1 /* $OpenBSD: if_iwm.c,v 1.39 2015/03/23 00:35:19 jsg Exp $ */
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
27 ***********************************************************************
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
105 #include <sys/cdefs.h>
106 __FBSDID("$FreeBSD$");
108 #include <sys/param.h>
110 #include <sys/conf.h>
111 #include <sys/endian.h>
112 #include <sys/firmware.h>
113 #include <sys/kernel.h>
114 #include <sys/malloc.h>
115 #include <sys/mbuf.h>
116 #include <sys/mutex.h>
117 #include <sys/module.h>
118 #include <sys/proc.h>
119 #include <sys/rman.h>
120 #include <sys/socket.h>
121 #include <sys/sockio.h>
122 #include <sys/sysctl.h>
123 #include <sys/linker.h>
125 #include <machine/bus.h>
126 #include <machine/endian.h>
127 #include <machine/resource.h>
129 #include <dev/pci/pcivar.h>
130 #include <dev/pci/pcireg.h>
135 #include <net/if_var.h>
136 #include <net/if_arp.h>
137 #include <net/if_dl.h>
138 #include <net/if_media.h>
139 #include <net/if_types.h>
141 #include <netinet/in.h>
142 #include <netinet/in_systm.h>
143 #include <netinet/if_ether.h>
144 #include <netinet/ip.h>
146 #include <net80211/ieee80211_var.h>
147 #include <net80211/ieee80211_regdomain.h>
148 #include <net80211/ieee80211_ratectl.h>
149 #include <net80211/ieee80211_radiotap.h>
151 #include <dev/iwm/if_iwmreg.h>
152 #include <dev/iwm/if_iwmvar.h>
153 #include <dev/iwm/if_iwm_debug.h>
154 #include <dev/iwm/if_iwm_util.h>
155 #include <dev/iwm/if_iwm_binding.h>
156 #include <dev/iwm/if_iwm_phy_db.h>
157 #include <dev/iwm/if_iwm_mac_ctxt.h>
158 #include <dev/iwm/if_iwm_phy_ctxt.h>
159 #include <dev/iwm/if_iwm_time_event.h>
160 #include <dev/iwm/if_iwm_power.h>
161 #include <dev/iwm/if_iwm_scan.h>
163 #include <dev/iwm/if_iwm_pcie_trans.h>
165 const uint8_t iwm_nvm_channels[] = {
167 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
169 36, 40, 44 , 48, 52, 56, 60, 64,
170 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
171 149, 153, 157, 161, 165
173 #define IWM_NUM_2GHZ_CHANNELS 14
176 * XXX For now, there's simply a fixed set of rate table entries
177 * that are populated.
179 const struct iwm_rate {
183 { 2, IWM_RATE_1M_PLCP },
184 { 4, IWM_RATE_2M_PLCP },
185 { 11, IWM_RATE_5M_PLCP },
186 { 22, IWM_RATE_11M_PLCP },
187 { 12, IWM_RATE_6M_PLCP },
188 { 18, IWM_RATE_9M_PLCP },
189 { 24, IWM_RATE_12M_PLCP },
190 { 36, IWM_RATE_18M_PLCP },
191 { 48, IWM_RATE_24M_PLCP },
192 { 72, IWM_RATE_36M_PLCP },
193 { 96, IWM_RATE_48M_PLCP },
194 { 108, IWM_RATE_54M_PLCP },
196 #define IWM_RIDX_CCK 0
197 #define IWM_RIDX_OFDM 4
198 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
199 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
200 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
202 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
203 static int iwm_firmware_store_section(struct iwm_softc *,
205 const uint8_t *, size_t);
206 static int iwm_set_default_calib(struct iwm_softc *, const void *);
207 static void iwm_fw_info_free(struct iwm_fw_info *);
208 static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type);
209 static void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int);
210 static int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *,
211 bus_size_t, bus_size_t);
212 static void iwm_dma_contig_free(struct iwm_dma_info *);
213 static int iwm_alloc_fwmem(struct iwm_softc *);
214 static void iwm_free_fwmem(struct iwm_softc *);
215 static int iwm_alloc_sched(struct iwm_softc *);
216 static void iwm_free_sched(struct iwm_softc *);
217 static int iwm_alloc_kw(struct iwm_softc *);
218 static void iwm_free_kw(struct iwm_softc *);
219 static int iwm_alloc_ict(struct iwm_softc *);
220 static void iwm_free_ict(struct iwm_softc *);
221 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
222 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
223 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
224 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
226 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
227 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
228 static void iwm_enable_interrupts(struct iwm_softc *);
229 static void iwm_restore_interrupts(struct iwm_softc *);
230 static void iwm_disable_interrupts(struct iwm_softc *);
231 static void iwm_ict_reset(struct iwm_softc *);
232 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
233 static void iwm_stop_device(struct iwm_softc *);
234 static void iwm_mvm_nic_config(struct iwm_softc *);
235 static int iwm_nic_rx_init(struct iwm_softc *);
236 static int iwm_nic_tx_init(struct iwm_softc *);
237 static int iwm_nic_init(struct iwm_softc *);
238 static void iwm_enable_txq(struct iwm_softc *, int, int);
239 static int iwm_post_alive(struct iwm_softc *);
240 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
241 uint16_t, uint8_t *, uint16_t *);
242 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
244 static void iwm_init_channel_map(struct iwm_softc *,
245 const uint16_t * const);
246 static int iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
247 const uint16_t *, const uint16_t *, uint8_t,
249 struct iwm_nvm_section;
250 static int iwm_parse_nvm_sections(struct iwm_softc *,
251 struct iwm_nvm_section *);
252 static int iwm_nvm_init(struct iwm_softc *);
253 static int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t,
254 const uint8_t *, uint32_t);
255 static int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type);
256 static int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type);
257 static int iwm_fw_alive(struct iwm_softc *, uint32_t);
258 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
259 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
260 static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *,
261 enum iwm_ucode_type);
262 static int iwm_run_init_mvm_ucode(struct iwm_softc *, int);
263 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
264 static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *);
265 static int iwm_mvm_get_signal_strength(struct iwm_softc *,
266 struct iwm_rx_phy_info *);
267 static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *,
268 struct iwm_rx_packet *,
269 struct iwm_rx_data *);
270 static int iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *);
271 static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *,
272 struct iwm_rx_data *);
273 static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *,
274 struct iwm_rx_packet *,
276 static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *,
277 struct iwm_rx_data *);
278 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
280 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
283 static const struct iwm_rate *
284 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
285 struct ieee80211_frame *, struct iwm_tx_cmd *);
286 static int iwm_tx(struct iwm_softc *, struct mbuf *,
287 struct ieee80211_node *, int);
288 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
289 const struct ieee80211_bpf_params *);
290 static void iwm_mvm_add_sta_cmd_v6_to_v5(struct iwm_mvm_add_sta_cmd_v6 *,
291 struct iwm_mvm_add_sta_cmd_v5 *);
292 static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *,
293 struct iwm_mvm_add_sta_cmd_v6 *,
295 static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *,
297 static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *);
298 static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *);
299 static int iwm_mvm_add_int_sta_common(struct iwm_softc *,
300 struct iwm_int_sta *,
301 const uint8_t *, uint16_t, uint16_t);
302 static int iwm_mvm_add_aux_sta(struct iwm_softc *);
303 static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *);
304 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
305 static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *);
306 static int iwm_release(struct iwm_softc *, struct iwm_node *);
307 static struct ieee80211_node *
308 iwm_node_alloc(struct ieee80211vap *,
309 const uint8_t[IEEE80211_ADDR_LEN]);
310 static void iwm_setrates(struct iwm_softc *, struct iwm_node *);
311 static int iwm_media_change(struct ifnet *);
312 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
313 static void iwm_endscan_cb(void *, int);
314 static int iwm_init_hw(struct iwm_softc *);
315 static void iwm_init(struct iwm_softc *);
316 static void iwm_start(struct iwm_softc *);
317 static void iwm_stop(struct iwm_softc *);
318 static void iwm_watchdog(void *);
319 static void iwm_parent(struct ieee80211com *);
322 iwm_desc_lookup(uint32_t);
323 static void iwm_nic_error(struct iwm_softc *);
325 static void iwm_notif_intr(struct iwm_softc *);
326 static void iwm_intr(void *);
327 static int iwm_attach(device_t);
328 static void iwm_preinit(void *);
329 static int iwm_detach_local(struct iwm_softc *sc, int);
330 static void iwm_init_task(void *);
331 static void iwm_radiotap_attach(struct iwm_softc *);
332 static struct ieee80211vap *
333 iwm_vap_create(struct ieee80211com *,
334 const char [IFNAMSIZ], int,
335 enum ieee80211_opmode, int,
336 const uint8_t [IEEE80211_ADDR_LEN],
337 const uint8_t [IEEE80211_ADDR_LEN]);
338 static void iwm_vap_delete(struct ieee80211vap *);
339 static void iwm_scan_start(struct ieee80211com *);
340 static void iwm_scan_end(struct ieee80211com *);
341 static void iwm_update_mcast(struct ieee80211com *);
342 static void iwm_set_channel(struct ieee80211com *);
343 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
344 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
345 static int iwm_detach(device_t);
352 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
354 const struct iwm_fw_cscheme_list *l = (const void *)data;
356 if (dlen < sizeof(*l) ||
357 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
360 /* we don't actually store anything for now, always use s/w crypto */
366 iwm_firmware_store_section(struct iwm_softc *sc,
367 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
369 struct iwm_fw_sects *fws;
370 struct iwm_fw_onesect *fwone;
372 if (type >= IWM_UCODE_TYPE_MAX)
374 if (dlen < sizeof(uint32_t))
377 fws = &sc->sc_fw.fw_sects[type];
378 if (fws->fw_count >= IWM_UCODE_SECT_MAX)
381 fwone = &fws->fw_sect[fws->fw_count];
383 /* first 32bit are device load offset */
384 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t));
387 fwone->fws_data = data + sizeof(uint32_t);
388 fwone->fws_len = dlen - sizeof(uint32_t);
391 fws->fw_totlen += fwone->fws_len;
396 /* iwlwifi: iwl-drv.c */
397 struct iwm_tlv_calib_data {
399 struct iwm_tlv_calib_ctrl calib;
403 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
405 const struct iwm_tlv_calib_data *def_calib = data;
406 uint32_t ucode_type = le32toh(def_calib->ucode_type);
408 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
409 device_printf(sc->sc_dev,
410 "Wrong ucode_type %u for default "
411 "calibration.\n", ucode_type);
415 sc->sc_default_calib[ucode_type].flow_trigger =
416 def_calib->calib.flow_trigger;
417 sc->sc_default_calib[ucode_type].event_trigger =
418 def_calib->calib.event_trigger;
424 iwm_fw_info_free(struct iwm_fw_info *fw)
426 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD);
428 /* don't touch fw->fw_status */
429 memset(fw->fw_sects, 0, sizeof(fw->fw_sects));
433 iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
435 struct iwm_fw_info *fw = &sc->sc_fw;
436 const struct iwm_tlv_ucode_header *uhdr;
437 struct iwm_ucode_tlv tlv;
438 enum iwm_ucode_tlv_type tlv_type;
439 const struct firmware *fwp;
444 if (fw->fw_status == IWM_FW_STATUS_DONE &&
445 ucode_type != IWM_UCODE_TYPE_INIT)
448 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS)
449 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0);
450 fw->fw_status = IWM_FW_STATUS_INPROGRESS;
452 if (fw->fw_fp != NULL)
453 iwm_fw_info_free(fw);
456 * Load firmware into driver memory.
460 fwp = firmware_get(sc->sc_fwname);
463 device_printf(sc->sc_dev,
464 "could not read firmware %s (error %d)\n",
465 sc->sc_fwname, error);
471 * Parse firmware contents
474 uhdr = (const void *)fw->fw_fp->data;
475 if (*(const uint32_t *)fw->fw_fp->data != 0
476 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
477 device_printf(sc->sc_dev, "invalid firmware %s\n",
483 sc->sc_fwver = le32toh(uhdr->ver);
485 len = fw->fw_fp->datasize - sizeof(*uhdr);
487 while (len >= sizeof(tlv)) {
489 const void *tlv_data;
491 memcpy(&tlv, data, sizeof(tlv));
492 tlv_len = le32toh(tlv.length);
493 tlv_type = le32toh(tlv.type);
500 device_printf(sc->sc_dev,
501 "firmware too short: %zu bytes\n",
507 switch ((int)tlv_type) {
508 case IWM_UCODE_TLV_PROBE_MAX_LEN:
509 if (tlv_len < sizeof(uint32_t)) {
510 device_printf(sc->sc_dev,
511 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n",
517 sc->sc_capa_max_probe_len
518 = le32toh(*(const uint32_t *)tlv_data);
519 /* limit it to something sensible */
520 if (sc->sc_capa_max_probe_len > (1<<16)) {
521 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
522 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
523 "ridiculous\n", __func__);
528 case IWM_UCODE_TLV_PAN:
530 device_printf(sc->sc_dev,
531 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n",
537 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN;
539 case IWM_UCODE_TLV_FLAGS:
540 if (tlv_len < sizeof(uint32_t)) {
541 device_printf(sc->sc_dev,
542 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n",
549 * Apparently there can be many flags, but Linux driver
550 * parses only the first one, and so do we.
552 * XXX: why does this override IWM_UCODE_TLV_PAN?
