1 /* $OpenBSD: if_iwm.c,v 1.39 2015/03/23 00:35:19 jsg Exp $ */
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
27 ***********************************************************************
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
105 #include <sys/cdefs.h>
106 __FBSDID("$FreeBSD$");
108 #include <sys/param.h>
110 #include <sys/conf.h>
111 #include <sys/endian.h>
112 #include <sys/firmware.h>
113 #include <sys/kernel.h>
114 #include <sys/malloc.h>
115 #include <sys/mbuf.h>
116 #include <sys/mutex.h>
117 #include <sys/module.h>
118 #include <sys/proc.h>
119 #include <sys/rman.h>
120 #include <sys/socket.h>
121 #include <sys/sockio.h>
122 #include <sys/sysctl.h>
123 #include <sys/linker.h>
125 #include <machine/bus.h>
126 #include <machine/endian.h>
127 #include <machine/resource.h>
129 #include <dev/pci/pcivar.h>
130 #include <dev/pci/pcireg.h>
135 #include <net/if_var.h>
136 #include <net/if_arp.h>
137 #include <net/if_dl.h>
138 #include <net/if_media.h>
139 #include <net/if_types.h>
141 #include <netinet/in.h>
142 #include <netinet/in_systm.h>
143 #include <netinet/if_ether.h>
144 #include <netinet/ip.h>
146 #include <net80211/ieee80211_var.h>
147 #include <net80211/ieee80211_regdomain.h>
148 #include <net80211/ieee80211_ratectl.h>
149 #include <net80211/ieee80211_radiotap.h>
151 #include <dev/iwm/if_iwmreg.h>
152 #include <dev/iwm/if_iwmvar.h>
153 #include <dev/iwm/if_iwm_debug.h>
154 #include <dev/iwm/if_iwm_util.h>
155 #include <dev/iwm/if_iwm_binding.h>
156 #include <dev/iwm/if_iwm_phy_db.h>
157 #include <dev/iwm/if_iwm_mac_ctxt.h>
158 #include <dev/iwm/if_iwm_phy_ctxt.h>
159 #include <dev/iwm/if_iwm_time_event.h>
160 #include <dev/iwm/if_iwm_power.h>
161 #include <dev/iwm/if_iwm_scan.h>
163 #include <dev/iwm/if_iwm_pcie_trans.h>
165 const uint8_t iwm_nvm_channels[] = {
167 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
169 36, 40, 44 , 48, 52, 56, 60, 64,
170 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
171 149, 153, 157, 161, 165
173 #define IWM_NUM_2GHZ_CHANNELS 14
176 * XXX For now, there's simply a fixed set of rate table entries
177 * that are populated.
179 const struct iwm_rate {
183 { 2, IWM_RATE_1M_PLCP },
184 { 4, IWM_RATE_2M_PLCP },
185 { 11, IWM_RATE_5M_PLCP },
186 { 22, IWM_RATE_11M_PLCP },
187 { 12, IWM_RATE_6M_PLCP },
188 { 18, IWM_RATE_9M_PLCP },
189 { 24, IWM_RATE_12M_PLCP },
190 { 36, IWM_RATE_18M_PLCP },
191 { 48, IWM_RATE_24M_PLCP },
192 { 72, IWM_RATE_36M_PLCP },
193 { 96, IWM_RATE_48M_PLCP },
194 { 108, IWM_RATE_54M_PLCP },
196 #define IWM_RIDX_CCK 0
197 #define IWM_RIDX_OFDM 4
198 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
199 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
200 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
202 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
203 static int iwm_firmware_store_section(struct iwm_softc *,
205 const uint8_t *, size_t);
206 static int iwm_set_default_calib(struct iwm_softc *, const void *);
207 static void iwm_fw_info_free(struct iwm_fw_info *);
208 static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type);
209 static void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int);
210 static int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *,
211 bus_size_t, bus_size_t);
212 static void iwm_dma_contig_free(struct iwm_dma_info *);
213 static int iwm_alloc_fwmem(struct iwm_softc *);
214 static void iwm_free_fwmem(struct iwm_softc *);
215 static int iwm_alloc_sched(struct iwm_softc *);
216 static void iwm_free_sched(struct iwm_softc *);
217 static int iwm_alloc_kw(struct iwm_softc *);
218 static void iwm_free_kw(struct iwm_softc *);
219 static int iwm_alloc_ict(struct iwm_softc *);
220 static void iwm_free_ict(struct iwm_softc *);
221 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
222 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
223 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
224 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
226 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
227 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
228 static void iwm_enable_interrupts(struct iwm_softc *);
229 static void iwm_restore_interrupts(struct iwm_softc *);
230 static void iwm_disable_interrupts(struct iwm_softc *);
231 static void iwm_ict_reset(struct iwm_softc *);
232 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
233 static void iwm_stop_device(struct iwm_softc *);
234 static void iwm_mvm_nic_config(struct iwm_softc *);
235 static int iwm_nic_rx_init(struct iwm_softc *);
236 static int iwm_nic_tx_init(struct iwm_softc *);
237 static int iwm_nic_init(struct iwm_softc *);
238 static void iwm_enable_txq(struct iwm_softc *, int, int);
239 static int iwm_post_alive(struct iwm_softc *);
240 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
241 uint16_t, uint8_t *, uint16_t *);
242 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
244 static void iwm_init_channel_map(struct iwm_softc *,
245 const uint16_t * const);
246 static int iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
247 const uint16_t *, const uint16_t *, uint8_t,
249 struct iwm_nvm_section;
250 static int iwm_parse_nvm_sections(struct iwm_softc *,
251 struct iwm_nvm_section *);
252 static int iwm_nvm_init(struct iwm_softc *);
253 static int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t,
254 const uint8_t *, uint32_t);
255 static int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type);
256 static int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type);
257 static int iwm_fw_alive(struct iwm_softc *, uint32_t);
258 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
259 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
260 static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *,
261 enum iwm_ucode_type);
262 static int iwm_run_init_mvm_ucode(struct iwm_softc *, int);
263 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
264 static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *);
265 static int iwm_mvm_get_signal_strength(struct iwm_softc *,
266 struct iwm_rx_phy_info *);
267 static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *,
268 struct iwm_rx_packet *,
269 struct iwm_rx_data *);
270 static int iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *);
271 static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *,
272 struct iwm_rx_data *);
273 static void iwm_mvm_rx_tx_cmd_single(struct iwm_softc *,
274 struct iwm_rx_packet *,
276 static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *,
277 struct iwm_rx_data *);
278 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
280 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
283 static const struct iwm_rate *
284 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
285 struct ieee80211_frame *, struct iwm_tx_cmd *);
286 static int iwm_tx(struct iwm_softc *, struct mbuf *,
287 struct ieee80211_node *, int);
288 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
289 const struct ieee80211_bpf_params *);
290 static void iwm_mvm_add_sta_cmd_v6_to_v5(struct iwm_mvm_add_sta_cmd_v6 *,
291 struct iwm_mvm_add_sta_cmd_v5 *);
292 static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *,
293 struct iwm_mvm_add_sta_cmd_v6 *,
295 static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *,
297 static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *);
298 static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *);
299 static int iwm_mvm_add_int_sta_common(struct iwm_softc *,
300 struct iwm_int_sta *,
301 const uint8_t *, uint16_t, uint16_t);
302 static int iwm_mvm_add_aux_sta(struct iwm_softc *);
303 static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *);
304 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
305 static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *);
306 static int iwm_release(struct iwm_softc *, struct iwm_node *);
307 static struct ieee80211_node *
308 iwm_node_alloc(struct ieee80211vap *,
309 const uint8_t[IEEE80211_ADDR_LEN]);
310 static void iwm_setrates(struct iwm_softc *, struct iwm_node *);
311 static int iwm_media_change(struct ifnet *);
312 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
313 static void iwm_endscan_cb(void *, int);
314 static int iwm_init_hw(struct iwm_softc *);
315 static void iwm_init(struct iwm_softc *);
316 static void iwm_start(struct iwm_softc *);
317 static void iwm_stop(struct iwm_softc *);
318 static void iwm_watchdog(void *);
319 static void iwm_parent(struct ieee80211com *);
322 iwm_desc_lookup(uint32_t);
323 static void iwm_nic_error(struct iwm_softc *);
325 static void iwm_notif_intr(struct iwm_softc *);
326 static void iwm_intr(void *);
327 static int iwm_attach(device_t);
328 static void iwm_preinit(void *);
329 static int iwm_detach_local(struct iwm_softc *sc, int);
330 static void iwm_init_task(void *);
331 static void iwm_radiotap_attach(struct iwm_softc *);
332 static struct ieee80211vap *
333 iwm_vap_create(struct ieee80211com *,
334 const char [IFNAMSIZ], int,
335 enum ieee80211_opmode, int,
336 const uint8_t [IEEE80211_ADDR_LEN],
337 const uint8_t [IEEE80211_ADDR_LEN]);
338 static void iwm_vap_delete(struct ieee80211vap *);
339 static void iwm_scan_start(struct ieee80211com *);
340 static void iwm_scan_end(struct ieee80211com *);
341 static void iwm_update_mcast(struct ieee80211com *);
342 static void iwm_set_channel(struct ieee80211com *);
343 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
344 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
345 static int iwm_detach(device_t);
352 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
354 const struct iwm_fw_cscheme_list *l = (const void *)data;
356 if (dlen < sizeof(*l) ||
357 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
360 /* we don't actually store anything for now, always use s/w crypto */
366 iwm_firmware_store_section(struct iwm_softc *sc,
367 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
369 struct iwm_fw_sects *fws;
370 struct iwm_fw_onesect *fwone;
372 if (type >= IWM_UCODE_TYPE_MAX)
374 if (dlen < sizeof(uint32_t))
377 fws = &sc->sc_fw.fw_sects[type];
378 if (fws->fw_count >= IWM_UCODE_SECT_MAX)
381 fwone = &fws->fw_sect[fws->fw_count];
383 /* first 32bit are device load offset */
384 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t));
387 fwone->fws_data = data + sizeof(uint32_t);
388 fwone->fws_len = dlen - sizeof(uint32_t);
391 fws->fw_totlen += fwone->fws_len;
396 /* iwlwifi: iwl-drv.c */
397 struct iwm_tlv_calib_data {
399 struct iwm_tlv_calib_ctrl calib;
403 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
405 const struct iwm_tlv_calib_data *def_calib = data;
406 uint32_t ucode_type = le32toh(def_calib->ucode_type);
408 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
409 device_printf(sc->sc_dev,
410 "Wrong ucode_type %u for default "
411 "calibration.\n", ucode_type);
415 sc->sc_default_calib[ucode_type].flow_trigger =
416 def_calib->calib.flow_trigger;
417 sc->sc_default_calib[ucode_type].event_trigger =
418 def_calib->calib.event_trigger;
424 iwm_fw_info_free(struct iwm_fw_info *fw)
426 firmware_put(fw->fw_rawdata, FIRMWARE_UNLOAD);
427 fw->fw_rawdata = NULL;
429 /* don't touch fw->fw_status */
430 memset(fw->fw_sects, 0, sizeof(fw->fw_sects));
434 iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
436 struct iwm_fw_info *fw = &sc->sc_fw;
437 const struct iwm_tlv_ucode_header *uhdr;
438 struct iwm_ucode_tlv tlv;
439 enum iwm_ucode_tlv_type tlv_type;
440 const struct firmware *fwp;
445 if (fw->fw_status == IWM_FW_STATUS_DONE &&
446 ucode_type != IWM_UCODE_TYPE_INIT)
449 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS)
450 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0);
451 fw->fw_status = IWM_FW_STATUS_INPROGRESS;
453 if (fw->fw_rawdata != NULL)
454 iwm_fw_info_free(fw);
457 * Load firmware into driver memory.
458 * fw_rawdata and fw_rawsize will be set.
461 fwp = firmware_get(sc->sc_fwname);
463 device_printf(sc->sc_dev,
464 "could not read firmware %s (error %d)\n",
465 sc->sc_fwname, error);
470 fw->fw_rawdata = fwp->data;
471 fw->fw_rawsize = fwp->datasize;
474 * Parse firmware contents
477 uhdr = (const void *)fw->fw_rawdata;
478 if (*(const uint32_t *)fw->fw_rawdata != 0
479 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
480 device_printf(sc->sc_dev, "invalid firmware %s\n",
486 sc->sc_fwver = le32toh(uhdr->ver);
488 len = fw->fw_rawsize - sizeof(*uhdr);
490 while (len >= sizeof(tlv)) {
492 const void *tlv_data;
494 memcpy(&tlv, data, sizeof(tlv));
495 tlv_len = le32toh(tlv.length);
496 tlv_type = le32toh(tlv.type);
503 device_printf(sc->sc_dev,
504 "firmware too short: %zu bytes\n",
510 switch ((int)tlv_type) {
511 case IWM_UCODE_TLV_PROBE_MAX_LEN:
512 if (tlv_len < sizeof(uint32_t)) {
513 device_printf(sc->sc_dev,
514 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n",
520 sc->sc_capa_max_probe_len
521 = le32toh(*(const uint32_t *)tlv_data);
522 /* limit it to something sensible */
523 if (sc->sc_capa_max_probe_len > (1<<16)) {
524 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
525 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
526 "ridiculous\n", __func__);
531 case IWM_UCODE_TLV_PAN:
533 device_printf(sc->sc_dev,
534 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n",
540 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN;
542 case IWM_UCODE_TLV_FLAGS:
543 if (tlv_len < sizeof(uint32_t)) {
544 device_printf(sc->sc_dev,
545 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n",
552 * Apparently there can be many flags, but Linux driver
553 * parses only the first one, and so do we.
555 * XXX: why does this override IWM_UCODE_TLV_PAN?
