in->in_ridx[i]].rate;
3503 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3504 "%s: couldn't find an entry for rate=%d\n",
3508 /* XXX Return the first */
3509 /* XXX TODO: have it return the /lowest/ */
3514 iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate)
3518 for (i = 0; i < nitems(iwm_rates); i++) {
3519 if (iwm_rates[i].rate == rate)
3523 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3524 "%s: couldn't find an entry for rate=%d\n",
3531 * Fill in the rate related information for a transmit command.
3533 static const struct iwm_rate *
3534 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
3535 struct mbuf *m, struct iwm_tx_cmd *tx)
3537 struct ieee80211_node *ni = &in->in_ni;
3538 struct ieee80211_frame *wh;
3539 const struct ieee80211_txparam *tp = ni->ni_txparms;
3540 const struct iwm_rate *rinfo;
3542 int ridx, rate_flags;
3544 wh = mtod(m, struct ieee80211_frame *);
3545 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3547 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
3548 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
3550 if (type == IEEE80211_FC0_TYPE_MGT ||
3551 type == IEEE80211_FC0_TYPE_CTL ||
3552 (m->m_flags & M_EAPOL) != 0) {
3553 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate);
3554 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3555 "%s: MGT (%d)\n", __func__, tp->mgmtrate);
3556 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3557 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate);
3558 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3559 "%s: MCAST (%d)\n", __func__, tp->mcastrate);
3560 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
3561 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate);
3562 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3563 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate);
3567 /* for data frames, use RS table */
3568 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__);
3569 /* XXX pass pktlen */
3570 (void) ieee80211_ratectl_rate(ni, NULL, 0);
3571 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate);
3572 ridx = in->in_ridx[i];
3574 /* This is the index into the programmed table */
3575 tx->initial_rate_index = i;
3576 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
3578 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3579 "%s: start with i=%d, txrate %d\n",
3580 __func__, i, iwm_rates[ridx].rate);
3583 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3584 "%s: frame type=%d txrate %d\n",
3585 __func__, type, iwm_rates[ridx].rate);
3587 rinfo = &iwm_rates[ridx];
3589 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
3592 !! (IWM_RIDX_IS_CCK(ridx))
3595 /* XXX TODO: hard-coded TX antenna? */
3596 rate_flags = 1 << IWM_RATE_MCS_ANT_POS;
3597 if (IWM_RIDX_IS_CCK(ridx))
3598 rate_flags |= IWM_RATE_MCS_CCK_MSK;
3599 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
3606 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
3608 struct ieee80211com *ic = &sc->sc_ic;
3609 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3610 struct iwm_node *in = IWM_NODE(ni);
3611 struct iwm_tx_ring *ring;
3612 struct iwm_tx_data *data;
3613 struct iwm_tfd *desc;
3614 struct iwm_device_cmd *cmd;
3615 struct iwm_tx_cmd *tx;
3616 struct ieee80211_frame *wh;
3617 struct ieee80211_key *k = NULL;
3619 const struct iwm_rate *rinfo;
3622 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
3625 int i, totlen, error, pad;
3627 wh = mtod(m, struct ieee80211_frame *);
3628 hdrlen = ieee80211_anyhdrsize(wh);
3629 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3631 ring = &sc->txq[ac];
3632 desc = &ring->desc[ring->cur];
3633 memset(desc, 0, sizeof(*desc));
3634 data = &ring->data[ring->cur];
3636 /* Fill out iwm_tx_cmd to send to the firmware */
3637 cmd = &ring->cmd[ring->cur];
3638 cmd->hdr.code = IWM_TX_CMD;
3640 cmd->hdr.qid = ring->qid;
3641 cmd->hdr.idx = ring->cur;
3643 tx = (void *)cmd->data;
3644 memset(tx, 0, sizeof(*tx));
3646 rinfo = iwm_tx_fill_cmd(sc, in, m, tx);
3648 /* Encrypt the frame if need be. */
3649 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
3650 /* Retrieve key for TX && do software encryption. */
3651 k = ieee80211_crypto_encap(ni, m);
3656 /* 802.11 header may have moved. */
3657 wh = mtod(m, struct ieee80211_frame *);
3660 if (ieee80211_radiotap_active_vap(vap)) {
3661 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
3664 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
3665 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
3666 tap->wt_rate = rinfo->rate;
3668 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
3669 ieee80211_radiotap_tx(vap, m);
3673 totlen = m->m_pkthdr.len;
3676 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3677 flags |= IWM_TX_CMD_FLG_ACK;
3680 if (type == IEEE80211_FC0_TYPE_DATA
3681 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold)
3682 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3683 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
3686 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3687 type != IEEE80211_FC0_TYPE_DATA)
3688 tx->sta_id = sc->sc_aux_sta.sta_id;
3690 tx->sta_id = IWM_STATION_ID;
3692 if (type == IEEE80211_FC0_TYPE_MGT) {
3693 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3695 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3696 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
3697 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC);
3698 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) {
3699 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3701 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT);
3704 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3708 /* First segment length must be a multiple of 4. */
3709 flags |= IWM_TX_CMD_FLG_MH_PAD;
3710 pad = 4 - (hdrlen & 3);
3714 tx->driver_txop = 0;
3715 tx->next_frame_len = 0;
3717 tx->len = htole16(totlen);
3718 tx->tid_tspec = tid;
3719 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
3721 /* Set physical address of "scratch area". */
3722 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
3723 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
3725 /* Copy 802.11 header in TX command. */
3726 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen);
3728 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
3731 tx->tx_flags |= htole32(flags);
3733 /* Trim 802.11 header. */
3735 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3736 segs, &nsegs, BUS_DMA_NOWAIT);
3738 if (error != EFBIG) {
3739 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3744 /* Too many DMA segments, linearize mbuf. */
3745 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2);
3747 device_printf(sc->sc_dev,
3748 "%s: could not defrag mbuf\n", __func__);
3754 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3755 segs, &nsegs, BUS_DMA_NOWAIT);
3757 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3767 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3768 "sending txd %p, in %p\n", data, data->in);
3769 KASSERT(data->in != NULL, ("node is NULL"));
3771 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3772 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n",
3773 ring->qid, ring->cur, totlen, nsegs,
3774 le32toh(tx->tx_flags),
3775 le32toh(tx->rate_n_flags),
3776 tx->initial_rate_index
3779 /* Fill TX descriptor. */
3780 desc->num_tbs = 2 + nsegs;
3782 desc->tbs[0].lo = htole32(data->cmd_paddr);
3783 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3785 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
3786 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3787 ((sizeof(struct iwm_cmd_header) + sizeof(*tx)
3788 + hdrlen + pad - TB0_SIZE) << 4);
3790 /* Other DMA segments are for data payload. */
3791 for (i = 0; i < nsegs; i++) {
3793 desc->tbs[i+2].lo = htole32(seg->ds_addr);
3794 desc->tbs[i+2].hi_n_len = \
3795 htole16(iwm_get_dma_hi_addr(seg->ds_addr))
3796 | ((seg->ds_len) << 4);
3799 bus_dmamap_sync(ring->data_dmat, data->map,
3800 BUS_DMASYNC_PREWRITE);
3801 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
3802 BUS_DMASYNC_PREWRITE);
3803 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3804 BUS_DMASYNC_PREWRITE);
3807 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
3811 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
3812 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3814 /* Mark TX ring as full if we reach a certain threshold. */
3815 if (++ring->queued > IWM_TX_RING_HIMARK) {
3816 sc->qfullmsk |= 1 << ring->qid;
3823 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3824 const struct ieee80211_bpf_params *params)
3826 struct ieee80211com *ic = ni->ni_ic;
3827 struct iwm_softc *sc = ic->ic_softc;
3830 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3831 "->%s begin\n", __func__);
3833 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
3835 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3836 "<-%s not RUNNING\n", __func__);
3842 if (params == NULL) {
3843 error = iwm_tx(sc, m, ni, 0);
3845 error = iwm_tx(sc, m, ni, 0);
3847 sc->sc_tx_timer = 5;
3858 * Note that there are transports that buffer frames before they reach
3859 * the firmware. This means that after flush_tx_path is called, the
3860 * queue might not be empty. The race-free way to handle this is to:
