2 * Copyright (c) 2007-2009 Damien Bergamini <damien.bergamini@free.fr>
3 * Copyright (c) 2008 Benjamin Close <benjsc@FreeBSD.org>
4 * Copyright (c) 2008 Sam Leffler, Errno Consulting
5 * Copyright (c) 2011 Intel Corporation
6 * Copyright (c) 2013 Cedric GROSS <c.gross@kreiz-it.fr>
7 * Copyright (c) 2013 Adrian Chadd <adrian@FreeBSD.org>
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 * Driver for Intel WiFi Link 4965 and 1000/5000/6000 Series 802.11 network
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
33 #include <sys/param.h>
34 #include <sys/sockio.h>
35 #include <sys/sysctl.h>
37 #include <sys/kernel.h>
38 #include <sys/socket.h>
39 #include <sys/systm.h>
40 #include <sys/malloc.h>
43 #include <sys/endian.h>
44 #include <sys/firmware.h>
45 #include <sys/limits.h>
46 #include <sys/module.h>
47 #include <sys/queue.h>
48 #include <sys/taskqueue.h>
50 #include <machine/bus.h>
51 #include <machine/resource.h>
52 #include <machine/clock.h>
54 #include <dev/pci/pcireg.h>
55 #include <dev/pci/pcivar.h>
59 #include <net/if_var.h>
60 #include <net/if_arp.h>
61 #include <net/ethernet.h>
62 #include <net/if_dl.h>
63 #include <net/if_media.h>
64 #include <net/if_types.h>
66 #include <netinet/in.h>
67 #include <netinet/in_systm.h>
68 #include <netinet/in_var.h>
69 #include <netinet/if_ether.h>
70 #include <netinet/ip.h>
72 #include <net80211/ieee80211_var.h>
73 #include <net80211/ieee80211_radiotap.h>
74 #include <net80211/ieee80211_regdomain.h>
75 #include <net80211/ieee80211_ratectl.h>
77 #include <dev/iwn/if_iwnreg.h>
78 #include <dev/iwn/if_iwnvar.h>
79 #include <dev/iwn/if_iwn_devid.h>
80 #include <dev/iwn/if_iwn_chip_cfg.h>
81 #include <dev/iwn/if_iwn_debug.h>
89 static const struct iwn_ident iwn_ident_table[] = {
90 { 0x8086, IWN_DID_6x05_1, "Intel Centrino Advanced-N 6205" },
91 { 0x8086, IWN_DID_1000_1, "Intel Centrino Wireless-N 1000" },
92 { 0x8086, IWN_DID_1000_2, "Intel Centrino Wireless-N 1000" },
93 { 0x8086, IWN_DID_6x05_2, "Intel Centrino Advanced-N 6205" },
94 { 0x8086, IWN_DID_6050_1, "Intel Centrino Advanced-N + WiMAX 6250" },
95 { 0x8086, IWN_DID_6050_2, "Intel Centrino Advanced-N + WiMAX 6250" },
96 { 0x8086, IWN_DID_x030_1, "Intel Centrino Wireless-N 1030" },
97 { 0x8086, IWN_DID_x030_2, "Intel Centrino Wireless-N 1030" },
98 { 0x8086, IWN_DID_x030_3, "Intel Centrino Advanced-N 6230" },
99 { 0x8086, IWN_DID_x030_4, "Intel Centrino Advanced-N 6230" },
100 { 0x8086, IWN_DID_6150_1, "Intel Centrino Wireless-N + WiMAX 6150" },
101 { 0x8086, IWN_DID_6150_2, "Intel Centrino Wireless-N + WiMAX 6150" },
102 { 0x8086, IWN_DID_2x00_1, "Intel(R) Centrino(R) Wireless-N 2200 BGN" },
103 { 0x8086, IWN_DID_2x00_2, "Intel(R) Centrino(R) Wireless-N 2200 BGN" },
104 /* XXX 2200D is IWN_SDID_2x00_4; there's no way to express this here! */
105 { 0x8086, IWN_DID_2x30_1, "Intel Centrino Wireless-N 2230" },
106 { 0x8086, IWN_DID_2x30_2, "Intel Centrino Wireless-N 2230" },
107 { 0x8086, IWN_DID_130_1, "Intel Centrino Wireless-N 130" },
108 { 0x8086, IWN_DID_130_2, "Intel Centrino Wireless-N 130" },
109 { 0x8086, IWN_DID_100_1, "Intel Centrino Wireless-N 100" },
110 { 0x8086, IWN_DID_100_2, "Intel Centrino Wireless-N 100" },
111 { 0x8086, IWN_DID_4965_1, "Intel Wireless WiFi Link 4965" },
112 { 0x8086, IWN_DID_6x00_1, "Intel Centrino Ultimate-N 6300" },
113 { 0x8086, IWN_DID_6x00_2, "Intel Centrino Advanced-N 6200" },
114 { 0x8086, IWN_DID_4965_2, "Intel Wireless WiFi Link 4965" },
115 { 0x8086, IWN_DID_4965_3, "Intel Wireless WiFi Link 4965" },
116 { 0x8086, IWN_DID_5x00_1, "Intel WiFi Link 5100" },
117 { 0x8086, IWN_DID_4965_4, "Intel Wireless WiFi Link 4965" },
118 { 0x8086, IWN_DID_5x00_3, "Intel Ultimate N WiFi Link 5300" },
119 { 0x8086, IWN_DID_5x00_4, "Intel Ultimate N WiFi Link 5300" },
120 { 0x8086, IWN_DID_5x00_2, "Intel WiFi Link 5100" },
121 { 0x8086, IWN_DID_6x00_3, "Intel Centrino Ultimate-N 6300" },
122 { 0x8086, IWN_DID_6x00_4, "Intel Centrino Advanced-N 6200" },
123 { 0x8086, IWN_DID_5x50_1, "Intel WiMAX/WiFi Link 5350" },
124 { 0x8086, IWN_DID_5x50_2, "Intel WiMAX/WiFi Link 5350" },
125 { 0x8086, IWN_DID_5x50_3, "Intel WiMAX/WiFi Link 5150" },
126 { 0x8086, IWN_DID_5x50_4, "Intel WiMAX/WiFi Link 5150" },
127 { 0x8086, IWN_DID_6035_1, "Intel Centrino Advanced 6235" },
128 { 0x8086, IWN_DID_6035_2, "Intel Centrino Advanced 6235" },
132 static int iwn_probe(device_t);
133 static int iwn_attach(device_t);
134 static int iwn4965_attach(struct iwn_softc *, uint16_t);
135 static int iwn5000_attach(struct iwn_softc *, uint16_t);
136 static int iwn_config_specific(struct iwn_softc *, uint16_t);
137 static void iwn_radiotap_attach(struct iwn_softc *);
138 static void iwn_sysctlattach(struct iwn_softc *);
139 static struct ieee80211vap *iwn_vap_create(struct ieee80211com *,
140 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
141 const uint8_t [IEEE80211_ADDR_LEN],
142 const uint8_t [IEEE80211_ADDR_LEN]);
143 static void iwn_vap_delete(struct ieee80211vap *);
144 static int iwn_detach(device_t);
145 static int iwn_shutdown(device_t);
146 static int iwn_suspend(device_t);
147 static int iwn_resume(device_t);
148 static int iwn_nic_lock(struct iwn_softc *);
149 static int iwn_eeprom_lock(struct iwn_softc *);
150 static int iwn_init_otprom(struct iwn_softc *);
151 static int iwn_read_prom_data(struct iwn_softc *, uint32_t, void *, int);
152 static void iwn_dma_map_addr(void *, bus_dma_segment_t *, int, int);
153 static int iwn_dma_contig_alloc(struct iwn_softc *, struct iwn_dma_info *,
154 void **, bus_size_t, bus_size_t);
155 static void iwn_dma_contig_free(struct iwn_dma_info *);
156 static int iwn_alloc_sched(struct iwn_softc *);
157 static void iwn_free_sched(struct iwn_softc *);
158 static int iwn_alloc_kw(struct iwn_softc *);
159 static void iwn_free_kw(struct iwn_softc *);
160 static int iwn_alloc_ict(struct iwn_softc *);
161 static void iwn_free_ict(struct iwn_softc *);
162 static int iwn_alloc_fwmem(struct iwn_softc *);
163 static void iwn_free_fwmem(struct iwn_softc *);
164 static int iwn_alloc_rx_ring(struct iwn_softc *, struct iwn_rx_ring *);
165 static void iwn_reset_rx_ring(struct iwn_softc *, struct iwn_rx_ring *);
166 static void iwn_free_rx_ring(struct iwn_softc *, struct iwn_rx_ring *);
167 static int iwn_alloc_tx_ring(struct iwn_softc *, struct iwn_tx_ring *,
169 static void iwn_reset_tx_ring(struct iwn_softc *, struct iwn_tx_ring *);
170 static void iwn_free_tx_ring(struct iwn_softc *, struct iwn_tx_ring *);
171 static void iwn5000_ict_reset(struct iwn_softc *);
172 static int iwn_read_eeprom(struct iwn_softc *,
173 uint8_t macaddr[IEEE80211_ADDR_LEN]);
174 static void iwn4965_read_eeprom(struct iwn_softc *);
176 static void iwn4965_print_power_group(struct iwn_softc *, int);
178 static void iwn5000_read_eeprom(struct iwn_softc *);
179 static uint32_t iwn_eeprom_channel_flags(struct iwn_eeprom_chan *);
180 static void iwn_read_eeprom_band(struct iwn_softc *, int);
181 static void iwn_read_eeprom_ht40(struct iwn_softc *, int);
182 static void iwn_read_eeprom_channels(struct iwn_softc *, int, uint32_t);
183 static struct iwn_eeprom_chan *iwn_find_eeprom_channel(struct iwn_softc *,
184 struct ieee80211_channel *);
185 static int iwn_setregdomain(struct ieee80211com *,
186 struct ieee80211_regdomain *, int,
187 struct ieee80211_channel[]);
188 static void iwn_read_eeprom_enhinfo(struct iwn_softc *);
189 static struct ieee80211_node *iwn_node_alloc(struct ieee80211vap *,
190 const uint8_t mac[IEEE80211_ADDR_LEN]);
191 static void iwn_newassoc(struct ieee80211_node *, int);
192 static int iwn_media_change(struct ifnet *);
193 static int iwn_newstate(struct ieee80211vap *, enum ieee80211_state, int);
194 static void iwn_calib_timeout(void *);
195 static void iwn_rx_phy(struct iwn_softc *, struct iwn_rx_desc *,
196 struct iwn_rx_data *);
197 static void iwn_rx_done(struct iwn_softc *, struct iwn_rx_desc *,
198 struct iwn_rx_data *);
199 static void iwn_rx_compressed_ba(struct iwn_softc *, struct iwn_rx_desc *,
200 struct iwn_rx_data *);
201 static void iwn5000_rx_calib_results(struct iwn_softc *,
202 struct iwn_rx_desc *, struct iwn_rx_data *);
203 static void iwn_rx_statistics(struct iwn_softc *, struct iwn_rx_desc *,
204 struct iwn_rx_data *);
205 static void iwn4965_tx_done(struct iwn_softc *, struct iwn_rx_desc *,
206 struct iwn_rx_data *);
207 static void iwn5000_tx_done(struct iwn_softc *, struct iwn_rx_desc *,
208 struct iwn_rx_data *);
209 static void iwn_tx_done(struct iwn_softc *, struct iwn_rx_desc *, int,
211 static void iwn_ampdu_tx_done(struct iwn_softc *, int, int, int, void *);
212 static void iwn_cmd_done(struct iwn_softc *, struct iwn_rx_desc *);
213 static void iwn_notif_intr(struct iwn_softc *);
214 static void iwn_wakeup_intr(struct iwn_softc *);
215 static void iwn_rftoggle_intr(struct iwn_softc *);
216 static void iwn_fatal_intr(struct iwn_softc *);
217 static void iwn_intr(void *);
218 static void iwn4965_update_sched(struct iwn_softc *, int, int, uint8_t,
220 static void iwn5000_update_sched(struct iwn_softc *, int, int, uint8_t,
