1 /* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
27 ***********************************************************************
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
105 #include <sys/cdefs.h>
106 __FBSDID("$FreeBSD$");
108 #include "opt_wlan.h"
110 #include <sys/param.h>
112 #include <sys/conf.h>
113 #include <sys/endian.h>
114 #include <sys/firmware.h>
115 #include <sys/kernel.h>
116 #include <sys/malloc.h>
117 #include <sys/mbuf.h>
118 #include <sys/mutex.h>
119 #include <sys/module.h>
120 #include <sys/proc.h>
121 #include <sys/rman.h>
122 #include <sys/socket.h>
123 #include <sys/sockio.h>
124 #include <sys/sysctl.h>
125 #include <sys/linker.h>
127 #include <machine/bus.h>
128 #include <machine/endian.h>
129 #include <machine/resource.h>
131 #include <dev/pci/pcivar.h>
132 #include <dev/pci/pcireg.h>
137 #include <net/if_var.h>
138 #include <net/if_arp.h>
139 #include <net/if_dl.h>
140 #include <net/if_media.h>
141 #include <net/if_types.h>
143 #include <netinet/in.h>
144 #include <netinet/in_systm.h>
145 #include <netinet/if_ether.h>
146 #include <netinet/ip.h>
148 #include <net80211/ieee80211_var.h>
149 #include <net80211/ieee80211_regdomain.h>
150 #include <net80211/ieee80211_ratectl.h>
151 #include <net80211/ieee80211_radiotap.h>
153 #include <dev/iwm/if_iwmreg.h>
154 #include <dev/iwm/if_iwmvar.h>
155 #include <dev/iwm/if_iwm_config.h>
156 #include <dev/iwm/if_iwm_debug.h>
157 #include <dev/iwm/if_iwm_notif_wait.h>
158 #include <dev/iwm/if_iwm_util.h>
159 #include <dev/iwm/if_iwm_binding.h>
160 #include <dev/iwm/if_iwm_phy_db.h>
161 #include <dev/iwm/if_iwm_mac_ctxt.h>
162 #include <dev/iwm/if_iwm_phy_ctxt.h>
163 #include <dev/iwm/if_iwm_time_event.h>
164 #include <dev/iwm/if_iwm_power.h>
165 #include <dev/iwm/if_iwm_scan.h>
167 #include <dev/iwm/if_iwm_pcie_trans.h>
168 #include <dev/iwm/if_iwm_led.h>
169 #include <dev/iwm/if_iwm_fw.h>
171 const uint8_t iwm_nvm_channels[] = {
173 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
175 36, 40, 44, 48, 52, 56, 60, 64,
176 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
177 149, 153, 157, 161, 165
179 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS,
180 "IWM_NUM_CHANNELS is too small");
182 const uint8_t iwm_nvm_channels_8000[] = {
184 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
186 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92,
187 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
188 149, 153, 157, 161, 165, 169, 173, 177, 181
190 _Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000,
191 "IWM_NUM_CHANNELS_8000 is too small");
193 #define IWM_NUM_2GHZ_CHANNELS 14
194 #define IWM_N_HW_ADDR_MASK 0xF
197 * XXX For now, there's simply a fixed set of rate table entries
198 * that are populated.
200 const struct iwm_rate {
204 { 2, IWM_RATE_1M_PLCP },
205 { 4, IWM_RATE_2M_PLCP },
206 { 11, IWM_RATE_5M_PLCP },
207 { 22, IWM_RATE_11M_PLCP },
208 { 12, IWM_RATE_6M_PLCP },
209 { 18, IWM_RATE_9M_PLCP },
210 { 24, IWM_RATE_12M_PLCP },
211 { 36, IWM_RATE_18M_PLCP },
212 { 48, IWM_RATE_24M_PLCP },
213 { 72, IWM_RATE_36M_PLCP },
214 { 96, IWM_RATE_48M_PLCP },
215 { 108, IWM_RATE_54M_PLCP },
217 #define IWM_RIDX_CCK 0
218 #define IWM_RIDX_OFDM 4
219 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
220 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
221 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
223 struct iwm_nvm_section {
228 #define IWM_MVM_UCODE_ALIVE_TIMEOUT hz
229 #define IWM_MVM_UCODE_CALIB_TIMEOUT (2*hz)
231 struct iwm_mvm_alive_data {
233 uint32_t scd_base_addr;
236 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
237 static int iwm_firmware_store_section(struct iwm_softc *,
239 const uint8_t *, size_t);
240 static int iwm_set_default_calib(struct iwm_softc *, const void *);
241 static void iwm_fw_info_free(struct iwm_fw_info *);
242 static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type);
243 static int iwm_alloc_fwmem(struct iwm_softc *);
244 static int iwm_alloc_sched(struct iwm_softc *);
245 static int iwm_alloc_kw(struct iwm_softc *);
246 static int iwm_alloc_ict(struct iwm_softc *);
247 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
248 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
249 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
250 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
252 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
253 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
254 static void iwm_enable_interrupts(struct iwm_softc *);
255 static void iwm_restore_interrupts(struct iwm_softc *);
256 static void iwm_disable_interrupts(struct iwm_softc *);
257 static void iwm_ict_reset(struct iwm_softc *);
258 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
259 static void iwm_stop_device(struct iwm_softc *);
260 static void iwm_mvm_nic_config(struct iwm_softc *);
261 static int iwm_nic_rx_init(struct iwm_softc *);
262 static int iwm_nic_tx_init(struct iwm_softc *);
263 static int iwm_nic_init(struct iwm_softc *);
264 static int iwm_enable_txq(struct iwm_softc *, int, int, int);
265 static int iwm_trans_pcie_fw_alive(struct iwm_softc *, uint32_t);
266 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
267 uint16_t, uint8_t *, uint16_t *);
268 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
269 uint16_t *, uint32_t);
270 static uint32_t iwm_eeprom_channel_flags(uint16_t);
271 static void iwm_add_channel_band(struct iwm_softc *,
272 struct ieee80211_channel[], int, int *, int, size_t,
274 static void iwm_init_channel_map(struct ieee80211com *, int, int *,
275 struct ieee80211_channel[]);
276 static struct iwm_nvm_data *
277 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
278 const uint16_t *, const uint16_t *,
279 const uint16_t *, const uint16_t *,
281 static void iwm_free_nvm_data(struct iwm_nvm_data *);
282 static void iwm_set_hw_address_family_8000(struct iwm_softc *,
283 struct iwm_nvm_data *,
286 static int iwm_get_sku(const struct iwm_softc *, const uint16_t *,
288 static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *);
289 static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *,
291 static int iwm_get_n_hw_addrs(const struct iwm_softc *,
293 static void iwm_set_radio_cfg(const struct iwm_softc *,
294 struct iwm_nvm_data *, uint32_t);
295 static struct iwm_nvm_data *
296 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *);
297 static int iwm_nvm_init(struct iwm_softc *);
298 static int iwm_pcie_load_section(struct iwm_softc *, uint8_t,
299 const struct iwm_fw_desc *);
300 static int iwm_pcie_load_firmware_chunk(struct iwm_softc *, uint32_t,
301 bus_addr_t, uint32_t);
302 static int iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
303 const struct iwm_fw_sects *,
305 static int iwm_pcie_load_cpu_sections(struct iwm_softc *,
306 const struct iwm_fw_sects *,
308 static int iwm_pcie_load_given_ucode_8000(struct iwm_softc *,
309 const struct iwm_fw_sects *);
310 static int iwm_pcie_load_given_ucode(struct iwm_softc *,
311 const struct iwm_fw_sects *);
312 static int iwm_start_fw(struct iwm_softc *, const struct iwm_fw_sects *);
313 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
314 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
315 static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *,
316 enum iwm_ucode_type);
317 static int iwm_run_init_mvm_ucode(struct iwm_softc *, int);
318 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
319 static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *);
320 static int iwm_mvm_get_signal_strength(struct iwm_softc *,
321 struct iwm_rx_phy_info *);
322 static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *,
323 struct iwm_rx_packet *,
324 struct iwm_rx_data *);
325 static int iwm_get_noise(struct iwm_softc *sc,
326 const struct iwm_mvm_statistics_rx_non_phy *);
327 static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct mbuf *);
328 static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *,
329 struct iwm_rx_packet *,
331 static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *,
332 struct iwm_rx_data *);
333 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
335 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
338 static const struct iwm_rate *
339 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
340 struct mbuf *, struct iwm_tx_cmd *);
341 static int iwm_tx(struct iwm_softc *, struct mbuf *,
342 struct ieee80211_node *, int);
343 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
344 const struct ieee80211_bpf_params *);
345 static int iwm_mvm_flush_tx_path(struct iwm_softc *sc,
346 uint32_t tfd_msk, uint32_t flags);
347 static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *,
348 struct iwm_mvm_add_sta_cmd_v7 *,
350 static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *,
352 static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *);
353 static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *);
354 static int iwm_mvm_add_int_sta_common(struct iwm_softc *,
355 struct iwm_int_sta *,
356 const uint8_t *, uint16_t, uint16_t);
357 static int iwm_mvm_add_aux_sta(struct iwm_softc *);
358 static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *);
359 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
360 static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *);
361 static int iwm_release(struct iwm_softc *, struct iwm_node *);
362 static struct ieee80211_node *
363 iwm_node_alloc(struct ieee80211vap *,
364 const uint8_t[IEEE80211_ADDR_LEN]);
365 static void iwm_setrates(struct iwm_softc *, struct iwm_node *);
366 static int iwm_media_change(struct ifnet *);
367 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
368 static void iwm_endscan_cb(void *, int);
369 static void iwm_mvm_fill_sf_command(struct iwm_softc *,
370 struct iwm_sf_cfg_cmd *,
371 struct ieee80211_node *);
372 static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state);
373 static int iwm_send_bt_init_conf(struct iwm_softc *);
374 static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *);
375 static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t);
376 static int iwm_init_hw(struct iwm_softc *);
377 static void iwm_init(struct iwm_softc *);
378 static void iwm_start(struct iwm_softc *);
379 static void iwm_stop(struct iwm_softc *);
380 static void iwm_watchdog(void *);
381 static void iwm_parent(struct ieee80211com *);
384 iwm_desc_lookup(uint32_t);
385 static void iwm_nic_error(struct iwm_softc *);
386 static void iwm_nic_umac_error(struct iwm_softc *);
388 static void iwm_notif_intr(struct iwm_softc *);
389 static void iwm_intr(void *);
390 static int iwm_attach(device_t);
391 static int iwm_is_valid_ether_addr(uint8_t *);
392 static void iwm_preinit(void *);
393 static int iwm_detach_local(struct iwm_softc *sc, int);
394 static void iwm_init_task(void *);
395 static void iwm_radiotap_attach(struct iwm_softc *);
396 static struct ieee80211vap *
397 iwm_vap_create(struct ieee80211com *,
398 const char [IFNAMSIZ], int,
399 enum ieee80211_opmode, int,
400 const uint8_t [IEEE80211_ADDR_LEN],
401 const uint8_t [IEEE80211_ADDR_LEN]);
402 static void iwm_vap_delete(struct ieee80211vap *);
403 static void iwm_scan_start(struct ieee80211com *);
404 static void iwm_scan_end(struct ieee80211com *);
405 static void iwm_update_mcast(struct ieee80211com *);
406 static void iwm_set_channel(struct ieee80211com *);
407 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
408 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
409 static int iwm_detach(device_t);
416 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
418 const struct iwm_fw_cscheme_list *l = (const void *)data;
420 if (dlen < sizeof(*l) ||
421 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
424 /* we don't actually store anything for now, always use s/w crypto */
430 iwm_firmware_store_section(struct iwm_softc *sc,
431 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
433 struct iwm_fw_sects *fws;
434 struct iwm_fw_desc *fwone;
436 if (type >= IWM_UCODE_TYPE_MAX)
438 if (dlen < sizeof(uint32_t))
441 fws = &sc->sc_fw.fw_sects[type];
442 if (fws->fw_count >= IWM_UCODE_SECTION_MAX)
445 fwone = &fws->fw_sect[fws->fw_count];
447 /* first 32bit are device load offset */
448 memcpy(&fwone->offset, data, sizeof(uint32_t));
451 fwone->data = data + sizeof(uint32_t);
452 fwone->len = dlen - sizeof(uint32_t);
459 #define IWM_DEFAULT_SCAN_CHANNELS 40
461 /* iwlwifi: iwl-drv.c */
462 struct iwm_tlv_calib_data {
464 struct iwm_tlv_calib_ctrl calib;
468 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
470 const struct iwm_tlv_calib_data *def_calib = data;
471 uint32_t ucode_type = le32toh(def_calib->ucode_type);
473 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
474 device_printf(sc->sc_dev,
475 "Wrong ucode_type %u for default "
476 "calibration.\n", ucode_type);
480 sc->sc_default_calib[ucode_type].flow_trigger =
481 def_calib->calib.flow_trigger;
482 sc->sc_default_calib[ucode_type].event_trigger =
483 def_calib->calib.event_trigger;
489 iwm_fw_info_free(struct iwm_fw_info *fw)
491 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD);
493 /* don't touch fw->fw_status */
494 memset(fw->fw_sects, 0, sizeof(fw->fw_sects));
498 iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
500 struct iwm_fw_info *fw = &sc->sc_fw;
501 const struct iwm_tlv_ucode_header *uhdr;
502 struct iwm_ucode_tlv tlv;
503 enum iwm_ucode_tlv_type tlv_type;
504 const struct firmware *fwp;
506 uint32_t usniffer_img;
507 uint32_t paging_mem_size;
512 if (fw->fw_status == IWM_FW_STATUS_DONE &&
513 ucode_type != IWM_UCODE_INIT)
516 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS)
517 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0);
518 fw->fw_status = IWM_FW_STATUS_INPROGRESS;
520 if (fw->fw_fp != NULL)
521 iwm_fw_info_free(fw);
524 * Load firmware into driver memory.
528 fwp = firmware_get(sc->cfg->fw_name);
531 device_printf(sc->sc_dev,
532 "could not read firmware %s (error %d)\n",
533 sc->cfg->fw_name, error);
538 /* (Re-)Initialize default values. */
539 sc->sc_capaflags = 0;
540 sc->sc_capa_n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS;
541 memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa));
542 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc));
545 * Parse firmware contents
548 uhdr = (const void *)fw->fw_fp->data;
549 if (*(const uint32_t *)fw->fw_fp->data != 0
550 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
551 device_printf(sc->sc_dev, "invalid firmware %s\n",
557 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)",
558 IWM_UCODE_MAJOR(le32toh(uhdr->ver)),
559 IWM_UCODE_MINOR(le32toh(uhdr->ver)),
560 IWM_UCODE_API(le32toh(uhdr->ver)));
562 len = fw->fw_fp->datasize - sizeof(*uhdr);
564 while (len >= sizeof(tlv)) {
566 const void *tlv_data;
568 memcpy(&tlv, data, sizeof(tlv));
569 tlv_len = le32toh(tlv.length);
570 tlv_type = le32toh(tlv.type);
577 device_printf(sc->sc_dev,
578 "firmware too short: %zu bytes\n",
584 switch ((int)tlv_type) {
585 case IWM_UCODE_TLV_PROBE_MAX_LEN:
586 if (tlv_len < sizeof(uint32_t)) {
587 device_printf(sc->sc_dev,
588 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n",
594 sc->sc_capa_max_probe_len
595 = le32toh(*(const uint32_t *)tlv_data);
596 /* limit it to something sensible */
597 if (sc->sc_capa_max_probe_len >
598 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) {
599 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
600 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
601 "ridiculous\n", __func__);
606 case IWM_UCODE_TLV_PAN:
608 device_printf(sc->sc_dev,
609 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n",
615 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN;
617 case IWM_UCODE_TLV_FLAGS:
618 if (tlv_len < sizeof(uint32_t)) {
619 device_printf(sc->sc_dev,
620 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n",
627 * Apparently there can be many flags, but Linux driver
628 * parses only the first one, and so do we.
630 * XXX: why does this override IWM_UCODE_TLV_PAN?