3861 * 1) set the station as draining
3862 * 2) flush the Tx path
3863 * 3) wait for the transport queues to be empty
3866 iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags)
3869 struct iwm_tx_path_flush_cmd flush_cmd = {
3870 .queues_ctl = htole32(tfd_msk),
3871 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
3874 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags,
3875 sizeof(flush_cmd), &flush_cmd);
3877 device_printf(sc->sc_dev,
3878 "Flushing tx queue failed: %d\n", ret);
3887 iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc,
3888 struct iwm_mvm_add_sta_cmd *cmd, int *status)
3890 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(*cmd),
3894 /* send station add/update command to firmware */
3896 iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update)
3898 struct iwm_mvm_add_sta_cmd add_sta_cmd;
3902 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd));
3904 add_sta_cmd.sta_id = IWM_STATION_ID;
3905 add_sta_cmd.mac_id_n_color
3906 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID,
3907 IWM_DEFAULT_COLOR));
3910 for (ac = 0; ac < WME_NUM_AC; ac++) {
3911 add_sta_cmd.tfd_queue_msk |=
3912 htole32(1 << iwm_mvm_ac_to_tx_fifo[ac]);
3914 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid);
3916 add_sta_cmd.add_modify = update ? 1 : 0;
3917 add_sta_cmd.station_flags_msk
3918 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK);
3919 add_sta_cmd.tid_disable_tx = htole16(0xffff);
3921 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX);
3923 status = IWM_ADD_STA_SUCCESS;
3924 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status);
3929 case IWM_ADD_STA_SUCCESS:
3933 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n");
3941 iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in)
3943 return iwm_mvm_sta_send_to_fw(sc, in, 0);
3947 iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in)
3949 return iwm_mvm_sta_send_to_fw(sc, in, 1);
3953 iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta,
3954 const uint8_t *addr, uint16_t mac_id, uint16_t color)
3956 struct iwm_mvm_add_sta_cmd cmd;
3960 memset(&cmd, 0, sizeof(cmd));
3961 cmd.sta_id = sta->sta_id;
3962 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color));
3964 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk);
3965 cmd.tid_disable_tx = htole16(0xffff);
3968 IEEE80211_ADDR_COPY(cmd.addr, addr);
3970 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status);
3975 case IWM_ADD_STA_SUCCESS:
3976 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
3977 "%s: Internal station added.\n", __func__);
3980 device_printf(sc->sc_dev,
3981 "%s: Add internal station failed, status=0x%x\n",
3990 iwm_mvm_add_aux_sta(struct iwm_softc *sc)
3994 sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID;
3995 sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_MVM_AUX_QUEUE);
3997 ret = iwm_enable_txq(sc, 0, IWM_MVM_AUX_QUEUE, IWM_MVM_TX_FIFO_MCAST);
4001 ret = iwm_mvm_add_int_sta_common(sc,
4002 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0);
4005 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta));
4018 iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_vap *ivp)
4020 struct iwm_time_quota_cmd cmd;
4021 int i, idx, ret, num_active_macs, quota, quota_rem;
4022 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
4023 int n_ifs[IWM_MAX_BINDINGS] = {0, };
4026 memset(&cmd, 0, sizeof(cmd));
4028 /* currently, PHY ID == binding ID */
4030 id = ivp->phy_ctxt->id;
4031 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
4032 colors[id] = ivp->phy_ctxt->color;
4039 * The FW's scheduling session consists of
4040 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments
4041 * equally between all the bindings that require quota
4043 num_active_macs = 0;
4044 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
4045 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
4046 num_active_macs += n_ifs[i];
4051 if (num_active_macs) {
4052 quota = IWM_MVM_MAX_QUOTA / num_active_macs;
4053 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs;
4056 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
4060 cmd.quotas[idx].id_and_color =
4061 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
4063 if (n_ifs[i] <= 0) {
4064 cmd.quotas[idx].quota = htole32(0);
4065 cmd.quotas[idx].max_duration = htole32(0);
4067 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
4068 cmd.quotas[idx].max_duration = htole32(0);
4073 /* Give the remainder of the session to the first binding */
4074 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
4076 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
4079 device_printf(sc->sc_dev,
4080 "%s: Failed to send quota: %d\n", __func__, ret);
4089 * ieee80211 routines
4093 * Change to AUTH state in 80211 state machine. Roughly matches what
4094 * Linux does in bss_info_changed().
4097 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
4099 struct ieee80211_node *ni;
4100 struct iwm_node *in;
4101 struct iwm_vap *iv = IWM_VAP(vap);
4106 * XXX i have a feeling that the vap node is being
4107 * freed from underneath us. Grr.
4109 ni = ieee80211_ref_node(vap->iv_bss);
4111 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
4112 "%s: called; vap=%p, bss ni=%p\n",
4119 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON);
4123 error = iwm_allow_mcast(vap, sc);
4125 device_printf(sc->sc_dev,
4126 "%s: failed to set multicast\n", __func__);
4131 * This is where it deviates from what Linux does.
4133 * Linux iwlwifi doesn't reset the nic each time, nor does it
4134 * call ctxt_add() here. Instead, it adds it during vap creation,
4135 * and always does a mac_ctx_changed().
4137 * The openbsd port doesn't attempt to do that - it reset things
4138 * at odd states and does the add here.
4140 * So, until the state handling is fixed (ie, we never reset
4141 * the NIC except for a firmware failure, which should drag
4142 * the NIC back to IDLE, re-setup and re-add all the mac/phy
4143 * contexts that are required), let's do a dirty hack here.
4145 if (iv->is_uploaded) {
4146 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
4147 device_printf(sc->sc_dev,
4148 "%s: failed to update MAC\n", __func__);
4151 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
4152 in->in_ni.ni_chan, 1, 1)) != 0) {
4153 device_printf(sc->sc_dev,
4154 "%s: failed update phy ctxt\n", __func__);
4157 iv->phy_ctxt = &sc->sc_phyctxt[0];
4159 if ((error = iwm_mvm_binding_add_vif(sc, iv)) != 0) {
4160 device_printf(sc->sc_dev,
4161 "%s: binding update cmd\n", __func__);
4164 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
4165 device_printf(sc->sc_dev,
4166 "%s: failed to update sta\n", __func__);
4170 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) {
4171 device_printf(sc->sc_dev,
4172 "%s: failed to add MAC\n", __func__);
4175 if ((error = iwm_mvm_power_update_mac(sc)) != 0) {
4176 device_printf(sc->sc_dev,
4177 "%s: failed to update power management\n",
4181 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
4182 in->in_ni.ni_chan, 1, 1)) != 0) {
4183 device_printf(sc->sc_dev,
4184 "%s: failed add phy ctxt!\n", __func__);
4188 iv->phy_ctxt = &sc->sc_phyctxt[0];
4190 if ((error = iwm_mvm_binding_add_vif(sc, iv)) != 0) {
4191 device_printf(sc->sc_dev,
4192 "%s: binding add cmd\n", __func__);
4195 if ((error = iwm_mvm_add_sta(sc, in)) != 0) {
4196 device_printf(sc->sc_dev,
4197 "%s: failed to add sta\n", __func__);
4203 * Prevent the FW from wandering off channel during association
4204 * by "protecting" the session with a time event.
4206 /* XXX duration is in units of TU, not MS */
4207 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS;
4208 iwm_mvm_protect_session(sc, iv, duration, 500 /* XXX magic number */);
4213 ieee80211_free_node(ni);
4218 iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc)
4220 struct iwm_node *in = IWM_NODE(vap->iv_bss);
4223 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
4224 device_printf(sc->sc_dev,
4225 "%s: failed to update STA\n", __func__);
4230 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
4231 device_printf(sc->sc_dev,
4232 "%s: failed to update MAC\n", __func__);
4240 iwm_release(struct iwm_softc *sc, struct iwm_node *in)
4245 * Ok, so *technically* the proper set of calls for going
4246 * from RUN back to SCAN is:
4248 * iwm_mvm_power_mac_disable(sc, in);
4249 * iwm_mvm_mac_ctxt_changed(sc, in);
4250 * iwm_mvm_rm_sta(sc, in);
4251 * iwm_mvm_update_quotas(sc, NULL);
4252 * iwm_mvm_mac_ctxt_changed(sc, in);
4253 * iwm_mvm_binding_remove_vif(sc, IWM_VAP(in->in_ni.ni_vap));
4254 * iwm_mvm_mac_ctxt_remove(sc, in);
4256 * However, that freezes the device not matter which permutations
4257 * and modifications are attempted. Obviously, this driver is missing
4258 * something since it works in the Linux driver, but figuring out what
4259 * is missing is a little more complicated. Now, since we're going
4260 * back to nothing anyway, we'll just do a complete device reset.
4261 * Up your's, device!
4264 * Just using 0xf for the queues mask is fine as long as we only
4265 * get here from RUN state.
4268 mbufq_drain(&sc->sc_snd);
4269 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC);
4271 * We seem to get away with just synchronously sending the
4272 * IWM_TXPATH_FLUSH command.
