1 /* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
27 ***********************************************************************
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
105 #include <sys/cdefs.h>
106 __FBSDID("$FreeBSD$");
108 #include "opt_wlan.h"
110 #include <sys/param.h>
112 #include <sys/conf.h>
113 #include <sys/endian.h>
114 #include <sys/firmware.h>
115 #include <sys/kernel.h>
116 #include <sys/malloc.h>
117 #include <sys/mbuf.h>
118 #include <sys/mutex.h>
119 #include <sys/module.h>
120 #include <sys/proc.h>
121 #include <sys/rman.h>
122 #include <sys/socket.h>
123 #include <sys/sockio.h>
124 #include <sys/sysctl.h>
125 #include <sys/linker.h>
127 #include <machine/bus.h>
128 #include <machine/endian.h>
129 #include <machine/resource.h>
131 #include <dev/pci/pcivar.h>
132 #include <dev/pci/pcireg.h>
137 #include <net/if_var.h>
138 #include <net/if_arp.h>
139 #include <net/if_dl.h>
140 #include <net/if_media.h>
141 #include <net/if_types.h>
143 #include <netinet/in.h>
144 #include <netinet/in_systm.h>
145 #include <netinet/if_ether.h>
146 #include <netinet/ip.h>
148 #include <net80211/ieee80211_var.h>
149 #include <net80211/ieee80211_regdomain.h>
150 #include <net80211/ieee80211_ratectl.h>
151 #include <net80211/ieee80211_radiotap.h>
153 #include <dev/iwm/if_iwmreg.h>
154 #include <dev/iwm/if_iwmvar.h>
155 #include <dev/iwm/if_iwm_debug.h>
156 #include <dev/iwm/if_iwm_util.h>
157 #include <dev/iwm/if_iwm_binding.h>
158 #include <dev/iwm/if_iwm_phy_db.h>
159 #include <dev/iwm/if_iwm_mac_ctxt.h>
160 #include <dev/iwm/if_iwm_phy_ctxt.h>
161 #include <dev/iwm/if_iwm_time_event.h>
162 #include <dev/iwm/if_iwm_power.h>
163 #include <dev/iwm/if_iwm_scan.h>
165 #include <dev/iwm/if_iwm_pcie_trans.h>
166 #include <dev/iwm/if_iwm_led.h>
168 const uint8_t iwm_nvm_channels[] = {
170 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
172 36, 40, 44, 48, 52, 56, 60, 64,
173 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
174 149, 153, 157, 161, 165
176 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS,
177 "IWM_NUM_CHANNELS is too small");
179 const uint8_t iwm_nvm_channels_8000[] = {
181 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
183 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92,
184 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
185 149, 153, 157, 161, 165, 169, 173, 177, 181
187 _Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000,
188 "IWM_NUM_CHANNELS_8000 is too small");
190 #define IWM_NUM_2GHZ_CHANNELS 14
191 #define IWM_N_HW_ADDR_MASK 0xF
194 * XXX For now, there's simply a fixed set of rate table entries
195 * that are populated.
197 const struct iwm_rate {
201 { 2, IWM_RATE_1M_PLCP },
202 { 4, IWM_RATE_2M_PLCP },
203 { 11, IWM_RATE_5M_PLCP },
204 { 22, IWM_RATE_11M_PLCP },
205 { 12, IWM_RATE_6M_PLCP },
206 { 18, IWM_RATE_9M_PLCP },
207 { 24, IWM_RATE_12M_PLCP },
208 { 36, IWM_RATE_18M_PLCP },
209 { 48, IWM_RATE_24M_PLCP },
210 { 72, IWM_RATE_36M_PLCP },
211 { 96, IWM_RATE_48M_PLCP },
212 { 108, IWM_RATE_54M_PLCP },
214 #define IWM_RIDX_CCK 0
215 #define IWM_RIDX_OFDM 4
216 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
217 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
218 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
220 struct iwm_nvm_section {
225 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
226 static int iwm_firmware_store_section(struct iwm_softc *,
228 const uint8_t *, size_t);
229 static int iwm_set_default_calib(struct iwm_softc *, const void *);
230 static void iwm_fw_info_free(struct iwm_fw_info *);
231 static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type);
232 static void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int);
233 static int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *,
234 bus_size_t, bus_size_t);
235 static void iwm_dma_contig_free(struct iwm_dma_info *);
236 static int iwm_alloc_fwmem(struct iwm_softc *);
237 static int iwm_alloc_sched(struct iwm_softc *);
238 static int iwm_alloc_kw(struct iwm_softc *);
239 static int iwm_alloc_ict(struct iwm_softc *);
240 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
241 static void iwm_disable_rx_dma(struct iwm_softc *);
242 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
243 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
244 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
246 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
247 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
248 static void iwm_enable_interrupts(struct iwm_softc *);
249 static void iwm_restore_interrupts(struct iwm_softc *);
250 static void iwm_disable_interrupts(struct iwm_softc *);
251 static void iwm_ict_reset(struct iwm_softc *);
252 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
253 static void iwm_stop_device(struct iwm_softc *);
254 static void iwm_mvm_nic_config(struct iwm_softc *);
255 static int iwm_nic_rx_init(struct iwm_softc *);
256 static int iwm_nic_tx_init(struct iwm_softc *);
257 static int iwm_nic_init(struct iwm_softc *);
258 static int iwm_enable_txq(struct iwm_softc *, int, int, int);
259 static int iwm_post_alive(struct iwm_softc *);
260 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
261 uint16_t, uint8_t *, uint16_t *);
262 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
264 static uint32_t iwm_eeprom_channel_flags(uint16_t);
265 static void iwm_add_channel_band(struct iwm_softc *,
266 struct ieee80211_channel[], int, int *, int, size_t,
268 static void iwm_init_channel_map(struct ieee80211com *, int, int *,
269 struct ieee80211_channel[]);
270 static int iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
271 const uint16_t *, const uint16_t *,
272 const uint16_t *, const uint16_t *,
274 static void iwm_set_hw_address_8000(struct iwm_softc *,
275 struct iwm_nvm_data *,
276 const uint16_t *, const uint16_t *);
277 static int iwm_get_sku(const struct iwm_softc *, const uint16_t *,
279 static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *);
280 static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *,
282 static int iwm_get_n_hw_addrs(const struct iwm_softc *,
284 static void iwm_set_radio_cfg(const struct iwm_softc *,
285 struct iwm_nvm_data *, uint32_t);
286 static int iwm_parse_nvm_sections(struct iwm_softc *,
287 struct iwm_nvm_section *);
288 static int iwm_nvm_init(struct iwm_softc *);
289 static int iwm_firmware_load_sect(struct iwm_softc *, uint32_t,
290 const uint8_t *, uint32_t);
291 static int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t,
292 const uint8_t *, uint32_t);
293 static int iwm_load_firmware_7000(struct iwm_softc *, enum iwm_ucode_type);
294 static int iwm_load_cpu_sections_8000(struct iwm_softc *,
295 struct iwm_fw_sects *, int , int *);
296 static int iwm_load_firmware_8000(struct iwm_softc *, enum iwm_ucode_type);
297 static int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type);
298 static int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type);
299 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
300 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
301 static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *,
302 enum iwm_ucode_type);
303 static int iwm_run_init_mvm_ucode(struct iwm_softc *, int);
304 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
305 static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *);
306 static int iwm_mvm_get_signal_strength(struct iwm_softc *,
307 struct iwm_rx_phy_info *);
308 static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *,
309 struct iwm_rx_packet *,
310 struct iwm_rx_data *);
311 static int iwm_get_noise(struct iwm_softc *sc,
312 const struct iwm_mvm_statistics_rx_non_phy *);
313 static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *,
314 struct iwm_rx_data *);
315 static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *,
316 struct iwm_rx_packet *,
318 static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *,
319 struct iwm_rx_data *);
320 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
322 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
325 static const struct iwm_rate *
326 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
327 struct mbuf *, struct iwm_tx_cmd *);
328 static int iwm_tx(struct iwm_softc *, struct mbuf *,
329 struct ieee80211_node *, int);
330 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
331 const struct ieee80211_bpf_params *);
332 static int iwm_mvm_flush_tx_path(struct iwm_softc *sc,
333 uint32_t tfd_msk, uint32_t flags);
334 static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *,
335 struct iwm_mvm_add_sta_cmd_v7 *,
337 static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *,
339 static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *);
340 static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *);
341 static int iwm_mvm_add_int_sta_common(struct iwm_softc *,
342 struct iwm_int_sta *,
343 const uint8_t *, uint16_t, uint16_t);
344 static int iwm_mvm_add_aux_sta(struct iwm_softc *);
345 static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *);
346 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
347 static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *);
348 static int iwm_release(struct iwm_softc *, struct iwm_node *);
349 static struct ieee80211_node *
350 iwm_node_alloc(struct ieee80211vap *,
351 const uint8_t[IEEE80211_ADDR_LEN]);
352 static void iwm_setrates(struct iwm_softc *, struct iwm_node *);
353 static int iwm_media_change(struct ifnet *);
354 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
355 static void iwm_endscan_cb(void *, int);
356 static void iwm_mvm_fill_sf_command(struct iwm_softc *,
357 struct iwm_sf_cfg_cmd *,
358 struct ieee80211_node *);
359 static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state);
360 static int iwm_send_bt_init_conf(struct iwm_softc *);
361 static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *);
362 static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t);
363 static int iwm_init_hw(struct iwm_softc *);
364 static void iwm_init(struct iwm_softc *);
365 static void iwm_start(struct iwm_softc *);
366 static void iwm_stop(struct iwm_softc *);
367 static void iwm_watchdog(void *);
368 static void iwm_parent(struct ieee80211com *);
371 iwm_desc_lookup(uint32_t);
372 static void iwm_nic_error(struct iwm_softc *);
373 static void iwm_nic_umac_error(struct iwm_softc *);
375 static void iwm_notif_intr(struct iwm_softc *);
376 static void iwm_intr(void *);
377 static int iwm_attach(device_t);
378 static int iwm_is_valid_ether_addr(uint8_t *);
379 static void iwm_preinit(void *);
380 static int iwm_detach_local(struct iwm_softc *sc, int);
381 static void iwm_init_task(void *);
382 static void iwm_radiotap_attach(struct iwm_softc *);
383 static struct ieee80211vap *
384 iwm_vap_create(struct ieee80211com *,
385 const char [IFNAMSIZ], int,
386 enum ieee80211_opmode, int,
387 const uint8_t [IEEE80211_ADDR_LEN],
388 const uint8_t [IEEE80211_ADDR_LEN]);
389 static void iwm_vap_delete(struct ieee80211vap *);
390 static void iwm_scan_start(struct ieee80211com *);
391 static void iwm_scan_end(struct ieee80211com *);
392 static void iwm_update_mcast(struct ieee80211com *);
393 static void iwm_set_channel(struct ieee80211com *);
394 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
395 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
396 static int iwm_detach(device_t);
403 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
405 const struct iwm_fw_cscheme_list *l = (const void *)data;
407 if (dlen < sizeof(*l) ||
408 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
411 /* we don't actually store anything for now, always use s/w crypto */
417 iwm_firmware_store_section(struct iwm_softc *sc,
418 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
420 struct iwm_fw_sects *fws;
421 struct iwm_fw_onesect *fwone;
423 if (type >= IWM_UCODE_TYPE_MAX)
425 if (dlen < sizeof(uint32_t))
428 fws = &sc->sc_fw.fw_sects[type];
429 if (fws->fw_count >= IWM_UCODE_SECT_MAX)
432 fwone = &fws->fw_sect[fws->fw_count];
434 /* first 32bit are device load offset */
435 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t));
438 fwone->fws_data = data + sizeof(uint32_t);
439 fwone->fws_len = dlen - sizeof(uint32_t);
446 #define IWM_DEFAULT_SCAN_CHANNELS 40
448 /* iwlwifi: iwl-drv.c */
449 struct iwm_tlv_calib_data {
451 struct iwm_tlv_calib_ctrl calib;
455 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
457 const struct iwm_tlv_calib_data *def_calib = data;
458 uint32_t ucode_type = le32toh(def_calib->ucode_type);
460 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
461 device_printf(sc->sc_dev,
462 "Wrong ucode_type %u for default "
463 "calibration.\n", ucode_type);
467 sc->sc_default_calib[ucode_type].flow_trigger =
468 def_calib->calib.flow_trigger;
469 sc->sc_default_calib[ucode_type].event_trigger =
470 def_calib->calib.event_trigger;
476 iwm_fw_info_free(struct iwm_fw_info *fw)
478 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD);
480 /* don't touch fw->fw_status */
481 memset(fw->fw_sects, 0, sizeof(fw->fw_sects));
485 iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
487 struct iwm_fw_info *fw = &sc->sc_fw;
488 const struct iwm_tlv_ucode_header *uhdr;
489 struct iwm_ucode_tlv tlv;
490 enum iwm_ucode_tlv_type tlv_type;
491 const struct firmware *fwp;
496 if (fw->fw_status == IWM_FW_STATUS_DONE &&
497 ucode_type != IWM_UCODE_TYPE_INIT)
500 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS)
501 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0);
502 fw->fw_status = IWM_FW_STATUS_INPROGRESS;
504 if (fw->fw_fp != NULL)
505 iwm_fw_info_free(fw);
508 * Load firmware into driver memory.
512 fwp = firmware_get(sc->sc_fwname);
515 device_printf(sc->sc_dev,
516 "could not read firmware %s (error %d)\n",
517 sc->sc_fwname, error);
522 /* (Re-)Initialize default values. */
523 sc->sc_capaflags = 0;
524 sc->sc_capa_n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS;
525 memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa));
526 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc));
529 * Parse firmware contents
532 uhdr = (const void *)fw->fw_fp->data;
533 if (*(const uint32_t *)fw->fw_fp->data != 0
534 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
535 device_printf(sc->sc_dev, "invalid firmware %s\n",
541 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)",
542 IWM_UCODE_MAJOR(le32toh(uhdr->ver)),
543 IWM_UCODE_MINOR(le32toh(uhdr->ver)),
544 IWM_UCODE_API(le32toh(uhdr->ver)));
546 len = fw->fw_fp->datasize - sizeof(*uhdr);
548 while (len >= sizeof(tlv)) {
550 const void *tlv_data;
552 memcpy(&tlv, data, sizeof(tlv));
553 tlv_len = le32toh(tlv.length);
554 tlv_type = le32toh(tlv.type);
561 device_printf(sc->sc_dev,
562 "firmware too short: %zu bytes\n",
568 switch ((int)tlv_type) {
569 case IWM_UCODE_TLV_PROBE_MAX_LEN:
570 if (tlv_len < sizeof(uint32_t)) {
571 device_printf(sc->sc_dev,
572 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n",
578 sc->sc_capa_max_probe_len
579 = le32toh(*(const uint32_t *)tlv_data);
580 /* limit it to something sensible */
581 if (sc->sc_capa_max_probe_len >
582 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) {
583 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
584 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
585 "ridiculous\n", __func__);
590 case IWM_UCODE_TLV_PAN:
592 device_printf(sc->sc_dev,
593 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n",
599 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN;
601 case IWM_UCODE_TLV_FLAGS:
602 if (tlv_len < sizeof(uint32_t)) {
603 device_printf(sc->sc_dev,
604 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n",
611 * Apparently there can be many flags, but Linux driver
612 * parses only the first one, and so do we.
614 * XXX: why does this override IWM_UCODE_TLV_PAN?