223 static void iwn5000_reset_sched(struct iwn_softc *, int, int);
225 static int iwn_tx_data(struct iwn_softc *, struct mbuf *,
226 struct ieee80211_node *);
227 static int iwn_tx_data_raw(struct iwn_softc *, struct mbuf *,
228 struct ieee80211_node *,
229 const struct ieee80211_bpf_params *params);
230 static int iwn_raw_xmit(struct ieee80211_node *, struct mbuf *,
231 const struct ieee80211_bpf_params *);
232 static void iwn_start(struct ifnet *);
233 static void iwn_start_locked(struct ifnet *);
234 static void iwn_watchdog(void *);
235 static int iwn_ioctl(struct ifnet *, u_long, caddr_t);
236 static int iwn_cmd(struct iwn_softc *, int, const void *, int, int);
237 static int iwn4965_add_node(struct iwn_softc *, struct iwn_node_info *,
239 static int iwn5000_add_node(struct iwn_softc *, struct iwn_node_info *,
241 static int iwn_set_link_quality(struct iwn_softc *,
242 struct ieee80211_node *);
243 static int iwn_add_broadcast_node(struct iwn_softc *, int);
244 static int iwn_updateedca(struct ieee80211com *);
245 static void iwn_update_mcast(struct ifnet *);
246 static void iwn_set_led(struct iwn_softc *, uint8_t, uint8_t, uint8_t);
247 static int iwn_set_critical_temp(struct iwn_softc *);
248 static int iwn_set_timing(struct iwn_softc *, struct ieee80211_node *);
249 static void iwn4965_power_calibration(struct iwn_softc *, int);
250 static int iwn4965_set_txpower(struct iwn_softc *,
251 struct ieee80211_channel *, int);
252 static int iwn5000_set_txpower(struct iwn_softc *,
253 struct ieee80211_channel *, int);
254 static int iwn4965_get_rssi(struct iwn_softc *, struct iwn_rx_stat *);
255 static int iwn5000_get_rssi(struct iwn_softc *, struct iwn_rx_stat *);
256 static int iwn_get_noise(const struct iwn_rx_general_stats *);
257 static int iwn4965_get_temperature(struct iwn_softc *);
258 static int iwn5000_get_temperature(struct iwn_softc *);
259 static int iwn_init_sensitivity(struct iwn_softc *);
260 static void iwn_collect_noise(struct iwn_softc *,
261 const struct iwn_rx_general_stats *);
262 static int iwn4965_init_gains(struct iwn_softc *);
263 static int iwn5000_init_gains(struct iwn_softc *);
264 static int iwn4965_set_gains(struct iwn_softc *);
265 static int iwn5000_set_gains(struct iwn_softc *);
266 static void iwn_tune_sensitivity(struct iwn_softc *,
267 const struct iwn_rx_stats *);
268 static void iwn_save_stats_counters(struct iwn_softc *,
269 const struct iwn_stats *);
270 static int iwn_send_sensitivity(struct iwn_softc *);
271 static void iwn_check_rx_recovery(struct iwn_softc *, struct iwn_stats *);
272 static int iwn_set_pslevel(struct iwn_softc *, int, int, int);
273 static int iwn_send_btcoex(struct iwn_softc *);
274 static int iwn_send_advanced_btcoex(struct iwn_softc *);
275 static int iwn5000_runtime_calib(struct iwn_softc *);
276 static int iwn_config(struct iwn_softc *);
277 static uint8_t *ieee80211_add_ssid(uint8_t *, const uint8_t *, u_int);
278 static int iwn_scan(struct iwn_softc *, struct ieee80211vap *,
279 struct ieee80211_scan_state *, struct ieee80211_channel *);
280 static int iwn_auth(struct iwn_softc *, struct ieee80211vap *vap);
281 static int iwn_run(struct iwn_softc *, struct ieee80211vap *vap);
282 static int iwn_ampdu_rx_start(struct ieee80211_node *,
283 struct ieee80211_rx_ampdu *, int, int, int);
284 static void iwn_ampdu_rx_stop(struct ieee80211_node *,
285 struct ieee80211_rx_ampdu *);
286 static int iwn_addba_request(struct ieee80211_node *,
287 struct ieee80211_tx_ampdu *, int, int, int);
288 static int iwn_addba_response(struct ieee80211_node *,
289 struct ieee80211_tx_ampdu *, int, int, int);
290 static int iwn_ampdu_tx_start(struct ieee80211com *,
291 struct ieee80211_node *, uint8_t);
292 static void iwn_ampdu_tx_stop(struct ieee80211_node *,
293 struct ieee80211_tx_ampdu *);
294 static void iwn4965_ampdu_tx_start(struct iwn_softc *,
295 struct ieee80211_node *, int, uint8_t, uint16_t);
296 static void iwn4965_ampdu_tx_stop(struct iwn_softc *, int,
298 static void iwn5000_ampdu_tx_start(struct iwn_softc *,
299 struct ieee80211_node *, int, uint8_t, uint16_t);
300 static void iwn5000_ampdu_tx_stop(struct iwn_softc *, int,
302 static int iwn5000_query_calibration(struct iwn_softc *);
303 static int iwn5000_send_calibration(struct iwn_softc *);
304 static int iwn5000_send_wimax_coex(struct iwn_softc *);
305 static int iwn5000_crystal_calib(struct iwn_softc *);
306 static int iwn5000_temp_offset_calib(struct iwn_softc *);
307 static int iwn5000_temp_offset_calibv2(struct iwn_softc *);
308 static int iwn4965_post_alive(struct iwn_softc *);
309 static int iwn5000_post_alive(struct iwn_softc *);
310 static int iwn4965_load_bootcode(struct iwn_softc *, const uint8_t *,
312 static int iwn4965_load_firmware(struct iwn_softc *);
313 static int iwn5000_load_firmware_section(struct iwn_softc *, uint32_t,
314 const uint8_t *, int);
315 static int iwn5000_load_firmware(struct iwn_softc *);
316 static int iwn_read_firmware_leg(struct iwn_softc *,
317 struct iwn_fw_info *);
318 static int iwn_read_firmware_tlv(struct iwn_softc *,
319 struct iwn_fw_info *, uint16_t);
320 static int iwn_read_firmware(struct iwn_softc *);
321 static int iwn_clock_wait(struct iwn_softc *);
322 static int iwn_apm_init(struct iwn_softc *);
323 static void iwn_apm_stop_master(struct iwn_softc *);
324 static void iwn_apm_stop(struct iwn_softc *);
325 static int iwn4965_nic_config(struct iwn_softc *);
326 static int iwn5000_nic_config(struct iwn_softc *);
327 static int iwn_hw_prepare(struct iwn_softc *);
328 static int iwn_hw_init(struct iwn_softc *);
329 static void iwn_hw_stop(struct iwn_softc *);
330 static void iwn_radio_on(void *, int);
331 static void iwn_radio_off(void *, int);
332 static void iwn_init_locked(struct iwn_softc *);
333 static void iwn_init(void *);
334 static void iwn_stop_locked(struct iwn_softc *);
335 static void iwn_stop(struct iwn_softc *);
336 static void iwn_scan_start(struct ieee80211com *);
337 static void iwn_scan_end(struct ieee80211com *);
338 static void iwn_set_channel(struct ieee80211com *);
339 static void iwn_scan_curchan(struct ieee80211_scan_state *, unsigned long);
340 static void iwn_scan_mindwell(struct ieee80211_scan_state *);
341 static void iwn_hw_reset(void *, int);
343 static char *iwn_get_csr_string(int);
344 static void iwn_debug_register(struct iwn_softc *);
347 static device_method_t iwn_methods[] = {
348 /* Device interface */
349 DEVMETHOD(device_probe, iwn_probe),
350 DEVMETHOD(device_attach, iwn_attach),
351 DEVMETHOD(device_detach, iwn_detach),
352 DEVMETHOD(device_shutdown, iwn_shutdown),
353 DEVMETHOD(device_suspend, iwn_suspend),
354 DEVMETHOD(device_resume, iwn_resume),
358 static driver_t iwn_driver = {
361 sizeof(struct iwn_softc)
363 static devclass_t iwn_devclass;
365 DRIVER_MODULE(iwn, pci, iwn_driver, iwn_devclass, 0, 0);
367 MODULE_VERSION(iwn, 1);
369 MODULE_DEPEND(iwn, firmware, 1, 1, 1);
370 MODULE_DEPEND(iwn, pci, 1, 1, 1);
371 MODULE_DEPEND(iwn, wlan, 1, 1, 1);
374 iwn_probe(device_t dev)
376 const struct iwn_ident *ident;
378 for (ident = iwn_ident_table; ident->name != NULL; ident++) {
379 if (pci_get_vendor(dev) == ident->vendor &&
380 pci_get_device(dev) == ident->device) {
381 device_set_desc(dev, ident->name);
389 iwn_attach(device_t dev)
391 struct iwn_softc *sc = (struct iwn_softc *)device_get_softc(dev);
392 struct ieee80211com *ic;
395 int i, error, result;
396 uint8_t macaddr[IEEE80211_ADDR_LEN];
401 error = resource_int_value(device_get_name(sc->sc_dev),
402 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug));
409 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: begin\n",__func__);
412 * Get the offset of the PCI Express Capability Structure in PCI
413 * Configuration Space.
415 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off);
417 device_printf(dev, "PCIe capability structure not found!\n");
421 /* Clear device-specific "PCI retry timeout" register (41h). */
422 pci_write_config(dev, 0x41, 0, 1);
424 /* Hardware bug workaround. */
425 reg = pci_read_config(dev, PCIR_COMMAND, 2);
426 if (reg & PCIM_CMD_INTxDIS) {
427 DPRINTF(sc, IWN_DEBUG_RESET, "%s: PCIe INTx Disable set\n",
429 reg &= ~PCIM_CMD_INTxDIS;
430 pci_write_config(dev, PCIR_COMMAND, reg, 2);
433 /* Enable bus-mastering. */
434 pci_enable_busmaster(dev);
436 sc->mem_rid = PCIR_BAR(0);
437 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
439 if (sc->mem == NULL) {
440 device_printf(dev, "can't map mem space\n");
444 sc->sc_st = rman_get_bustag(sc->mem);
445 sc->sc_sh = rman_get_bushandle(sc->mem);
448 if ((result = pci_msi_count(dev)) == 1 &&
449 pci_alloc_msi(dev, &result) == 0)
451 /* Install interrupt handler. */
452 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
453 RF_ACTIVE | RF_SHAREABLE);
454 if (sc->irq == NULL) {
455 device_printf(dev, "can't map interrupt\n");
462 /* Read hardware revision and attach. */
463 sc->hw_type = (IWN_READ(sc, IWN_HW_REV) >> IWN_HW_REV_TYPE_SHIFT)
464 & IWN_HW_REV_TYPE_MASK;
465 sc->subdevice_id = pci_get_subdevice(dev);
468 * 4965 versus 5000 and later have different methods.