4274 // iwm_trans_wait_tx_queue_empty(sc, tfd_msk);
4275 iwm_stop_device(sc);
4284 iwm_mvm_power_mac_disable(sc, in);
4286 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
4287 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error);
4291 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) {
4292 device_printf(sc->sc_dev, "sta remove fail %d\n", error);
4295 error = iwm_mvm_rm_sta(sc, in);
4297 iwm_mvm_update_quotas(sc, NULL);
4298 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
4299 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error);
4302 iwm_mvm_binding_remove_vif(sc, IWM_VAP(in->in_ni.ni_vap));
4304 iwm_mvm_mac_ctxt_remove(sc, in);
4310 static struct ieee80211_node *
4311 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
4313 return malloc(sizeof (struct iwm_node), M_80211_NODE,
4318 iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx)
4323 for (i = 0; i < rs->rs_nrates; i++) {
4324 rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL);
4325 if (rval == iwm_rates[ridx].rate)
4326 return rs->rs_rates[i];
4333 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in)
4335 struct ieee80211_node *ni = &in->in_ni;
4336 struct iwm_lq_cmd *lq = &in->in_lq;
4337 int nrates = ni->ni_rates.rs_nrates;
4338 int i, ridx, tab = 0;
4341 if (nrates > nitems(lq->rs_table)) {
4342 device_printf(sc->sc_dev,
4343 "%s: node supports %d rates, driver handles "
4344 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
4348 device_printf(sc->sc_dev,
4349 "%s: node supports 0 rates, odd!\n", __func__);
4354 * XXX .. and most of iwm_node is not initialised explicitly;
4355 * it's all just 0x0 passed to the firmware.
4358 /* first figure out which rates we should support */
4359 /* XXX TODO: this isn't 11n aware /at all/ */
4360 memset(&in->in_ridx, -1, sizeof(in->in_ridx));
4361 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4362 "%s: nrates=%d\n", __func__, nrates);
4365 * Loop over nrates and populate in_ridx from the highest
4366 * rate to the lowest rate. Remember, in_ridx[] has
4367 * IEEE80211_RATE_MAXSIZE entries!
4369 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) {
4370 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL;
4372 /* Map 802.11 rate to HW rate index. */
4373 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++)
4374 if (iwm_rates[ridx].rate == rate)
4376 if (ridx > IWM_RIDX_MAX) {
4377 device_printf(sc->sc_dev,
4378 "%s: WARNING: device rate for %d not found!\n",
4381 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4382 "%s: rate: i: %d, rate=%d, ridx=%d\n",
4387 in->in_ridx[i] = ridx;
4391 /* then construct a lq_cmd based on those */
4392 memset(lq, 0, sizeof(*lq));
4393 lq->sta_id = IWM_STATION_ID;
4395 /* For HT, always enable RTS/CTS to avoid excessive retries. */
4396 if (ni->ni_flags & IEEE80211_NODE_HT)
4397 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK;
4400 * are these used? (we don't do SISO or MIMO)
4401 * need to set them to non-zero, though, or we get an error.
4403 lq->single_stream_ant_msk = 1;
4404 lq->dual_stream_ant_msk = 1;
4407 * Build the actual rate selection table.
4408 * The lowest bits are the rates. Additionally,
4409 * CCK needs bit 9 to be set. The rest of the bits
4410 * we add to the table select the tx antenna
4411 * Note that we add the rates in the highest rate first
4412 * (opposite of ni_rates).
4415 * XXX TODO: this should be looping over the min of nrates
4416 * and LQ_MAX_RETRY_NUM. Sigh.
4418 for (i = 0; i < nrates; i++) {
4423 txant = iwm_mvm_get_valid_tx_ant(sc);
4424 nextant = 1<<(ffs(txant)-1);
4427 nextant = iwm_mvm_get_valid_tx_ant(sc);
4430 * Map the rate id into a rate index into
4431 * our hardware table containing the
4432 * configuration to use for this rate.
4434 ridx = in->in_ridx[i];
4435 tab = iwm_rates[ridx].plcp;
4436 tab |= nextant << IWM_RATE_MCS_ANT_POS;
4437 if (IWM_RIDX_IS_CCK(ridx))
4438 tab |= IWM_RATE_MCS_CCK_MSK;
4439 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4440 "station rate i=%d, rate=%d, hw=%x\n",
4441 i, iwm_rates[ridx].rate, tab);
4442 lq->rs_table[i] = htole32(tab);
4444 /* then fill the rest with the lowest possible rate */
4445 for (i = nrates; i < nitems(lq->rs_table); i++) {
4446 KASSERT(tab != 0, ("invalid tab"));
4447 lq->rs_table[i] = htole32(tab);
4452 iwm_media_change(struct ifnet *ifp)
4454 struct ieee80211vap *vap = ifp->if_softc;
4455 struct ieee80211com *ic = vap->iv_ic;
4456 struct iwm_softc *sc = ic->ic_softc;
4459 error = ieee80211_media_change(ifp);
4460 if (error != ENETRESET)
4464 if (ic->ic_nrunning > 0) {
4474 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
4476 struct iwm_vap *ivp = IWM_VAP(vap);
4477 struct ieee80211com *ic = vap->iv_ic;
4478 struct iwm_softc *sc = ic->ic_softc;
4479 struct iwm_node *in;
4482 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4483 "switching state %s -> %s\n",
4484 ieee80211_state_name[vap->iv_state],
4485 ieee80211_state_name[nstate]);
4486 IEEE80211_UNLOCK(ic);
4489 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state)
4490 iwm_led_blink_stop(sc);
4492 /* disable beacon filtering if we're hopping out of RUN */
4493 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) {
4494 iwm_mvm_disable_beacon_filter(sc);
4496 if (((in = IWM_NODE(vap->iv_bss)) != NULL))
4499 if (nstate == IEEE80211_S_INIT) {
4502 error = ivp->iv_newstate(vap, nstate, arg);
4503 IEEE80211_UNLOCK(ic);
4505 iwm_release(sc, NULL);
4512 * It's impossible to directly go RUN->SCAN. If we iwm_release()
4513 * above then the card will be completely reinitialized,
4514 * so the driver must do everything necessary to bring the card
4515 * from INIT to SCAN.
4517 * Additionally, upon receiving deauth frame from AP,
4518 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH
4519 * state. This will also fail with this driver, so bring the FSM
4520 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well.
4522 * XXX TODO: fix this for FreeBSD!
4524 if (nstate == IEEE80211_S_SCAN ||
4525 nstate == IEEE80211_S_AUTH ||
4526 nstate == IEEE80211_S_ASSOC) {
4527 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4528 "Force transition to INIT; MGT=%d\n", arg);
4531 /* Always pass arg as -1 since we can't Tx right now. */
4533 * XXX arg is just ignored anyway when transitioning
4534 * to IEEE80211_S_INIT.
4536 vap->iv_newstate(vap, IEEE80211_S_INIT, -1);
4537 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4538 "Going INIT->SCAN\n");
4539 nstate = IEEE80211_S_SCAN;
4540 IEEE80211_UNLOCK(ic);
4546 case IEEE80211_S_INIT:
4549 case IEEE80211_S_AUTH:
4550 if ((error = iwm_auth(vap, sc)) != 0) {
4551 device_printf(sc->sc_dev,
4552 "%s: could not move to auth state: %d\n",
4558 case IEEE80211_S_ASSOC:
4560 * EBS may be disabled due to previous failures reported by FW.
4561 * Reset EBS status here assuming environment has been changed.
4563 sc->last_ebs_successful = TRUE;
4564 if ((error = iwm_assoc(vap, sc)) != 0) {
4565 device_printf(sc->sc_dev,
4566 "%s: failed to associate: %d\n", __func__,
4572 case IEEE80211_S_RUN:
4574 struct iwm_host_cmd cmd = {
4576 .len = { sizeof(in->in_lq), },
4577 .flags = IWM_CMD_SYNC,
4580 /* Update the association state, now we have it all */
4581 /* (eg associd comes in at this point */
4582 error = iwm_assoc(vap, sc);
4584 device_printf(sc->sc_dev,
4585 "%s: failed to update association state: %d\n",
4591 in = IWM_NODE(vap->iv_bss);
4592 iwm_mvm_enable_beacon_filter(sc, in);
4593 iwm_mvm_power_update_mac(sc);
4594 iwm_mvm_update_quotas(sc, ivp);
4595 iwm_setrates(sc, in);
4597 cmd.data[0] = &in->in_lq;
4598 if ((error = iwm_send_cmd(sc, &cmd)) != 0) {
4599 device_printf(sc->sc_dev,
4600 "%s: IWM_LQ_CMD failed\n", __func__);
4603 iwm_mvm_led_enable(sc);
4613 return (ivp->iv_newstate(vap, nstate, arg));
4617 iwm_endscan_cb(void *arg, int pending)
4619 struct iwm_softc *sc = arg;
4620 struct ieee80211com *ic = &sc->sc_ic;
4622 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
4626 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
4630 * Aging and idle timeouts for the different possible scenarios
4631 * in default configuration
4633 static const uint32_t
4634 iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4636 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF),
4637 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF)
4640 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF),
4641 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF)
4644 htole32(IWM_SF_MCAST_AGING_TIMER_DEF),
4645 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF)
4648 htole32(IWM_SF_BA_AGING_TIMER_DEF),
4649 htole32(IWM_SF_BA_IDLE_TIMER_DEF)
4652 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF),
4653 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF)
4658 * Aging and idle timeouts for the different possible scenarios
4659 * in single BSS MAC configuration.