615 * Intentional or a bug? Observations from
616 * current firmware file:
617 * 1) TLV_PAN is parsed first
618 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
619 * ==> this resets TLV_PAN to itself... hnnnk
621 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data);
623 case IWM_UCODE_TLV_CSCHEME:
624 if ((error = iwm_store_cscheme(sc,
625 tlv_data, tlv_len)) != 0) {
626 device_printf(sc->sc_dev,
627 "%s: iwm_store_cscheme(): returned %d\n",
633 case IWM_UCODE_TLV_NUM_OF_CPU: {
635 if (tlv_len != sizeof(uint32_t)) {
636 device_printf(sc->sc_dev,
637 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n",
643 num_cpu = le32toh(*(const uint32_t *)tlv_data);
644 if (num_cpu < 1 || num_cpu > 2) {
645 device_printf(sc->sc_dev,
646 "%s: Driver supports only 1 or 2 CPUs\n",
653 case IWM_UCODE_TLV_SEC_RT:
654 if ((error = iwm_firmware_store_section(sc,
655 IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len)) != 0) {
656 device_printf(sc->sc_dev,
657 "%s: IWM_UCODE_TYPE_REGULAR: iwm_firmware_store_section() failed; %d\n",
663 case IWM_UCODE_TLV_SEC_INIT:
664 if ((error = iwm_firmware_store_section(sc,
665 IWM_UCODE_TYPE_INIT, tlv_data, tlv_len)) != 0) {
666 device_printf(sc->sc_dev,
667 "%s: IWM_UCODE_TYPE_INIT: iwm_firmware_store_section() failed; %d\n",
673 case IWM_UCODE_TLV_SEC_WOWLAN:
674 if ((error = iwm_firmware_store_section(sc,
675 IWM_UCODE_TYPE_WOW, tlv_data, tlv_len)) != 0) {
676 device_printf(sc->sc_dev,
677 "%s: IWM_UCODE_TYPE_WOW: iwm_firmware_store_section() failed; %d\n",
683 case IWM_UCODE_TLV_DEF_CALIB:
684 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
685 device_printf(sc->sc_dev,
686 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n",
689 (int) sizeof(struct iwm_tlv_calib_data));
693 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
694 device_printf(sc->sc_dev,
695 "%s: iwm_set_default_calib() failed: %d\n",
701 case IWM_UCODE_TLV_PHY_SKU:
702 if (tlv_len != sizeof(uint32_t)) {
704 device_printf(sc->sc_dev,
705 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n",
710 sc->sc_fw_phy_config =
711 le32toh(*(const uint32_t *)tlv_data);
714 case IWM_UCODE_TLV_API_CHANGES_SET: {
715 const struct iwm_ucode_api *api;
716 if (tlv_len != sizeof(*api)) {
720 api = (const struct iwm_ucode_api *)tlv_data;
721 /* Flags may exceed 32 bits in future firmware. */
722 if (le32toh(api->api_index) > 0) {
723 device_printf(sc->sc_dev,
724 "unsupported API index %d\n",
725 le32toh(api->api_index));
728 sc->sc_ucode_api = le32toh(api->api_flags);
732 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: {
733 const struct iwm_ucode_capa *capa;
735 if (tlv_len != sizeof(*capa)) {
739 capa = (const struct iwm_ucode_capa *)tlv_data;
740 idx = le32toh(capa->api_index);
741 if (idx >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) {
742 device_printf(sc->sc_dev,
743 "unsupported API index %d\n", idx);
746 for (i = 0; i < 32; i++) {
747 if ((le32toh(capa->api_capa) & (1U << i)) == 0)
749 setbit(sc->sc_enabled_capa, i + (32 * idx));
754 case 48: /* undocumented TLV */
755 case IWM_UCODE_TLV_SDIO_ADMA_ADDR:
756 case IWM_UCODE_TLV_FW_GSCAN_CAPA:
757 /* ignore, not used by current driver */
760 case IWM_UCODE_TLV_SEC_RT_USNIFFER:
761 if ((error = iwm_firmware_store_section(sc,
762 IWM_UCODE_TYPE_REGULAR_USNIFFER, tlv_data,
767 case IWM_UCODE_TLV_N_SCAN_CHANNELS:
768 if (tlv_len != sizeof(uint32_t)) {
772 sc->sc_capa_n_scan_channels =
773 le32toh(*(const uint32_t *)tlv_data);
776 case IWM_UCODE_TLV_FW_VERSION:
777 if (tlv_len != sizeof(uint32_t) * 3) {
781 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver),
783 le32toh(((const uint32_t *)tlv_data)[0]),
784 le32toh(((const uint32_t *)tlv_data)[1]),
785 le32toh(((const uint32_t *)tlv_data)[2]));
789 device_printf(sc->sc_dev,
790 "%s: unknown firmware section %d, abort\n",
796 len -= roundup(tlv_len, 4);
797 data += roundup(tlv_len, 4);
800 KASSERT(error == 0, ("unhandled error"));
804 device_printf(sc->sc_dev, "firmware parse error %d, "
805 "section type %d\n", error, tlv_type);
808 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) {
809 device_printf(sc->sc_dev,
810 "device uses unsupported power ops\n");
816 fw->fw_status = IWM_FW_STATUS_NONE;
817 if (fw->fw_fp != NULL)
818 iwm_fw_info_free(fw);
820 fw->fw_status = IWM_FW_STATUS_DONE;
827 * DMA resource routines
831 iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error)
835 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs));
836 *(bus_addr_t *)arg = segs[0].ds_addr;
840 iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma,
841 bus_size_t size, bus_size_t alignment)
850 error = bus_dma_tag_create(tag, alignment,
851 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size,
852 1, size, 0, NULL, NULL, &dma->tag);
856 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr,
857 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map);
861 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size,
862 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT);
864 bus_dmamem_free(dma->tag, dma->vaddr, dma->map);
869 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
874 iwm_dma_contig_free(dma);
880 iwm_dma_contig_free(struct iwm_dma_info *dma)
882 if (dma->vaddr != NULL) {
883 bus_dmamap_sync(dma->tag, dma->map,
884 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
885 bus_dmamap_unload(dma->tag, dma->map);
886 bus_dmamem_free(dma->tag, dma->vaddr, dma->map);
889 if (dma->tag != NULL) {
890 bus_dma_tag_destroy(dma->tag);
895 /* fwmem is used to load firmware onto the card */
897 iwm_alloc_fwmem(struct iwm_softc *sc)
899 /* Must be aligned on a 16-byte boundary. */
900 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
901 sc->sc_fwdmasegsz, 16);
904 /* tx scheduler rings. not used? */
906 iwm_alloc_sched(struct iwm_softc *sc)
908 /* TX scheduler rings must be aligned on a 1KB boundary. */
909 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
910 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
913 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
915 iwm_alloc_kw(struct iwm_softc *sc)
917 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
920 /* interrupt cause table */
922 iwm_alloc_ict(struct iwm_softc *sc)
924 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
925 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
929 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
936 /* Allocate RX descriptors (256-byte aligned). */
937 size = IWM_RX_RING_COUNT * sizeof(uint32_t);
938 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
940 device_printf(sc->sc_dev,
941 "could not allocate RX ring DMA memory\n");
944 ring->desc = ring->desc_dma.vaddr;
946 /* Allocate RX status area (16-byte aligned). */
947 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
948 sizeof(*ring->stat), 16);
950 device_printf(sc->sc_dev,
951 "could not allocate RX status DMA memory\n");
954 ring->stat = ring->stat_dma.vaddr;
956 /* Create RX buffer DMA tag. */
957 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
958 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
959 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat);
961 device_printf(sc->sc_dev,
962 "%s: could not create RX buf DMA tag, error %d\n",
967 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */
968 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map);
970 device_printf(sc->sc_dev,
971 "%s: could not create RX buf DMA map, error %d\n",
976 * Allocate and map RX buffers.
978 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
979 struct iwm_rx_data *data = &ring->data[i];
980 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
982 device_printf(sc->sc_dev,
983 "%s: could not create RX buf DMA map, error %d\n",
989 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
995 fail: iwm_free_rx_ring(sc, ring);
1000 iwm_disable_rx_dma(struct iwm_softc *sc)
1002 /* XXX conditional nic locks are stupid */
1003 /* XXX print out if we can't lock the NIC? */
1004 if (iwm_nic_lock(sc)) {
1005 /* XXX handle if RX stop doesn't finish? */
1006 (void) iwm_pcie_rx_stop(sc);
1012 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1014 /* Reset the ring state */
1018 * The hw rx ring index in shared memory must also be cleared,
1019 * otherwise the discrepancy can cause reprocessing chaos.
1021 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1025 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1029 iwm_dma_contig_free(&ring->desc_dma);
1030 iwm_dma_contig_free(&ring->stat_dma);
1032 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1033 struct iwm_rx_data *data = &ring->data[i];
1035 if (data->m != NULL) {
1036 bus_dmamap_sync(ring->data_dmat, data->map,
1037 BUS_DMASYNC_POSTREAD);
1038 bus_dmamap_unload(ring->data_dmat, data->map);
1042 if (data->map != NULL) {
1043 bus_dmamap_destroy(ring->data_dmat, data->map);
1047 if (ring->spare_map != NULL) {
1048 bus_dmamap_destroy(ring->data_dmat, ring->spare_map);
1049 ring->spare_map = NULL;
1051 if (ring->data_dmat != NULL) {
1052 bus_dma_tag_destroy(ring->data_dmat);
1053 ring->data_dmat = NULL;
1058 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
1070 /* Allocate TX descriptors (256-byte aligned). */
1071 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
1072 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1074 device_printf(sc->sc_dev,
1075 "could not allocate TX ring DMA memory\n");
1078 ring->desc = ring->desc_dma.vaddr;
1081 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
1082 * to allocate commands space for other rings.
1084 if (qid > IWM_MVM_CMD_QUEUE)
1087 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
1088 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
1090 device_printf(sc->sc_dev,
1091 "could not allocate TX cmd DMA memory\n");
1094 ring->cmd = ring->cmd_dma.vaddr;
1096 /* FW commands may require more mapped space than packets. */
1097 if (qid == IWM_MVM_CMD_QUEUE) {
1098 maxsize = IWM_RBUF_SIZE;
1102 nsegments = IWM_MAX_SCATTER - 2;
1105 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
1106 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize,
1107 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat);
1109 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
1113 paddr = ring->cmd_dma.paddr;
1114 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1115 struct iwm_tx_data *data = &ring->data[i];
1117 data->cmd_paddr = paddr;
1118 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
1119 + offsetof(struct iwm_tx_cmd, scratch);
1120 paddr += sizeof(struct iwm_device_cmd);
1122 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1124 device_printf(sc->sc_dev,
1125 "could not create TX buf DMA map\n");
1129 KASSERT(paddr == ring->cmd_dma.paddr + size,
1130 ("invalid physical address"));
1133 fail: iwm_free_tx_ring(sc, ring);
1138 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1142 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1143 struct iwm_tx_data *data = &ring->data[i];
1145 if (data->m != NULL) {
1146 bus_dmamap_sync(ring->data_dmat, data->map,
1147 BUS_DMASYNC_POSTWRITE);
1148 bus_dmamap_unload(ring->data_dmat, data->map);
1153 /* Clear TX descriptors. */
1154 memset(ring->desc, 0, ring->desc_dma.size);
1155 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1156 BUS_DMASYNC_PREWRITE);
1157 sc->qfullmsk &= ~(1 << ring->qid);
1163 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1167 iwm_dma_contig_free(&ring->desc_dma);
1168 iwm_dma_contig_free(&ring->cmd_dma);
1170 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1171 struct iwm_tx_data *data = &ring->data[i];
1173 if (data->m != NULL) {
1174 bus_dmamap_sync(ring->data_dmat, data->map,
1175 BUS_DMASYNC_POSTWRITE);
1176 bus_dmamap_unload(ring->data_dmat, data->map);
1180 if (data->map != NULL) {
1181 bus_dmamap_destroy(ring->data_dmat, data->map);
1185 if (ring->data_dmat != NULL) {
1186 bus_dma_tag_destroy(ring->data_dmat);
1187 ring->data_dmat = NULL;
1192 * High-level hardware frobbing routines
1196 iwm_enable_interrupts(struct iwm_softc *sc)
1198 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1199 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1203 iwm_restore_interrupts(struct iwm_softc *sc)
1205 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1209 iwm_disable_interrupts(struct iwm_softc *sc)
1211 /* disable interrupts */
1212 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1214 /* acknowledge all interrupts */
1215 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1216 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1220 iwm_ict_reset(struct iwm_softc *sc)
1222 iwm_disable_interrupts(sc);
1224 /* Reset ICT table. */
1225 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1228 /* Set physical address of ICT table (4KB aligned). */
1229 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1230 IWM_CSR_DRAM_INT_TBL_ENABLE
1231 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER
1232 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1233 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1235 /* Switch to ICT interrupt mode in driver. */
1236 sc->sc_flags |= IWM_FLAG_USE_ICT;
1238 /* Re-enable interrupts. */
1239 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1240 iwm_enable_interrupts(sc);
1243 /* iwlwifi pcie/trans.c */
1246 * Since this .. hard-resets things, it's time to actually
1247 * mark the first vap (if any) as having no mac context.
1248 * It's annoying, but since the driver is potentially being
1249 * stop/start'ed whilst active (thanks openbsd port!) we
1250 * have to correctly track this.
1253 iwm_stop_device(struct iwm_softc *sc)
1255 struct ieee80211com *ic = &sc->sc_ic;
1256 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1260 /* tell the device to stop sending interrupts */
1261 iwm_disable_interrupts(sc);
1264 * FreeBSD-local: mark the first vap as not-uploaded,
1265 * so the next transition through auth/assoc
1266 * will correctly populate the MAC context.
1269 struct iwm_vap *iv = IWM_VAP(vap);
1270 iv->is_uploaded = 0;
1273 /* device going down, Stop using ICT table */
1274 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1276 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1278 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1280 if (iwm_nic_lock(sc)) {
1281 /* Stop each Tx DMA channel */
1282 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1284 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1285 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl);
1288 /* Wait for DMA channels to be idle */
1289 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask,
1291 device_printf(sc->sc_dev,
1292 "Failing on timeout while stopping DMA channel: [0x%08x]\n",
1293 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG));
1297 iwm_disable_rx_dma(sc);
1300 iwm_reset_rx_ring(sc, &sc->rxq);
1302 /* Reset all TX rings. */
1303 for (qid = 0; qid < nitems(sc->txq); qid++)
1304 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1307 * Power-down device's busmaster DMA clocks
1309 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1312 /* Make sure (redundant) we've released our request to stay awake */
1313 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1314 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1316 /* Stop the device, and put it in low power state */
1319 /* Upon stop, the APM issues an interrupt if HW RF kill is set.
1320 * Clean again the interrupt here
1322 iwm_disable_interrupts(sc);
1323 /* stop and reset the on-board processor */
1324 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1327 * Even if we stop the HW, we still want the RF kill
1330 iwm_enable_rfkill_int(sc);
1331 iwm_check_rfkill(sc);
1334 /* iwlwifi: mvm/ops.c */
1336 iwm_mvm_nic_config(struct iwm_softc *sc)
1338 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1339 uint32_t reg_val = 0;
1341 radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1342 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1343 radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1344 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1345 radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1346 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1349 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1350 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1351 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1352 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1354 /* radio configuration */
1355 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1356 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1357 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1359 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val);
1361 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1362 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1363 radio_cfg_step, radio_cfg_dash);
1366 * W/A : NIC is stuck in a reset state after Early PCIe power off
1367 * (PCIe power is lost before PERST# is asserted), causing ME FW
1368 * to lose ownership and not being able to obtain it back.
1370 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1371 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1372 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1373 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1378 iwm_nic_rx_init(struct iwm_softc *sc)
1380 if (!iwm_nic_lock(sc))
1384 * Initialize RX ring. This is from the iwn driver.
1386 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1389 iwm_disable_rx_dma(sc);
1390 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1391 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1392 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1393 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1395 /* Set physical address of RX ring (256-byte aligned). */
1397 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8);
1399 /* Set physical address of RX status (16-byte aligned). */
1401 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1404 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1405 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1406 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1407 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1408 IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK |
1409 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1410 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1411 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1413 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1415 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1416 if (sc->host_interrupt_operation_mode)
1417 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1420 * Thus sayeth el jefe (iwlwifi) via a comment:
1422 * This value should initially be 0 (before preparing any
1423 * RBs), should be 8 after preparing the first 8 RBs (for example)
1425 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1433 iwm_nic_tx_init(struct iwm_softc *sc)
1437 if (!iwm_nic_lock(sc))
1440 /* Deactivate TX scheduler. */
1441 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1443 /* Set physical address of "keep warm" page (16-byte aligned). */
1444 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1446 /* Initialize TX rings. */
1447 for (qid = 0; qid < nitems(sc->txq); qid++) {
1448 struct iwm_tx_ring *txq = &sc->txq[qid];
1450 /* Set physical address of TX ring (256-byte aligned). */
1451 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1452 txq->desc_dma.paddr >> 8);
1453 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1454 "%s: loading ring %d descriptors (%p) at %lx\n",
1457 (unsigned long) (txq->desc_dma.paddr >> 8));
1460 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE);
1468 iwm_nic_init(struct iwm_softc *sc)
1473 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
1476 iwm_mvm_nic_config(sc);
1478 if ((error = iwm_nic_rx_init(sc)) != 0)
1482 * Ditto for TX, from iwn
1484 if ((error = iwm_nic_tx_init(sc)) != 0)
1487 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1488 "%s: shadow registers enabled\n", __func__);
1489 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1494 const uint8_t iwm_mvm_ac_to_tx_fifo[] = {
1502 iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo)
1504 if (!iwm_nic_lock(sc)) {
1505 device_printf(sc->sc_dev,
1506 "%s: cannot enable txq %d\n",
1512 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1514 if (qid == IWM_MVM_CMD_QUEUE) {
1515 /* unactivate before configuration */
1516 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1517 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE)
1518 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1520 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid));
1522 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1524 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1525 /* Set scheduler window size and frame limit. */
1527 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1529 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1530 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1531 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1532 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1534 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1535 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1536 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1537 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1538 IWM_SCD_QUEUE_STTS_REG_MSK);
1540 struct iwm_scd_txq_cfg_cmd cmd;
1545 memset(&cmd, 0, sizeof(cmd));
1546 cmd.scd_queue = qid;
1548 cmd.sta_id = sta_id;
1551 cmd.window = IWM_FRAME_LIMIT;
1553 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC,
1556 device_printf(sc->sc_dev,
1557 "cannot enable txq %d\n", qid);
1561 if (!iwm_nic_lock(sc))
1565 iwm_write_prph(sc, IWM_SCD_EN_CTRL,
1566 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid);
1570 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n",
1571 __func__, qid, fifo);
1577 iwm_post_alive(struct iwm_softc *sc)
1583 if (!iwm_nic_lock(sc))
1586 base = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR);
1587 if (sc->sched_base != base) {
1588 device_printf(sc->sc_dev,
1589 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n",
1590 __func__, sc->sched_base, base);
1595 /* Clear TX scheduler state in SRAM. */
1596 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1597 IWM_SCD_CONTEXT_MEM_LOWER_BOUND)
1599 error = iwm_write_mem(sc,
1600 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1605 /* Set physical address of TX scheduler rings (1KB aligned). */
1606 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1608 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1612 /* enable command channel */
1613 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7);
1617 if (!iwm_nic_lock(sc))
1620 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1622 /* Enable DMA channels. */
1623 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1624 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1625 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1626 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1629 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1630 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1632 /* Enable L1-Active */
1633 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) {
1634 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1635 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1644 * NVM read access and content parsing. We do not support
1645 * external NVM or writing NVM.