553 * Intentional or a bug? Observations from
554 * current firmware file:
555 * 1) TLV_PAN is parsed first
556 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
557 * ==> this resets TLV_PAN to itself... hnnnk
559 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data);
561 case IWM_UCODE_TLV_CSCHEME:
562 if ((error = iwm_store_cscheme(sc,
563 tlv_data, tlv_len)) != 0) {
564 device_printf(sc->sc_dev,
565 "%s: iwm_store_cscheme(): returned %d\n",
571 case IWM_UCODE_TLV_NUM_OF_CPU:
572 if (tlv_len != sizeof(uint32_t)) {
573 device_printf(sc->sc_dev,
574 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n",
580 if (le32toh(*(const uint32_t*)tlv_data) != 1) {
581 device_printf(sc->sc_dev,
582 "%s: driver supports "
583 "only TLV_NUM_OF_CPU == 1",
589 case IWM_UCODE_TLV_SEC_RT:
590 if ((error = iwm_firmware_store_section(sc,
591 IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len)) != 0) {
592 device_printf(sc->sc_dev,
593 "%s: IWM_UCODE_TYPE_REGULAR: iwm_firmware_store_section() failed; %d\n",
599 case IWM_UCODE_TLV_SEC_INIT:
600 if ((error = iwm_firmware_store_section(sc,
601 IWM_UCODE_TYPE_INIT, tlv_data, tlv_len)) != 0) {
602 device_printf(sc->sc_dev,
603 "%s: IWM_UCODE_TYPE_INIT: iwm_firmware_store_section() failed; %d\n",
609 case IWM_UCODE_TLV_SEC_WOWLAN:
610 if ((error = iwm_firmware_store_section(sc,
611 IWM_UCODE_TYPE_WOW, tlv_data, tlv_len)) != 0) {
612 device_printf(sc->sc_dev,
613 "%s: IWM_UCODE_TYPE_WOW: iwm_firmware_store_section() failed; %d\n",
619 case IWM_UCODE_TLV_DEF_CALIB:
620 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
621 device_printf(sc->sc_dev,
622 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n",
625 (int) sizeof(struct iwm_tlv_calib_data));
629 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
630 device_printf(sc->sc_dev,
631 "%s: iwm_set_default_calib() failed: %d\n",
637 case IWM_UCODE_TLV_PHY_SKU:
638 if (tlv_len != sizeof(uint32_t)) {
640 device_printf(sc->sc_dev,
641 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n",
646 sc->sc_fw_phy_config =
647 le32toh(*(const uint32_t *)tlv_data);
650 case IWM_UCODE_TLV_API_CHANGES_SET:
651 case IWM_UCODE_TLV_ENABLED_CAPABILITIES:
652 /* ignore, not used by current driver */
656 device_printf(sc->sc_dev,
657 "%s: unknown firmware section %d, abort\n",
663 len -= roundup(tlv_len, 4);
664 data += roundup(tlv_len, 4);
667 KASSERT(error == 0, ("unhandled error"));
671 device_printf(sc->sc_dev, "firmware parse error %d, "
672 "section type %d\n", error, tlv_type);
675 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) {
676 device_printf(sc->sc_dev,
677 "device uses unsupported power ops\n");
683 fw->fw_status = IWM_FW_STATUS_NONE;
684 if (fw->fw_fp != NULL)
685 iwm_fw_info_free(fw);
687 fw->fw_status = IWM_FW_STATUS_DONE;
694 * DMA resource routines
698 iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error)
702 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs));
703 *(bus_addr_t *)arg = segs[0].ds_addr;
707 iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma,
708 bus_size_t size, bus_size_t alignment)
715 error = bus_dma_tag_create(tag, alignment,
716 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size,
717 1, size, 0, NULL, NULL, &dma->tag);
721 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr,
722 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map);
726 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size,
727 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT);
731 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
735 fail: iwm_dma_contig_free(dma);
740 iwm_dma_contig_free(struct iwm_dma_info *dma)
742 if (dma->map != NULL) {
743 if (dma->vaddr != NULL) {
744 bus_dmamap_sync(dma->tag, dma->map,
745 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
746 bus_dmamap_unload(dma->tag, dma->map);
747 bus_dmamem_free(dma->tag, dma->vaddr, dma->map);
750 bus_dmamap_destroy(dma->tag, dma->map);
753 if (dma->tag != NULL) {
754 bus_dma_tag_destroy(dma->tag);
760 /* fwmem is used to load firmware onto the card */
762 iwm_alloc_fwmem(struct iwm_softc *sc)
764 /* Must be aligned on a 16-byte boundary. */
765 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
766 sc->sc_fwdmasegsz, 16);
770 iwm_free_fwmem(struct iwm_softc *sc)
772 iwm_dma_contig_free(&sc->fw_dma);
775 /* tx scheduler rings. not used? */
777 iwm_alloc_sched(struct iwm_softc *sc)
781 /* TX scheduler rings must be aligned on a 1KB boundary. */
782 rv = iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
783 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
788 iwm_free_sched(struct iwm_softc *sc)
790 iwm_dma_contig_free(&sc->sched_dma);
793 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
795 iwm_alloc_kw(struct iwm_softc *sc)
797 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
801 iwm_free_kw(struct iwm_softc *sc)
803 iwm_dma_contig_free(&sc->kw_dma);
806 /* interrupt cause table */
808 iwm_alloc_ict(struct iwm_softc *sc)
810 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
811 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
815 iwm_free_ict(struct iwm_softc *sc)
817 iwm_dma_contig_free(&sc->ict_dma);
821 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
828 /* Allocate RX descriptors (256-byte aligned). */
829 size = IWM_RX_RING_COUNT * sizeof(uint32_t);
830 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
832 device_printf(sc->sc_dev,
833 "could not allocate RX ring DMA memory\n");
836 ring->desc = ring->desc_dma.vaddr;
838 /* Allocate RX status area (16-byte aligned). */
839 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
840 sizeof(*ring->stat), 16);
842 device_printf(sc->sc_dev,
843 "could not allocate RX status DMA memory\n");
846 ring->stat = ring->stat_dma.vaddr;
848 /* Create RX buffer DMA tag. */
849 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
850 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
851 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat);
853 device_printf(sc->sc_dev,
854 "%s: could not create RX buf DMA tag, error %d\n",
860 * Allocate and map RX buffers.
862 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
863 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
869 fail: iwm_free_rx_ring(sc, ring);
874 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
877 /* XXX print out if we can't lock the NIC? */
878 if (iwm_nic_lock(sc)) {
879 /* XXX handle if RX stop doesn't finish? */
880 (void) iwm_pcie_rx_stop(sc);
883 /* Reset the ring state */
885 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
889 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
893 iwm_dma_contig_free(&ring->desc_dma);
894 iwm_dma_contig_free(&ring->stat_dma);
896 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
897 struct iwm_rx_data *data = &ring->data[i];
899 if (data->m != NULL) {
900 bus_dmamap_sync(ring->data_dmat, data->map,
901 BUS_DMASYNC_POSTREAD);
902 bus_dmamap_unload(ring->data_dmat, data->map);
906 if (data->map != NULL) {
907 bus_dmamap_destroy(ring->data_dmat, data->map);
911 if (ring->data_dmat != NULL) {
912 bus_dma_tag_destroy(ring->data_dmat);
913 ring->data_dmat = NULL;
918 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
928 /* Allocate TX descriptors (256-byte aligned). */
929 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
930 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
932 device_printf(sc->sc_dev,
933 "could not allocate TX ring DMA memory\n");
936 ring->desc = ring->desc_dma.vaddr;
939 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
940 * to allocate commands space for other rings.
942 if (qid > IWM_MVM_CMD_QUEUE)
945 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
946 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
948 device_printf(sc->sc_dev,
949 "could not allocate TX cmd DMA memory\n");
952 ring->cmd = ring->cmd_dma.vaddr;
954 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
955 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
956 IWM_MAX_SCATTER - 2, MCLBYTES, 0, NULL, NULL, &ring->data_dmat);
958 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
962 paddr = ring->cmd_dma.paddr;
963 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
964 struct iwm_tx_data *data = &ring->data[i];
966 data->cmd_paddr = paddr;
967 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
968 + offsetof(struct iwm_tx_cmd, scratch);
969 paddr += sizeof(struct iwm_device_cmd);
971 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
973 device_printf(sc->sc_dev,
974 "could not create TX buf DMA map\n");
978 KASSERT(paddr == ring->cmd_dma.paddr + size,
979 ("invalid physical address"));
982 fail: iwm_free_tx_ring(sc, ring);
987 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
991 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
992 struct iwm_tx_data *data = &ring->data[i];
994 if (data->m != NULL) {
995 bus_dmamap_sync(ring->data_dmat, data->map,
996 BUS_DMASYNC_POSTWRITE);
997 bus_dmamap_unload(ring->data_dmat, data->map);
1002 /* Clear TX descriptors. */
1003 memset(ring->desc, 0, ring->desc_dma.size);
1004 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1005 BUS_DMASYNC_PREWRITE);
1006 sc->qfullmsk &= ~(1 << ring->qid);
1012 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1016 iwm_dma_contig_free(&ring->desc_dma);
1017 iwm_dma_contig_free(&ring->cmd_dma);
1019 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1020 struct iwm_tx_data *data = &ring->data[i];
1022 if (data->m != NULL) {
1023 bus_dmamap_sync(ring->data_dmat, data->map,
1024 BUS_DMASYNC_POSTWRITE);
1025 bus_dmamap_unload(ring->data_dmat, data->map);
1029 if (data->map != NULL) {
1030 bus_dmamap_destroy(ring->data_dmat, data->map);
1034 if (ring->data_dmat != NULL) {
1035 bus_dma_tag_destroy(ring->data_dmat);
1036 ring->data_dmat = NULL;
1041 * High-level hardware frobbing routines
1045 iwm_enable_interrupts(struct iwm_softc *sc)
1047 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1048 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1052 iwm_restore_interrupts(struct iwm_softc *sc)
1054 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1058 iwm_disable_interrupts(struct iwm_softc *sc)
1060 /* disable interrupts */
1061 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1063 /* acknowledge all interrupts */
1064 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1065 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1069 iwm_ict_reset(struct iwm_softc *sc)
1071 iwm_disable_interrupts(sc);
1073 /* Reset ICT table. */
1074 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1077 /* Set physical address of ICT table (4KB aligned). */
1078 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1079 IWM_CSR_DRAM_INT_TBL_ENABLE
1080 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1081 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1083 /* Switch to ICT interrupt mode in driver. */
1084 sc->sc_flags |= IWM_FLAG_USE_ICT;
1086 /* Re-enable interrupts. */
1087 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1088 iwm_enable_interrupts(sc);
1091 /* iwlwifi pcie/trans.c */
1094 * Since this .. hard-resets things, it's time to actually
1095 * mark the first vap (if any) as having no mac context.
1096 * It's annoying, but since the driver is potentially being
1097 * stop/start'ed whilst active (thanks openbsd port!) we
1098 * have to correctly track this.
1101 iwm_stop_device(struct iwm_softc *sc)
1103 struct ieee80211com *ic = &sc->sc_ic;
1104 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1108 /* tell the device to stop sending interrupts */
1109 iwm_disable_interrupts(sc);
1112 * FreeBSD-local: mark the first vap as not-uploaded,
1113 * so the next transition through auth/assoc
1114 * will correctly populate the MAC context.
1117 struct iwm_vap *iv = IWM_VAP(vap);
1118 iv->is_uploaded = 0;
1121 /* device going down, Stop using ICT table */
1122 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1124 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1126 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1128 /* Stop all DMA channels. */
1129 if (iwm_nic_lock(sc)) {
1130 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1132 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1133 for (ntries = 0; ntries < 200; ntries++) {
1136 r = IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG);
1137 if (r & IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(
1147 iwm_reset_rx_ring(sc, &sc->rxq);
1149 /* Reset all TX rings. */
1150 for (qid = 0; qid < nitems(sc->txq); qid++)
1151 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1154 * Power-down device's busmaster DMA clocks
1156 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1159 /* Make sure (redundant) we've released our request to stay awake */
1160 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1161 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1163 /* Stop the device, and put it in low power state */
1166 /* Upon stop, the APM issues an interrupt if HW RF kill is set.
1167 * Clean again the interrupt here
1169 iwm_disable_interrupts(sc);
1170 /* stop and reset the on-board processor */
1171 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_NEVO_RESET);
1174 * Even if we stop the HW, we still want the RF kill
1177 iwm_enable_rfkill_int(sc);
1178 iwm_check_rfkill(sc);
1181 /* iwlwifi: mvm/ops.c */
1183 iwm_mvm_nic_config(struct iwm_softc *sc)
1185 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1186 uint32_t reg_val = 0;
1188 radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1189 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1190 radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1191 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1192 radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1193 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1196 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1197 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1198 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1199 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1201 /* radio configuration */
1202 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1203 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1204 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1206 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val);
1208 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1209 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1210 radio_cfg_step, radio_cfg_dash);
1213 * W/A : NIC is stuck in a reset state after Early PCIe power off
1214 * (PCIe power is lost before PERST# is asserted), causing ME FW
1215 * to lose ownership and not being able to obtain it back.
1217 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1218 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1219 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1223 iwm_nic_rx_init(struct iwm_softc *sc)
1225 if (!iwm_nic_lock(sc))
1229 * Initialize RX ring. This is from the iwn driver.
1231 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1234 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 0);
1235 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1236 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1237 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1238 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1240 /* Set physical address of RX ring (256-byte aligned). */
1242 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8);
1244 /* Set physical address of RX status (16-byte aligned). */
1246 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1250 * Note: Linux driver also sets this:
1251 * (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1253 * It causes weird behavior. YMMV.
1255 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1256 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1257 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1258 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1259 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1260 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1262 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1264 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1265 if (sc->host_interrupt_operation_mode)
1266 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1269 * Thus sayeth el jefe (iwlwifi) via a comment:
1271 * This value should initially be 0 (before preparing any
1272 * RBs), should be 8 after preparing the first 8 RBs (for example)
1274 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1282 iwm_nic_tx_init(struct iwm_softc *sc)
1286 if (!iwm_nic_lock(sc))
1289 /* Deactivate TX scheduler. */
1290 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1292 /* Set physical address of "keep warm" page (16-byte aligned). */
1293 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1295 /* Initialize TX rings. */
1296 for (qid = 0; qid < nitems(sc->txq); qid++) {
1297 struct iwm_tx_ring *txq = &sc->txq[qid];
1299 /* Set physical address of TX ring (256-byte aligned). */
1300 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1301 txq->desc_dma.paddr >> 8);
1302 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1303 "%s: loading ring %d descriptors (%p) at %lx\n",
1306 (unsigned long) (txq->desc_dma.paddr >> 8));
1314 iwm_nic_init(struct iwm_softc *sc)
1321 iwm_mvm_nic_config(sc);
1323 if ((error = iwm_nic_rx_init(sc)) != 0)
1327 * Ditto for TX, from iwn
1329 if ((error = iwm_nic_tx_init(sc)) != 0)
1332 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1333 "%s: shadow registers enabled\n", __func__);
1334 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1339 enum iwm_mvm_tx_fifo {
1340 IWM_MVM_TX_FIFO_BK = 0,
1344 IWM_MVM_TX_FIFO_MCAST = 5,
1347 const uint8_t iwm_mvm_ac_to_tx_fifo[] = {
1355 iwm_enable_txq(struct iwm_softc *sc, int qid, int fifo)
1357 if (!iwm_nic_lock(sc)) {
1358 device_printf(sc->sc_dev,
1359 "%s: cannot enable txq %d\n",
1362 return; /* XXX return EBUSY */
1365 /* unactivate before configuration */
1366 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1367 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE)
1368 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1370 if (qid != IWM_MVM_CMD_QUEUE) {
1371 iwm_set_bits_prph(sc, IWM_SCD_QUEUECHAIN_SEL, (1 << qid));
1374 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid));
1376 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1377 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1379 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1380 /* Set scheduler window size and frame limit. */
1382 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1384 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1385 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1386 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1387 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1389 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1390 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1391 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1392 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1393 IWM_SCD_QUEUE_STTS_REG_MSK);
1397 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1398 "%s: enabled txq %d FIFO %d\n",
1399 __func__, qid, fifo);
1403 iwm_post_alive(struct iwm_softc *sc)
1408 if (!iwm_nic_lock(sc))
1411 if (sc->sched_base != iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR)) {
1412 device_printf(sc->sc_dev,
1413 "%s: sched addr mismatch",
1421 /* Clear TX scheduler state in SRAM. */
1422 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1423 IWM_SCD_CONTEXT_MEM_LOWER_BOUND)
1425 error = iwm_write_mem(sc,
1426 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1431 /* Set physical address of TX scheduler rings (1KB aligned). */
1432 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1434 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1436 /* enable command channel */
1437 iwm_enable_txq(sc, IWM_MVM_CMD_QUEUE, 7);
1439 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1441 /* Enable DMA channels. */
1442 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1443 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1444 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1445 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1448 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1449 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1451 /* Enable L1-Active */
1452 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1453 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1461 * NVM read access and content parsing. We do not support
1462 * external NVM or writing NVM.