4661 static const uint32_t
4662 iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4664 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER),
4665 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER)
4668 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER),
4669 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER)
4672 htole32(IWM_SF_MCAST_AGING_TIMER),
4673 htole32(IWM_SF_MCAST_IDLE_TIMER)
4676 htole32(IWM_SF_BA_AGING_TIMER),
4677 htole32(IWM_SF_BA_IDLE_TIMER)
4680 htole32(IWM_SF_TX_RE_AGING_TIMER),
4681 htole32(IWM_SF_TX_RE_IDLE_TIMER)
4686 iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd,
4687 struct ieee80211_node *ni)
4689 int i, j, watermark;
4691 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN);
4694 * If we are in association flow - check antenna configuration
4695 * capabilities of the AP station, and choose the watermark accordingly.
4698 if (ni->ni_flags & IEEE80211_NODE_HT) {
4700 if (ni->ni_rxmcs[2] != 0)
4701 watermark = IWM_SF_W_MARK_MIMO3;
4702 else if (ni->ni_rxmcs[1] != 0)
4703 watermark = IWM_SF_W_MARK_MIMO2;
4706 watermark = IWM_SF_W_MARK_SISO;
4708 watermark = IWM_SF_W_MARK_LEGACY;
4710 /* default watermark value for unassociated mode. */
4712 watermark = IWM_SF_W_MARK_MIMO2;
4714 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark);
4716 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) {
4717 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) {
4718 sf_cmd->long_delay_timeouts[i][j] =
4719 htole32(IWM_SF_LONG_DELAY_AGING_TIMER);
4724 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout,
4725 sizeof(iwm_sf_full_timeout));
4727 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def,
4728 sizeof(iwm_sf_full_timeout_def));
4733 iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state)
4735 struct ieee80211com *ic = &sc->sc_ic;
4736 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4737 struct iwm_sf_cfg_cmd sf_cmd = {
4738 .state = htole32(IWM_SF_FULL_ON),
4742 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
4743 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF);
4745 switch (new_state) {
4747 case IWM_SF_INIT_OFF:
4748 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL);
4750 case IWM_SF_FULL_ON:
4751 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss);
4754 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE,
4755 "Invalid state: %d. not sending Smart Fifo cmd\n",
4760 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC,
4761 sizeof(sf_cmd), &sf_cmd);
4766 iwm_send_bt_init_conf(struct iwm_softc *sc)
4768 struct iwm_bt_coex_cmd bt_cmd;
4770 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI);
4771 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET);
4773 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd),
4778 iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2)
4780 struct iwm_mcc_update_cmd mcc_cmd;
4781 struct iwm_host_cmd hcmd = {
4782 .id = IWM_MCC_UPDATE_CMD,
4783 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB),
4784 .data = { &mcc_cmd },
4788 struct iwm_rx_packet *pkt;
4789 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL;
4790 struct iwm_mcc_update_resp *mcc_resp;
4794 int resp_v2 = fw_has_capa(&sc->ucode_capa,
4795 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2);
4797 memset(&mcc_cmd, 0, sizeof(mcc_cmd));
4798 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]);
4799 if (fw_has_api(&sc->ucode_capa, IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) ||
4800 fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC))
4801 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT;
4803 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW;
4806 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd);
4808 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1);
4810 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4811 "send MCC update to FW with '%c%c' src = %d\n",
4812 alpha2[0], alpha2[1], mcc_cmd.source_id);
4814 ret = iwm_send_cmd(sc, &hcmd);
4819 pkt = hcmd.resp_pkt;
4821 /* Extract MCC response */
4823 mcc_resp = (void *)pkt->data;
4824 mcc = mcc_resp->mcc;
4825 n_channels = le32toh(mcc_resp->n_channels);
4827 mcc_resp_v1 = (void *)pkt->data;
4828 mcc = mcc_resp_v1->mcc;
4829 n_channels = le32toh(mcc_resp_v1->n_channels);
4832 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */
4834 mcc = 0x3030; /* "00" - world */
4836 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4837 "regulatory domain '%c%c' (%d channels available)\n",
4838 mcc >> 8, mcc & 0xff, n_channels);
4840 iwm_free_resp(sc, &hcmd);
4846 iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff)
4848 struct iwm_host_cmd cmd = {
4849 .id = IWM_REPLY_THERMAL_MNG_BACKOFF,
4850 .len = { sizeof(uint32_t), },
4851 .data = { &backoff, },
4854 if (iwm_send_cmd(sc, &cmd) != 0) {
4855 device_printf(sc->sc_dev,
4856 "failed to change thermal tx backoff\n");
4861 iwm_init_hw(struct iwm_softc *sc)
4863 struct ieee80211com *ic = &sc->sc_ic;
4866 if ((error = iwm_start_hw(sc)) != 0) {
4867 printf("iwm_start_hw: failed %d\n", error);
4871 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) {
4872 printf("iwm_run_init_mvm_ucode: failed %d\n", error);
4877 * should stop and start HW since that INIT
4880 iwm_stop_device(sc);
4881 sc->sc_ps_disabled = FALSE;
4882 if ((error = iwm_start_hw(sc)) != 0) {
4883 device_printf(sc->sc_dev, "could not initialize hardware\n");
4887 /* omstart, this time with the regular firmware */
4888 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR);
4890 device_printf(sc->sc_dev, "could not load firmware\n");
4894 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
4895 device_printf(sc->sc_dev, "bt init conf failed\n");
4899 error = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc));
4901 device_printf(sc->sc_dev, "antenna config failed\n");
4905 /* Send phy db control command and then phy db calibration */
4906 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0)
4909 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) {
4910 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n");
4914 /* Add auxiliary station for scanning */
4915 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) {
4916 device_printf(sc->sc_dev, "add_aux_sta failed\n");
4920 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
4922 * The channel used here isn't relevant as it's
4923 * going to be overwritten in the other flows.
4924 * For now use the first channel we have.
4926 if ((error = iwm_mvm_phy_ctxt_add(sc,
4927 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
4931 /* Initialize tx backoffs to the minimum. */
4932 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
4933 iwm_mvm_tt_tx_backoff(sc, 0);
4935 error = iwm_mvm_power_update_device(sc);
4939 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) {
4940 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0)
4944 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) {
4945 if ((error = iwm_mvm_config_umac_scan(sc)) != 0)
4949 /* Enable Tx queues. */
4950 for (ac = 0; ac < WME_NUM_AC; ac++) {
4951 error = iwm_enable_txq(sc, IWM_STATION_ID, ac,
4952 iwm_mvm_ac_to_tx_fifo[ac]);
4957 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) {
4958 device_printf(sc->sc_dev, "failed to disable beacon filter\n");
4965 iwm_stop_device(sc);
4969 /* Allow multicast from our BSSID. */
4971 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
4973 struct ieee80211_node *ni = vap->iv_bss;
4974 struct iwm_mcast_filter_cmd *cmd;
4978 size = roundup(sizeof(*cmd), 4);
4979 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
4982 cmd->filter_own = 1;
4986 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
4988 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
4989 IWM_CMD_SYNC, size, cmd);
4990 free(cmd, M_DEVBUF);
5000 iwm_init(struct iwm_softc *sc)
5004 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
5007 sc->sc_generation++;
5008 sc->sc_flags &= ~IWM_FLAG_STOPPED;
5010 if ((error = iwm_init_hw(sc)) != 0) {
5011 printf("iwm_init_hw failed %d\n", error);
5017 * Ok, firmware loaded and we are jogging
5019 sc->sc_flags |= IWM_FLAG_HW_INITED;
5020 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
5024 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
5026 struct iwm_softc *sc;
5032 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
5036 error = mbufq_enqueue(&sc->sc_snd, m);
5047 * Dequeue packets from sendq and call send.
5050 iwm_start(struct iwm_softc *sc)
5052 struct ieee80211_node *ni;
5056 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
5057 while (sc->qfullmsk == 0 &&
5058 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
5059 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
5060 if (iwm_tx(sc, m, ni, ac) != 0) {
5061 if_inc_counter(ni->ni_vap->iv_ifp,
5062 IFCOUNTER_OERRORS, 1);
5063 ieee80211_free_node(ni);
5066 sc->sc_tx_timer = 15;
5068 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
5072 iwm_stop(struct iwm_softc *sc)
5075 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
5076 sc->sc_flags |= IWM_FLAG_STOPPED;
5077 sc->sc_generation++;
5078 iwm_led_blink_stop(sc);
5079 sc->sc_tx_timer = 0;
5080 iwm_stop_device(sc);
5081 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5085 iwm_watchdog(void *arg)
5087 struct iwm_softc *sc = arg;
5088 struct ieee80211com *ic = &sc->sc_ic;
5090 if (sc->sc_tx_timer > 0) {
5091 if (--sc->sc_tx_timer == 0) {
5092 device_printf(sc->sc_dev, "device timeout\n");
5096 ieee80211_restart_all(ic);
5097 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
5101 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
5105 iwm_parent(struct ieee80211com *ic)
5107 struct iwm_softc *sc = ic->ic_softc;
5111 if (ic->ic_nrunning > 0) {
5112 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
5116 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
5120 ieee80211_start_all(ic);
5124 * The interrupt side of things
5128 * error dumping routines are from iwlwifi/mvm/utils.c
5132 * Note: This structure is read from the device with IO accesses,
5133 * and the reading already does the endian conversion. As it is
5134 * read with uint32_t-sized accesses, any members with a different size
5135 * need to be ordered correctly though!