556 * Intentional or a bug? Observations from
557 * current firmware file:
558 * 1) TLV_PAN is parsed first
559 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
560 * ==> this resets TLV_PAN to itself... hnnnk
562 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data);
564 case IWM_UCODE_TLV_CSCHEME:
565 if ((error = iwm_store_cscheme(sc,
566 tlv_data, tlv_len)) != 0) {
567 device_printf(sc->sc_dev,
568 "%s: iwm_store_cscheme(): returned %d\n",
574 case IWM_UCODE_TLV_NUM_OF_CPU:
575 if (tlv_len != sizeof(uint32_t)) {
576 device_printf(sc->sc_dev,
577 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n",
583 if (le32toh(*(const uint32_t*)tlv_data) != 1) {
584 device_printf(sc->sc_dev,
585 "%s: driver supports "
586 "only TLV_NUM_OF_CPU == 1",
592 case IWM_UCODE_TLV_SEC_RT:
593 if ((error = iwm_firmware_store_section(sc,
594 IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len)) != 0) {
595 device_printf(sc->sc_dev,
596 "%s: IWM_UCODE_TYPE_REGULAR: iwm_firmware_store_section() failed; %d\n",
602 case IWM_UCODE_TLV_SEC_INIT:
603 if ((error = iwm_firmware_store_section(sc,
604 IWM_UCODE_TYPE_INIT, tlv_data, tlv_len)) != 0) {
605 device_printf(sc->sc_dev,
606 "%s: IWM_UCODE_TYPE_INIT: iwm_firmware_store_section() failed; %d\n",
612 case IWM_UCODE_TLV_SEC_WOWLAN:
613 if ((error = iwm_firmware_store_section(sc,
614 IWM_UCODE_TYPE_WOW, tlv_data, tlv_len)) != 0) {
615 device_printf(sc->sc_dev,
616 "%s: IWM_UCODE_TYPE_WOW: iwm_firmware_store_section() failed; %d\n",
622 case IWM_UCODE_TLV_DEF_CALIB:
623 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
624 device_printf(sc->sc_dev,
625 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n",
628 (int) sizeof(struct iwm_tlv_calib_data));
632 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
633 device_printf(sc->sc_dev,
634 "%s: iwm_set_default_calib() failed: %d\n",
640 case IWM_UCODE_TLV_PHY_SKU:
641 if (tlv_len != sizeof(uint32_t)) {
643 device_printf(sc->sc_dev,
644 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n",
649 sc->sc_fw_phy_config =
650 le32toh(*(const uint32_t *)tlv_data);
653 case IWM_UCODE_TLV_API_CHANGES_SET:
654 case IWM_UCODE_TLV_ENABLED_CAPABILITIES:
655 /* ignore, not used by current driver */
659 device_printf(sc->sc_dev,
660 "%s: unknown firmware section %d, abort\n",
666 len -= roundup(tlv_len, 4);
667 data += roundup(tlv_len, 4);
670 KASSERT(error == 0, ("unhandled error"));
674 device_printf(sc->sc_dev, "firmware parse error %d, "
675 "section type %d\n", error, tlv_type);
678 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) {
679 device_printf(sc->sc_dev,
680 "device uses unsupported power ops\n");
686 fw->fw_status = IWM_FW_STATUS_NONE;
687 if (fw->fw_rawdata != NULL)
688 iwm_fw_info_free(fw);
690 fw->fw_status = IWM_FW_STATUS_DONE;
697 * DMA resource routines
701 iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error)
705 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs));
706 *(bus_addr_t *)arg = segs[0].ds_addr;
710 iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma,
711 bus_size_t size, bus_size_t alignment)
718 error = bus_dma_tag_create(tag, alignment,
719 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size,
720 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag);
724 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr,
725 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map);
729 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size,
730 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT);
734 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
738 fail: iwm_dma_contig_free(dma);
743 iwm_dma_contig_free(struct iwm_dma_info *dma)
745 if (dma->map != NULL) {
746 if (dma->vaddr != NULL) {
747 bus_dmamap_sync(dma->tag, dma->map,
748 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
749 bus_dmamap_unload(dma->tag, dma->map);
750 bus_dmamem_free(dma->tag, dma->vaddr, dma->map);
753 bus_dmamap_destroy(dma->tag, dma->map);
756 if (dma->tag != NULL) {
757 bus_dma_tag_destroy(dma->tag);
763 /* fwmem is used to load firmware onto the card */
765 iwm_alloc_fwmem(struct iwm_softc *sc)
767 /* Must be aligned on a 16-byte boundary. */
768 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
769 sc->sc_fwdmasegsz, 16);
773 iwm_free_fwmem(struct iwm_softc *sc)
775 iwm_dma_contig_free(&sc->fw_dma);
778 /* tx scheduler rings. not used? */
780 iwm_alloc_sched(struct iwm_softc *sc)
784 /* TX scheduler rings must be aligned on a 1KB boundary. */
785 rv = iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
786 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
791 iwm_free_sched(struct iwm_softc *sc)
793 iwm_dma_contig_free(&sc->sched_dma);
796 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
798 iwm_alloc_kw(struct iwm_softc *sc)
800 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
804 iwm_free_kw(struct iwm_softc *sc)
806 iwm_dma_contig_free(&sc->kw_dma);
809 /* interrupt cause table */
811 iwm_alloc_ict(struct iwm_softc *sc)
813 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
814 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
818 iwm_free_ict(struct iwm_softc *sc)
820 iwm_dma_contig_free(&sc->ict_dma);
824 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
831 /* Allocate RX descriptors (256-byte aligned). */
832 size = IWM_RX_RING_COUNT * sizeof(uint32_t);
833 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
835 device_printf(sc->sc_dev,
836 "could not allocate RX ring DMA memory\n");
839 ring->desc = ring->desc_dma.vaddr;
841 /* Allocate RX status area (16-byte aligned). */
842 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
843 sizeof(*ring->stat), 16);
845 device_printf(sc->sc_dev,
846 "could not allocate RX status DMA memory\n");
849 ring->stat = ring->stat_dma.vaddr;
851 /* Create RX buffer DMA tag. */
852 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
853 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
854 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, BUS_DMA_NOWAIT, NULL, NULL,
857 device_printf(sc->sc_dev,
858 "%s: could not create RX buf DMA tag, error %d\n",
864 * Allocate and map RX buffers.
866 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
867 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
873 fail: iwm_free_rx_ring(sc, ring);
878 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
881 /* XXX print out if we can't lock the NIC? */
882 if (iwm_nic_lock(sc)) {
883 /* XXX handle if RX stop doesn't finish? */
884 (void) iwm_pcie_rx_stop(sc);
887 /* Reset the ring state */
889 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
893 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
897 iwm_dma_contig_free(&ring->desc_dma);
898 iwm_dma_contig_free(&ring->stat_dma);
900 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
901 struct iwm_rx_data *data = &ring->data[i];
903 if (data->m != NULL) {
904 bus_dmamap_sync(ring->data_dmat, data->map,
905 BUS_DMASYNC_POSTREAD);
906 bus_dmamap_unload(ring->data_dmat, data->map);
910 if (data->map != NULL) {
911 bus_dmamap_destroy(ring->data_dmat, data->map);
915 if (ring->data_dmat != NULL) {
916 bus_dma_tag_destroy(ring->data_dmat);
917 ring->data_dmat = NULL;
922 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
932 /* Allocate TX descriptors (256-byte aligned). */
933 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
934 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
936 device_printf(sc->sc_dev,
937 "could not allocate TX ring DMA memory\n");
940 ring->desc = ring->desc_dma.vaddr;
943 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
944 * to allocate commands space for other rings.
946 if (qid > IWM_MVM_CMD_QUEUE)
949 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
950 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
952 device_printf(sc->sc_dev,
953 "could not allocate TX cmd DMA memory\n");
956 ring->cmd = ring->cmd_dma.vaddr;
958 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
959 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
960 IWM_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL,
963 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
967 paddr = ring->cmd_dma.paddr;
968 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
969 struct iwm_tx_data *data = &ring->data[i];
971 data->cmd_paddr = paddr;
972 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
973 + offsetof(struct iwm_tx_cmd, scratch);
974 paddr += sizeof(struct iwm_device_cmd);
976 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
978 device_printf(sc->sc_dev,
979 "could not create TX buf DMA map\n");
983 KASSERT(paddr == ring->cmd_dma.paddr + size,
984 ("invalid physical address"));
987 fail: iwm_free_tx_ring(sc, ring);
992 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
996 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
997 struct iwm_tx_data *data = &ring->data[i];
999 if (data->m != NULL) {
1000 bus_dmamap_sync(ring->data_dmat, data->map,
1001 BUS_DMASYNC_POSTWRITE);
1002 bus_dmamap_unload(ring->data_dmat, data->map);
1007 /* Clear TX descriptors. */
1008 memset(ring->desc, 0, ring->desc_dma.size);
1009 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1010 BUS_DMASYNC_PREWRITE);
1011 sc->qfullmsk &= ~(1 << ring->qid);
1017 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1021 iwm_dma_contig_free(&ring->desc_dma);
1022 iwm_dma_contig_free(&ring->cmd_dma);
1024 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1025 struct iwm_tx_data *data = &ring->data[i];
1027 if (data->m != NULL) {
1028 bus_dmamap_sync(ring->data_dmat, data->map,
1029 BUS_DMASYNC_POSTWRITE);
1030 bus_dmamap_unload(ring->data_dmat, data->map);
1034 if (data->map != NULL) {
1035 bus_dmamap_destroy(ring->data_dmat, data->map);
1039 if (ring->data_dmat != NULL) {
1040 bus_dma_tag_destroy(ring->data_dmat);
1041 ring->data_dmat = NULL;
1046 * High-level hardware frobbing routines
1050 iwm_enable_interrupts(struct iwm_softc *sc)
1052 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1053 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1057 iwm_restore_interrupts(struct iwm_softc *sc)
1059 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1063 iwm_disable_interrupts(struct iwm_softc *sc)
1065 /* disable interrupts */
1066 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1068 /* acknowledge all interrupts */
1069 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1070 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1074 iwm_ict_reset(struct iwm_softc *sc)
1076 iwm_disable_interrupts(sc);
1078 /* Reset ICT table. */
1079 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1082 /* Set physical address of ICT table (4KB aligned). */
1083 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1084 IWM_CSR_DRAM_INT_TBL_ENABLE
1085 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1086 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1088 /* Switch to ICT interrupt mode in driver. */
1089 sc->sc_flags |= IWM_FLAG_USE_ICT;
1091 /* Re-enable interrupts. */
1092 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1093 iwm_enable_interrupts(sc);
1096 /* iwlwifi pcie/trans.c */
1099 * Since this .. hard-resets things, it's time to actually
1100 * mark the first vap (if any) as having no mac context.
1101 * It's annoying, but since the driver is potentially being
1102 * stop/start'ed whilst active (thanks openbsd port!) we
1103 * have to correctly track this.
1106 iwm_stop_device(struct iwm_softc *sc)
1108 struct ieee80211com *ic = &sc->sc_ic;
1109 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1113 /* tell the device to stop sending interrupts */
1114 iwm_disable_interrupts(sc);
1117 * FreeBSD-local: mark the first vap as not-uploaded,
1118 * so the next transition through auth/assoc
1119 * will correctly populate the MAC context.
1122 struct iwm_vap *iv = IWM_VAP(vap);
1123 iv->is_uploaded = 0;
1126 /* device going down, Stop using ICT table */
1127 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1129 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1131 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1133 /* Stop all DMA channels. */
1134 if (iwm_nic_lock(sc)) {
1135 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1137 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1138 for (ntries = 0; ntries < 200; ntries++) {
1141 r = IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG);
1142 if (r & IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(
1152 iwm_reset_rx_ring(sc, &sc->rxq);
1154 /* Reset all TX rings. */
1155 for (qid = 0; qid < nitems(sc->txq); qid++)
1156 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1159 * Power-down device's busmaster DMA clocks
1161 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1164 /* Make sure (redundant) we've released our request to stay awake */
1165 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1166 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1168 /* Stop the device, and put it in low power state */
1171 /* Upon stop, the APM issues an interrupt if HW RF kill is set.
1172 * Clean again the interrupt here
1174 iwm_disable_interrupts(sc);
1175 /* stop and reset the on-board processor */
1176 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_NEVO_RESET);
1179 * Even if we stop the HW, we still want the RF kill
1182 iwm_enable_rfkill_int(sc);
1183 iwm_check_rfkill(sc);
1186 /* iwlwifi: mvm/ops.c */
1188 iwm_mvm_nic_config(struct iwm_softc *sc)
1190 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1191 uint32_t reg_val = 0;
1193 radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1194 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1195 radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1196 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1197 radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1198 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1201 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1202 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1203 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1204 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1206 /* radio configuration */
1207 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1208 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1209 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1211 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val);
1213 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1214 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1215 radio_cfg_step, radio_cfg_dash);
1218 * W/A : NIC is stuck in a reset state after Early PCIe power off
1219 * (PCIe power is lost before PERST# is asserted), causing ME FW
1220 * to lose ownership and not being able to obtain it back.
1222 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1223 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1224 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1228 iwm_nic_rx_init(struct iwm_softc *sc)
1230 if (!iwm_nic_lock(sc))
1234 * Initialize RX ring. This is from the iwn driver.
1236 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1239 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 0);
1240 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1241 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1242 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1243 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1245 /* Set physical address of RX ring (256-byte aligned). */
1247 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8);
1249 /* Set physical address of RX status (16-byte aligned). */
1251 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1255 * Note: Linux driver also sets this:
1256 * (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1258 * It causes weird behavior. YMMV.
1260 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1261 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1262 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1263 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1264 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1265 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1267 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1269 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1270 if (sc->host_interrupt_operation_mode)
1271 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1274 * Thus sayeth el jefe (iwlwifi) via a comment:
1276 * This value should initially be 0 (before preparing any
1277 * RBs), should be 8 after preparing the first 8 RBs (for example)
1279 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1287 iwm_nic_tx_init(struct iwm_softc *sc)
1291 if (!iwm_nic_lock(sc))
1294 /* Deactivate TX scheduler. */
1295 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1297 /* Set physical address of "keep warm" page (16-byte aligned). */
1298 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1300 /* Initialize TX rings. */
1301 for (qid = 0; qid < nitems(sc->txq); qid++) {
1302 struct iwm_tx_ring *txq = &sc->txq[qid];
1304 /* Set physical address of TX ring (256-byte aligned). */
1305 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1306 txq->desc_dma.paddr >> 8);
1307 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1308 "%s: loading ring %d descriptors (%p) at %lx\n",
1311 (unsigned long) (txq->desc_dma.paddr >> 8));
1319 iwm_nic_init(struct iwm_softc *sc)
1326 iwm_mvm_nic_config(sc);
1328 if ((error = iwm_nic_rx_init(sc)) != 0)
1332 * Ditto for TX, from iwn
1334 if ((error = iwm_nic_tx_init(sc)) != 0)
1337 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1338 "%s: shadow registers enabled\n", __func__);
1339 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1344 enum iwm_mvm_tx_fifo {
1345 IWM_MVM_TX_FIFO_BK = 0,
1349 IWM_MVM_TX_FIFO_MCAST = 5,
1352 const uint8_t iwm_mvm_ac_to_tx_fifo[] = {
1360 iwm_enable_txq(struct iwm_softc *sc, int qid, int fifo)
1362 if (!iwm_nic_lock(sc)) {
1363 device_printf(sc->sc_dev,
1364 "%s: cannot enable txq %d\n",
1367 return; /* XXX return EBUSY */
1370 /* unactivate before configuration */
1371 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1372 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE)
1373 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1375 if (qid != IWM_MVM_CMD_QUEUE) {
1376 iwm_set_bits_prph(sc, IWM_SCD_QUEUECHAIN_SEL, (1 << qid));
1379 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid));
1381 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1382 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1384 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1385 /* Set scheduler window size and frame limit. */
1387 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1389 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1390 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1391 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1392 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1394 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1395 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1396 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1397 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1398 IWM_SCD_QUEUE_STTS_REG_MSK);
1402 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1403 "%s: enabled txq %d FIFO %d\n",
1404 __func__, qid, fifo);
1408 iwm_post_alive(struct iwm_softc *sc)
1413 if (!iwm_nic_lock(sc))
1416 if (sc->sched_base != iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR)) {
1417 device_printf(sc->sc_dev,
1418 "%s: sched addr mismatch",
1426 /* Clear TX scheduler state in SRAM. */
1427 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1428 IWM_SCD_CONTEXT_MEM_LOWER_BOUND)
1430 error = iwm_write_mem(sc,
1431 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1436 /* Set physical address of TX scheduler rings (1KB aligned). */
1437 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1439 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1441 /* enable command channel */
1442 iwm_enable_txq(sc, IWM_MVM_CMD_QUEUE, 7);
1444 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1446 /* Enable DMA channels. */
1447 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1448 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1449 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1450 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1453 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1454 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1456 /* Enable L1-Active */
1457 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1458 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1466 * NVM read access and content parsing. We do not support
1467 * external NVM or writing NVM.