631 * Intentional or a bug? Observations from
632 * current firmware file:
633 * 1) TLV_PAN is parsed first
634 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
635 * ==> this resets TLV_PAN to itself... hnnnk
637 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data);
639 case IWM_UCODE_TLV_CSCHEME:
640 if ((error = iwm_store_cscheme(sc,
641 tlv_data, tlv_len)) != 0) {
642 device_printf(sc->sc_dev,
643 "%s: iwm_store_cscheme(): returned %d\n",
649 case IWM_UCODE_TLV_NUM_OF_CPU:
650 if (tlv_len != sizeof(uint32_t)) {
651 device_printf(sc->sc_dev,
652 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) != sizeof(uint32_t)\n",
658 num_of_cpus = le32toh(*(const uint32_t *)tlv_data);
659 if (num_of_cpus == 2) {
660 fw->fw_sects[IWM_UCODE_REGULAR].is_dual_cpus =
662 fw->fw_sects[IWM_UCODE_INIT].is_dual_cpus =
664 fw->fw_sects[IWM_UCODE_WOWLAN].is_dual_cpus =
666 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) {
667 device_printf(sc->sc_dev,
668 "%s: Driver supports only 1 or 2 CPUs\n",
674 case IWM_UCODE_TLV_SEC_RT:
675 if ((error = iwm_firmware_store_section(sc,
676 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) {
677 device_printf(sc->sc_dev,
678 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n",
684 case IWM_UCODE_TLV_SEC_INIT:
685 if ((error = iwm_firmware_store_section(sc,
686 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) {
687 device_printf(sc->sc_dev,
688 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n",
694 case IWM_UCODE_TLV_SEC_WOWLAN:
695 if ((error = iwm_firmware_store_section(sc,
696 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) {
697 device_printf(sc->sc_dev,
698 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n",
704 case IWM_UCODE_TLV_DEF_CALIB:
705 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
706 device_printf(sc->sc_dev,
707 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n",
710 (int) sizeof(struct iwm_tlv_calib_data));
714 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
715 device_printf(sc->sc_dev,
716 "%s: iwm_set_default_calib() failed: %d\n",
722 case IWM_UCODE_TLV_PHY_SKU:
723 if (tlv_len != sizeof(uint32_t)) {
725 device_printf(sc->sc_dev,
726 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n",
731 sc->sc_fw.phy_config =
732 le32toh(*(const uint32_t *)tlv_data);
733 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config &
734 IWM_FW_PHY_CFG_TX_CHAIN) >>
735 IWM_FW_PHY_CFG_TX_CHAIN_POS;
736 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config &
737 IWM_FW_PHY_CFG_RX_CHAIN) >>
738 IWM_FW_PHY_CFG_RX_CHAIN_POS;
741 case IWM_UCODE_TLV_API_CHANGES_SET: {
742 const struct iwm_ucode_api *api;
743 if (tlv_len != sizeof(*api)) {
747 api = (const struct iwm_ucode_api *)tlv_data;
748 /* Flags may exceed 32 bits in future firmware. */
749 if (le32toh(api->api_index) > 0) {
750 device_printf(sc->sc_dev,
751 "unsupported API index %d\n",
752 le32toh(api->api_index));
755 sc->sc_ucode_api = le32toh(api->api_flags);
759 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: {
760 const struct iwm_ucode_capa *capa;
762 if (tlv_len != sizeof(*capa)) {
766 capa = (const struct iwm_ucode_capa *)tlv_data;
767 idx = le32toh(capa->api_index);
768 if (idx >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) {
769 device_printf(sc->sc_dev,
770 "unsupported API index %d\n", idx);
773 for (i = 0; i < 32; i++) {
774 if ((le32toh(capa->api_capa) & (1U << i)) == 0)
776 setbit(sc->sc_enabled_capa, i + (32 * idx));
781 case 48: /* undocumented TLV */
782 case IWM_UCODE_TLV_SDIO_ADMA_ADDR:
783 case IWM_UCODE_TLV_FW_GSCAN_CAPA:
784 /* ignore, not used by current driver */
787 case IWM_UCODE_TLV_SEC_RT_USNIFFER:
788 if ((error = iwm_firmware_store_section(sc,
789 IWM_UCODE_REGULAR_USNIFFER, tlv_data,
794 case IWM_UCODE_TLV_PAGING:
795 if (tlv_len != sizeof(uint32_t)) {
799 paging_mem_size = le32toh(*(const uint32_t *)tlv_data);
801 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
802 "%s: Paging: paging enabled (size = %u bytes)\n",
803 __func__, paging_mem_size);
804 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) {
805 device_printf(sc->sc_dev,
806 "%s: Paging: driver supports up to %u bytes for paging image\n",
807 __func__, IWM_MAX_PAGING_IMAGE_SIZE);
811 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) {
812 device_printf(sc->sc_dev,
813 "%s: Paging: image isn't multiple %u\n",
814 __func__, IWM_FW_PAGING_SIZE);
819 sc->sc_fw.fw_sects[IWM_UCODE_REGULAR].paging_mem_size =
821 usniffer_img = IWM_UCODE_REGULAR_USNIFFER;
822 sc->sc_fw.fw_sects[usniffer_img].paging_mem_size =
826 case IWM_UCODE_TLV_N_SCAN_CHANNELS:
827 if (tlv_len != sizeof(uint32_t)) {
831 sc->sc_capa_n_scan_channels =
832 le32toh(*(const uint32_t *)tlv_data);
835 case IWM_UCODE_TLV_FW_VERSION:
836 if (tlv_len != sizeof(uint32_t) * 3) {
840 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver),
842 le32toh(((const uint32_t *)tlv_data)[0]),
843 le32toh(((const uint32_t *)tlv_data)[1]),
844 le32toh(((const uint32_t *)tlv_data)[2]));
847 case IWM_UCODE_TLV_FW_MEM_SEG:
851 device_printf(sc->sc_dev,
852 "%s: unknown firmware section %d, abort\n",
858 len -= roundup(tlv_len, 4);
859 data += roundup(tlv_len, 4);
862 KASSERT(error == 0, ("unhandled error"));
866 device_printf(sc->sc_dev, "firmware parse error %d, "
867 "section type %d\n", error, tlv_type);
870 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) {
871 device_printf(sc->sc_dev,
872 "device uses unsupported power ops\n");
878 fw->fw_status = IWM_FW_STATUS_NONE;
879 if (fw->fw_fp != NULL)
880 iwm_fw_info_free(fw);
882 fw->fw_status = IWM_FW_STATUS_DONE;
889 * DMA resource routines
892 /* fwmem is used to load firmware onto the card */
894 iwm_alloc_fwmem(struct iwm_softc *sc)
896 /* Must be aligned on a 16-byte boundary. */
897 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
898 IWM_FH_MEM_TB_MAX_LENGTH, 16);
901 /* tx scheduler rings. not used? */
903 iwm_alloc_sched(struct iwm_softc *sc)
905 /* TX scheduler rings must be aligned on a 1KB boundary. */
906 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
907 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
910 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
912 iwm_alloc_kw(struct iwm_softc *sc)
914 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
917 /* interrupt cause table */
919 iwm_alloc_ict(struct iwm_softc *sc)
921 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
922 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
926 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
933 /* Allocate RX descriptors (256-byte aligned). */
934 size = IWM_RX_RING_COUNT * sizeof(uint32_t);
935 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
937 device_printf(sc->sc_dev,
938 "could not allocate RX ring DMA memory\n");
941 ring->desc = ring->desc_dma.vaddr;
943 /* Allocate RX status area (16-byte aligned). */
944 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
945 sizeof(*ring->stat), 16);
947 device_printf(sc->sc_dev,
948 "could not allocate RX status DMA memory\n");
951 ring->stat = ring->stat_dma.vaddr;
953 /* Create RX buffer DMA tag. */
954 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
955 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
956 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat);
958 device_printf(sc->sc_dev,
959 "%s: could not create RX buf DMA tag, error %d\n",
964 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */
965 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map);
967 device_printf(sc->sc_dev,
968 "%s: could not create RX buf DMA map, error %d\n",
973 * Allocate and map RX buffers.
975 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
976 struct iwm_rx_data *data = &ring->data[i];
977 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
979 device_printf(sc->sc_dev,
980 "%s: could not create RX buf DMA map, error %d\n",
986 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
992 fail: iwm_free_rx_ring(sc, ring);
997 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
999 /* Reset the ring state */
1003 * The hw rx ring index in shared memory must also be cleared,
1004 * otherwise the discrepancy can cause reprocessing chaos.
1006 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1010 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1014 iwm_dma_contig_free(&ring->desc_dma);
1015 iwm_dma_contig_free(&ring->stat_dma);
1017 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1018 struct iwm_rx_data *data = &ring->data[i];
1020 if (data->m != NULL) {
1021 bus_dmamap_sync(ring->data_dmat, data->map,
1022 BUS_DMASYNC_POSTREAD);
1023 bus_dmamap_unload(ring->data_dmat, data->map);
1027 if (data->map != NULL) {
1028 bus_dmamap_destroy(ring->data_dmat, data->map);
1032 if (ring->spare_map != NULL) {
1033 bus_dmamap_destroy(ring->data_dmat, ring->spare_map);
1034 ring->spare_map = NULL;
1036 if (ring->data_dmat != NULL) {
1037 bus_dma_tag_destroy(ring->data_dmat);
1038 ring->data_dmat = NULL;
1043 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
1055 /* Allocate TX descriptors (256-byte aligned). */
1056 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
1057 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1059 device_printf(sc->sc_dev,
1060 "could not allocate TX ring DMA memory\n");
1063 ring->desc = ring->desc_dma.vaddr;
1066 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
1067 * to allocate commands space for other rings.
1069 if (qid > IWM_MVM_CMD_QUEUE)
1072 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
1073 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
1075 device_printf(sc->sc_dev,
1076 "could not allocate TX cmd DMA memory\n");
1079 ring->cmd = ring->cmd_dma.vaddr;
1081 /* FW commands may require more mapped space than packets. */
1082 if (qid == IWM_MVM_CMD_QUEUE) {
1083 maxsize = IWM_RBUF_SIZE;
1087 nsegments = IWM_MAX_SCATTER - 2;
1090 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
1091 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize,
1092 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat);
1094 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
1098 paddr = ring->cmd_dma.paddr;
1099 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1100 struct iwm_tx_data *data = &ring->data[i];
1102 data->cmd_paddr = paddr;
1103 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
1104 + offsetof(struct iwm_tx_cmd, scratch);
1105 paddr += sizeof(struct iwm_device_cmd);
1107 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1109 device_printf(sc->sc_dev,
1110 "could not create TX buf DMA map\n");
1114 KASSERT(paddr == ring->cmd_dma.paddr + size,
1115 ("invalid physical address"));
1118 fail: iwm_free_tx_ring(sc, ring);
1123 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1127 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1128 struct iwm_tx_data *data = &ring->data[i];
1130 if (data->m != NULL) {
1131 bus_dmamap_sync(ring->data_dmat, data->map,
1132 BUS_DMASYNC_POSTWRITE);
1133 bus_dmamap_unload(ring->data_dmat, data->map);
1138 /* Clear TX descriptors. */
1139 memset(ring->desc, 0, ring->desc_dma.size);
1140 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1141 BUS_DMASYNC_PREWRITE);
1142 sc->qfullmsk &= ~(1 << ring->qid);
1146 if (ring->qid == IWM_MVM_CMD_QUEUE && sc->cmd_hold_nic_awake)
1147 iwm_pcie_clear_cmd_in_flight(sc);
1151 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1155 iwm_dma_contig_free(&ring->desc_dma);
1156 iwm_dma_contig_free(&ring->cmd_dma);
1158 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1159 struct iwm_tx_data *data = &ring->data[i];
1161 if (data->m != NULL) {
1162 bus_dmamap_sync(ring->data_dmat, data->map,
1163 BUS_DMASYNC_POSTWRITE);
1164 bus_dmamap_unload(ring->data_dmat, data->map);
1168 if (data->map != NULL) {
1169 bus_dmamap_destroy(ring->data_dmat, data->map);
1173 if (ring->data_dmat != NULL) {
1174 bus_dma_tag_destroy(ring->data_dmat);
1175 ring->data_dmat = NULL;
1180 * High-level hardware frobbing routines
1184 iwm_enable_interrupts(struct iwm_softc *sc)
1186 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1187 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1191 iwm_restore_interrupts(struct iwm_softc *sc)
1193 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1197 iwm_disable_interrupts(struct iwm_softc *sc)
1199 /* disable interrupts */
1200 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1202 /* acknowledge all interrupts */
1203 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1204 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1208 iwm_ict_reset(struct iwm_softc *sc)
1210 iwm_disable_interrupts(sc);
1212 /* Reset ICT table. */
1213 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1216 /* Set physical address of ICT table (4KB aligned). */
1217 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1218 IWM_CSR_DRAM_INT_TBL_ENABLE
1219 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER
1220 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1221 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1223 /* Switch to ICT interrupt mode in driver. */
1224 sc->sc_flags |= IWM_FLAG_USE_ICT;
1226 /* Re-enable interrupts. */
1227 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1228 iwm_enable_interrupts(sc);
1231 /* iwlwifi pcie/trans.c */
1234 * Since this .. hard-resets things, it's time to actually
1235 * mark the first vap (if any) as having no mac context.
1236 * It's annoying, but since the driver is potentially being
1237 * stop/start'ed whilst active (thanks openbsd port!) we
1238 * have to correctly track this.
1241 iwm_stop_device(struct iwm_softc *sc)
1243 struct ieee80211com *ic = &sc->sc_ic;
1244 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1248 /* tell the device to stop sending interrupts */
1249 iwm_disable_interrupts(sc);
1252 * FreeBSD-local: mark the first vap as not-uploaded,
1253 * so the next transition through auth/assoc
1254 * will correctly populate the MAC context.
1257 struct iwm_vap *iv = IWM_VAP(vap);
1258 iv->is_uploaded = 0;
1261 /* device going down, Stop using ICT table */
1262 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1264 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1266 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1268 if (iwm_nic_lock(sc)) {
1269 /* Stop each Tx DMA channel */
1270 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1272 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1273 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl);
1276 /* Wait for DMA channels to be idle */
1277 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask,
1279 device_printf(sc->sc_dev,
1280 "Failing on timeout while stopping DMA channel: [0x%08x]\n",
1281 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG));
1285 iwm_pcie_rx_stop(sc);
1288 iwm_reset_rx_ring(sc, &sc->rxq);
1290 /* Reset all TX rings. */
1291 for (qid = 0; qid < nitems(sc->txq); qid++)
1292 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1294 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1295 /* Power-down device's busmaster DMA clocks */
1296 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG,
1297 IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1301 /* Make sure (redundant) we've released our request to stay awake */
1302 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1303 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1305 /* Stop the device, and put it in low power state */
1308 /* Upon stop, the APM issues an interrupt if HW RF kill is set.
1309 * Clean again the interrupt here
1311 iwm_disable_interrupts(sc);
1312 /* stop and reset the on-board processor */
1313 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1316 * Even if we stop the HW, we still want the RF kill
1319 iwm_enable_rfkill_int(sc);
1320 iwm_check_rfkill(sc);
1323 /* iwlwifi: mvm/ops.c */
1325 iwm_mvm_nic_config(struct iwm_softc *sc)
1327 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1328 uint32_t reg_val = 0;
1329 uint32_t phy_config = iwm_mvm_get_phy_config(sc);
1331 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1332 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1333 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1334 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1335 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1336 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1339 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1340 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1341 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1342 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1344 /* radio configuration */
1345 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1346 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1347 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1349 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val);
1351 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1352 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1353 radio_cfg_step, radio_cfg_dash);
1356 * W/A : NIC is stuck in a reset state after Early PCIe power off
1357 * (PCIe power is lost before PERST# is asserted), causing ME FW
1358 * to lose ownership and not being able to obtain it back.
1360 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1361 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1362 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1363 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1368 iwm_nic_rx_init(struct iwm_softc *sc)
1371 * Initialize RX ring. This is from the iwn driver.
1373 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1376 iwm_pcie_rx_stop(sc);
1378 if (!iwm_nic_lock(sc))
1381 /* reset and flush pointers */
1382 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1383 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1384 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1385 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1387 /* Set physical address of RX ring (256-byte aligned). */
1389 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8);
1391 /* Set physical address of RX status (16-byte aligned). */
1393 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1396 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1397 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1398 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1399 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1400 IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK |
1401 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1402 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1403 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1405 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1407 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1408 if (sc->cfg->host_interrupt_operation_mode)
1409 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1412 * Thus sayeth el jefe (iwlwifi) via a comment:
1414 * This value should initially be 0 (before preparing any
1415 * RBs), should be 8 after preparing the first 8 RBs (for example)
1417 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1425 iwm_nic_tx_init(struct iwm_softc *sc)
1429 if (!iwm_nic_lock(sc))
1432 /* Deactivate TX scheduler. */
1433 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1435 /* Set physical address of "keep warm" page (16-byte aligned). */
1436 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1438 /* Initialize TX rings. */
1439 for (qid = 0; qid < nitems(sc->txq); qid++) {
1440 struct iwm_tx_ring *txq = &sc->txq[qid];
1442 /* Set physical address of TX ring (256-byte aligned). */
1443 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1444 txq->desc_dma.paddr >> 8);
1445 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1446 "%s: loading ring %d descriptors (%p) at %lx\n",
1449 (unsigned long) (txq->desc_dma.paddr >> 8));
1452 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE);
1460 iwm_nic_init(struct iwm_softc *sc)
1465 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1468 iwm_mvm_nic_config(sc);
1470 if ((error = iwm_nic_rx_init(sc)) != 0)
1474 * Ditto for TX, from iwn
1476 if ((error = iwm_nic_tx_init(sc)) != 0)
1479 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1480 "%s: shadow registers enabled\n", __func__);
1481 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1486 const uint8_t iwm_mvm_ac_to_tx_fifo[] = {
1494 iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo)
1496 if (!iwm_nic_lock(sc)) {
1497 device_printf(sc->sc_dev,
1498 "%s: cannot enable txq %d\n",
1504 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1506 if (qid == IWM_MVM_CMD_QUEUE) {
1507 /* unactivate before configuration */
1508 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1509 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE)
1510 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1514 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid));
1516 if (!iwm_nic_lock(sc)) {
1517 device_printf(sc->sc_dev,
1518 "%s: cannot enable txq %d\n", __func__, qid);
1521 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1524 iwm_write_mem32(sc, sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1525 /* Set scheduler window size and frame limit. */
1527 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1529 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1530 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1531 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1532 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1534 if (!iwm_nic_lock(sc)) {
1535 device_printf(sc->sc_dev,
1536 "%s: cannot enable txq %d\n", __func__, qid);
1539 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1540 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1541 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1542 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1543 IWM_SCD_QUEUE_STTS_REG_MSK);
1545 struct iwm_scd_txq_cfg_cmd cmd;
1550 memset(&cmd, 0, sizeof(cmd));
1551 cmd.scd_queue = qid;
1553 cmd.sta_id = sta_id;
1556 cmd.window = IWM_FRAME_LIMIT;
1558 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC,
1561 device_printf(sc->sc_dev,
1562 "cannot enable txq %d\n", qid);
1566 if (!iwm_nic_lock(sc))
1570 iwm_write_prph(sc, IWM_SCD_EN_CTRL,
1571 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid);
1575 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n",
1576 __func__, qid, fifo);
1582 iwm_trans_pcie_fw_alive(struct iwm_softc *sc, uint32_t scd_base_addr)
1586 int clear_dwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1587 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t);
1589 if (!iwm_nic_lock(sc))
1596 sc->scd_base_addr = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR);
1597 if (scd_base_addr != 0 &&
1598 scd_base_addr != sc->scd_base_addr) {
1599 device_printf(sc->sc_dev,
1600 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n",
1601 __func__, sc->scd_base_addr, scd_base_addr);
1604 /* reset context data, TX status and translation data */
1605 error = iwm_write_mem(sc,
1606 sc->scd_base_addr + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1607 NULL, clear_dwords);
1611 if (!iwm_nic_lock(sc))
1614 /* Set physical address of TX scheduler rings (1KB aligned). */
1615 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1617 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1621 /* enable command channel */
1622 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7);
1626 if (!iwm_nic_lock(sc))
1629 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1631 /* Enable DMA channels. */
1632 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1633 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1634 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1635 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1638 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1639 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1643 /* Enable L1-Active */
1644 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
1645 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1646 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1653 * NVM read access and content parsing. We do not support
1654 * external NVM or writing NVM.
1658 /* Default NVM size to read */
1659 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1661 #define IWM_NVM_WRITE_OPCODE 1
1662 #define IWM_NVM_READ_OPCODE 0
1664 /* load nvm chunk response */
1666 IWM_READ_NVM_CHUNK_SUCCEED = 0,
1667 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1
1671 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1672 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1674 struct iwm_nvm_access_cmd nvm_access_cmd = {
1675 .offset = htole16(offset),
1676 .length = htole16(length),
1677 .type = htole16(section),
1678 .op_code = IWM_NVM_READ_OPCODE,
1680 struct iwm_nvm_access_resp *nvm_resp;
1681 struct iwm_rx_packet *pkt;
1682 struct iwm_host_cmd cmd = {
1683 .id = IWM_NVM_ACCESS_CMD,
1684 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL,
1685 .data = { &nvm_access_cmd, },
1687 int ret, bytes_read, offset_read;
1690 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1692 ret = iwm_send_cmd(sc, &cmd);
1694 device_printf(sc->sc_dev,
1695 "Could not send NVM_ACCESS command (error=%d)\n", ret);
1701 /* Extract NVM response */
1702 nvm_resp = (void *)pkt->data;
1703 ret = le16toh(nvm_resp->status);
1704 bytes_read = le16toh(nvm_resp->length);
1705 offset_read = le16toh(nvm_resp->offset);
1706 resp_data = nvm_resp->data;
1708 if ((offset != 0) &&
1709 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) {
1711 * meaning of NOT_VALID_ADDRESS:
1712 * driver try to read chunk from address that is
1713 * multiple of 2K and got an error since addr is empty.