469 * Let's set those up first.
471 if (sc->hw_type == IWN_HW_REV_TYPE_4965)
472 error = iwn4965_attach(sc, pci_get_device(dev));
474 error = iwn5000_attach(sc, pci_get_device(dev));
476 device_printf(dev, "could not attach device, error %d\n",
482 * Next, let's setup the various parameters of each NIC.
484 error = iwn_config_specific(sc, pci_get_device(dev));
486 device_printf(dev, "could not attach device, error %d\n",
491 if ((error = iwn_hw_prepare(sc)) != 0) {
492 device_printf(dev, "hardware not ready, error %d\n", error);
496 /* Allocate DMA memory for firmware transfers. */
497 if ((error = iwn_alloc_fwmem(sc)) != 0) {
499 "could not allocate memory for firmware, error %d\n",
504 /* Allocate "Keep Warm" page. */
505 if ((error = iwn_alloc_kw(sc)) != 0) {
507 "could not allocate keep warm page, error %d\n", error);
511 /* Allocate ICT table for 5000 Series. */
512 if (sc->hw_type != IWN_HW_REV_TYPE_4965 &&
513 (error = iwn_alloc_ict(sc)) != 0) {
514 device_printf(dev, "could not allocate ICT table, error %d\n",
519 /* Allocate TX scheduler "rings". */
520 if ((error = iwn_alloc_sched(sc)) != 0) {
522 "could not allocate TX scheduler rings, error %d\n", error);
526 /* Allocate TX rings (16 on 4965AGN, 20 on >=5000). */
527 for (i = 0; i < sc->ntxqs; i++) {
528 if ((error = iwn_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) {
530 "could not allocate TX ring %d, error %d\n", i,
536 /* Allocate RX ring. */
537 if ((error = iwn_alloc_rx_ring(sc, &sc->rxq)) != 0) {
538 device_printf(dev, "could not allocate RX ring, error %d\n",
543 /* Clear pending interrupts. */
544 IWN_WRITE(sc, IWN_INT, 0xffffffff);
546 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
548 device_printf(dev, "can not allocate ifnet structure\n");
554 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
555 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
557 /* Set device capabilities. */
559 IEEE80211_C_STA /* station mode supported */
560 | IEEE80211_C_MONITOR /* monitor mode supported */
561 | IEEE80211_C_BGSCAN /* background scanning */
562 | IEEE80211_C_TXPMGT /* tx power management */
563 | IEEE80211_C_SHSLOT /* short slot time supported */
565 | IEEE80211_C_SHPREAMBLE /* short preamble supported */
567 | IEEE80211_C_IBSS /* ibss/adhoc mode */
569 | IEEE80211_C_WME /* WME */
570 | IEEE80211_C_PMGT /* Station-side power mgmt */
573 /* Read MAC address, channels, etc from EEPROM. */
574 if ((error = iwn_read_eeprom(sc, macaddr)) != 0) {
575 device_printf(dev, "could not read EEPROM, error %d\n",
580 /* Count the number of available chains. */
582 ((sc->txchainmask >> 2) & 1) +
583 ((sc->txchainmask >> 1) & 1) +
584 ((sc->txchainmask >> 0) & 1);
586 ((sc->rxchainmask >> 2) & 1) +
587 ((sc->rxchainmask >> 1) & 1) +
588 ((sc->rxchainmask >> 0) & 1);
590 device_printf(dev, "MIMO %dT%dR, %.4s, address %6D\n",
591 sc->ntxchains, sc->nrxchains, sc->eeprom_domain,
595 if (sc->sc_flags & IWN_FLAG_HAS_11N) {
596 ic->ic_rxstream = sc->nrxchains;
597 ic->ic_txstream = sc->ntxchains;
600 * The NICs we currently support cap out at 2x2 support
601 * separate from the chains being used.
603 * This is a total hack to work around that until some
604 * per-device method is implemented to return the
605 * actual stream support.
607 * XXX Note: the 5350 is a 3x3 device; so we shouldn't
608 * cap this! But, anything that touches rates in the
609 * driver needs to be audited first before 3x3 is enabled.
611 if (ic->ic_rxstream > 2)
613 if (ic->ic_txstream > 2)
617 IEEE80211_HTCAP_SMPS_OFF /* SMPS mode disabled */
618 | IEEE80211_HTCAP_SHORTGI20 /* short GI in 20MHz */
619 | IEEE80211_HTCAP_CHWIDTH40 /* 40MHz channel width*/
620 | IEEE80211_HTCAP_SHORTGI40 /* short GI in 40MHz */
622 | IEEE80211_HTCAP_GREENFIELD
623 #if IWN_RBUF_SIZE == 8192
624 | IEEE80211_HTCAP_MAXAMSDU_7935 /* max A-MSDU length */
626 | IEEE80211_HTCAP_MAXAMSDU_3839 /* max A-MSDU length */
629 /* s/w capabilities */
630 | IEEE80211_HTC_HT /* HT operation */
631 | IEEE80211_HTC_AMPDU /* tx A-MPDU */
633 | IEEE80211_HTC_AMSDU /* tx A-MSDU */
638 if_initname(ifp, device_get_name(dev), device_get_unit(dev));
640 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
641 ifp->if_init = iwn_init;
642 ifp->if_ioctl = iwn_ioctl;
643 ifp->if_start = iwn_start;
644 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
645 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
646 IFQ_SET_READY(&ifp->if_snd);
648 ieee80211_ifattach(ic, macaddr);
649 ic->ic_vap_create = iwn_vap_create;
650 ic->ic_vap_delete = iwn_vap_delete;
651 ic->ic_raw_xmit = iwn_raw_xmit;
652 ic->ic_node_alloc = iwn_node_alloc;
653 sc->sc_ampdu_rx_start = ic->ic_ampdu_rx_start;
654 ic->ic_ampdu_rx_start = iwn_ampdu_rx_start;
655 sc->sc_ampdu_rx_stop = ic->ic_ampdu_rx_stop;
656 ic->ic_ampdu_rx_stop = iwn_ampdu_rx_stop;
657 sc->sc_addba_request = ic->ic_addba_request;
658 ic->ic_addba_request = iwn_addba_request;
659 sc->sc_addba_response = ic->ic_addba_response;
660 ic->ic_addba_response = iwn_addba_response;
661 sc->sc_addba_stop = ic->ic_addba_stop;
662 ic->ic_addba_stop = iwn_ampdu_tx_stop;
663 ic->ic_newassoc = iwn_newassoc;
664 ic->ic_wme.wme_update = iwn_updateedca;
665 ic->ic_update_mcast = iwn_update_mcast;
666 ic->ic_scan_start = iwn_scan_start;
667 ic->ic_scan_end = iwn_scan_end;
668 ic->ic_set_channel = iwn_set_channel;
669 ic->ic_scan_curchan = iwn_scan_curchan;
670 ic->ic_scan_mindwell = iwn_scan_mindwell;
671 ic->ic_setregdomain = iwn_setregdomain;
673 iwn_radiotap_attach(sc);
675 callout_init_mtx(&sc->calib_to, &sc->sc_mtx, 0);
676 callout_init_mtx(&sc->watchdog_to, &sc->sc_mtx, 0);
677 TASK_INIT(&sc->sc_reinit_task, 0, iwn_hw_reset, sc);
678 TASK_INIT(&sc->sc_radioon_task, 0, iwn_radio_on, sc);
679 TASK_INIT(&sc->sc_radiooff_task, 0, iwn_radio_off, sc);
681 iwn_sysctlattach(sc);
684 * Hook our interrupt after all initialization is complete.