1471 /* list of NVM sections we are allowed/need to read */
1472 const int nvm_to_read[] = {
1473 IWM_NVM_SECTION_TYPE_HW,
1474 IWM_NVM_SECTION_TYPE_SW,
1475 IWM_NVM_SECTION_TYPE_CALIBRATION,
1476 IWM_NVM_SECTION_TYPE_PRODUCTION,
1479 /* Default NVM size to read */
1480 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1481 #define IWM_MAX_NVM_SECTION_SIZE 7000
1483 #define IWM_NVM_WRITE_OPCODE 1
1484 #define IWM_NVM_READ_OPCODE 0
1487 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1488 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1491 struct iwm_nvm_access_cmd nvm_access_cmd = {
1492 .offset = htole16(offset),
1493 .length = htole16(length),
1494 .type = htole16(section),
1495 .op_code = IWM_NVM_READ_OPCODE,
1497 struct iwm_nvm_access_resp *nvm_resp;
1498 struct iwm_rx_packet *pkt;
1499 struct iwm_host_cmd cmd = {
1500 .id = IWM_NVM_ACCESS_CMD,
1501 .flags = IWM_CMD_SYNC | IWM_CMD_WANT_SKB |
1502 IWM_CMD_SEND_IN_RFKILL,
1503 .data = { &nvm_access_cmd, },
1505 int ret, bytes_read, offset_read;
1508 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1510 ret = iwm_send_cmd(sc, &cmd);
1515 if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) {
1516 device_printf(sc->sc_dev,
1517 "%s: Bad return from IWM_NVM_ACCES_COMMAND (0x%08X)\n",
1518 __func__, pkt->hdr.flags);
1523 /* Extract NVM response */
1524 nvm_resp = (void *)pkt->data;
1526 ret = le16toh(nvm_resp->status);
1527 bytes_read = le16toh(nvm_resp->length);
1528 offset_read = le16toh(nvm_resp->offset);
1529 resp_data = nvm_resp->data;
1531 device_printf(sc->sc_dev,
1532 "%s: NVM access command failed with status %d\n",
1538 if (offset_read != offset) {
1539 device_printf(sc->sc_dev,
1540 "%s: NVM ACCESS response with invalid offset %d\n",
1541 __func__, offset_read);
1546 memcpy(data + offset, resp_data, bytes_read);
1550 iwm_free_resp(sc, &cmd);
1555 * Reads an NVM section completely.
1556 * NICs prior to 7000 family doesn't have a real NVM, but just read
1557 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1558 * by uCode, we need to manually check in this case that we don't
1559 * overflow and try to read more than the EEPROM size.
1560 * For 7000 family NICs, we supply the maximal size we can read, and
1561 * the uCode fills the response with as much data as we can,
1562 * without overflowing, so no check is needed.
1565 iwm_nvm_read_section(struct iwm_softc *sc,
1566 uint16_t section, uint8_t *data, uint16_t *len)
1568 uint16_t length, seglen;
1571 /* Set nvm section read length */
1572 length = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE;
1575 /* Read the NVM until exhausted (reading less than requested) */
1576 while (seglen == length) {
1577 error = iwm_nvm_read_chunk(sc,
1578 section, *len, length, data, &seglen);
1580 device_printf(sc->sc_dev,
1581 "Cannot read NVM from section "
1582 "%d offset %d, length %d\n",
1583 section, *len, length);
1589 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1590 "NVM section %d read completed\n", section);
1595 * BEGIN IWM_NVM_PARSE
1598 /* iwlwifi/iwl-nvm-parse.c */
1600 /* NVM offsets (in words) definitions */
1601 enum wkp_nvm_offsets {
1602 /* NVM HW-Section offset (in words) definitions */
1605 /* NVM SW-Section offset (in words) definitions */
1606 IWM_NVM_SW_SECTION = 0x1C0,
1607 IWM_NVM_VERSION = 0,
1611 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1613 /* NVM calibration section offset (in words) definitions */
1614 IWM_NVM_CALIB_SECTION = 0x2B8,
1615 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1618 /* SKU Capabilities (actual values from NVM definition) */
1620 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1621 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1622 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1623 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1626 /* radio config bits (actual values from NVM definition) */
1627 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1628 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1629 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1630 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1631 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1632 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1634 #define DEFAULT_MAX_TX_POWER 16
1637 * enum iwm_nvm_channel_flags - channel flags in NVM
1638 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1639 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1640 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1641 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1642 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1643 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1644 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1645 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1646 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1648 enum iwm_nvm_channel_flags {
1649 IWM_NVM_CHANNEL_VALID = (1 << 0),
1650 IWM_NVM_CHANNEL_IBSS = (1 << 1),
1651 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
1652 IWM_NVM_CHANNEL_RADAR = (1 << 4),
1653 IWM_NVM_CHANNEL_DFS = (1 << 7),
1654 IWM_NVM_CHANNEL_WIDE = (1 << 8),
1655 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
1656 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
1657 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
1661 * Add a channel to the net80211 channel list.
1663 * ieee is the ieee channel number
1664 * ch_idx is channel index.
1665 * mode is the channel mode - CHAN_A, CHAN_B, CHAN_G.
1666 * ch_flags is the iwm channel flags.
1668 * Return 0 on OK, < 0 on error.
1671 iwm_init_net80211_channel(struct iwm_softc *sc, int ieee, int ch_idx,
1672 int mode, uint16_t ch_flags)
1674 /* XXX for now, no overflow checking! */
1675 struct ieee80211com *ic = &sc->sc_ic;
1677 struct ieee80211_channel *channel;
1679 channel = &ic->ic_channels[ic->ic_nchans++];
1680 channel->ic_ieee = ieee;
1682 is_5ghz = ch_idx >= IWM_NUM_2GHZ_CHANNELS;
1684 flags = IEEE80211_CHAN_2GHZ;
1685 channel->ic_flags = mode;
1687 flags = IEEE80211_CHAN_5GHZ;
1688 channel->ic_flags = mode;
1690 channel->ic_freq = ieee80211_ieee2mhz(ieee, flags);
1692 if (!(ch_flags & IWM_NVM_CHANNEL_ACTIVE))
1693 channel->ic_flags |= IEEE80211_CHAN_PASSIVE;
1698 iwm_init_channel_map(struct iwm_softc *sc, const uint16_t * const nvm_ch_flags)
1700 struct ieee80211com *ic = &sc->sc_ic;
1701 struct iwm_nvm_data *data = &sc->sc_nvm;
1706 for (ch_idx = 0; ch_idx < nitems(iwm_nvm_channels); ch_idx++) {
1707 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
1709 if (ch_idx >= IWM_NUM_2GHZ_CHANNELS &&
1710 !data->sku_cap_band_52GHz_enable)
1711 ch_flags &= ~IWM_NVM_CHANNEL_VALID;
1713 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
1714 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1715 "Ch. %d Flags %x [%sGHz] - No traffic\n",
1716 iwm_nvm_channels[ch_idx],
1718 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1723 hw_value = iwm_nvm_channels[ch_idx];
1726 if (ch_idx >= IWM_NUM_2GHZ_CHANNELS) {
1727 (void) iwm_init_net80211_channel(sc, hw_value,
1732 (void) iwm_init_net80211_channel(sc, hw_value,
1736 /* If it's not channel 13, also add 11g */
1738 (void) iwm_init_net80211_channel(sc, hw_value,
1744 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1745 "Ch. %d Flags %x [%sGHz] - Added\n",
1746 iwm_nvm_channels[ch_idx],
1748 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1751 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans);
1755 iwm_parse_nvm_data(struct iwm_softc *sc,
1756 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
1757 const uint16_t *nvm_calib, uint8_t tx_chains, uint8_t rx_chains)
1759 struct iwm_nvm_data *data = &sc->sc_nvm;
1760 uint8_t hw_addr[IEEE80211_ADDR_LEN];
1761 uint16_t radio_cfg, sku;
1763 data->nvm_version = le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
1765 radio_cfg = le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
1766 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
1767 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
1768 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
1769 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
1770 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK(radio_cfg);
1771 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK(radio_cfg);
1773 sku = le16_to_cpup(nvm_sw + IWM_SKU);
1774 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
1775 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
1776 data->sku_cap_11n_enable = 0;
1778 if (!data->valid_tx_ant || !data->valid_rx_ant) {
1779 device_printf(sc->sc_dev,
1780 "%s: invalid antennas (0x%x, 0x%x)\n",
1781 __func__, data->valid_tx_ant,
1782 data->valid_rx_ant);
1786 data->n_hw_addrs = le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
1788 data->xtal_calib[0] = *(nvm_calib + IWM_XTAL_CALIB);
1789 data->xtal_calib[1] = *(nvm_calib + IWM_XTAL_CALIB + 1);
1791 /* The byte order is little endian 16 bit, meaning 214365 */
1792 IEEE80211_ADDR_COPY(hw_addr, nvm_hw + IWM_HW_ADDR);
1793 data->hw_addr[0] = hw_addr[1];
1794 data->hw_addr[1] = hw_addr[0];
1795 data->hw_addr[2] = hw_addr[3];
1796 data->hw_addr[3] = hw_addr[2];
1797 data->hw_addr[4] = hw_addr[5];
1798 data->hw_addr[5] = hw_addr[4];
1800 iwm_init_channel_map(sc, &nvm_sw[IWM_NVM_CHANNELS]);
1801 data->calib_version = 255; /* TODO:
1802 this value will prevent some checks from
1803 failing, we need to check if this
1804 field is still needed, and if it does,
1805 where is it in the NVM */
1814 struct iwm_nvm_section {
1816 const uint8_t *data;
1820 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
1822 const uint16_t *hw, *sw, *calib;
1824 /* Checking for required sections */
1825 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
1826 !sections[IWM_NVM_SECTION_TYPE_HW].data) {
1827 device_printf(sc->sc_dev,
1828 "%s: Can't parse empty NVM sections\n",
1833 hw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_HW].data;
1834 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
1835 calib = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
1836 return iwm_parse_nvm_data(sc, hw, sw, calib,
1837 IWM_FW_VALID_TX_ANT(sc), IWM_FW_VALID_RX_ANT(sc));
1841 iwm_nvm_init(struct iwm_softc *sc)
1843 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS];
1844 int i, section, error;
1846 uint8_t *nvm_buffer, *temp;
1848 /* Read From FW NVM */
1849 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1853 /* TODO: find correct NVM max size for a section */
1854 nvm_buffer = malloc(IWM_OTP_LOW_IMAGE_SIZE, M_DEVBUF, M_NOWAIT);
1855 if (nvm_buffer == NULL)
1857 for (i = 0; i < nitems(nvm_to_read); i++) {
1858 section = nvm_to_read[i];
1859 KASSERT(section <= nitems(nvm_sections),
1860 ("too many sections"));
1862 error = iwm_nvm_read_section(sc, section, nvm_buffer, &len);
1866 temp = malloc(len, M_DEVBUF, M_NOWAIT);
1871 memcpy(temp, nvm_buffer, len);
1872 nvm_sections[section].data = temp;
1873 nvm_sections[section].length = len;
1875 free(nvm_buffer, M_DEVBUF);
1879 return iwm_parse_nvm_sections(sc, nvm_sections);
1883 * Firmware loading gunk. This is kind of a weird hybrid between the
1884 * iwn driver and the Linux iwlwifi driver.