1714 * meaning of (offset != 0): driver already
1715 * read valid data from another chunk so this case
1718 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1719 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n",
1724 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1725 "NVM access command failed with status %d\n", ret);
1731 if (offset_read != offset) {
1732 device_printf(sc->sc_dev,
1733 "NVM ACCESS response with invalid offset %d\n",
1739 if (bytes_read > length) {
1740 device_printf(sc->sc_dev,
1741 "NVM ACCESS response with too much data "
1742 "(%d bytes requested, %d bytes received)\n",
1743 length, bytes_read);
1748 /* Write data to NVM */
1749 memcpy(data + offset, resp_data, bytes_read);
1753 iwm_free_resp(sc, &cmd);
1758 * Reads an NVM section completely.
1759 * NICs prior to 7000 family don't have a real NVM, but just read
1760 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1761 * by uCode, we need to manually check in this case that we don't
1762 * overflow and try to read more than the EEPROM size.
1763 * For 7000 family NICs, we supply the maximal size we can read, and
1764 * the uCode fills the response with as much data as we can,
1765 * without overflowing, so no check is needed.
1768 iwm_nvm_read_section(struct iwm_softc *sc,
1769 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read)
1771 uint16_t seglen, length, offset = 0;
1774 /* Set nvm section read length */
1775 length = IWM_NVM_DEFAULT_CHUNK_SIZE;
1779 /* Read the NVM until exhausted (reading less than requested) */
1780 while (seglen == length) {
1781 /* Check no memory assumptions fail and cause an overflow */
1782 if ((size_read + offset + length) >
1783 sc->cfg->eeprom_size) {
1784 device_printf(sc->sc_dev,
1785 "EEPROM size is too small for NVM\n");
1789 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen);
1791 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1792 "Cannot read NVM from section %d offset %d, length %d\n",
1793 section, offset, length);
1799 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1800 "NVM section %d read completed\n", section);
1806 * BEGIN IWM_NVM_PARSE
1809 /* iwlwifi/iwl-nvm-parse.c */
1811 /* NVM offsets (in words) definitions */
1812 enum iwm_nvm_offsets {
1813 /* NVM HW-Section offset (in words) definitions */
1816 /* NVM SW-Section offset (in words) definitions */
1817 IWM_NVM_SW_SECTION = 0x1C0,
1818 IWM_NVM_VERSION = 0,
1822 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1824 /* NVM calibration section offset (in words) definitions */
1825 IWM_NVM_CALIB_SECTION = 0x2B8,
1826 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1829 enum iwm_8000_nvm_offsets {
1830 /* NVM HW-Section offset (in words) definitions */
1831 IWM_HW_ADDR0_WFPM_8000 = 0x12,
1832 IWM_HW_ADDR1_WFPM_8000 = 0x16,
1833 IWM_HW_ADDR0_PCIE_8000 = 0x8A,
1834 IWM_HW_ADDR1_PCIE_8000 = 0x8E,
1835 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1,
1837 /* NVM SW-Section offset (in words) definitions */
1838 IWM_NVM_SW_SECTION_8000 = 0x1C0,
1839 IWM_NVM_VERSION_8000 = 0,
1840 IWM_RADIO_CFG_8000 = 0,
1842 IWM_N_HW_ADDRS_8000 = 3,
1844 /* NVM REGULATORY -Section offset (in words) definitions */
1845 IWM_NVM_CHANNELS_8000 = 0,
1846 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7,
1847 IWM_NVM_LAR_OFFSET_8000 = 0x507,
1848 IWM_NVM_LAR_ENABLED_8000 = 0x7,
1850 /* NVM calibration section offset (in words) definitions */
1851 IWM_NVM_CALIB_SECTION_8000 = 0x2B8,
1852 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000
1855 /* SKU Capabilities (actual values from NVM definition) */
1857 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1858 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1859 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1860 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1863 /* radio config bits (actual values from NVM definition) */
1864 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1865 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1866 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1867 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1868 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1869 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1871 #define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF)
1872 #define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF)
1873 #define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF)
1874 #define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF)
1875 #define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF)
1876 #define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF)
1878 #define DEFAULT_MAX_TX_POWER 16
1881 * enum iwm_nvm_channel_flags - channel flags in NVM
1882 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1883 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1884 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1885 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1886 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c
1887 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1888 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1889 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1890 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1891 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1893 enum iwm_nvm_channel_flags {
1894 IWM_NVM_CHANNEL_VALID = (1 << 0),
1895 IWM_NVM_CHANNEL_IBSS = (1 << 1),
1896 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
1897 IWM_NVM_CHANNEL_RADAR = (1 << 4),
1898 IWM_NVM_CHANNEL_DFS = (1 << 7),
1899 IWM_NVM_CHANNEL_WIDE = (1 << 8),
1900 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
1901 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
1902 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
1906 * Translate EEPROM flags to net80211.
1909 iwm_eeprom_channel_flags(uint16_t ch_flags)
1914 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0)
1915 nflags |= IEEE80211_CHAN_PASSIVE;
1916 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0)
1917 nflags |= IEEE80211_CHAN_NOADHOC;
1918 if (ch_flags & IWM_NVM_CHANNEL_RADAR) {
1919 nflags |= IEEE80211_CHAN_DFS;
1921 nflags |= IEEE80211_CHAN_NOADHOC;
1928 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[],
1929 int maxchans, int *nchans, int ch_idx, size_t ch_num,
1930 const uint8_t bands[])
1932 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags;
1938 for (; ch_idx < ch_num; ch_idx++) {
1939 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
1940 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1941 ieee = iwm_nvm_channels[ch_idx];
1943 ieee = iwm_nvm_channels_8000[ch_idx];
1945 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
1946 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1947 "Ch. %d Flags %x [%sGHz] - No traffic\n",
1949 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1954 nflags = iwm_eeprom_channel_flags(ch_flags);
1955 error = ieee80211_add_channel(chans, maxchans, nchans,
1956 ieee, 0, 0, nflags, bands);
1960 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1961 "Ch. %d Flags %x [%sGHz] - Added\n",
1963 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1969 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans,
1970 struct ieee80211_channel chans[])
1972 struct iwm_softc *sc = ic->ic_softc;
1973 struct iwm_nvm_data *data = sc->nvm_data;
1974 uint8_t bands[IEEE80211_MODE_BYTES];
1977 memset(bands, 0, sizeof(bands));
1978 /* 1-13: 11b/g channels. */
1979 setbit(bands, IEEE80211_MODE_11B);
1980 setbit(bands, IEEE80211_MODE_11G);
1981 iwm_add_channel_band(sc, chans, maxchans, nchans, 0,
1982 IWM_NUM_2GHZ_CHANNELS - 1, bands);
1984 /* 14: 11b channel only. */
1985 clrbit(bands, IEEE80211_MODE_11G);
1986 iwm_add_channel_band(sc, chans, maxchans, nchans,
1987 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands);
1989 if (data->sku_cap_band_52GHz_enable) {
1990 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1991 ch_num = nitems(iwm_nvm_channels);
1993 ch_num = nitems(iwm_nvm_channels_8000);
1994 memset(bands, 0, sizeof(bands));
1995 setbit(bands, IEEE80211_MODE_11A);
1996 iwm_add_channel_band(sc, chans, maxchans, nchans,
1997 IWM_NUM_2GHZ_CHANNELS, ch_num, bands);
2002 iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data,
2003 const uint16_t *mac_override, const uint16_t *nvm_hw)
2005 const uint8_t *hw_addr;
2008 static const uint8_t reserved_mac[] = {
2009 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00
2012 hw_addr = (const uint8_t *)(mac_override +
2013 IWM_MAC_ADDRESS_OVERRIDE_8000);
2016 * Store the MAC address from MAO section.
2017 * No byte swapping is required in MAO section
2019 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr);
2022 * Force the use of the OTP MAC address in case of reserved MAC
2023 * address in the NVM, or if address is given but invalid.
2025 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) &&
2026 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) &&
2027 iwm_is_valid_ether_addr(data->hw_addr) &&
2028 !IEEE80211_IS_MULTICAST(data->hw_addr))
2031 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2032 "%s: mac address from nvm override section invalid\n",
2037 /* read the mac address from WFMP registers */
2038 uint32_t mac_addr0 =
2039 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0));
2040 uint32_t mac_addr1 =
2041 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1));
2043 hw_addr = (const uint8_t *)&mac_addr0;
2044 data->hw_addr[0] = hw_addr[3];
2045 data->hw_addr[1] = hw_addr[2];
2046 data->hw_addr[2] = hw_addr[1];
2047 data->hw_addr[3] = hw_addr[0];
2049 hw_addr = (const uint8_t *)&mac_addr1;
2050 data->hw_addr[4] = hw_addr[1];
2051 data->hw_addr[5] = hw_addr[0];
2056 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__);
2057 memset(data->hw_addr, 0, sizeof(data->hw_addr));
2061 iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2062 const uint16_t *phy_sku)
2064 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2065 return le16_to_cpup(nvm_sw + IWM_SKU);
2067 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000));
2071 iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2073 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2074 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
2076 return le32_to_cpup((const uint32_t *)(nvm_sw +
2077 IWM_NVM_VERSION_8000));
2081 iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2082 const uint16_t *phy_sku)
2084 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2085 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
2087 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000));
2091 iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2095 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000)
2096 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
2098 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000));
2100 return n_hw_addr & IWM_N_HW_ADDR_MASK;
2104 iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data,
2107 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2108 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
2109 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
2110 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
2111 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
2115 /* set the radio configuration for family 8000 */
2116 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg);
2117 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg);
2118 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg);
2119 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg);
2120 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg);
2121 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg);
2125 iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data,
2126 const uint16_t *nvm_hw, const uint16_t *mac_override)
2128 #ifdef notyet /* for FAMILY 9000 */
2129 if (cfg->mac_addr_from_csr) {
2130 iwm_set_hw_address_from_csr(sc, data);
2133 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2134 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR);
2136 /* The byte order is little endian 16 bit, meaning 214365 */
2137 data->hw_addr[0] = hw_addr[1];
2138 data->hw_addr[1] = hw_addr[0];
2139 data->hw_addr[2] = hw_addr[3];
2140 data->hw_addr[3] = hw_addr[2];
2141 data->hw_addr[4] = hw_addr[5];
2142 data->hw_addr[5] = hw_addr[4];
2144 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw);
2147 if (!iwm_is_valid_ether_addr(data->hw_addr)) {
2148 device_printf(sc->sc_dev, "no valid mac address was found\n");
2155 static struct iwm_nvm_data *
2156 iwm_parse_nvm_data(struct iwm_softc *sc,
2157 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
2158 const uint16_t *nvm_calib, const uint16_t *mac_override,
2159 const uint16_t *phy_sku, const uint16_t *regulatory)
2161 struct iwm_nvm_data *data;
2162 uint32_t sku, radio_cfg;
2164 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) {
2165 data = malloc(sizeof(*data) +
2166 IWM_NUM_CHANNELS * sizeof(uint16_t),
2167 M_DEVBUF, M_NOWAIT | M_ZERO);
2169 data = malloc(sizeof(*data) +
2170 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t),
2171 M_DEVBUF, M_NOWAIT | M_ZERO);
2176 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw);
2178 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku);
2179 iwm_set_radio_cfg(sc, data, radio_cfg);
2181 sku = iwm_get_sku(sc, nvm_sw, phy_sku);
2182 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
2183 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
2184 data->sku_cap_11n_enable = 0;
2186 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw);
2188 /* If no valid mac address was found - bail out */
2189 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) {
2190 free(data, M_DEVBUF);
2194 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2195 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS],
2196 IWM_NUM_CHANNELS * sizeof(uint16_t));
2198 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000],
2199 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t));
2206 iwm_free_nvm_data(struct iwm_nvm_data *data)
2209 free(data, M_DEVBUF);
2212 static struct iwm_nvm_data *
2213 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
2215 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku;
2217 /* Checking for required sections */
2218 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2219 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2220 !sections[sc->cfg->nvm_hw_section_num].data) {
2221 device_printf(sc->sc_dev,
2222 "Can't parse empty OTP/NVM sections\n");
2225 } else if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
2226 /* SW and REGULATORY sections are mandatory */
2227 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2228 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) {
2229 device_printf(sc->sc_dev,
2230 "Can't parse empty OTP/NVM sections\n");
2233 /* MAC_OVERRIDE or at least HW section must exist */
2234 if (!sections[sc->cfg->nvm_hw_section_num].data &&
2235 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) {
2236 device_printf(sc->sc_dev,
2237 "Can't parse mac_address, empty sections\n");
2241 /* PHY_SKU section is mandatory in B0 */
2242 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) {
2243 device_printf(sc->sc_dev,
2244 "Can't parse phy_sku in B0, empty sections\n");
2248 panic("unknown device family %d\n", sc->cfg->device_family);
2251 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data;
2252 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
2253 calib = (const uint16_t *)
2254 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
2255 regulatory = (const uint16_t *)
2256 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data;
2257 mac_override = (const uint16_t *)
2258 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data;
2259 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data;
2261 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override,
2262 phy_sku, regulatory);
2266 iwm_nvm_init(struct iwm_softc *sc)
2268 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS];
2269 int i, ret, section;
2270 uint32_t size_read = 0;
2271 uint8_t *nvm_buffer, *temp;
2274 memset(nvm_sections, 0, sizeof(nvm_sections));
2276 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS)
2279 /* load NVM values from nic */
2280 /* Read From FW NVM */
2281 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n");
2283 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO);
2286 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) {
2287 /* we override the constness for initial read */
2288 ret = iwm_nvm_read_section(sc, section, nvm_buffer,
2293 temp = malloc(len, M_DEVBUF, M_NOWAIT);
2298 memcpy(temp, nvm_buffer, len);
2300 nvm_sections[section].data = temp;
2301 nvm_sections[section].length = len;
2304 device_printf(sc->sc_dev, "OTP is blank\n");
2305 free(nvm_buffer, M_DEVBUF);
2307 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections);
2310 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
2311 "nvm version = %x\n", sc->nvm_data->nvm_version);
2313 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) {
2314 if (nvm_sections[i].data != NULL)
2315 free(nvm_sections[i].data, M_DEVBUF);
2322 iwm_pcie_load_section(struct iwm_softc *sc, uint8_t section_num,
2323 const struct iwm_fw_desc *section)
2325 struct iwm_dma_info *dma = &sc->fw_dma;
2328 uint32_t offset, chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, section->len);
2331 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2332 "%s: [%d] uCode section being loaded...\n",
2333 __func__, section_num);
2335 v_addr = dma->vaddr;
2336 p_addr = dma->paddr;
2338 for (offset = 0; offset < section->len; offset += chunk_sz) {
2339 uint32_t copy_size, dst_addr;
2340 int extended_addr = FALSE;
2342 copy_size = MIN(chunk_sz, section->len - offset);
2343 dst_addr = section->offset + offset;
2345 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2346 dst_addr <= IWM_FW_MEM_EXTENDED_END)
2347 extended_addr = TRUE;
2350 iwm_set_bits_prph(sc, IWM_LMPM_CHICK,
2351 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2353 memcpy(v_addr, (const uint8_t *)section->data + offset,
2355 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
2356 ret = iwm_pcie_load_firmware_chunk(sc, dst_addr, p_addr,
2360 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK,
2361 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2364 device_printf(sc->sc_dev,
2365 "%s: Could not load the [%d] uCode section\n",
2366 __func__, section_num);
2378 iwm_pcie_load_firmware_chunk(struct iwm_softc *sc, uint32_t dst_addr,
2379 bus_addr_t phy_addr, uint32_t byte_cnt)
2383 sc->sc_fw_chunk_done = 0;
2385 if (!iwm_nic_lock(sc))
2388 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2389 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
2391 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
2394 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
2395 phy_addr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
2397 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
2398 (iwm_get_dma_hi_addr(phy_addr)
2399 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
2401 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
2402 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
2403 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
2404 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
2406 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2407 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
2408 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
2409 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
2413 /* wait up to 5s for this segment to load */
2415 while (!sc->sc_fw_chunk_done) {
2416 ret = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz);
2422 device_printf(sc->sc_dev,
2423 "fw chunk addr 0x%x len %d failed to load\n",
2424 dst_addr, byte_cnt);
2432 iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
2433 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section)
2436 int i, ret = 0, sec_num = 0x1;
2437 uint32_t val, last_read_idx = 0;
2441 *first_ucode_section = 0;
2444 (*first_ucode_section)++;
2447 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2451 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2453 * PAGING_SEPARATOR_SECTION delimiter - separate between
2454 * CPU2 non paged to CPU2 paging sec.
2456 if (!image->fw_sect[i].data ||
2457 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2458 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2459 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2460 "Break since Data not valid or Empty section, sec = %d\n",
2464 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]);
2468 /* Notify the ucode of the loaded section number and status */
2469 if (iwm_nic_lock(sc)) {
2470 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS);
2471 val = val | (sec_num << shift_param);
2472 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val);
2473 sec_num = (sec_num << 1) | 0x1;
2478 *first_ucode_section = last_read_idx;
2480 iwm_enable_interrupts(sc);
2482 if (iwm_nic_lock(sc)) {
2484 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF);
2486 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
2494 iwm_pcie_load_cpu_sections(struct iwm_softc *sc,
2495 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section)
2499 uint32_t last_read_idx = 0;
2503 *first_ucode_section = 0;
2506 (*first_ucode_section)++;
2509 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2513 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2515 * PAGING_SEPARATOR_SECTION delimiter - separate between
2516 * CPU2 non paged to CPU2 paging sec.