1649 /* list of NVM sections we are allowed/need to read */
1650 const int nvm_to_read[] = {
1651 IWM_NVM_SECTION_TYPE_HW,
1652 IWM_NVM_SECTION_TYPE_SW,
1653 IWM_NVM_SECTION_TYPE_REGULATORY,
1654 IWM_NVM_SECTION_TYPE_CALIBRATION,
1655 IWM_NVM_SECTION_TYPE_PRODUCTION,
1656 IWM_NVM_SECTION_TYPE_HW_8000,
1657 IWM_NVM_SECTION_TYPE_MAC_OVERRIDE,
1658 IWM_NVM_SECTION_TYPE_PHY_SKU,
1661 /* Default NVM size to read */
1662 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1663 #define IWM_MAX_NVM_SECTION_SIZE 8192
1665 #define IWM_NVM_WRITE_OPCODE 1
1666 #define IWM_NVM_READ_OPCODE 0
1668 /* load nvm chunk response */
1669 #define IWM_READ_NVM_CHUNK_SUCCEED 0
1670 #define IWM_READ_NVM_CHUNK_INVALID_ADDRESS 1
1673 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1674 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1677 struct iwm_nvm_access_cmd nvm_access_cmd = {
1678 .offset = htole16(offset),
1679 .length = htole16(length),
1680 .type = htole16(section),
1681 .op_code = IWM_NVM_READ_OPCODE,
1683 struct iwm_nvm_access_resp *nvm_resp;
1684 struct iwm_rx_packet *pkt;
1685 struct iwm_host_cmd cmd = {
1686 .id = IWM_NVM_ACCESS_CMD,
1687 .flags = IWM_CMD_SYNC | IWM_CMD_WANT_SKB |
1688 IWM_CMD_SEND_IN_RFKILL,
1689 .data = { &nvm_access_cmd, },
1691 int ret, offset_read;
1695 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1697 ret = iwm_send_cmd(sc, &cmd);
1699 device_printf(sc->sc_dev,
1700 "Could not send NVM_ACCESS command (error=%d)\n", ret);
1705 if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) {
1706 device_printf(sc->sc_dev,
1707 "Bad return from IWM_NVM_ACCES_COMMAND (0x%08X)\n",
1713 /* Extract NVM response */
1714 nvm_resp = (void *)pkt->data;
1716 ret = le16toh(nvm_resp->status);
1717 bytes_read = le16toh(nvm_resp->length);
1718 offset_read = le16toh(nvm_resp->offset);
1719 resp_data = nvm_resp->data;
1721 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1722 "NVM access command failed with status %d\n", ret);
1727 if (offset_read != offset) {
1728 device_printf(sc->sc_dev,
1729 "NVM ACCESS response with invalid offset %d\n",
1735 if (bytes_read > length) {
1736 device_printf(sc->sc_dev,
1737 "NVM ACCESS response with too much data "
1738 "(%d bytes requested, %zd bytes received)\n",
1739 length, bytes_read);
1744 memcpy(data + offset, resp_data, bytes_read);
1748 iwm_free_resp(sc, &cmd);
1753 * Reads an NVM section completely.
1754 * NICs prior to 7000 family don't have a real NVM, but just read
1755 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1756 * by uCode, we need to manually check in this case that we don't
1757 * overflow and try to read more than the EEPROM size.
1758 * For 7000 family NICs, we supply the maximal size we can read, and
1759 * the uCode fills the response with as much data as we can,
1760 * without overflowing, so no check is needed.
1763 iwm_nvm_read_section(struct iwm_softc *sc,
1764 uint16_t section, uint8_t *data, uint16_t *len, size_t max_len)
1766 uint16_t chunklen, seglen;
1769 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1770 "reading NVM section %d\n", section);
1772 chunklen = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE;
1775 /* Read NVM chunks until exhausted (reading less than requested) */
1776 while (seglen == chunklen && *len < max_len) {
1777 error = iwm_nvm_read_chunk(sc,
1778 section, *len, chunklen, data, &seglen);
1780 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1781 "Cannot read from NVM section "
1782 "%d at offset %d\n", section, *len);
1788 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1789 "NVM section %d read completed (%d bytes, error=%d)\n",
1790 section, *len, error);
1795 * BEGIN IWM_NVM_PARSE
1798 /* iwlwifi/iwl-nvm-parse.c */
1800 /* NVM offsets (in words) definitions */
1801 enum iwm_nvm_offsets {
1802 /* NVM HW-Section offset (in words) definitions */
1805 /* NVM SW-Section offset (in words) definitions */
1806 IWM_NVM_SW_SECTION = 0x1C0,
1807 IWM_NVM_VERSION = 0,
1811 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1813 /* NVM calibration section offset (in words) definitions */
1814 IWM_NVM_CALIB_SECTION = 0x2B8,
1815 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1818 enum iwm_8000_nvm_offsets {
1819 /* NVM HW-Section offset (in words) definitions */
1820 IWM_HW_ADDR0_WFPM_8000 = 0x12,
1821 IWM_HW_ADDR1_WFPM_8000 = 0x16,
1822 IWM_HW_ADDR0_PCIE_8000 = 0x8A,
1823 IWM_HW_ADDR1_PCIE_8000 = 0x8E,
1824 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1,
1826 /* NVM SW-Section offset (in words) definitions */
1827 IWM_NVM_SW_SECTION_8000 = 0x1C0,
1828 IWM_NVM_VERSION_8000 = 0,
1829 IWM_RADIO_CFG_8000 = 0,
1831 IWM_N_HW_ADDRS_8000 = 3,
1833 /* NVM REGULATORY -Section offset (in words) definitions */
1834 IWM_NVM_CHANNELS_8000 = 0,
1835 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7,
1836 IWM_NVM_LAR_OFFSET_8000 = 0x507,
1837 IWM_NVM_LAR_ENABLED_8000 = 0x7,
1839 /* NVM calibration section offset (in words) definitions */
1840 IWM_NVM_CALIB_SECTION_8000 = 0x2B8,
1841 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000
1844 /* SKU Capabilities (actual values from NVM definition) */
1846 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1847 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1848 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1849 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1852 /* radio config bits (actual values from NVM definition) */
1853 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1854 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1855 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1856 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1857 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1858 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1860 #define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF)
1861 #define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF)
1862 #define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF)
1863 #define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF)
1864 #define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF)
1865 #define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF)
1867 #define DEFAULT_MAX_TX_POWER 16
1870 * enum iwm_nvm_channel_flags - channel flags in NVM
1871 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1872 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1873 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1874 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1875 * XXX cannot find this (DFS) flag in iwl-nvm-parse.c
1876 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1877 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1878 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1879 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1880 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1882 enum iwm_nvm_channel_flags {
1883 IWM_NVM_CHANNEL_VALID = (1 << 0),
1884 IWM_NVM_CHANNEL_IBSS = (1 << 1),
1885 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
1886 IWM_NVM_CHANNEL_RADAR = (1 << 4),
1887 IWM_NVM_CHANNEL_DFS = (1 << 7),
1888 IWM_NVM_CHANNEL_WIDE = (1 << 8),
1889 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
1890 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
1891 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
1895 * Translate EEPROM flags to net80211.
1898 iwm_eeprom_channel_flags(uint16_t ch_flags)
1903 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0)
1904 nflags |= IEEE80211_CHAN_PASSIVE;
1905 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0)
1906 nflags |= IEEE80211_CHAN_NOADHOC;
1907 if (ch_flags & IWM_NVM_CHANNEL_RADAR) {
1908 nflags |= IEEE80211_CHAN_DFS;
1910 nflags |= IEEE80211_CHAN_NOADHOC;
1917 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[],
1918 int maxchans, int *nchans, int ch_idx, size_t ch_num,
1919 const uint8_t bands[])
1921 const uint16_t * const nvm_ch_flags = sc->sc_nvm.nvm_ch_flags;
1927 for (; ch_idx < ch_num; ch_idx++) {
1928 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
1929 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
1930 ieee = iwm_nvm_channels[ch_idx];
1932 ieee = iwm_nvm_channels_8000[ch_idx];
1934 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
1935 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1936 "Ch. %d Flags %x [%sGHz] - No traffic\n",
1938 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1943 nflags = iwm_eeprom_channel_flags(ch_flags);
1944 error = ieee80211_add_channel(chans, maxchans, nchans,
1945 ieee, 0, 0, nflags, bands);
1949 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1950 "Ch. %d Flags %x [%sGHz] - Added\n",
1952 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1958 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans,
1959 struct ieee80211_channel chans[])
1961 struct iwm_softc *sc = ic->ic_softc;
1962 struct iwm_nvm_data *data = &sc->sc_nvm;
1963 uint8_t bands[IEEE80211_MODE_BYTES];
1966 memset(bands, 0, sizeof(bands));
1967 /* 1-13: 11b/g channels. */
1968 setbit(bands, IEEE80211_MODE_11B);
1969 setbit(bands, IEEE80211_MODE_11G);
1970 iwm_add_channel_band(sc, chans, maxchans, nchans, 0,
1971 IWM_NUM_2GHZ_CHANNELS - 1, bands);
1973 /* 14: 11b channel only. */
1974 clrbit(bands, IEEE80211_MODE_11G);
1975 iwm_add_channel_band(sc, chans, maxchans, nchans,
1976 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands);
1978 if (data->sku_cap_band_52GHz_enable) {
1979 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
1980 ch_num = nitems(iwm_nvm_channels);
1982 ch_num = nitems(iwm_nvm_channels_8000);
1983 memset(bands, 0, sizeof(bands));
1984 setbit(bands, IEEE80211_MODE_11A);
1985 iwm_add_channel_band(sc, chans, maxchans, nchans,
1986 IWM_NUM_2GHZ_CHANNELS, ch_num, bands);
1991 iwm_set_hw_address_8000(struct iwm_softc *sc, struct iwm_nvm_data *data,
1992 const uint16_t *mac_override, const uint16_t *nvm_hw)
1994 const uint8_t *hw_addr;
1997 static const uint8_t reserved_mac[] = {
1998 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00
2001 hw_addr = (const uint8_t *)(mac_override +
2002 IWM_MAC_ADDRESS_OVERRIDE_8000);
2005 * Store the MAC address from MAO section.
2006 * No byte swapping is required in MAO section
2008 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr);
2011 * Force the use of the OTP MAC address in case of reserved MAC
2012 * address in the NVM, or if address is given but invalid.
2014 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) &&
2015 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) &&
2016 iwm_is_valid_ether_addr(data->hw_addr) &&
2017 !IEEE80211_IS_MULTICAST(data->hw_addr))
2020 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2021 "%s: mac address from nvm override section invalid\n",
2026 /* read the mac address from WFMP registers */
2027 uint32_t mac_addr0 =
2028 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0));
2029 uint32_t mac_addr1 =
2030 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1));
2032 hw_addr = (const uint8_t *)&mac_addr0;
2033 data->hw_addr[0] = hw_addr[3];
2034 data->hw_addr[1] = hw_addr[2];
2035 data->hw_addr[2] = hw_addr[1];
2036 data->hw_addr[3] = hw_addr[0];
2038 hw_addr = (const uint8_t *)&mac_addr1;
2039 data->hw_addr[4] = hw_addr[1];
2040 data->hw_addr[5] = hw_addr[0];
2045 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__);
2046 memset(data->hw_addr, 0, sizeof(data->hw_addr));
2050 iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2051 const uint16_t *phy_sku)
2053 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000)
2054 return le16_to_cpup(nvm_sw + IWM_SKU);
2056 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000));
2060 iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2062 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000)
2063 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
2065 return le32_to_cpup((const uint32_t *)(nvm_sw +
2066 IWM_NVM_VERSION_8000));
2070 iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2071 const uint16_t *phy_sku)
2073 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000)
2074 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
2076 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000));
2080 iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2084 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000)
2085 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
2087 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000));
2089 return n_hw_addr & IWM_N_HW_ADDR_MASK;
2093 iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data,
2096 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) {
2097 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
2098 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
2099 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
2100 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
2104 /* set the radio configuration for family 8000 */
2105 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg);
2106 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg);
2107 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg);
2108 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg);
2109 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg);
2110 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg);
2114 iwm_parse_nvm_data(struct iwm_softc *sc,
2115 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
2116 const uint16_t *nvm_calib, const uint16_t *mac_override,
2117 const uint16_t *phy_sku, const uint16_t *regulatory)
2119 struct iwm_nvm_data *data = &sc->sc_nvm;
2120 uint8_t hw_addr[IEEE80211_ADDR_LEN];
2121 uint32_t sku, radio_cfg;
2123 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw);
2125 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku);
2126 iwm_set_radio_cfg(sc, data, radio_cfg);
2128 sku = iwm_get_sku(sc, nvm_sw, phy_sku);
2129 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
2130 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
2131 data->sku_cap_11n_enable = 0;
2133 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw);
2135 /* The byte order is little endian 16 bit, meaning 214365 */
2136 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
2137 IEEE80211_ADDR_COPY(hw_addr, nvm_hw + IWM_HW_ADDR);
2138 data->hw_addr[0] = hw_addr[1];
2139 data->hw_addr[1] = hw_addr[0];
2140 data->hw_addr[2] = hw_addr[3];
2141 data->hw_addr[3] = hw_addr[2];
2142 data->hw_addr[4] = hw_addr[5];
2143 data->hw_addr[5] = hw_addr[4];
2145 iwm_set_hw_address_8000(sc, data, mac_override, nvm_hw);
2148 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
2149 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS],
2150 IWM_NUM_CHANNELS * sizeof(uint16_t));
2152 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000],
2153 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t));
2164 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
2166 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku;
2168 /* Checking for required sections */
2169 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
2170 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2171 !sections[IWM_NVM_SECTION_TYPE_HW].data) {
2172 device_printf(sc->sc_dev,
2173 "Can't parse empty OTP/NVM sections\n");
2177 hw = (const uint16_t *) sections[IWM_NVM_SECTION_TYPE_HW].data;
2178 } else if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
2179 /* SW and REGULATORY sections are mandatory */
2180 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2181 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) {
2182 device_printf(sc->sc_dev,
2183 "Can't parse empty OTP/NVM sections\n");
2186 /* MAC_OVERRIDE or at least HW section must exist */
2187 if (!sections[IWM_NVM_SECTION_TYPE_HW_8000].data &&
2188 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) {
2189 device_printf(sc->sc_dev,
2190 "Can't parse mac_address, empty sections\n");
2194 /* PHY_SKU section is mandatory in B0 */
2195 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) {
2196 device_printf(sc->sc_dev,
2197 "Can't parse phy_sku in B0, empty sections\n");
2201 hw = (const uint16_t *)
2202 sections[IWM_NVM_SECTION_TYPE_HW_8000].data;
2204 panic("unknown device family %d\n", sc->sc_device_family);
2207 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
2208 calib = (const uint16_t *)
2209 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
2210 regulatory = (const uint16_t *)
2211 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data;
2212 mac_override = (const uint16_t *)
2213 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data;
2214 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data;
2216 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override,
2217 phy_sku, regulatory);
2221 iwm_nvm_init(struct iwm_softc *sc)
2223 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS];
2224 int i, section, error;
2227 const size_t bufsz = IWM_MAX_NVM_SECTION_SIZE;
2229 memset(nvm_sections, 0 , sizeof(nvm_sections));
2231 buf = malloc(bufsz, M_DEVBUF, M_NOWAIT);
2235 for (i = 0; i < nitems(nvm_to_read); i++) {
2236 section = nvm_to_read[i];
2237 KASSERT(section <= nitems(nvm_sections),
2238 ("too many sections"));
2240 error = iwm_nvm_read_section(sc, section, buf, &len, bufsz);
2245 nvm_sections[section].data = malloc(len, M_DEVBUF, M_NOWAIT);
2246 if (nvm_sections[section].data == NULL) {
2250 memcpy(nvm_sections[section].data, buf, len);
2251 nvm_sections[section].length = len;
2253 free(buf, M_DEVBUF);
2255 error = iwm_parse_nvm_sections(sc, nvm_sections);
2257 for (i = 0; i < IWM_NVM_NUM_OF_SECTIONS; i++) {
2258 if (nvm_sections[i].data != NULL)
2259 free(nvm_sections[i].data, M_DEVBUF);
2266 * Firmware loading gunk. This is kind of a weird hybrid between the
2267 * iwn driver and the Linux iwlwifi driver.
2271 iwm_firmware_load_sect(struct iwm_softc *sc, uint32_t dst_addr,
2272 const uint8_t *section, uint32_t byte_cnt)
2275 uint32_t chunk_sz, offset;
2277 chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, byte_cnt);
2279 for (offset = 0; offset < byte_cnt; offset += chunk_sz) {
2281 const uint8_t *data;
2283 addr = dst_addr + offset;
2284 len = MIN(chunk_sz, byte_cnt - offset);
2285 data = section + offset;
2287 error = iwm_firmware_load_chunk(sc, addr, data, len);
2296 iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr,
2297 const uint8_t *chunk, uint32_t byte_cnt)
2299 struct iwm_dma_info *dma = &sc->fw_dma;
2302 /* Copy firmware chunk into pre-allocated DMA-safe memory. */
2303 memcpy(dma->vaddr, chunk, byte_cnt);
2304 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
2306 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2307 dst_addr <= IWM_FW_MEM_EXTENDED_END) {
2308 iwm_set_bits_prph(sc, IWM_LMPM_CHICK,
2309 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2312 sc->sc_fw_chunk_done = 0;
2314 if (!iwm_nic_lock(sc))
2317 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2318 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
2319 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
2321 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
2322 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
2323 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
2324 (iwm_get_dma_hi_addr(dma->paddr)
2325 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
2326 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
2327 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
2328 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
2329 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
2330 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2331 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
2332 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
2333 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
2337 /* wait 1s for this segment to load */
2338 while (!sc->sc_fw_chunk_done)
2339 if ((error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz)) != 0)
2342 if (!sc->sc_fw_chunk_done) {
2343 device_printf(sc->sc_dev,
2344 "fw chunk addr 0x%x len %d failed to load\n",
2345 dst_addr, byte_cnt);
2348 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2349 dst_addr <= IWM_FW_MEM_EXTENDED_END && iwm_nic_lock(sc)) {
2350 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK,
2351 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2359 iwm_load_cpu_sections_8000(struct iwm_softc *sc, struct iwm_fw_sects *fws,
2360 int cpu, int *first_ucode_section)
2363 int i, error = 0, sec_num = 0x1;
2364 uint32_t val, last_read_idx = 0;
2371 *first_ucode_section = 0;
2374 (*first_ucode_section)++;
2377 for (i = *first_ucode_section; i < IWM_UCODE_SECT_MAX; i++) {
2379 data = fws->fw_sect[i].fws_data;
2380 dlen = fws->fw_sect[i].fws_len;
2381 offset = fws->fw_sect[i].fws_devoff;
2384 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2386 * PAGING_SEPARATOR_SECTION delimiter - separate between
2387 * CPU2 non paged to CPU2 paging sec.