1888 iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr,
1889 const uint8_t *section, uint32_t byte_cnt)
1891 struct iwm_dma_info *dma = &sc->fw_dma;
1894 /* Copy firmware section into pre-allocated DMA-safe memory. */
1895 memcpy(dma->vaddr, section, byte_cnt);
1896 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
1898 if (!iwm_nic_lock(sc))
1901 sc->sc_fw_chunk_done = 0;
1903 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
1904 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
1905 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
1907 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
1908 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
1909 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
1910 (iwm_get_dma_hi_addr(dma->paddr)
1911 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
1912 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
1913 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
1914 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
1915 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
1916 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
1917 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1918 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
1919 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
1923 /* wait 1s for this segment to load */
1924 while (!sc->sc_fw_chunk_done)
1925 if ((error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz)) != 0)
1932 iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1934 struct iwm_fw_sects *fws;
1940 sc->sc_uc.uc_intr = 0;
1942 fws = &sc->sc_fw.fw_sects[ucode_type];
1943 for (i = 0; i < fws->fw_count; i++) {
1944 data = fws->fw_sect[i].fws_data;
1945 dlen = fws->fw_sect[i].fws_len;
1946 offset = fws->fw_sect[i].fws_devoff;
1947 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
1948 "LOAD FIRMWARE type %d offset %u len %d\n",
1949 ucode_type, offset, dlen);
1950 error = iwm_firmware_load_chunk(sc, offset, data, dlen);
1952 device_printf(sc->sc_dev,
1953 "%s: chunk %u of %u returned error %02d\n",
1954 __func__, i, fws->fw_count, error);
1959 /* wait for the firmware to load */
1960 IWM_WRITE(sc, IWM_CSR_RESET, 0);
1962 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) {
1963 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10);
1969 /* iwlwifi: pcie/trans.c */
1971 iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1975 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1977 if ((error = iwm_nic_init(sc)) != 0) {
1978 device_printf(sc->sc_dev, "unable to init nic\n");
1982 /* make sure rfkill handshake bits are cleared */
1983 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1984 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
1985 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
1987 /* clear (again), then enable host interrupts */
1988 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1989 iwm_enable_interrupts(sc);
1991 /* really make sure rfkill handshake bits are cleared */
1992 /* maybe we should write a few times more? just to make sure */
1993 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1994 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1996 /* Load the given image to the HW */
1997 return iwm_load_firmware(sc, ucode_type);
2001 iwm_fw_alive(struct iwm_softc *sc, uint32_t sched_base)
2003 return iwm_post_alive(sc);
2007 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2009 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2010 .valid = htole32(valid_tx_ant),
2013 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2014 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2017 /* iwlwifi: mvm/fw.c */
2019 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2021 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2022 enum iwm_ucode_type ucode_type = sc->sc_uc_current;
2024 /* Set parameters */
2025 phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config);
2026 phy_cfg_cmd.calib_control.event_trigger =
2027 sc->sc_default_calib[ucode_type].event_trigger;
2028 phy_cfg_cmd.calib_control.flow_trigger =
2029 sc->sc_default_calib[ucode_type].flow_trigger;
2031 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2032 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2033 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2034 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2038 iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc,
2039 enum iwm_ucode_type ucode_type)
2041 enum iwm_ucode_type old_type = sc->sc_uc_current;
2044 if ((error = iwm_read_firmware(sc, ucode_type)) != 0)
2047 sc->sc_uc_current = ucode_type;
2048 error = iwm_start_fw(sc, ucode_type);
2050 sc->sc_uc_current = old_type;
2054 return iwm_fw_alive(sc, sc->sched_base);
2062 * follows iwlwifi/fw.c
2065 iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm)
2069 /* do not operate with rfkill switch turned on */
2070 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2071 device_printf(sc->sc_dev,
2072 "radio is disabled by hardware switch\n");
2076 sc->sc_init_complete = 0;
2077 if ((error = iwm_mvm_load_ucode_wait_alive(sc,
2078 IWM_UCODE_TYPE_INIT)) != 0)
2082 if ((error = iwm_nvm_init(sc)) != 0) {
2083 device_printf(sc->sc_dev, "failed to read nvm\n");
2086 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, &sc->sc_nvm.hw_addr);
2088 sc->sc_scan_cmd_len = sizeof(struct iwm_scan_cmd)
2089 + sc->sc_capa_max_probe_len
2090 + IWM_MAX_NUM_SCAN_CHANNELS
2091 * sizeof(struct iwm_scan_channel);
2092 sc->sc_scan_cmd = malloc(sc->sc_scan_cmd_len, M_DEVBUF,
2094 if (sc->sc_scan_cmd == NULL)
2100 /* Send TX valid antennas before triggering calibrations */
2101 if ((error = iwm_send_tx_ant_cfg(sc, IWM_FW_VALID_TX_ANT(sc))) != 0)
2105 * Send phy configurations command to init uCode
2106 * to start the 16.0 uCode init image internal calibrations.
2108 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0 ) {
2109 device_printf(sc->sc_dev,
2110 "%s: failed to run internal calibration: %d\n",
2116 * Nothing to do but wait for the init complete notification
2119 while (!sc->sc_init_complete)
2120 if ((error = msleep(&sc->sc_init_complete, &sc->sc_mtx,
2121 0, "iwminit", 2*hz)) != 0)
2131 /* (re)stock rx ring, called at init-time and at runtime */
2133 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
2135 struct iwm_rx_ring *ring = &sc->rxq;
2136 struct iwm_rx_data *data = &ring->data[idx];
2141 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
2145 if (data->m != NULL)
2146 bus_dmamap_unload(ring->data_dmat, data->map);
2148 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
2149 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
2151 device_printf(sc->sc_dev,
2152 "%s: could not create RX buf DMA map, error %d\n",
2157 error = bus_dmamap_load(ring->data_dmat, data->map,
2158 mtod(data->m, void *), IWM_RBUF_SIZE, iwm_dma_map_addr,
2159 &paddr, BUS_DMA_NOWAIT);
2160 if (error != 0 && error != EFBIG) {
2161 device_printf(sc->sc_dev,
2162 "%s: can't not map mbuf, error %d\n", __func__,
2166 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
2168 /* Update RX descriptor. */
2169 ring->desc[idx] = htole32(paddr >> 8);
2170 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2171 BUS_DMASYNC_PREWRITE);
2178 /* iwlwifi: mvm/rx.c */
2179 #define IWM_RSSI_OFFSET 50
2181 iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
2183 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm;
2184 uint32_t agc_a, agc_b;
2187 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]);
2188 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS;
2189 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS;
2191 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]);
2192 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS;
2193 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS;
2196 * dBm = rssi dB - agc dB - constant.
2197 * Higher AGC (higher radio gain) means lower signal.
2199 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a;
2200 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b;
2201 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm);
2203 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2204 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n",
2205 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b);
2207 return max_rssi_dbm;
2210 /* iwlwifi: mvm/rx.c */
2212 * iwm_mvm_get_signal_strength - use new rx PHY INFO API
2213 * values are reported by the fw as positive values - need to negate
2214 * to obtain their dBM. Account for missing antennas by replacing 0
2215 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
2218 iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
2220 int energy_a, energy_b, energy_c, max_energy;
2223 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
2224 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
2225 IWM_RX_INFO_ENERGY_ANT_A_POS;
2226 energy_a = energy_a ? -energy_a : -256;
2227 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
2228 IWM_RX_INFO_ENERGY_ANT_B_POS;
2229 energy_b = energy_b ? -energy_b : -256;
2230 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
2231 IWM_RX_INFO_ENERGY_ANT_C_POS;
2232 energy_c = energy_c ? -energy_c : -256;
2233 max_energy = MAX(energy_a, energy_b);
2234 max_energy = MAX(max_energy, energy_c);
2236 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2237 "energy In A %d B %d C %d , and max %d\n",
2238 energy_a, energy_b, energy_c, max_energy);
2244 iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc,
2245 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2247 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
2249 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
2250 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2252 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
2256 * Retrieve the average noise (in dBm) among receivers.
2259 iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *stats)
2261 int i, total, nbant, noise;
2263 total = nbant = noise = 0;
2264 for (i = 0; i < 3; i++) {
2265 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
2272 /* There should be at least one antenna but check anyway. */
2273 return (nbant == 0) ? -127 : (total / nbant) - 107;
2277 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
2279 * Handles the actual data of the Rx packet from the fw
2282 iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc,
2283 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2285 struct ieee80211com *ic = &sc->sc_ic;
2286 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2287 struct ieee80211_frame *wh;
2288 struct ieee80211_node *ni;
2289 struct ieee80211_rx_stats rxs;
2291 struct iwm_rx_phy_info *phy_info;
2292 struct iwm_rx_mpdu_res_start *rx_res;
2294 uint32_t rx_pkt_status;
2297 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2299 phy_info = &sc->sc_last_phy_info;
2300 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
2301 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
2302 len = le16toh(rx_res->byte_count);
2303 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
2306 m->m_data = pkt->data + sizeof(*rx_res);
2307 m->m_pkthdr.len = m->m_len = len;
2309 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
2310 device_printf(sc->sc_dev,
2311 "dsp size out of range [0,20]: %d\n",
2312 phy_info->cfg_phy_cnt);
2316 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
2317 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
2318 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2319 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
2323 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) {
2324 rssi = iwm_mvm_get_signal_strength(sc, phy_info);
2326 rssi = iwm_mvm_calc_rssi(sc, phy_info);
2328 rssi = (0 - IWM_MIN_DBM) + rssi; /* normalize */
2329 rssi = MIN(rssi, sc->sc_max_rssi); /* clip to max. 100% */
2331 /* replenish ring for the buffer we're going to feed to the sharks */
2332 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
2333 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
2338 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
2340 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2341 "%s: phy_info: channel=%d, flags=0x%08x\n",
2343 le16toh(phy_info->channel),
2344 le16toh(phy_info->phy_flags));
2347 * Populate an RX state struct with the provided information.
2349 bzero(&rxs, sizeof(rxs));
2350 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
2351 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
2352 rxs.c_ieee = le16toh(phy_info->channel);
2353 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
2354 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
2356 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
2358 rxs.rssi = rssi - sc->sc_noise;
2359 rxs.nf = sc->sc_noise;
2361 if (ieee80211_radiotap_active_vap(vap)) {
2362 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
2365 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
2366 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2367 tap->wr_chan_freq = htole16(rxs.c_freq);
2368 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
2369 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2370 tap->wr_dbm_antsignal = (int8_t)rssi;
2371 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
2372 tap->wr_tsft = phy_info->system_timestamp;
2373 switch (phy_info->rate) {
2375 case 10: tap->wr_rate = 2; break;
2376 case 20: tap->wr_rate = 4; break;
2377 case 55: tap->wr_rate = 11; break;
2378 case 110: tap->wr_rate = 22; break;
2380 case 0xd: tap->wr_rate = 12; break;
2381 case 0xf: tap->wr_rate = 18; break;
2382 case 0x5: tap->wr_rate = 24; break;
2383 case 0x7: tap->wr_rate = 36; break;
2384 case 0x9: tap->wr_rate = 48; break;
2385 case 0xb: tap->wr_rate = 72; break;
2386 case 0x1: tap->wr_rate = 96; break;
2387 case 0x3: tap->wr_rate = 108; break;
2388 /* Unknown rate: should not happen. */
2389 default: tap->wr_rate = 0;
2395 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
2396 ieee80211_input_mimo(ni, m, &rxs);
2397 ieee80211_free_node(ni);
2399 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
2400 ieee80211_input_mimo_all(ic, m, &rxs);
2406 iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
2407 struct iwm_node *in)
2409 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data;
2410 struct ieee80211vap *vap = in->in_ni.ni_vap;
2411 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
2412 int failack = tx_resp->failure_frame;
2414 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
2416 /* Update rate control statistics. */
2417 if (status != IWM_TX_STATUS_SUCCESS &&
2418 status != IWM_TX_STATUS_DIRECT_DONE) {
2419 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 1);
2420 ieee80211_ratectl_tx_complete(vap, &in->in_ni,
2421 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL);
2423 if_inc_counter(vap->iv_ifp, IFCOUNTER_OPACKETS, 1);
2424 ieee80211_ratectl_tx_complete(vap, &in->in_ni,
2425 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL);
2431 iwm_mvm_rx_tx_cmd(struct iwm_softc *sc,
2432 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2434 struct iwm_cmd_header *cmd_hdr = &pkt->hdr;
2435 int idx = cmd_hdr->idx;
2436 int qid = cmd_hdr->qid;
2437 struct iwm_tx_ring *ring = &sc->txq[qid];
2438 struct iwm_tx_data *txd = &ring->data[idx];
2439 struct iwm_node *in = txd->in;
2442 device_printf(sc->sc_dev,
2443 "%s: got tx interrupt that's already been handled!\n",
2447 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2449 sc->sc_tx_timer = 0;
2451 iwm_mvm_rx_tx_cmd_single(sc, pkt, in);
2453 /* Unmap and free mbuf. */
2454 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
2455 bus_dmamap_unload(ring->data_dmat, txd->map);
2458 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2459 "free txd %p, in %p\n", txd, txd->in);
2460 KASSERT(txd->done == 0, ("txd not done"));
2462 KASSERT(txd->in, ("txd without node"));
2466 ieee80211_free_node((struct ieee80211_node *)in);
2468 if (--ring->queued < IWM_TX_RING_LOMARK) {
2469 sc->qfullmsk &= ~(1 << ring->qid);
2470 if (sc->qfullmsk == 0) {
2472 * Well, we're in interrupt context, but then again
2473 * I guess net80211 does all sorts of stunts in
2474 * interrupt context, so maybe this is no biggie.
2486 * Process a "command done" firmware notification. This is where we wakeup
2487 * processes waiting for a synchronous command completion.
2491 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
2493 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE];
2494 struct iwm_tx_data *data;
2496 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) {
2497 return; /* Not a command ack. */
2500 data = &ring->data[pkt->hdr.idx];
2502 /* If the command was mapped in an mbuf, free it. */
2503 if (data->m != NULL) {
2504 bus_dmamap_sync(ring->data_dmat, data->map,
2505 BUS_DMASYNC_POSTWRITE);
2506 bus_dmamap_unload(ring->data_dmat, data->map);
2510 wakeup(&ring->desc[pkt->hdr.idx]);
2515 * necessary only for block ack mode
2518 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
2521 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
2524 scd_bc_tbl = sc->sched_dma.vaddr;
2526 len += 8; /* magic numbers came naturally from paris */
2527 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE)
2528 len = roundup(len, 4) / 4;
2530 w_val = htole16(sta_id << 12 | len);
2532 /* Update TX scheduler. */
2533 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
2534 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
2535 BUS_DMASYNC_PREWRITE);
2537 /* I really wonder what this is ?!? */
2538 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
2539 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
2540 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
2541 BUS_DMASYNC_PREWRITE);
2547 * Take an 802.11 (non-n) rate, find the relevant rate
2548 * table entry. return the index into in_ridx[].
2550 * The caller then uses that index back into in_ridx
2551 * to figure out the rate index programmed /into/
2552 * the firmware for this given node.
2555 iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in,
2561 for (i = 0; i < nitems(in->in_ridx); i++) {
2562 r = iwm_rates[in->in_ridx[i]].rate;
2566 /* XXX Return the first */
2567 /* XXX TODO: have it return the /lowest/ */
2572 * Fill in various bit for management frames, and leave them
2573 * unfilled for data frames (firmware takes care of that).
2574 * Return the selected TX rate.
2576 static const struct iwm_rate *
2577 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
2578 struct ieee80211_frame *wh, struct iwm_tx_cmd *tx)
2580 struct ieee80211com *ic = &sc->sc_ic;
2581 struct ieee80211_node *ni = &in->in_ni;
2582 const struct iwm_rate *rinfo;
2583 int type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2584 int ridx, rate_flags;
2586 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
2587 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
2590 * XXX TODO: everything about the rate selection here is terrible!
2593 if (type == IEEE80211_FC0_TYPE_DATA) {
2595 /* for data frames, use RS table */
2596 (void) ieee80211_ratectl_rate(ni, NULL, 0);
2597 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate);
2598 ridx = in->in_ridx[i];
2600 /* This is the index into the programmed table */
2601 tx->initial_rate_index = i;
2602 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
2603 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
2604 "%s: start with i=%d, txrate %d\n",
2605 __func__, i, iwm_rates[ridx].rate);
2606 /* XXX no rate_n_flags? */
2607 return &iwm_rates[ridx];
2611 * For non-data, use the lowest supported rate for the given
2614 * Note: there may not be any rate control information available.
2615 * This driver currently assumes if we're transmitting data
2616 * frames, use the rate control table. Grr.
2618 * XXX TODO: use the configured rate for the traffic type!