1466 /* list of NVM sections we are allowed/need to read */
1467 const int nvm_to_read[] = {
1468 IWM_NVM_SECTION_TYPE_HW,
1469 IWM_NVM_SECTION_TYPE_SW,
1470 IWM_NVM_SECTION_TYPE_CALIBRATION,
1471 IWM_NVM_SECTION_TYPE_PRODUCTION,
1474 /* Default NVM size to read */
1475 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1476 #define IWM_MAX_NVM_SECTION_SIZE 7000
1478 #define IWM_NVM_WRITE_OPCODE 1
1479 #define IWM_NVM_READ_OPCODE 0
1482 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1483 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1486 struct iwm_nvm_access_cmd nvm_access_cmd = {
1487 .offset = htole16(offset),
1488 .length = htole16(length),
1489 .type = htole16(section),
1490 .op_code = IWM_NVM_READ_OPCODE,
1492 struct iwm_nvm_access_resp *nvm_resp;
1493 struct iwm_rx_packet *pkt;
1494 struct iwm_host_cmd cmd = {
1495 .id = IWM_NVM_ACCESS_CMD,
1496 .flags = IWM_CMD_SYNC | IWM_CMD_WANT_SKB |
1497 IWM_CMD_SEND_IN_RFKILL,
1498 .data = { &nvm_access_cmd, },
1500 int ret, bytes_read, offset_read;
1503 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1505 ret = iwm_send_cmd(sc, &cmd);
1510 if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) {
1511 device_printf(sc->sc_dev,
1512 "%s: Bad return from IWM_NVM_ACCES_COMMAND (0x%08X)\n",
1513 __func__, pkt->hdr.flags);
1518 /* Extract NVM response */
1519 nvm_resp = (void *)pkt->data;
1521 ret = le16toh(nvm_resp->status);
1522 bytes_read = le16toh(nvm_resp->length);
1523 offset_read = le16toh(nvm_resp->offset);
1524 resp_data = nvm_resp->data;
1526 device_printf(sc->sc_dev,
1527 "%s: NVM access command failed with status %d\n",
1533 if (offset_read != offset) {
1534 device_printf(sc->sc_dev,
1535 "%s: NVM ACCESS response with invalid offset %d\n",
1536 __func__, offset_read);
1541 memcpy(data + offset, resp_data, bytes_read);
1545 iwm_free_resp(sc, &cmd);
1550 * Reads an NVM section completely.
1551 * NICs prior to 7000 family doesn't have a real NVM, but just read
1552 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1553 * by uCode, we need to manually check in this case that we don't
1554 * overflow and try to read more than the EEPROM size.
1555 * For 7000 family NICs, we supply the maximal size we can read, and
1556 * the uCode fills the response with as much data as we can,
1557 * without overflowing, so no check is needed.
1560 iwm_nvm_read_section(struct iwm_softc *sc,
1561 uint16_t section, uint8_t *data, uint16_t *len)
1563 uint16_t length, seglen;
1566 /* Set nvm section read length */
1567 length = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE;
1570 /* Read the NVM until exhausted (reading less than requested) */
1571 while (seglen == length) {
1572 error = iwm_nvm_read_chunk(sc,
1573 section, *len, length, data, &seglen);
1575 device_printf(sc->sc_dev,
1576 "Cannot read NVM from section "
1577 "%d offset %d, length %d\n",
1578 section, *len, length);
1584 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1585 "NVM section %d read completed\n", section);
1590 * BEGIN IWM_NVM_PARSE
1593 /* iwlwifi/iwl-nvm-parse.c */
1595 /* NVM offsets (in words) definitions */
1596 enum wkp_nvm_offsets {
1597 /* NVM HW-Section offset (in words) definitions */
1600 /* NVM SW-Section offset (in words) definitions */
1601 IWM_NVM_SW_SECTION = 0x1C0,
1602 IWM_NVM_VERSION = 0,
1606 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1608 /* NVM calibration section offset (in words) definitions */
1609 IWM_NVM_CALIB_SECTION = 0x2B8,
1610 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1613 /* SKU Capabilities (actual values from NVM definition) */
1615 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1616 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1617 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1618 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1621 /* radio config bits (actual values from NVM definition) */
1622 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1623 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1624 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1625 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1626 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1627 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1629 #define DEFAULT_MAX_TX_POWER 16
1632 * enum iwm_nvm_channel_flags - channel flags in NVM
1633 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1634 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1635 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1636 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1637 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1638 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1639 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1640 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1641 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1643 enum iwm_nvm_channel_flags {
1644 IWM_NVM_CHANNEL_VALID = (1 << 0),
1645 IWM_NVM_CHANNEL_IBSS = (1 << 1),
1646 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
1647 IWM_NVM_CHANNEL_RADAR = (1 << 4),
1648 IWM_NVM_CHANNEL_DFS = (1 << 7),
1649 IWM_NVM_CHANNEL_WIDE = (1 << 8),
1650 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
1651 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
1652 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
1656 * Add a channel to the net80211 channel list.
1658 * ieee is the ieee channel number
1659 * ch_idx is channel index.
1660 * mode is the channel mode - CHAN_A, CHAN_B, CHAN_G.
1661 * ch_flags is the iwm channel flags.
1663 * Return 0 on OK, < 0 on error.
1666 iwm_init_net80211_channel(struct iwm_softc *sc, int ieee, int ch_idx,
1667 int mode, uint16_t ch_flags)
1669 /* XXX for now, no overflow checking! */
1670 struct ieee80211com *ic = &sc->sc_ic;
1672 struct ieee80211_channel *channel;
1674 channel = &ic->ic_channels[ic->ic_nchans++];
1675 channel->ic_ieee = ieee;
1677 is_5ghz = ch_idx >= IWM_NUM_2GHZ_CHANNELS;
1679 flags = IEEE80211_CHAN_2GHZ;
1680 channel->ic_flags = mode;
1682 flags = IEEE80211_CHAN_5GHZ;
1683 channel->ic_flags = mode;
1685 channel->ic_freq = ieee80211_ieee2mhz(ieee, flags);
1687 if (!(ch_flags & IWM_NVM_CHANNEL_ACTIVE))
1688 channel->ic_flags |= IEEE80211_CHAN_PASSIVE;
1693 iwm_init_channel_map(struct iwm_softc *sc, const uint16_t * const nvm_ch_flags)
1695 struct ieee80211com *ic = &sc->sc_ic;
1696 struct iwm_nvm_data *data = &sc->sc_nvm;
1701 for (ch_idx = 0; ch_idx < nitems(iwm_nvm_channels); ch_idx++) {
1702 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
1704 if (ch_idx >= IWM_NUM_2GHZ_CHANNELS &&
1705 !data->sku_cap_band_52GHz_enable)
1706 ch_flags &= ~IWM_NVM_CHANNEL_VALID;
1708 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
1709 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1710 "Ch. %d Flags %x [%sGHz] - No traffic\n",
1711 iwm_nvm_channels[ch_idx],
1713 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1718 hw_value = iwm_nvm_channels[ch_idx];
1721 if (ch_idx >= IWM_NUM_2GHZ_CHANNELS) {
1722 (void) iwm_init_net80211_channel(sc, hw_value,
1727 (void) iwm_init_net80211_channel(sc, hw_value,
1731 /* If it's not channel 13, also add 11g */
1733 (void) iwm_init_net80211_channel(sc, hw_value,
1739 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1740 "Ch. %d Flags %x [%sGHz] - Added\n",
1741 iwm_nvm_channels[ch_idx],
1743 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
1746 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans);
1750 iwm_parse_nvm_data(struct iwm_softc *sc,
1751 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
1752 const uint16_t *nvm_calib, uint8_t tx_chains, uint8_t rx_chains)
1754 struct iwm_nvm_data *data = &sc->sc_nvm;
1755 uint8_t hw_addr[IEEE80211_ADDR_LEN];
1756 uint16_t radio_cfg, sku;
1758 data->nvm_version = le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
1760 radio_cfg = le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
1761 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
1762 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
1763 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
1764 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
1765 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK(radio_cfg);
1766 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK(radio_cfg);
1768 sku = le16_to_cpup(nvm_sw + IWM_SKU);
1769 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
1770 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
1771 data->sku_cap_11n_enable = 0;
1773 if (!data->valid_tx_ant || !data->valid_rx_ant) {
1774 device_printf(sc->sc_dev,
1775 "%s: invalid antennas (0x%x, 0x%x)\n",
1776 __func__, data->valid_tx_ant,
1777 data->valid_rx_ant);
1781 data->n_hw_addrs = le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
1783 data->xtal_calib[0] = *(nvm_calib + IWM_XTAL_CALIB);
1784 data->xtal_calib[1] = *(nvm_calib + IWM_XTAL_CALIB + 1);
1786 /* The byte order is little endian 16 bit, meaning 214365 */
1787 IEEE80211_ADDR_COPY(hw_addr, nvm_hw + IWM_HW_ADDR);
1788 data->hw_addr[0] = hw_addr[1];
1789 data->hw_addr[1] = hw_addr[0];
1790 data->hw_addr[2] = hw_addr[3];
1791 data->hw_addr[3] = hw_addr[2];
1792 data->hw_addr[4] = hw_addr[5];
1793 data->hw_addr[5] = hw_addr[4];
1795 iwm_init_channel_map(sc, &nvm_sw[IWM_NVM_CHANNELS]);
1796 data->calib_version = 255; /* TODO:
1797 this value will prevent some checks from
1798 failing, we need to check if this
1799 field is still needed, and if it does,
1800 where is it in the NVM */
1809 struct iwm_nvm_section {
1811 const uint8_t *data;
1815 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
1817 const uint16_t *hw, *sw, *calib;
1819 /* Checking for required sections */
1820 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
1821 !sections[IWM_NVM_SECTION_TYPE_HW].data) {
1822 device_printf(sc->sc_dev,
1823 "%s: Can't parse empty NVM sections\n",
1828 hw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_HW].data;
1829 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
1830 calib = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
1831 return iwm_parse_nvm_data(sc, hw, sw, calib,
1832 IWM_FW_VALID_TX_ANT(sc), IWM_FW_VALID_RX_ANT(sc));
1836 iwm_nvm_init(struct iwm_softc *sc)
1838 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS];
1839 int i, section, error;
1841 uint8_t *nvm_buffer, *temp;
1843 /* Read From FW NVM */
1844 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
1848 /* TODO: find correct NVM max size for a section */
1849 nvm_buffer = malloc(IWM_OTP_LOW_IMAGE_SIZE, M_DEVBUF, M_NOWAIT);
1850 if (nvm_buffer == NULL)
1852 for (i = 0; i < nitems(nvm_to_read); i++) {
1853 section = nvm_to_read[i];
1854 KASSERT(section <= nitems(nvm_sections),
1855 ("too many sections"));
1857 error = iwm_nvm_read_section(sc, section, nvm_buffer, &len);
1861 temp = malloc(len, M_DEVBUF, M_NOWAIT);
1866 memcpy(temp, nvm_buffer, len);
1867 nvm_sections[section].data = temp;
1868 nvm_sections[section].length = len;
1870 free(nvm_buffer, M_DEVBUF);
1874 return iwm_parse_nvm_sections(sc, nvm_sections);
1878 * Firmware loading gunk. This is kind of a weird hybrid between the
1879 * iwn driver and the Linux iwlwifi driver.