686 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE,
687 NULL, iwn_intr, sc, &sc->sc_ih);
689 device_printf(dev, "can't establish interrupt, error %d\n",
695 ieee80211_announce(ic);
696 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
700 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end in error\n",__func__);
705 * Define specific configuration based on device id and subdevice id
706 * pid : PCI device id
709 iwn_config_specific(struct iwn_softc *sc, uint16_t pid)
718 sc->base_params = &iwn4965_base_params;
719 sc->limits = &iwn4965_sensitivity_limits;
720 sc->fwname = "iwn4965fw";
721 /* Override chains masks, ROM is known to be broken. */
722 sc->txchainmask = IWN_ANT_AB;
723 sc->rxchainmask = IWN_ANT_ABC;
724 /* Enable normal btcoex */
725 sc->sc_flags |= IWN_FLAG_BTCOEX;
730 switch(sc->subdevice_id) {
731 case IWN_SDID_1000_1:
732 case IWN_SDID_1000_2:
733 case IWN_SDID_1000_3:
734 case IWN_SDID_1000_4:
735 case IWN_SDID_1000_5:
736 case IWN_SDID_1000_6:
737 case IWN_SDID_1000_7:
738 case IWN_SDID_1000_8:
739 case IWN_SDID_1000_9:
740 case IWN_SDID_1000_10:
741 case IWN_SDID_1000_11:
742 case IWN_SDID_1000_12:
743 sc->limits = &iwn1000_sensitivity_limits;
744 sc->base_params = &iwn1000_base_params;
745 sc->fwname = "iwn1000fw";
748 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
749 "0x%04x rev %d not supported (subdevice)\n", pid,
750 sc->subdevice_id,sc->hw_type);
759 sc->fwname = "iwn6000fw";
760 sc->limits = &iwn6000_sensitivity_limits;
761 switch(sc->subdevice_id) {
762 case IWN_SDID_6x00_1:
763 case IWN_SDID_6x00_2:
764 case IWN_SDID_6x00_8:
766 sc->base_params = &iwn_6000_base_params;
768 case IWN_SDID_6x00_3:
769 case IWN_SDID_6x00_6:
770 case IWN_SDID_6x00_9:
772 case IWN_SDID_6x00_4:
773 case IWN_SDID_6x00_7:
774 case IWN_SDID_6x00_10:
776 case IWN_SDID_6x00_5:
778 sc->base_params = &iwn_6000i_base_params;
779 sc->sc_flags |= IWN_FLAG_INTERNAL_PA;
780 sc->txchainmask = IWN_ANT_BC;
781 sc->rxchainmask = IWN_ANT_BC;
784 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
785 "0x%04x rev %d not supported (subdevice)\n", pid,
786 sc->subdevice_id,sc->hw_type);
793 switch(sc->subdevice_id) {
794 case IWN_SDID_6x05_1:
795 case IWN_SDID_6x05_4:
796 case IWN_SDID_6x05_6:
798 case IWN_SDID_6x05_2:
799 case IWN_SDID_6x05_5:
800 case IWN_SDID_6x05_7:
802 case IWN_SDID_6x05_3:
804 case IWN_SDID_6x05_8:
805 case IWN_SDID_6x05_9:
806 //iwl6005_2agn_sff_cfg
807 case IWN_SDID_6x05_10:
809 case IWN_SDID_6x05_11:
810 //iwl6005_2agn_mow1_cfg
811 case IWN_SDID_6x05_12:
812 //iwl6005_2agn_mow2_cfg
813 sc->fwname = "iwn6000g2afw";
814 sc->limits = &iwn6000_sensitivity_limits;
815 sc->base_params = &iwn_6000g2_base_params;
818 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
819 "0x%04x rev %d not supported (subdevice)\n", pid,
820 sc->subdevice_id,sc->hw_type);
827 switch(sc->subdevice_id) {
828 case IWN_SDID_6035_1:
829 case IWN_SDID_6035_2:
830 case IWN_SDID_6035_3:
831 case IWN_SDID_6035_4:
832 sc->fwname = "iwn6000g2bfw";
833 sc->limits = &iwn6235_sensitivity_limits;
834 sc->base_params = &iwn_6235_base_params;
837 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
838 "0x%04x rev %d not supported (subdevice)\n", pid,
839 sc->subdevice_id,sc->hw_type);
843 /* 6x50 WiFi/WiMax Series */
846 switch(sc->subdevice_id) {
847 case IWN_SDID_6050_1:
848 case IWN_SDID_6050_3:
849 case IWN_SDID_6050_5:
851 case IWN_SDID_6050_2:
852 case IWN_SDID_6050_4:
853 case IWN_SDID_6050_6:
855 sc->fwname = "iwn6050fw";
856 sc->txchainmask = IWN_ANT_AB;
857 sc->rxchainmask = IWN_ANT_AB;
858 sc->limits = &iwn6000_sensitivity_limits;
859 sc->base_params = &iwn_6050_base_params;
862 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
863 "0x%04x rev %d not supported (subdevice)\n", pid,
864 sc->subdevice_id,sc->hw_type);
868 /* 6150 WiFi/WiMax Series */
871 switch(sc->subdevice_id) {
872 case IWN_SDID_6150_1:
873 case IWN_SDID_6150_3:
874 case IWN_SDID_6150_5:
876 case IWN_SDID_6150_2:
877 case IWN_SDID_6150_4:
878 case IWN_SDID_6150_6:
880 sc->fwname = "iwn6050fw";
881 sc->limits = &iwn6000_sensitivity_limits;
882 sc->base_params = &iwn_6150_base_params;
885 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
886 "0x%04x rev %d not supported (subdevice)\n", pid,
887 sc->subdevice_id,sc->hw_type);
891 /* 6030 Series and 1030 Series */
896 switch(sc->subdevice_id) {
897 case IWN_SDID_x030_1:
898 case IWN_SDID_x030_3:
899 case IWN_SDID_x030_5:
901 case IWN_SDID_x030_2:
902 case IWN_SDID_x030_4:
903 case IWN_SDID_x030_6:
905 case IWN_SDID_x030_7:
906 case IWN_SDID_x030_10:
907 case IWN_SDID_x030_14:
909 case IWN_SDID_x030_8:
910 case IWN_SDID_x030_11:
911 case IWN_SDID_x030_15:
913 case IWN_SDID_x030_9:
914 case IWN_SDID_x030_12:
915 case IWN_SDID_x030_16:
917 case IWN_SDID_x030_13:
919 sc->fwname = "iwn6000g2bfw";
920 sc->limits = &iwn6000_sensitivity_limits;
921 sc->base_params = &iwn_6000g2b_base_params;
924 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
925 "0x%04x rev %d not supported (subdevice)\n", pid,
926 sc->subdevice_id,sc->hw_type);
930 /* 130 Series WiFi */
931 /* XXX: This series will need adjustment for rate.
932 * see rx_with_siso_diversity in linux kernel
936 switch(sc->subdevice_id) {
945 sc->fwname = "iwn6000g2bfw";
946 sc->limits = &iwn6000_sensitivity_limits;
947 sc->base_params = &iwn_6000g2b_base_params;
950 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
951 "0x%04x rev %d not supported (subdevice)\n", pid,
952 sc->subdevice_id,sc->hw_type);
956 /* 100 Series WiFi */
959 switch(sc->subdevice_id) {
966 sc->limits = &iwn1000_sensitivity_limits;
967 sc->base_params = &iwn1000_base_params;
968 sc->fwname = "iwn100fw";
971 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
972 "0x%04x rev %d not supported (subdevice)\n", pid,
973 sc->subdevice_id,sc->hw_type);
981 switch(sc->subdevice_id) {
982 case IWN_SDID_2x00_1:
983 case IWN_SDID_2x00_2:
984 case IWN_SDID_2x00_3:
986 case IWN_SDID_2x00_4:
988 sc->limits = &iwn2030_sensitivity_limits;
989 sc->base_params = &iwn2000_base_params;
990 sc->fwname = "iwn2000fw";
993 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
994 "0x%04x rev %d not supported (subdevice) \n",
995 pid, sc->subdevice_id, sc->hw_type);
1000 case IWN_DID_2x30_1:
1001 case IWN_DID_2x30_2:
1002 switch(sc->subdevice_id) {
1003 case IWN_SDID_2x30_1:
1004 case IWN_SDID_2x30_3:
1005 case IWN_SDID_2x30_5:
1007 case IWN_SDID_2x30_2:
1008 case IWN_SDID_2x30_4:
1009 case IWN_SDID_2x30_6:
1011 sc->limits = &iwn2030_sensitivity_limits;
1012 sc->base_params = &iwn2030_base_params;
1013 sc->fwname = "iwn2030fw";
1016 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
1017 "0x%04x rev %d not supported (subdevice)\n", pid,
1018 sc->subdevice_id,sc->hw_type);
1023 case IWN_DID_5x00_1:
1024 case IWN_DID_5x00_2:
1025 case IWN_DID_5x00_3:
1026 case IWN_DID_5x00_4:
1027 sc->limits = &iwn5000_sensitivity_limits;
1028 sc->base_params = &iwn5000_base_params;
1029 sc->fwname = "iwn5000fw";
1030 switch(sc->subdevice_id) {
1031 case IWN_SDID_5x00_1:
1032 case IWN_SDID_5x00_2:
1033 case IWN_SDID_5x00_3:
1034 case IWN_SDID_5x00_4:
1035 case IWN_SDID_5x00_9:
1036 case IWN_SDID_5x00_10:
1037 case IWN_SDID_5x00_11:
1038 case IWN_SDID_5x00_12:
1039 case IWN_SDID_5x00_17:
1040 case IWN_SDID_5x00_18:
1041 case IWN_SDID_5x00_19:
1042 case IWN_SDID_5x00_20:
1044 sc->txchainmask = IWN_ANT_B;
1045 sc->rxchainmask = IWN_ANT_AB;
1047 case IWN_SDID_5x00_5:
1048 case IWN_SDID_5x00_6:
1049 case IWN_SDID_5x00_13:
1050 case IWN_SDID_5x00_14:
1051 case IWN_SDID_5x00_21:
1052 case IWN_SDID_5x00_22:
1054 sc->txchainmask = IWN_ANT_B;
1055 sc->rxchainmask = IWN_ANT_AB;
1057 case IWN_SDID_5x00_7:
1058 case IWN_SDID_5x00_8:
1059 case IWN_SDID_5x00_15:
1060 case IWN_SDID_5x00_16:
1061 case IWN_SDID_5x00_23:
1062 case IWN_SDID_5x00_24:
1064 sc->txchainmask = IWN_ANT_B;
1065 sc->rxchainmask = IWN_ANT_AB;
1067 case IWN_SDID_5x00_25:
1068 case IWN_SDID_5x00_26:
1069 case IWN_SDID_5x00_27:
1070 case IWN_SDID_5x00_28:
1071 case IWN_SDID_5x00_29:
1072 case IWN_SDID_5x00_30:
1073 case IWN_SDID_5x00_31:
1074 case IWN_SDID_5x00_32:
1075 case IWN_SDID_5x00_33:
1076 case IWN_SDID_5x00_34:
1077 case IWN_SDID_5x00_35:
1078 case IWN_SDID_5x00_36:
1080 sc->txchainmask = IWN_ANT_ABC;
1081 sc->rxchainmask = IWN_ANT_ABC;
1084 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
1085 "0x%04x rev %d not supported (subdevice)\n", pid,
1086 sc->subdevice_id,sc->hw_type);
1091 case IWN_DID_5x50_1:
1092 case IWN_DID_5x50_2:
1093 case IWN_DID_5x50_3:
1094 case IWN_DID_5x50_4:
1095 sc->limits = &iwn5000_sensitivity_limits;
1096 sc->base_params = &iwn5000_base_params;
1097 sc->fwname = "iwn5000fw";
1098 switch(sc->subdevice_id) {
1099 case IWN_SDID_5x50_1:
1100 case IWN_SDID_5x50_2:
1101 case IWN_SDID_5x50_3:
1103 sc->limits = &iwn5000_sensitivity_limits;
1104 sc->base_params = &iwn5000_base_params;
1105 sc->fwname = "iwn5000fw";
1107 case IWN_SDID_5x50_4:
1108 case IWN_SDID_5x50_5:
1109 case IWN_SDID_5x50_8:
1110 case IWN_SDID_5x50_9:
1111 case IWN_SDID_5x50_10:
1112 case IWN_SDID_5x50_11:
1114 case IWN_SDID_5x50_6:
1115 case IWN_SDID_5x50_7:
1116 case IWN_SDID_5x50_12:
1117 case IWN_SDID_5x50_13:
1119 sc->limits = &iwn5000_sensitivity_limits;
1120 sc->fwname = "iwn5150fw";
1121 sc->base_params = &iwn_5x50_base_params;
1124 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id :"
1125 "0x%04x rev %d not supported (subdevice)\n", pid,
1126 sc->subdevice_id,sc->hw_type);
1131 device_printf(sc->sc_dev, "adapter type id : 0x%04x sub id : 0x%04x"
1132 "rev 0x%08x not supported (device)\n", pid, sc->subdevice_id,
1140 iwn4965_attach(struct iwn_softc *sc, uint16_t pid)
1142 struct iwn_ops *ops = &sc->ops;
1144 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
1145 ops->load_firmware = iwn4965_load_firmware;
1146 ops->read_eeprom = iwn4965_read_eeprom;
1147 ops->post_alive = iwn4965_post_alive;
1148 ops->nic_config = iwn4965_nic_config;
1149 ops->update_sched = iwn4965_update_sched;
1150 ops->get_temperature = iwn4965_get_temperature;
1151 ops->get_rssi = iwn4965_get_rssi;
1152 ops->set_txpower = iwn4965_set_txpower;
1153 ops->init_gains = iwn4965_init_gains;
1154 ops->set_gains = iwn4965_set_gains;
1155 ops->add_node = iwn4965_add_node;
1156 ops->tx_done = iwn4965_tx_done;
1157 ops->ampdu_tx_start = iwn4965_ampdu_tx_start;
1158 ops->ampdu_tx_stop = iwn4965_ampdu_tx_stop;
1159 sc->ntxqs = IWN4965_NTXQUEUES;
1160 sc->firstaggqueue = IWN4965_FIRSTAGGQUEUE;
1161 sc->ndmachnls = IWN4965_NDMACHNLS;
1162 sc->broadcast_id = IWN4965_ID_BROADCAST;
1163 sc->rxonsz = IWN4965_RXONSZ;
1164 sc->schedsz = IWN4965_SCHEDSZ;
1165 sc->fw_text_maxsz = IWN4965_FW_TEXT_MAXSZ;
1166 sc->fw_data_maxsz = IWN4965_FW_DATA_MAXSZ;
1167 sc->fwsz = IWN4965_FWSZ;
1168 sc->sched_txfact_addr = IWN4965_SCHED_TXFACT;
1169 sc->limits = &iwn4965_sensitivity_limits;
1170 sc->fwname = "iwn4965fw";
1171 /* Override chains masks, ROM is known to be broken. */
1172 sc->txchainmask = IWN_ANT_AB;
1173 sc->rxchainmask = IWN_ANT_ABC;
1174 /* Enable normal btcoex */
1175 sc->sc_flags |= IWN_FLAG_BTCOEX;
1177 DPRINTF(sc, IWN_DEBUG_TRACE, "%s: end\n",__func__);
1183 iwn5000_attach(struct iwn_softc *sc, uint16_t pid)
1185 struct iwn_ops *ops = &sc->ops;
1187 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
1189 ops->load_firmware = iwn5000_load_firmware;
1190 ops->read_eeprom = iwn5000_read_eeprom;
1191 ops->post_alive = iwn5000_post_alive;
1192 ops->nic_config = iwn5000_nic_config;
1193 ops->update_sched = iwn5000_update_sched;
1194 ops->get_temperature = iwn5000_get_temperature;
1195 ops->get_rssi = iwn5000_get_rssi;
1196 ops->set_txpower = iwn5000_set_txpower;
1197 ops->init_gains = iwn5000_init_gains;
1198 ops->set_gains = iwn5000_set_gains;
1199 ops->add_node = iwn5000_add_node;
1200 ops->tx_done = iwn5000_tx_done;
1201 ops->ampdu_tx_start = iwn5000_ampdu_tx_start;
1202 ops->ampdu_tx_stop = iwn5000_ampdu_tx_stop;
1203 sc->ntxqs = IWN5000_NTXQUEUES;
1204 sc->firstaggqueue = IWN5000_FIRSTAGGQUEUE;
1205 sc->ndmachnls = IWN5000_NDMACHNLS;
1206 sc->broadcast_id = IWN5000_ID_BROADCAST;
1207 sc->rxonsz = IWN5000_RXONSZ;
1208 sc->schedsz = IWN5000_SCHEDSZ;
1209 sc->fw_text_maxsz = IWN5000_FW_TEXT_MAXSZ;
1210 sc->fw_data_maxsz = IWN5000_FW_DATA_MAXSZ;
1211 sc->fwsz = IWN5000_FWSZ;
1212 sc->sched_txfact_addr = IWN5000_SCHED_TXFACT;
1213 sc->reset_noise_gain = IWN5000_PHY_CALIB_RESET_NOISE_GAIN;
1214 sc->noise_gain = IWN5000_PHY_CALIB_NOISE_GAIN;
1220 * Attach the interface to 802.11 radiotap.