2620 if (ic->ic_curmode == IEEE80211_MODE_11A) {
2622 * XXX this assumes the mode is either 11a or not 11a;
2623 * definitely won't work for 11n.
2625 ridx = IWM_RIDX_OFDM;
2627 ridx = IWM_RIDX_CCK;
2630 rinfo = &iwm_rates[ridx];
2632 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
2635 !! (IWM_RIDX_IS_CCK(ridx))
2638 /* XXX TODO: hard-coded TX antenna? */
2639 rate_flags = 1 << IWM_RATE_MCS_ANT_POS;
2640 if (IWM_RIDX_IS_CCK(ridx))
2641 rate_flags |= IWM_RATE_MCS_CCK_MSK;
2642 /* XXX hard-coded tx rate */
2643 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
2650 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
2652 struct ieee80211com *ic = &sc->sc_ic;
2653 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2654 struct iwm_node *in = (struct iwm_node *)ni;
2655 struct iwm_tx_ring *ring;
2656 struct iwm_tx_data *data;
2657 struct iwm_tfd *desc;
2658 struct iwm_device_cmd *cmd;
2659 struct iwm_tx_cmd *tx;
2660 struct ieee80211_frame *wh;
2661 struct ieee80211_key *k = NULL;
2663 const struct iwm_rate *rinfo;
2666 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
2669 int i, totlen, error, pad;
2671 wh = mtod(m, struct ieee80211_frame *);
2672 hdrlen = ieee80211_anyhdrsize(wh);
2673 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2675 ring = &sc->txq[ac];
2676 desc = &ring->desc[ring->cur];
2677 memset(desc, 0, sizeof(*desc));
2678 data = &ring->data[ring->cur];
2680 /* Fill out iwm_tx_cmd to send to the firmware */
2681 cmd = &ring->cmd[ring->cur];
2682 cmd->hdr.code = IWM_TX_CMD;
2684 cmd->hdr.qid = ring->qid;
2685 cmd->hdr.idx = ring->cur;
2687 tx = (void *)cmd->data;
2688 memset(tx, 0, sizeof(*tx));
2690 rinfo = iwm_tx_fill_cmd(sc, in, wh, tx);
2692 /* Encrypt the frame if need be. */
2693 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2694 /* Retrieve key for TX && do software encryption. */
2695 k = ieee80211_crypto_encap(ni, m);
2700 /* 802.11 header may have moved. */
2701 wh = mtod(m, struct ieee80211_frame *);
2704 if (ieee80211_radiotap_active_vap(vap)) {
2705 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
2708 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
2709 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
2710 tap->wt_rate = rinfo->rate;
2711 tap->wt_hwqueue = ac;
2713 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
2714 ieee80211_radiotap_tx(vap, m);
2718 totlen = m->m_pkthdr.len;
2721 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
2722 flags |= IWM_TX_CMD_FLG_ACK;
2725 if (type != IEEE80211_FC0_TYPE_DATA
2726 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold)
2727 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
2728 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
2731 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
2732 type != IEEE80211_FC0_TYPE_DATA)
2733 tx->sta_id = sc->sc_aux_sta.sta_id;
2735 tx->sta_id = IWM_STATION_ID;
2737 if (type == IEEE80211_FC0_TYPE_MGT) {
2738 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
2740 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
2741 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
2742 tx->pm_frame_timeout = htole16(3);
2744 tx->pm_frame_timeout = htole16(2);
2746 tx->pm_frame_timeout = htole16(0);
2750 /* First segment length must be a multiple of 4. */
2751 flags |= IWM_TX_CMD_FLG_MH_PAD;
2752 pad = 4 - (hdrlen & 3);
2756 tx->driver_txop = 0;
2757 tx->next_frame_len = 0;
2759 tx->len = htole16(totlen);
2760 tx->tid_tspec = tid;
2761 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
2763 /* Set physical address of "scratch area". */
2764 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
2765 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
2767 /* Copy 802.11 header in TX command. */
2768 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen);
2770 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
2773 tx->tx_flags |= htole32(flags);
2775 /* Trim 802.11 header. */
2777 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
2778 segs, &nsegs, BUS_DMA_NOWAIT);
2780 if (error != EFBIG) {
2781 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
2786 /* Too many DMA segments, linearize mbuf. */
2787 MGETHDR(m1, M_NOWAIT, MT_DATA);
2792 if (m->m_pkthdr.len > MHLEN) {
2793 MCLGET(m1, M_NOWAIT);
2794 if (!(m1->m_flags & M_EXT)) {
2800 m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, void *));
2801 m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len;
2804 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
2805 segs, &nsegs, BUS_DMA_NOWAIT);
2807 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
2817 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2818 "sending txd %p, in %p\n", data, data->in);
2819 KASSERT(data->in != NULL, ("node is NULL"));
2821 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2822 "sending data: qid=%d idx=%d len=%d nsegs=%d\n",
2823 ring->qid, ring->cur, totlen, nsegs);
2825 /* Fill TX descriptor. */
2826 desc->num_tbs = 2 + nsegs;
2828 desc->tbs[0].lo = htole32(data->cmd_paddr);
2829 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
2831 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
2832 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
2833 ((sizeof(struct iwm_cmd_header) + sizeof(*tx)
2834 + hdrlen + pad - TB0_SIZE) << 4);
2836 /* Other DMA segments are for data payload. */
2837 for (i = 0; i < nsegs; i++) {
2839 desc->tbs[i+2].lo = htole32(seg->ds_addr);
2840 desc->tbs[i+2].hi_n_len = \
2841 htole16(iwm_get_dma_hi_addr(seg->ds_addr))
2842 | ((seg->ds_len) << 4);
2845 bus_dmamap_sync(ring->data_dmat, data->map,
2846 BUS_DMASYNC_PREWRITE);
2847 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
2848 BUS_DMASYNC_PREWRITE);
2849 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2850 BUS_DMASYNC_PREWRITE);
2853 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
2857 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
2858 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
2860 /* Mark TX ring as full if we reach a certain threshold. */
2861 if (++ring->queued > IWM_TX_RING_HIMARK) {
2862 sc->qfullmsk |= 1 << ring->qid;
2869 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2870 const struct ieee80211_bpf_params *params)
2872 struct ieee80211com *ic = ni->ni_ic;
2873 struct iwm_softc *sc = ic->ic_softc;
2876 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2877 "->%s begin\n", __func__);
2879 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
2880 ieee80211_free_node(ni);
2882 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2883 "<-%s not RUNNING\n", __func__);
2889 if (params == NULL) {
2890 error = iwm_tx(sc, m, ni, 0);
2892 error = iwm_tx(sc, m, ni, 0);
2895 /* NB: m is reclaimed on tx failure */
2896 ieee80211_free_node(ni);
2898 sc->sc_tx_timer = 5;
2910 * Note that there are transports that buffer frames before they reach
2911 * the firmware. This means that after flush_tx_path is called, the
2912 * queue might not be empty. The race-free way to handle this is to:
2913 * 1) set the station as draining
2914 * 2) flush the Tx path
2915 * 3) wait for the transport queues to be empty
2918 iwm_mvm_flush_tx_path(struct iwm_softc *sc, int tfd_msk, int sync)
2920 struct iwm_tx_path_flush_cmd flush_cmd = {
2921 .queues_ctl = htole32(tfd_msk),
2922 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
2926 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH,
2927 sync ? IWM_CMD_SYNC : IWM_CMD_ASYNC,
2928 sizeof(flush_cmd), &flush_cmd);
2930 device_printf(sc->sc_dev,
2931 "Flushing tx queue failed: %d\n", ret);
2941 iwm_mvm_add_sta_cmd_v6_to_v5(struct iwm_mvm_add_sta_cmd_v6 *cmd_v6,
2942 struct iwm_mvm_add_sta_cmd_v5 *cmd_v5)
2944 memset(cmd_v5, 0, sizeof(*cmd_v5));
2946 cmd_v5->add_modify = cmd_v6->add_modify;
2947 cmd_v5->tid_disable_tx = cmd_v6->tid_disable_tx;
2948 cmd_v5->mac_id_n_color = cmd_v6->mac_id_n_color;
2949 IEEE80211_ADDR_COPY(cmd_v5->addr, cmd_v6->addr);
2950 cmd_v5->sta_id = cmd_v6->sta_id;
2951 cmd_v5->modify_mask = cmd_v6->modify_mask;
2952 cmd_v5->station_flags = cmd_v6->station_flags;
2953 cmd_v5->station_flags_msk = cmd_v6->station_flags_msk;
2954 cmd_v5->add_immediate_ba_tid = cmd_v6->add_immediate_ba_tid;
2955 cmd_v5->remove_immediate_ba_tid = cmd_v6->remove_immediate_ba_tid;
2956 cmd_v5->add_immediate_ba_ssn = cmd_v6->add_immediate_ba_ssn;
2957 cmd_v5->sleep_tx_count = cmd_v6->sleep_tx_count;
2958 cmd_v5->sleep_state_flags = cmd_v6->sleep_state_flags;
2959 cmd_v5->assoc_id = cmd_v6->assoc_id;
2960 cmd_v5->beamform_flags = cmd_v6->beamform_flags;
2961 cmd_v5->tfd_queue_msk = cmd_v6->tfd_queue_msk;
2965 iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc,
2966 struct iwm_mvm_add_sta_cmd_v6 *cmd, int *status)
2968 struct iwm_mvm_add_sta_cmd_v5 cmd_v5;
2970 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_STA_KEY_CMD) {
2971 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA,
2972 sizeof(*cmd), cmd, status);
2975 iwm_mvm_add_sta_cmd_v6_to_v5(cmd, &cmd_v5);
2977 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(cmd_v5),
2981 /* send station add/update command to firmware */
2983 iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update)
2985 struct iwm_mvm_add_sta_cmd_v6 add_sta_cmd;
2989 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd));
2991 add_sta_cmd.sta_id = IWM_STATION_ID;
2992 add_sta_cmd.mac_id_n_color
2993 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID,
2994 IWM_DEFAULT_COLOR));
2996 add_sta_cmd.tfd_queue_msk = htole32(0xf);
2997 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid);
2999 add_sta_cmd.add_modify = update ? 1 : 0;
3000 add_sta_cmd.station_flags_msk
3001 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK);
3003 status = IWM_ADD_STA_SUCCESS;
3004 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status);
3009 case IWM_ADD_STA_SUCCESS:
3013 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n");
3021 iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in)
3025 ret = iwm_mvm_sta_send_to_fw(sc, in, 0);
3033 iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in)
3035 return iwm_mvm_sta_send_to_fw(sc, in, 1);
3039 iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta,
3040 const uint8_t *addr, uint16_t mac_id, uint16_t color)
3042 struct iwm_mvm_add_sta_cmd_v6 cmd;
3046 memset(&cmd, 0, sizeof(cmd));
3047 cmd.sta_id = sta->sta_id;
3048 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color));
3050 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk);
3053 IEEE80211_ADDR_COPY(cmd.addr, addr);
3055 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status);
3060 case IWM_ADD_STA_SUCCESS:
3061 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
3062 "%s: Internal station added.\n", __func__);
3065 device_printf(sc->sc_dev,
3066 "%s: Add internal station failed, status=0x%x\n",
3075 iwm_mvm_add_aux_sta(struct iwm_softc *sc)
3079 sc->sc_aux_sta.sta_id = 3;
3080 sc->sc_aux_sta.tfd_queue_msk = 0;
3082 ret = iwm_mvm_add_int_sta_common(sc,
3083 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0);
3086 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta));
3099 iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in)
3101 struct iwm_time_quota_cmd cmd;
3102 int i, idx, ret, num_active_macs, quota, quota_rem;
3103 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
3104 int n_ifs[IWM_MAX_BINDINGS] = {0, };
3107 memset(&cmd, 0, sizeof(cmd));
3109 /* currently, PHY ID == binding ID */
3111 id = in->in_phyctxt->id;
3112 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
3113 colors[id] = in->in_phyctxt->color;
3120 * The FW's scheduling session consists of
3121 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments
3122 * equally between all the bindings that require quota
3124 num_active_macs = 0;
3125 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
3126 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
3127 num_active_macs += n_ifs[i];
3132 if (num_active_macs) {
3133 quota = IWM_MVM_MAX_QUOTA / num_active_macs;
3134 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs;
3137 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
3141 cmd.quotas[idx].id_and_color =
3142 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
3144 if (n_ifs[i] <= 0) {
3145 cmd.quotas[idx].quota = htole32(0);
3146 cmd.quotas[idx].max_duration = htole32(0);
3148 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
3149 cmd.quotas[idx].max_duration = htole32(0);
3154 /* Give the remainder of the session to the first binding */
3155 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
3157 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
3160 device_printf(sc->sc_dev,
3161 "%s: Failed to send quota: %d\n", __func__, ret);
3170 * ieee80211 routines
3174 * Change to AUTH state in 80211 state machine. Roughly matches what
3175 * Linux does in bss_info_changed().
3178 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
3180 struct ieee80211_node *ni;
3181 struct iwm_node *in;
3182 struct iwm_vap *iv = IWM_VAP(vap);
3184 uint32_t min_duration;
3188 * XXX i have a feeling that the vap node is being
3189 * freed from underneath us. Grr.
3191 ni = ieee80211_ref_node(vap->iv_bss);
3192 in = (struct iwm_node *) ni;
3193 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
3194 "%s: called; vap=%p, bss ni=%p\n",
3201 error = iwm_allow_mcast(vap, sc);
3203 device_printf(sc->sc_dev,
3204 "%s: failed to set multicast\n", __func__);
3209 * This is where it deviates from what Linux does.
3211 * Linux iwlwifi doesn't reset the nic each time, nor does it
3212 * call ctxt_add() here. Instead, it adds it during vap creation,
3213 * and always does does a mac_ctx_changed().
3215 * The openbsd port doesn't attempt to do that - it reset things
3216 * at odd states and does the add here.
3218 * So, until the state handling is fixed (ie, we never reset
3219 * the NIC except for a firmware failure, which should drag
3220 * the NIC back to IDLE, re-setup and re-add all the mac/phy
3221 * contexts that are required), let's do a dirty hack here.