1883 iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr,
1884 const uint8_t *section, uint32_t byte_cnt)
1886 struct iwm_dma_info *dma = &sc->fw_dma;
1889 /* Copy firmware section into pre-allocated DMA-safe memory. */
1890 memcpy(dma->vaddr, section, byte_cnt);
1891 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
1893 if (!iwm_nic_lock(sc))
1896 sc->sc_fw_chunk_done = 0;
1898 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
1899 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
1900 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
1902 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
1903 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
1904 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
1905 (iwm_get_dma_hi_addr(dma->paddr)
1906 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
1907 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
1908 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
1909 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
1910 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
1911 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
1912 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1913 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
1914 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
1918 /* wait 1s for this segment to load */
1919 while (!sc->sc_fw_chunk_done)
1920 if ((error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz)) != 0)
1927 iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1929 struct iwm_fw_sects *fws;
1935 sc->sc_uc.uc_intr = 0;
1937 fws = &sc->sc_fw.fw_sects[ucode_type];
1938 for (i = 0; i < fws->fw_count; i++) {
1939 data = fws->fw_sect[i].fws_data;
1940 dlen = fws->fw_sect[i].fws_len;
1941 offset = fws->fw_sect[i].fws_devoff;
1942 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
1943 "LOAD FIRMWARE type %d offset %u len %d\n",
1944 ucode_type, offset, dlen);
1945 error = iwm_firmware_load_chunk(sc, offset, data, dlen);
1947 device_printf(sc->sc_dev,
1948 "%s: chunk %u of %u returned error %02d\n",
1949 __func__, i, fws->fw_count, error);
1954 /* wait for the firmware to load */
1955 IWM_WRITE(sc, IWM_CSR_RESET, 0);
1957 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) {
1958 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10);
1964 /* iwlwifi: pcie/trans.c */
1966 iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
1970 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1972 if ((error = iwm_nic_init(sc)) != 0) {
1973 device_printf(sc->sc_dev, "unable to init nic\n");
1977 /* make sure rfkill handshake bits are cleared */
1978 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1979 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
1980 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
1982 /* clear (again), then enable host interrupts */
1983 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1984 iwm_enable_interrupts(sc);
1986 /* really make sure rfkill handshake bits are cleared */
1987 /* maybe we should write a few times more? just to make sure */
1988 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1989 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
1991 /* Load the given image to the HW */
1992 return iwm_load_firmware(sc, ucode_type);
1996 iwm_fw_alive(struct iwm_softc *sc, uint32_t sched_base)
1998 return iwm_post_alive(sc);
2002 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2004 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2005 .valid = htole32(valid_tx_ant),
2008 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2009 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2012 /* iwlwifi: mvm/fw.c */
2014 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2016 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2017 enum iwm_ucode_type ucode_type = sc->sc_uc_current;
2019 /* Set parameters */
2020 phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config);
2021 phy_cfg_cmd.calib_control.event_trigger =
2022 sc->sc_default_calib[ucode_type].event_trigger;
2023 phy_cfg_cmd.calib_control.flow_trigger =
2024 sc->sc_default_calib[ucode_type].flow_trigger;
2026 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2027 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2028 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2029 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2033 iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc,
2034 enum iwm_ucode_type ucode_type)
2036 enum iwm_ucode_type old_type = sc->sc_uc_current;
2039 if ((error = iwm_read_firmware(sc, ucode_type)) != 0)
2042 sc->sc_uc_current = ucode_type;
2043 error = iwm_start_fw(sc, ucode_type);
2045 sc->sc_uc_current = old_type;
2049 return iwm_fw_alive(sc, sc->sched_base);
2057 * follows iwlwifi/fw.c
2060 iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm)
2064 /* do not operate with rfkill switch turned on */
2065 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2066 device_printf(sc->sc_dev,
2067 "radio is disabled by hardware switch\n");
2071 sc->sc_init_complete = 0;
2072 if ((error = iwm_mvm_load_ucode_wait_alive(sc,
2073 IWM_UCODE_TYPE_INIT)) != 0)
2077 if ((error = iwm_nvm_init(sc)) != 0) {
2078 device_printf(sc->sc_dev, "failed to read nvm\n");
2081 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->sc_nvm.hw_addr);
2083 sc->sc_scan_cmd_len = sizeof(struct iwm_scan_cmd)
2084 + sc->sc_capa_max_probe_len
2085 + IWM_MAX_NUM_SCAN_CHANNELS
2086 * sizeof(struct iwm_scan_channel);
2087 sc->sc_scan_cmd = malloc(sc->sc_scan_cmd_len, M_DEVBUF,
2089 if (sc->sc_scan_cmd == NULL)
2095 /* Send TX valid antennas before triggering calibrations */
2096 if ((error = iwm_send_tx_ant_cfg(sc, IWM_FW_VALID_TX_ANT(sc))) != 0)
2100 * Send phy configurations command to init uCode
2101 * to start the 16.0 uCode init image internal calibrations.
2103 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0 ) {
2104 device_printf(sc->sc_dev,
2105 "%s: failed to run internal calibration: %d\n",
2111 * Nothing to do but wait for the init complete notification
2114 while (!sc->sc_init_complete)
2115 if ((error = msleep(&sc->sc_init_complete, &sc->sc_mtx,
2116 0, "iwminit", 2*hz)) != 0)
2126 /* (re)stock rx ring, called at init-time and at runtime */
2128 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
2130 struct iwm_rx_ring *ring = &sc->rxq;
2131 struct iwm_rx_data *data = &ring->data[idx];
2136 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
2140 if (data->m != NULL)
2141 bus_dmamap_unload(ring->data_dmat, data->map);
2143 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
2144 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
2146 device_printf(sc->sc_dev,
2147 "%s: could not create RX buf DMA map, error %d\n",
2152 error = bus_dmamap_load(ring->data_dmat, data->map,
2153 mtod(data->m, void *), IWM_RBUF_SIZE, iwm_dma_map_addr,
2154 &paddr, BUS_DMA_NOWAIT);
2155 if (error != 0 && error != EFBIG) {
2156 device_printf(sc->sc_dev,
2157 "%s: can't not map mbuf, error %d\n", __func__,
2161 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
2163 /* Update RX descriptor. */
2164 ring->desc[idx] = htole32(paddr >> 8);
2165 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2166 BUS_DMASYNC_PREWRITE);
2173 /* iwlwifi: mvm/rx.c */
2174 #define IWM_RSSI_OFFSET 50
2176 iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
2178 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm;
2179 uint32_t agc_a, agc_b;
2182 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]);
2183 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS;
2184 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS;
2186 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]);
2187 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS;
2188 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS;
2191 * dBm = rssi dB - agc dB - constant.
2192 * Higher AGC (higher radio gain) means lower signal.
2194 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a;
2195 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b;
2196 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm);
2198 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2199 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n",
2200 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b);
2202 return max_rssi_dbm;
2205 /* iwlwifi: mvm/rx.c */
2207 * iwm_mvm_get_signal_strength - use new rx PHY INFO API
2208 * values are reported by the fw as positive values - need to negate
2209 * to obtain their dBM. Account for missing antennas by replacing 0
2210 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
2213 iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
2215 int energy_a, energy_b, energy_c, max_energy;
2218 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
2219 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
2220 IWM_RX_INFO_ENERGY_ANT_A_POS;
2221 energy_a = energy_a ? -energy_a : -256;
2222 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
2223 IWM_RX_INFO_ENERGY_ANT_B_POS;
2224 energy_b = energy_b ? -energy_b : -256;
2225 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
2226 IWM_RX_INFO_ENERGY_ANT_C_POS;
2227 energy_c = energy_c ? -energy_c : -256;
2228 max_energy = MAX(energy_a, energy_b);
2229 max_energy = MAX(max_energy, energy_c);
2231 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2232 "energy In A %d B %d C %d , and max %d\n",
2233 energy_a, energy_b, energy_c, max_energy);
2239 iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc,
2240 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2242 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
2244 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
2245 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2247 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
2251 * Retrieve the average noise (in dBm) among receivers.
2254 iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *stats)
2256 int i, total, nbant, noise;
2258 total = nbant = noise = 0;
2259 for (i = 0; i < 3; i++) {
2260 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
2267 /* There should be at least one antenna but check anyway. */
2268 return (nbant == 0) ? -127 : (total / nbant) - 107;
2272 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
2274 * Handles the actual data of the Rx packet from the fw
2277 iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc,
2278 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2280 struct ieee80211com *ic = &sc->sc_ic;
2281 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2282 struct ieee80211_frame *wh;
2283 struct ieee80211_node *ni;
2284 struct ieee80211_rx_stats rxs;
2286 struct iwm_rx_phy_info *phy_info;
2287 struct iwm_rx_mpdu_res_start *rx_res;
2289 uint32_t rx_pkt_status;
2292 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2294 phy_info = &sc->sc_last_phy_info;
2295 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
2296 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
2297 len = le16toh(rx_res->byte_count);
2298 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
2301 m->m_data = pkt->data + sizeof(*rx_res);
2302 m->m_pkthdr.len = m->m_len = len;
2304 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
2305 device_printf(sc->sc_dev,
2306 "dsp size out of range [0,20]: %d\n",
2307 phy_info->cfg_phy_cnt);
2311 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
2312 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
2313 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2314 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
2318 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) {
2319 rssi = iwm_mvm_get_signal_strength(sc, phy_info);
2321 rssi = iwm_mvm_calc_rssi(sc, phy_info);
2323 rssi = (0 - IWM_MIN_DBM) + rssi; /* normalize */
2324 rssi = MIN(rssi, sc->sc_max_rssi); /* clip to max. 100% */
2326 /* replenish ring for the buffer we're going to feed to the sharks */
2327 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
2328 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
2333 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
2335 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2336 "%s: phy_info: channel=%d, flags=0x%08x\n",
2338 le16toh(phy_info->channel),
2339 le16toh(phy_info->phy_flags));
2342 * Populate an RX state struct with the provided information.
2344 bzero(&rxs, sizeof(rxs));
2345 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
2346 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
2347 rxs.c_ieee = le16toh(phy_info->channel);
2348 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
2349 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
2351 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
2353 rxs.rssi = rssi - sc->sc_noise;
2354 rxs.nf = sc->sc_noise;
2356 if (ieee80211_radiotap_active_vap(vap)) {
2357 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
2360 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
2361 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2362 tap->wr_chan_freq = htole16(rxs.c_freq);
2363 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
2364 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2365 tap->wr_dbm_antsignal = (int8_t)rssi;
2366 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
2367 tap->wr_tsft = phy_info->system_timestamp;
2368 switch (phy_info->rate) {
2370 case 10: tap->wr_rate = 2; break;
2371 case 20: tap->wr_rate = 4; break;
2372 case 55: tap->wr_rate = 11; break;
2373 case 110: tap->wr_rate = 22; break;
2375 case 0xd: tap->wr_rate = 12; break;
2376 case 0xf: tap->wr_rate = 18; break;
2377 case 0x5: tap->wr_rate = 24; break;
2378 case 0x7: tap->wr_rate = 36; break;
2379 case 0x9: tap->wr_rate = 48; break;
2380 case 0xb: tap->wr_rate = 72; break;
2381 case 0x1: tap->wr_rate = 96; break;
2382 case 0x3: tap->wr_rate = 108; break;
2383 /* Unknown rate: should not happen. */
2384 default: tap->wr_rate = 0;
2390 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
2391 ieee80211_input_mimo(ni, m, &rxs);
2392 ieee80211_free_node(ni);
2394 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
2395 ieee80211_input_mimo_all(ic, m, &rxs);
2401 iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
2402 struct iwm_node *in)
2404 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data;
2405 struct ieee80211_node *ni = &in->in_ni;
2406 struct ieee80211vap *vap = ni->ni_vap;
2407 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
2408 int failack = tx_resp->failure_frame;
2410 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
2412 /* Update rate control statistics. */
2413 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n",
2415 (int) le16toh(tx_resp->status.status),
2416 (int) le16toh(tx_resp->status.sequence),
2417 tx_resp->frame_count,
2418 tx_resp->bt_kill_count,
2419 tx_resp->failure_rts,
2420 tx_resp->failure_frame,
2421 le32toh(tx_resp->initial_rate),
2422 (int) le16toh(tx_resp->wireless_media_time));
2424 if (status != IWM_TX_STATUS_SUCCESS &&
2425 status != IWM_TX_STATUS_DIRECT_DONE) {
2426 ieee80211_ratectl_tx_complete(vap, ni,
2427 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL);
2430 ieee80211_ratectl_tx_complete(vap, ni,
2431 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL);
2437 iwm_mvm_rx_tx_cmd(struct iwm_softc *sc,
2438 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2440 struct iwm_cmd_header *cmd_hdr = &pkt->hdr;
2441 int idx = cmd_hdr->idx;
2442 int qid = cmd_hdr->qid;
2443 struct iwm_tx_ring *ring = &sc->txq[qid];
2444 struct iwm_tx_data *txd = &ring->data[idx];
2445 struct iwm_node *in = txd->in;
2446 struct mbuf *m = txd->m;
2449 KASSERT(txd->done == 0, ("txd not done"));
2450 KASSERT(txd->in != NULL, ("txd without node"));
2451 KASSERT(txd->m != NULL, ("txd without mbuf"));
2453 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2455 sc->sc_tx_timer = 0;
2457 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in);
2459 /* Unmap and free mbuf. */
2460 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
2461 bus_dmamap_unload(ring->data_dmat, txd->map);
2463 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2464 "free txd %p, in %p\n", txd, txd->in);
2469 ieee80211_tx_complete(&in->in_ni, m, status);
2471 if (--ring->queued < IWM_TX_RING_LOMARK) {
2472 sc->qfullmsk &= ~(1 << ring->qid);
2473 if (sc->qfullmsk == 0) {
2475 * Well, we're in interrupt context, but then again
2476 * I guess net80211 does all sorts of stunts in
2477 * interrupt context, so maybe this is no biggie.
2489 * Process a "command done" firmware notification. This is where we wakeup
2490 * processes waiting for a synchronous command completion.
2494 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
2496 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE];
2497 struct iwm_tx_data *data;
2499 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) {
2500 return; /* Not a command ack. */
2503 data = &ring->data[pkt->hdr.idx];
2505 /* If the command was mapped in an mbuf, free it. */
2506 if (data->m != NULL) {
2507 bus_dmamap_sync(ring->data_dmat, data->map,
2508 BUS_DMASYNC_POSTWRITE);
2509 bus_dmamap_unload(ring->data_dmat, data->map);
2513 wakeup(&ring->desc[pkt->hdr.idx]);
2518 * necessary only for block ack mode
2521 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
2524 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
2527 scd_bc_tbl = sc->sched_dma.vaddr;
2529 len += 8; /* magic numbers came naturally from paris */
2530 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE)
2531 len = roundup(len, 4) / 4;
2533 w_val = htole16(sta_id << 12 | len);
2535 /* Update TX scheduler. */
2536 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
2537 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
2538 BUS_DMASYNC_PREWRITE);
2540 /* I really wonder what this is ?!? */
2541 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
2542 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
2543 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
2544 BUS_DMASYNC_PREWRITE);
2550 * Take an 802.11 (non-n) rate, find the relevant rate
2551 * table entry. return the index into in_ridx[].
2553 * The caller then uses that index back into in_ridx
2554 * to figure out the rate index programmed /into/
2555 * the firmware for this given node.
2558 iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in,
2564 for (i = 0; i < nitems(in->in_ridx); i++) {
2565 r = iwm_rates[in->in_ridx[i]].rate;
2569 /* XXX Return the first */
2570 /* XXX TODO: have it return the /lowest/ */
2575 * Fill in various bit for management frames, and leave them
2576 * unfilled for data frames (firmware takes care of that).
2577 * Return the selected TX rate.
2579 static const struct iwm_rate *
2580 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
2581 struct ieee80211_frame *wh, struct iwm_tx_cmd *tx)
2583 struct ieee80211com *ic = &sc->sc_ic;
2584 struct ieee80211_node *ni = &in->in_ni;
2585 const struct iwm_rate *rinfo;
2586 int type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2587 int ridx, rate_flags;
2589 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
2590 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
2593 * XXX TODO: everything about the rate selection here is terrible!
2596 if (type == IEEE80211_FC0_TYPE_DATA) {
2598 /* for data frames, use RS table */
2599 (void) ieee80211_ratectl_rate(ni, NULL, 0);
2600 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate);
2601 ridx = in->in_ridx[i];
2603 /* This is the index into the programmed table */
2604 tx->initial_rate_index = i;
2605 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
2606 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
2607 "%s: start with i=%d, txrate %d\n",
2608 __func__, i, iwm_rates[ridx].rate);
2609 /* XXX no rate_n_flags? */
2610 return &iwm_rates[ridx];
2614 * For non-data, use the lowest supported rate for the given
2617 * Note: there may not be any rate control information available.
2618 * This driver currently assumes if we're transmitting data
2619 * frames, use the rate control table. Grr.