1223 iwn_radiotap_attach(struct iwn_softc *sc)
1225 struct ifnet *ifp = sc->sc_ifp;
1226 struct ieee80211com *ic = ifp->if_l2com;
1227 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
1228 ieee80211_radiotap_attach(ic,
1229 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
1230 IWN_TX_RADIOTAP_PRESENT,
1231 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
1232 IWN_RX_RADIOTAP_PRESENT);
1233 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
1237 iwn_sysctlattach(struct iwn_softc *sc)
1240 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev);
1241 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev);
1243 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
1244 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug,
1245 "control debugging printfs");
1249 static struct ieee80211vap *
1250 iwn_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
1251 enum ieee80211_opmode opmode, int flags,
1252 const uint8_t bssid[IEEE80211_ADDR_LEN],
1253 const uint8_t mac[IEEE80211_ADDR_LEN])
1255 struct iwn_vap *ivp;
1256 struct ieee80211vap *vap;
1257 uint8_t mac1[IEEE80211_ADDR_LEN];
1258 struct iwn_softc *sc = ic->ic_ifp->if_softc;
1260 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
1263 IEEE80211_ADDR_COPY(mac1, mac);
1265 ivp = (struct iwn_vap *) malloc(sizeof(struct iwn_vap),
1266 M_80211_VAP, M_NOWAIT | M_ZERO);
1270 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac1);
1271 ivp->ctx = IWN_RXON_BSS_CTX;
1272 IEEE80211_ADDR_COPY(ivp->macaddr, mac1);
1273 vap->iv_bmissthreshold = 10; /* override default */
1274 /* Override with driver methods. */
1275 ivp->iv_newstate = vap->iv_newstate;
1276 vap->iv_newstate = iwn_newstate;
1277 sc->ivap[IWN_RXON_BSS_CTX] = vap;
1279 ieee80211_ratectl_init(vap);
1280 /* Complete setup. */
1281 ieee80211_vap_attach(vap, iwn_media_change, ieee80211_media_status);
1282 ic->ic_opmode = opmode;
1287 iwn_vap_delete(struct ieee80211vap *vap)
1289 struct iwn_vap *ivp = IWN_VAP(vap);
1291 ieee80211_ratectl_deinit(vap);
1292 ieee80211_vap_detach(vap);
1293 free(ivp, M_80211_VAP);
1297 iwn_detach(device_t dev)
1299 struct iwn_softc *sc = device_get_softc(dev);
1300 struct ifnet *ifp = sc->sc_ifp;
1301 struct ieee80211com *ic;
1304 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
1309 ieee80211_draintask(ic, &sc->sc_reinit_task);
1310 ieee80211_draintask(ic, &sc->sc_radioon_task);
1311 ieee80211_draintask(ic, &sc->sc_radiooff_task);
1314 callout_drain(&sc->watchdog_to);
1315 callout_drain(&sc->calib_to);
1316 ieee80211_ifdetach(ic);
1319 /* Uninstall interrupt handler. */
1320 if (sc->irq != NULL) {
1321 bus_teardown_intr(dev, sc->irq, sc->sc_ih);
1322 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq);
1323 if (sc->irq_rid == 1)
1324 pci_release_msi(dev);
1327 /* Free DMA resources. */
1328 iwn_free_rx_ring(sc, &sc->rxq);
1329 for (qid = 0; qid < sc->ntxqs; qid++)
1330 iwn_free_tx_ring(sc, &sc->txq[qid]);
1333 if (sc->ict != NULL)
1337 if (sc->mem != NULL)
1338 bus_release_resource(dev, SYS_RES_MEMORY, sc->mem_rid, sc->mem);
1343 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n", __func__);
1344 IWN_LOCK_DESTROY(sc);
1349 iwn_shutdown(device_t dev)
1351 struct iwn_softc *sc = device_get_softc(dev);
1358 iwn_suspend(device_t dev)
1360 struct iwn_softc *sc = device_get_softc(dev);
1361 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
1363 ieee80211_suspend_all(ic);
1368 iwn_resume(device_t dev)
1370 struct iwn_softc *sc = device_get_softc(dev);
1371 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
1373 /* Clear device-specific "PCI retry timeout" register (41h). */
1374 pci_write_config(dev, 0x41, 0, 1);
1376 ieee80211_resume_all(ic);
1381 iwn_nic_lock(struct iwn_softc *sc)
1385 /* Request exclusive access to NIC. */
1386 IWN_SETBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_MAC_ACCESS_REQ);
1388 /* Spin until we actually get the lock. */
1389 for (ntries = 0; ntries < 1000; ntries++) {
1390 if ((IWN_READ(sc, IWN_GP_CNTRL) &
1391 (IWN_GP_CNTRL_MAC_ACCESS_ENA | IWN_GP_CNTRL_SLEEP)) ==
1392 IWN_GP_CNTRL_MAC_ACCESS_ENA)
1399 static __inline void
1400 iwn_nic_unlock(struct iwn_softc *sc)
1402 IWN_CLRBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_MAC_ACCESS_REQ);
1405 static __inline uint32_t
1406 iwn_prph_read(struct iwn_softc *sc, uint32_t addr)
1408 IWN_WRITE(sc, IWN_PRPH_RADDR, IWN_PRPH_DWORD | addr);
1409 IWN_BARRIER_READ_WRITE(sc);
1410 return IWN_READ(sc, IWN_PRPH_RDATA);
1413 static __inline void
1414 iwn_prph_write(struct iwn_softc *sc, uint32_t addr, uint32_t data)
1416 IWN_WRITE(sc, IWN_PRPH_WADDR, IWN_PRPH_DWORD | addr);
1417 IWN_BARRIER_WRITE(sc);
1418 IWN_WRITE(sc, IWN_PRPH_WDATA, data);
1421 static __inline void
1422 iwn_prph_setbits(struct iwn_softc *sc, uint32_t addr, uint32_t mask)
1424 iwn_prph_write(sc, addr, iwn_prph_read(sc, addr) | mask);
1427 static __inline void
1428 iwn_prph_clrbits(struct iwn_softc *sc, uint32_t addr, uint32_t mask)
1430 iwn_prph_write(sc, addr, iwn_prph_read(sc, addr) & ~mask);
1433 static __inline void
1434 iwn_prph_write_region_4(struct iwn_softc *sc, uint32_t addr,
1435 const uint32_t *data, int count)
1437 for (; count > 0; count--, data++, addr += 4)
1438 iwn_prph_write(sc, addr, *data);
1441 static __inline uint32_t
1442 iwn_mem_read(struct iwn_softc *sc, uint32_t addr)
1444 IWN_WRITE(sc, IWN_MEM_RADDR, addr);
1445 IWN_BARRIER_READ_WRITE(sc);
1446 return IWN_READ(sc, IWN_MEM_RDATA);
1449 static __inline void
1450 iwn_mem_write(struct iwn_softc *sc, uint32_t addr, uint32_t data)
1452 IWN_WRITE(sc, IWN_MEM_WADDR, addr);
1453 IWN_BARRIER_WRITE(sc);
1454 IWN_WRITE(sc, IWN_MEM_WDATA, data);
1457 static __inline void
1458 iwn_mem_write_2(struct iwn_softc *sc, uint32_t addr, uint16_t data)
1462 tmp = iwn_mem_read(sc, addr & ~3);
1464 tmp = (tmp & 0x0000ffff) | data << 16;
1466 tmp = (tmp & 0xffff0000) | data;
1467 iwn_mem_write(sc, addr & ~3, tmp);
1470 static __inline void
1471 iwn_mem_read_region_4(struct iwn_softc *sc, uint32_t addr, uint32_t *data,
1474 for (; count > 0; count--, addr += 4)
1475 *data++ = iwn_mem_read(sc, addr);
1478 static __inline void
1479 iwn_mem_set_region_4(struct iwn_softc *sc, uint32_t addr, uint32_t val,
1482 for (; count > 0; count--, addr += 4)
1483 iwn_mem_write(sc, addr, val);
1487 iwn_eeprom_lock(struct iwn_softc *sc)
1491 for (i = 0; i < 100; i++) {
1492 /* Request exclusive access to EEPROM. */
1493 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
1494 IWN_HW_IF_CONFIG_EEPROM_LOCKED);
1496 /* Spin until we actually get the lock. */
1497 for (ntries = 0; ntries < 100; ntries++) {
1498 if (IWN_READ(sc, IWN_HW_IF_CONFIG) &
1499 IWN_HW_IF_CONFIG_EEPROM_LOCKED)
1504 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end timeout\n", __func__);
1508 static __inline void
1509 iwn_eeprom_unlock(struct iwn_softc *sc)
1511 IWN_CLRBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_EEPROM_LOCKED);
1515 * Initialize access by host to One Time Programmable ROM.