2518 if (!image->fw_sect[i].data ||
2519 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2520 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2521 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2522 "Break since Data not valid or Empty section, sec = %d\n",
2527 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]);
2532 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
2533 iwm_set_bits_prph(sc,
2534 IWM_CSR_UCODE_LOAD_STATUS_ADDR,
2535 (IWM_LMPM_CPU_UCODE_LOADING_COMPLETED |
2536 IWM_LMPM_CPU_HDRS_LOADING_COMPLETED |
2537 IWM_LMPM_CPU_UCODE_LOADING_STARTED) <<
2540 *first_ucode_section = last_read_idx;
2547 iwm_pcie_load_given_ucode(struct iwm_softc *sc,
2548 const struct iwm_fw_sects *image)
2551 int first_ucode_section;
2553 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2554 image->is_dual_cpus ? "Dual" : "Single");
2556 /* load to FW the binary non secured sections of CPU1 */
2557 ret = iwm_pcie_load_cpu_sections(sc, image, 1, &first_ucode_section);
2561 if (image->is_dual_cpus) {
2562 /* set CPU2 header address */
2564 IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR,
2565 IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE);
2567 /* load to FW the binary sections of CPU2 */
2568 ret = iwm_pcie_load_cpu_sections(sc, image, 2,
2569 &first_ucode_section);
2574 iwm_enable_interrupts(sc);
2576 /* release CPU reset */
2577 IWM_WRITE(sc, IWM_CSR_RESET, 0);
2583 iwm_pcie_load_given_ucode_8000(struct iwm_softc *sc,
2584 const struct iwm_fw_sects *image)
2587 int first_ucode_section;
2589 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2590 image->is_dual_cpus ? "Dual" : "Single");
2592 /* configure the ucode to be ready to get the secured image */
2593 /* release CPU reset */
2594 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, IWM_RELEASE_CPU_RESET_BIT);
2596 /* load to FW the binary Secured sections of CPU1 */
2597 ret = iwm_pcie_load_cpu_sections_8000(sc, image, 1,
2598 &first_ucode_section);
2602 /* load to FW the binary sections of CPU2 */
2603 return iwm_pcie_load_cpu_sections_8000(sc, image, 2,
2604 &first_ucode_section);
2607 /* XXX Get rid of this definition */
2609 iwm_enable_fw_load_int(struct iwm_softc *sc)
2611 IWM_DPRINTF(sc, IWM_DEBUG_INTR, "Enabling FW load interrupt\n");
2612 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX;
2613 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
2616 /* XXX Add proper rfkill support code */
2618 iwm_start_fw(struct iwm_softc *sc,
2619 const struct iwm_fw_sects *fw)
2623 /* This may fail if AMT took ownership of the device */
2624 if (iwm_prepare_card_hw(sc)) {
2625 device_printf(sc->sc_dev,
2626 "%s: Exit HW not ready\n", __func__);
2631 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2633 iwm_disable_interrupts(sc);
2635 /* make sure rfkill handshake bits are cleared */
2636 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2637 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
2638 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
2640 /* clear (again), then enable host interrupts */
2641 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2643 ret = iwm_nic_init(sc);
2645 device_printf(sc->sc_dev, "%s: Unable to init nic\n", __func__);
2650 * Now, we load the firmware and don't want to be interrupted, even
2651 * by the RF-Kill interrupt (hence mask all the interrupt besides the
2652 * FH_TX interrupt which is needed to load the firmware). If the
2653 * RF-Kill switch is toggled, we will find out after having loaded
2654 * the firmware and return the proper value to the caller.
2656 iwm_enable_fw_load_int(sc);
2658 /* really make sure rfkill handshake bits are cleared */
2659 /* maybe we should write a few times more? just to make sure */
2660 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2661 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2663 /* Load the given image to the HW */
2664 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
2665 ret = iwm_pcie_load_given_ucode_8000(sc, fw);
2667 ret = iwm_pcie_load_given_ucode(sc, fw);
2669 /* XXX re-check RF-Kill state */
2676 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2678 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2679 .valid = htole32(valid_tx_ant),
2682 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2683 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2686 /* iwlwifi: mvm/fw.c */
2688 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2690 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2691 enum iwm_ucode_type ucode_type = sc->cur_ucode;
2693 /* Set parameters */
2694 phy_cfg_cmd.phy_cfg = htole32(iwm_mvm_get_phy_config(sc));
2695 phy_cfg_cmd.calib_control.event_trigger =
2696 sc->sc_default_calib[ucode_type].event_trigger;
2697 phy_cfg_cmd.calib_control.flow_trigger =
2698 sc->sc_default_calib[ucode_type].flow_trigger;
2700 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2701 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2702 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2703 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2707 iwm_alive_fn(struct iwm_softc *sc, struct iwm_rx_packet *pkt, void *data)
2709 struct iwm_mvm_alive_data *alive_data = data;
2710 struct iwm_mvm_alive_resp_ver1 *palive1;
2711 struct iwm_mvm_alive_resp_ver2 *palive2;
2712 struct iwm_mvm_alive_resp *palive;
2714 if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive1)) {
2715 palive1 = (void *)pkt->data;
2717 sc->support_umac_log = FALSE;
2718 sc->error_event_table =
2719 le32toh(palive1->error_event_table_ptr);
2720 sc->log_event_table =
2721 le32toh(palive1->log_event_table_ptr);
2722 alive_data->scd_base_addr = le32toh(palive1->scd_base_ptr);
2724 alive_data->valid = le16toh(palive1->status) ==
2725 IWM_ALIVE_STATUS_OK;
2726 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2727 "Alive VER1 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2728 le16toh(palive1->status), palive1->ver_type,
2729 palive1->ver_subtype, palive1->flags);
2730 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive2)) {
2731 palive2 = (void *)pkt->data;
2732 sc->error_event_table =
2733 le32toh(palive2->error_event_table_ptr);
2734 sc->log_event_table =
2735 le32toh(palive2->log_event_table_ptr);
2736 alive_data->scd_base_addr = le32toh(palive2->scd_base_ptr);
2737 sc->umac_error_event_table =
2738 le32toh(palive2->error_info_addr);
2740 alive_data->valid = le16toh(palive2->status) ==
2741 IWM_ALIVE_STATUS_OK;
2742 if (sc->umac_error_event_table)
2743 sc->support_umac_log = TRUE;
2745 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2746 "Alive VER2 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2747 le16toh(palive2->status), palive2->ver_type,
2748 palive2->ver_subtype, palive2->flags);
2750 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2751 "UMAC version: Major - 0x%x, Minor - 0x%x\n",
2752 palive2->umac_major, palive2->umac_minor);
2753 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive)) {
2754 palive = (void *)pkt->data;
2756 sc->error_event_table =
2757 le32toh(palive->error_event_table_ptr);
2758 sc->log_event_table =
2759 le32toh(palive->log_event_table_ptr);
2760 alive_data->scd_base_addr = le32toh(palive->scd_base_ptr);
2761 sc->umac_error_event_table =
2762 le32toh(palive->error_info_addr);
2764 alive_data->valid = le16toh(palive->status) ==
2765 IWM_ALIVE_STATUS_OK;
2766 if (sc->umac_error_event_table)
2767 sc->support_umac_log = TRUE;
2769 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2770 "Alive VER3 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n",
2771 le16toh(palive->status), palive->ver_type,
2772 palive->ver_subtype, palive->flags);
2774 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2775 "UMAC version: Major - 0x%x, Minor - 0x%x\n",
2776 le32toh(palive->umac_major),
2777 le32toh(palive->umac_minor));
2784 iwm_wait_phy_db_entry(struct iwm_softc *sc,
2785 struct iwm_rx_packet *pkt, void *data)
2787 struct iwm_phy_db *phy_db = data;
2789 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) {
2790 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) {
2791 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n",
2792 __func__, pkt->hdr.code);
2797 if (iwm_phy_db_set_section(phy_db, pkt)) {
2798 device_printf(sc->sc_dev,
2799 "%s: iwm_phy_db_set_section failed\n", __func__);
2806 iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc,
2807 enum iwm_ucode_type ucode_type)
2809 struct iwm_notification_wait alive_wait;
2810 struct iwm_mvm_alive_data alive_data;
2811 const struct iwm_fw_sects *fw;
2812 enum iwm_ucode_type old_type = sc->cur_ucode;
2814 static const uint16_t alive_cmd[] = { IWM_MVM_ALIVE };
2816 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) {
2817 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n",
2821 fw = &sc->sc_fw.fw_sects[ucode_type];
2822 sc->cur_ucode = ucode_type;
2823 sc->ucode_loaded = FALSE;
2825 memset(&alive_data, 0, sizeof(alive_data));
2826 iwm_init_notification_wait(sc->sc_notif_wait, &alive_wait,
2827 alive_cmd, nitems(alive_cmd),
2828 iwm_alive_fn, &alive_data);
2830 error = iwm_start_fw(sc, fw);
2832 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error);
2833 sc->cur_ucode = old_type;
2834 iwm_remove_notification(sc->sc_notif_wait, &alive_wait);
2839 * Some things may run in the background now, but we
2840 * just wait for the ALIVE notification here.
2843 error = iwm_wait_notification(sc->sc_notif_wait, &alive_wait,
2844 IWM_MVM_UCODE_ALIVE_TIMEOUT);
2847 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
2848 device_printf(sc->sc_dev,
2849 "SecBoot CPU1 Status: 0x%x, CPU2 Status: 0x%x\n",
2850 iwm_read_prph(sc, IWM_SB_CPU_1_STATUS),
2851 iwm_read_prph(sc, IWM_SB_CPU_2_STATUS));
2853 sc->cur_ucode = old_type;
2857 if (!alive_data.valid) {
2858 device_printf(sc->sc_dev, "%s: Loaded ucode is not valid\n",
2860 sc->cur_ucode = old_type;
2864 iwm_trans_pcie_fw_alive(sc, alive_data.scd_base_addr);
2867 * configure and operate fw paging mechanism.
2868 * driver configures the paging flow only once, CPU2 paging image
2869 * included in the IWM_UCODE_INIT image.
2871 if (fw->paging_mem_size) {
2872 error = iwm_save_fw_paging(sc, fw);
2874 device_printf(sc->sc_dev,
2875 "%s: failed to save the FW paging image\n",
2880 error = iwm_send_paging_cmd(sc, fw);
2882 device_printf(sc->sc_dev,
2883 "%s: failed to send the paging cmd\n", __func__);
2884 iwm_free_fw_paging(sc);
2890 sc->ucode_loaded = TRUE;
2899 * follows iwlwifi/fw.c
2902 iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm)
2904 struct iwm_notification_wait calib_wait;
2905 static const uint16_t init_complete[] = {
2906 IWM_INIT_COMPLETE_NOTIF,
2907 IWM_CALIB_RES_NOTIF_PHY_DB
2911 /* do not operate with rfkill switch turned on */
2912 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2913 device_printf(sc->sc_dev,
2914 "radio is disabled by hardware switch\n");
2918 iwm_init_notification_wait(sc->sc_notif_wait,
2921 nitems(init_complete),
2922 iwm_wait_phy_db_entry,
2925 /* Will also start the device */
2926 ret = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_INIT);
2928 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n",
2935 ret = iwm_nvm_init(sc);
2937 device_printf(sc->sc_dev, "failed to read nvm\n");
2940 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr);
2944 ret = iwm_send_bt_init_conf(sc);
2946 device_printf(sc->sc_dev,
2947 "failed to send bt coex configuration: %d\n", ret);
2951 /* Init Smart FIFO. */
2952 ret = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF);
2956 /* Send TX valid antennas before triggering calibrations */
2957 ret = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc));
2959 device_printf(sc->sc_dev,
2960 "failed to send antennas before calibration: %d\n", ret);
2965 * Send phy configurations command to init uCode
2966 * to start the 16.0 uCode init image internal calibrations.
2968 ret = iwm_send_phy_cfg_cmd(sc);
2970 device_printf(sc->sc_dev,
2971 "%s: Failed to run INIT calibrations: %d\n",
2977 * Nothing to do but wait for the init complete notification
2978 * from the firmware.
2981 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait,
2982 IWM_MVM_UCODE_CALIB_TIMEOUT);
2989 iwm_remove_notification(sc->sc_notif_wait, &calib_wait);
2998 /* (re)stock rx ring, called at init-time and at runtime */
3000 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
3002 struct iwm_rx_ring *ring = &sc->rxq;
3003 struct iwm_rx_data *data = &ring->data[idx];
3005 bus_dmamap_t dmamap = NULL;
3006 bus_dma_segment_t seg;
3009 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
3013 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
3014 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m,
3015 &seg, &nsegs, BUS_DMA_NOWAIT);
3017 device_printf(sc->sc_dev,
3018 "%s: can't map mbuf, error %d\n", __func__, error);
3022 if (data->m != NULL)
3023 bus_dmamap_unload(ring->data_dmat, data->map);
3025 /* Swap ring->spare_map with data->map */
3027 data->map = ring->spare_map;
3028 ring->spare_map = dmamap;
3030 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
3033 /* Update RX descriptor. */
3034 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned"));
3035 ring->desc[idx] = htole32(seg.ds_addr >> 8);
3036 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3037 BUS_DMASYNC_PREWRITE);
3045 /* iwlwifi: mvm/rx.c */
3046 #define IWM_RSSI_OFFSET 50
3048 iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
3050 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm;
3051 uint32_t agc_a, agc_b;
3054 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]);
3055 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS;
3056 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS;
3058 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]);
3059 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS;
3060 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS;
3063 * dBm = rssi dB - agc dB - constant.
3064 * Higher AGC (higher radio gain) means lower signal.
3066 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a;
3067 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b;
3068 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm);
3070 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3071 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n",
3072 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b);
3074 return max_rssi_dbm;
3077 /* iwlwifi: mvm/rx.c */
3079 * iwm_mvm_get_signal_strength - use new rx PHY INFO API
3080 * values are reported by the fw as positive values - need to negate
3081 * to obtain their dBM. Account for missing antennas by replacing 0
3082 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
3085 iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
3087 int energy_a, energy_b, energy_c, max_energy;
3090 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
3091 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
3092 IWM_RX_INFO_ENERGY_ANT_A_POS;
3093 energy_a = energy_a ? -energy_a : -256;
3094 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
3095 IWM_RX_INFO_ENERGY_ANT_B_POS;
3096 energy_b = energy_b ? -energy_b : -256;
3097 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
3098 IWM_RX_INFO_ENERGY_ANT_C_POS;
3099 energy_c = energy_c ? -energy_c : -256;
3100 max_energy = MAX(energy_a, energy_b);
3101 max_energy = MAX(max_energy, energy_c);
3103 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3104 "energy In A %d B %d C %d , and max %d\n",
3105 energy_a, energy_b, energy_c, max_energy);
3111 iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc,
3112 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
3114 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
3116 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
3117 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3119 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
3123 * Retrieve the average noise (in dBm) among receivers.
3126 iwm_get_noise(struct iwm_softc *sc,
3127 const struct iwm_mvm_statistics_rx_non_phy *stats)
3129 int i, total, nbant, noise;
3131 total = nbant = noise = 0;
3132 for (i = 0; i < 3; i++) {
3133 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
3134 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n",
3145 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n",
3146 __func__, nbant, total);
3148 /* There should be at least one antenna but check anyway. */
3149 return (nbant == 0) ? -127 : (total / nbant) - 107;
3151 /* For now, just hard-code it to -96 to be safe */
3157 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
3159 * Handles the actual data of the Rx packet from the fw
3162 iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, struct mbuf *m)
3164 struct ieee80211com *ic = &sc->sc_ic;
3165 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3166 struct ieee80211_frame *wh;
3167 struct ieee80211_node *ni;
3168 struct ieee80211_rx_stats rxs;
3169 struct iwm_rx_phy_info *phy_info;
3170 struct iwm_rx_mpdu_res_start *rx_res;
3171 struct iwm_rx_packet *pkt = mtod(m, struct iwm_rx_packet *);
3173 uint32_t rx_pkt_status;
3176 phy_info = &sc->sc_last_phy_info;
3177 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
3178 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
3179 len = le16toh(rx_res->byte_count);
3180 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
3182 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
3183 device_printf(sc->sc_dev,
3184 "dsp size out of range [0,20]: %d\n",
3185 phy_info->cfg_phy_cnt);
3189 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
3190 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
3191 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3192 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
3196 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) {
3197 rssi = iwm_mvm_get_signal_strength(sc, phy_info);
3199 rssi = iwm_mvm_calc_rssi(sc, phy_info);
3202 /* Note: RSSI is absolute (ie a -ve value) */
3203 if (rssi < IWM_MIN_DBM)
3205 else if (rssi > IWM_MAX_DBM)
3208 /* Map it to relative value */
3209 rssi = rssi - sc->sc_noise;
3211 /* replenish ring for the buffer we're going to feed to the sharks */
3212 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
3213 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
3218 m->m_data = pkt->data + sizeof(*rx_res);
3219 m->m_pkthdr.len = m->m_len = len;
3221 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3222 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise);
3224 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
3226 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3227 "%s: phy_info: channel=%d, flags=0x%08x\n",
3229 le16toh(phy_info->channel),
3230 le16toh(phy_info->phy_flags));
3233 * Populate an RX state struct with the provided information.