2389 if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2390 offset == IWM_PAGING_SEPARATOR_SECTION)
2393 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2394 "LOAD FIRMWARE chunk %d offset 0x%x len %d for cpu %d\n",
2395 i, offset, dlen, cpu);
2397 if (dlen > sc->sc_fwdmasegsz) {
2398 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2399 "chunk %d too large (%d bytes)\n", i, dlen);
2402 error = iwm_firmware_load_sect(sc, offset, data, dlen);
2405 device_printf(sc->sc_dev,
2406 "could not load firmware chunk %d (error %d)\n",
2411 /* Notify the ucode of the loaded section number and status */
2412 if (iwm_nic_lock(sc)) {
2413 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS);
2414 val = val | (sec_num << shift_param);
2415 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val);
2416 sec_num = (sec_num << 1) | 0x1;
2420 * The firmware won't load correctly without this delay.
2426 *first_ucode_section = last_read_idx;
2428 if (iwm_nic_lock(sc)) {
2430 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF);
2432 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
2440 iwm_load_firmware_8000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
2442 struct iwm_fw_sects *fws;
2444 int first_ucode_section;
2446 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "loading ucode type %d\n",
2449 fws = &sc->sc_fw.fw_sects[ucode_type];
2451 /* configure the ucode to be ready to get the secured image */
2452 /* release CPU reset */
2453 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, IWM_RELEASE_CPU_RESET_BIT);
2455 /* load to FW the binary Secured sections of CPU1 */
2456 error = iwm_load_cpu_sections_8000(sc, fws, 1, &first_ucode_section);
2460 /* load to FW the binary sections of CPU2 */
2461 return iwm_load_cpu_sections_8000(sc, fws, 2, &first_ucode_section);
2465 iwm_load_firmware_7000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
2467 struct iwm_fw_sects *fws;
2473 sc->sc_uc.uc_intr = 0;
2475 fws = &sc->sc_fw.fw_sects[ucode_type];
2476 for (i = 0; i < fws->fw_count; i++) {
2477 data = fws->fw_sect[i].fws_data;
2478 dlen = fws->fw_sect[i].fws_len;
2479 offset = fws->fw_sect[i].fws_devoff;
2480 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
2481 "LOAD FIRMWARE type %d offset %u len %d\n",
2482 ucode_type, offset, dlen);
2483 if (dlen > sc->sc_fwdmasegsz) {
2484 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
2485 "chunk %d too large (%d bytes)\n", i, dlen);
2488 error = iwm_firmware_load_sect(sc, offset, data, dlen);
2491 device_printf(sc->sc_dev,
2492 "could not load firmware chunk %u of %u "
2493 "(error=%d)\n", i, fws->fw_count, error);
2498 IWM_WRITE(sc, IWM_CSR_RESET, 0);
2504 iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
2508 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
2509 error = iwm_load_firmware_8000(sc, ucode_type);
2511 error = iwm_load_firmware_7000(sc, ucode_type);
2515 /* wait for the firmware to load */
2516 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) {
2517 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10);
2519 if (error || !sc->sc_uc.uc_ok) {
2520 device_printf(sc->sc_dev, "could not load firmware\n");
2521 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
2522 device_printf(sc->sc_dev, "cpu1 status: 0x%x\n",
2523 iwm_read_prph(sc, IWM_SB_CPU_1_STATUS));
2524 device_printf(sc->sc_dev, "cpu2 status: 0x%x\n",
2525 iwm_read_prph(sc, IWM_SB_CPU_2_STATUS));
2530 * Give the firmware some time to initialize.
2531 * Accessing it too early causes errors.
2533 msleep(&w, &sc->sc_mtx, 0, "iwmfwinit", hz);
2538 /* iwlwifi: pcie/trans.c */
2540 iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
2544 IWM_WRITE(sc, IWM_CSR_INT, ~0);
2546 if ((error = iwm_nic_init(sc)) != 0) {
2547 device_printf(sc->sc_dev, "unable to init nic\n");
2551 /* make sure rfkill handshake bits are cleared */
2552 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2553 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
2554 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
2556 /* clear (again), then enable host interrupts */
2557 IWM_WRITE(sc, IWM_CSR_INT, ~0);
2558 iwm_enable_interrupts(sc);
2560 /* really make sure rfkill handshake bits are cleared */
2561 /* maybe we should write a few times more? just to make sure */
2562 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2563 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2565 /* Load the given image to the HW */
2566 return iwm_load_firmware(sc, ucode_type);
2570 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2572 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2573 .valid = htole32(valid_tx_ant),
2576 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2577 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2580 /* iwlwifi: mvm/fw.c */
2582 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2584 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2585 enum iwm_ucode_type ucode_type = sc->sc_uc_current;
2587 /* Set parameters */
2588 phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config);
2589 phy_cfg_cmd.calib_control.event_trigger =
2590 sc->sc_default_calib[ucode_type].event_trigger;
2591 phy_cfg_cmd.calib_control.flow_trigger =
2592 sc->sc_default_calib[ucode_type].flow_trigger;
2594 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2595 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2596 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2597 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2601 iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc,
2602 enum iwm_ucode_type ucode_type)
2604 enum iwm_ucode_type old_type = sc->sc_uc_current;
2607 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) {
2608 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n",
2613 sc->sc_uc_current = ucode_type;
2614 error = iwm_start_fw(sc, ucode_type);
2616 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error);
2617 sc->sc_uc_current = old_type;
2621 error = iwm_post_alive(sc);
2623 device_printf(sc->sc_dev, "iwm_fw_alive: failed %d\n", error);
2633 * follows iwlwifi/fw.c
2636 iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm)
2640 /* do not operate with rfkill switch turned on */
2641 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2642 device_printf(sc->sc_dev,
2643 "radio is disabled by hardware switch\n");
2647 sc->sc_init_complete = 0;
2648 if ((error = iwm_mvm_load_ucode_wait_alive(sc,
2649 IWM_UCODE_TYPE_INIT)) != 0) {
2650 device_printf(sc->sc_dev, "failed to load init firmware\n");
2655 if ((error = iwm_nvm_init(sc)) != 0) {
2656 device_printf(sc->sc_dev, "failed to read nvm\n");
2659 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->sc_nvm.hw_addr);
2664 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
2665 device_printf(sc->sc_dev,
2666 "failed to send bt coex configuration: %d\n", error);
2670 /* Init Smart FIFO. */
2671 error = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF);
2675 /* Send TX valid antennas before triggering calibrations */
2676 if ((error = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc))) != 0) {
2677 device_printf(sc->sc_dev,
2678 "failed to send antennas before calibration: %d\n", error);
2683 * Send phy configurations command to init uCode
2684 * to start the 16.0 uCode init image internal calibrations.
2686 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0 ) {
2687 device_printf(sc->sc_dev,
2688 "%s: failed to run internal calibration: %d\n",
2694 * Nothing to do but wait for the init complete notification
2697 while (!sc->sc_init_complete) {
2698 error = msleep(&sc->sc_init_complete, &sc->sc_mtx,
2699 0, "iwminit", 2*hz);
2701 device_printf(sc->sc_dev, "init complete failed: %d\n",
2702 sc->sc_init_complete);
2707 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "init %scomplete\n",
2708 sc->sc_init_complete ? "" : "not ");
2717 /* (re)stock rx ring, called at init-time and at runtime */
2719 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
2721 struct iwm_rx_ring *ring = &sc->rxq;
2722 struct iwm_rx_data *data = &ring->data[idx];
2724 bus_dmamap_t dmamap = NULL;
2725 bus_dma_segment_t seg;
2728 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
2732 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
2733 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m,
2734 &seg, &nsegs, BUS_DMA_NOWAIT);
2736 device_printf(sc->sc_dev,
2737 "%s: can't map mbuf, error %d\n", __func__, error);
2741 if (data->m != NULL)
2742 bus_dmamap_unload(ring->data_dmat, data->map);
2744 /* Swap ring->spare_map with data->map */
2746 data->map = ring->spare_map;
2747 ring->spare_map = dmamap;
2749 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
2752 /* Update RX descriptor. */
2753 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned"));
2754 ring->desc[idx] = htole32(seg.ds_addr >> 8);
2755 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2756 BUS_DMASYNC_PREWRITE);
2764 /* iwlwifi: mvm/rx.c */
2765 #define IWM_RSSI_OFFSET 50
2767 iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
2769 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm;
2770 uint32_t agc_a, agc_b;
2773 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]);
2774 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS;
2775 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS;
2777 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]);
2778 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS;
2779 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS;
2782 * dBm = rssi dB - agc dB - constant.
2783 * Higher AGC (higher radio gain) means lower signal.
2785 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a;
2786 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b;
2787 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm);
2789 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2790 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n",
2791 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b);
2793 return max_rssi_dbm;
2796 /* iwlwifi: mvm/rx.c */
2798 * iwm_mvm_get_signal_strength - use new rx PHY INFO API
2799 * values are reported by the fw as positive values - need to negate
2800 * to obtain their dBM. Account for missing antennas by replacing 0
2801 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
2804 iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
2806 int energy_a, energy_b, energy_c, max_energy;
2809 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
2810 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
2811 IWM_RX_INFO_ENERGY_ANT_A_POS;
2812 energy_a = energy_a ? -energy_a : -256;
2813 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
2814 IWM_RX_INFO_ENERGY_ANT_B_POS;
2815 energy_b = energy_b ? -energy_b : -256;
2816 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
2817 IWM_RX_INFO_ENERGY_ANT_C_POS;
2818 energy_c = energy_c ? -energy_c : -256;
2819 max_energy = MAX(energy_a, energy_b);
2820 max_energy = MAX(max_energy, energy_c);
2822 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2823 "energy In A %d B %d C %d , and max %d\n",
2824 energy_a, energy_b, energy_c, max_energy);
2830 iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc,
2831 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2833 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
2835 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
2836 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2838 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
2842 * Retrieve the average noise (in dBm) among receivers.
2845 iwm_get_noise(struct iwm_softc *sc,
2846 const struct iwm_mvm_statistics_rx_non_phy *stats)
2848 int i, total, nbant, noise;
2850 total = nbant = noise = 0;
2851 for (i = 0; i < 3; i++) {
2852 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
2853 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n",
2864 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n",
2865 __func__, nbant, total);
2867 /* There should be at least one antenna but check anyway. */
2868 return (nbant == 0) ? -127 : (total / nbant) - 107;
2870 /* For now, just hard-code it to -96 to be safe */
2876 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
2878 * Handles the actual data of the Rx packet from the fw
2881 iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc,
2882 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2884 struct ieee80211com *ic = &sc->sc_ic;
2885 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2886 struct ieee80211_frame *wh;
2887 struct ieee80211_node *ni;
2888 struct ieee80211_rx_stats rxs;
2890 struct iwm_rx_phy_info *phy_info;
2891 struct iwm_rx_mpdu_res_start *rx_res;
2893 uint32_t rx_pkt_status;
2896 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2898 phy_info = &sc->sc_last_phy_info;
2899 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
2900 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
2901 len = le16toh(rx_res->byte_count);
2902 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
2905 m->m_data = pkt->data + sizeof(*rx_res);
2906 m->m_pkthdr.len = m->m_len = len;
2908 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
2909 device_printf(sc->sc_dev,
2910 "dsp size out of range [0,20]: %d\n",
2911 phy_info->cfg_phy_cnt);
2915 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
2916 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
2917 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2918 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
2922 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) {
2923 rssi = iwm_mvm_get_signal_strength(sc, phy_info);
2925 rssi = iwm_mvm_calc_rssi(sc, phy_info);
2928 /* Note: RSSI is absolute (ie a -ve value) */
2929 if (rssi < IWM_MIN_DBM)
2931 else if (rssi > IWM_MAX_DBM)
2934 /* Map it to relative value */
2935 rssi = rssi - sc->sc_noise;
2937 /* replenish ring for the buffer we're going to feed to the sharks */
2938 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
2939 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
2944 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2945 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise);
2947 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
2949 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2950 "%s: phy_info: channel=%d, flags=0x%08x\n",
2952 le16toh(phy_info->channel),
2953 le16toh(phy_info->phy_flags));
2956 * Populate an RX state struct with the provided information.
2958 bzero(&rxs, sizeof(rxs));
2959 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
2960 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
2961 rxs.c_ieee = le16toh(phy_info->channel);
2962 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
2963 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
2965 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
2968 /* rssi is in 1/2db units */
2969 rxs.rssi = rssi * 2;
2970 rxs.nf = sc->sc_noise;
2972 if (ieee80211_radiotap_active_vap(vap)) {
2973 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
2976 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
2977 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2978 tap->wr_chan_freq = htole16(rxs.c_freq);
2979 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
2980 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2981 tap->wr_dbm_antsignal = (int8_t)rssi;
2982 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
2983 tap->wr_tsft = phy_info->system_timestamp;
2984 switch (phy_info->rate) {
2986 case 10: tap->wr_rate = 2; break;
2987 case 20: tap->wr_rate = 4; break;
2988 case 55: tap->wr_rate = 11; break;
2989 case 110: tap->wr_rate = 22; break;
2991 case 0xd: tap->wr_rate = 12; break;
2992 case 0xf: tap->wr_rate = 18; break;
2993 case 0x5: tap->wr_rate = 24; break;
2994 case 0x7: tap->wr_rate = 36; break;
2995 case 0x9: tap->wr_rate = 48; break;
2996 case 0xb: tap->wr_rate = 72; break;
2997 case 0x1: tap->wr_rate = 96; break;
2998 case 0x3: tap->wr_rate = 108; break;
2999 /* Unknown rate: should not happen. */
3000 default: tap->wr_rate = 0;
3006 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
3007 ieee80211_input_mimo(ni, m, &rxs);
3008 ieee80211_free_node(ni);
3010 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
3011 ieee80211_input_mimo_all(ic, m, &rxs);
3017 iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
3018 struct iwm_node *in)
3020 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data;
3021 struct ieee80211_node *ni = &in->in_ni;
3022 struct ieee80211vap *vap = ni->ni_vap;
3023 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
3024 int failack = tx_resp->failure_frame;
3026 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
3028 /* Update rate control statistics. */
3029 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n",
3031 (int) le16toh(tx_resp->status.status),
3032 (int) le16toh(tx_resp->status.sequence),
3033 tx_resp->frame_count,
3034 tx_resp->bt_kill_count,
3035 tx_resp->failure_rts,
3036 tx_resp->failure_frame,
3037 le32toh(tx_resp->initial_rate),
3038 (int) le16toh(tx_resp->wireless_media_time));
3040 if (status != IWM_TX_STATUS_SUCCESS &&
3041 status != IWM_TX_STATUS_DIRECT_DONE) {
3042 ieee80211_ratectl_tx_complete(vap, ni,
3043 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL);
3046 ieee80211_ratectl_tx_complete(vap, ni,
3047 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL);
3053 iwm_mvm_rx_tx_cmd(struct iwm_softc *sc,
3054 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
3056 struct iwm_cmd_header *cmd_hdr = &pkt->hdr;
3057 int idx = cmd_hdr->idx;
3058 int qid = cmd_hdr->qid;
3059 struct iwm_tx_ring *ring = &sc->txq[qid];
3060 struct iwm_tx_data *txd = &ring->data[idx];
3061 struct iwm_node *in = txd->in;
3062 struct mbuf *m = txd->m;
3065 KASSERT(txd->done == 0, ("txd not done"));
3066 KASSERT(txd->in != NULL, ("txd without node"));
3067 KASSERT(txd->m != NULL, ("txd without mbuf"));
3069 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3071 sc->sc_tx_timer = 0;
3073 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in);
3075 /* Unmap and free mbuf. */
3076 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
3077 bus_dmamap_unload(ring->data_dmat, txd->map);
3079 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3080 "free txd %p, in %p\n", txd, txd->in);
3085 ieee80211_tx_complete(&in->in_ni, m, status);
3087 if (--ring->queued < IWM_TX_RING_LOMARK) {
3088 sc->qfullmsk &= ~(1 << ring->qid);
3089 if (sc->qfullmsk == 0) {
3091 * Well, we're in interrupt context, but then again
3092 * I guess net80211 does all sorts of stunts in
3093 * interrupt context, so maybe this is no biggie.
3105 * Process a "command done" firmware notification. This is where we wakeup
3106 * processes waiting for a synchronous command completion.
3110 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3112 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE];
3113 struct iwm_tx_data *data;
3115 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) {
3116 return; /* Not a command ack. */
3119 /* XXX wide commands? */
3120 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
3121 "cmd notification type 0x%x qid %d idx %d\n",
3122 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx);
3124 data = &ring->data[pkt->hdr.idx];
3126 /* If the command was mapped in an mbuf, free it. */
3127 if (data->m != NULL) {
3128 bus_dmamap_sync(ring->data_dmat, data->map,
3129 BUS_DMASYNC_POSTWRITE);
3130 bus_dmamap_unload(ring->data_dmat, data->map);
3134 wakeup(&ring->desc[pkt->hdr.idx]);
3139 * necessary only for block ack mode
3142 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
3145 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
3148 scd_bc_tbl = sc->sched_dma.vaddr;
3150 len += 8; /* magic numbers came naturally from paris */
3151 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE)
3152 len = roundup(len, 4) / 4;
3154 w_val = htole16(sta_id << 12 | len);
3156 /* Update TX scheduler. */
3157 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
3158 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3159 BUS_DMASYNC_PREWRITE);
3161 /* I really wonder what this is ?!? */
3162 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
3163 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
3164 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3165 BUS_DMASYNC_PREWRITE);
3171 * Take an 802.11 (non-n) rate, find the relevant rate
3172 * table entry. return the index into in_ridx[].
3174 * The caller then uses that index back into in_ridx
3175 * to figure out the rate index programmed /into/
3176 * the firmware for this given node.