2621 * XXX TODO: use the configured rate for the traffic type!
2623 if (ic->ic_curmode == IEEE80211_MODE_11A) {
2625 * XXX this assumes the mode is either 11a or not 11a;
2626 * definitely won't work for 11n.
2628 ridx = IWM_RIDX_OFDM;
2630 ridx = IWM_RIDX_CCK;
2633 rinfo = &iwm_rates[ridx];
2635 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
2638 !! (IWM_RIDX_IS_CCK(ridx))
2641 /* XXX TODO: hard-coded TX antenna? */
2642 rate_flags = 1 << IWM_RATE_MCS_ANT_POS;
2643 if (IWM_RIDX_IS_CCK(ridx))
2644 rate_flags |= IWM_RATE_MCS_CCK_MSK;
2645 /* XXX hard-coded tx rate */
2646 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
2653 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
2655 struct ieee80211com *ic = &sc->sc_ic;
2656 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2657 struct iwm_node *in = IWM_NODE(ni);
2658 struct iwm_tx_ring *ring;
2659 struct iwm_tx_data *data;
2660 struct iwm_tfd *desc;
2661 struct iwm_device_cmd *cmd;
2662 struct iwm_tx_cmd *tx;
2663 struct ieee80211_frame *wh;
2664 struct ieee80211_key *k = NULL;
2666 const struct iwm_rate *rinfo;
2669 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
2672 int i, totlen, error, pad;
2674 wh = mtod(m, struct ieee80211_frame *);
2675 hdrlen = ieee80211_anyhdrsize(wh);
2676 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2678 ring = &sc->txq[ac];
2679 desc = &ring->desc[ring->cur];
2680 memset(desc, 0, sizeof(*desc));
2681 data = &ring->data[ring->cur];
2683 /* Fill out iwm_tx_cmd to send to the firmware */
2684 cmd = &ring->cmd[ring->cur];
2685 cmd->hdr.code = IWM_TX_CMD;
2687 cmd->hdr.qid = ring->qid;
2688 cmd->hdr.idx = ring->cur;
2690 tx = (void *)cmd->data;
2691 memset(tx, 0, sizeof(*tx));
2693 rinfo = iwm_tx_fill_cmd(sc, in, wh, tx);
2695 /* Encrypt the frame if need be. */
2696 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2697 /* Retrieve key for TX && do software encryption. */
2698 k = ieee80211_crypto_encap(ni, m);
2703 /* 802.11 header may have moved. */
2704 wh = mtod(m, struct ieee80211_frame *);
2707 if (ieee80211_radiotap_active_vap(vap)) {
2708 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
2711 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
2712 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
2713 tap->wt_rate = rinfo->rate;
2715 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
2716 ieee80211_radiotap_tx(vap, m);
2720 totlen = m->m_pkthdr.len;
2723 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
2724 flags |= IWM_TX_CMD_FLG_ACK;
2727 if (type != IEEE80211_FC0_TYPE_DATA
2728 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold)
2729 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
2730 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
2733 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
2734 type != IEEE80211_FC0_TYPE_DATA)
2735 tx->sta_id = sc->sc_aux_sta.sta_id;
2737 tx->sta_id = IWM_STATION_ID;
2739 if (type == IEEE80211_FC0_TYPE_MGT) {
2740 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
2742 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
2743 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
2744 tx->pm_frame_timeout = htole16(3);
2746 tx->pm_frame_timeout = htole16(2);
2748 tx->pm_frame_timeout = htole16(0);
2752 /* First segment length must be a multiple of 4. */
2753 flags |= IWM_TX_CMD_FLG_MH_PAD;
2754 pad = 4 - (hdrlen & 3);
2758 tx->driver_txop = 0;
2759 tx->next_frame_len = 0;
2761 tx->len = htole16(totlen);
2762 tx->tid_tspec = tid;
2763 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
2765 /* Set physical address of "scratch area". */
2766 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
2767 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
2769 /* Copy 802.11 header in TX command. */
2770 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen);
2772 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
2775 tx->tx_flags |= htole32(flags);
2777 /* Trim 802.11 header. */
2779 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
2780 segs, &nsegs, BUS_DMA_NOWAIT);
2782 if (error != EFBIG) {
2783 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
2788 /* Too many DMA segments, linearize mbuf. */
2789 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2);
2791 device_printf(sc->sc_dev,
2792 "%s: could not defrag mbuf\n", __func__);
2798 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
2799 segs, &nsegs, BUS_DMA_NOWAIT);
2801 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
2811 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2812 "sending txd %p, in %p\n", data, data->in);
2813 KASSERT(data->in != NULL, ("node is NULL"));
2815 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2816 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%d\n",
2817 ring->qid, ring->cur, totlen, nsegs,
2818 le32toh(tx->tx_flags),
2819 le32toh(tx->rate_n_flags),
2820 (int) tx->initial_rate_index
2823 /* Fill TX descriptor. */
2824 desc->num_tbs = 2 + nsegs;
2826 desc->tbs[0].lo = htole32(data->cmd_paddr);
2827 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
2829 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
2830 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
2831 ((sizeof(struct iwm_cmd_header) + sizeof(*tx)
2832 + hdrlen + pad - TB0_SIZE) << 4);
2834 /* Other DMA segments are for data payload. */
2835 for (i = 0; i < nsegs; i++) {
2837 desc->tbs[i+2].lo = htole32(seg->ds_addr);
2838 desc->tbs[i+2].hi_n_len = \
2839 htole16(iwm_get_dma_hi_addr(seg->ds_addr))
2840 | ((seg->ds_len) << 4);
2843 bus_dmamap_sync(ring->data_dmat, data->map,
2844 BUS_DMASYNC_PREWRITE);
2845 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
2846 BUS_DMASYNC_PREWRITE);
2847 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2848 BUS_DMASYNC_PREWRITE);
2851 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
2855 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
2856 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
2858 /* Mark TX ring as full if we reach a certain threshold. */
2859 if (++ring->queued > IWM_TX_RING_HIMARK) {
2860 sc->qfullmsk |= 1 << ring->qid;
2867 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2868 const struct ieee80211_bpf_params *params)
2870 struct ieee80211com *ic = ni->ni_ic;
2871 struct iwm_softc *sc = ic->ic_softc;
2874 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2875 "->%s begin\n", __func__);
2877 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
2879 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
2880 "<-%s not RUNNING\n", __func__);
2886 if (params == NULL) {
2887 error = iwm_tx(sc, m, ni, 0);
2889 error = iwm_tx(sc, m, ni, 0);
2891 sc->sc_tx_timer = 5;
2903 * Note that there are transports that buffer frames before they reach
2904 * the firmware. This means that after flush_tx_path is called, the
2905 * queue might not be empty. The race-free way to handle this is to:
2906 * 1) set the station as draining
2907 * 2) flush the Tx path
2908 * 3) wait for the transport queues to be empty
2911 iwm_mvm_flush_tx_path(struct iwm_softc *sc, int tfd_msk, int sync)
2913 struct iwm_tx_path_flush_cmd flush_cmd = {
2914 .queues_ctl = htole32(tfd_msk),
2915 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
2919 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH,
2920 sync ? IWM_CMD_SYNC : IWM_CMD_ASYNC,
2921 sizeof(flush_cmd), &flush_cmd);
2923 device_printf(sc->sc_dev,
2924 "Flushing tx queue failed: %d\n", ret);
2934 iwm_mvm_add_sta_cmd_v6_to_v5(struct iwm_mvm_add_sta_cmd_v6 *cmd_v6,
2935 struct iwm_mvm_add_sta_cmd_v5 *cmd_v5)
2937 memset(cmd_v5, 0, sizeof(*cmd_v5));
2939 cmd_v5->add_modify = cmd_v6->add_modify;
2940 cmd_v5->tid_disable_tx = cmd_v6->tid_disable_tx;
2941 cmd_v5->mac_id_n_color = cmd_v6->mac_id_n_color;
2942 IEEE80211_ADDR_COPY(cmd_v5->addr, cmd_v6->addr);
2943 cmd_v5->sta_id = cmd_v6->sta_id;
2944 cmd_v5->modify_mask = cmd_v6->modify_mask;
2945 cmd_v5->station_flags = cmd_v6->station_flags;
2946 cmd_v5->station_flags_msk = cmd_v6->station_flags_msk;
2947 cmd_v5->add_immediate_ba_tid = cmd_v6->add_immediate_ba_tid;
2948 cmd_v5->remove_immediate_ba_tid = cmd_v6->remove_immediate_ba_tid;
2949 cmd_v5->add_immediate_ba_ssn = cmd_v6->add_immediate_ba_ssn;
2950 cmd_v5->sleep_tx_count = cmd_v6->sleep_tx_count;
2951 cmd_v5->sleep_state_flags = cmd_v6->sleep_state_flags;
2952 cmd_v5->assoc_id = cmd_v6->assoc_id;
2953 cmd_v5->beamform_flags = cmd_v6->beamform_flags;
2954 cmd_v5->tfd_queue_msk = cmd_v6->tfd_queue_msk;
2958 iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc,
2959 struct iwm_mvm_add_sta_cmd_v6 *cmd, int *status)
2961 struct iwm_mvm_add_sta_cmd_v5 cmd_v5;
2963 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_STA_KEY_CMD) {
2964 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA,
2965 sizeof(*cmd), cmd, status);
2968 iwm_mvm_add_sta_cmd_v6_to_v5(cmd, &cmd_v5);
2970 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(cmd_v5),
2974 /* send station add/update command to firmware */
2976 iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update)
2978 struct iwm_mvm_add_sta_cmd_v6 add_sta_cmd;
2982 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd));
2984 add_sta_cmd.sta_id = IWM_STATION_ID;
2985 add_sta_cmd.mac_id_n_color
2986 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID,
2987 IWM_DEFAULT_COLOR));
2989 add_sta_cmd.tfd_queue_msk = htole32(0xf);
2990 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid);
2992 add_sta_cmd.add_modify = update ? 1 : 0;
2993 add_sta_cmd.station_flags_msk
2994 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK);
2996 status = IWM_ADD_STA_SUCCESS;
2997 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status);
3002 case IWM_ADD_STA_SUCCESS:
3006 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n");
3014 iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in)
3018 ret = iwm_mvm_sta_send_to_fw(sc, in, 0);
3026 iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in)
3028 return iwm_mvm_sta_send_to_fw(sc, in, 1);
3032 iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta,
3033 const uint8_t *addr, uint16_t mac_id, uint16_t color)
3035 struct iwm_mvm_add_sta_cmd_v6 cmd;
3039 memset(&cmd, 0, sizeof(cmd));
3040 cmd.sta_id = sta->sta_id;
3041 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color));
3043 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk);
3046 IEEE80211_ADDR_COPY(cmd.addr, addr);
3048 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status);
3053 case IWM_ADD_STA_SUCCESS:
3054 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
3055 "%s: Internal station added.\n", __func__);
3058 device_printf(sc->sc_dev,
3059 "%s: Add internal station failed, status=0x%x\n",
3068 iwm_mvm_add_aux_sta(struct iwm_softc *sc)
3072 sc->sc_aux_sta.sta_id = 3;
3073 sc->sc_aux_sta.tfd_queue_msk = 0;
3075 ret = iwm_mvm_add_int_sta_common(sc,
3076 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0);
3079 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta));
3092 iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in)
3094 struct iwm_time_quota_cmd cmd;
3095 int i, idx, ret, num_active_macs, quota, quota_rem;
3096 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
3097 int n_ifs[IWM_MAX_BINDINGS] = {0, };
3100 memset(&cmd, 0, sizeof(cmd));
3102 /* currently, PHY ID == binding ID */
3104 id = in->in_phyctxt->id;
3105 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
3106 colors[id] = in->in_phyctxt->color;
3113 * The FW's scheduling session consists of
3114 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments
3115 * equally between all the bindings that require quota
3117 num_active_macs = 0;
3118 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
3119 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
3120 num_active_macs += n_ifs[i];
3125 if (num_active_macs) {
3126 quota = IWM_MVM_MAX_QUOTA / num_active_macs;
3127 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs;
3130 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
3134 cmd.quotas[idx].id_and_color =
3135 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
3137 if (n_ifs[i] <= 0) {
3138 cmd.quotas[idx].quota = htole32(0);
3139 cmd.quotas[idx].max_duration = htole32(0);
3141 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
3142 cmd.quotas[idx].max_duration = htole32(0);
3147 /* Give the remainder of the session to the first binding */
3148 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
3150 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
3153 device_printf(sc->sc_dev,
3154 "%s: Failed to send quota: %d\n", __func__, ret);
3163 * ieee80211 routines
3167 * Change to AUTH state in 80211 state machine. Roughly matches what
3168 * Linux does in bss_info_changed().
3171 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
3173 struct ieee80211_node *ni;
3174 struct iwm_node *in;
3175 struct iwm_vap *iv = IWM_VAP(vap);
3180 * XXX i have a feeling that the vap node is being
3181 * freed from underneath us. Grr.
3183 ni = ieee80211_ref_node(vap->iv_bss);
3185 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
3186 "%s: called; vap=%p, bss ni=%p\n",
3193 error = iwm_allow_mcast(vap, sc);
3195 device_printf(sc->sc_dev,
3196 "%s: failed to set multicast\n", __func__);
3201 * This is where it deviates from what Linux does.
3203 * Linux iwlwifi doesn't reset the nic each time, nor does it
3204 * call ctxt_add() here. Instead, it adds it during vap creation,
3205 * and always does does a mac_ctx_changed().
3207 * The openbsd port doesn't attempt to do that - it reset things
3208 * at odd states and does the add here.
3210 * So, until the state handling is fixed (ie, we never reset
3211 * the NIC except for a firmware failure, which should drag
3212 * the NIC back to IDLE, re-setup and re-add all the mac/phy
3213 * contexts that are required), let's do a dirty hack here.
3215 if (iv->is_uploaded) {
3216 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
3217 device_printf(sc->sc_dev,
3218 "%s: failed to update MAC\n", __func__);
3221 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
3222 in->in_ni.ni_chan, 1, 1)) != 0) {
3223 device_printf(sc->sc_dev,
3224 "%s: failed update phy ctxt\n", __func__);
3227 in->in_phyctxt = &sc->sc_phyctxt[0];
3229 if ((error = iwm_mvm_binding_update(sc, in)) != 0) {
3230 device_printf(sc->sc_dev,
3231 "%s: binding update cmd\n", __func__);
3234 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
3235 device_printf(sc->sc_dev,
3236 "%s: failed to update sta\n", __func__);
3240 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) {
3241 device_printf(sc->sc_dev,
3242 "%s: failed to add MAC\n", __func__);
3245 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
3246 in->in_ni.ni_chan, 1, 1)) != 0) {
3247 device_printf(sc->sc_dev,
3248 "%s: failed add phy ctxt!\n", __func__);
3252 in->in_phyctxt = &sc->sc_phyctxt[0];
3254 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) {
3255 device_printf(sc->sc_dev,
3256 "%s: binding add cmd\n", __func__);
3259 if ((error = iwm_mvm_add_sta(sc, in)) != 0) {
3260 device_printf(sc->sc_dev,
3261 "%s: failed to add sta\n", __func__);
3267 * Prevent the FW from wandering off channel during association
3268 * by "protecting" the session with a time event.