3235 bzero(&rxs, sizeof(rxs));
3236 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
3237 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
3238 rxs.c_ieee = le16toh(phy_info->channel);
3239 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
3240 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
3242 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
3245 /* rssi is in 1/2db units */
3246 rxs.c_rssi = rssi * 2;
3247 rxs.c_nf = sc->sc_noise;
3248 if (ieee80211_add_rx_params(m, &rxs) == 0) {
3250 ieee80211_free_node(ni);
3254 if (ieee80211_radiotap_active_vap(vap)) {
3255 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
3258 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
3259 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3260 tap->wr_chan_freq = htole16(rxs.c_freq);
3261 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
3262 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
3263 tap->wr_dbm_antsignal = (int8_t)rssi;
3264 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
3265 tap->wr_tsft = phy_info->system_timestamp;
3266 switch (phy_info->rate) {
3268 case 10: tap->wr_rate = 2; break;
3269 case 20: tap->wr_rate = 4; break;
3270 case 55: tap->wr_rate = 11; break;
3271 case 110: tap->wr_rate = 22; break;
3273 case 0xd: tap->wr_rate = 12; break;
3274 case 0xf: tap->wr_rate = 18; break;
3275 case 0x5: tap->wr_rate = 24; break;
3276 case 0x7: tap->wr_rate = 36; break;
3277 case 0x9: tap->wr_rate = 48; break;
3278 case 0xb: tap->wr_rate = 72; break;
3279 case 0x1: tap->wr_rate = 96; break;
3280 case 0x3: tap->wr_rate = 108; break;
3281 /* Unknown rate: should not happen. */
3282 default: tap->wr_rate = 0;
3288 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
3289 ieee80211_input_mimo(ni, m);
3290 ieee80211_free_node(ni);
3292 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
3293 ieee80211_input_mimo_all(ic, m);
3300 counter_u64_add(ic->ic_ierrors, 1);
3304 iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
3305 struct iwm_node *in)
3307 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data;
3308 struct ieee80211_ratectl_tx_status *txs = &sc->sc_txs;
3309 struct ieee80211_node *ni = &in->in_ni;
3310 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
3312 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
3314 /* Update rate control statistics. */
3315 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n",
3317 (int) le16toh(tx_resp->status.status),
3318 (int) le16toh(tx_resp->status.sequence),
3319 tx_resp->frame_count,
3320 tx_resp->bt_kill_count,
3321 tx_resp->failure_rts,
3322 tx_resp->failure_frame,
3323 le32toh(tx_resp->initial_rate),
3324 (int) le16toh(tx_resp->wireless_media_time));
3326 txs->flags = IEEE80211_RATECTL_STATUS_SHORT_RETRY |
3327 IEEE80211_RATECTL_STATUS_LONG_RETRY;
3328 txs->short_retries = tx_resp->failure_rts;
3329 txs->long_retries = tx_resp->failure_frame;
3330 if (status != IWM_TX_STATUS_SUCCESS &&
3331 status != IWM_TX_STATUS_DIRECT_DONE) {
3333 case IWM_TX_STATUS_FAIL_SHORT_LIMIT:
3334 txs->status = IEEE80211_RATECTL_TX_FAIL_SHORT;
3336 case IWM_TX_STATUS_FAIL_LONG_LIMIT:
3337 txs->status = IEEE80211_RATECTL_TX_FAIL_LONG;
3339 case IWM_TX_STATUS_FAIL_LIFE_EXPIRE:
3340 txs->status = IEEE80211_RATECTL_TX_FAIL_EXPIRED;
3343 txs->status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED;
3347 txs->status = IEEE80211_RATECTL_TX_SUCCESS;
3349 ieee80211_ratectl_tx_complete(ni, txs);
3351 return (txs->status != IEEE80211_RATECTL_TX_SUCCESS);
3355 iwm_mvm_rx_tx_cmd(struct iwm_softc *sc,
3356 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
3358 struct iwm_cmd_header *cmd_hdr = &pkt->hdr;
3359 int idx = cmd_hdr->idx;
3360 int qid = cmd_hdr->qid;
3361 struct iwm_tx_ring *ring = &sc->txq[qid];
3362 struct iwm_tx_data *txd = &ring->data[idx];
3363 struct iwm_node *in = txd->in;
3364 struct mbuf *m = txd->m;
3367 KASSERT(txd->done == 0, ("txd not done"));
3368 KASSERT(txd->in != NULL, ("txd without node"));
3369 KASSERT(txd->m != NULL, ("txd without mbuf"));
3371 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3373 sc->sc_tx_timer = 0;
3375 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in);
3377 /* Unmap and free mbuf. */
3378 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
3379 bus_dmamap_unload(ring->data_dmat, txd->map);
3381 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3382 "free txd %p, in %p\n", txd, txd->in);
3387 ieee80211_tx_complete(&in->in_ni, m, status);
3389 if (--ring->queued < IWM_TX_RING_LOMARK) {
3390 sc->qfullmsk &= ~(1 << ring->qid);
3391 if (sc->qfullmsk == 0) {
3402 * Process a "command done" firmware notification. This is where we wakeup
3403 * processes waiting for a synchronous command completion.
3407 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3409 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE];
3410 struct iwm_tx_data *data;
3412 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) {
3413 return; /* Not a command ack. */
3416 /* XXX wide commands? */
3417 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
3418 "cmd notification type 0x%x qid %d idx %d\n",
3419 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx);
3421 data = &ring->data[pkt->hdr.idx];
3423 /* If the command was mapped in an mbuf, free it. */
3424 if (data->m != NULL) {
3425 bus_dmamap_sync(ring->data_dmat, data->map,
3426 BUS_DMASYNC_POSTWRITE);
3427 bus_dmamap_unload(ring->data_dmat, data->map);
3431 wakeup(&ring->desc[pkt->hdr.idx]);
3433 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) {
3434 device_printf(sc->sc_dev,
3435 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n",
3436 __func__, pkt->hdr.idx, ring->queued, ring->cur);
3437 /* XXX call iwm_force_nmi() */
3440 KASSERT(ring->queued > 0, ("ring->queued is empty?"));
3442 if (ring->queued == 0)
3443 iwm_pcie_clear_cmd_in_flight(sc);
3448 * necessary only for block ack mode
3451 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
3454 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
3457 scd_bc_tbl = sc->sched_dma.vaddr;
3459 len += 8; /* magic numbers came naturally from paris */
3460 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE)
3461 len = roundup(len, 4) / 4;
3463 w_val = htole16(sta_id << 12 | len);
3465 /* Update TX scheduler. */
3466 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
3467 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3468 BUS_DMASYNC_PREWRITE);
3470 /* I really wonder what this is ?!? */
3471 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
3472 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
3473 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3474 BUS_DMASYNC_PREWRITE);
3480 * Take an 802.11 (non-n) rate, find the relevant rate
3481 * table entry. return the index into in_ridx[].
3483 * The caller then uses that index back into in_ridx
3484 * to figure out the rate index programmed /into/
3485 * the firmware for this given node.
3488 iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in,
3494 for (i = 0; i < nitems(in->in_ridx); i++) {
3495 r = iwm_rates[in->in_ridx[i]].rate;
3500 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3501 "%s: couldn't find an entry for rate=%d\n",
3505 /* XXX Return the first */
3506 /* XXX TODO: have it return the /lowest/ */
3511 iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate)
3515 for (i = 0; i < nitems(iwm_rates); i++) {
3516 if (iwm_rates[i].rate == rate)
3520 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3521 "%s: couldn't find an entry for rate=%d\n",
3528 * Fill in the rate related information for a transmit command.
3530 static const struct iwm_rate *
3531 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
3532 struct mbuf *m, struct iwm_tx_cmd *tx)
3534 struct ieee80211_node *ni = &in->in_ni;
3535 struct ieee80211_frame *wh;
3536 const struct ieee80211_txparam *tp = ni->ni_txparms;
3537 const struct iwm_rate *rinfo;
3539 int ridx, rate_flags;
3541 wh = mtod(m, struct ieee80211_frame *);
3542 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3544 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
3545 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
3547 if (type == IEEE80211_FC0_TYPE_MGT ||
3548 type == IEEE80211_FC0_TYPE_CTL ||
3549 (m->m_flags & M_EAPOL) != 0) {
3550 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate);
3551 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3552 "%s: MGT (%d)\n", __func__, tp->mgmtrate);
3553 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3554 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate);
3555 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3556 "%s: MCAST (%d)\n", __func__, tp->mcastrate);
3557 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
3558 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate);
3559 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3560 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate);
3564 /* for data frames, use RS table */
3565 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__);
3566 /* XXX pass pktlen */
3567 (void) ieee80211_ratectl_rate(ni, NULL, 0);
3568 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate);
3569 ridx = in->in_ridx[i];
3571 /* This is the index into the programmed table */
3572 tx->initial_rate_index = i;
3573 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
3575 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3576 "%s: start with i=%d, txrate %d\n",
3577 __func__, i, iwm_rates[ridx].rate);
3580 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3581 "%s: frame type=%d txrate %d\n",
3582 __func__, type, iwm_rates[ridx].rate);
3584 rinfo = &iwm_rates[ridx];
3586 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
3589 !! (IWM_RIDX_IS_CCK(ridx))
3592 /* XXX TODO: hard-coded TX antenna? */
3593 rate_flags = 1 << IWM_RATE_MCS_ANT_POS;
3594 if (IWM_RIDX_IS_CCK(ridx))
3595 rate_flags |= IWM_RATE_MCS_CCK_MSK;
3596 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
3603 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
3605 struct ieee80211com *ic = &sc->sc_ic;
3606 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3607 struct iwm_node *in = IWM_NODE(ni);
3608 struct iwm_tx_ring *ring;
3609 struct iwm_tx_data *data;
3610 struct iwm_tfd *desc;
3611 struct iwm_device_cmd *cmd;
3612 struct iwm_tx_cmd *tx;
3613 struct ieee80211_frame *wh;
3614 struct ieee80211_key *k = NULL;
3616 const struct iwm_rate *rinfo;
3619 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
3622 int i, totlen, error, pad;
3624 wh = mtod(m, struct ieee80211_frame *);
3625 hdrlen = ieee80211_anyhdrsize(wh);
3626 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3628 ring = &sc->txq[ac];
3629 desc = &ring->desc[ring->cur];
3630 memset(desc, 0, sizeof(*desc));
3631 data = &ring->data[ring->cur];
3633 /* Fill out iwm_tx_cmd to send to the firmware */
3634 cmd = &ring->cmd[ring->cur];
3635 cmd->hdr.code = IWM_TX_CMD;
3637 cmd->hdr.qid = ring->qid;
3638 cmd->hdr.idx = ring->cur;
3640 tx = (void *)cmd->data;
3641 memset(tx, 0, sizeof(*tx));
3643 rinfo = iwm_tx_fill_cmd(sc, in, m, tx);
3645 /* Encrypt the frame if need be. */
3646 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
3647 /* Retrieve key for TX && do software encryption. */
3648 k = ieee80211_crypto_encap(ni, m);
3653 /* 802.11 header may have moved. */
3654 wh = mtod(m, struct ieee80211_frame *);
3657 if (ieee80211_radiotap_active_vap(vap)) {
3658 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
3661 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
3662 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
3663 tap->wt_rate = rinfo->rate;
3665 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
3666 ieee80211_radiotap_tx(vap, m);
3670 totlen = m->m_pkthdr.len;
3673 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3674 flags |= IWM_TX_CMD_FLG_ACK;
3677 if (type == IEEE80211_FC0_TYPE_DATA
3678 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold)
3679 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3680 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
3683 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3684 type != IEEE80211_FC0_TYPE_DATA)
3685 tx->sta_id = sc->sc_aux_sta.sta_id;
3687 tx->sta_id = IWM_STATION_ID;
3689 if (type == IEEE80211_FC0_TYPE_MGT) {
3690 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3692 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3693 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
3694 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC);
3695 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) {
3696 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3698 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT);
3701 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3705 /* First segment length must be a multiple of 4. */
3706 flags |= IWM_TX_CMD_FLG_MH_PAD;
3707 pad = 4 - (hdrlen & 3);
3711 tx->driver_txop = 0;
3712 tx->next_frame_len = 0;
3714 tx->len = htole16(totlen);
3715 tx->tid_tspec = tid;
3716 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
3718 /* Set physical address of "scratch area". */
3719 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
3720 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
3722 /* Copy 802.11 header in TX command. */
3723 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen);
3725 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
3728 tx->tx_flags |= htole32(flags);
3730 /* Trim 802.11 header. */
3732 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3733 segs, &nsegs, BUS_DMA_NOWAIT);
3735 if (error != EFBIG) {
3736 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3741 /* Too many DMA segments, linearize mbuf. */
3742 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2);
3744 device_printf(sc->sc_dev,
3745 "%s: could not defrag mbuf\n", __func__);
3751 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3752 segs, &nsegs, BUS_DMA_NOWAIT);
3754 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3764 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3765 "sending txd %p, in %p\n", data, data->in);
3766 KASSERT(data->in != NULL, ("node is NULL"));
3768 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3769 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n",
3770 ring->qid, ring->cur, totlen, nsegs,
3771 le32toh(tx->tx_flags),
3772 le32toh(tx->rate_n_flags),
3773 tx->initial_rate_index
3776 /* Fill TX descriptor. */
3777 desc->num_tbs = 2 + nsegs;
3779 desc->tbs[0].lo = htole32(data->cmd_paddr);
3780 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3782 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
3783 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3784 ((sizeof(struct iwm_cmd_header) + sizeof(*tx)
3785 + hdrlen + pad - TB0_SIZE) << 4);
3787 /* Other DMA segments are for data payload. */
3788 for (i = 0; i < nsegs; i++) {
3790 desc->tbs[i+2].lo = htole32(seg->ds_addr);
3791 desc->tbs[i+2].hi_n_len = \
3792 htole16(iwm_get_dma_hi_addr(seg->ds_addr))
3793 | ((seg->ds_len) << 4);
3796 bus_dmamap_sync(ring->data_dmat, data->map,
3797 BUS_DMASYNC_PREWRITE);
3798 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
3799 BUS_DMASYNC_PREWRITE);
3800 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3801 BUS_DMASYNC_PREWRITE);
3804 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
3808 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
3809 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3811 /* Mark TX ring as full if we reach a certain threshold. */
3812 if (++ring->queued > IWM_TX_RING_HIMARK) {
3813 sc->qfullmsk |= 1 << ring->qid;
3820 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3821 const struct ieee80211_bpf_params *params)
3823 struct ieee80211com *ic = ni->ni_ic;
3824 struct iwm_softc *sc = ic->ic_softc;
3827 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3828 "->%s begin\n", __func__);
3830 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
3832 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3833 "<-%s not RUNNING\n", __func__);
3839 if (params == NULL) {
3840 error = iwm_tx(sc, m, ni, 0);
3842 error = iwm_tx(sc, m, ni, 0);
3844 sc->sc_tx_timer = 5;
3855 * Note that there are transports that buffer frames before they reach
3856 * the firmware. This means that after flush_tx_path is called, the
3857 * queue might not be empty. The race-free way to handle this is to:
3858 * 1) set the station as draining
3859 * 2) flush the Tx path
3860 * 3) wait for the transport queues to be empty
3863 iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags)
3866 struct iwm_tx_path_flush_cmd flush_cmd = {
3867 .queues_ctl = htole32(tfd_msk),
3868 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
3871 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags,
3872 sizeof(flush_cmd), &flush_cmd);
3874 device_printf(sc->sc_dev,
3875 "Flushing tx queue failed: %d\n", ret);
3884 iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc,
3885 struct iwm_mvm_add_sta_cmd_v7 *cmd, int *status)
3887 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(*cmd),
3891 /* send station add/update command to firmware */
3893 iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update)
3895 struct iwm_mvm_add_sta_cmd_v7 add_sta_cmd;
3899 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd));
3901 add_sta_cmd.sta_id = IWM_STATION_ID;
3902 add_sta_cmd.mac_id_n_color
3903 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID,
3904 IWM_DEFAULT_COLOR));
3907 for (ac = 0; ac < WME_NUM_AC; ac++) {
3908 add_sta_cmd.tfd_queue_msk |=
3909 htole32(1 << iwm_mvm_ac_to_tx_fifo[ac]);
3911 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid);
3913 add_sta_cmd.add_modify = update ? 1 : 0;
3914 add_sta_cmd.station_flags_msk
3915 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK);
3916 add_sta_cmd.tid_disable_tx = htole16(0xffff);
3918 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX);
3920 status = IWM_ADD_STA_SUCCESS;
3921 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status);
3926 case IWM_ADD_STA_SUCCESS:
3930 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n");
3938 iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in)
3940 return iwm_mvm_sta_send_to_fw(sc, in, 0);
3944 iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in)
3946 return iwm_mvm_sta_send_to_fw(sc, in, 1);
3950 iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta,
3951 const uint8_t *addr, uint16_t mac_id, uint16_t color)
3953 struct iwm_mvm_add_sta_cmd_v7 cmd;
3957 memset(&cmd, 0, sizeof(cmd));
3958 cmd.sta_id = sta->sta_id;
3959 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color));
3961 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk);
3962 cmd.tid_disable_tx = htole16(0xffff);
3965 IEEE80211_ADDR_COPY(cmd.addr, addr);
3967 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status);
3972 case IWM_ADD_STA_SUCCESS:
3973 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
3974 "%s: Internal station added.\n", __func__);
3977 device_printf(sc->sc_dev,
3978 "%s: Add internal station failed, status=0x%x\n",
3987 iwm_mvm_add_aux_sta(struct iwm_softc *sc)
3991 sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID;
3992 sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_MVM_AUX_QUEUE);
3994 ret = iwm_enable_txq(sc, 0, IWM_MVM_AUX_QUEUE, IWM_MVM_TX_FIFO_MCAST);
3998 ret = iwm_mvm_add_int_sta_common(sc,
3999 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0);
4002 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta));
4015 iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in)
4017 struct iwm_time_quota_cmd cmd;
4018 int i, idx, ret, num_active_macs, quota, quota_rem;
4019 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
4020 int n_ifs[IWM_MAX_BINDINGS] = {0, };
4023 memset(&cmd, 0, sizeof(cmd));
4025 /* currently, PHY ID == binding ID */
4027 id = in->in_phyctxt->id;
4028 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
4029 colors[id] = in->in_phyctxt->color;
4036 * The FW's scheduling session consists of
4037 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments
4038 * equally between all the bindings that require quota
4040 num_active_macs = 0;
4041 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
4042 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
4043 num_active_macs += n_ifs[i];
4048 if (num_active_macs) {
4049 quota = IWM_MVM_MAX_QUOTA / num_active_macs;
4050 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs;
4053 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
4057 cmd.quotas[idx].id_and_color =
4058 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
4060 if (n_ifs[i] <= 0) {
4061 cmd.quotas[idx].quota = htole32(0);
4062 cmd.quotas[idx].max_duration = htole32(0);
4064 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
4065 cmd.quotas[idx].max_duration = htole32(0);
4070 /* Give the remainder of the session to the first binding */
4071 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
4073 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
4076 device_printf(sc->sc_dev,
4077 "%s: Failed to send quota: %d\n", __func__, ret);
4086 * ieee80211 routines
4090 * Change to AUTH state in 80211 state machine. Roughly matches what
4091 * Linux does in bss_info_changed().
4094 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
4096 struct ieee80211_node *ni;
4097 struct iwm_node *in;
4098 struct iwm_vap *iv = IWM_VAP(vap);
4103 * XXX i have a feeling that the vap node is being
4104 * freed from underneath us. Grr.
4106 ni = ieee80211_ref_node(vap->iv_bss);
4108 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
4109 "%s: called; vap=%p, bss ni=%p\n",
4116 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON);
4120 error = iwm_allow_mcast(vap, sc);
4122 device_printf(sc->sc_dev,
4123 "%s: failed to set multicast\n", __func__);
4128 * This is where it deviates from what Linux does.
4130 * Linux iwlwifi doesn't reset the nic each time, nor does it
4131 * call ctxt_add() here. Instead, it adds it during vap creation,
4132 * and always does a mac_ctx_changed().
4134 * The openbsd port doesn't attempt to do that - it reset things
4135 * at odd states and does the add here.
4137 * So, until the state handling is fixed (ie, we never reset
4138 * the NIC except for a firmware failure, which should drag
4139 * the NIC back to IDLE, re-setup and re-add all the mac/phy
4140 * contexts that are required), let's do a dirty hack here.