5137 struct iwm_error_event_table {
5138 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5139 uint32_t error_id; /* type of error */
5140 uint32_t trm_hw_status0; /* TRM HW status */
5141 uint32_t trm_hw_status1; /* TRM HW status */
5142 uint32_t blink2; /* branch link */
5143 uint32_t ilink1; /* interrupt link */
5144 uint32_t ilink2; /* interrupt link */
5145 uint32_t data1; /* error-specific data */
5146 uint32_t data2; /* error-specific data */
5147 uint32_t data3; /* error-specific data */
5148 uint32_t bcon_time; /* beacon timer */
5149 uint32_t tsf_low; /* network timestamp function timer */
5150 uint32_t tsf_hi; /* network timestamp function timer */
5151 uint32_t gp1; /* GP1 timer register */
5152 uint32_t gp2; /* GP2 timer register */
5153 uint32_t fw_rev_type; /* firmware revision type */
5154 uint32_t major; /* uCode version major */
5155 uint32_t minor; /* uCode version minor */
5156 uint32_t hw_ver; /* HW Silicon version */
5157 uint32_t brd_ver; /* HW board version */
5158 uint32_t log_pc; /* log program counter */
5159 uint32_t frame_ptr; /* frame pointer */
5160 uint32_t stack_ptr; /* stack pointer */
5161 uint32_t hcmd; /* last host command header */
5162 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
5164 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
5166 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
5168 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
5170 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
5172 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */
5173 uint32_t wait_event; /* wait event() caller address */
5174 uint32_t l2p_control; /* L2pControlField */
5175 uint32_t l2p_duration; /* L2pDurationField */
5176 uint32_t l2p_mhvalid; /* L2pMhValidBits */
5177 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
5178 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
5180 uint32_t u_timestamp; /* indicate when the date and time of the
5182 uint32_t flow_handler; /* FH read/write pointers, RX credit */
5183 } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */;
5186 * UMAC error struct - relevant starting from family 8000 chip.
5187 * Note: This structure is read from the device with IO accesses,
5188 * and the reading already does the endian conversion. As it is
5189 * read with u32-sized accesses, any members with a different size
5190 * need to be ordered correctly though!
5192 struct iwm_umac_error_event_table {
5193 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5194 uint32_t error_id; /* type of error */
5195 uint32_t blink1; /* branch link */
5196 uint32_t blink2; /* branch link */
5197 uint32_t ilink1; /* interrupt link */
5198 uint32_t ilink2; /* interrupt link */
5199 uint32_t data1; /* error-specific data */
5200 uint32_t data2; /* error-specific data */
5201 uint32_t data3; /* error-specific data */
5202 uint32_t umac_major;
5203 uint32_t umac_minor;
5204 uint32_t frame_pointer; /* core register 27*/
5205 uint32_t stack_pointer; /* core register 28 */
5206 uint32_t cmd_header; /* latest host cmd sent to UMAC */
5207 uint32_t nic_isr_pref; /* ISR status register */
5210 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
5211 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
5217 } advanced_lookup[] = {
5218 { "NMI_INTERRUPT_WDG", 0x34 },
5219 { "SYSASSERT", 0x35 },
5220 { "UCODE_VERSION_MISMATCH", 0x37 },
5221 { "BAD_COMMAND", 0x38 },
5222 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
5223 { "FATAL_ERROR", 0x3D },
5224 { "NMI_TRM_HW_ERR", 0x46 },
5225 { "NMI_INTERRUPT_TRM", 0x4C },
5226 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
5227 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
5228 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
5229 { "NMI_INTERRUPT_HOST", 0x66 },
5230 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
5231 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
5232 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
5233 { "ADVANCED_SYSASSERT", 0 },
5237 iwm_desc_lookup(uint32_t num)
5241 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
5242 if (advanced_lookup[i].num == num)
5243 return advanced_lookup[i].name;
5245 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
5246 return advanced_lookup[i].name;
5250 iwm_nic_umac_error(struct iwm_softc *sc)
5252 struct iwm_umac_error_event_table table;
5255 base = sc->umac_error_event_table;
5257 if (base < 0x800000) {
5258 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n",
5263 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5264 device_printf(sc->sc_dev, "reading errlog failed\n");
5268 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5269 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n");
5270 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5271 sc->sc_flags, table.valid);
5274 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id,
5275 iwm_desc_lookup(table.error_id));
5276 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1);
5277 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2);
5278 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n",
5280 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n",
5282 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1);
5283 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2);
5284 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3);
5285 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major);
5286 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor);
5287 device_printf(sc->sc_dev, "0x%08X | frame pointer\n",
5288 table.frame_pointer);
5289 device_printf(sc->sc_dev, "0x%08X | stack pointer\n",
5290 table.stack_pointer);
5291 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header);
5292 device_printf(sc->sc_dev, "0x%08X | isr status reg\n",
5293 table.nic_isr_pref);
5297 * Support for dumping the error log seemed like a good idea ...
5298 * but it's mostly hex junk and the only sensible thing is the
5299 * hw/ucode revision (which we know anyway). Since it's here,
5300 * I'll just leave it in, just in case e.g. the Intel guys want to
5301 * help us decipher some "ADVANCED_SYSASSERT" later.
5304 iwm_nic_error(struct iwm_softc *sc)
5306 struct iwm_error_event_table table;
5309 device_printf(sc->sc_dev, "dumping device error log\n");
5310 base = sc->error_event_table;
5311 if (base < 0x800000) {
5312 device_printf(sc->sc_dev,
5313 "Invalid error log pointer 0x%08x\n", base);
5317 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5318 device_printf(sc->sc_dev, "reading errlog failed\n");
5323 device_printf(sc->sc_dev, "errlog not found, skipping\n");
5327 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5328 device_printf(sc->sc_dev, "Start Error Log Dump:\n");
5329 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5330 sc->sc_flags, table.valid);
5333 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
5334 iwm_desc_lookup(table.error_id));
5335 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n",
5336 table.trm_hw_status0);
5337 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n",
5338 table.trm_hw_status1);
5339 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
5340 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
5341 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
5342 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
5343 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
5344 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
5345 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
5346 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
5347 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
5348 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
5349 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
5350 device_printf(sc->sc_dev, "%08X | uCode revision type\n",
5352 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major);
5353 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor);
5354 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
5355 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
5356 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
5357 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
5358 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
5359 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
5360 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
5361 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
5362 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id);
5363 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
5364 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
5365 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
5366 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
5367 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
5368 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
5369 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
5370 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
5372 if (sc->umac_error_event_table)
5373 iwm_nic_umac_error(sc);
5377 #define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT);
5380 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
5381 * Basic structure from if_iwn
5384 iwm_notif_intr(struct iwm_softc *sc)
5386 struct ieee80211com *ic = &sc->sc_ic;
5389 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
5390 BUS_DMASYNC_POSTREAD);
5392 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
5397 while (sc->rxq.cur != hw) {
5398 struct iwm_rx_ring *ring = &sc->rxq;
5399 struct iwm_rx_data *data = &ring->data[ring->cur];
5400 struct iwm_rx_packet *pkt;
5401 struct iwm_cmd_response *cresp;
5404 bus_dmamap_sync(ring->data_dmat, data->map,
5405 BUS_DMASYNC_POSTREAD);
5406 pkt = mtod(data->m, struct iwm_rx_packet *);
5408 qid = pkt->hdr.qid & ~0x80;
5411 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code);
5412 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5413 "rx packet qid=%d idx=%d type=%x %d %d\n",
5414 pkt->hdr.qid & ~0x80, pkt->hdr.idx, code, ring->cur, hw);
5417 * randomly get these from the firmware, no idea why.