3179 iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in,
3185 for (i = 0; i < nitems(in->in_ridx); i++) {
3186 r = iwm_rates[in->in_ridx[i]].rate;
3190 /* XXX Return the first */
3191 /* XXX TODO: have it return the /lowest/ */
3196 * Fill in the rate related information for a transmit command.
3198 static const struct iwm_rate *
3199 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
3200 struct mbuf *m, struct iwm_tx_cmd *tx)
3202 struct ieee80211_node *ni = &in->in_ni;
3203 struct ieee80211_frame *wh;
3204 const struct ieee80211_txparam *tp = ni->ni_txparms;
3205 const struct iwm_rate *rinfo;
3207 int ridx, rate_flags, i;
3209 wh = mtod(m, struct ieee80211_frame *);
3210 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3212 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
3213 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
3215 if (type == IEEE80211_FC0_TYPE_MGT) {
3216 i = iwm_tx_rateidx_lookup(sc, in, tp->mgmtrate);
3217 ridx = in->in_ridx[i];
3218 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3219 i = iwm_tx_rateidx_lookup(sc, in, tp->mcastrate);
3220 ridx = in->in_ridx[i];
3221 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
3222 i = iwm_tx_rateidx_lookup(sc, in, tp->ucastrate);
3223 ridx = in->in_ridx[i];
3224 } else if (m->m_flags & M_EAPOL) {
3225 i = iwm_tx_rateidx_lookup(sc, in, tp->mgmtrate);
3226 ridx = in->in_ridx[i];
3228 /* for data frames, use RS table */
3229 /* XXX pass pktlen */
3230 (void) ieee80211_ratectl_rate(ni, NULL, 0);
3231 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate);
3232 ridx = in->in_ridx[i];
3234 /* This is the index into the programmed table */
3235 tx->initial_rate_index = i;
3236 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
3237 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3238 "%s: start with i=%d, txrate %d\n",
3239 __func__, i, iwm_rates[ridx].rate);
3242 rinfo = &iwm_rates[ridx];
3244 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
3247 !! (IWM_RIDX_IS_CCK(ridx))
3250 /* XXX TODO: hard-coded TX antenna? */
3251 rate_flags = 1 << IWM_RATE_MCS_ANT_POS;
3252 if (IWM_RIDX_IS_CCK(ridx))
3253 rate_flags |= IWM_RATE_MCS_CCK_MSK;
3254 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
3261 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
3263 struct ieee80211com *ic = &sc->sc_ic;
3264 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3265 struct iwm_node *in = IWM_NODE(ni);
3266 struct iwm_tx_ring *ring;
3267 struct iwm_tx_data *data;
3268 struct iwm_tfd *desc;
3269 struct iwm_device_cmd *cmd;
3270 struct iwm_tx_cmd *tx;
3271 struct ieee80211_frame *wh;
3272 struct ieee80211_key *k = NULL;
3274 const struct iwm_rate *rinfo;
3277 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
3280 int i, totlen, error, pad;
3282 wh = mtod(m, struct ieee80211_frame *);
3283 hdrlen = ieee80211_anyhdrsize(wh);
3284 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3286 ring = &sc->txq[ac];
3287 desc = &ring->desc[ring->cur];
3288 memset(desc, 0, sizeof(*desc));
3289 data = &ring->data[ring->cur];
3291 /* Fill out iwm_tx_cmd to send to the firmware */
3292 cmd = &ring->cmd[ring->cur];
3293 cmd->hdr.code = IWM_TX_CMD;
3295 cmd->hdr.qid = ring->qid;
3296 cmd->hdr.idx = ring->cur;
3298 tx = (void *)cmd->data;
3299 memset(tx, 0, sizeof(*tx));
3301 rinfo = iwm_tx_fill_cmd(sc, in, m, tx);
3303 /* Encrypt the frame if need be. */
3304 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
3305 /* Retrieve key for TX && do software encryption. */
3306 k = ieee80211_crypto_encap(ni, m);
3311 /* 802.11 header may have moved. */
3312 wh = mtod(m, struct ieee80211_frame *);
3315 if (ieee80211_radiotap_active_vap(vap)) {
3316 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
3319 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
3320 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
3321 tap->wt_rate = rinfo->rate;
3323 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
3324 ieee80211_radiotap_tx(vap, m);
3328 totlen = m->m_pkthdr.len;
3331 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3332 flags |= IWM_TX_CMD_FLG_ACK;
3335 if (type == IEEE80211_FC0_TYPE_DATA
3336 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold)
3337 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3338 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
3341 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3342 type != IEEE80211_FC0_TYPE_DATA)
3343 tx->sta_id = sc->sc_aux_sta.sta_id;
3345 tx->sta_id = IWM_STATION_ID;
3347 if (type == IEEE80211_FC0_TYPE_MGT) {
3348 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3350 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3351 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
3352 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC);
3353 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) {
3354 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3356 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT);
3359 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3363 /* First segment length must be a multiple of 4. */
3364 flags |= IWM_TX_CMD_FLG_MH_PAD;
3365 pad = 4 - (hdrlen & 3);
3369 tx->driver_txop = 0;
3370 tx->next_frame_len = 0;
3372 tx->len = htole16(totlen);
3373 tx->tid_tspec = tid;
3374 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
3376 /* Set physical address of "scratch area". */
3377 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
3378 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
3380 /* Copy 802.11 header in TX command. */
3381 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen);
3383 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
3386 tx->tx_flags |= htole32(flags);
3388 /* Trim 802.11 header. */
3390 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3391 segs, &nsegs, BUS_DMA_NOWAIT);
3393 if (error != EFBIG) {
3394 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3399 /* Too many DMA segments, linearize mbuf. */
3400 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2);
3402 device_printf(sc->sc_dev,
3403 "%s: could not defrag mbuf\n", __func__);
3409 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3410 segs, &nsegs, BUS_DMA_NOWAIT);
3412 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3422 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3423 "sending txd %p, in %p\n", data, data->in);
3424 KASSERT(data->in != NULL, ("node is NULL"));
3426 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3427 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n",
3428 ring->qid, ring->cur, totlen, nsegs,
3429 le32toh(tx->tx_flags),
3430 le32toh(tx->rate_n_flags),
3431 tx->initial_rate_index
3434 /* Fill TX descriptor. */
3435 desc->num_tbs = 2 + nsegs;
3437 desc->tbs[0].lo = htole32(data->cmd_paddr);
3438 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3440 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
3441 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3442 ((sizeof(struct iwm_cmd_header) + sizeof(*tx)
3443 + hdrlen + pad - TB0_SIZE) << 4);
3445 /* Other DMA segments are for data payload. */
3446 for (i = 0; i < nsegs; i++) {
3448 desc->tbs[i+2].lo = htole32(seg->ds_addr);
3449 desc->tbs[i+2].hi_n_len = \
3450 htole16(iwm_get_dma_hi_addr(seg->ds_addr))
3451 | ((seg->ds_len) << 4);
3454 bus_dmamap_sync(ring->data_dmat, data->map,
3455 BUS_DMASYNC_PREWRITE);
3456 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
3457 BUS_DMASYNC_PREWRITE);
3458 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3459 BUS_DMASYNC_PREWRITE);
3462 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
3466 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
3467 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3469 /* Mark TX ring as full if we reach a certain threshold. */
3470 if (++ring->queued > IWM_TX_RING_HIMARK) {
3471 sc->qfullmsk |= 1 << ring->qid;
3478 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3479 const struct ieee80211_bpf_params *params)
3481 struct ieee80211com *ic = ni->ni_ic;
3482 struct iwm_softc *sc = ic->ic_softc;
3485 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3486 "->%s begin\n", __func__);
3488 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
3490 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3491 "<-%s not RUNNING\n", __func__);
3497 if (params == NULL) {
3498 error = iwm_tx(sc, m, ni, 0);
3500 error = iwm_tx(sc, m, ni, 0);
3502 sc->sc_tx_timer = 5;
3513 * Note that there are transports that buffer frames before they reach
3514 * the firmware. This means that after flush_tx_path is called, the
3515 * queue might not be empty. The race-free way to handle this is to:
3516 * 1) set the station as draining
3517 * 2) flush the Tx path
3518 * 3) wait for the transport queues to be empty
3521 iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags)
3524 struct iwm_tx_path_flush_cmd flush_cmd = {
3525 .queues_ctl = htole32(tfd_msk),
3526 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
3529 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags,
3530 sizeof(flush_cmd), &flush_cmd);
3532 device_printf(sc->sc_dev,
3533 "Flushing tx queue failed: %d\n", ret);
3542 iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc,
3543 struct iwm_mvm_add_sta_cmd_v7 *cmd, int *status)
3545 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(*cmd),
3549 /* send station add/update command to firmware */
3551 iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update)
3553 struct iwm_mvm_add_sta_cmd_v7 add_sta_cmd;
3557 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd));
3559 add_sta_cmd.sta_id = IWM_STATION_ID;
3560 add_sta_cmd.mac_id_n_color
3561 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID,
3562 IWM_DEFAULT_COLOR));
3565 for (ac = 0; ac < WME_NUM_AC; ac++) {
3566 add_sta_cmd.tfd_queue_msk |=
3567 htole32(1 << iwm_mvm_ac_to_tx_fifo[ac]);
3569 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid);
3571 add_sta_cmd.add_modify = update ? 1 : 0;
3572 add_sta_cmd.station_flags_msk
3573 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK);
3574 add_sta_cmd.tid_disable_tx = htole16(0xffff);
3576 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX);
3578 status = IWM_ADD_STA_SUCCESS;
3579 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status);
3584 case IWM_ADD_STA_SUCCESS:
3588 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n");
3596 iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in)
3598 return iwm_mvm_sta_send_to_fw(sc, in, 0);
3602 iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in)
3604 return iwm_mvm_sta_send_to_fw(sc, in, 1);
3608 iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta,
3609 const uint8_t *addr, uint16_t mac_id, uint16_t color)
3611 struct iwm_mvm_add_sta_cmd_v7 cmd;
3615 memset(&cmd, 0, sizeof(cmd));
3616 cmd.sta_id = sta->sta_id;
3617 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color));
3619 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk);
3620 cmd.tid_disable_tx = htole16(0xffff);
3623 IEEE80211_ADDR_COPY(cmd.addr, addr);
3625 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status);
3630 case IWM_ADD_STA_SUCCESS:
3631 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
3632 "%s: Internal station added.\n", __func__);
3635 device_printf(sc->sc_dev,
3636 "%s: Add internal station failed, status=0x%x\n",
3645 iwm_mvm_add_aux_sta(struct iwm_softc *sc)
3649 sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID;
3650 sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_MVM_AUX_QUEUE);
3652 ret = iwm_enable_txq(sc, 0, IWM_MVM_AUX_QUEUE, IWM_MVM_TX_FIFO_MCAST);
3656 ret = iwm_mvm_add_int_sta_common(sc,
3657 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0);
3660 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta));
3673 iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in)
3675 struct iwm_time_quota_cmd cmd;
3676 int i, idx, ret, num_active_macs, quota, quota_rem;
3677 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
3678 int n_ifs[IWM_MAX_BINDINGS] = {0, };
3681 memset(&cmd, 0, sizeof(cmd));
3683 /* currently, PHY ID == binding ID */
3685 id = in->in_phyctxt->id;
3686 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
3687 colors[id] = in->in_phyctxt->color;
3694 * The FW's scheduling session consists of
3695 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments
3696 * equally between all the bindings that require quota
3698 num_active_macs = 0;
3699 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
3700 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
3701 num_active_macs += n_ifs[i];
3706 if (num_active_macs) {
3707 quota = IWM_MVM_MAX_QUOTA / num_active_macs;
3708 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs;
3711 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
3715 cmd.quotas[idx].id_and_color =
3716 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
3718 if (n_ifs[i] <= 0) {
3719 cmd.quotas[idx].quota = htole32(0);
3720 cmd.quotas[idx].max_duration = htole32(0);
3722 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
3723 cmd.quotas[idx].max_duration = htole32(0);
3728 /* Give the remainder of the session to the first binding */
3729 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
3731 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
3734 device_printf(sc->sc_dev,
3735 "%s: Failed to send quota: %d\n", __func__, ret);
3744 * ieee80211 routines
3748 * Change to AUTH state in 80211 state machine. Roughly matches what
3749 * Linux does in bss_info_changed().
3752 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
3754 struct ieee80211_node *ni;
3755 struct iwm_node *in;
3756 struct iwm_vap *iv = IWM_VAP(vap);
3761 * XXX i have a feeling that the vap node is being
3762 * freed from underneath us. Grr.
3764 ni = ieee80211_ref_node(vap->iv_bss);
3766 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
3767 "%s: called; vap=%p, bss ni=%p\n",
3774 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON);
3778 error = iwm_allow_mcast(vap, sc);
3780 device_printf(sc->sc_dev,
3781 "%s: failed to set multicast\n", __func__);
3786 * This is where it deviates from what Linux does.
3788 * Linux iwlwifi doesn't reset the nic each time, nor does it
3789 * call ctxt_add() here. Instead, it adds it during vap creation,
3790 * and always does a mac_ctx_changed().
3792 * The openbsd port doesn't attempt to do that - it reset things
3793 * at odd states and does the add here.
3795 * So, until the state handling is fixed (ie, we never reset
3796 * the NIC except for a firmware failure, which should drag
3797 * the NIC back to IDLE, re-setup and re-add all the mac/phy
3798 * contexts that are required), let's do a dirty hack here.
3800 if (iv->is_uploaded) {
3801 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
3802 device_printf(sc->sc_dev,
3803 "%s: failed to update MAC\n", __func__);
3806 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
3807 in->in_ni.ni_chan, 1, 1)) != 0) {
3808 device_printf(sc->sc_dev,
3809 "%s: failed update phy ctxt\n", __func__);
3812 in->in_phyctxt = &sc->sc_phyctxt[0];
3814 if ((error = iwm_mvm_binding_update(sc, in)) != 0) {
3815 device_printf(sc->sc_dev,
3816 "%s: binding update cmd\n", __func__);
3819 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
3820 device_printf(sc->sc_dev,
3821 "%s: failed to update sta\n", __func__);
3825 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) {
3826 device_printf(sc->sc_dev,
3827 "%s: failed to add MAC\n", __func__);
3830 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
3831 in->in_ni.ni_chan, 1, 1)) != 0) {
3832 device_printf(sc->sc_dev,
3833 "%s: failed add phy ctxt!\n", __func__);
3837 in->in_phyctxt = &sc->sc_phyctxt[0];
3839 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) {
3840 device_printf(sc->sc_dev,
3841 "%s: binding add cmd\n", __func__);
3844 if ((error = iwm_mvm_add_sta(sc, in)) != 0) {
3845 device_printf(sc->sc_dev,
3846 "%s: failed to add sta\n", __func__);
3852 * Prevent the FW from wandering off channel during association
3853 * by "protecting" the session with a time event.
3855 /* XXX duration is in units of TU, not MS */
3856 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS;
3857 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */);
3862 ieee80211_free_node(ni);
3867 iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc)
3869 struct iwm_node *in = IWM_NODE(vap->iv_bss);
3872 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
3873 device_printf(sc->sc_dev,
3874 "%s: failed to update STA\n", __func__);
3879 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
3880 device_printf(sc->sc_dev,
3881 "%s: failed to update MAC\n", __func__);
3889 iwm_release(struct iwm_softc *sc, struct iwm_node *in)
3894 * Ok, so *technically* the proper set of calls for going
3895 * from RUN back to SCAN is:
3897 * iwm_mvm_power_mac_disable(sc, in);
3898 * iwm_mvm_mac_ctxt_changed(sc, in);
3899 * iwm_mvm_rm_sta(sc, in);
3900 * iwm_mvm_update_quotas(sc, NULL);
3901 * iwm_mvm_mac_ctxt_changed(sc, in);
3902 * iwm_mvm_binding_remove_vif(sc, in);
3903 * iwm_mvm_mac_ctxt_remove(sc, in);
3905 * However, that freezes the device not matter which permutations
3906 * and modifications are attempted. Obviously, this driver is missing
3907 * something since it works in the Linux driver, but figuring out what
3908 * is missing is a little more complicated. Now, since we're going
3909 * back to nothing anyway, we'll just do a complete device reset.
3910 * Up your's, device!
3913 * Just using 0xf for the queues mask is fine as long as we only
3914 * get here from RUN state.
3917 mbufq_drain(&sc->sc_snd);
3918 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC);
3920 * We seem to get away with just synchronously sending the
3921 * IWM_TXPATH_FLUSH command.
3923 // iwm_trans_wait_tx_queue_empty(sc, tfd_msk);
3924 iwm_stop_device(sc);
3933 iwm_mvm_power_mac_disable(sc, in);
3935 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
3936 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error);
3940 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) {
3941 device_printf(sc->sc_dev, "sta remove fail %d\n", error);
3944 error = iwm_mvm_rm_sta(sc, in);
3946 iwm_mvm_update_quotas(sc, NULL);
3947 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
3948 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error);
3951 iwm_mvm_binding_remove_vif(sc, in);
3953 iwm_mvm_mac_ctxt_remove(sc, in);
3959 static struct ieee80211_node *
3960 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
3962 return malloc(sizeof (struct iwm_node), M_80211_NODE,
3967 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in)
3969 struct ieee80211_node *ni = &in->in_ni;
3970 struct iwm_lq_cmd *lq = &in->in_lq;
3971 int nrates = ni->ni_rates.rs_nrates;
3972 int i, ridx, tab = 0;
3975 if (nrates > nitems(lq->rs_table)) {
3976 device_printf(sc->sc_dev,
3977 "%s: node supports %d rates, driver handles "
3978 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
3982 device_printf(sc->sc_dev,
3983 "%s: node supports 0 rates, odd!\n", __func__);
3988 * XXX .. and most of iwm_node is not initialised explicitly;
3989 * it's all just 0x0 passed to the firmware.
3992 /* first figure out which rates we should support */
3993 /* XXX TODO: this isn't 11n aware /at all/ */
3994 memset(&in->in_ridx, -1, sizeof(in->in_ridx));
3995 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3996 "%s: nrates=%d\n", __func__, nrates);
3999 * Loop over nrates and populate in_ridx from the highest
4000 * rate to the lowest rate. Remember, in_ridx[] has
4001 * IEEE80211_RATE_MAXSIZE entries!