3270 /* XXX duration is in units of TU, not MS */
3271 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS;
3272 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */);
3277 ieee80211_free_node(ni);
3282 iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc)
3284 struct iwm_node *in = IWM_NODE(vap->iv_bss);
3287 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
3288 device_printf(sc->sc_dev,
3289 "%s: failed to update STA\n", __func__);
3294 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
3295 device_printf(sc->sc_dev,
3296 "%s: failed to update MAC\n", __func__);
3304 iwm_release(struct iwm_softc *sc, struct iwm_node *in)
3307 * Ok, so *technically* the proper set of calls for going
3308 * from RUN back to SCAN is:
3310 * iwm_mvm_power_mac_disable(sc, in);
3311 * iwm_mvm_mac_ctxt_changed(sc, in);
3312 * iwm_mvm_rm_sta(sc, in);
3313 * iwm_mvm_update_quotas(sc, NULL);
3314 * iwm_mvm_mac_ctxt_changed(sc, in);
3315 * iwm_mvm_binding_remove_vif(sc, in);
3316 * iwm_mvm_mac_ctxt_remove(sc, in);
3318 * However, that freezes the device not matter which permutations
3319 * and modifications are attempted. Obviously, this driver is missing
3320 * something since it works in the Linux driver, but figuring out what
3321 * is missing is a little more complicated. Now, since we're going
3322 * back to nothing anyway, we'll just do a complete device reset.
3323 * Up your's, device!
3325 //iwm_mvm_flush_tx_path(sc, 0xf, 1);
3326 iwm_stop_device(sc);
3335 iwm_mvm_power_mac_disable(sc, in);
3337 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
3338 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error);
3342 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) {
3343 device_printf(sc->sc_dev, "sta remove fail %d\n", error);
3346 error = iwm_mvm_rm_sta(sc, in);
3348 iwm_mvm_update_quotas(sc, NULL);
3349 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
3350 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error);
3353 iwm_mvm_binding_remove_vif(sc, in);
3355 iwm_mvm_mac_ctxt_remove(sc, in);
3361 static struct ieee80211_node *
3362 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
3364 return malloc(sizeof (struct iwm_node), M_80211_NODE,
3369 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in)
3371 struct ieee80211_node *ni = &in->in_ni;
3372 struct iwm_lq_cmd *lq = &in->in_lq;
3373 int nrates = ni->ni_rates.rs_nrates;
3374 int i, ridx, tab = 0;
3377 if (nrates > nitems(lq->rs_table)) {
3378 device_printf(sc->sc_dev,
3379 "%s: node supports %d rates, driver handles "
3380 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
3384 device_printf(sc->sc_dev,
3385 "%s: node supports 0 rates, odd!\n", __func__);
3390 * XXX .. and most of iwm_node is not initialised explicitly;
3391 * it's all just 0x0 passed to the firmware.
3394 /* first figure out which rates we should support */
3395 /* XXX TODO: this isn't 11n aware /at all/ */
3396 memset(&in->in_ridx, -1, sizeof(in->in_ridx));
3397 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3398 "%s: nrates=%d\n", __func__, nrates);
3401 * Loop over nrates and populate in_ridx from the highest
3402 * rate to the lowest rate. Remember, in_ridx[] has
3403 * IEEE80211_RATE_MAXSIZE entries!
3405 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) {
3406 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL;
3408 /* Map 802.11 rate to HW rate index. */
3409 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++)
3410 if (iwm_rates[ridx].rate == rate)
3412 if (ridx > IWM_RIDX_MAX) {
3413 device_printf(sc->sc_dev,
3414 "%s: WARNING: device rate for %d not found!\n",
3417 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3418 "%s: rate: i: %d, rate=%d, ridx=%d\n",
3423 in->in_ridx[i] = ridx;
3427 /* then construct a lq_cmd based on those */
3428 memset(lq, 0, sizeof(*lq));
3429 lq->sta_id = IWM_STATION_ID;
3432 * are these used? (we don't do SISO or MIMO)
3433 * need to set them to non-zero, though, or we get an error.
3435 lq->single_stream_ant_msk = 1;
3436 lq->dual_stream_ant_msk = 1;
3439 * Build the actual rate selection table.
3440 * The lowest bits are the rates. Additionally,
3441 * CCK needs bit 9 to be set. The rest of the bits
3442 * we add to the table select the tx antenna
3443 * Note that we add the rates in the highest rate first
3444 * (opposite of ni_rates).
3447 * XXX TODO: this should be looping over the min of nrates
3448 * and LQ_MAX_RETRY_NUM. Sigh.
3450 for (i = 0; i < nrates; i++) {
3454 txant = IWM_FW_VALID_TX_ANT(sc);
3455 nextant = 1<<(ffs(txant)-1);
3459 * Map the rate id into a rate index into
3460 * our hardware table containing the
3461 * configuration to use for this rate.
3463 ridx = in->in_ridx[i];
3464 tab = iwm_rates[ridx].plcp;
3465 tab |= nextant << IWM_RATE_MCS_ANT_POS;
3466 if (IWM_RIDX_IS_CCK(ridx))
3467 tab |= IWM_RATE_MCS_CCK_MSK;
3468 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3469 "station rate i=%d, rate=%d, hw=%x\n",
3470 i, iwm_rates[ridx].rate, tab);
3471 lq->rs_table[i] = htole32(tab);
3473 /* then fill the rest with the lowest possible rate */
3474 for (i = nrates; i < nitems(lq->rs_table); i++) {
3475 KASSERT(tab != 0, ("invalid tab"));
3476 lq->rs_table[i] = htole32(tab);
3481 iwm_media_change(struct ifnet *ifp)
3483 struct ieee80211vap *vap = ifp->if_softc;
3484 struct ieee80211com *ic = vap->iv_ic;
3485 struct iwm_softc *sc = ic->ic_softc;
3488 error = ieee80211_media_change(ifp);
3489 if (error != ENETRESET)
3493 if (ic->ic_nrunning > 0) {
3503 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3505 struct iwm_vap *ivp = IWM_VAP(vap);
3506 struct ieee80211com *ic = vap->iv_ic;
3507 struct iwm_softc *sc = ic->ic_softc;
3508 struct iwm_node *in;
3511 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
3512 "switching state %s -> %s\n",
3513 ieee80211_state_name[vap->iv_state],
3514 ieee80211_state_name[nstate]);
3515 IEEE80211_UNLOCK(ic);
3517 /* disable beacon filtering if we're hopping out of RUN */
3518 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) {
3519 iwm_mvm_disable_beacon_filter(sc);
3521 if (((in = IWM_NODE(vap->iv_bss)) != NULL))
3524 iwm_release(sc, NULL);
3527 * It's impossible to directly go RUN->SCAN. If we iwm_release()
3528 * above then the card will be completely reinitialized,
3529 * so the driver must do everything necessary to bring the card
3530 * from INIT to SCAN.
3532 * Additionally, upon receiving deauth frame from AP,
3533 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH
3534 * state. This will also fail with this driver, so bring the FSM
3535 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well.
3537 * XXX TODO: fix this for FreeBSD!
3539 if (nstate == IEEE80211_S_SCAN ||
3540 nstate == IEEE80211_S_AUTH ||
3541 nstate == IEEE80211_S_ASSOC) {
3542 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
3543 "Force transition to INIT; MGT=%d\n", arg);
3546 vap->iv_newstate(vap, IEEE80211_S_INIT, arg);
3547 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
3548 "Going INIT->SCAN\n");
3549 nstate = IEEE80211_S_SCAN;
3550 IEEE80211_UNLOCK(ic);
3556 case IEEE80211_S_INIT:
3557 sc->sc_scanband = 0;
3560 case IEEE80211_S_AUTH:
3561 if ((error = iwm_auth(vap, sc)) != 0) {
3562 device_printf(sc->sc_dev,
3563 "%s: could not move to auth state: %d\n",
3569 case IEEE80211_S_ASSOC:
3570 if ((error = iwm_assoc(vap, sc)) != 0) {
3571 device_printf(sc->sc_dev,
3572 "%s: failed to associate: %d\n", __func__,
3578 case IEEE80211_S_RUN:
3580 struct iwm_host_cmd cmd = {
3582 .len = { sizeof(in->in_lq), },
3583 .flags = IWM_CMD_SYNC,
3586 /* Update the association state, now we have it all */
3587 /* (eg associd comes in at this point */
3588 error = iwm_assoc(vap, sc);
3590 device_printf(sc->sc_dev,
3591 "%s: failed to update association state: %d\n",
3597 in = IWM_NODE(vap->iv_bss);
3598 iwm_mvm_power_mac_update_mode(sc, in);
3599 iwm_mvm_enable_beacon_filter(sc, in);
3600 iwm_mvm_update_quotas(sc, in);
3601 iwm_setrates(sc, in);
3603 cmd.data[0] = &in->in_lq;
3604 if ((error = iwm_send_cmd(sc, &cmd)) != 0) {
3605 device_printf(sc->sc_dev,
3606 "%s: IWM_LQ_CMD failed\n", __func__);
3618 return (ivp->iv_newstate(vap, nstate, arg));
3622 iwm_endscan_cb(void *arg, int pending)
3624 struct iwm_softc *sc = arg;
3625 struct ieee80211com *ic = &sc->sc_ic;
3629 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
3634 if (sc->sc_scanband == IEEE80211_CHAN_2GHZ &&
3635 sc->sc_nvm.sku_cap_band_52GHz_enable) {
3637 if ((error = iwm_mvm_scan_request(sc,
3638 IEEE80211_CHAN_5GHZ, 0, NULL, 0)) != 0) {
3639 device_printf(sc->sc_dev, "could not initiate scan\n");
3648 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
3650 sc->sc_scanband = 0;
3656 iwm_init_hw(struct iwm_softc *sc)
3658 struct ieee80211com *ic = &sc->sc_ic;
3661 if ((error = iwm_start_hw(sc)) != 0)
3664 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) {
3669 * should stop and start HW since that INIT
3672 iwm_stop_device(sc);
3673 if ((error = iwm_start_hw(sc)) != 0) {
3674 device_printf(sc->sc_dev, "could not initialize hardware\n");
3678 /* omstart, this time with the regular firmware */
3679 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR);
3681 device_printf(sc->sc_dev, "could not load firmware\n");
3685 if ((error = iwm_send_tx_ant_cfg(sc, IWM_FW_VALID_TX_ANT(sc))) != 0)
3688 /* Send phy db control command and then phy db calibration*/
3689 if ((error = iwm_send_phy_db_data(sc)) != 0)
3692 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0)
3695 /* Add auxiliary station for scanning */
3696 if ((error = iwm_mvm_add_aux_sta(sc)) != 0)
3699 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
3701 * The channel used here isn't relevant as it's
3702 * going to be overwritten in the other flows.
3703 * For now use the first channel we have.
3705 if ((error = iwm_mvm_phy_ctxt_add(sc,
3706 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
3710 error = iwm_mvm_power_update_device(sc);
3714 /* Mark TX rings as active. */
3715 for (qid = 0; qid < 4; qid++) {
3716 iwm_enable_txq(sc, qid, qid);
3722 iwm_stop_device(sc);
3726 /* Allow multicast from our BSSID. */
3728 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
3730 struct ieee80211_node *ni = vap->iv_bss;
3731 struct iwm_mcast_filter_cmd *cmd;
3735 size = roundup(sizeof(*cmd), 4);
3736 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
3739 cmd->filter_own = 1;
3743 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
3745 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
3746 IWM_CMD_SYNC, size, cmd);
3747 free(cmd, M_DEVBUF);
3753 iwm_init(struct iwm_softc *sc)
3757 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
3760 sc->sc_generation++;
3761 sc->sc_flags &= ~IWM_FLAG_STOPPED;
3763 if ((error = iwm_init_hw(sc)) != 0) {
3769 * Ok, firmware loaded and we are jogging
3771 sc->sc_flags |= IWM_FLAG_HW_INITED;
3772 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
3776 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
3778 struct iwm_softc *sc;
3784 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
3788 error = mbufq_enqueue(&sc->sc_snd, m);
3799 * Dequeue packets from sendq and call send.
3802 iwm_start(struct iwm_softc *sc)
3804 struct ieee80211_node *ni;
3808 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
3809 while (sc->qfullmsk == 0 &&
3810 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3811 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3812 if (iwm_tx(sc, m, ni, ac) != 0) {
3813 if_inc_counter(ni->ni_vap->iv_ifp,
3814 IFCOUNTER_OERRORS, 1);
3815 ieee80211_free_node(ni);
3818 sc->sc_tx_timer = 15;
3820 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
3824 iwm_stop(struct iwm_softc *sc)
3827 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
3828 sc->sc_flags |= IWM_FLAG_STOPPED;
3829 sc->sc_generation++;
3830 sc->sc_scanband = 0;
3831 sc->sc_auth_prot = 0;
3832 sc->sc_tx_timer = 0;
3833 iwm_stop_device(sc);
3837 iwm_watchdog(void *arg)
3839 struct iwm_softc *sc = arg;
3841 if (sc->sc_tx_timer > 0) {
3842 if (--sc->sc_tx_timer == 0) {
3843 device_printf(sc->sc_dev, "device timeout\n");
3848 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
3852 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
3856 iwm_parent(struct ieee80211com *ic)
3858 struct iwm_softc *sc = ic->ic_softc;
3862 if (ic->ic_nrunning > 0) {
3863 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
3867 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
3871 ieee80211_start_all(ic);
3875 * The interrupt side of things
3879 * error dumping routines are from iwlwifi/mvm/utils.c
3883 * Note: This structure is read from the device with IO accesses,
3884 * and the reading already does the endian conversion. As it is
3885 * read with uint32_t-sized accesses, any members with a different size
3886 * need to be ordered correctly though!