5418 * they at least seem harmless, so just ignore them for now
5420 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0)
5421 || pkt->len_n_flags == htole32(0x55550000))) {
5426 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt);
5429 case IWM_REPLY_RX_PHY_CMD:
5430 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data);
5433 case IWM_REPLY_RX_MPDU_CMD:
5434 iwm_mvm_rx_rx_mpdu(sc, data->m);
5438 iwm_mvm_rx_tx_cmd(sc, pkt, data);
5441 case IWM_MISSED_BEACONS_NOTIFICATION: {
5442 struct iwm_missed_beacons_notif *resp;
5445 /* XXX look at mac_id to determine interface ID */
5446 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5448 resp = (void *)pkt->data;
5449 missed = le32toh(resp->consec_missed_beacons);
5451 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
5452 "%s: MISSED_BEACON: mac_id=%d, "
5453 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
5456 le32toh(resp->mac_id),
5457 le32toh(resp->consec_missed_beacons_since_last_rx),
5458 le32toh(resp->consec_missed_beacons),
5459 le32toh(resp->num_expected_beacons),
5460 le32toh(resp->num_recvd_beacons));
5466 /* XXX no net80211 locking? */
5467 if (vap->iv_state == IEEE80211_S_RUN &&
5468 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
5469 if (missed > vap->iv_bmissthreshold) {
5470 /* XXX bad locking; turn into task */
5472 ieee80211_beacon_miss(ic);
5480 case IWM_MFUART_LOAD_NOTIFICATION:
5486 case IWM_CALIB_RES_NOTIF_PHY_DB:
5489 case IWM_STATISTICS_NOTIFICATION: {
5490 struct iwm_notif_statistics *stats;
5491 stats = (void *)pkt->data;
5492 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
5493 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general);
5497 case IWM_NVM_ACCESS_CMD:
5498 case IWM_MCC_UPDATE_CMD:
5499 if (sc->sc_wantresp == ((qid << 16) | idx)) {
5500 memcpy(sc->sc_cmd_resp,
5501 pkt, sizeof(sc->sc_cmd_resp));
5505 case IWM_MCC_CHUB_UPDATE_CMD: {
5506 struct iwm_mcc_chub_notif *notif;
5507 notif = (void *)pkt->data;
5509 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8;
5510 sc->sc_fw_mcc[1] = notif->mcc & 0xff;
5511 sc->sc_fw_mcc[2] = '\0';
5512 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
5513 "fw source %d sent CC '%s'\n",
5514 notif->source_id, sc->sc_fw_mcc);
5518 case IWM_DTS_MEASUREMENT_NOTIFICATION:
5519 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP,
5520 IWM_DTS_MEASUREMENT_NOTIF_WIDE): {
5521 struct iwm_dts_measurement_notif_v1 *notif;
5523 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) {
5524 device_printf(sc->sc_dev,
5525 "Invalid DTS_MEASUREMENT_NOTIFICATION\n");
5528 notif = (void *)pkt->data;
5529 IWM_DPRINTF(sc, IWM_DEBUG_TEMP,
5530 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n",
5535 case IWM_PHY_CONFIGURATION_CMD:
5536 case IWM_TX_ANT_CONFIGURATION_CMD:
5538 case IWM_MAC_CONTEXT_CMD:
5539 case IWM_REPLY_SF_CFG_CMD:
5540 case IWM_POWER_TABLE_CMD:
5541 case IWM_PHY_CONTEXT_CMD:
5542 case IWM_BINDING_CONTEXT_CMD:
5543 case IWM_TIME_EVENT_CMD:
5544 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD):
5545 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC):
5546 case IWM_SCAN_ABORT_UMAC:
5547 case IWM_SCAN_OFFLOAD_REQUEST_CMD:
5548 case IWM_SCAN_OFFLOAD_ABORT_CMD:
5549 case IWM_REPLY_BEACON_FILTERING_CMD:
5550 case IWM_MAC_PM_POWER_TABLE:
5551 case IWM_TIME_QUOTA_CMD:
5552 case IWM_REMOVE_STA:
5553 case IWM_TXPATH_FLUSH:
5555 case IWM_FW_PAGING_BLOCK_CMD:
5557 case IWM_REPLY_THERMAL_MNG_BACKOFF:
5558 cresp = (void *)pkt->data;
5559 if (sc->sc_wantresp == ((qid << 16) | idx)) {
5560 memcpy(sc->sc_cmd_resp,
5561 pkt, sizeof(*pkt)+sizeof(*cresp));
5566 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */
5569 case IWM_INIT_COMPLETE_NOTIF:
5572 case IWM_SCAN_OFFLOAD_COMPLETE:
5573 iwm_mvm_rx_lmac_scan_complete_notif(sc, pkt);
5574 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5575 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5576 ieee80211_runtask(ic, &sc->sc_es_task);
5580 case IWM_SCAN_ITERATION_COMPLETE: {
5581 struct iwm_lmac_scan_complete_notif *notif;
5582 notif = (void *)pkt->data;
5586 case IWM_SCAN_COMPLETE_UMAC:
5587 iwm_mvm_rx_umac_scan_complete_notif(sc, pkt);
5588 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5589 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5590 ieee80211_runtask(ic, &sc->sc_es_task);
5594 case IWM_SCAN_ITERATION_COMPLETE_UMAC: {
5595 struct iwm_umac_scan_iter_complete_notif *notif;
5596 notif = (void *)pkt->data;
5598 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration "
5599 "complete, status=0x%x, %d channels scanned\n",
5600 notif->status, notif->scanned_channels);
5604 case IWM_REPLY_ERROR: {
5605 struct iwm_error_resp *resp;
5606 resp = (void *)pkt->data;
5608 device_printf(sc->sc_dev,
5609 "firmware error 0x%x, cmd 0x%x\n",
5610 le32toh(resp->error_type),
5615 case IWM_TIME_EVENT_NOTIFICATION: {
5616 struct iwm_time_event_notif *notif;
5617 notif = (void *)pkt->data;
5619 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5620 "TE notif status = 0x%x action = 0x%x\n",
5621 notif->status, notif->action);
5625 case IWM_MCAST_FILTER_CMD:
5628 case IWM_SCD_QUEUE_CFG: {
5629 struct iwm_scd_txq_cfg_rsp *rsp;
5630 rsp = (void *)pkt->data;
5632 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
5633 "queue cfg token=0x%x sta_id=%d "
5634 "tid=%d scd_queue=%d\n",
5635 rsp->token, rsp->sta_id, rsp->tid,
5641 device_printf(sc->sc_dev,
5642 "frame %d/%d %x UNHANDLED (this should "
5643 "not happen)\n", qid, idx,
5649 * Why test bit 0x80? The Linux driver:
5651 * There is one exception: uCode sets bit 15 when it
5652 * originates the response/notification, i.e. when the
5653 * response/notification is not a direct response to a
5654 * command sent by the driver. For example, uCode issues
5655 * IWM_REPLY_RX when it sends a received frame to the driver;
5656 * it is not a direct response to any driver command.
5658 * Ok, so since when is 7 == 15? Well, the Linux driver
5659 * uses a slightly different format for pkt->hdr, and "qid"
5660 * is actually the upper byte of a two-byte field.
5662 if (!(pkt->hdr.qid & (1 << 7))) {
5663 iwm_cmd_done(sc, pkt);
5670 * Tell the firmware what we have processed.
5671 * Seems like the hardware gets upset unless we align
5674 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1;
5675 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7);
5681 struct iwm_softc *sc = arg;
5687 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
5689 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
5690 uint32_t *ict = sc->ict_dma.vaddr;
5693 tmp = htole32(ict[sc->ict_cur]);
5698 * ok, there was something. keep plowing until we have all.
5703 ict[sc->ict_cur] = 0;
5704 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
5705 tmp = htole32(ict[sc->ict_cur]);
5708 /* this is where the fun begins. don't ask */
5709 if (r1 == 0xffffffff)
5712 /* i am not expected to understand this */
5715 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
5717 r1 = IWM_READ(sc, IWM_CSR_INT);
5718 /* "hardware gone" (where, fishing?) */
5719 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
5721 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
5723 if (r1 == 0 && r2 == 0) {
5727 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
5729 /* Safely ignore these bits for debug checks below */
5730 r1 &= ~(IWM_CSR_INT_BIT_ALIVE | IWM_CSR_INT_BIT_SCD);
5732 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
5734 struct ieee80211com *ic = &sc->sc_ic;
5735 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5740 /* Dump driver status (TX and RX rings) while we're here. */
5741 device_printf(sc->sc_dev, "driver status:\n");
5742 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) {
5743 struct iwm_tx_ring *ring = &sc->txq[i];
5744 device_printf(sc->sc_dev,
5745 " tx ring %2d: qid=%-2d cur=%-3d "
5747 i, ring->qid, ring->cur, ring->queued);
5749 device_printf(sc->sc_dev,
5750 " rx ring: cur=%d\n", sc->rxq.cur);
5751 device_printf(sc->sc_dev,
5752 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state);
5754 /* Don't stop the device; just do a VAP restart */
5758 printf("%s: null vap\n", __func__);
5762 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; "
5763 "restarting\n", __func__, vap->iv_state);
5765 ieee80211_restart_all(ic);
5769 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
5770 handled |= IWM_CSR_INT_BIT_HW_ERR;
5771 device_printf(sc->sc_dev, "hardware error, stopping device\n");
5777 /* firmware chunk loaded */
5778 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
5779 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
5780 handled |= IWM_CSR_INT_BIT_FH_TX;
5781 sc->sc_fw_chunk_done = 1;
5785 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
5786 handled |= IWM_CSR_INT_BIT_RF_KILL;
5787 if (iwm_check_rfkill(sc)) {
5788 device_printf(sc->sc_dev,
5789 "%s: rfkill switch, disabling interface\n",
5796 * The Linux driver uses periodic interrupts to avoid races.
5797 * We cargo-cult like it's going out of fashion.