4003 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) {
4004 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL;
4006 /* Map 802.11 rate to HW rate index. */
4007 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++)
4008 if (iwm_rates[ridx].rate == rate)
4010 if (ridx > IWM_RIDX_MAX) {
4011 device_printf(sc->sc_dev,
4012 "%s: WARNING: device rate for %d not found!\n",
4015 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4016 "%s: rate: i: %d, rate=%d, ridx=%d\n",
4021 in->in_ridx[i] = ridx;
4025 /* then construct a lq_cmd based on those */
4026 memset(lq, 0, sizeof(*lq));
4027 lq->sta_id = IWM_STATION_ID;
4029 /* For HT, always enable RTS/CTS to avoid excessive retries. */
4030 if (ni->ni_flags & IEEE80211_NODE_HT)
4031 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK;
4034 * are these used? (we don't do SISO or MIMO)
4035 * need to set them to non-zero, though, or we get an error.
4037 lq->single_stream_ant_msk = 1;
4038 lq->dual_stream_ant_msk = 1;
4041 * Build the actual rate selection table.
4042 * The lowest bits are the rates. Additionally,
4043 * CCK needs bit 9 to be set. The rest of the bits
4044 * we add to the table select the tx antenna
4045 * Note that we add the rates in the highest rate first
4046 * (opposite of ni_rates).
4049 * XXX TODO: this should be looping over the min of nrates
4050 * and LQ_MAX_RETRY_NUM. Sigh.
4052 for (i = 0; i < nrates; i++) {
4056 txant = iwm_fw_valid_tx_ant(sc);
4057 nextant = 1<<(ffs(txant)-1);
4061 * Map the rate id into a rate index into
4062 * our hardware table containing the
4063 * configuration to use for this rate.
4065 ridx = in->in_ridx[i];
4066 tab = iwm_rates[ridx].plcp;
4067 tab |= nextant << IWM_RATE_MCS_ANT_POS;
4068 if (IWM_RIDX_IS_CCK(ridx))
4069 tab |= IWM_RATE_MCS_CCK_MSK;
4070 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4071 "station rate i=%d, rate=%d, hw=%x\n",
4072 i, iwm_rates[ridx].rate, tab);
4073 lq->rs_table[i] = htole32(tab);
4075 /* then fill the rest with the lowest possible rate */
4076 for (i = nrates; i < nitems(lq->rs_table); i++) {
4077 KASSERT(tab != 0, ("invalid tab"));
4078 lq->rs_table[i] = htole32(tab);
4083 iwm_media_change(struct ifnet *ifp)
4085 struct ieee80211vap *vap = ifp->if_softc;
4086 struct ieee80211com *ic = vap->iv_ic;
4087 struct iwm_softc *sc = ic->ic_softc;
4090 error = ieee80211_media_change(ifp);
4091 if (error != ENETRESET)
4095 if (ic->ic_nrunning > 0) {
4105 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
4107 struct iwm_vap *ivp = IWM_VAP(vap);
4108 struct ieee80211com *ic = vap->iv_ic;
4109 struct iwm_softc *sc = ic->ic_softc;
4110 struct iwm_node *in;
4113 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4114 "switching state %s -> %s\n",
4115 ieee80211_state_name[vap->iv_state],
4116 ieee80211_state_name[nstate]);
4117 IEEE80211_UNLOCK(ic);
4120 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state)
4121 iwm_led_blink_stop(sc);
4123 /* disable beacon filtering if we're hopping out of RUN */
4124 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) {
4125 iwm_mvm_disable_beacon_filter(sc);
4127 if (((in = IWM_NODE(vap->iv_bss)) != NULL))
4130 if (nstate == IEEE80211_S_INIT) {
4133 error = ivp->iv_newstate(vap, nstate, arg);
4134 IEEE80211_UNLOCK(ic);
4136 iwm_release(sc, NULL);
4143 * It's impossible to directly go RUN->SCAN. If we iwm_release()
4144 * above then the card will be completely reinitialized,
4145 * so the driver must do everything necessary to bring the card
4146 * from INIT to SCAN.
4148 * Additionally, upon receiving deauth frame from AP,
4149 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH
4150 * state. This will also fail with this driver, so bring the FSM
4151 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well.
4153 * XXX TODO: fix this for FreeBSD!
4155 if (nstate == IEEE80211_S_SCAN ||
4156 nstate == IEEE80211_S_AUTH ||
4157 nstate == IEEE80211_S_ASSOC) {
4158 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4159 "Force transition to INIT; MGT=%d\n", arg);
4162 /* Always pass arg as -1 since we can't Tx right now. */
4164 * XXX arg is just ignored anyway when transitioning
4165 * to IEEE80211_S_INIT.
4167 vap->iv_newstate(vap, IEEE80211_S_INIT, -1);
4168 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4169 "Going INIT->SCAN\n");
4170 nstate = IEEE80211_S_SCAN;
4171 IEEE80211_UNLOCK(ic);
4177 case IEEE80211_S_INIT:
4180 case IEEE80211_S_AUTH:
4181 if ((error = iwm_auth(vap, sc)) != 0) {
4182 device_printf(sc->sc_dev,
4183 "%s: could not move to auth state: %d\n",
4189 case IEEE80211_S_ASSOC:
4190 if ((error = iwm_assoc(vap, sc)) != 0) {
4191 device_printf(sc->sc_dev,
4192 "%s: failed to associate: %d\n", __func__,
4198 case IEEE80211_S_RUN:
4200 struct iwm_host_cmd cmd = {
4202 .len = { sizeof(in->in_lq), },
4203 .flags = IWM_CMD_SYNC,
4206 /* Update the association state, now we have it all */
4207 /* (eg associd comes in at this point */
4208 error = iwm_assoc(vap, sc);
4210 device_printf(sc->sc_dev,
4211 "%s: failed to update association state: %d\n",
4217 in = IWM_NODE(vap->iv_bss);
4218 iwm_mvm_power_mac_update_mode(sc, in);
4219 iwm_mvm_enable_beacon_filter(sc, in);
4220 iwm_mvm_update_quotas(sc, in);
4221 iwm_setrates(sc, in);
4223 cmd.data[0] = &in->in_lq;
4224 if ((error = iwm_send_cmd(sc, &cmd)) != 0) {
4225 device_printf(sc->sc_dev,
4226 "%s: IWM_LQ_CMD failed\n", __func__);
4229 iwm_mvm_led_enable(sc);
4239 return (ivp->iv_newstate(vap, nstate, arg));
4243 iwm_endscan_cb(void *arg, int pending)
4245 struct iwm_softc *sc = arg;
4246 struct ieee80211com *ic = &sc->sc_ic;
4248 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
4252 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
4256 * Aging and idle timeouts for the different possible scenarios
4257 * in default configuration
4259 static const uint32_t
4260 iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4262 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF),
4263 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF)
4266 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF),
4267 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF)
4270 htole32(IWM_SF_MCAST_AGING_TIMER_DEF),
4271 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF)
4274 htole32(IWM_SF_BA_AGING_TIMER_DEF),
4275 htole32(IWM_SF_BA_IDLE_TIMER_DEF)
4278 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF),
4279 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF)
4284 * Aging and idle timeouts for the different possible scenarios
4285 * in single BSS MAC configuration.
4287 static const uint32_t
4288 iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4290 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER),
4291 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER)
4294 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER),
4295 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER)
4298 htole32(IWM_SF_MCAST_AGING_TIMER),
4299 htole32(IWM_SF_MCAST_IDLE_TIMER)
4302 htole32(IWM_SF_BA_AGING_TIMER),
4303 htole32(IWM_SF_BA_IDLE_TIMER)
4306 htole32(IWM_SF_TX_RE_AGING_TIMER),
4307 htole32(IWM_SF_TX_RE_IDLE_TIMER)
4312 iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd,
4313 struct ieee80211_node *ni)
4315 int i, j, watermark;
4317 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN);
4320 * If we are in association flow - check antenna configuration
4321 * capabilities of the AP station, and choose the watermark accordingly.
4324 if (ni->ni_flags & IEEE80211_NODE_HT) {
4326 if (ni->ni_rxmcs[2] != 0)
4327 watermark = IWM_SF_W_MARK_MIMO3;
4328 else if (ni->ni_rxmcs[1] != 0)
4329 watermark = IWM_SF_W_MARK_MIMO2;
4332 watermark = IWM_SF_W_MARK_SISO;
4334 watermark = IWM_SF_W_MARK_LEGACY;
4336 /* default watermark value for unassociated mode. */
4338 watermark = IWM_SF_W_MARK_MIMO2;
4340 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark);
4342 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) {
4343 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) {
4344 sf_cmd->long_delay_timeouts[i][j] =
4345 htole32(IWM_SF_LONG_DELAY_AGING_TIMER);
4350 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout,
4351 sizeof(iwm_sf_full_timeout));
4353 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def,
4354 sizeof(iwm_sf_full_timeout_def));
4359 iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state)
4361 struct ieee80211com *ic = &sc->sc_ic;
4362 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4363 struct iwm_sf_cfg_cmd sf_cmd = {
4364 .state = htole32(IWM_SF_FULL_ON),
4368 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
4369 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF);
4371 switch (new_state) {
4373 case IWM_SF_INIT_OFF:
4374 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL);
4376 case IWM_SF_FULL_ON:
4377 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss);
4380 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE,
4381 "Invalid state: %d. not sending Smart Fifo cmd\n",
4386 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC,
4387 sizeof(sf_cmd), &sf_cmd);
4392 iwm_send_bt_init_conf(struct iwm_softc *sc)
4394 struct iwm_bt_coex_cmd bt_cmd;
4396 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI);
4397 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET);
4399 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd),
4404 iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2)
4406 struct iwm_mcc_update_cmd mcc_cmd;
4407 struct iwm_host_cmd hcmd = {
4408 .id = IWM_MCC_UPDATE_CMD,
4409 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB),
4410 .data = { &mcc_cmd },
4414 struct iwm_rx_packet *pkt;
4415 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL;
4416 struct iwm_mcc_update_resp *mcc_resp;
4420 int resp_v2 = isset(sc->sc_enabled_capa,
4421 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2);
4423 memset(&mcc_cmd, 0, sizeof(mcc_cmd));
4424 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]);
4425 if ((sc->sc_ucode_api & IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) ||
4426 isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC))
4427 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT;
4429 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW;
4432 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd);
4434 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1);
4436 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4437 "send MCC update to FW with '%c%c' src = %d\n",
4438 alpha2[0], alpha2[1], mcc_cmd.source_id);
4440 ret = iwm_send_cmd(sc, &hcmd);
4445 pkt = hcmd.resp_pkt;
4447 /* Extract MCC response */
4449 mcc_resp = (void *)pkt->data;
4450 mcc = mcc_resp->mcc;
4451 n_channels = le32toh(mcc_resp->n_channels);
4453 mcc_resp_v1 = (void *)pkt->data;
4454 mcc = mcc_resp_v1->mcc;
4455 n_channels = le32toh(mcc_resp_v1->n_channels);
4458 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */
4460 mcc = 0x3030; /* "00" - world */
4462 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4463 "regulatory domain '%c%c' (%d channels available)\n",
4464 mcc >> 8, mcc & 0xff, n_channels);
4466 iwm_free_resp(sc, &hcmd);
4472 iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff)
4474 struct iwm_host_cmd cmd = {
4475 .id = IWM_REPLY_THERMAL_MNG_BACKOFF,
4476 .len = { sizeof(uint32_t), },
4477 .data = { &backoff, },
4480 if (iwm_send_cmd(sc, &cmd) != 0) {
4481 device_printf(sc->sc_dev,
4482 "failed to change thermal tx backoff\n");
4487 iwm_init_hw(struct iwm_softc *sc)
4489 struct ieee80211com *ic = &sc->sc_ic;
4492 if ((error = iwm_start_hw(sc)) != 0) {
4493 printf("iwm_start_hw: failed %d\n", error);
4497 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) {
4498 printf("iwm_run_init_mvm_ucode: failed %d\n", error);
4503 * should stop and start HW since that INIT
4506 iwm_stop_device(sc);
4507 if ((error = iwm_start_hw(sc)) != 0) {
4508 device_printf(sc->sc_dev, "could not initialize hardware\n");
4512 /* omstart, this time with the regular firmware */
4513 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR);
4515 device_printf(sc->sc_dev, "could not load firmware\n");
4519 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
4520 device_printf(sc->sc_dev, "bt init conf failed\n");
4524 if ((error = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc))) != 0) {
4525 device_printf(sc->sc_dev, "antenna config failed\n");
4529 /* Send phy db control command and then phy db calibration*/
4530 if ((error = iwm_send_phy_db_data(sc)) != 0) {
4531 device_printf(sc->sc_dev, "phy_db_data failed\n");
4535 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) {
4536 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n");
4540 /* Add auxiliary station for scanning */
4541 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) {
4542 device_printf(sc->sc_dev, "add_aux_sta failed\n");
4546 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
4548 * The channel used here isn't relevant as it's
4549 * going to be overwritten in the other flows.
4550 * For now use the first channel we have.
4552 if ((error = iwm_mvm_phy_ctxt_add(sc,
4553 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
4557 /* Initialize tx backoffs to the minimum. */
4558 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
4559 iwm_mvm_tt_tx_backoff(sc, 0);
4561 error = iwm_mvm_power_update_device(sc);
4565 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) {
4566 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0)
4570 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) {
4571 if ((error = iwm_mvm_config_umac_scan(sc)) != 0)
4575 /* Enable Tx queues. */
4576 for (ac = 0; ac < WME_NUM_AC; ac++) {
4577 error = iwm_enable_txq(sc, IWM_STATION_ID, ac,
4578 iwm_mvm_ac_to_tx_fifo[ac]);
4583 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) {
4584 device_printf(sc->sc_dev, "failed to disable beacon filter\n");
4591 iwm_stop_device(sc);
4595 /* Allow multicast from our BSSID. */
4597 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
4599 struct ieee80211_node *ni = vap->iv_bss;
4600 struct iwm_mcast_filter_cmd *cmd;
4604 size = roundup(sizeof(*cmd), 4);
4605 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
4608 cmd->filter_own = 1;
4612 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
4614 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
4615 IWM_CMD_SYNC, size, cmd);
4616 free(cmd, M_DEVBUF);
4626 iwm_init(struct iwm_softc *sc)
4630 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
4633 sc->sc_generation++;
4634 sc->sc_flags &= ~IWM_FLAG_STOPPED;
4636 if ((error = iwm_init_hw(sc)) != 0) {
4637 printf("iwm_init_hw failed %d\n", error);
4643 * Ok, firmware loaded and we are jogging
4645 sc->sc_flags |= IWM_FLAG_HW_INITED;
4646 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4650 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
4652 struct iwm_softc *sc;
4658 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
4662 error = mbufq_enqueue(&sc->sc_snd, m);
4673 * Dequeue packets from sendq and call send.
4676 iwm_start(struct iwm_softc *sc)
4678 struct ieee80211_node *ni;
4682 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
4683 while (sc->qfullmsk == 0 &&
4684 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
4685 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
4686 if (iwm_tx(sc, m, ni, ac) != 0) {
4687 if_inc_counter(ni->ni_vap->iv_ifp,
4688 IFCOUNTER_OERRORS, 1);
4689 ieee80211_free_node(ni);
4692 sc->sc_tx_timer = 15;
4694 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
4698 iwm_stop(struct iwm_softc *sc)
4701 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
4702 sc->sc_flags |= IWM_FLAG_STOPPED;
4703 sc->sc_generation++;
4704 iwm_led_blink_stop(sc);
4705 sc->sc_tx_timer = 0;
4706 iwm_stop_device(sc);
4710 iwm_watchdog(void *arg)
4712 struct iwm_softc *sc = arg;
4713 struct ieee80211com *ic = &sc->sc_ic;
4715 if (sc->sc_tx_timer > 0) {
4716 if (--sc->sc_tx_timer == 0) {
4717 device_printf(sc->sc_dev, "device timeout\n");
4721 ieee80211_restart_all(ic);
4722 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
4726 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4730 iwm_parent(struct ieee80211com *ic)
4732 struct iwm_softc *sc = ic->ic_softc;
4736 if (ic->ic_nrunning > 0) {
4737 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
4741 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
4745 ieee80211_start_all(ic);
4749 * The interrupt side of things
4753 * error dumping routines are from iwlwifi/mvm/utils.c
4757 * Note: This structure is read from the device with IO accesses,
4758 * and the reading already does the endian conversion. As it is
4759 * read with uint32_t-sized accesses, any members with a different size
4760 * need to be ordered correctly though!
4762 struct iwm_error_event_table {
4763 uint32_t valid; /* (nonzero) valid, (0) log is empty */
4764 uint32_t error_id; /* type of error */
4765 uint32_t trm_hw_status0; /* TRM HW status */
4766 uint32_t trm_hw_status1; /* TRM HW status */
4767 uint32_t blink2; /* branch link */
4768 uint32_t ilink1; /* interrupt link */
4769 uint32_t ilink2; /* interrupt link */
4770 uint32_t data1; /* error-specific data */
4771 uint32_t data2; /* error-specific data */
4772 uint32_t data3; /* error-specific data */
4773 uint32_t bcon_time; /* beacon timer */
4774 uint32_t tsf_low; /* network timestamp function timer */
4775 uint32_t tsf_hi; /* network timestamp function timer */
4776 uint32_t gp1; /* GP1 timer register */
4777 uint32_t gp2; /* GP2 timer register */
4778 uint32_t fw_rev_type; /* firmware revision type */
4779 uint32_t major; /* uCode version major */
4780 uint32_t minor; /* uCode version minor */
4781 uint32_t hw_ver; /* HW Silicon version */
4782 uint32_t brd_ver; /* HW board version */
4783 uint32_t log_pc; /* log program counter */
4784 uint32_t frame_ptr; /* frame pointer */
4785 uint32_t stack_ptr; /* stack pointer */
4786 uint32_t hcmd; /* last host command header */
4787 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
4789 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
4791 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
4793 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
4795 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
4797 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */
4798 uint32_t wait_event; /* wait event() caller address */
4799 uint32_t l2p_control; /* L2pControlField */
4800 uint32_t l2p_duration; /* L2pDurationField */
4801 uint32_t l2p_mhvalid; /* L2pMhValidBits */
4802 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
4803 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
4805 uint32_t u_timestamp; /* indicate when the date and time of the
4807 uint32_t flow_handler; /* FH read/write pointers, RX credit */
4808 } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */;
4811 * UMAC error struct - relevant starting from family 8000 chip.