3888 struct iwm_error_event_table {
3889 uint32_t valid; /* (nonzero) valid, (0) log is empty */
3890 uint32_t error_id; /* type of error */
3891 uint32_t pc; /* program counter */
3892 uint32_t blink1; /* branch link */
3893 uint32_t blink2; /* branch link */
3894 uint32_t ilink1; /* interrupt link */
3895 uint32_t ilink2; /* interrupt link */
3896 uint32_t data1; /* error-specific data */
3897 uint32_t data2; /* error-specific data */
3898 uint32_t data3; /* error-specific data */
3899 uint32_t bcon_time; /* beacon timer */
3900 uint32_t tsf_low; /* network timestamp function timer */
3901 uint32_t tsf_hi; /* network timestamp function timer */
3902 uint32_t gp1; /* GP1 timer register */
3903 uint32_t gp2; /* GP2 timer register */
3904 uint32_t gp3; /* GP3 timer register */
3905 uint32_t ucode_ver; /* uCode version */
3906 uint32_t hw_ver; /* HW Silicon version */
3907 uint32_t brd_ver; /* HW board version */
3908 uint32_t log_pc; /* log program counter */
3909 uint32_t frame_ptr; /* frame pointer */
3910 uint32_t stack_ptr; /* stack pointer */
3911 uint32_t hcmd; /* last host command header */
3912 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
3914 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
3916 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
3918 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
3920 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
3922 uint32_t isr_pref; /* isr status register LMPM_NIC_PREF_STAT */
3923 uint32_t wait_event; /* wait event() caller address */
3924 uint32_t l2p_control; /* L2pControlField */
3925 uint32_t l2p_duration; /* L2pDurationField */
3926 uint32_t l2p_mhvalid; /* L2pMhValidBits */
3927 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
3928 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
3930 uint32_t u_timestamp; /* indicate when the date and time of the
3932 uint32_t flow_handler; /* FH read/write pointers, RX credit */
3935 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
3936 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
3942 } advanced_lookup[] = {
3943 { "NMI_INTERRUPT_WDG", 0x34 },
3944 { "SYSASSERT", 0x35 },
3945 { "UCODE_VERSION_MISMATCH", 0x37 },
3946 { "BAD_COMMAND", 0x38 },
3947 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
3948 { "FATAL_ERROR", 0x3D },
3949 { "NMI_TRM_HW_ERR", 0x46 },
3950 { "NMI_INTERRUPT_TRM", 0x4C },
3951 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
3952 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
3953 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
3954 { "NMI_INTERRUPT_HOST", 0x66 },
3955 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
3956 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
3957 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
3958 { "ADVANCED_SYSASSERT", 0 },
3962 iwm_desc_lookup(uint32_t num)
3966 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
3967 if (advanced_lookup[i].num == num)
3968 return advanced_lookup[i].name;
3970 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
3971 return advanced_lookup[i].name;
3975 * Support for dumping the error log seemed like a good idea ...
3976 * but it's mostly hex junk and the only sensible thing is the
3977 * hw/ucode revision (which we know anyway). Since it's here,
3978 * I'll just leave it in, just in case e.g. the Intel guys want to
3979 * help us decipher some "ADVANCED_SYSASSERT" later.
3982 iwm_nic_error(struct iwm_softc *sc)
3984 struct iwm_error_event_table table;
3987 device_printf(sc->sc_dev, "dumping device error log\n");
3988 base = sc->sc_uc.uc_error_event_table;
3989 if (base < 0x800000 || base >= 0x80C000) {
3990 device_printf(sc->sc_dev,
3991 "Not valid error log pointer 0x%08x\n", base);
3995 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t)) != 0) {
3996 device_printf(sc->sc_dev, "reading errlog failed\n");
4001 device_printf(sc->sc_dev, "errlog not found, skipping\n");
4005 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
4006 device_printf(sc->sc_dev, "Start IWL Error Log Dump:\n");
4007 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
4008 sc->sc_flags, table.valid);
4011 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
4012 iwm_desc_lookup(table.error_id));
4013 device_printf(sc->sc_dev, "%08X | uPc\n", table.pc);
4014 device_printf(sc->sc_dev, "%08X | branchlink1\n", table.blink1);
4015 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
4016 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
4017 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
4018 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
4019 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
4020 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
4021 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
4022 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
4023 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
4024 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
4025 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
4026 device_printf(sc->sc_dev, "%08X | time gp3\n", table.gp3);
4027 device_printf(sc->sc_dev, "%08X | uCode version\n", table.ucode_ver);
4028 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
4029 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
4030 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
4031 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
4032 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
4033 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
4034 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
4035 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
4036 device_printf(sc->sc_dev, "%08X | isr_pref\n", table.isr_pref);
4037 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
4038 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
4039 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
4040 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
4041 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
4042 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
4043 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
4044 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
4048 #define SYNC_RESP_STRUCT(_var_, _pkt_) \
4050 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\
4051 _var_ = (void *)((_pkt_)+1); \
4052 } while (/*CONSTCOND*/0)
4054 #define SYNC_RESP_PTR(_ptr_, _len_, _pkt_) \
4056 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\
4057 _ptr_ = (void *)((_pkt_)+1); \
4058 } while (/*CONSTCOND*/0)
4060 #define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT);
4063 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
4064 * Basic structure from if_iwn
4067 iwm_notif_intr(struct iwm_softc *sc)
4071 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
4072 BUS_DMASYNC_POSTREAD);
4074 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
4075 while (sc->rxq.cur != hw) {
4076 struct iwm_rx_ring *ring = &sc->rxq;
4077 struct iwm_rx_data *data = &sc->rxq.data[sc->rxq.cur];
4078 struct iwm_rx_packet *pkt;
4079 struct iwm_cmd_response *cresp;
4082 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
4083 BUS_DMASYNC_POSTREAD);
4084 pkt = mtod(data->m, struct iwm_rx_packet *);
4086 qid = pkt->hdr.qid & ~0x80;
4089 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
4090 "rx packet qid=%d idx=%d flags=%x type=%x %d %d\n",
4091 pkt->hdr.qid & ~0x80, pkt->hdr.idx, pkt->hdr.flags,
4092 pkt->hdr.code, sc->rxq.cur, hw);
4095 * randomly get these from the firmware, no idea why.
4096 * they at least seem harmless, so just ignore them for now
4098 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0)
4099 || pkt->len_n_flags == htole32(0x55550000))) {
4104 switch (pkt->hdr.code) {
4105 case IWM_REPLY_RX_PHY_CMD:
4106 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data);
4109 case IWM_REPLY_RX_MPDU_CMD:
4110 iwm_mvm_rx_rx_mpdu(sc, pkt, data);
4114 iwm_mvm_rx_tx_cmd(sc, pkt, data);
4117 case IWM_MISSED_BEACONS_NOTIFICATION: {
4118 struct iwm_missed_beacons_notif *resp;
4121 /* XXX look at mac_id to determine interface ID */
4122 struct ieee80211com *ic = &sc->sc_ic;
4123 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4125 SYNC_RESP_STRUCT(resp, pkt);
4126 missed = le32toh(resp->consec_missed_beacons);
4128 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
4129 "%s: MISSED_BEACON: mac_id=%d, "
4130 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
4133 le32toh(resp->mac_id),
4134 le32toh(resp->consec_missed_beacons_since_last_rx),
4135 le32toh(resp->consec_missed_beacons),
4136 le32toh(resp->num_expected_beacons),
4137 le32toh(resp->num_recvd_beacons));
4143 /* XXX no net80211 locking? */
4144 if (vap->iv_state == IEEE80211_S_RUN &&
4145 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
4146 if (missed > vap->iv_bmissthreshold) {
4147 /* XXX bad locking; turn into task */
4149 ieee80211_beacon_miss(ic);
4156 case IWM_MVM_ALIVE: {
4157 struct iwm_mvm_alive_resp *resp;
4158 SYNC_RESP_STRUCT(resp, pkt);
4160 sc->sc_uc.uc_error_event_table
4161 = le32toh(resp->error_event_table_ptr);
4162 sc->sc_uc.uc_log_event_table
4163 = le32toh(resp->log_event_table_ptr);
4164 sc->sched_base = le32toh(resp->scd_base_ptr);
4165 sc->sc_uc.uc_ok = resp->status == IWM_ALIVE_STATUS_OK;
4167 sc->sc_uc.uc_intr = 1;
4171 case IWM_CALIB_RES_NOTIF_PHY_DB: {
4172 struct iwm_calib_res_notif_phy_db *phy_db_notif;
4173 SYNC_RESP_STRUCT(phy_db_notif, pkt);
4175 iwm_phy_db_set_section(sc, phy_db_notif);
4179 case IWM_STATISTICS_NOTIFICATION: {
4180 struct iwm_notif_statistics *stats;
4181 SYNC_RESP_STRUCT(stats, pkt);
4182 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
4183 sc->sc_noise = iwm_get_noise(&stats->rx.general);
4186 case IWM_NVM_ACCESS_CMD:
4187 if (sc->sc_wantresp == ((qid << 16) | idx)) {
4188 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
4189 BUS_DMASYNC_POSTREAD);
4190 memcpy(sc->sc_cmd_resp,
4191 pkt, sizeof(sc->sc_cmd_resp));
4195 case IWM_PHY_CONFIGURATION_CMD:
4196 case IWM_TX_ANT_CONFIGURATION_CMD:
4198 case IWM_MAC_CONTEXT_CMD:
4199 case IWM_REPLY_SF_CFG_CMD:
4200 case IWM_POWER_TABLE_CMD:
4201 case IWM_PHY_CONTEXT_CMD:
4202 case IWM_BINDING_CONTEXT_CMD:
4203 case IWM_TIME_EVENT_CMD:
4204 case IWM_SCAN_REQUEST_CMD:
4205 case IWM_REPLY_BEACON_FILTERING_CMD:
4206 case IWM_MAC_PM_POWER_TABLE:
4207 case IWM_TIME_QUOTA_CMD:
4208 case IWM_REMOVE_STA:
4209 case IWM_TXPATH_FLUSH:
4211 SYNC_RESP_STRUCT(cresp, pkt);
4212 if (sc->sc_wantresp == ((qid << 16) | idx)) {
4213 memcpy(sc->sc_cmd_resp,
4214 pkt, sizeof(*pkt)+sizeof(*cresp));
4219 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */
4222 case IWM_INIT_COMPLETE_NOTIF:
4223 sc->sc_init_complete = 1;
4224 wakeup(&sc->sc_init_complete);
4227 case IWM_SCAN_COMPLETE_NOTIFICATION: {
4228 struct iwm_scan_complete_notif *notif;
4229 SYNC_RESP_STRUCT(notif, pkt);
4230 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task);
4233 case IWM_REPLY_ERROR: {
4234 struct iwm_error_resp *resp;
4235 SYNC_RESP_STRUCT(resp, pkt);
4237 device_printf(sc->sc_dev,
4238 "firmware error 0x%x, cmd 0x%x\n",
4239 le32toh(resp->error_type),
4243 case IWM_TIME_EVENT_NOTIFICATION: {
4244 struct iwm_time_event_notif *notif;
4245 SYNC_RESP_STRUCT(notif, pkt);
4247 if (notif->status) {
4248 if (le32toh(notif->action) &
4249 IWM_TE_V2_NOTIF_HOST_EVENT_START)
4250 sc->sc_auth_prot = 2;
4252 sc->sc_auth_prot = 0;
4254 sc->sc_auth_prot = -1;
4256 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
4257 "%s: time event notification auth_prot=%d\n",
4258 __func__, sc->sc_auth_prot);
4260 wakeup(&sc->sc_auth_prot);
4263 case IWM_MCAST_FILTER_CMD:
4267 device_printf(sc->sc_dev,
4268 "frame %d/%d %x UNHANDLED (this should "
4269 "not happen)\n", qid, idx,
4275 * Why test bit 0x80? The Linux driver:
4277 * There is one exception: uCode sets bit 15 when it
4278 * originates the response/notification, i.e. when the
4279 * response/notification is not a direct response to a
4280 * command sent by the driver. For example, uCode issues
4281 * IWM_REPLY_RX when it sends a received frame to the driver;
4282 * it is not a direct response to any driver command.
4284 * Ok, so since when is 7 == 15? Well, the Linux driver
4285 * uses a slightly different format for pkt->hdr, and "qid"
4286 * is actually the upper byte of a two-byte field.
4288 if (!(pkt->hdr.qid & (1 << 7))) {
4289 iwm_cmd_done(sc, pkt);
4295 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
4296 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
4299 * Tell the firmware what we have processed.
4300 * Seems like the hardware gets upset unless we align
4303 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1;
4304 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7);
4310 struct iwm_softc *sc = arg;
4316 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
4318 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
4319 uint32_t *ict = sc->ict_dma.vaddr;
4322 tmp = htole32(ict[sc->ict_cur]);
4327 * ok, there was something. keep plowing until we have all.
4332 ict[sc->ict_cur] = 0;
4333 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
4334 tmp = htole32(ict[sc->ict_cur]);
4337 /* this is where the fun begins. don't ask */
4338 if (r1 == 0xffffffff)
4341 /* i am not expected to understand this */
4344 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
4346 r1 = IWM_READ(sc, IWM_CSR_INT);
4347 /* "hardware gone" (where, fishing?) */
4348 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
4350 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
4352 if (r1 == 0 && r2 == 0) {
4356 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
4359 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/));
4361 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
4363 struct ieee80211com *ic = &sc->sc_ic;
4364 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4368 /* Dump driver status (TX and RX rings) while we're here. */
4369 device_printf(sc->sc_dev, "driver status:\n");
4370 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) {
4371 struct iwm_tx_ring *ring = &sc->txq[i];
4372 device_printf(sc->sc_dev,
4373 " tx ring %2d: qid=%-2d cur=%-3d "
4375 i, ring->qid, ring->cur, ring->queued);
4377 device_printf(sc->sc_dev,
4378 " rx ring: cur=%d\n", sc->rxq.cur);
4379 device_printf(sc->sc_dev,
4380 " 802.11 state %d\n", vap->iv_state);
4382 /* Don't stop the device; just do a VAP restart */
4386 printf("%s: null vap\n", __func__);
4390 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; "
4391 "restarting\n", __func__, vap->iv_state);
4393 /* XXX TODO: turn this into a callout/taskqueue */
4394 ieee80211_restart_all(ic);
4398 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
4399 handled |= IWM_CSR_INT_BIT_HW_ERR;
4400 device_printf(sc->sc_dev, "hardware error, stopping device\n");
4406 /* firmware chunk loaded */
4407 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
4408 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
4409 handled |= IWM_CSR_INT_BIT_FH_TX;
4410 sc->sc_fw_chunk_done = 1;
4414 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
4415 handled |= IWM_CSR_INT_BIT_RF_KILL;
4416 if (iwm_check_rfkill(sc)) {
4417 device_printf(sc->sc_dev,
4418 "%s: rfkill switch, disabling interface\n",
4425 * The Linux driver uses periodic interrupts to avoid races.
4426 * We cargo-cult like it's going out of fashion.