5799 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
5800 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
5801 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
5802 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
5804 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
5808 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
5809 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
5810 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
5814 /* enable periodic interrupt, see above */
5815 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
5816 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
5817 IWM_CSR_INT_PERIODIC_ENA);
5820 if (__predict_false(r1 & ~handled))
5821 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5822 "%s: unhandled interrupts: %x\n", __func__, r1);
5826 iwm_restore_interrupts(sc);
5833 * Autoconf glue-sniffing
5835 #define PCI_VENDOR_INTEL 0x8086
5836 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
5837 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
5838 #define PCI_PRODUCT_INTEL_WL_3165_1 0x3165
5839 #define PCI_PRODUCT_INTEL_WL_3165_2 0x3166
5840 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
5841 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
5842 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
5843 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
5844 #define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3
5845 #define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4
5847 static const struct iwm_devices {
5849 const struct iwm_cfg *cfg;
5851 { PCI_PRODUCT_INTEL_WL_3160_1, &iwm3160_cfg },
5852 { PCI_PRODUCT_INTEL_WL_3160_2, &iwm3160_cfg },
5853 { PCI_PRODUCT_INTEL_WL_3165_1, &iwm3165_cfg },
5854 { PCI_PRODUCT_INTEL_WL_3165_2, &iwm3165_cfg },
5855 { PCI_PRODUCT_INTEL_WL_7260_1, &iwm7260_cfg },
5856 { PCI_PRODUCT_INTEL_WL_7260_2, &iwm7260_cfg },
5857 { PCI_PRODUCT_INTEL_WL_7265_1, &iwm7265_cfg },
5858 { PCI_PRODUCT_INTEL_WL_7265_2, &iwm7265_cfg },
5859 { PCI_PRODUCT_INTEL_WL_8260_1, &iwm8260_cfg },
5860 { PCI_PRODUCT_INTEL_WL_8260_2, &iwm8260_cfg },
5864 iwm_probe(device_t dev)
5868 for (i = 0; i < nitems(iwm_devices); i++) {
5869 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
5870 pci_get_device(dev) == iwm_devices[i].device) {
5871 device_set_desc(dev, iwm_devices[i].cfg->name);
5872 return (BUS_PROBE_DEFAULT);
5880 iwm_dev_check(device_t dev)
5882 struct iwm_softc *sc;
5886 sc = device_get_softc(dev);
5888 devid = pci_get_device(dev);
5889 for (i = 0; i < nitems(iwm_devices); i++) {
5890 if (iwm_devices[i].device == devid) {
5891 sc->cfg = iwm_devices[i].cfg;
5895 device_printf(dev, "unknown adapter type\n");
5900 #define PCI_CFG_RETRY_TIMEOUT 0x041
5903 iwm_pci_attach(device_t dev)
5905 struct iwm_softc *sc;
5906 int count, error, rid;
5909 sc = device_get_softc(dev);
5911 /* We disable the RETRY_TIMEOUT register (0x41) to keep
5912 * PCI Tx retries from interfering with C3 CPU state */
5913 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
5915 /* Enable bus-mastering and hardware bug workaround. */
5916 pci_enable_busmaster(dev);
5917 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
5919 if (reg & PCIM_STATUS_INTxSTATE) {
5920 reg &= ~PCIM_STATUS_INTxSTATE;
5922 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
5925 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
5927 if (sc->sc_mem == NULL) {
5928 device_printf(sc->sc_dev, "can't map mem space\n");
5931 sc->sc_st = rman_get_bustag(sc->sc_mem);
5932 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
5934 /* Install interrupt handler. */
5937 if (pci_alloc_msi(dev, &count) == 0)
5939 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
5940 (rid != 0 ? 0 : RF_SHAREABLE));
5941 if (sc->sc_irq == NULL) {
5942 device_printf(dev, "can't map interrupt\n");
5945 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
5946 NULL, iwm_intr, sc, &sc->sc_ih);
5947 if (sc->sc_ih == NULL) {
5948 device_printf(dev, "can't establish interrupt");
5951 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
5957 iwm_pci_detach(device_t dev)
5959 struct iwm_softc *sc = device_get_softc(dev);
5961 if (sc->sc_irq != NULL) {
5962 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
5963 bus_release_resource(dev, SYS_RES_IRQ,
5964 rman_get_rid(sc->sc_irq), sc->sc_irq);
5965 pci_release_msi(dev);
5967 if (sc->sc_mem != NULL)
5968 bus_release_resource(dev, SYS_RES_MEMORY,
5969 rman_get_rid(sc->sc_mem), sc->sc_mem);
5975 iwm_attach(device_t dev)
5977 struct iwm_softc *sc = device_get_softc(dev);
5978 struct ieee80211com *ic = &sc->sc_ic;
5983 sc->sc_attached = 1;
5985 mbufq_init(&sc->sc_snd, ifqmaxlen);
5986 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
5987 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0);
5988 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
5990 sc->sc_notif_wait = iwm_notification_wait_init(sc);
5991 if (sc->sc_notif_wait == NULL) {
5992 device_printf(dev, "failed to init notification wait struct\n");
5997 sc->sc_phy_db = iwm_phy_db_init(sc);
5998 if (!sc->sc_phy_db) {
5999 device_printf(dev, "Cannot init phy_db\n");
6003 /* Set EBS as successful as long as not stated otherwise by the FW. */
6004 sc->last_ebs_successful = TRUE;
6007 error = iwm_pci_attach(dev);
6011 sc->sc_wantresp = -1;
6013 /* Check device type */
6014 error = iwm_dev_check(dev);
6018 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
6020 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have
6021 * changed, and now the revision step also includes bit 0-1 (no more
6022 * "dash" value). To keep hw_rev backwards compatible - we'll store it
6023 * in the old format.
6025 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
6026 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) |
6027 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2);
6029 if (iwm_prepare_card_hw(sc) != 0) {
6030 device_printf(dev, "could not initialize hardware\n");
6034 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
6039 * In order to recognize C step the driver should read the
6040 * chip version id located at the AUX bus MISC address.
6042 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
6043 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
6046 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
6047 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6048 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6051 device_printf(sc->sc_dev,
6052 "Failed to wake up the nic\n");
6056 if (iwm_nic_lock(sc)) {
6057 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG);
6058 hw_step |= IWM_ENABLE_WFPM;
6059 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step);
6060 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG);
6061 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF;
6063 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) |
6064 (IWM_SILICON_C_STEP << 2);
6067 device_printf(sc->sc_dev, "Failed to lock the nic\n");
6072 /* special-case 7265D, it has the same PCI IDs. */
6073 if (sc->cfg == &iwm7265_cfg &&
6074 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) {
6075 sc->cfg = &iwm7265d_cfg;
6078 /* Allocate DMA memory for firmware transfers. */
6079 if ((error = iwm_alloc_fwmem(sc)) != 0) {
6080 device_printf(dev, "could not allocate memory for firmware\n");
6084 /* Allocate "Keep Warm" page. */
6085 if ((error = iwm_alloc_kw(sc)) != 0) {
6086 device_printf(dev, "could not allocate keep warm page\n");
6090 /* We use ICT interrupts */
6091 if ((error = iwm_alloc_ict(sc)) != 0) {
6092 device_printf(dev, "could not allocate ICT table\n");
6096 /* Allocate TX scheduler "rings". */
6097 if ((error = iwm_alloc_sched(sc)) != 0) {
6098 device_printf(dev, "could not allocate TX scheduler rings\n");
6102 /* Allocate TX rings */
6103 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
6104 if ((error = iwm_alloc_tx_ring(sc,
6105 &sc->txq[txq_i], txq_i)) != 0) {
6107 "could not allocate TX ring %d\n",
6113 /* Allocate RX ring. */
6114 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
6115 device_printf(dev, "could not allocate RX ring\n");
6119 /* Clear pending interrupts. */
6120 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
6123 ic->ic_name = device_get_nameunit(sc->sc_dev);
6124 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
6125 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
6127 /* Set device capabilities. */
6130 IEEE80211_C_WPA | /* WPA/RSN */
6133 IEEE80211_C_SHSLOT | /* short slot time supported */
6134 IEEE80211_C_SHPREAMBLE /* short preamble supported */
6135 // IEEE80211_C_BGSCAN /* capable of bg scanning */
6137 /* Advertise full-offload scanning */
6138 ic->ic_flags_ext = IEEE80211_FEXT_SCAN_OFFLOAD;
6139 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
6140 sc->sc_phyctxt[i].id = i;
6141 sc->sc_phyctxt[i].color = 0;
6142 sc->sc_phyctxt[i].ref = 0;
6143 sc->sc_phyctxt[i].channel = NULL;
6146 /* Default noise floor */
6150 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
6152 sc->sc_preinit_hook.ich_func = iwm_preinit;
6153 sc->sc_preinit_hook.ich_arg = sc;
6154 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
6155 device_printf(dev, "config_intrhook_establish failed\n");
6160 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
6161 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
6162 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
6165 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6166 "<-%s\n", __func__);
6170 /* Free allocated memory if something failed during attachment. */
6172 iwm_detach_local(sc, 0);
6178 iwm_is_valid_ether_addr(uint8_t *addr)
6180 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 };
6182 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr))
6189 iwm_update_edca(struct ieee80211com *ic)
6191 struct iwm_softc *sc = ic->ic_softc;
6193 device_printf(sc->sc_dev, "%s: called\n", __func__);
6198 iwm_preinit(void *arg)
6200 struct iwm_softc *sc = arg;
6201 device_t dev = sc->sc_dev;
6202 struct ieee80211com *ic = &sc->sc_ic;
6205 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6206 "->%s\n", __func__);
6209 if ((error = iwm_start_hw(sc)) != 0) {
6210 device_printf(dev, "could not initialize hardware\n");
6215 error = iwm_run_init_mvm_ucode(sc, 1);
6216 iwm_stop_device(sc);
6222 "hw rev 0x%x, fw ver %s, address %s\n",
6223 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
6224 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr));
6226 /* not all hardware can do 5GHz band */
6227 if (!sc->nvm_data->sku_cap_band_52GHz_enable)
6228 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
6229 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
6232 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
6236 * At this point we've committed - if we fail to do setup,
6237 * we now also have to tear down the net80211 state.