4142 if (iv->is_uploaded) {
4143 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
4144 device_printf(sc->sc_dev,
4145 "%s: failed to update MAC\n", __func__);
4148 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
4149 in->in_ni.ni_chan, 1, 1)) != 0) {
4150 device_printf(sc->sc_dev,
4151 "%s: failed update phy ctxt\n", __func__);
4154 in->in_phyctxt = &sc->sc_phyctxt[0];
4156 if ((error = iwm_mvm_binding_update(sc, in)) != 0) {
4157 device_printf(sc->sc_dev,
4158 "%s: binding update cmd\n", __func__);
4161 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
4162 device_printf(sc->sc_dev,
4163 "%s: failed to update sta\n", __func__);
4167 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) {
4168 device_printf(sc->sc_dev,
4169 "%s: failed to add MAC\n", __func__);
4172 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
4173 in->in_ni.ni_chan, 1, 1)) != 0) {
4174 device_printf(sc->sc_dev,
4175 "%s: failed add phy ctxt!\n", __func__);
4179 in->in_phyctxt = &sc->sc_phyctxt[0];
4181 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) {
4182 device_printf(sc->sc_dev,
4183 "%s: binding add cmd\n", __func__);
4186 if ((error = iwm_mvm_add_sta(sc, in)) != 0) {
4187 device_printf(sc->sc_dev,
4188 "%s: failed to add sta\n", __func__);
4194 * Prevent the FW from wandering off channel during association
4195 * by "protecting" the session with a time event.
4197 /* XXX duration is in units of TU, not MS */
4198 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS;
4199 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */);
4204 ieee80211_free_node(ni);
4209 iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc)
4211 struct iwm_node *in = IWM_NODE(vap->iv_bss);
4214 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
4215 device_printf(sc->sc_dev,
4216 "%s: failed to update STA\n", __func__);
4221 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
4222 device_printf(sc->sc_dev,
4223 "%s: failed to update MAC\n", __func__);
4231 iwm_release(struct iwm_softc *sc, struct iwm_node *in)
4236 * Ok, so *technically* the proper set of calls for going
4237 * from RUN back to SCAN is:
4239 * iwm_mvm_power_mac_disable(sc, in);
4240 * iwm_mvm_mac_ctxt_changed(sc, in);
4241 * iwm_mvm_rm_sta(sc, in);
4242 * iwm_mvm_update_quotas(sc, NULL);
4243 * iwm_mvm_mac_ctxt_changed(sc, in);
4244 * iwm_mvm_binding_remove_vif(sc, in);
4245 * iwm_mvm_mac_ctxt_remove(sc, in);
4247 * However, that freezes the device not matter which permutations
4248 * and modifications are attempted. Obviously, this driver is missing
4249 * something since it works in the Linux driver, but figuring out what
4250 * is missing is a little more complicated. Now, since we're going
4251 * back to nothing anyway, we'll just do a complete device reset.
4252 * Up your's, device!
4255 * Just using 0xf for the queues mask is fine as long as we only
4256 * get here from RUN state.
4259 mbufq_drain(&sc->sc_snd);
4260 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC);
4262 * We seem to get away with just synchronously sending the
4263 * IWM_TXPATH_FLUSH command.
4265 // iwm_trans_wait_tx_queue_empty(sc, tfd_msk);
4266 iwm_stop_device(sc);
4275 iwm_mvm_power_mac_disable(sc, in);
4277 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
4278 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error);
4282 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) {
4283 device_printf(sc->sc_dev, "sta remove fail %d\n", error);
4286 error = iwm_mvm_rm_sta(sc, in);
4288 iwm_mvm_update_quotas(sc, NULL);
4289 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
4290 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error);
4293 iwm_mvm_binding_remove_vif(sc, in);
4295 iwm_mvm_mac_ctxt_remove(sc, in);
4301 static struct ieee80211_node *
4302 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
4304 return malloc(sizeof (struct iwm_node), M_80211_NODE,
4309 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in)
4311 struct ieee80211_node *ni = &in->in_ni;
4312 struct iwm_lq_cmd *lq = &in->in_lq;
4313 int nrates = ni->ni_rates.rs_nrates;
4314 int i, ridx, tab = 0;
4317 if (nrates > nitems(lq->rs_table)) {
4318 device_printf(sc->sc_dev,
4319 "%s: node supports %d rates, driver handles "
4320 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
4324 device_printf(sc->sc_dev,
4325 "%s: node supports 0 rates, odd!\n", __func__);
4330 * XXX .. and most of iwm_node is not initialised explicitly;
4331 * it's all just 0x0 passed to the firmware.
4334 /* first figure out which rates we should support */
4335 /* XXX TODO: this isn't 11n aware /at all/ */
4336 memset(&in->in_ridx, -1, sizeof(in->in_ridx));
4337 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4338 "%s: nrates=%d\n", __func__, nrates);
4341 * Loop over nrates and populate in_ridx from the highest
4342 * rate to the lowest rate. Remember, in_ridx[] has
4343 * IEEE80211_RATE_MAXSIZE entries!
4345 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) {
4346 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL;
4348 /* Map 802.11 rate to HW rate index. */
4349 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++)
4350 if (iwm_rates[ridx].rate == rate)
4352 if (ridx > IWM_RIDX_MAX) {
4353 device_printf(sc->sc_dev,
4354 "%s: WARNING: device rate for %d not found!\n",
4357 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4358 "%s: rate: i: %d, rate=%d, ridx=%d\n",
4363 in->in_ridx[i] = ridx;
4367 /* then construct a lq_cmd based on those */
4368 memset(lq, 0, sizeof(*lq));
4369 lq->sta_id = IWM_STATION_ID;
4371 /* For HT, always enable RTS/CTS to avoid excessive retries. */
4372 if (ni->ni_flags & IEEE80211_NODE_HT)
4373 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK;
4376 * are these used? (we don't do SISO or MIMO)
4377 * need to set them to non-zero, though, or we get an error.
4379 lq->single_stream_ant_msk = 1;
4380 lq->dual_stream_ant_msk = 1;
4383 * Build the actual rate selection table.
4384 * The lowest bits are the rates. Additionally,
4385 * CCK needs bit 9 to be set. The rest of the bits
4386 * we add to the table select the tx antenna
4387 * Note that we add the rates in the highest rate first
4388 * (opposite of ni_rates).
4391 * XXX TODO: this should be looping over the min of nrates
4392 * and LQ_MAX_RETRY_NUM. Sigh.
4394 for (i = 0; i < nrates; i++) {
4399 txant = iwm_mvm_get_valid_tx_ant(sc);
4400 nextant = 1<<(ffs(txant)-1);
4403 nextant = iwm_mvm_get_valid_tx_ant(sc);
4406 * Map the rate id into a rate index into
4407 * our hardware table containing the
4408 * configuration to use for this rate.
4410 ridx = in->in_ridx[i];
4411 tab = iwm_rates[ridx].plcp;
4412 tab |= nextant << IWM_RATE_MCS_ANT_POS;
4413 if (IWM_RIDX_IS_CCK(ridx))
4414 tab |= IWM_RATE_MCS_CCK_MSK;
4415 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4416 "station rate i=%d, rate=%d, hw=%x\n",
4417 i, iwm_rates[ridx].rate, tab);
4418 lq->rs_table[i] = htole32(tab);
4420 /* then fill the rest with the lowest possible rate */
4421 for (i = nrates; i < nitems(lq->rs_table); i++) {
4422 KASSERT(tab != 0, ("invalid tab"));
4423 lq->rs_table[i] = htole32(tab);
4428 iwm_media_change(struct ifnet *ifp)
4430 struct ieee80211vap *vap = ifp->if_softc;
4431 struct ieee80211com *ic = vap->iv_ic;
4432 struct iwm_softc *sc = ic->ic_softc;
4435 error = ieee80211_media_change(ifp);
4436 if (error != ENETRESET)
4440 if (ic->ic_nrunning > 0) {
4450 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
4452 struct iwm_vap *ivp = IWM_VAP(vap);
4453 struct ieee80211com *ic = vap->iv_ic;
4454 struct iwm_softc *sc = ic->ic_softc;
4455 struct iwm_node *in;
4458 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4459 "switching state %s -> %s\n",
4460 ieee80211_state_name[vap->iv_state],
4461 ieee80211_state_name[nstate]);
4462 IEEE80211_UNLOCK(ic);
4465 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state)
4466 iwm_led_blink_stop(sc);
4468 /* disable beacon filtering if we're hopping out of RUN */
4469 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) {
4470 iwm_mvm_disable_beacon_filter(sc);
4472 if (((in = IWM_NODE(vap->iv_bss)) != NULL))
4475 if (nstate == IEEE80211_S_INIT) {
4478 error = ivp->iv_newstate(vap, nstate, arg);
4479 IEEE80211_UNLOCK(ic);
4481 iwm_release(sc, NULL);
4488 * It's impossible to directly go RUN->SCAN. If we iwm_release()
4489 * above then the card will be completely reinitialized,
4490 * so the driver must do everything necessary to bring the card
4491 * from INIT to SCAN.
4493 * Additionally, upon receiving deauth frame from AP,
4494 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH
4495 * state. This will also fail with this driver, so bring the FSM
4496 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well.
4498 * XXX TODO: fix this for FreeBSD!
4500 if (nstate == IEEE80211_S_SCAN ||
4501 nstate == IEEE80211_S_AUTH ||
4502 nstate == IEEE80211_S_ASSOC) {
4503 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4504 "Force transition to INIT; MGT=%d\n", arg);
4507 /* Always pass arg as -1 since we can't Tx right now. */
4509 * XXX arg is just ignored anyway when transitioning
4510 * to IEEE80211_S_INIT.
4512 vap->iv_newstate(vap, IEEE80211_S_INIT, -1);
4513 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4514 "Going INIT->SCAN\n");
4515 nstate = IEEE80211_S_SCAN;
4516 IEEE80211_UNLOCK(ic);
4522 case IEEE80211_S_INIT:
4525 case IEEE80211_S_AUTH:
4526 if ((error = iwm_auth(vap, sc)) != 0) {
4527 device_printf(sc->sc_dev,
4528 "%s: could not move to auth state: %d\n",
4534 case IEEE80211_S_ASSOC:
4535 if ((error = iwm_assoc(vap, sc)) != 0) {
4536 device_printf(sc->sc_dev,
4537 "%s: failed to associate: %d\n", __func__,
4543 case IEEE80211_S_RUN:
4545 struct iwm_host_cmd cmd = {
4547 .len = { sizeof(in->in_lq), },
4548 .flags = IWM_CMD_SYNC,
4551 /* Update the association state, now we have it all */
4552 /* (eg associd comes in at this point */
4553 error = iwm_assoc(vap, sc);
4555 device_printf(sc->sc_dev,
4556 "%s: failed to update association state: %d\n",
4562 in = IWM_NODE(vap->iv_bss);
4563 iwm_mvm_power_mac_update_mode(sc, in);
4564 iwm_mvm_enable_beacon_filter(sc, in);
4565 iwm_mvm_update_quotas(sc, in);
4566 iwm_setrates(sc, in);
4568 cmd.data[0] = &in->in_lq;
4569 if ((error = iwm_send_cmd(sc, &cmd)) != 0) {
4570 device_printf(sc->sc_dev,
4571 "%s: IWM_LQ_CMD failed\n", __func__);
4574 iwm_mvm_led_enable(sc);
4584 return (ivp->iv_newstate(vap, nstate, arg));
4588 iwm_endscan_cb(void *arg, int pending)
4590 struct iwm_softc *sc = arg;
4591 struct ieee80211com *ic = &sc->sc_ic;
4593 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
4597 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
4601 * Aging and idle timeouts for the different possible scenarios
4602 * in default configuration
4604 static const uint32_t
4605 iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4607 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF),
4608 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF)
4611 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF),
4612 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF)
4615 htole32(IWM_SF_MCAST_AGING_TIMER_DEF),
4616 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF)
4619 htole32(IWM_SF_BA_AGING_TIMER_DEF),
4620 htole32(IWM_SF_BA_IDLE_TIMER_DEF)
4623 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF),
4624 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF)
4629 * Aging and idle timeouts for the different possible scenarios
4630 * in single BSS MAC configuration.
4632 static const uint32_t
4633 iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4635 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER),
4636 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER)
4639 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER),
4640 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER)
4643 htole32(IWM_SF_MCAST_AGING_TIMER),
4644 htole32(IWM_SF_MCAST_IDLE_TIMER)
4647 htole32(IWM_SF_BA_AGING_TIMER),
4648 htole32(IWM_SF_BA_IDLE_TIMER)
4651 htole32(IWM_SF_TX_RE_AGING_TIMER),
4652 htole32(IWM_SF_TX_RE_IDLE_TIMER)
4657 iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd,
4658 struct ieee80211_node *ni)
4660 int i, j, watermark;
4662 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN);
4665 * If we are in association flow - check antenna configuration
4666 * capabilities of the AP station, and choose the watermark accordingly.
4669 if (ni->ni_flags & IEEE80211_NODE_HT) {
4671 if (ni->ni_rxmcs[2] != 0)
4672 watermark = IWM_SF_W_MARK_MIMO3;
4673 else if (ni->ni_rxmcs[1] != 0)
4674 watermark = IWM_SF_W_MARK_MIMO2;
4677 watermark = IWM_SF_W_MARK_SISO;
4679 watermark = IWM_SF_W_MARK_LEGACY;
4681 /* default watermark value for unassociated mode. */
4683 watermark = IWM_SF_W_MARK_MIMO2;
4685 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark);
4687 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) {
4688 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) {
4689 sf_cmd->long_delay_timeouts[i][j] =
4690 htole32(IWM_SF_LONG_DELAY_AGING_TIMER);
4695 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout,
4696 sizeof(iwm_sf_full_timeout));
4698 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def,
4699 sizeof(iwm_sf_full_timeout_def));
4704 iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state)
4706 struct ieee80211com *ic = &sc->sc_ic;
4707 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4708 struct iwm_sf_cfg_cmd sf_cmd = {
4709 .state = htole32(IWM_SF_FULL_ON),
4713 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
4714 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF);
4716 switch (new_state) {
4718 case IWM_SF_INIT_OFF:
4719 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL);
4721 case IWM_SF_FULL_ON:
4722 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss);
4725 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE,
4726 "Invalid state: %d. not sending Smart Fifo cmd\n",
4731 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC,
4732 sizeof(sf_cmd), &sf_cmd);
4737 iwm_send_bt_init_conf(struct iwm_softc *sc)
4739 struct iwm_bt_coex_cmd bt_cmd;
4741 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI);
4742 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET);
4744 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd),
4749 iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2)
4751 struct iwm_mcc_update_cmd mcc_cmd;
4752 struct iwm_host_cmd hcmd = {
4753 .id = IWM_MCC_UPDATE_CMD,
4754 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB),
4755 .data = { &mcc_cmd },
4759 struct iwm_rx_packet *pkt;
4760 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL;
4761 struct iwm_mcc_update_resp *mcc_resp;
4765 int resp_v2 = isset(sc->sc_enabled_capa,
4766 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2);
4768 memset(&mcc_cmd, 0, sizeof(mcc_cmd));
4769 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]);
4770 if ((sc->sc_ucode_api & IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) ||
4771 isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC))
4772 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT;
4774 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW;
4777 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd);
4779 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1);
4781 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4782 "send MCC update to FW with '%c%c' src = %d\n",
4783 alpha2[0], alpha2[1], mcc_cmd.source_id);
4785 ret = iwm_send_cmd(sc, &hcmd);
4790 pkt = hcmd.resp_pkt;
4792 /* Extract MCC response */
4794 mcc_resp = (void *)pkt->data;
4795 mcc = mcc_resp->mcc;
4796 n_channels = le32toh(mcc_resp->n_channels);
4798 mcc_resp_v1 = (void *)pkt->data;
4799 mcc = mcc_resp_v1->mcc;
4800 n_channels = le32toh(mcc_resp_v1->n_channels);
4803 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */
4805 mcc = 0x3030; /* "00" - world */
4807 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4808 "regulatory domain '%c%c' (%d channels available)\n",
4809 mcc >> 8, mcc & 0xff, n_channels);
4811 iwm_free_resp(sc, &hcmd);
4817 iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff)
4819 struct iwm_host_cmd cmd = {
4820 .id = IWM_REPLY_THERMAL_MNG_BACKOFF,
4821 .len = { sizeof(uint32_t), },
4822 .data = { &backoff, },
4825 if (iwm_send_cmd(sc, &cmd) != 0) {
4826 device_printf(sc->sc_dev,
4827 "failed to change thermal tx backoff\n");
4832 iwm_init_hw(struct iwm_softc *sc)
4834 struct ieee80211com *ic = &sc->sc_ic;
4837 if ((error = iwm_start_hw(sc)) != 0) {
4838 printf("iwm_start_hw: failed %d\n", error);
4842 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) {
4843 printf("iwm_run_init_mvm_ucode: failed %d\n", error);
4848 * should stop and start HW since that INIT
4851 iwm_stop_device(sc);
4852 if ((error = iwm_start_hw(sc)) != 0) {
4853 device_printf(sc->sc_dev, "could not initialize hardware\n");
4857 /* omstart, this time with the regular firmware */
4858 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR);
4860 device_printf(sc->sc_dev, "could not load firmware\n");
4864 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
4865 device_printf(sc->sc_dev, "bt init conf failed\n");
4869 error = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc));
4871 device_printf(sc->sc_dev, "antenna config failed\n");
4875 /* Send phy db control command and then phy db calibration */
4876 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0)
4879 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) {
4880 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n");
4884 /* Add auxiliary station for scanning */
4885 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) {
4886 device_printf(sc->sc_dev, "add_aux_sta failed\n");
4890 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
4892 * The channel used here isn't relevant as it's
4893 * going to be overwritten in the other flows.
4894 * For now use the first channel we have.
4896 if ((error = iwm_mvm_phy_ctxt_add(sc,
4897 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
4901 /* Initialize tx backoffs to the minimum. */
4902 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
4903 iwm_mvm_tt_tx_backoff(sc, 0);
4905 error = iwm_mvm_power_update_device(sc);
4909 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) {
4910 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0)
4914 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) {
4915 if ((error = iwm_mvm_config_umac_scan(sc)) != 0)
4919 /* Enable Tx queues. */
4920 for (ac = 0; ac < WME_NUM_AC; ac++) {
4921 error = iwm_enable_txq(sc, IWM_STATION_ID, ac,
4922 iwm_mvm_ac_to_tx_fifo[ac]);
4927 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) {
4928 device_printf(sc->sc_dev, "failed to disable beacon filter\n");
4935 iwm_stop_device(sc);
4939 /* Allow multicast from our BSSID. */
4941 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
4943 struct ieee80211_node *ni = vap->iv_bss;
4944 struct iwm_mcast_filter_cmd *cmd;
4948 size = roundup(sizeof(*cmd), 4);
4949 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
4952 cmd->filter_own = 1;
4956 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
4958 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
4959 IWM_CMD_SYNC, size, cmd);
4960 free(cmd, M_DEVBUF);
4970 iwm_init(struct iwm_softc *sc)
4974 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
4977 sc->sc_generation++;
4978 sc->sc_flags &= ~IWM_FLAG_STOPPED;
4980 if ((error = iwm_init_hw(sc)) != 0) {
4981 printf("iwm_init_hw failed %d\n", error);
4987 * Ok, firmware loaded and we are jogging
4989 sc->sc_flags |= IWM_FLAG_HW_INITED;
4990 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4994 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
4996 struct iwm_softc *sc;
5002 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
5006 error = mbufq_enqueue(&sc->sc_snd, m);
5017 * Dequeue packets from sendq and call send.