1516 * NB: This kind of ROM can be found on 1000 or 6000 Series only.
1519 iwn_init_otprom(struct iwn_softc *sc)
1521 uint16_t prev, base, next;
1524 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
1526 /* Wait for clock stabilization before accessing prph. */
1527 if ((error = iwn_clock_wait(sc)) != 0)
1530 if ((error = iwn_nic_lock(sc)) != 0)
1532 iwn_prph_setbits(sc, IWN_APMG_PS, IWN_APMG_PS_RESET_REQ);
1534 iwn_prph_clrbits(sc, IWN_APMG_PS, IWN_APMG_PS_RESET_REQ);
1537 /* Set auto clock gate disable bit for HW with OTP shadow RAM. */
1538 if (sc->base_params->shadow_ram_support) {
1539 IWN_SETBITS(sc, IWN_DBG_LINK_PWR_MGMT,
1540 IWN_RESET_LINK_PWR_MGMT_DIS);
1542 IWN_CLRBITS(sc, IWN_EEPROM_GP, IWN_EEPROM_GP_IF_OWNER);
1543 /* Clear ECC status. */
1544 IWN_SETBITS(sc, IWN_OTP_GP,
1545 IWN_OTP_GP_ECC_CORR_STTS | IWN_OTP_GP_ECC_UNCORR_STTS);
1548 * Find the block before last block (contains the EEPROM image)
1549 * for HW without OTP shadow RAM.
1551 if (! sc->base_params->shadow_ram_support) {
1552 /* Switch to absolute addressing mode. */
1553 IWN_CLRBITS(sc, IWN_OTP_GP, IWN_OTP_GP_RELATIVE_ACCESS);
1555 for (count = 0; count < sc->base_params->max_ll_items;
1557 error = iwn_read_prom_data(sc, base, &next, 2);
1560 if (next == 0) /* End of linked-list. */
1563 base = le16toh(next);
1565 if (count == 0 || count == sc->base_params->max_ll_items)
1567 /* Skip "next" word. */
1568 sc->prom_base = prev + 1;
1571 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
1577 iwn_read_prom_data(struct iwn_softc *sc, uint32_t addr, void *data, int count)
1579 uint8_t *out = data;
1583 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
1585 addr += sc->prom_base;
1586 for (; count > 0; count -= 2, addr++) {
1587 IWN_WRITE(sc, IWN_EEPROM, addr << 2);
1588 for (ntries = 0; ntries < 10; ntries++) {
1589 val = IWN_READ(sc, IWN_EEPROM);
1590 if (val & IWN_EEPROM_READ_VALID)
1595 device_printf(sc->sc_dev,
1596 "timeout reading ROM at 0x%x\n", addr);
1599 if (sc->sc_flags & IWN_FLAG_HAS_OTPROM) {
1600 /* OTPROM, check for ECC errors. */
1601 tmp = IWN_READ(sc, IWN_OTP_GP);
1602 if (tmp & IWN_OTP_GP_ECC_UNCORR_STTS) {
1603 device_printf(sc->sc_dev,
1604 "OTPROM ECC error at 0x%x\n", addr);
1607 if (tmp & IWN_OTP_GP_ECC_CORR_STTS) {
1608 /* Correctable ECC error, clear bit. */
1609 IWN_SETBITS(sc, IWN_OTP_GP,
1610 IWN_OTP_GP_ECC_CORR_STTS);
1618 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
1624 iwn_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error)
1628 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs));
1629 *(bus_addr_t *)arg = segs[0].ds_addr;
1633 iwn_dma_contig_alloc(struct iwn_softc *sc, struct iwn_dma_info *dma,
1634 void **kvap, bus_size_t size, bus_size_t alignment)
1641 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment,
1642 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size,
1643 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag);
1647 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr,
1648 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map);
1652 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size,
1653 iwn_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT);
1657 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
1664 fail: iwn_dma_contig_free(dma);
1669 iwn_dma_contig_free(struct iwn_dma_info *dma)
1671 if (dma->map != NULL) {
1672 if (dma->vaddr != NULL) {
1673 bus_dmamap_sync(dma->tag, dma->map,
1674 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
1675 bus_dmamap_unload(dma->tag, dma->map);
1676 bus_dmamem_free(dma->tag, dma->vaddr, dma->map);
1679 bus_dmamap_destroy(dma->tag, dma->map);
1682 if (dma->tag != NULL) {
1683 bus_dma_tag_destroy(dma->tag);
1689 iwn_alloc_sched(struct iwn_softc *sc)
1691 /* TX scheduler rings must be aligned on a 1KB boundary. */
1692 return iwn_dma_contig_alloc(sc, &sc->sched_dma, (void **)&sc->sched,
1697 iwn_free_sched(struct iwn_softc *sc)
1699 iwn_dma_contig_free(&sc->sched_dma);
1703 iwn_alloc_kw(struct iwn_softc *sc)
1705 /* "Keep Warm" page must be aligned on a 4KB boundary. */
1706 return iwn_dma_contig_alloc(sc, &sc->kw_dma, NULL, 4096, 4096);
1710 iwn_free_kw(struct iwn_softc *sc)
1712 iwn_dma_contig_free(&sc->kw_dma);
1716 iwn_alloc_ict(struct iwn_softc *sc)
1718 /* ICT table must be aligned on a 4KB boundary. */
1719 return iwn_dma_contig_alloc(sc, &sc->ict_dma, (void **)&sc->ict,
1720 IWN_ICT_SIZE, 4096);
1724 iwn_free_ict(struct iwn_softc *sc)
1726 iwn_dma_contig_free(&sc->ict_dma);
1730 iwn_alloc_fwmem(struct iwn_softc *sc)
1732 /* Must be aligned on a 16-byte boundary. */
1733 return iwn_dma_contig_alloc(sc, &sc->fw_dma, NULL, sc->fwsz, 16);
1737 iwn_free_fwmem(struct iwn_softc *sc)
1739 iwn_dma_contig_free(&sc->fw_dma);
1743 iwn_alloc_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring)
1750 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
1752 /* Allocate RX descriptors (256-byte aligned). */
1753 size = IWN_RX_RING_COUNT * sizeof (uint32_t);
1754 error = iwn_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc,
1757 device_printf(sc->sc_dev,
1758 "%s: could not allocate RX ring DMA memory, error %d\n",
1763 /* Allocate RX status area (16-byte aligned). */
1764 error = iwn_dma_contig_alloc(sc, &ring->stat_dma, (void **)&ring->stat,
1765 sizeof (struct iwn_rx_status), 16);
1767 device_printf(sc->sc_dev,
1768 "%s: could not allocate RX status DMA memory, error %d\n",
1773 /* Create RX buffer DMA tag. */
1774 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
1775 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
1776 IWN_RBUF_SIZE, 1, IWN_RBUF_SIZE, BUS_DMA_NOWAIT, NULL, NULL,
1779 device_printf(sc->sc_dev,
1780 "%s: could not create RX buf DMA tag, error %d\n",
1786 * Allocate and map RX buffers.
1788 for (i = 0; i < IWN_RX_RING_COUNT; i++) {
1789 struct iwn_rx_data *data = &ring->data[i];
1792 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1794 device_printf(sc->sc_dev,
1795 "%s: could not create RX buf DMA map, error %d\n",
1800 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
1802 if (data->m == NULL) {
1803 device_printf(sc->sc_dev,
1804 "%s: could not allocate RX mbuf\n", __func__);
1809 error = bus_dmamap_load(ring->data_dmat, data->map,
1810 mtod(data->m, void *), IWN_RBUF_SIZE, iwn_dma_map_addr,
1811 &paddr, BUS_DMA_NOWAIT);
1812 if (error != 0 && error != EFBIG) {
1813 device_printf(sc->sc_dev,
1814 "%s: can't not map mbuf, error %d\n", __func__,
1819 /* Set physical address of RX buffer (256-byte aligned). */
1820 ring->desc[i] = htole32(paddr >> 8);
1823 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1824 BUS_DMASYNC_PREWRITE);
1826 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
1830 fail: iwn_free_rx_ring(sc, ring);
1832 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end in error\n",__func__);
1838 iwn_reset_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring)
1842 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
1844 if (iwn_nic_lock(sc) == 0) {
1845 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 0);
1846 for (ntries = 0; ntries < 1000; ntries++) {
1847 if (IWN_READ(sc, IWN_FH_RX_STATUS) &
1848 IWN_FH_RX_STATUS_IDLE)
1855 sc->last_rx_valid = 0;
1859 iwn_free_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring)
1863 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s \n", __func__);
1865 iwn_dma_contig_free(&ring->desc_dma);
1866 iwn_dma_contig_free(&ring->stat_dma);
1868 for (i = 0; i < IWN_RX_RING_COUNT; i++) {
1869 struct iwn_rx_data *data = &ring->data[i];
1871 if (data->m != NULL) {
1872 bus_dmamap_sync(ring->data_dmat, data->map,
1873 BUS_DMASYNC_POSTREAD);
1874 bus_dmamap_unload(ring->data_dmat, data->map);
1878 if (data->map != NULL)
1879 bus_dmamap_destroy(ring->data_dmat, data->map);
1881 if (ring->data_dmat != NULL) {
1882 bus_dma_tag_destroy(ring->data_dmat);
1883 ring->data_dmat = NULL;
1888 iwn_alloc_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring, int qid)
1898 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
1900 /* Allocate TX descriptors (256-byte aligned). */
1901 size = IWN_TX_RING_COUNT * sizeof (struct iwn_tx_desc);
1902 error = iwn_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc,
1905 device_printf(sc->sc_dev,
1906 "%s: could not allocate TX ring DMA memory, error %d\n",
1911 size = IWN_TX_RING_COUNT * sizeof (struct iwn_tx_cmd);
1912 error = iwn_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd,
1915 device_printf(sc->sc_dev,
1916 "%s: could not allocate TX cmd DMA memory, error %d\n",
1921 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
1922 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
1923 IWN_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL,
1926 device_printf(sc->sc_dev,
1927 "%s: could not create TX buf DMA tag, error %d\n",
1932 paddr = ring->cmd_dma.paddr;
1933 for (i = 0; i < IWN_TX_RING_COUNT; i++) {
1934 struct iwn_tx_data *data = &ring->data[i];
1936 data->cmd_paddr = paddr;
1937 data->scratch_paddr = paddr + 12;
1938 paddr += sizeof (struct iwn_tx_cmd);
1940 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1942 device_printf(sc->sc_dev,