6239 ieee80211_ifattach(ic);
6240 ic->ic_vap_create = iwm_vap_create;
6241 ic->ic_vap_delete = iwm_vap_delete;
6242 ic->ic_raw_xmit = iwm_raw_xmit;
6243 ic->ic_node_alloc = iwm_node_alloc;
6244 ic->ic_scan_start = iwm_scan_start;
6245 ic->ic_scan_end = iwm_scan_end;
6246 ic->ic_update_mcast = iwm_update_mcast;
6247 ic->ic_getradiocaps = iwm_init_channel_map;
6248 ic->ic_set_channel = iwm_set_channel;
6249 ic->ic_scan_curchan = iwm_scan_curchan;
6250 ic->ic_scan_mindwell = iwm_scan_mindwell;
6251 ic->ic_wme.wme_update = iwm_update_edca;
6252 ic->ic_parent = iwm_parent;
6253 ic->ic_transmit = iwm_transmit;
6254 iwm_radiotap_attach(sc);
6256 ieee80211_announce(ic);
6258 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6259 "<-%s\n", __func__);
6260 config_intrhook_disestablish(&sc->sc_preinit_hook);
6264 config_intrhook_disestablish(&sc->sc_preinit_hook);
6265 iwm_detach_local(sc, 0);
6269 * Attach the interface to 802.11 radiotap.
6272 iwm_radiotap_attach(struct iwm_softc *sc)
6274 struct ieee80211com *ic = &sc->sc_ic;
6276 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6277 "->%s begin\n", __func__);
6278 ieee80211_radiotap_attach(ic,
6279 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
6280 IWM_TX_RADIOTAP_PRESENT,
6281 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
6282 IWM_RX_RADIOTAP_PRESENT);
6283 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6284 "->%s end\n", __func__);
6287 static struct ieee80211vap *
6288 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
6289 enum ieee80211_opmode opmode, int flags,
6290 const uint8_t bssid[IEEE80211_ADDR_LEN],
6291 const uint8_t mac[IEEE80211_ADDR_LEN])
6293 struct iwm_vap *ivp;
6294 struct ieee80211vap *vap;
6296 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
6298 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO);
6300 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
6301 vap->iv_bmissthreshold = 10; /* override default */
6302 /* Override with driver methods. */
6303 ivp->iv_newstate = vap->iv_newstate;
6304 vap->iv_newstate = iwm_newstate;
6306 ivp->id = IWM_DEFAULT_MACID;
6307 ivp->color = IWM_DEFAULT_COLOR;
6309 ieee80211_ratectl_init(vap);
6310 /* Complete setup. */
6311 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status,
6313 ic->ic_opmode = opmode;
6319 iwm_vap_delete(struct ieee80211vap *vap)
6321 struct iwm_vap *ivp = IWM_VAP(vap);
6323 ieee80211_ratectl_deinit(vap);
6324 ieee80211_vap_detach(vap);
6325 free(ivp, M_80211_VAP);
6329 iwm_scan_start(struct ieee80211com *ic)
6331 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6332 struct iwm_softc *sc = ic->ic_softc;
6336 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6337 /* This should not be possible */
6338 device_printf(sc->sc_dev,
6339 "%s: Previous scan not completed yet\n", __func__);
6341 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN))
6342 error = iwm_mvm_umac_scan(sc);
6344 error = iwm_mvm_lmac_scan(sc);
6346 device_printf(sc->sc_dev, "could not initiate scan\n");
6348 ieee80211_cancel_scan(vap);
6350 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING;
6351 iwm_led_blink_start(sc);
6357 iwm_scan_end(struct ieee80211com *ic)
6359 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6360 struct iwm_softc *sc = ic->ic_softc;
6363 iwm_led_blink_stop(sc);
6364 if (vap->iv_state == IEEE80211_S_RUN)
6365 iwm_mvm_led_enable(sc);
6366 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6368 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because
6369 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq
6372 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
6373 iwm_mvm_scan_stop_wait(sc);
6378 * Make sure we don't race, if sc_es_task is still enqueued here.
6379 * This is to make sure that it won't call ieee80211_scan_done
6380 * when we have already started the next scan.
6382 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL);
6386 iwm_update_mcast(struct ieee80211com *ic)
6391 iwm_set_channel(struct ieee80211com *ic)
6396 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
6401 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
6407 iwm_init_task(void *arg1)
6409 struct iwm_softc *sc = arg1;
6412 while (sc->sc_flags & IWM_FLAG_BUSY)
6413 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
6414 sc->sc_flags |= IWM_FLAG_BUSY;
6416 if (sc->sc_ic.ic_nrunning > 0)
6418 sc->sc_flags &= ~IWM_FLAG_BUSY;
6419 wakeup(&sc->sc_flags);
6424 iwm_resume(device_t dev)
6426 struct iwm_softc *sc = device_get_softc(dev);
6430 * We disable the RETRY_TIMEOUT register (0x41) to keep
6431 * PCI Tx retries from interfering with C3 CPU state.
6433 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
6434 iwm_init_task(device_get_softc(dev));
6437 if (sc->sc_flags & IWM_FLAG_SCANNING) {
6438 sc->sc_flags &= ~IWM_FLAG_SCANNING;
6444 ieee80211_resume_all(&sc->sc_ic);
6450 iwm_suspend(device_t dev)
6453 struct iwm_softc *sc = device_get_softc(dev);
6455 do_stop = !! (sc->sc_ic.ic_nrunning > 0);
6457 ieee80211_suspend_all(&sc->sc_ic);
6462 sc->sc_flags |= IWM_FLAG_SCANNING;
6470 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
6472 struct iwm_fw_info *fw = &sc->sc_fw;
6473 device_t dev = sc->sc_dev;
6476 if (!sc->sc_attached)
6478 sc->sc_attached = 0;
6481 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task);
6483 callout_drain(&sc->sc_led_blink_to);
6484 callout_drain(&sc->sc_watchdog_to);
6485 iwm_stop_device(sc);
6487 ieee80211_ifdetach(&sc->sc_ic);
6490 iwm_phy_db_free(sc->sc_phy_db);
6491 sc->sc_phy_db = NULL;
6493 iwm_free_nvm_data(sc->nvm_data);
6495 /* Free descriptor rings */
6496 iwm_free_rx_ring(sc, &sc->rxq);
6497 for (i = 0; i < nitems(sc->txq); i++)
6498 iwm_free_tx_ring(sc, &sc->txq[i]);
6501 if (fw->fw_fp != NULL)
6502 iwm_fw_info_free(fw);
6504 /* Free scheduler */
6505 iwm_dma_contig_free(&sc->sched_dma);
6506 iwm_dma_contig_free(&sc->ict_dma);
6507 iwm_dma_contig_free(&sc->kw_dma);
6508 iwm_dma_contig_free(&sc->fw_dma);
6510 iwm_free_fw_paging(sc);
6512 /* Finished with the hardware - detach things */
6513 iwm_pci_detach(dev);
6515 if (sc->sc_notif_wait != NULL) {
6516 iwm_notification_wait_free(sc->sc_notif_wait);
6517 sc->sc_notif_wait = NULL;
6520 mbufq_drain(&sc->sc_snd);
6521 IWM_LOCK_DESTROY(sc);
6527 iwm_detach(device_t dev)
6529 struct iwm_softc *sc = device_get_softc(dev);
6531 return (iwm_detach_local(sc, 1));
6534 static device_method_t iwm_pci_methods[] = {
6535 /* Device interface */
6536 DEVMETHOD(device_probe, iwm_probe),
6537 DEVMETHOD(device_attach, iwm_attach),
6538 DEVMETHOD(device_detach, iwm_detach),
6539 DEVMETHOD(device_suspend, iwm_suspend),
6540 DEVMETHOD(device_resume, iwm_resume),
6545 static driver_t iwm_pci_driver = {
6548 sizeof (struct iwm_softc)
6551 static devclass_t iwm_devclass;
6553 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
6554 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
6555 MODULE_DEPEND(iwm, pci, 1, 1, 1);
6556 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
projects / FreeBSD / FreeBSD.git / blob