5020 iwm_start(struct iwm_softc *sc)
5022 struct ieee80211_node *ni;
5026 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
5027 while (sc->qfullmsk == 0 &&
5028 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
5029 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
5030 if (iwm_tx(sc, m, ni, ac) != 0) {
5031 if_inc_counter(ni->ni_vap->iv_ifp,
5032 IFCOUNTER_OERRORS, 1);
5033 ieee80211_free_node(ni);
5036 sc->sc_tx_timer = 15;
5038 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
5042 iwm_stop(struct iwm_softc *sc)
5045 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
5046 sc->sc_flags |= IWM_FLAG_STOPPED;
5047 sc->sc_generation++;
5048 iwm_led_blink_stop(sc);
5049 sc->sc_tx_timer = 0;
5050 iwm_stop_device(sc);
5051 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5055 iwm_watchdog(void *arg)
5057 struct iwm_softc *sc = arg;
5058 struct ieee80211com *ic = &sc->sc_ic;
5060 if (sc->sc_tx_timer > 0) {
5061 if (--sc->sc_tx_timer == 0) {
5062 device_printf(sc->sc_dev, "device timeout\n");
5066 ieee80211_restart_all(ic);
5067 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
5071 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
5075 iwm_parent(struct ieee80211com *ic)
5077 struct iwm_softc *sc = ic->ic_softc;
5081 if (ic->ic_nrunning > 0) {
5082 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
5086 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
5090 ieee80211_start_all(ic);
5094 * The interrupt side of things
5098 * error dumping routines are from iwlwifi/mvm/utils.c
5102 * Note: This structure is read from the device with IO accesses,
5103 * and the reading already does the endian conversion. As it is
5104 * read with uint32_t-sized accesses, any members with a different size
5105 * need to be ordered correctly though!
5107 struct iwm_error_event_table {
5108 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5109 uint32_t error_id; /* type of error */
5110 uint32_t trm_hw_status0; /* TRM HW status */
5111 uint32_t trm_hw_status1; /* TRM HW status */
5112 uint32_t blink2; /* branch link */
5113 uint32_t ilink1; /* interrupt link */
5114 uint32_t ilink2; /* interrupt link */
5115 uint32_t data1; /* error-specific data */
5116 uint32_t data2; /* error-specific data */
5117 uint32_t data3; /* error-specific data */
5118 uint32_t bcon_time; /* beacon timer */
5119 uint32_t tsf_low; /* network timestamp function timer */
5120 uint32_t tsf_hi; /* network timestamp function timer */
5121 uint32_t gp1; /* GP1 timer register */
5122 uint32_t gp2; /* GP2 timer register */
5123 uint32_t fw_rev_type; /* firmware revision type */
5124 uint32_t major; /* uCode version major */
5125 uint32_t minor; /* uCode version minor */
5126 uint32_t hw_ver; /* HW Silicon version */
5127 uint32_t brd_ver; /* HW board version */
5128 uint32_t log_pc; /* log program counter */
5129 uint32_t frame_ptr; /* frame pointer */
5130 uint32_t stack_ptr; /* stack pointer */
5131 uint32_t hcmd; /* last host command header */
5132 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
5134 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
5136 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
5138 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
5140 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
5142 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */
5143 uint32_t wait_event; /* wait event() caller address */
5144 uint32_t l2p_control; /* L2pControlField */
5145 uint32_t l2p_duration; /* L2pDurationField */
5146 uint32_t l2p_mhvalid; /* L2pMhValidBits */
5147 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
5148 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
5150 uint32_t u_timestamp; /* indicate when the date and time of the
5152 uint32_t flow_handler; /* FH read/write pointers, RX credit */
5153 } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */;
5156 * UMAC error struct - relevant starting from family 8000 chip.
5157 * Note: This structure is read from the device with IO accesses,
5158 * and the reading already does the endian conversion. As it is
5159 * read with u32-sized accesses, any members with a different size
5160 * need to be ordered correctly though!
5162 struct iwm_umac_error_event_table {
5163 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5164 uint32_t error_id; /* type of error */
5165 uint32_t blink1; /* branch link */
5166 uint32_t blink2; /* branch link */
5167 uint32_t ilink1; /* interrupt link */
5168 uint32_t ilink2; /* interrupt link */
5169 uint32_t data1; /* error-specific data */
5170 uint32_t data2; /* error-specific data */
5171 uint32_t data3; /* error-specific data */
5172 uint32_t umac_major;
5173 uint32_t umac_minor;
5174 uint32_t frame_pointer; /* core register 27*/
5175 uint32_t stack_pointer; /* core register 28 */
5176 uint32_t cmd_header; /* latest host cmd sent to UMAC */
5177 uint32_t nic_isr_pref; /* ISR status register */
5180 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
5181 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
5187 } advanced_lookup[] = {
5188 { "NMI_INTERRUPT_WDG", 0x34 },
5189 { "SYSASSERT", 0x35 },
5190 { "UCODE_VERSION_MISMATCH", 0x37 },
5191 { "BAD_COMMAND", 0x38 },
5192 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
5193 { "FATAL_ERROR", 0x3D },
5194 { "NMI_TRM_HW_ERR", 0x46 },
5195 { "NMI_INTERRUPT_TRM", 0x4C },
5196 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
5197 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
5198 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
5199 { "NMI_INTERRUPT_HOST", 0x66 },
5200 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
5201 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
5202 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
5203 { "ADVANCED_SYSASSERT", 0 },
5207 iwm_desc_lookup(uint32_t num)
5211 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
5212 if (advanced_lookup[i].num == num)
5213 return advanced_lookup[i].name;
5215 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
5216 return advanced_lookup[i].name;
5220 iwm_nic_umac_error(struct iwm_softc *sc)
5222 struct iwm_umac_error_event_table table;
5225 base = sc->umac_error_event_table;
5227 if (base < 0x800000) {
5228 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n",
5233 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5234 device_printf(sc->sc_dev, "reading errlog failed\n");
5238 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5239 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n");
5240 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5241 sc->sc_flags, table.valid);
5244 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id,
5245 iwm_desc_lookup(table.error_id));
5246 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1);
5247 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2);
5248 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n",
5250 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n",
5252 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1);
5253 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2);
5254 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3);
5255 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major);
5256 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor);
5257 device_printf(sc->sc_dev, "0x%08X | frame pointer\n",
5258 table.frame_pointer);
5259 device_printf(sc->sc_dev, "0x%08X | stack pointer\n",
5260 table.stack_pointer);
5261 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header);
5262 device_printf(sc->sc_dev, "0x%08X | isr status reg\n",
5263 table.nic_isr_pref);
5267 * Support for dumping the error log seemed like a good idea ...
5268 * but it's mostly hex junk and the only sensible thing is the
5269 * hw/ucode revision (which we know anyway). Since it's here,
5270 * I'll just leave it in, just in case e.g. the Intel guys want to
5271 * help us decipher some "ADVANCED_SYSASSERT" later.
5274 iwm_nic_error(struct iwm_softc *sc)
5276 struct iwm_error_event_table table;
5279 device_printf(sc->sc_dev, "dumping device error log\n");
5280 base = sc->error_event_table;
5281 if (base < 0x800000) {
5282 device_printf(sc->sc_dev,
5283 "Invalid error log pointer 0x%08x\n", base);
5287 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5288 device_printf(sc->sc_dev, "reading errlog failed\n");
5293 device_printf(sc->sc_dev, "errlog not found, skipping\n");
5297 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5298 device_printf(sc->sc_dev, "Start Error Log Dump:\n");
5299 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5300 sc->sc_flags, table.valid);
5303 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
5304 iwm_desc_lookup(table.error_id));
5305 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n",
5306 table.trm_hw_status0);
5307 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n",
5308 table.trm_hw_status1);
5309 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
5310 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
5311 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
5312 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
5313 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
5314 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
5315 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
5316 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
5317 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
5318 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
5319 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
5320 device_printf(sc->sc_dev, "%08X | uCode revision type\n",
5322 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major);
5323 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor);
5324 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
5325 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
5326 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
5327 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
5328 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
5329 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
5330 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
5331 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
5332 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id);
5333 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
5334 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
5335 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
5336 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
5337 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
5338 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
5339 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
5340 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
5342 if (sc->umac_error_event_table)
5343 iwm_nic_umac_error(sc);
5347 #define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT);
5350 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
5351 * Basic structure from if_iwn
5354 iwm_notif_intr(struct iwm_softc *sc)
5356 struct ieee80211com *ic = &sc->sc_ic;
5359 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
5360 BUS_DMASYNC_POSTREAD);
5362 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
5367 while (sc->rxq.cur != hw) {
5368 struct iwm_rx_ring *ring = &sc->rxq;
5369 struct iwm_rx_data *data = &ring->data[ring->cur];
5370 struct iwm_rx_packet *pkt;
5371 struct iwm_cmd_response *cresp;
5374 bus_dmamap_sync(ring->data_dmat, data->map,
5375 BUS_DMASYNC_POSTREAD);
5376 pkt = mtod(data->m, struct iwm_rx_packet *);
5378 qid = pkt->hdr.qid & ~0x80;
5381 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code);
5382 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5383 "rx packet qid=%d idx=%d type=%x %d %d\n",
5384 pkt->hdr.qid & ~0x80, pkt->hdr.idx, code, ring->cur, hw);
5387 * randomly get these from the firmware, no idea why.
5388 * they at least seem harmless, so just ignore them for now
5390 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0)
5391 || pkt->len_n_flags == htole32(0x55550000))) {
5396 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt);
5399 case IWM_REPLY_RX_PHY_CMD:
5400 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data);
5403 case IWM_REPLY_RX_MPDU_CMD:
5404 iwm_mvm_rx_rx_mpdu(sc, data->m);
5408 iwm_mvm_rx_tx_cmd(sc, pkt, data);
5411 case IWM_MISSED_BEACONS_NOTIFICATION: {
5412 struct iwm_missed_beacons_notif *resp;
5415 /* XXX look at mac_id to determine interface ID */
5416 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5418 resp = (void *)pkt->data;
5419 missed = le32toh(resp->consec_missed_beacons);
5421 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
5422 "%s: MISSED_BEACON: mac_id=%d, "
5423 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
5426 le32toh(resp->mac_id),
5427 le32toh(resp->consec_missed_beacons_since_last_rx),
5428 le32toh(resp->consec_missed_beacons),
5429 le32toh(resp->num_expected_beacons),
5430 le32toh(resp->num_recvd_beacons));
5436 /* XXX no net80211 locking? */
5437 if (vap->iv_state == IEEE80211_S_RUN &&
5438 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
5439 if (missed > vap->iv_bmissthreshold) {
5440 /* XXX bad locking; turn into task */
5442 ieee80211_beacon_miss(ic);
5450 case IWM_MFUART_LOAD_NOTIFICATION:
5456 case IWM_CALIB_RES_NOTIF_PHY_DB:
5459 case IWM_STATISTICS_NOTIFICATION: {
5460 struct iwm_notif_statistics *stats;
5461 stats = (void *)pkt->data;
5462 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
5463 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general);
5467 case IWM_NVM_ACCESS_CMD:
5468 case IWM_MCC_UPDATE_CMD:
5469 if (sc->sc_wantresp == ((qid << 16) | idx)) {
5470 memcpy(sc->sc_cmd_resp,
5471 pkt, sizeof(sc->sc_cmd_resp));
5475 case IWM_MCC_CHUB_UPDATE_CMD: {
5476 struct iwm_mcc_chub_notif *notif;
5477 notif = (void *)pkt->data;
5479 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8;
5480 sc->sc_fw_mcc[1] = notif->mcc & 0xff;
5481 sc->sc_fw_mcc[2] = '\0';
5482 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
5483 "fw source %d sent CC '%s'\n",
5484 notif->source_id, sc->sc_fw_mcc);
5488 case IWM_DTS_MEASUREMENT_NOTIFICATION:
5489 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP,
5490 IWM_DTS_MEASUREMENT_NOTIF_WIDE): {
5491 struct iwm_dts_measurement_notif_v1 *notif;
5493 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) {
5494 device_printf(sc->sc_dev,
5495 "Invalid DTS_MEASUREMENT_NOTIFICATION\n");
5498 notif = (void *)pkt->data;
5499 IWM_DPRINTF(sc, IWM_DEBUG_TEMP,
5500 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n",
5505 case IWM_PHY_CONFIGURATION_CMD:
5506 case IWM_TX_ANT_CONFIGURATION_CMD:
5508 case IWM_MAC_CONTEXT_CMD:
5509 case IWM_REPLY_SF_CFG_CMD:
5510 case IWM_POWER_TABLE_CMD:
5511 case IWM_PHY_CONTEXT_CMD:
5512 case IWM_BINDING_CONTEXT_CMD:
5513 case IWM_TIME_EVENT_CMD:
5514 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD):
5515 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC):
5516 case IWM_SCAN_ABORT_UMAC:
5517 case IWM_SCAN_OFFLOAD_REQUEST_CMD:
5518 case IWM_SCAN_OFFLOAD_ABORT_CMD:
5519 case IWM_REPLY_BEACON_FILTERING_CMD:
5520 case IWM_MAC_PM_POWER_TABLE:
5521 case IWM_TIME_QUOTA_CMD:
5522 case IWM_REMOVE_STA:
5523 case IWM_TXPATH_FLUSH:
5525 case IWM_FW_PAGING_BLOCK_CMD:
5527 case IWM_REPLY_THERMAL_MNG_BACKOFF:
5528 cresp = (void *)pkt->data;
5529 if (sc->sc_wantresp == ((qid << 16) | idx)) {
5530 memcpy(sc->sc_cmd_resp,
5531 pkt, sizeof(*pkt)+sizeof(*cresp));
5536 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */
5539 case IWM_INIT_COMPLETE_NOTIF:
5542 case IWM_SCAN_OFFLOAD_COMPLETE: {
5543 struct iwm_periodic_scan_complete *notif;
5544 notif = (void *)pkt->data;
5545 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5546 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5547 ieee80211_runtask(ic, &sc->sc_es_task);
5552 case IWM_SCAN_ITERATION_COMPLETE: {
5553 struct iwm_lmac_scan_complete_notif *notif;
5554 notif = (void *)pkt->data;
5555 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task);
5559 case IWM_SCAN_COMPLETE_UMAC: {
5560 struct iwm_umac_scan_complete *notif;
5561 notif = (void *)pkt->data;
5563 IWM_DPRINTF(sc, IWM_DEBUG_SCAN,
5564 "UMAC scan complete, status=0x%x\n",
5566 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5567 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5568 ieee80211_runtask(ic, &sc->sc_es_task);
5573 case IWM_SCAN_ITERATION_COMPLETE_UMAC: {
5574 struct iwm_umac_scan_iter_complete_notif *notif;
5575 notif = (void *)pkt->data;
5577 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration "
5578 "complete, status=0x%x, %d channels scanned\n",
5579 notif->status, notif->scanned_channels);
5580 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task);
5584 case IWM_REPLY_ERROR: {
5585 struct iwm_error_resp *resp;
5586 resp = (void *)pkt->data;
5588 device_printf(sc->sc_dev,
5589 "firmware error 0x%x, cmd 0x%x\n",
5590 le32toh(resp->error_type),
5595 case IWM_TIME_EVENT_NOTIFICATION: {
5596 struct iwm_time_event_notif *notif;
5597 notif = (void *)pkt->data;
5599 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5600 "TE notif status = 0x%x action = 0x%x\n",
5601 notif->status, notif->action);
5605 case IWM_MCAST_FILTER_CMD:
5608 case IWM_SCD_QUEUE_CFG: {
5609 struct iwm_scd_txq_cfg_rsp *rsp;
5610 rsp = (void *)pkt->data;
5612 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
5613 "queue cfg token=0x%x sta_id=%d "
5614 "tid=%d scd_queue=%d\n",
5615 rsp->token, rsp->sta_id, rsp->tid,
5621 device_printf(sc->sc_dev,
5622 "frame %d/%d %x UNHANDLED (this should "
5623 "not happen)\n", qid, idx,
5629 * Why test bit 0x80? The Linux driver:
5631 * There is one exception: uCode sets bit 15 when it
5632 * originates the response/notification, i.e. when the
5633 * response/notification is not a direct response to a
5634 * command sent by the driver. For example, uCode issues
5635 * IWM_REPLY_RX when it sends a received frame to the driver;
5636 * it is not a direct response to any driver command.
5638 * Ok, so since when is 7 == 15? Well, the Linux driver
5639 * uses a slightly different format for pkt->hdr, and "qid"
5640 * is actually the upper byte of a two-byte field.
5642 if (!(pkt->hdr.qid & (1 << 7))) {
5643 iwm_cmd_done(sc, pkt);
5650 * Tell the firmware what we have processed.
5651 * Seems like the hardware gets upset unless we align
5654 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1;
5655 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7);
5661 struct iwm_softc *sc = arg;
5667 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
5669 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
5670 uint32_t *ict = sc->ict_dma.vaddr;
5673 tmp = htole32(ict[sc->ict_cur]);
5678 * ok, there was something. keep plowing until we have all.
5683 ict[sc->ict_cur] = 0;
5684 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
5685 tmp = htole32(ict[sc->ict_cur]);
5688 /* this is where the fun begins. don't ask */
5689 if (r1 == 0xffffffff)
5692 /* i am not expected to understand this */
5695 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
5697 r1 = IWM_READ(sc, IWM_CSR_INT);
5698 /* "hardware gone" (where, fishing?) */
5699 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
5701 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
5703 if (r1 == 0 && r2 == 0) {
5707 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
5709 /* Safely ignore these bits for debug checks below */
5710 r1 &= ~(IWM_CSR_INT_BIT_ALIVE | IWM_CSR_INT_BIT_SCD);
5712 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
5714 struct ieee80211com *ic = &sc->sc_ic;
5715 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5720 /* Dump driver status (TX and RX rings) while we're here. */
5721 device_printf(sc->sc_dev, "driver status:\n");
5722 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) {
5723 struct iwm_tx_ring *ring = &sc->txq[i];
5724 device_printf(sc->sc_dev,
5725 " tx ring %2d: qid=%-2d cur=%-3d "
5727 i, ring->qid, ring->cur, ring->queued);
5729 device_printf(sc->sc_dev,
5730 " rx ring: cur=%d\n", sc->rxq.cur);
5731 device_printf(sc->sc_dev,
5732 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state);
5734 /* Don't stop the device; just do a VAP restart */
5738 printf("%s: null vap\n", __func__);
5742 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; "
5743 "restarting\n", __func__, vap->iv_state);
5745 /* XXX TODO: turn this into a callout/taskqueue */
5746 ieee80211_restart_all(ic);
5750 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
5751 handled |= IWM_CSR_INT_BIT_HW_ERR;
5752 device_printf(sc->sc_dev, "hardware error, stopping device\n");
5758 /* firmware chunk loaded */
5759 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
5760 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
5761 handled |= IWM_CSR_INT_BIT_FH_TX;
5762 sc->sc_fw_chunk_done = 1;
5766 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
5767 handled |= IWM_CSR_INT_BIT_RF_KILL;
5768 if (iwm_check_rfkill(sc)) {
5769 device_printf(sc->sc_dev,
5770 "%s: rfkill switch, disabling interface\n",
5777 * The Linux driver uses periodic interrupts to avoid races.