1943 "%s: could not create TX buf DMA map, error %d\n",
1949 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
1953 fail: iwn_free_tx_ring(sc, ring);
1954 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end in error\n", __func__);
1959 iwn_reset_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring)
1963 DPRINTF(sc, IWN_DEBUG_TRACE, "->doing %s \n", __func__);
1965 for (i = 0; i < IWN_TX_RING_COUNT; i++) {
1966 struct iwn_tx_data *data = &ring->data[i];
1968 if (data->m != NULL) {
1969 bus_dmamap_sync(ring->data_dmat, data->map,
1970 BUS_DMASYNC_POSTWRITE);
1971 bus_dmamap_unload(ring->data_dmat, data->map);
1976 /* Clear TX descriptors. */
1977 memset(ring->desc, 0, ring->desc_dma.size);
1978 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1979 BUS_DMASYNC_PREWRITE);
1980 sc->qfullmsk &= ~(1 << ring->qid);
1986 iwn_free_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring)
1990 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s \n", __func__);
1992 iwn_dma_contig_free(&ring->desc_dma);
1993 iwn_dma_contig_free(&ring->cmd_dma);
1995 for (i = 0; i < IWN_TX_RING_COUNT; i++) {
1996 struct iwn_tx_data *data = &ring->data[i];
1998 if (data->m != NULL) {
1999 bus_dmamap_sync(ring->data_dmat, data->map,
2000 BUS_DMASYNC_POSTWRITE);
2001 bus_dmamap_unload(ring->data_dmat, data->map);
2004 if (data->map != NULL)
2005 bus_dmamap_destroy(ring->data_dmat, data->map);
2007 if (ring->data_dmat != NULL) {
2008 bus_dma_tag_destroy(ring->data_dmat);
2009 ring->data_dmat = NULL;
2014 iwn5000_ict_reset(struct iwn_softc *sc)
2016 /* Disable interrupts. */
2017 IWN_WRITE(sc, IWN_INT_MASK, 0);
2019 /* Reset ICT table. */
2020 memset(sc->ict, 0, IWN_ICT_SIZE);
2023 /* Set physical address of ICT table (4KB aligned). */
2024 DPRINTF(sc, IWN_DEBUG_RESET, "%s: enabling ICT\n", __func__);
2025 IWN_WRITE(sc, IWN_DRAM_INT_TBL, IWN_DRAM_INT_TBL_ENABLE |
2026 IWN_DRAM_INT_TBL_WRAP_CHECK | sc->ict_dma.paddr >> 12);
2028 /* Enable periodic RX interrupt. */
2029 sc->int_mask |= IWN_INT_RX_PERIODIC;
2030 /* Switch to ICT interrupt mode in driver. */
2031 sc->sc_flags |= IWN_FLAG_USE_ICT;
2033 /* Re-enable interrupts. */
2034 IWN_WRITE(sc, IWN_INT, 0xffffffff);
2035 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
2039 iwn_read_eeprom(struct iwn_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN])
2041 struct iwn_ops *ops = &sc->ops;
2045 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
2047 /* Check whether adapter has an EEPROM or an OTPROM. */
2048 if (sc->hw_type >= IWN_HW_REV_TYPE_1000 &&
2049 (IWN_READ(sc, IWN_OTP_GP) & IWN_OTP_GP_DEV_SEL_OTP))
2050 sc->sc_flags |= IWN_FLAG_HAS_OTPROM;
2051 DPRINTF(sc, IWN_DEBUG_RESET, "%s found\n",
2052 (sc->sc_flags & IWN_FLAG_HAS_OTPROM) ? "OTPROM" : "EEPROM");
2054 /* Adapter has to be powered on for EEPROM access to work. */
2055 if ((error = iwn_apm_init(sc)) != 0) {
2056 device_printf(sc->sc_dev,
2057 "%s: could not power ON adapter, error %d\n", __func__,
2062 if ((IWN_READ(sc, IWN_EEPROM_GP) & 0x7) == 0) {
2063 device_printf(sc->sc_dev, "%s: bad ROM signature\n", __func__);
2066 if ((error = iwn_eeprom_lock(sc)) != 0) {
2067 device_printf(sc->sc_dev, "%s: could not lock ROM, error %d\n",
2071 if (sc->sc_flags & IWN_FLAG_HAS_OTPROM) {
2072 if ((error = iwn_init_otprom(sc)) != 0) {
2073 device_printf(sc->sc_dev,
2074 "%s: could not initialize OTPROM, error %d\n",
2080 iwn_read_prom_data(sc, IWN_EEPROM_SKU_CAP, &val, 2);
2081 DPRINTF(sc, IWN_DEBUG_RESET, "SKU capabilities=0x%04x\n", le16toh(val));
2082 /* Check if HT support is bonded out. */
2083 if (val & htole16(IWN_EEPROM_SKU_CAP_11N))
2084 sc->sc_flags |= IWN_FLAG_HAS_11N;
2086 iwn_read_prom_data(sc, IWN_EEPROM_RFCFG, &val, 2);
2087 sc->rfcfg = le16toh(val);
2088 DPRINTF(sc, IWN_DEBUG_RESET, "radio config=0x%04x\n", sc->rfcfg);
2089 /* Read Tx/Rx chains from ROM unless it's known to be broken. */
2090 if (sc->txchainmask == 0)
2091 sc->txchainmask = IWN_RFCFG_TXANTMSK(sc->rfcfg);
2092 if (sc->rxchainmask == 0)
2093 sc->rxchainmask = IWN_RFCFG_RXANTMSK(sc->rfcfg);
2095 /* Read MAC address. */
2096 iwn_read_prom_data(sc, IWN_EEPROM_MAC, macaddr, 6);
2098 /* Read adapter-specific information from EEPROM. */
2099 ops->read_eeprom(sc);
2101 iwn_apm_stop(sc); /* Power OFF adapter. */
2103 iwn_eeprom_unlock(sc);
2105 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
2111 iwn4965_read_eeprom(struct iwn_softc *sc)
2117 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
2119 /* Read regulatory domain (4 ASCII characters). */
2120 iwn_read_prom_data(sc, IWN4965_EEPROM_DOMAIN, sc->eeprom_domain, 4);
2122 /* Read the list of authorized channels (20MHz ones only). */
2123 for (i = 0; i < IWN_NBANDS - 1; i++) {
2124 addr = iwn4965_regulatory_bands[i];
2125 iwn_read_eeprom_channels(sc, i, addr);
2128 /* Read maximum allowed TX power for 2GHz and 5GHz bands. */
2129 iwn_read_prom_data(sc, IWN4965_EEPROM_MAXPOW, &val, 2);
2130 sc->maxpwr2GHz = val & 0xff;
2131 sc->maxpwr5GHz = val >> 8;
2132 /* Check that EEPROM values are within valid range. */
2133 if (sc->maxpwr5GHz < 20 || sc->maxpwr5GHz > 50)
2134 sc->maxpwr5GHz = 38;
2135 if (sc->maxpwr2GHz < 20 || sc->maxpwr2GHz > 50)
2136 sc->maxpwr2GHz = 38;
2137 DPRINTF(sc, IWN_DEBUG_RESET, "maxpwr 2GHz=%d 5GHz=%d\n",
2138 sc->maxpwr2GHz, sc->maxpwr5GHz);
2140 /* Read samples for each TX power group. */
2141 iwn_read_prom_data(sc, IWN4965_EEPROM_BANDS, sc->bands,
2144 /* Read voltage at which samples were taken. */
2145 iwn_read_prom_data(sc, IWN4965_EEPROM_VOLTAGE, &val, 2);
2146 sc->eeprom_voltage = (int16_t)le16toh(val);
2147 DPRINTF(sc, IWN_DEBUG_RESET, "voltage=%d (in 0.3V)\n",
2148 sc->eeprom_voltage);
2151 /* Print samples. */
2152 if (sc->sc_debug & IWN_DEBUG_ANY) {
2153 for (i = 0; i < IWN_NBANDS - 1; i++)
2154 iwn4965_print_power_group(sc, i);
2158 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
2163 iwn4965_print_power_group(struct iwn_softc *sc, int i)
2165 struct iwn4965_eeprom_band *band = &sc->bands[i];
2166 struct iwn4965_eeprom_chan_samples *chans = band->chans;
2169 printf("===band %d===\n", i);
2170 printf("chan lo=%d, chan hi=%d\n", band->lo, band->hi);
2171 printf("chan1 num=%d\n", chans[0].num);
2172 for (c = 0; c < 2; c++) {
2173 for (j = 0; j < IWN_NSAMPLES; j++) {
2174 printf("chain %d, sample %d: temp=%d gain=%d "
2175 "power=%d pa_det=%d\n", c, j,
2176 chans[0].samples[c][j].temp,
2177 chans[0].samples[c][j].gain,
2178 chans[0].samples[c][j].power,
2179 chans[0].samples[c][j].pa_det);
2182 printf("chan2 num=%d\n", chans[1].num);
2183 for (c = 0; c < 2; c++) {
2184 for (j = 0; j < IWN_NSAMPLES; j++) {
2185 printf("chain %d, sample %d: temp=%d gain=%d "
2186 "power=%d pa_det=%d\n", c, j,
2187 chans[1].samples[c][j].temp,
2188 chans[1].samples[c][j].gain,
2189 chans[1].samples[c][j].power,
2190 chans[1].samples[c][j].pa_det);
2197 iwn5000_read_eeprom(struct iwn_softc *sc)
2199 struct iwn5000_eeprom_calib_hdr hdr;
2201 uint32_t base, addr;
2205 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
2207 /* Read regulatory domain (4 ASCII characters). */
2208 iwn_read_prom_data(sc, IWN5000_EEPROM_REG, &val, 2);
2209 base = le16toh(val);
2210 iwn_read_prom_data(sc, base + IWN5000_EEPROM_DOMAIN,
2211 sc->eeprom_domain, 4);
2213 /* Read the list of authorized channels (20MHz ones only). */
2214 for (i = 0; i < IWN_NBANDS - 1; i++) {
2215 addr = base + sc->base_params->regulatory_bands[i];
2216 iwn_read_eeprom_channels(sc, i, addr);
2219 /* Read enhanced TX power information for 6000 Series. */
2220 if (sc->base_params->enhanced_TX_power)
2221 iwn_read_eeprom_enhinfo(sc);
2223 iwn_read_prom_data(sc, IWN5000_EEPROM_CAL, &val, 2);
2224 base = le16toh(val);
2225 iwn_read_prom_data(sc, base, &hdr, sizeof hdr);
2226 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
2227 "%s: calib version=%u pa type=%u voltage=%u\n", __func__,
2228 hdr.version, hdr.pa_type, le16toh(hdr.volt));
2229 sc->calib_ver = hdr.version;
2231 if (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_TEMP_OFFSETv2) {
2232 sc->eeprom_voltage = le16toh(hdr.volt);
2233 iwn_read_prom_data(sc, base + IWN5000_EEPROM_TEMP, &val, 2);
2234 sc->eeprom_temp_high=le16toh(val);
2235 iwn_read_prom_data(sc, base + IWN5000_EEPROM_VOLT, &val, 2);
2236 sc->eeprom_temp = le16toh(val);
2239 if (sc->hw_type == IWN_HW_REV_TYPE_5150) {
2240 /* Compute temperature offset. */
2241 iwn_read_prom_data(sc, base + IWN5000_EEPROM_TEMP, &val, 2);
2242 sc->eeprom_temp = le16toh(val);
2243 iwn_read_prom_data(sc, base + IWN5000_EEPROM_VOLT, &val, 2);
2244 volt = le16toh(val);
2245 sc->temp_off = sc->eeprom_temp - (volt / -5);
2246 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "temp=%d volt=%d offset=%dK\n",
2247 sc->eeprom_temp, volt, sc->temp_off);
2249 /* Read crystal calibration. */
2250 iwn_read_prom_data(sc, base + IWN5000_EEPROM_CRYSTAL,
2251 &sc->eeprom_crystal, sizeof (uint32_t));
2252 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "crystal calibration 0x%08x\n",
2253 le32toh(sc->eeprom_crystal));
2256 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
2261 * Translate EEPROM flags to net80211.