3223 if (iv->is_uploaded) {
3224 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
3225 device_printf(sc->sc_dev,
3226 "%s: failed to add MAC\n", __func__);
3230 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) {
3231 device_printf(sc->sc_dev,
3232 "%s: failed to add MAC\n", __func__);
3237 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
3238 in->in_ni.ni_chan, 1, 1)) != 0) {
3239 device_printf(sc->sc_dev,
3240 "%s: failed add phy ctxt\n", __func__);
3243 in->in_phyctxt = &sc->sc_phyctxt[0];
3245 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) {
3246 device_printf(sc->sc_dev,
3247 "%s: binding cmd\n", __func__);
3251 if ((error = iwm_mvm_add_sta(sc, in)) != 0) {
3252 device_printf(sc->sc_dev,
3253 "%s: failed to add MAC\n", __func__);
3257 /* a bit superfluous? */
3258 while (sc->sc_auth_prot)
3259 msleep(&sc->sc_auth_prot, &sc->sc_mtx, 0, "iwmauth", 0);
3260 sc->sc_auth_prot = 1;
3262 duration = min(IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS,
3263 200 + in->in_ni.ni_intval);
3264 min_duration = min(IWM_MVM_TE_SESSION_PROTECTION_MIN_TIME_MS,
3265 100 + in->in_ni.ni_intval);
3266 iwm_mvm_protect_session(sc, in, duration, min_duration, 500);
3268 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
3269 "%s: waiting for auth_prot\n", __func__);
3270 while (sc->sc_auth_prot != 2) {
3272 * well, meh, but if the kernel is sleeping for half a
3273 * second, we have bigger problems
3275 if (sc->sc_auth_prot == 0) {
3276 device_printf(sc->sc_dev,
3277 "%s: missed auth window!\n", __func__);
3280 } else if (sc->sc_auth_prot == -1) {
3281 device_printf(sc->sc_dev,
3282 "%s: no time event, denied!\n", __func__);
3283 sc->sc_auth_prot = 0;
3287 msleep(&sc->sc_auth_prot, &sc->sc_mtx, 0, "iwmau2", 0);
3289 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "<-%s\n", __func__);
3292 ieee80211_free_node(ni);
3297 iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc)
3299 struct iwm_node *in = (struct iwm_node *)vap->iv_bss;
3302 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
3303 device_printf(sc->sc_dev,
3304 "%s: failed to update STA\n", __func__);
3309 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
3310 device_printf(sc->sc_dev,
3311 "%s: failed to update MAC\n", __func__);
3319 iwm_release(struct iwm_softc *sc, struct iwm_node *in)
3322 * Ok, so *technically* the proper set of calls for going
3323 * from RUN back to SCAN is:
3325 * iwm_mvm_power_mac_disable(sc, in);
3326 * iwm_mvm_mac_ctxt_changed(sc, in);
3327 * iwm_mvm_rm_sta(sc, in);
3328 * iwm_mvm_update_quotas(sc, NULL);
3329 * iwm_mvm_mac_ctxt_changed(sc, in);
3330 * iwm_mvm_binding_remove_vif(sc, in);
3331 * iwm_mvm_mac_ctxt_remove(sc, in);
3333 * However, that freezes the device not matter which permutations
3334 * and modifications are attempted. Obviously, this driver is missing
3335 * something since it works in the Linux driver, but figuring out what
3336 * is missing is a little more complicated. Now, since we're going
3337 * back to nothing anyway, we'll just do a complete device reset.
3338 * Up your's, device!
3340 //iwm_mvm_flush_tx_path(sc, 0xf, 1);
3341 iwm_stop_device(sc);
3350 iwm_mvm_power_mac_disable(sc, in);
3352 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
3353 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error);
3357 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) {
3358 device_printf(sc->sc_dev, "sta remove fail %d\n", error);
3361 error = iwm_mvm_rm_sta(sc, in);
3363 iwm_mvm_update_quotas(sc, NULL);
3364 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
3365 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error);
3368 iwm_mvm_binding_remove_vif(sc, in);
3370 iwm_mvm_mac_ctxt_remove(sc, in);
3376 static struct ieee80211_node *
3377 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
3379 return malloc(sizeof (struct iwm_node), M_80211_NODE,
3384 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in)
3386 struct ieee80211_node *ni = &in->in_ni;
3387 struct iwm_lq_cmd *lq = &in->in_lq;
3388 int nrates = ni->ni_rates.rs_nrates;
3389 int i, ridx, tab = 0;
3392 if (nrates > nitems(lq->rs_table)) {
3393 device_printf(sc->sc_dev,
3394 "%s: node supports %d rates, driver handles "
3395 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
3400 * XXX .. and most of iwm_node is not initialised explicitly;
3401 * it's all just 0x0 passed to the firmware.
3404 /* first figure out which rates we should support */
3405 /* XXX TODO: this isn't 11n aware /at all/ */
3406 memset(&in->in_ridx, -1, sizeof(in->in_ridx));
3407 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3408 "%s: nrates=%d\n", __func__, nrates);
3409 for (i = 0; i < nrates; i++) {
3410 int rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL;
3412 /* Map 802.11 rate to HW rate index. */
3413 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++)
3414 if (iwm_rates[ridx].rate == rate)
3416 if (ridx > IWM_RIDX_MAX) {
3417 device_printf(sc->sc_dev,
3418 "%s: WARNING: device rate for %d not found!\n",
3421 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3422 "%s: rate: i: %d, rate=%d, ridx=%d\n",
3427 in->in_ridx[i] = ridx;
3431 /* then construct a lq_cmd based on those */
3432 memset(lq, 0, sizeof(*lq));
3433 lq->sta_id = IWM_STATION_ID;
3436 * are these used? (we don't do SISO or MIMO)
3437 * need to set them to non-zero, though, or we get an error.
3439 lq->single_stream_ant_msk = 1;
3440 lq->dual_stream_ant_msk = 1;
3443 * Build the actual rate selection table.
3444 * The lowest bits are the rates. Additionally,
3445 * CCK needs bit 9 to be set. The rest of the bits
3446 * we add to the table select the tx antenna
3447 * Note that we add the rates in the highest rate first
3448 * (opposite of ni_rates).
3451 * XXX TODO: this should be looping over the min of nrates
3452 * and LQ_MAX_RETRY_NUM. Sigh.
3454 for (i = 0; i < nrates; i++) {
3458 txant = IWM_FW_VALID_TX_ANT(sc);
3459 nextant = 1<<(ffs(txant)-1);
3463 * Map the rate id into a rate index into
3464 * our hardware table containing the
3465 * configuration to use for this rate.
3467 ridx = in->in_ridx[(nrates-1)-i];
3468 tab = iwm_rates[ridx].plcp;
3469 tab |= nextant << IWM_RATE_MCS_ANT_POS;
3470 if (IWM_RIDX_IS_CCK(ridx))
3471 tab |= IWM_RATE_MCS_CCK_MSK;
3472 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3473 "station rate i=%d, rate=%d, hw=%x\n",
3474 i, iwm_rates[ridx].rate, tab);
3475 lq->rs_table[i] = htole32(tab);
3477 /* then fill the rest with the lowest possible rate */
3478 for (i = nrates; i < nitems(lq->rs_table); i++) {
3479 KASSERT(tab != 0, ("invalid tab"));
3480 lq->rs_table[i] = htole32(tab);
3485 iwm_media_change(struct ifnet *ifp)
3487 struct ieee80211vap *vap = ifp->if_softc;
3488 struct ieee80211com *ic = vap->iv_ic;
3489 struct iwm_softc *sc = ic->ic_softc;
3492 error = ieee80211_media_change(ifp);
3493 if (error != ENETRESET)
3497 if (ic->ic_nrunning > 0) {
3507 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3509 struct iwm_vap *ivp = IWM_VAP(vap);
3510 struct ieee80211com *ic = vap->iv_ic;
3511 struct iwm_softc *sc = ic->ic_softc;
3512 struct iwm_node *in;
3515 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
3516 "switching state %s -> %s\n",
3517 ieee80211_state_name[vap->iv_state],
3518 ieee80211_state_name[nstate]);
3519 IEEE80211_UNLOCK(ic);
3521 /* disable beacon filtering if we're hopping out of RUN */
3522 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) {
3523 iwm_mvm_disable_beacon_filter(sc);
3525 if (((in = (void *)vap->iv_bss) != NULL))
3528 iwm_release(sc, NULL);
3531 * It's impossible to directly go RUN->SCAN. If we iwm_release()
3532 * above then the card will be completely reinitialized,
3533 * so the driver must do everything necessary to bring the card
3534 * from INIT to SCAN.
3536 * Additionally, upon receiving deauth frame from AP,
3537 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH
3538 * state. This will also fail with this driver, so bring the FSM
3539 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well.
3541 * XXX TODO: fix this for FreeBSD!
3543 if (nstate == IEEE80211_S_SCAN ||
3544 nstate == IEEE80211_S_AUTH ||
3545 nstate == IEEE80211_S_ASSOC) {
3546 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
3547 "Force transition to INIT; MGT=%d\n", arg);
3550 vap->iv_newstate(vap, IEEE80211_S_INIT, arg);
3551 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
3552 "Going INIT->SCAN\n");
3553 nstate = IEEE80211_S_SCAN;
3554 IEEE80211_UNLOCK(ic);
3560 case IEEE80211_S_INIT:
3561 sc->sc_scanband = 0;
3564 case IEEE80211_S_AUTH:
3565 if ((error = iwm_auth(vap, sc)) != 0) {
3566 device_printf(sc->sc_dev,
3567 "%s: could not move to auth state: %d\n",
3573 case IEEE80211_S_ASSOC:
3574 if ((error = iwm_assoc(vap, sc)) != 0) {
3575 device_printf(sc->sc_dev,
3576 "%s: failed to associate: %d\n", __func__,
3582 case IEEE80211_S_RUN:
3584 struct iwm_host_cmd cmd = {
3586 .len = { sizeof(in->in_lq), },
3587 .flags = IWM_CMD_SYNC,
3590 /* Update the association state, now we have it all */
3591 /* (eg associd comes in at this point */
3592 error = iwm_assoc(vap, sc);
3594 device_printf(sc->sc_dev,
3595 "%s: failed to update association state: %d\n",
3601 in = (struct iwm_node *)vap->iv_bss;
3602 iwm_mvm_power_mac_update_mode(sc, in);
3603 iwm_mvm_enable_beacon_filter(sc, in);
3604 iwm_mvm_update_quotas(sc, in);
3605 iwm_setrates(sc, in);
3607 cmd.data[0] = &in->in_lq;
3608 if ((error = iwm_send_cmd(sc, &cmd)) != 0) {
3609 device_printf(sc->sc_dev,
3610 "%s: IWM_LQ_CMD failed\n", __func__);
3622 return (ivp->iv_newstate(vap, nstate, arg));
3626 iwm_endscan_cb(void *arg, int pending)
3628 struct iwm_softc *sc = arg;
3629 struct ieee80211com *ic = &sc->sc_ic;
3633 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
3638 if (sc->sc_scanband == IEEE80211_CHAN_2GHZ &&
3639 sc->sc_nvm.sku_cap_band_52GHz_enable) {
3641 if ((error = iwm_mvm_scan_request(sc,
3642 IEEE80211_CHAN_5GHZ, 0, NULL, 0)) != 0) {
3643 device_printf(sc->sc_dev, "could not initiate scan\n");
3652 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
3654 sc->sc_scanband = 0;
3660 iwm_init_hw(struct iwm_softc *sc)
3662 struct ieee80211com *ic = &sc->sc_ic;
3665 if ((error = iwm_start_hw(sc)) != 0)
3668 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) {
3673 * should stop and start HW since that INIT
3676 iwm_stop_device(sc);
3677 if ((error = iwm_start_hw(sc)) != 0) {
3678 device_printf(sc->sc_dev, "could not initialize hardware\n");
3682 /* omstart, this time with the regular firmware */
3683 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR);
3685 device_printf(sc->sc_dev, "could not load firmware\n");
3689 if ((error = iwm_send_tx_ant_cfg(sc, IWM_FW_VALID_TX_ANT(sc))) != 0)
3692 /* Send phy db control command and then phy db calibration*/
3693 if ((error = iwm_send_phy_db_data(sc)) != 0)
3696 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0)
3699 /* Add auxiliary station for scanning */
3700 if ((error = iwm_mvm_add_aux_sta(sc)) != 0)
3703 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
3705 * The channel used here isn't relevant as it's
3706 * going to be overwritten in the other flows.
3707 * For now use the first channel we have.
3709 if ((error = iwm_mvm_phy_ctxt_add(sc,
3710 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
3714 error = iwm_mvm_power_update_device(sc);
3718 /* Mark TX rings as active. */
3719 for (qid = 0; qid < 4; qid++) {
3720 iwm_enable_txq(sc, qid, qid);
3726 iwm_stop_device(sc);
3730 /* Allow multicast from our BSSID. */
3732 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
3734 struct ieee80211_node *ni = vap->iv_bss;
3735 struct iwm_mcast_filter_cmd *cmd;
3739 size = roundup(sizeof(*cmd), 4);
3740 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
3743 cmd->filter_own = 1;
3747 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
3749 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
3750 IWM_CMD_SYNC, size, cmd);
3751 free(cmd, M_DEVBUF);
3757 iwm_init(struct iwm_softc *sc)
3761 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
3764 sc->sc_generation++;
3765 sc->sc_flags &= ~IWM_FLAG_STOPPED;
3767 if ((error = iwm_init_hw(sc)) != 0) {
3773 * Ok, firmware loaded and we are jogging
3775 sc->sc_flags |= IWM_FLAG_HW_INITED;
3776 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
3780 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
3782 struct iwm_softc *sc;
3788 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
3792 error = mbufq_enqueue(&sc->sc_snd, m);
3803 * Dequeue packets from sendq and call send.
3806 iwm_start(struct iwm_softc *sc)
3808 struct ieee80211_node *ni;
3812 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
3813 while (sc->qfullmsk == 0 &&
3814 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3815 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3816 if (iwm_tx(sc, m, ni, ac) != 0) {
3817 if_inc_counter(ni->ni_vap->iv_ifp,
3818 IFCOUNTER_OERRORS, 1);
3819 ieee80211_free_node(ni);
3822 sc->sc_tx_timer = 15;
3824 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
3828 iwm_stop(struct iwm_softc *sc)
3831 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
3832 sc->sc_flags |= IWM_FLAG_STOPPED;
3833 sc->sc_generation++;
3834 sc->sc_scanband = 0;
3835 sc->sc_auth_prot = 0;
3836 sc->sc_tx_timer = 0;
3837 iwm_stop_device(sc);
3841 iwm_watchdog(void *arg)
3843 struct iwm_softc *sc = arg;
3845 if (sc->sc_tx_timer > 0) {
3846 if (--sc->sc_tx_timer == 0) {
3847 device_printf(sc->sc_dev, "device timeout\n");
3852 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
3856 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
3860 iwm_parent(struct ieee80211com *ic)
3862 struct iwm_softc *sc = ic->ic_softc;
3866 if (ic->ic_nrunning > 0) {
3867 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
3871 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
3875 ieee80211_start_all(ic);
3879 * The interrupt side of things
3883 * error dumping routines are from iwlwifi/mvm/utils.c
3887 * Note: This structure is read from the device with IO accesses,
3888 * and the reading already does the endian conversion. As it is
3889 * read with uint32_t-sized accesses, any members with a different size
3890 * need to be ordered correctly though!