5778 * We cargo-cult like it's going out of fashion.
5780 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
5781 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
5782 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
5783 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
5785 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
5789 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
5790 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
5791 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
5795 /* enable periodic interrupt, see above */
5796 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
5797 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
5798 IWM_CSR_INT_PERIODIC_ENA);
5801 if (__predict_false(r1 & ~handled))
5802 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5803 "%s: unhandled interrupts: %x\n", __func__, r1);
5807 iwm_restore_interrupts(sc);
5814 * Autoconf glue-sniffing
5816 #define PCI_VENDOR_INTEL 0x8086
5817 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
5818 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
5819 #define PCI_PRODUCT_INTEL_WL_3165_1 0x3165
5820 #define PCI_PRODUCT_INTEL_WL_3165_2 0x3166
5821 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
5822 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
5823 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
5824 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
5825 #define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3
5826 #define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4
5828 static const struct iwm_devices {
5830 const struct iwm_cfg *cfg;
5832 { PCI_PRODUCT_INTEL_WL_3160_1, &iwm3160_cfg },
5833 { PCI_PRODUCT_INTEL_WL_3160_2, &iwm3160_cfg },
5834 { PCI_PRODUCT_INTEL_WL_3165_1, &iwm3165_cfg },
5835 { PCI_PRODUCT_INTEL_WL_3165_2, &iwm3165_cfg },
5836 { PCI_PRODUCT_INTEL_WL_7260_1, &iwm7260_cfg },
5837 { PCI_PRODUCT_INTEL_WL_7260_2, &iwm7260_cfg },
5838 { PCI_PRODUCT_INTEL_WL_7265_1, &iwm7265_cfg },
5839 { PCI_PRODUCT_INTEL_WL_7265_2, &iwm7265_cfg },
5840 { PCI_PRODUCT_INTEL_WL_8260_1, &iwm8260_cfg },
5841 { PCI_PRODUCT_INTEL_WL_8260_2, &iwm8260_cfg },
5845 iwm_probe(device_t dev)
5849 for (i = 0; i < nitems(iwm_devices); i++) {
5850 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
5851 pci_get_device(dev) == iwm_devices[i].device) {
5852 device_set_desc(dev, iwm_devices[i].cfg->name);
5853 return (BUS_PROBE_DEFAULT);
5861 iwm_dev_check(device_t dev)
5863 struct iwm_softc *sc;
5867 sc = device_get_softc(dev);
5869 devid = pci_get_device(dev);
5870 for (i = 0; i < nitems(iwm_devices); i++) {
5871 if (iwm_devices[i].device == devid) {
5872 sc->cfg = iwm_devices[i].cfg;
5876 device_printf(dev, "unknown adapter type\n");
5881 #define PCI_CFG_RETRY_TIMEOUT 0x041
5884 iwm_pci_attach(device_t dev)
5886 struct iwm_softc *sc;
5887 int count, error, rid;
5890 sc = device_get_softc(dev);
5892 /* We disable the RETRY_TIMEOUT register (0x41) to keep
5893 * PCI Tx retries from interfering with C3 CPU state */
5894 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
5896 /* Enable bus-mastering and hardware bug workaround. */
5897 pci_enable_busmaster(dev);
5898 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
5900 if (reg & PCIM_STATUS_INTxSTATE) {
5901 reg &= ~PCIM_STATUS_INTxSTATE;
5903 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
5906 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
5908 if (sc->sc_mem == NULL) {
5909 device_printf(sc->sc_dev, "can't map mem space\n");
5912 sc->sc_st = rman_get_bustag(sc->sc_mem);
5913 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
5915 /* Install interrupt handler. */
5918 if (pci_alloc_msi(dev, &count) == 0)
5920 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
5921 (rid != 0 ? 0 : RF_SHAREABLE));
5922 if (sc->sc_irq == NULL) {
5923 device_printf(dev, "can't map interrupt\n");
5926 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
5927 NULL, iwm_intr, sc, &sc->sc_ih);
5928 if (sc->sc_ih == NULL) {
5929 device_printf(dev, "can't establish interrupt");
5932 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
5938 iwm_pci_detach(device_t dev)
5940 struct iwm_softc *sc = device_get_softc(dev);
5942 if (sc->sc_irq != NULL) {
5943 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
5944 bus_release_resource(dev, SYS_RES_IRQ,
5945 rman_get_rid(sc->sc_irq), sc->sc_irq);
5946 pci_release_msi(dev);
5948 if (sc->sc_mem != NULL)
5949 bus_release_resource(dev, SYS_RES_MEMORY,
5950 rman_get_rid(sc->sc_mem), sc->sc_mem);
5956 iwm_attach(device_t dev)
5958 struct iwm_softc *sc = device_get_softc(dev);
5959 struct ieee80211com *ic = &sc->sc_ic;
5964 sc->sc_attached = 1;
5966 mbufq_init(&sc->sc_snd, ifqmaxlen);
5967 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
5968 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0);
5969 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
5971 sc->sc_notif_wait = iwm_notification_wait_init(sc);
5972 if (sc->sc_notif_wait == NULL) {
5973 device_printf(dev, "failed to init notification wait struct\n");
5978 sc->sc_phy_db = iwm_phy_db_init(sc);
5979 if (!sc->sc_phy_db) {
5980 device_printf(dev, "Cannot init phy_db\n");
5985 error = iwm_pci_attach(dev);
5989 sc->sc_wantresp = -1;
5991 /* Check device type */
5992 error = iwm_dev_check(dev);
5996 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
5998 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have
5999 * changed, and now the revision step also includes bit 0-1 (no more
6000 * "dash" value). To keep hw_rev backwards compatible - we'll store it
6001 * in the old format.
6003 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000)
6004 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) |
6005 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2);
6007 if (iwm_prepare_card_hw(sc) != 0) {
6008 device_printf(dev, "could not initialize hardware\n");
6012 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) {
6017 * In order to recognize C step the driver should read the
6018 * chip version id located at the AUX bus MISC address.
6020 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
6021 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
6024 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
6025 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6026 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6029 device_printf(sc->sc_dev,
6030 "Failed to wake up the nic\n");
6034 if (iwm_nic_lock(sc)) {
6035 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG);
6036 hw_step |= IWM_ENABLE_WFPM;
6037 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step);
6038 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG);
6039 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF;
6041 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) |
6042 (IWM_SILICON_C_STEP << 2);
6045 device_printf(sc->sc_dev, "Failed to lock the nic\n");
6050 /* special-case 7265D, it has the same PCI IDs. */
6051 if (sc->cfg == &iwm7265_cfg &&
6052 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) {
6053 sc->cfg = &iwm7265d_cfg;
6056 /* Allocate DMA memory for firmware transfers. */
6057 if ((error = iwm_alloc_fwmem(sc)) != 0) {
6058 device_printf(dev, "could not allocate memory for firmware\n");
6062 /* Allocate "Keep Warm" page. */
6063 if ((error = iwm_alloc_kw(sc)) != 0) {
6064 device_printf(dev, "could not allocate keep warm page\n");
6068 /* We use ICT interrupts */
6069 if ((error = iwm_alloc_ict(sc)) != 0) {
6070 device_printf(dev, "could not allocate ICT table\n");
6074 /* Allocate TX scheduler "rings". */
6075 if ((error = iwm_alloc_sched(sc)) != 0) {
6076 device_printf(dev, "could not allocate TX scheduler rings\n");
6080 /* Allocate TX rings */
6081 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
6082 if ((error = iwm_alloc_tx_ring(sc,
6083 &sc->txq[txq_i], txq_i)) != 0) {
6085 "could not allocate TX ring %d\n",
6091 /* Allocate RX ring. */
6092 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
6093 device_printf(dev, "could not allocate RX ring\n");
6097 /* Clear pending interrupts. */
6098 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
6101 ic->ic_name = device_get_nameunit(sc->sc_dev);
6102 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
6103 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
6105 /* Set device capabilities. */
6108 IEEE80211_C_WPA | /* WPA/RSN */
6110 IEEE80211_C_SHSLOT | /* short slot time supported */
6111 IEEE80211_C_SHPREAMBLE /* short preamble supported */
6112 // IEEE80211_C_BGSCAN /* capable of bg scanning */
6114 /* Advertise full-offload scanning */
6115 ic->ic_flags_ext = IEEE80211_FEXT_SCAN_OFFLOAD;
6116 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
6117 sc->sc_phyctxt[i].id = i;
6118 sc->sc_phyctxt[i].color = 0;
6119 sc->sc_phyctxt[i].ref = 0;
6120 sc->sc_phyctxt[i].channel = NULL;
6123 /* Default noise floor */
6127 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
6129 sc->sc_preinit_hook.ich_func = iwm_preinit;
6130 sc->sc_preinit_hook.ich_arg = sc;
6131 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
6132 device_printf(dev, "config_intrhook_establish failed\n");
6137 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
6138 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
6139 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
6142 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6143 "<-%s\n", __func__);
6147 /* Free allocated memory if something failed during attachment. */
6149 iwm_detach_local(sc, 0);
6155 iwm_is_valid_ether_addr(uint8_t *addr)
6157 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 };
6159 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr))
6166 iwm_update_edca(struct ieee80211com *ic)
6168 struct iwm_softc *sc = ic->ic_softc;
6170 device_printf(sc->sc_dev, "%s: called\n", __func__);
6175 iwm_preinit(void *arg)
6177 struct iwm_softc *sc = arg;
6178 device_t dev = sc->sc_dev;
6179 struct ieee80211com *ic = &sc->sc_ic;
6182 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6183 "->%s\n", __func__);
6186 if ((error = iwm_start_hw(sc)) != 0) {
6187 device_printf(dev, "could not initialize hardware\n");
6192 error = iwm_run_init_mvm_ucode(sc, 1);
6193 iwm_stop_device(sc);
6199 "hw rev 0x%x, fw ver %s, address %s\n",
6200 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
6201 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr));
6203 /* not all hardware can do 5GHz band */
6204 if (!sc->nvm_data->sku_cap_band_52GHz_enable)
6205 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
6206 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
6209 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
6213 * At this point we've committed - if we fail to do setup,
6214 * we now also have to tear down the net80211 state.
6216 ieee80211_ifattach(ic);
6217 ic->ic_vap_create = iwm_vap_create;
6218 ic->ic_vap_delete = iwm_vap_delete;
6219 ic->ic_raw_xmit = iwm_raw_xmit;
6220 ic->ic_node_alloc = iwm_node_alloc;
6221 ic->ic_scan_start = iwm_scan_start;
6222 ic->ic_scan_end = iwm_scan_end;
6223 ic->ic_update_mcast = iwm_update_mcast;
6224 ic->ic_getradiocaps = iwm_init_channel_map;
6225 ic->ic_set_channel = iwm_set_channel;
6226 ic->ic_scan_curchan = iwm_scan_curchan;
6227 ic->ic_scan_mindwell = iwm_scan_mindwell;
6228 ic->ic_wme.wme_update = iwm_update_edca;
6229 ic->ic_parent = iwm_parent;
6230 ic->ic_transmit = iwm_transmit;
6231 iwm_radiotap_attach(sc);
6233 ieee80211_announce(ic);
6235 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6236 "<-%s\n", __func__);
6237 config_intrhook_disestablish(&sc->sc_preinit_hook);
6241 config_intrhook_disestablish(&sc->sc_preinit_hook);
6242 iwm_detach_local(sc, 0);
6246 * Attach the interface to 802.11 radiotap.
6249 iwm_radiotap_attach(struct iwm_softc *sc)
6251 struct ieee80211com *ic = &sc->sc_ic;
6253 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6254 "->%s begin\n", __func__);
6255 ieee80211_radiotap_attach(ic,
6256 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
6257 IWM_TX_RADIOTAP_PRESENT,
6258 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
6259 IWM_RX_RADIOTAP_PRESENT);
6260 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6261 "->%s end\n", __func__);
6264 static struct ieee80211vap *
6265 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
6266 enum ieee80211_opmode opmode, int flags,
6267 const uint8_t bssid[IEEE80211_ADDR_LEN],
6268 const uint8_t mac[IEEE80211_ADDR_LEN])
6270 struct iwm_vap *ivp;
6271 struct ieee80211vap *vap;
6273 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
6275 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO);
6277 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
6278 vap->iv_bmissthreshold = 10; /* override default */
6279 /* Override with driver methods. */
6280 ivp->iv_newstate = vap->iv_newstate;
6281 vap->iv_newstate = iwm_newstate;
6283 ieee80211_ratectl_init(vap);
6284 /* Complete setup. */
6285 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status,
6287 ic->ic_opmode = opmode;
6293 iwm_vap_delete(struct ieee80211vap *vap)
6295 struct iwm_vap *ivp = IWM_VAP(vap);
6297 ieee80211_ratectl_deinit(vap);
6298 ieee80211_vap_detach(vap);
6299 free(ivp, M_80211_VAP);
6303 iwm_scan_start(struct ieee80211com *ic)
6305 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6306 struct iwm_softc *sc = ic->ic_softc;
6310 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6311 /* This should not be possible */
6312 device_printf(sc->sc_dev,
6313 "%s: Previous scan not completed yet\n", __func__);
6315 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN))
6316 error = iwm_mvm_umac_scan(sc);
6318 error = iwm_mvm_lmac_scan(sc);
6320 device_printf(sc->sc_dev, "could not initiate scan\n");
6322 ieee80211_cancel_scan(vap);
6324 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING;
6325 iwm_led_blink_start(sc);
6331 iwm_scan_end(struct ieee80211com *ic)
6333 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6334 struct iwm_softc *sc = ic->ic_softc;
6337 iwm_led_blink_stop(sc);
6338 if (vap->iv_state == IEEE80211_S_RUN)
6339 iwm_mvm_led_enable(sc);
6340 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6342 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because
6343 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq
6346 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
6347 iwm_mvm_scan_stop_wait(sc);
6352 * Make sure we don't race, if sc_es_task is still enqueued here.
6353 * This is to make sure that it won't call ieee80211_scan_done
6354 * when we have already started the next scan.
6356 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL);
6360 iwm_update_mcast(struct ieee80211com *ic)
6365 iwm_set_channel(struct ieee80211com *ic)
6370 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
6375 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
6381 iwm_init_task(void *arg1)
6383 struct iwm_softc *sc = arg1;
6386 while (sc->sc_flags & IWM_FLAG_BUSY)
6387 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
6388 sc->sc_flags |= IWM_FLAG_BUSY;
6390 if (sc->sc_ic.ic_nrunning > 0)
6392 sc->sc_flags &= ~IWM_FLAG_BUSY;
6393 wakeup(&sc->sc_flags);
6398 iwm_resume(device_t dev)
6400 struct iwm_softc *sc = device_get_softc(dev);
6404 * We disable the RETRY_TIMEOUT register (0x41) to keep
6405 * PCI Tx retries from interfering with C3 CPU state.
6407 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
6408 iwm_init_task(device_get_softc(dev));
6411 if (sc->sc_flags & IWM_FLAG_SCANNING) {
6412 sc->sc_flags &= ~IWM_FLAG_SCANNING;
6418 ieee80211_resume_all(&sc->sc_ic);
6424 iwm_suspend(device_t dev)
6427 struct iwm_softc *sc = device_get_softc(dev);
6429 do_stop = !! (sc->sc_ic.ic_nrunning > 0);
6431 ieee80211_suspend_all(&sc->sc_ic);
6436 sc->sc_flags |= IWM_FLAG_SCANNING;
6444 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
6446 struct iwm_fw_info *fw = &sc->sc_fw;
6447 device_t dev = sc->sc_dev;
6450 if (!sc->sc_attached)
6452 sc->sc_attached = 0;
6455 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task);
6457 callout_drain(&sc->sc_led_blink_to);
6458 callout_drain(&sc->sc_watchdog_to);
6459 iwm_stop_device(sc);
6461 ieee80211_ifdetach(&sc->sc_ic);
6464 iwm_phy_db_free(sc->sc_phy_db);
6465 sc->sc_phy_db = NULL;
6467 iwm_free_nvm_data(sc->nvm_data);
6469 /* Free descriptor rings */
6470 iwm_free_rx_ring(sc, &sc->rxq);
6471 for (i = 0; i < nitems(sc->txq); i++)
6472 iwm_free_tx_ring(sc, &sc->txq[i]);
6475 if (fw->fw_fp != NULL)
6476 iwm_fw_info_free(fw);
6478 /* Free scheduler */
6479 iwm_dma_contig_free(&sc->sched_dma);
6480 iwm_dma_contig_free(&sc->ict_dma);
6481 iwm_dma_contig_free(&sc->kw_dma);
6482 iwm_dma_contig_free(&sc->fw_dma);
6484 iwm_free_fw_paging(sc);
6486 /* Finished with the hardware - detach things */
6487 iwm_pci_detach(dev);
6489 if (sc->sc_notif_wait != NULL) {
6490 iwm_notification_wait_free(sc->sc_notif_wait);
6491 sc->sc_notif_wait = NULL;
6494 mbufq_drain(&sc->sc_snd);
6495 IWM_LOCK_DESTROY(sc);
6501 iwm_detach(device_t dev)
6503 struct iwm_softc *sc = device_get_softc(dev);
6505 return (iwm_detach_local(sc, 1));
6508 static device_method_t iwm_pci_methods[] = {
6509 /* Device interface */
6510 DEVMETHOD(device_probe, iwm_probe),
6511 DEVMETHOD(device_attach, iwm_attach),
6512 DEVMETHOD(device_detach, iwm_detach),
6513 DEVMETHOD(device_suspend, iwm_suspend),
6514 DEVMETHOD(device_resume, iwm_resume),
6519 static driver_t iwm_pci_driver = {
6522 sizeof (struct iwm_softc)
6525 static devclass_t iwm_devclass;
6527 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
6528 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
6529 MODULE_DEPEND(iwm, pci, 1, 1, 1);
6530 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
projects / FreeBSD / FreeBSD.git / blob