4812 * Note: This structure is read from the device with IO accesses,
4813 * and the reading already does the endian conversion. As it is
4814 * read with u32-sized accesses, any members with a different size
4815 * need to be ordered correctly though!
4817 struct iwm_umac_error_event_table {
4818 uint32_t valid; /* (nonzero) valid, (0) log is empty */
4819 uint32_t error_id; /* type of error */
4820 uint32_t blink1; /* branch link */
4821 uint32_t blink2; /* branch link */
4822 uint32_t ilink1; /* interrupt link */
4823 uint32_t ilink2; /* interrupt link */
4824 uint32_t data1; /* error-specific data */
4825 uint32_t data2; /* error-specific data */
4826 uint32_t data3; /* error-specific data */
4827 uint32_t umac_major;
4828 uint32_t umac_minor;
4829 uint32_t frame_pointer; /* core register 27*/
4830 uint32_t stack_pointer; /* core register 28 */
4831 uint32_t cmd_header; /* latest host cmd sent to UMAC */
4832 uint32_t nic_isr_pref; /* ISR status register */
4835 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
4836 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
4842 } advanced_lookup[] = {
4843 { "NMI_INTERRUPT_WDG", 0x34 },
4844 { "SYSASSERT", 0x35 },
4845 { "UCODE_VERSION_MISMATCH", 0x37 },
4846 { "BAD_COMMAND", 0x38 },
4847 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
4848 { "FATAL_ERROR", 0x3D },
4849 { "NMI_TRM_HW_ERR", 0x46 },
4850 { "NMI_INTERRUPT_TRM", 0x4C },
4851 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
4852 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
4853 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
4854 { "NMI_INTERRUPT_HOST", 0x66 },
4855 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
4856 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
4857 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
4858 { "ADVANCED_SYSASSERT", 0 },
4862 iwm_desc_lookup(uint32_t num)
4866 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
4867 if (advanced_lookup[i].num == num)
4868 return advanced_lookup[i].name;
4870 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
4871 return advanced_lookup[i].name;
4875 iwm_nic_umac_error(struct iwm_softc *sc)
4877 struct iwm_umac_error_event_table table;
4880 base = sc->sc_uc.uc_umac_error_event_table;
4882 if (base < 0x800000) {
4883 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n",
4888 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
4889 device_printf(sc->sc_dev, "reading errlog failed\n");
4893 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
4894 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n");
4895 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
4896 sc->sc_flags, table.valid);
4899 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id,
4900 iwm_desc_lookup(table.error_id));
4901 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1);
4902 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2);
4903 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n",
4905 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n",
4907 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1);
4908 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2);
4909 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3);
4910 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major);
4911 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor);
4912 device_printf(sc->sc_dev, "0x%08X | frame pointer\n",
4913 table.frame_pointer);
4914 device_printf(sc->sc_dev, "0x%08X | stack pointer\n",
4915 table.stack_pointer);
4916 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header);
4917 device_printf(sc->sc_dev, "0x%08X | isr status reg\n",
4918 table.nic_isr_pref);
4922 * Support for dumping the error log seemed like a good idea ...
4923 * but it's mostly hex junk and the only sensible thing is the
4924 * hw/ucode revision (which we know anyway). Since it's here,
4925 * I'll just leave it in, just in case e.g. the Intel guys want to
4926 * help us decipher some "ADVANCED_SYSASSERT" later.
4929 iwm_nic_error(struct iwm_softc *sc)
4931 struct iwm_error_event_table table;
4934 device_printf(sc->sc_dev, "dumping device error log\n");
4935 base = sc->sc_uc.uc_error_event_table;
4936 if (base < 0x800000) {
4937 device_printf(sc->sc_dev,
4938 "Invalid error log pointer 0x%08x\n", base);
4942 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
4943 device_printf(sc->sc_dev, "reading errlog failed\n");
4948 device_printf(sc->sc_dev, "errlog not found, skipping\n");
4952 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
4953 device_printf(sc->sc_dev, "Start Error Log Dump:\n");
4954 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
4955 sc->sc_flags, table.valid);
4958 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
4959 iwm_desc_lookup(table.error_id));
4960 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n",
4961 table.trm_hw_status0);
4962 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n",
4963 table.trm_hw_status1);
4964 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
4965 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
4966 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
4967 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
4968 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
4969 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
4970 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
4971 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
4972 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
4973 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
4974 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
4975 device_printf(sc->sc_dev, "%08X | uCode revision type\n",
4977 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major);
4978 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor);
4979 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
4980 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
4981 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
4982 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
4983 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
4984 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
4985 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
4986 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
4987 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id);
4988 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
4989 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
4990 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
4991 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
4992 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
4993 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
4994 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
4995 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
4997 if (sc->sc_uc.uc_umac_error_event_table)
4998 iwm_nic_umac_error(sc);
5002 #define SYNC_RESP_STRUCT(_var_, _pkt_) \
5004 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\
5005 _var_ = (void *)((_pkt_)+1); \
5006 } while (/*CONSTCOND*/0)
5008 #define SYNC_RESP_PTR(_ptr_, _len_, _pkt_) \
5010 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\
5011 _ptr_ = (void *)((_pkt_)+1); \
5012 } while (/*CONSTCOND*/0)
5014 #define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT);
5017 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
5018 * Basic structure from if_iwn
5021 iwm_notif_intr(struct iwm_softc *sc)
5023 struct ieee80211com *ic = &sc->sc_ic;
5026 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
5027 BUS_DMASYNC_POSTREAD);
5029 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
5034 while (sc->rxq.cur != hw) {
5035 struct iwm_rx_ring *ring = &sc->rxq;
5036 struct iwm_rx_data *data = &sc->rxq.data[sc->rxq.cur];
5037 struct iwm_rx_packet *pkt;
5038 struct iwm_cmd_response *cresp;
5041 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
5042 BUS_DMASYNC_POSTREAD);
5043 pkt = mtod(data->m, struct iwm_rx_packet *);
5045 qid = pkt->hdr.qid & ~0x80;
5048 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code);
5049 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5050 "rx packet qid=%d idx=%d type=%x %d %d\n",
5051 pkt->hdr.qid & ~0x80, pkt->hdr.idx, code, sc->rxq.cur, hw);
5054 * randomly get these from the firmware, no idea why.
5055 * they at least seem harmless, so just ignore them for now
5057 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0)
5058 || pkt->len_n_flags == htole32(0x55550000))) {
5064 case IWM_REPLY_RX_PHY_CMD:
5065 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data);
5068 case IWM_REPLY_RX_MPDU_CMD:
5069 iwm_mvm_rx_rx_mpdu(sc, pkt, data);
5073 iwm_mvm_rx_tx_cmd(sc, pkt, data);
5076 case IWM_MISSED_BEACONS_NOTIFICATION: {
5077 struct iwm_missed_beacons_notif *resp;
5080 /* XXX look at mac_id to determine interface ID */
5081 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5083 SYNC_RESP_STRUCT(resp, pkt);
5084 missed = le32toh(resp->consec_missed_beacons);
5086 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
5087 "%s: MISSED_BEACON: mac_id=%d, "
5088 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
5091 le32toh(resp->mac_id),
5092 le32toh(resp->consec_missed_beacons_since_last_rx),
5093 le32toh(resp->consec_missed_beacons),
5094 le32toh(resp->num_expected_beacons),
5095 le32toh(resp->num_recvd_beacons));
5101 /* XXX no net80211 locking? */
5102 if (vap->iv_state == IEEE80211_S_RUN &&
5103 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
5104 if (missed > vap->iv_bmissthreshold) {
5105 /* XXX bad locking; turn into task */
5107 ieee80211_beacon_miss(ic);
5114 case IWM_MFUART_LOAD_NOTIFICATION:
5117 case IWM_MVM_ALIVE: {
5118 struct iwm_mvm_alive_resp_v1 *resp1;
5119 struct iwm_mvm_alive_resp_v2 *resp2;
5120 struct iwm_mvm_alive_resp_v3 *resp3;
5122 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp1)) {
5123 SYNC_RESP_STRUCT(resp1, pkt);
5124 sc->sc_uc.uc_error_event_table
5125 = le32toh(resp1->error_event_table_ptr);
5126 sc->sc_uc.uc_log_event_table
5127 = le32toh(resp1->log_event_table_ptr);
5128 sc->sched_base = le32toh(resp1->scd_base_ptr);
5129 if (resp1->status == IWM_ALIVE_STATUS_OK)
5130 sc->sc_uc.uc_ok = 1;
5132 sc->sc_uc.uc_ok = 0;
5135 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp2)) {
5136 SYNC_RESP_STRUCT(resp2, pkt);
5137 sc->sc_uc.uc_error_event_table
5138 = le32toh(resp2->error_event_table_ptr);
5139 sc->sc_uc.uc_log_event_table
5140 = le32toh(resp2->log_event_table_ptr);
5141 sc->sched_base = le32toh(resp2->scd_base_ptr);
5142 sc->sc_uc.uc_umac_error_event_table
5143 = le32toh(resp2->error_info_addr);
5144 if (resp2->status == IWM_ALIVE_STATUS_OK)
5145 sc->sc_uc.uc_ok = 1;
5147 sc->sc_uc.uc_ok = 0;
5150 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp3)) {
5151 SYNC_RESP_STRUCT(resp3, pkt);
5152 sc->sc_uc.uc_error_event_table
5153 = le32toh(resp3->error_event_table_ptr);
5154 sc->sc_uc.uc_log_event_table
5155 = le32toh(resp3->log_event_table_ptr);
5156 sc->sched_base = le32toh(resp3->scd_base_ptr);
5157 sc->sc_uc.uc_umac_error_event_table
5158 = le32toh(resp3->error_info_addr);
5159 if (resp3->status == IWM_ALIVE_STATUS_OK)
5160 sc->sc_uc.uc_ok = 1;
5162 sc->sc_uc.uc_ok = 0;
5165 sc->sc_uc.uc_intr = 1;
5169 case IWM_CALIB_RES_NOTIF_PHY_DB: {
5170 struct iwm_calib_res_notif_phy_db *phy_db_notif;
5171 SYNC_RESP_STRUCT(phy_db_notif, pkt);
5173 iwm_phy_db_set_section(sc, phy_db_notif);
5177 case IWM_STATISTICS_NOTIFICATION: {
5178 struct iwm_notif_statistics *stats;
5179 SYNC_RESP_STRUCT(stats, pkt);
5180 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
5181 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general);
5184 case IWM_NVM_ACCESS_CMD:
5185 case IWM_MCC_UPDATE_CMD:
5186 if (sc->sc_wantresp == ((qid << 16) | idx)) {
5187 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
5188 BUS_DMASYNC_POSTREAD);
5189 memcpy(sc->sc_cmd_resp,
5190 pkt, sizeof(sc->sc_cmd_resp));
5194 case IWM_MCC_CHUB_UPDATE_CMD: {
5195 struct iwm_mcc_chub_notif *notif;
5196 SYNC_RESP_STRUCT(notif, pkt);
5198 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8;
5199 sc->sc_fw_mcc[1] = notif->mcc & 0xff;
5200 sc->sc_fw_mcc[2] = '\0';
5201 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
5202 "fw source %d sent CC '%s'\n",
5203 notif->source_id, sc->sc_fw_mcc);
5206 case IWM_DTS_MEASUREMENT_NOTIFICATION:
5209 case IWM_PHY_CONFIGURATION_CMD:
5210 case IWM_TX_ANT_CONFIGURATION_CMD:
5212 case IWM_MAC_CONTEXT_CMD:
5213 case IWM_REPLY_SF_CFG_CMD:
5214 case IWM_POWER_TABLE_CMD:
5215 case IWM_PHY_CONTEXT_CMD:
5216 case IWM_BINDING_CONTEXT_CMD:
5217 case IWM_TIME_EVENT_CMD:
5218 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD):
5219 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC):
5220 case IWM_SCAN_OFFLOAD_REQUEST_CMD:
5221 case IWM_REPLY_BEACON_FILTERING_CMD:
5222 case IWM_MAC_PM_POWER_TABLE:
5223 case IWM_TIME_QUOTA_CMD:
5224 case IWM_REMOVE_STA:
5225 case IWM_TXPATH_FLUSH:
5228 case IWM_REPLY_THERMAL_MNG_BACKOFF:
5229 SYNC_RESP_STRUCT(cresp, pkt);
5230 if (sc->sc_wantresp == ((qid << 16) | idx)) {
5231 memcpy(sc->sc_cmd_resp,
5232 pkt, sizeof(*pkt)+sizeof(*cresp));
5237 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */
5240 case IWM_INIT_COMPLETE_NOTIF:
5241 sc->sc_init_complete = 1;
5242 wakeup(&sc->sc_init_complete);
5245 case IWM_SCAN_OFFLOAD_COMPLETE: {
5246 struct iwm_periodic_scan_complete *notif;
5247 SYNC_RESP_STRUCT(notif, pkt);
5251 case IWM_SCAN_ITERATION_COMPLETE: {
5252 struct iwm_lmac_scan_complete_notif *notif;
5253 SYNC_RESP_STRUCT(notif, pkt);
5254 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task);
5258 case IWM_SCAN_COMPLETE_UMAC: {
5259 struct iwm_umac_scan_complete *notif;
5260 SYNC_RESP_STRUCT(notif, pkt);
5262 IWM_DPRINTF(sc, IWM_DEBUG_SCAN,
5263 "UMAC scan complete, status=0x%x\n",
5265 #if 0 /* XXX This would be a duplicate scan end call */
5266 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task);
5271 case IWM_SCAN_ITERATION_COMPLETE_UMAC: {
5272 struct iwm_umac_scan_iter_complete_notif *notif;
5273 SYNC_RESP_STRUCT(notif, pkt);
5275 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration "
5276 "complete, status=0x%x, %d channels scanned\n",
5277 notif->status, notif->scanned_channels);
5278 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task);
5282 case IWM_REPLY_ERROR: {
5283 struct iwm_error_resp *resp;
5284 SYNC_RESP_STRUCT(resp, pkt);
5286 device_printf(sc->sc_dev,
5287 "firmware error 0x%x, cmd 0x%x\n",
5288 le32toh(resp->error_type),
5293 case IWM_TIME_EVENT_NOTIFICATION: {
5294 struct iwm_time_event_notif *notif;
5295 SYNC_RESP_STRUCT(notif, pkt);
5297 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5298 "TE notif status = 0x%x action = 0x%x\n",
5299 notif->status, notif->action);
5303 case IWM_MCAST_FILTER_CMD:
5306 case IWM_SCD_QUEUE_CFG: {
5307 struct iwm_scd_txq_cfg_rsp *rsp;
5308 SYNC_RESP_STRUCT(rsp, pkt);
5310 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
5311 "queue cfg token=0x%x sta_id=%d "
5312 "tid=%d scd_queue=%d\n",
5313 rsp->token, rsp->sta_id, rsp->tid,
5319 device_printf(sc->sc_dev,
5320 "frame %d/%d %x UNHANDLED (this should "
5321 "not happen)\n", qid, idx,
5327 * Why test bit 0x80? The Linux driver:
5329 * There is one exception: uCode sets bit 15 when it
5330 * originates the response/notification, i.e. when the
5331 * response/notification is not a direct response to a
5332 * command sent by the driver. For example, uCode issues
5333 * IWM_REPLY_RX when it sends a received frame to the driver;
5334 * it is not a direct response to any driver command.
5336 * Ok, so since when is 7 == 15? Well, the Linux driver
5337 * uses a slightly different format for pkt->hdr, and "qid"
5338 * is actually the upper byte of a two-byte field.
5340 if (!(pkt->hdr.qid & (1 << 7))) {
5341 iwm_cmd_done(sc, pkt);
5347 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
5348 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
5351 * Tell the firmware what we have processed.
5352 * Seems like the hardware gets upset unless we align
5355 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1;
5356 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7);
5362 struct iwm_softc *sc = arg;
5368 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
5370 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
5371 uint32_t *ict = sc->ict_dma.vaddr;
5374 tmp = htole32(ict[sc->ict_cur]);
5379 * ok, there was something. keep plowing until we have all.
5384 ict[sc->ict_cur] = 0;
5385 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
5386 tmp = htole32(ict[sc->ict_cur]);
5389 /* this is where the fun begins. don't ask */
5390 if (r1 == 0xffffffff)
5393 /* i am not expected to understand this */
5396 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
5398 r1 = IWM_READ(sc, IWM_CSR_INT);
5399 /* "hardware gone" (where, fishing?) */
5400 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
5402 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
5404 if (r1 == 0 && r2 == 0) {
5408 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
5411 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/));
5413 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
5415 struct ieee80211com *ic = &sc->sc_ic;
5416 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5421 /* Dump driver status (TX and RX rings) while we're here. */
5422 device_printf(sc->sc_dev, "driver status:\n");
5423 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) {
5424 struct iwm_tx_ring *ring = &sc->txq[i];
5425 device_printf(sc->sc_dev,
5426 " tx ring %2d: qid=%-2d cur=%-3d "
5428 i, ring->qid, ring->cur, ring->queued);
5430 device_printf(sc->sc_dev,
5431 " rx ring: cur=%d\n", sc->rxq.cur);
5432 device_printf(sc->sc_dev,
5433 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state);
5435 /* Don't stop the device; just do a VAP restart */
5439 printf("%s: null vap\n", __func__);
5443 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; "
5444 "restarting\n", __func__, vap->iv_state);
5446 /* XXX TODO: turn this into a callout/taskqueue */
5447 ieee80211_restart_all(ic);
5451 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
5452 handled |= IWM_CSR_INT_BIT_HW_ERR;
5453 device_printf(sc->sc_dev, "hardware error, stopping device\n");
5459 /* firmware chunk loaded */
5460 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
5461 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
5462 handled |= IWM_CSR_INT_BIT_FH_TX;
5463 sc->sc_fw_chunk_done = 1;
5467 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
5468 handled |= IWM_CSR_INT_BIT_RF_KILL;
5469 if (iwm_check_rfkill(sc)) {
5470 device_printf(sc->sc_dev,
5471 "%s: rfkill switch, disabling interface\n",
5478 * The Linux driver uses periodic interrupts to avoid races.