3892 struct iwm_error_event_table {
3893 uint32_t valid; /* (nonzero) valid, (0) log is empty */
3894 uint32_t error_id; /* type of error */
3895 uint32_t pc; /* program counter */
3896 uint32_t blink1; /* branch link */
3897 uint32_t blink2; /* branch link */
3898 uint32_t ilink1; /* interrupt link */
3899 uint32_t ilink2; /* interrupt link */
3900 uint32_t data1; /* error-specific data */
3901 uint32_t data2; /* error-specific data */
3902 uint32_t data3; /* error-specific data */
3903 uint32_t bcon_time; /* beacon timer */
3904 uint32_t tsf_low; /* network timestamp function timer */
3905 uint32_t tsf_hi; /* network timestamp function timer */
3906 uint32_t gp1; /* GP1 timer register */
3907 uint32_t gp2; /* GP2 timer register */
3908 uint32_t gp3; /* GP3 timer register */
3909 uint32_t ucode_ver; /* uCode version */
3910 uint32_t hw_ver; /* HW Silicon version */
3911 uint32_t brd_ver; /* HW board version */
3912 uint32_t log_pc; /* log program counter */
3913 uint32_t frame_ptr; /* frame pointer */
3914 uint32_t stack_ptr; /* stack pointer */
3915 uint32_t hcmd; /* last host command header */
3916 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
3918 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
3920 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
3922 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
3924 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
3926 uint32_t isr_pref; /* isr status register LMPM_NIC_PREF_STAT */
3927 uint32_t wait_event; /* wait event() caller address */
3928 uint32_t l2p_control; /* L2pControlField */
3929 uint32_t l2p_duration; /* L2pDurationField */
3930 uint32_t l2p_mhvalid; /* L2pMhValidBits */
3931 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
3932 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
3934 uint32_t u_timestamp; /* indicate when the date and time of the
3936 uint32_t flow_handler; /* FH read/write pointers, RX credit */
3939 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
3940 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
3946 } advanced_lookup[] = {
3947 { "NMI_INTERRUPT_WDG", 0x34 },
3948 { "SYSASSERT", 0x35 },
3949 { "UCODE_VERSION_MISMATCH", 0x37 },
3950 { "BAD_COMMAND", 0x38 },
3951 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
3952 { "FATAL_ERROR", 0x3D },
3953 { "NMI_TRM_HW_ERR", 0x46 },
3954 { "NMI_INTERRUPT_TRM", 0x4C },
3955 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
3956 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
3957 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
3958 { "NMI_INTERRUPT_HOST", 0x66 },
3959 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
3960 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
3961 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
3962 { "ADVANCED_SYSASSERT", 0 },
3966 iwm_desc_lookup(uint32_t num)
3970 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
3971 if (advanced_lookup[i].num == num)
3972 return advanced_lookup[i].name;
3974 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
3975 return advanced_lookup[i].name;
3979 * Support for dumping the error log seemed like a good idea ...
3980 * but it's mostly hex junk and the only sensible thing is the
3981 * hw/ucode revision (which we know anyway). Since it's here,
3982 * I'll just leave it in, just in case e.g. the Intel guys want to
3983 * help us decipher some "ADVANCED_SYSASSERT" later.
3986 iwm_nic_error(struct iwm_softc *sc)
3988 struct iwm_error_event_table table;
3991 device_printf(sc->sc_dev, "dumping device error log\n");
3992 base = sc->sc_uc.uc_error_event_table;
3993 if (base < 0x800000 || base >= 0x80C000) {
3994 device_printf(sc->sc_dev,
3995 "Not valid error log pointer 0x%08x\n", base);
3999 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t)) != 0) {
4000 device_printf(sc->sc_dev, "reading errlog failed\n");
4005 device_printf(sc->sc_dev, "errlog not found, skipping\n");
4009 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
4010 device_printf(sc->sc_dev, "Start IWL Error Log Dump:\n");
4011 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
4012 sc->sc_flags, table.valid);
4015 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
4016 iwm_desc_lookup(table.error_id));
4017 device_printf(sc->sc_dev, "%08X | uPc\n", table.pc);
4018 device_printf(sc->sc_dev, "%08X | branchlink1\n", table.blink1);
4019 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
4020 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
4021 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
4022 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
4023 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
4024 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
4025 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
4026 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
4027 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
4028 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
4029 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
4030 device_printf(sc->sc_dev, "%08X | time gp3\n", table.gp3);
4031 device_printf(sc->sc_dev, "%08X | uCode version\n", table.ucode_ver);
4032 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
4033 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
4034 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
4035 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
4036 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
4037 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
4038 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
4039 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
4040 device_printf(sc->sc_dev, "%08X | isr_pref\n", table.isr_pref);
4041 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
4042 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
4043 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
4044 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
4045 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
4046 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
4047 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
4048 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
4052 #define SYNC_RESP_STRUCT(_var_, _pkt_) \
4054 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\
4055 _var_ = (void *)((_pkt_)+1); \
4056 } while (/*CONSTCOND*/0)
4058 #define SYNC_RESP_PTR(_ptr_, _len_, _pkt_) \
4060 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\
4061 _ptr_ = (void *)((_pkt_)+1); \
4062 } while (/*CONSTCOND*/0)
4064 #define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT);
4067 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
4068 * Basic structure from if_iwn
4071 iwm_notif_intr(struct iwm_softc *sc)
4075 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
4076 BUS_DMASYNC_POSTREAD);
4078 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
4079 while (sc->rxq.cur != hw) {
4080 struct iwm_rx_ring *ring = &sc->rxq;
4081 struct iwm_rx_data *data = &sc->rxq.data[sc->rxq.cur];
4082 struct iwm_rx_packet *pkt;
4083 struct iwm_cmd_response *cresp;
4086 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
4087 BUS_DMASYNC_POSTREAD);
4088 pkt = mtod(data->m, struct iwm_rx_packet *);
4090 qid = pkt->hdr.qid & ~0x80;
4093 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
4094 "rx packet qid=%d idx=%d flags=%x type=%x %d %d\n",
4095 pkt->hdr.qid & ~0x80, pkt->hdr.idx, pkt->hdr.flags,
4096 pkt->hdr.code, sc->rxq.cur, hw);
4099 * randomly get these from the firmware, no idea why.
4100 * they at least seem harmless, so just ignore them for now
4102 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0)
4103 || pkt->len_n_flags == htole32(0x55550000))) {
4108 switch (pkt->hdr.code) {
4109 case IWM_REPLY_RX_PHY_CMD:
4110 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data);
4113 case IWM_REPLY_RX_MPDU_CMD:
4114 iwm_mvm_rx_rx_mpdu(sc, pkt, data);
4118 iwm_mvm_rx_tx_cmd(sc, pkt, data);
4121 case IWM_MISSED_BEACONS_NOTIFICATION: {
4122 struct iwm_missed_beacons_notif *resp;
4125 /* XXX look at mac_id to determine interface ID */
4126 struct ieee80211com *ic = &sc->sc_ic;
4127 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4129 SYNC_RESP_STRUCT(resp, pkt);
4130 missed = le32toh(resp->consec_missed_beacons);
4132 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
4133 "%s: MISSED_BEACON: mac_id=%d, "
4134 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
4137 le32toh(resp->mac_id),
4138 le32toh(resp->consec_missed_beacons_since_last_rx),
4139 le32toh(resp->consec_missed_beacons),
4140 le32toh(resp->num_expected_beacons),
4141 le32toh(resp->num_recvd_beacons));
4147 /* XXX no net80211 locking? */
4148 if (vap->iv_state == IEEE80211_S_RUN &&
4149 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
4150 if (missed > vap->iv_bmissthreshold) {
4151 /* XXX bad locking; turn into task */
4153 ieee80211_beacon_miss(ic);
4160 case IWM_MVM_ALIVE: {
4161 struct iwm_mvm_alive_resp *resp;
4162 SYNC_RESP_STRUCT(resp, pkt);
4164 sc->sc_uc.uc_error_event_table
4165 = le32toh(resp->error_event_table_ptr);
4166 sc->sc_uc.uc_log_event_table
4167 = le32toh(resp->log_event_table_ptr);
4168 sc->sched_base = le32toh(resp->scd_base_ptr);
4169 sc->sc_uc.uc_ok = resp->status == IWM_ALIVE_STATUS_OK;
4171 sc->sc_uc.uc_intr = 1;
4175 case IWM_CALIB_RES_NOTIF_PHY_DB: {
4176 struct iwm_calib_res_notif_phy_db *phy_db_notif;
4177 SYNC_RESP_STRUCT(phy_db_notif, pkt);
4179 iwm_phy_db_set_section(sc, phy_db_notif);
4183 case IWM_STATISTICS_NOTIFICATION: {
4184 struct iwm_notif_statistics *stats;
4185 SYNC_RESP_STRUCT(stats, pkt);
4186 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
4187 sc->sc_noise = iwm_get_noise(&stats->rx.general);
4190 case IWM_NVM_ACCESS_CMD:
4191 if (sc->sc_wantresp == ((qid << 16) | idx)) {
4192 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
4193 BUS_DMASYNC_POSTREAD);
4194 memcpy(sc->sc_cmd_resp,
4195 pkt, sizeof(sc->sc_cmd_resp));
4199 case IWM_PHY_CONFIGURATION_CMD:
4200 case IWM_TX_ANT_CONFIGURATION_CMD:
4202 case IWM_MAC_CONTEXT_CMD:
4203 case IWM_REPLY_SF_CFG_CMD:
4204 case IWM_POWER_TABLE_CMD:
4205 case IWM_PHY_CONTEXT_CMD:
4206 case IWM_BINDING_CONTEXT_CMD:
4207 case IWM_TIME_EVENT_CMD:
4208 case IWM_SCAN_REQUEST_CMD:
4209 case IWM_REPLY_BEACON_FILTERING_CMD:
4210 case IWM_MAC_PM_POWER_TABLE:
4211 case IWM_TIME_QUOTA_CMD:
4212 case IWM_REMOVE_STA:
4213 case IWM_TXPATH_FLUSH:
4215 SYNC_RESP_STRUCT(cresp, pkt);
4216 if (sc->sc_wantresp == ((qid << 16) | idx)) {
4217 memcpy(sc->sc_cmd_resp,
4218 pkt, sizeof(*pkt)+sizeof(*cresp));
4223 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */
4226 case IWM_INIT_COMPLETE_NOTIF:
4227 sc->sc_init_complete = 1;
4228 wakeup(&sc->sc_init_complete);
4231 case IWM_SCAN_COMPLETE_NOTIFICATION: {
4232 struct iwm_scan_complete_notif *notif;
4233 SYNC_RESP_STRUCT(notif, pkt);
4234 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task);
4237 case IWM_REPLY_ERROR: {
4238 struct iwm_error_resp *resp;
4239 SYNC_RESP_STRUCT(resp, pkt);
4241 device_printf(sc->sc_dev,
4242 "firmware error 0x%x, cmd 0x%x\n",
4243 le32toh(resp->error_type),
4247 case IWM_TIME_EVENT_NOTIFICATION: {
4248 struct iwm_time_event_notif *notif;
4249 SYNC_RESP_STRUCT(notif, pkt);
4251 if (notif->status) {
4252 if (le32toh(notif->action) &
4253 IWM_TE_V2_NOTIF_HOST_EVENT_START)
4254 sc->sc_auth_prot = 2;
4256 sc->sc_auth_prot = 0;
4258 sc->sc_auth_prot = -1;
4260 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
4261 "%s: time event notification auth_prot=%d\n",
4262 __func__, sc->sc_auth_prot);
4264 wakeup(&sc->sc_auth_prot);
4267 case IWM_MCAST_FILTER_CMD:
4271 device_printf(sc->sc_dev,
4272 "frame %d/%d %x UNHANDLED (this should "
4273 "not happen)\n", qid, idx,
4279 * Why test bit 0x80? The Linux driver:
4281 * There is one exception: uCode sets bit 15 when it
4282 * originates the response/notification, i.e. when the
4283 * response/notification is not a direct response to a
4284 * command sent by the driver. For example, uCode issues
4285 * IWM_REPLY_RX when it sends a received frame to the driver;
4286 * it is not a direct response to any driver command.
4288 * Ok, so since when is 7 == 15? Well, the Linux driver
4289 * uses a slightly different format for pkt->hdr, and "qid"
4290 * is actually the upper byte of a two-byte field.
4292 if (!(pkt->hdr.qid & (1 << 7))) {
4293 iwm_cmd_done(sc, pkt);
4299 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
4300 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
4303 * Tell the firmware what we have processed.
4304 * Seems like the hardware gets upset unless we align
4307 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1;
4308 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7);
4314 struct iwm_softc *sc = arg;
4320 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
4322 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
4323 uint32_t *ict = sc->ict_dma.vaddr;
4326 tmp = htole32(ict[sc->ict_cur]);
4331 * ok, there was something. keep plowing until we have all.
4336 ict[sc->ict_cur] = 0;
4337 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
4338 tmp = htole32(ict[sc->ict_cur]);
4341 /* this is where the fun begins. don't ask */
4342 if (r1 == 0xffffffff)
4345 /* i am not expected to understand this */
4348 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
4350 r1 = IWM_READ(sc, IWM_CSR_INT);
4351 /* "hardware gone" (where, fishing?) */
4352 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
4354 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
4356 if (r1 == 0 && r2 == 0) {
4360 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
4363 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/));
4365 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
4368 struct ieee80211com *ic = &sc->sc_ic;
4369 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4373 /* Dump driver status (TX and RX rings) while we're here. */
4374 device_printf(sc->sc_dev, "driver status:\n");
4375 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) {
4376 struct iwm_tx_ring *ring = &sc->txq[i];
4377 device_printf(sc->sc_dev,
4378 " tx ring %2d: qid=%-2d cur=%-3d "
4380 i, ring->qid, ring->cur, ring->queued);
4382 device_printf(sc->sc_dev,
4383 " rx ring: cur=%d\n", sc->rxq.cur);
4384 device_printf(sc->sc_dev,
4385 " 802.11 state %d\n", vap->iv_state);
4388 device_printf(sc->sc_dev, "fatal firmware error\n");
4395 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
4396 handled |= IWM_CSR_INT_BIT_HW_ERR;
4397 device_printf(sc->sc_dev, "hardware error, stopping device\n");
4403 /* firmware chunk loaded */
4404 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
4405 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
4406 handled |= IWM_CSR_INT_BIT_FH_TX;
4407 sc->sc_fw_chunk_done = 1;
4411 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
4412 handled |= IWM_CSR_INT_BIT_RF_KILL;
4413 if (iwm_check_rfkill(sc)) {
4414 device_printf(sc->sc_dev,
4415 "%s: rfkill switch, disabling interface\n",
4422 * The Linux driver uses periodic interrupts to avoid races.