4428 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
4429 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
4430 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
4431 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
4433 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
4437 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
4438 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
4439 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
4443 /* enable periodic interrupt, see above */
4444 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
4445 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
4446 IWM_CSR_INT_PERIODIC_ENA);
4449 if (__predict_false(r1 & ~handled))
4450 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
4451 "%s: unhandled interrupts: %x\n", __func__, r1);
4455 iwm_restore_interrupts(sc);
4462 * Autoconf glue-sniffing
4464 #define PCI_VENDOR_INTEL 0x8086
4465 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
4466 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
4467 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
4468 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
4469 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
4470 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
4472 static const struct iwm_devices {
4476 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" },
4477 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" },
4478 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" },
4479 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" },
4480 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" },
4481 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" },
4485 iwm_probe(device_t dev)
4489 for (i = 0; i < nitems(iwm_devices); i++)
4490 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
4491 pci_get_device(dev) == iwm_devices[i].device) {
4492 device_set_desc(dev, iwm_devices[i].name);
4493 return (BUS_PROBE_DEFAULT);
4500 iwm_dev_check(device_t dev)
4502 struct iwm_softc *sc;
4504 sc = device_get_softc(dev);
4506 switch (pci_get_device(dev)) {
4507 case PCI_PRODUCT_INTEL_WL_3160_1:
4508 case PCI_PRODUCT_INTEL_WL_3160_2:
4509 sc->sc_fwname = "iwm3160fw";
4510 sc->host_interrupt_operation_mode = 1;
4512 case PCI_PRODUCT_INTEL_WL_7260_1:
4513 case PCI_PRODUCT_INTEL_WL_7260_2:
4514 sc->sc_fwname = "iwm7260fw";
4515 sc->host_interrupt_operation_mode = 1;
4517 case PCI_PRODUCT_INTEL_WL_7265_1:
4518 case PCI_PRODUCT_INTEL_WL_7265_2:
4519 sc->sc_fwname = "iwm7265fw";
4520 sc->host_interrupt_operation_mode = 0;
4523 device_printf(dev, "unknown adapter type\n");
4529 iwm_pci_attach(device_t dev)
4531 struct iwm_softc *sc;
4532 int count, error, rid;
4535 sc = device_get_softc(dev);
4537 /* Clear device-specific "PCI retry timeout" register (41h). */
4538 reg = pci_read_config(dev, 0x40, sizeof(reg));
4539 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg));
4541 /* Enable bus-mastering and hardware bug workaround. */
4542 pci_enable_busmaster(dev);
4543 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
4545 if (reg & PCIM_STATUS_INTxSTATE) {
4546 reg &= ~PCIM_STATUS_INTxSTATE;
4548 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
4551 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
4553 if (sc->sc_mem == NULL) {
4554 device_printf(sc->sc_dev, "can't map mem space\n");
4557 sc->sc_st = rman_get_bustag(sc->sc_mem);
4558 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
4560 /* Install interrupt handler. */
4563 if (pci_alloc_msi(dev, &count) == 0)
4565 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
4566 (rid != 0 ? 0 : RF_SHAREABLE));
4567 if (sc->sc_irq == NULL) {
4568 device_printf(dev, "can't map interrupt\n");
4571 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
4572 NULL, iwm_intr, sc, &sc->sc_ih);
4573 if (sc->sc_ih == NULL) {
4574 device_printf(dev, "can't establish interrupt");
4577 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
4583 iwm_pci_detach(device_t dev)
4585 struct iwm_softc *sc = device_get_softc(dev);
4587 if (sc->sc_irq != NULL) {
4588 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
4589 bus_release_resource(dev, SYS_RES_IRQ,
4590 rman_get_rid(sc->sc_irq), sc->sc_irq);
4591 pci_release_msi(dev);
4593 if (sc->sc_mem != NULL)
4594 bus_release_resource(dev, SYS_RES_MEMORY,
4595 rman_get_rid(sc->sc_mem), sc->sc_mem);
4601 iwm_attach(device_t dev)
4603 struct iwm_softc *sc = device_get_softc(dev);
4604 struct ieee80211com *ic = &sc->sc_ic;
4610 mbufq_init(&sc->sc_snd, ifqmaxlen);
4611 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
4612 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
4613 sc->sc_tq = taskqueue_create("iwm_taskq", M_WAITOK,
4614 taskqueue_thread_enqueue, &sc->sc_tq);
4615 error = taskqueue_start_threads(&sc->sc_tq, 1, 0, "iwm_taskq");
4617 device_printf(dev, "can't start threads, error %d\n",
4623 error = iwm_pci_attach(dev);
4627 sc->sc_wantresp = -1;
4629 /* Check device type */
4630 error = iwm_dev_check(dev);
4634 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
4637 * We now start fiddling with the hardware
4639 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
4640 if (iwm_prepare_card_hw(sc) != 0) {
4641 device_printf(dev, "could not initialize hardware\n");
4645 /* Allocate DMA memory for firmware transfers. */
4646 if ((error = iwm_alloc_fwmem(sc)) != 0) {
4647 device_printf(dev, "could not allocate memory for firmware\n");
4651 /* Allocate "Keep Warm" page. */
4652 if ((error = iwm_alloc_kw(sc)) != 0) {
4653 device_printf(dev, "could not allocate keep warm page\n");
4657 /* We use ICT interrupts */
4658 if ((error = iwm_alloc_ict(sc)) != 0) {
4659 device_printf(dev, "could not allocate ICT table\n");
4663 /* Allocate TX scheduler "rings". */
4664 if ((error = iwm_alloc_sched(sc)) != 0) {
4665 device_printf(dev, "could not allocate TX scheduler rings\n");
4669 /* Allocate TX rings */
4670 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
4671 if ((error = iwm_alloc_tx_ring(sc,
4672 &sc->txq[txq_i], txq_i)) != 0) {
4674 "could not allocate TX ring %d\n",
4680 /* Allocate RX ring. */
4681 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
4682 device_printf(dev, "could not allocate RX ring\n");
4686 /* Clear pending interrupts. */
4687 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
4690 ic->ic_name = device_get_nameunit(sc->sc_dev);
4691 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
4692 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
4694 /* Set device capabilities. */
4697 IEEE80211_C_WPA | /* WPA/RSN */
4699 IEEE80211_C_SHSLOT | /* short slot time supported */
4700 IEEE80211_C_SHPREAMBLE /* short preamble supported */
4701 // IEEE80211_C_BGSCAN /* capable of bg scanning */
4703 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
4704 sc->sc_phyctxt[i].id = i;
4705 sc->sc_phyctxt[i].color = 0;
4706 sc->sc_phyctxt[i].ref = 0;
4707 sc->sc_phyctxt[i].channel = NULL;
4711 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
4712 sc->sc_preinit_hook.ich_func = iwm_preinit;
4713 sc->sc_preinit_hook.ich_arg = sc;
4714 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
4715 device_printf(dev, "config_intrhook_establish failed\n");
4720 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
4721 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
4722 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
4725 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4726 "<-%s\n", __func__);
4730 /* Free allocated memory if something failed during attachment. */
4732 iwm_detach_local(sc, 0);
4738 iwm_update_edca(struct ieee80211com *ic)
4740 struct iwm_softc *sc = ic->ic_softc;
4742 device_printf(sc->sc_dev, "%s: called\n", __func__);
4747 iwm_preinit(void *arg)
4749 struct iwm_softc *sc = arg;
4750 device_t dev = sc->sc_dev;
4751 struct ieee80211com *ic = &sc->sc_ic;
4754 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4755 "->%s\n", __func__);
4758 if ((error = iwm_start_hw(sc)) != 0) {
4759 device_printf(dev, "could not initialize hardware\n");
4764 error = iwm_run_init_mvm_ucode(sc, 1);
4765 iwm_stop_device(sc);
4771 "revision: 0x%x, firmware %d.%d (API ver. %d)\n",
4772 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
4773 IWM_UCODE_MAJOR(sc->sc_fwver),
4774 IWM_UCODE_MINOR(sc->sc_fwver),
4775 IWM_UCODE_API(sc->sc_fwver));
4777 /* not all hardware can do 5GHz band */
4778 if (!sc->sc_nvm.sku_cap_band_52GHz_enable)
4779 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
4780 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
4784 * At this point we've committed - if we fail to do setup,
4785 * we now also have to tear down the net80211 state.
4787 ieee80211_ifattach(ic);
4788 ic->ic_vap_create = iwm_vap_create;
4789 ic->ic_vap_delete = iwm_vap_delete;
4790 ic->ic_raw_xmit = iwm_raw_xmit;
4791 ic->ic_node_alloc = iwm_node_alloc;
4792 ic->ic_scan_start = iwm_scan_start;
4793 ic->ic_scan_end = iwm_scan_end;
4794 ic->ic_update_mcast = iwm_update_mcast;
4795 ic->ic_set_channel = iwm_set_channel;
4796 ic->ic_scan_curchan = iwm_scan_curchan;
4797 ic->ic_scan_mindwell = iwm_scan_mindwell;
4798 ic->ic_wme.wme_update = iwm_update_edca;
4799 ic->ic_parent = iwm_parent;
4800 ic->ic_transmit = iwm_transmit;
4801 iwm_radiotap_attach(sc);
4803 ieee80211_announce(ic);
4805 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4806 "<-%s\n", __func__);
4807 config_intrhook_disestablish(&sc->sc_preinit_hook);
4811 config_intrhook_disestablish(&sc->sc_preinit_hook);
4812 iwm_detach_local(sc, 0);
4816 * Attach the interface to 802.11 radiotap.
4819 iwm_radiotap_attach(struct iwm_softc *sc)
4821 struct ieee80211com *ic = &sc->sc_ic;
4823 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4824 "->%s begin\n", __func__);
4825 ieee80211_radiotap_attach(ic,
4826 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
4827 IWM_TX_RADIOTAP_PRESENT,
4828 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
4829 IWM_RX_RADIOTAP_PRESENT);
4830 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
4831 "->%s end\n", __func__);
4834 static struct ieee80211vap *
4835 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
4836 enum ieee80211_opmode opmode, int flags,
4837 const uint8_t bssid[IEEE80211_ADDR_LEN],
4838 const uint8_t mac[IEEE80211_ADDR_LEN])
4840 struct iwm_vap *ivp;
4841 struct ieee80211vap *vap;
4843 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
4845 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO);
4847 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
4848 vap->iv_bmissthreshold = 10; /* override default */
4849 /* Override with driver methods. */
4850 ivp->iv_newstate = vap->iv_newstate;
4851 vap->iv_newstate = iwm_newstate;
4853 ieee80211_ratectl_init(vap);
4854 /* Complete setup. */
4855 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status,
4857 ic->ic_opmode = opmode;
4863 iwm_vap_delete(struct ieee80211vap *vap)
4865 struct iwm_vap *ivp = IWM_VAP(vap);
4867 ieee80211_ratectl_deinit(vap);
4868 ieee80211_vap_detach(vap);
4869 free(ivp, M_80211_VAP);
4873 iwm_scan_start(struct ieee80211com *ic)
4875 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4876 struct iwm_softc *sc = ic->ic_softc;
4879 if (sc->sc_scanband)
4882 error = iwm_mvm_scan_request(sc, IEEE80211_CHAN_2GHZ, 0, NULL, 0);
4884 device_printf(sc->sc_dev, "could not initiate scan\n");
4886 ieee80211_cancel_scan(vap);
4892 iwm_scan_end(struct ieee80211com *ic)
4897 iwm_update_mcast(struct ieee80211com *ic)
4902 iwm_set_channel(struct ieee80211com *ic)
4907 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
4912 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
4918 iwm_init_task(void *arg1)
4920 struct iwm_softc *sc = arg1;
4923 while (sc->sc_flags & IWM_FLAG_BUSY)
4924 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
4925 sc->sc_flags |= IWM_FLAG_BUSY;
4927 if (sc->sc_ic.ic_nrunning > 0)
4929 sc->sc_flags &= ~IWM_FLAG_BUSY;
4930 wakeup(&sc->sc_flags);
4935 iwm_resume(device_t dev)
4937 struct iwm_softc *sc = device_get_softc(dev);
4941 /* Clear device-specific "PCI retry timeout" register (41h). */
4942 reg = pci_read_config(dev, 0x40, sizeof(reg));
4943 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg));
4944 iwm_init_task(device_get_softc(dev));
4947 if (sc->sc_flags & IWM_FLAG_DORESUME) {
4948 sc->sc_flags &= ~IWM_FLAG_DORESUME;
4954 ieee80211_resume_all(&sc->sc_ic);
4960 iwm_suspend(device_t dev)
4963 struct iwm_softc *sc = device_get_softc(dev);
4965 do_stop = !! (sc->sc_ic.ic_nrunning > 0);
4967 ieee80211_suspend_all(&sc->sc_ic);
4972 sc->sc_flags |= IWM_FLAG_DORESUME;
4980 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
4982 struct iwm_fw_info *fw = &sc->sc_fw;
4983 device_t dev = sc->sc_dev;
4987 taskqueue_drain_all(sc->sc_tq);
4988 taskqueue_free(sc->sc_tq);
4990 callout_drain(&sc->sc_watchdog_to);
4991 iwm_stop_device(sc);
4993 ieee80211_ifdetach(&sc->sc_ic);
4995 /* Free descriptor rings */
4996 for (i = 0; i < nitems(sc->txq); i++)
4997 iwm_free_tx_ring(sc, &sc->txq[i]);
5000 if (fw->fw_fp != NULL)
5001 iwm_fw_info_free(fw);
5003 /* Free scheduler */
5005 if (sc->ict_dma.vaddr != NULL)
5007 if (sc->kw_dma.vaddr != NULL)
5009 if (sc->fw_dma.vaddr != NULL)
5012 /* Finished with the hardware - detach things */
5013 iwm_pci_detach(dev);
5015 mbufq_drain(&sc->sc_snd);
5016 IWM_LOCK_DESTROY(sc);
5022 iwm_detach(device_t dev)
5024 struct iwm_softc *sc = device_get_softc(dev);
5026 return (iwm_detach_local(sc, 1));
5029 static device_method_t iwm_pci_methods[] = {
5030 /* Device interface */
5031 DEVMETHOD(device_probe, iwm_probe),
5032 DEVMETHOD(device_attach, iwm_attach),
5033 DEVMETHOD(device_detach, iwm_detach),
5034 DEVMETHOD(device_suspend, iwm_suspend),
5035 DEVMETHOD(device_resume, iwm_resume),
5040 static driver_t iwm_pci_driver = {
5043 sizeof (struct iwm_softc)
5046 static devclass_t iwm_devclass;
5048 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
5049 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
5050 MODULE_DEPEND(iwm, pci, 1, 1, 1);
5051 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
projects / FreeBSD / FreeBSD.git / blob