5479 * We cargo-cult like it's going out of fashion.
5481 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
5482 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
5483 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
5484 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
5486 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
5490 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
5491 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
5492 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
5496 /* enable periodic interrupt, see above */
5497 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
5498 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
5499 IWM_CSR_INT_PERIODIC_ENA);
5502 if (__predict_false(r1 & ~handled))
5503 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5504 "%s: unhandled interrupts: %x\n", __func__, r1);
5508 iwm_restore_interrupts(sc);
5515 * Autoconf glue-sniffing
5517 #define PCI_VENDOR_INTEL 0x8086
5518 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
5519 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
5520 #define PCI_PRODUCT_INTEL_WL_3165_1 0x3165
5521 #define PCI_PRODUCT_INTEL_WL_3165_2 0x3166
5522 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
5523 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
5524 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
5525 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
5526 #define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3
5527 #define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4
5529 static const struct iwm_devices {
5533 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" },
5534 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" },
5535 { PCI_PRODUCT_INTEL_WL_3165_1, "Intel Dual Band Wireless AC 3165" },
5536 { PCI_PRODUCT_INTEL_WL_3165_2, "Intel Dual Band Wireless AC 3165" },
5537 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" },
5538 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" },
5539 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" },
5540 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" },
5541 { PCI_PRODUCT_INTEL_WL_8260_1, "Intel Dual Band Wireless AC 8260" },
5542 { PCI_PRODUCT_INTEL_WL_8260_2, "Intel Dual Band Wireless AC 8260" },
5546 iwm_probe(device_t dev)
5550 for (i = 0; i < nitems(iwm_devices); i++) {
5551 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
5552 pci_get_device(dev) == iwm_devices[i].device) {
5553 device_set_desc(dev, iwm_devices[i].name);
5554 return (BUS_PROBE_DEFAULT);
5562 iwm_dev_check(device_t dev)
5564 struct iwm_softc *sc;
5566 sc = device_get_softc(dev);
5568 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
5569 switch (pci_get_device(dev)) {
5570 case PCI_PRODUCT_INTEL_WL_3160_1:
5571 case PCI_PRODUCT_INTEL_WL_3160_2:
5572 sc->sc_fwname = "iwm3160fw";
5573 sc->host_interrupt_operation_mode = 1;
5574 sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
5575 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
5577 case PCI_PRODUCT_INTEL_WL_3165_1:
5578 case PCI_PRODUCT_INTEL_WL_3165_2:
5579 sc->sc_fwname = "iwm7265fw";
5580 sc->host_interrupt_operation_mode = 0;
5581 sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
5582 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
5584 case PCI_PRODUCT_INTEL_WL_7260_1:
5585 case PCI_PRODUCT_INTEL_WL_7260_2:
5586 sc->sc_fwname = "iwm7260fw";
5587 sc->host_interrupt_operation_mode = 1;
5588 sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
5589 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
5591 case PCI_PRODUCT_INTEL_WL_7265_1:
5592 case PCI_PRODUCT_INTEL_WL_7265_2:
5593 sc->sc_fwname = "iwm7265fw";
5594 sc->host_interrupt_operation_mode = 0;
5595 sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
5596 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
5598 case PCI_PRODUCT_INTEL_WL_8260_1:
5599 case PCI_PRODUCT_INTEL_WL_8260_2:
5600 sc->sc_fwname = "iwm8000Cfw";
5601 sc->host_interrupt_operation_mode = 0;
5602 sc->sc_device_family = IWM_DEVICE_FAMILY_8000;
5603 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000;
5606 device_printf(dev, "unknown adapter type\n");
5612 iwm_pci_attach(device_t dev)
5614 struct iwm_softc *sc;
5615 int count, error, rid;
5618 sc = device_get_softc(dev);
5620 /* Clear device-specific "PCI retry timeout" register (41h). */
5621 reg = pci_read_config(dev, 0x40, sizeof(reg));
5622 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg));
5624 /* Enable bus-mastering and hardware bug workaround. */
5625 pci_enable_busmaster(dev);
5626 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
5628 if (reg & PCIM_STATUS_INTxSTATE) {
5629 reg &= ~PCIM_STATUS_INTxSTATE;
5631 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
5634 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
5636 if (sc->sc_mem == NULL) {
5637 device_printf(sc->sc_dev, "can't map mem space\n");
5640 sc->sc_st = rman_get_bustag(sc->sc_mem);
5641 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
5643 /* Install interrupt handler. */
5646 if (pci_alloc_msi(dev, &count) == 0)
5648 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
5649 (rid != 0 ? 0 : RF_SHAREABLE));
5650 if (sc->sc_irq == NULL) {
5651 device_printf(dev, "can't map interrupt\n");
5654 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
5655 NULL, iwm_intr, sc, &sc->sc_ih);
5656 if (sc->sc_ih == NULL) {
5657 device_printf(dev, "can't establish interrupt");
5660 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
5666 iwm_pci_detach(device_t dev)
5668 struct iwm_softc *sc = device_get_softc(dev);
5670 if (sc->sc_irq != NULL) {
5671 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
5672 bus_release_resource(dev, SYS_RES_IRQ,
5673 rman_get_rid(sc->sc_irq), sc->sc_irq);
5674 pci_release_msi(dev);
5676 if (sc->sc_mem != NULL)
5677 bus_release_resource(dev, SYS_RES_MEMORY,
5678 rman_get_rid(sc->sc_mem), sc->sc_mem);
5684 iwm_attach(device_t dev)
5686 struct iwm_softc *sc = device_get_softc(dev);
5687 struct ieee80211com *ic = &sc->sc_ic;
5693 mbufq_init(&sc->sc_snd, ifqmaxlen);
5694 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
5695 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0);
5696 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
5699 error = iwm_pci_attach(dev);
5703 sc->sc_wantresp = -1;
5705 /* Check device type */
5706 error = iwm_dev_check(dev);
5711 * We now start fiddling with the hardware
5714 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have
5715 * changed, and now the revision step also includes bit 0-1 (no more
5716 * "dash" value). To keep hw_rev backwards compatible - we'll store it
5717 * in the old format.
5719 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
5720 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) |
5721 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2);
5723 if (iwm_prepare_card_hw(sc) != 0) {
5724 device_printf(dev, "could not initialize hardware\n");
5728 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
5733 * In order to recognize C step the driver should read the
5734 * chip version id located at the AUX bus MISC address.
5736 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
5737 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
5740 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
5741 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
5742 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
5745 device_printf(sc->sc_dev,
5746 "Failed to wake up the nic\n");
5750 if (iwm_nic_lock(sc)) {
5751 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG);
5752 hw_step |= IWM_ENABLE_WFPM;
5753 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step);
5754 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG);
5755 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF;
5757 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) |
5758 (IWM_SILICON_C_STEP << 2);
5761 device_printf(sc->sc_dev, "Failed to lock the nic\n");
5766 /* Allocate DMA memory for firmware transfers. */
5767 if ((error = iwm_alloc_fwmem(sc)) != 0) {
5768 device_printf(dev, "could not allocate memory for firmware\n");
5772 /* Allocate "Keep Warm" page. */
5773 if ((error = iwm_alloc_kw(sc)) != 0) {
5774 device_printf(dev, "could not allocate keep warm page\n");
5778 /* We use ICT interrupts */
5779 if ((error = iwm_alloc_ict(sc)) != 0) {
5780 device_printf(dev, "could not allocate ICT table\n");
5784 /* Allocate TX scheduler "rings". */
5785 if ((error = iwm_alloc_sched(sc)) != 0) {
5786 device_printf(dev, "could not allocate TX scheduler rings\n");
5790 /* Allocate TX rings */
5791 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
5792 if ((error = iwm_alloc_tx_ring(sc,
5793 &sc->txq[txq_i], txq_i)) != 0) {
5795 "could not allocate TX ring %d\n",
5801 /* Allocate RX ring. */
5802 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
5803 device_printf(dev, "could not allocate RX ring\n");
5807 /* Clear pending interrupts. */
5808 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
5811 ic->ic_name = device_get_nameunit(sc->sc_dev);
5812 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
5813 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
5815 /* Set device capabilities. */
5818 IEEE80211_C_WPA | /* WPA/RSN */
5820 IEEE80211_C_SHSLOT | /* short slot time supported */
5821 IEEE80211_C_SHPREAMBLE /* short preamble supported */
5822 // IEEE80211_C_BGSCAN /* capable of bg scanning */
5824 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
5825 sc->sc_phyctxt[i].id = i;
5826 sc->sc_phyctxt[i].color = 0;
5827 sc->sc_phyctxt[i].ref = 0;
5828 sc->sc_phyctxt[i].channel = NULL;
5831 /* Default noise floor */
5835 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
5837 sc->sc_preinit_hook.ich_func = iwm_preinit;
5838 sc->sc_preinit_hook.ich_arg = sc;
5839 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
5840 device_printf(dev, "config_intrhook_establish failed\n");
5845 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
5846 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
5847 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
5850 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
5851 "<-%s\n", __func__);
5855 /* Free allocated memory if something failed during attachment. */
5857 iwm_detach_local(sc, 0);
5863 iwm_is_valid_ether_addr(uint8_t *addr)
5865 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 };
5867 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr))
5874 iwm_update_edca(struct ieee80211com *ic)
5876 struct iwm_softc *sc = ic->ic_softc;
5878 device_printf(sc->sc_dev, "%s: called\n", __func__);
5883 iwm_preinit(void *arg)
5885 struct iwm_softc *sc = arg;
5886 device_t dev = sc->sc_dev;
5887 struct ieee80211com *ic = &sc->sc_ic;
5890 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
5891 "->%s\n", __func__);
5894 if ((error = iwm_start_hw(sc)) != 0) {
5895 device_printf(dev, "could not initialize hardware\n");
5900 error = iwm_run_init_mvm_ucode(sc, 1);
5901 iwm_stop_device(sc);
5907 "hw rev 0x%x, fw ver %s, address %s\n",
5908 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
5909 sc->sc_fwver, ether_sprintf(sc->sc_nvm.hw_addr));
5911 /* not all hardware can do 5GHz band */
5912 if (!sc->sc_nvm.sku_cap_band_52GHz_enable)
5913 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
5914 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
5917 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
5921 * At this point we've committed - if we fail to do setup,
5922 * we now also have to tear down the net80211 state.
5924 ieee80211_ifattach(ic);
5925 ic->ic_vap_create = iwm_vap_create;
5926 ic->ic_vap_delete = iwm_vap_delete;
5927 ic->ic_raw_xmit = iwm_raw_xmit;
5928 ic->ic_node_alloc = iwm_node_alloc;
5929 ic->ic_scan_start = iwm_scan_start;
5930 ic->ic_scan_end = iwm_scan_end;
5931 ic->ic_update_mcast = iwm_update_mcast;
5932 ic->ic_getradiocaps = iwm_init_channel_map;
5933 ic->ic_set_channel = iwm_set_channel;
5934 ic->ic_scan_curchan = iwm_scan_curchan;
5935 ic->ic_scan_mindwell = iwm_scan_mindwell;
5936 ic->ic_wme.wme_update = iwm_update_edca;
5937 ic->ic_parent = iwm_parent;
5938 ic->ic_transmit = iwm_transmit;
5939 iwm_radiotap_attach(sc);
5941 ieee80211_announce(ic);
5943 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
5944 "<-%s\n", __func__);
5945 config_intrhook_disestablish(&sc->sc_preinit_hook);
5949 config_intrhook_disestablish(&sc->sc_preinit_hook);
5950 iwm_detach_local(sc, 0);
5954 * Attach the interface to 802.11 radiotap.
5957 iwm_radiotap_attach(struct iwm_softc *sc)
5959 struct ieee80211com *ic = &sc->sc_ic;
5961 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
5962 "->%s begin\n", __func__);
5963 ieee80211_radiotap_attach(ic,
5964 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
5965 IWM_TX_RADIOTAP_PRESENT,
5966 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
5967 IWM_RX_RADIOTAP_PRESENT);
5968 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
5969 "->%s end\n", __func__);
5972 static struct ieee80211vap *
5973 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
5974 enum ieee80211_opmode opmode, int flags,
5975 const uint8_t bssid[IEEE80211_ADDR_LEN],
5976 const uint8_t mac[IEEE80211_ADDR_LEN])
5978 struct iwm_vap *ivp;
5979 struct ieee80211vap *vap;
5981 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
5983 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO);
5985 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
5986 vap->iv_bmissthreshold = 10; /* override default */
5987 /* Override with driver methods. */
5988 ivp->iv_newstate = vap->iv_newstate;
5989 vap->iv_newstate = iwm_newstate;
5991 ieee80211_ratectl_init(vap);
5992 /* Complete setup. */
5993 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status,
5995 ic->ic_opmode = opmode;
6001 iwm_vap_delete(struct ieee80211vap *vap)
6003 struct iwm_vap *ivp = IWM_VAP(vap);
6005 ieee80211_ratectl_deinit(vap);
6006 ieee80211_vap_detach(vap);
6007 free(ivp, M_80211_VAP);
6011 iwm_scan_start(struct ieee80211com *ic)
6013 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6014 struct iwm_softc *sc = ic->ic_softc;
6018 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN))
6019 error = iwm_mvm_umac_scan(sc);
6021 error = iwm_mvm_lmac_scan(sc);
6023 device_printf(sc->sc_dev, "could not initiate 2 GHz scan\n");
6025 ieee80211_cancel_scan(vap);
6027 iwm_led_blink_start(sc);
6033 iwm_scan_end(struct ieee80211com *ic)
6035 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6036 struct iwm_softc *sc = ic->ic_softc;
6039 iwm_led_blink_stop(sc);
6040 if (vap->iv_state == IEEE80211_S_RUN)
6041 iwm_mvm_led_enable(sc);
6046 iwm_update_mcast(struct ieee80211com *ic)
6051 iwm_set_channel(struct ieee80211com *ic)
6056 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
6061 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
6067 iwm_init_task(void *arg1)
6069 struct iwm_softc *sc = arg1;
6072 while (sc->sc_flags & IWM_FLAG_BUSY)
6073 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
6074 sc->sc_flags |= IWM_FLAG_BUSY;
6076 if (sc->sc_ic.ic_nrunning > 0)
6078 sc->sc_flags &= ~IWM_FLAG_BUSY;
6079 wakeup(&sc->sc_flags);
6084 iwm_resume(device_t dev)
6086 struct iwm_softc *sc = device_get_softc(dev);
6090 /* Clear device-specific "PCI retry timeout" register (41h). */
6091 reg = pci_read_config(dev, 0x40, sizeof(reg));
6092 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg));
6093 iwm_init_task(device_get_softc(dev));
6096 if (sc->sc_flags & IWM_FLAG_SCANNING) {
6097 sc->sc_flags &= ~IWM_FLAG_SCANNING;
6103 ieee80211_resume_all(&sc->sc_ic);
6109 iwm_suspend(device_t dev)
6112 struct iwm_softc *sc = device_get_softc(dev);
6114 do_stop = !! (sc->sc_ic.ic_nrunning > 0);
6116 ieee80211_suspend_all(&sc->sc_ic);
6121 sc->sc_flags |= IWM_FLAG_SCANNING;
6129 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
6131 struct iwm_fw_info *fw = &sc->sc_fw;
6132 device_t dev = sc->sc_dev;
6135 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task);
6137 callout_drain(&sc->sc_led_blink_to);
6138 callout_drain(&sc->sc_watchdog_to);
6139 iwm_stop_device(sc);
6141 ieee80211_ifdetach(&sc->sc_ic);
6144 iwm_phy_db_free(sc);
6146 /* Free descriptor rings */
6147 iwm_free_rx_ring(sc, &sc->rxq);
6148 for (i = 0; i < nitems(sc->txq); i++)
6149 iwm_free_tx_ring(sc, &sc->txq[i]);
6152 if (fw->fw_fp != NULL)
6153 iwm_fw_info_free(fw);
6155 /* Free scheduler */
6156 iwm_dma_contig_free(&sc->sched_dma);
6157 iwm_dma_contig_free(&sc->ict_dma);
6158 iwm_dma_contig_free(&sc->kw_dma);
6159 iwm_dma_contig_free(&sc->fw_dma);
6161 /* Finished with the hardware - detach things */
6162 iwm_pci_detach(dev);
6164 mbufq_drain(&sc->sc_snd);
6165 IWM_LOCK_DESTROY(sc);
6171 iwm_detach(device_t dev)
6173 struct iwm_softc *sc = device_get_softc(dev);
6175 return (iwm_detach_local(sc, 1));
6178 static device_method_t iwm_pci_methods[] = {
6179 /* Device interface */
6180 DEVMETHOD(device_probe, iwm_probe),
6181 DEVMETHOD(device_attach, iwm_attach),
6182 DEVMETHOD(device_detach, iwm_detach),
6183 DEVMETHOD(device_suspend, iwm_suspend),
6184 DEVMETHOD(device_resume, iwm_resume),
6189 static driver_t iwm_pci_driver = {
6192 sizeof (struct iwm_softc)
6195 static devclass_t iwm_devclass;
6197 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
6198 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
6199 MODULE_DEPEND(iwm, pci, 1, 1, 1);
6200 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
projects / FreeBSD / FreeBSD.git / blob