4423 * We cargo-cult like it's going out of fashion.
4425 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
4426 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
4427 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
4428 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
4430 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
4434 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
4435 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
4436 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
4440 /* enable periodic interrupt, see above */
4441 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
4442 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
4443 IWM_CSR_INT_PERIODIC_ENA);
4446 if (__predict_false(r1 & ~handled))
4447 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
4448 "%s: unhandled interrupts: %x\n", __func__, r1);
4452 iwm_restore_interrupts(sc);
4459 * Autoconf glue-sniffing
4461 #define PCI_VENDOR_INTEL 0x8086
4462 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
4463 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
4464 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
4465 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
4466 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
4467 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
4469 static const struct iwm_devices {
4473 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" },
4474 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" },
4475 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" },
4476 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" },
4477 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" },
4478 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" },
4482 iwm_probe(device_t dev)
4486 for (i = 0; i < nitems(iwm_devices); i++)
4487 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
4488 pci_get_device(dev) == iwm_devices[i].device) {
4489 device_set_desc(dev, iwm_devices[i].name);
4490 return (BUS_PROBE_DEFAULT);
4497 iwm_dev_check(device_t dev)
4499 struct iwm_softc *sc;
4501 sc = device_get_softc(dev);
4503 switch (pci_get_device(dev)) {
4504 case PCI_PRODUCT_INTEL_WL_3160_1:
4505 case PCI_PRODUCT_INTEL_WL_3160_2:
4506 sc->sc_fwname = "iwm3160fw";
4507 sc->host_interrupt_operation_mode = 1;
4509 case PCI_PRODUCT_INTEL_WL_7260_1:
4510 case PCI_PRODUCT_INTEL_WL_7260_2:
4511 sc->sc_fwname = "iwm7260fw";
4512 sc->host_interrupt_operation_mode = 1;
4514 case PCI_PRODUCT_INTEL_WL_7265_1:
4515 case PCI_PRODUCT_INTEL_WL_7265_2:
4516 sc->sc_fwname = "iwm7265fw";
4517 sc->host_interrupt_operation_mode = 0;
4520 device_printf(dev, "unknown adapter type\n");
4526 iwm_pci_attach(device_t dev)
4528 struct iwm_softc *sc;
4529 int count, error, rid;
4532 sc = device_get_softc(dev);
4534 /* Clear device-specific "PCI retry timeout" register (41h). */
4535 reg = pci_read_config(dev, 0x40, sizeof(reg));
4536 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg));
4538 /* Enable bus-mastering and hardware bug workaround. */
4539 pci_enable_busmaster(dev);
4540 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
4542 if (reg & PCIM_STATUS_INTxSTATE) {
4543 reg &= ~PCIM_STATUS_INTxSTATE;
4545 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
4548 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
4550 if (sc->sc_mem == NULL) {
4551 device_printf(sc->sc_dev, "can't map mem space\n");
4554 sc->sc_st = rman_get_bustag(sc->sc_mem);
4555 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
4557 /* Install interrupt handler. */
4560 if (pci_alloc_msi(dev, &count) == 0)
4562 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
4563 (rid != 0 ? 0 : RF_SHAREABLE));
4564 if (sc->sc_irq == NULL) {
4565 device_printf(dev, "can't map interrupt\n");
4568 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
4569 NULL, iwm_intr, sc, &sc->sc_ih);
4570 if (sc->sc_ih == NULL) {
4571 device_printf(dev, "can't establish interrupt");
4574 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
4580 iwm_pci_detach(device_t dev)
4582 struct iwm_softc *sc = device_get_softc(dev);
4584 if (sc->sc_irq != NULL) {
4585 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
4586 bus_release_resource(dev, SYS_RES_IRQ,
4587 rman_get_rid(sc->sc_irq), sc->sc_irq);
4588 pci_release_msi(dev);
4590 if (sc->sc_mem != NULL)
4591 bus_release_resource(dev, SYS_RES_MEMORY,
4592 rman_get_rid(sc->sc_mem), sc->sc_mem);
4598 iwm_attach(device_t dev)
4600 struct iwm_softc *sc = device_get_softc(dev);
4601 struct ieee80211com *ic = &sc->sc_ic;
4606 mtx_init(&sc->sc_mtx, "iwm_mtx", MTX_DEF, 0);
4607 mbufq_init(&sc->sc_snd, ifqmaxlen);
4608 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
4609 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
4610 sc->sc_tq = taskqueue_create("iwm_taskq", M_WAITOK,
4611 taskqueue_thread_enqueue, &sc->sc_tq);
4612 error = taskqueue_start_threads(&sc->sc_tq, 1, 0, "iwm_taskq");
4614 device_printf(dev, "can't start threads, error %d\n",
4620 error = iwm_pci_attach(dev);
4624 sc->sc_wantresp = -1;
4626 /* Check device type */
4627 error = iwm_dev_check(dev);
4631 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
4634 * We now start fiddling with the hardware
4636 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
4637 if (iwm_prepare_card_hw(sc) != 0) {
4638 device_printf(dev, "could not initialize hardware\n");
4642 /* Allocate DMA memory for firmware transfers. */
4643 if ((error = iwm_alloc_fwmem(sc)) != 0) {
4644 device_printf(dev, "could not allocate memory for firmware\n");
4648 /* Allocate "Keep Warm" page. */
4649 if ((error = iwm_alloc_kw(sc)) != 0) {
4650 device_printf(dev, "could not allocate keep warm page\n");
4654 /* We use ICT interrupts */
4655 if ((error = iwm_alloc_ict(sc)) != 0) {
4656 device_printf(dev, "could not allocate ICT table\n");
4660 /* Allocate TX scheduler "rings". */
4661 if ((error = iwm_alloc_sched(sc)) != 0) {
4662 device_printf(dev, "could not allocate TX scheduler rings\n");
4666 /* Allocate TX rings */
4667 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
4668 if ((error = iwm_alloc_tx_ring(sc,
4669 &sc->txq[txq_i], txq_i)) != 0) {
4671 "could not allocate TX ring %d\n",
4677 /* Allocate RX ring. */
4678 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
4679 device_printf(dev, "could not allocate RX ring\n");
4683 /* Clear pending interrupts. */
4684 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
4687 ic->ic_name = device_get_nameunit(sc->sc_dev);
4688 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
4689 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
4691 /* Set device capabilities. */
4694 IEEE80211_C_WPA | /* WPA/RSN */
4696 IEEE80211_C_SHSLOT | /* short slot time supported */
4697 IEEE80211_C_SHPREAMBLE /* short preamble supported */
4698 // IEEE80211_C_BGSCAN /* capable of bg scanning */
4700 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
4701 sc->sc_phyctxt[i].id = i;
4702 sc->sc_phyctxt[i].color = 0;
4703 sc->sc_phyctxt[i].ref = 0;
4704 sc->sc_phyctxt[i].channel = NULL;
4708 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
4709 sc->sc_preinit_hook.ich_func = iwm_preinit;
4710 sc->sc_preinit_hook.ich_arg = sc;
4711 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
4712 device_printf(dev, "config_intrhook_establish failed\n");
4717 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
4718 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
4719 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
4722 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4723 "<-%s\n", __func__);
4727 /* Free allocated memory if something failed during attachment. */
4729 iwm_detach_local(sc, 0);
4735 iwm_update_edca(struct ieee80211com *ic)
4737 struct iwm_softc *sc = ic->ic_softc;
4739 device_printf(sc->sc_dev, "%s: called\n", __func__);
4744 iwm_preinit(void *arg)
4746 struct iwm_softc *sc = arg;
4747 device_t dev = sc->sc_dev;
4748 struct ieee80211com *ic = &sc->sc_ic;
4751 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4752 "->%s\n", __func__);
4755 if ((error = iwm_start_hw(sc)) != 0) {
4756 device_printf(dev, "could not initialize hardware\n");
4761 error = iwm_run_init_mvm_ucode(sc, 1);
4762 iwm_stop_device(sc);
4768 "revision: 0x%x, firmware %d.%d (API ver. %d)\n",
4769 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
4770 IWM_UCODE_MAJOR(sc->sc_fwver),
4771 IWM_UCODE_MINOR(sc->sc_fwver),
4772 IWM_UCODE_API(sc->sc_fwver));
4774 /* not all hardware can do 5GHz band */
4775 if (!sc->sc_nvm.sku_cap_band_52GHz_enable)
4776 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
4777 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
4781 * At this point we've committed - if we fail to do setup,
4782 * we now also have to tear down the net80211 state.
4784 ieee80211_ifattach(ic);
4785 ic->ic_vap_create = iwm_vap_create;
4786 ic->ic_vap_delete = iwm_vap_delete;
4787 ic->ic_raw_xmit = iwm_raw_xmit;
4788 ic->ic_node_alloc = iwm_node_alloc;
4789 ic->ic_scan_start = iwm_scan_start;
4790 ic->ic_scan_end = iwm_scan_end;
4791 ic->ic_update_mcast = iwm_update_mcast;
4792 ic->ic_set_channel = iwm_set_channel;
4793 ic->ic_scan_curchan = iwm_scan_curchan;
4794 ic->ic_scan_mindwell = iwm_scan_mindwell;
4795 ic->ic_wme.wme_update = iwm_update_edca;
4796 ic->ic_parent = iwm_parent;
4797 ic->ic_transmit = iwm_transmit;
4798 iwm_radiotap_attach(sc);
4800 ieee80211_announce(ic);
4802 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4803 "<-%s\n", __func__);
4804 config_intrhook_disestablish(&sc->sc_preinit_hook);
4808 config_intrhook_disestablish(&sc->sc_preinit_hook);
4809 iwm_detach_local(sc, 0);
4813 * Attach the interface to 802.11 radiotap.
4816 iwm_radiotap_attach(struct iwm_softc *sc)
4818 struct ieee80211com *ic = &sc->sc_ic;
4820 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4821 "->%s begin\n", __func__);
4822 ieee80211_radiotap_attach(ic,
4823 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
4824 IWM_TX_RADIOTAP_PRESENT,
4825 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
4826 IWM_RX_RADIOTAP_PRESENT);
4827 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4828 "->%s end\n", __func__);
4831 static struct ieee80211vap *
4832 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
4833 enum ieee80211_opmode opmode, int flags,
4834 const uint8_t bssid[IEEE80211_ADDR_LEN],
4835 const uint8_t mac[IEEE80211_ADDR_LEN])
4837 struct iwm_vap *ivp;
4838 struct ieee80211vap *vap;
4840 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
4842 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO);
4844 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
4845 vap->iv_bmissthreshold = 10; /* override default */
4846 /* Override with driver methods. */
4847 ivp->iv_newstate = vap->iv_newstate;
4848 vap->iv_newstate = iwm_newstate;
4850 ieee80211_ratectl_init(vap);
4851 /* Complete setup. */
4852 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status,
4854 ic->ic_opmode = opmode;
4860 iwm_vap_delete(struct ieee80211vap *vap)
4862 struct iwm_vap *ivp = IWM_VAP(vap);
4864 ieee80211_ratectl_deinit(vap);
4865 ieee80211_vap_detach(vap);
4866 free(ivp, M_80211_VAP);
4870 iwm_scan_start(struct ieee80211com *ic)
4872 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4873 struct iwm_softc *sc = ic->ic_softc;
4876 if (sc->sc_scanband)
4879 error = iwm_mvm_scan_request(sc, IEEE80211_CHAN_2GHZ, 0, NULL, 0);
4881 device_printf(sc->sc_dev, "could not initiate scan\n");
4883 ieee80211_cancel_scan(vap);
4889 iwm_scan_end(struct ieee80211com *ic)
4894 iwm_update_mcast(struct ieee80211com *ic)
4899 iwm_set_channel(struct ieee80211com *ic)
4904 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
4909 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
4915 iwm_init_task(void *arg1)
4917 struct iwm_softc *sc = arg1;
4920 while (sc->sc_flags & IWM_FLAG_BUSY)
4921 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
4922 sc->sc_flags |= IWM_FLAG_BUSY;
4924 if (sc->sc_ic.ic_nrunning > 0)
4926 sc->sc_flags &= ~IWM_FLAG_BUSY;
4927 wakeup(&sc->sc_flags);
4932 iwm_resume(device_t dev)
4936 /* Clear device-specific "PCI retry timeout" register (41h). */
4937 reg = pci_read_config(dev, 0x40, sizeof(reg));
4938 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg));
4939 iwm_init_task(device_get_softc(dev));
4945 iwm_suspend(device_t dev)
4947 struct iwm_softc *sc = device_get_softc(dev);
4949 if (sc->sc_ic.ic_nrunning > 0) {
4959 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
4961 struct iwm_fw_info *fw = &sc->sc_fw;
4962 device_t dev = sc->sc_dev;
4966 taskqueue_drain_all(sc->sc_tq);
4967 taskqueue_free(sc->sc_tq);
4969 callout_drain(&sc->sc_watchdog_to);
4970 iwm_stop_device(sc);
4972 ieee80211_ifdetach(&sc->sc_ic);
4974 /* Free descriptor rings */
4975 for (i = 0; i < nitems(sc->txq); i++)
4976 iwm_free_tx_ring(sc, &sc->txq[i]);
4979 if (fw->fw_rawdata != NULL)
4980 iwm_fw_info_free(fw);
4982 /* free scheduler */
4984 if (sc->ict_dma.vaddr != NULL)
4986 if (sc->kw_dma.vaddr != NULL)
4988 if (sc->fw_dma.vaddr != NULL)
4991 /* Finished with the hardware - detach things */
4992 iwm_pci_detach(dev);
4994 mbufq_drain(&sc->sc_snd);
4995 mtx_destroy(&sc->sc_mtx);
5001 iwm_detach(device_t dev)
5003 struct iwm_softc *sc = device_get_softc(dev);
5005 return (iwm_detach_local(sc, 1));
5008 static device_method_t iwm_pci_methods[] = {
5009 /* Device interface */
5010 DEVMETHOD(device_probe, iwm_probe),
5011 DEVMETHOD(device_attach, iwm_attach),
5012 DEVMETHOD(device_detach, iwm_detach),
5013 DEVMETHOD(device_suspend, iwm_suspend),
5014 DEVMETHOD(device_resume, iwm_resume),
5019 static driver_t iwm_pci_driver = {
5022 sizeof (struct iwm_softc)
5025 static devclass_t iwm_devclass;
5027 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
5028 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
5029 MODULE_DEPEND(iwm, pci, 1, 1, 1);
5030 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
projects / FreeBSD / FreeBSD.git / blob