2264 iwn_eeprom_channel_flags(struct iwn_eeprom_chan *channel)
2269 if ((channel->flags & IWN_EEPROM_CHAN_ACTIVE) == 0)
2270 nflags |= IEEE80211_CHAN_PASSIVE;
2271 if ((channel->flags & IWN_EEPROM_CHAN_IBSS) == 0)
2272 nflags |= IEEE80211_CHAN_NOADHOC;
2273 if (channel->flags & IWN_EEPROM_CHAN_RADAR) {
2274 nflags |= IEEE80211_CHAN_DFS;
2275 /* XXX apparently IBSS may still be marked */
2276 nflags |= IEEE80211_CHAN_NOADHOC;
2283 iwn_read_eeprom_band(struct iwn_softc *sc, int n)
2285 struct ifnet *ifp = sc->sc_ifp;
2286 struct ieee80211com *ic = ifp->if_l2com;
2287 struct iwn_eeprom_chan *channels = sc->eeprom_channels[n];
2288 const struct iwn_chan_band *band = &iwn_bands[n];
2289 struct ieee80211_channel *c;
2293 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
2295 for (i = 0; i < band->nchan; i++) {
2296 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) {
2297 DPRINTF(sc, IWN_DEBUG_RESET,
2298 "skip chan %d flags 0x%x maxpwr %d\n",
2299 band->chan[i], channels[i].flags,
2300 channels[i].maxpwr);
2303 chan = band->chan[i];
2304 nflags = iwn_eeprom_channel_flags(&channels[i]);
2306 c = &ic->ic_channels[ic->ic_nchans++];
2308 c->ic_maxregpower = channels[i].maxpwr;
2309 c->ic_maxpower = 2*c->ic_maxregpower;
2311 if (n == 0) { /* 2GHz band */
2312 c->ic_freq = ieee80211_ieee2mhz(chan, IEEE80211_CHAN_G);
2313 /* G =>'s B is supported */
2314 c->ic_flags = IEEE80211_CHAN_B | nflags;
2315 c = &ic->ic_channels[ic->ic_nchans++];
2317 c->ic_flags = IEEE80211_CHAN_G | nflags;
2318 } else { /* 5GHz band */
2319 c->ic_freq = ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A);
2320 c->ic_flags = IEEE80211_CHAN_A | nflags;
2323 /* Save maximum allowed TX power for this channel. */
2324 sc->maxpwr[chan] = channels[i].maxpwr;
2326 DPRINTF(sc, IWN_DEBUG_RESET,
2327 "add chan %d flags 0x%x maxpwr %d\n", chan,
2328 channels[i].flags, channels[i].maxpwr);
2330 if (sc->sc_flags & IWN_FLAG_HAS_11N) {
2331 /* add HT20, HT40 added separately */
2332 c = &ic->ic_channels[ic->ic_nchans++];
2334 c->ic_flags |= IEEE80211_CHAN_HT20;
2338 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
2343 iwn_read_eeprom_ht40(struct iwn_softc *sc, int n)
2345 struct ifnet *ifp = sc->sc_ifp;
2346 struct ieee80211com *ic = ifp->if_l2com;
2347 struct iwn_eeprom_chan *channels = sc->eeprom_channels[n];
2348 const struct iwn_chan_band *band = &iwn_bands[n];
2349 struct ieee80211_channel *c, *cent, *extc;
2353 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s start\n", __func__);
2355 if (!(sc->sc_flags & IWN_FLAG_HAS_11N)) {
2356 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end no 11n\n", __func__);
2360 for (i = 0; i < band->nchan; i++) {
2361 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) {
2362 DPRINTF(sc, IWN_DEBUG_RESET,
2363 "skip chan %d flags 0x%x maxpwr %d\n",
2364 band->chan[i], channels[i].flags,
2365 channels[i].maxpwr);
2368 chan = band->chan[i];
2369 nflags = iwn_eeprom_channel_flags(&channels[i]);
2372 * Each entry defines an HT40 channel pair; find the
2373 * center channel, then the extension channel above.
2375 cent = ieee80211_find_channel_byieee(ic, chan,
2376 (n == 5 ? IEEE80211_CHAN_G : IEEE80211_CHAN_A));
2377 if (cent == NULL) { /* XXX shouldn't happen */
2378 device_printf(sc->sc_dev,
2379 "%s: no entry for channel %d\n", __func__, chan);
2382 extc = ieee80211_find_channel(ic, cent->ic_freq+20,
2383 (n == 5 ? IEEE80211_CHAN_G : IEEE80211_CHAN_A));
2385 DPRINTF(sc, IWN_DEBUG_RESET,
2386 "%s: skip chan %d, extension channel not found\n",
2391 DPRINTF(sc, IWN_DEBUG_RESET,
2392 "add ht40 chan %d flags 0x%x maxpwr %d\n",
2393 chan, channels[i].flags, channels[i].maxpwr);
2395 c = &ic->ic_channels[ic->ic_nchans++];
2397 c->ic_extieee = extc->ic_ieee;
2398 c->ic_flags &= ~IEEE80211_CHAN_HT;
2399 c->ic_flags |= IEEE80211_CHAN_HT40U | nflags;
2400 c = &ic->ic_channels[ic->ic_nchans++];
2402 c->ic_extieee = cent->ic_ieee;
2403 c->ic_flags &= ~IEEE80211_CHAN_HT;
2404 c->ic_flags |= IEEE80211_CHAN_HT40D | nflags;
2407 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
2412 iwn_read_eeprom_channels(struct iwn_softc *sc, int n, uint32_t addr)
2414 struct ifnet *ifp = sc->sc_ifp;
2415 struct ieee80211com *ic = ifp->if_l2com;
2417 iwn_read_prom_data(sc, addr, &sc->eeprom_channels[n],
2418 iwn_bands[n].nchan * sizeof (struct iwn_eeprom_chan));
2421 iwn_read_eeprom_band(sc, n);
2423 iwn_read_eeprom_ht40(sc, n);
2424 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans);
2427 static struct iwn_eeprom_chan *
2428 iwn_find_eeprom_channel(struct iwn_softc *sc, struct ieee80211_channel *c)
2430 int band, chan, i, j;
2432 if (IEEE80211_IS_CHAN_HT40(c)) {
2433 band = IEEE80211_IS_CHAN_5GHZ(c) ? 6 : 5;
2434 if (IEEE80211_IS_CHAN_HT40D(c))
2435 chan = c->ic_extieee;
2438 for (i = 0; i < iwn_bands[band].nchan; i++) {
2439 if (iwn_bands[band].chan[i] == chan)
2440 return &sc->eeprom_channels[band][i];
2443 for (j = 0; j < 5; j++) {
2444 for (i = 0; i < iwn_bands[j].nchan; i++) {
2445 if (iwn_bands[j].chan[i] == c->ic_ieee)
2446 return &sc->eeprom_channels[j][i];
2454 * Enforce flags read from EEPROM.
2457 iwn_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd,
2458 int nchan, struct ieee80211_channel chans[])
2460 struct iwn_softc *sc = ic->ic_ifp->if_softc;
2463 for (i = 0; i < nchan; i++) {
2464 struct ieee80211_channel *c = &chans[i];
2465 struct iwn_eeprom_chan *channel;
2467 channel = iwn_find_eeprom_channel(sc, c);
2468 if (channel == NULL) {
2469 if_printf(ic->ic_ifp,
2470 "%s: invalid channel %u freq %u/0x%x\n",
2471 __func__, c->ic_ieee, c->ic_freq, c->ic_flags);
2474 c->ic_flags |= iwn_eeprom_channel_flags(channel);
2481 iwn_read_eeprom_enhinfo(struct iwn_softc *sc)
2483 struct iwn_eeprom_enhinfo enhinfo[35];
2484 struct ifnet *ifp = sc->sc_ifp;
2485 struct ieee80211com *ic = ifp->if_l2com;
2486 struct ieee80211_channel *c;
2492 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
2494 iwn_read_prom_data(sc, IWN5000_EEPROM_REG, &val, 2);
2495 base = le16toh(val);
2496 iwn_read_prom_data(sc, base + IWN6000_EEPROM_ENHINFO,
2497 enhinfo, sizeof enhinfo);
2499 for (i = 0; i < nitems(enhinfo); i++) {
2500 flags = enhinfo[i].flags;
2501 if (!(flags & IWN_ENHINFO_VALID))
2502 continue; /* Skip invalid entries. */
2505 if (sc->txchainmask & IWN_ANT_A)
2506 maxpwr = MAX(maxpwr, enhinfo[i].chain[0]);
2507 if (sc->txchainmask & IWN_ANT_B)
2508 maxpwr = MAX(maxpwr, enhinfo[i].chain[1]);
2509 if (sc->txchainmask & IWN_ANT_C)
2510 maxpwr = MAX(maxpwr, enhinfo[i].chain[2]);
2511 if (sc->ntxchains == 2)
2512 maxpwr = MAX(maxpwr, enhinfo[i].mimo2);
2513 else if (sc->ntxchains == 3)
2514 maxpwr = MAX(maxpwr, enhinfo[i].mimo3);
2516 for (j = 0; j < ic->ic_nchans; j++) {
2517 c = &ic->ic_channels[j];
2518 if ((flags & IWN_ENHINFO_5GHZ)) {
2519 if (!IEEE80211_IS_CHAN_A(c))
2521 } else if ((flags & IWN_ENHINFO_OFDM)) {
2522 if (!IEEE80211_IS_CHAN_G(c))
2524 } else if (!IEEE80211_IS_CHAN_B(c))
2526 if ((flags & IWN_ENHINFO_HT40)) {
2527 if (!IEEE80211_IS_CHAN_HT40(c))
2530 if (IEEE80211_IS_CHAN_HT40(c))
2533 if (enhinfo[i].chan != 0 &&
2534 enhinfo[i].chan != c->ic_ieee)
2537 DPRINTF(sc, IWN_DEBUG_RESET,
2538 "channel %d(%x), maxpwr %d\n", c->ic_ieee,
2539 c->ic_flags, maxpwr / 2);
2540 c->ic_maxregpower = maxpwr / 2;
2541 c->ic_maxpower = maxpwr;
2545 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end\n", __func__);
2549 static struct ieee80211_node *
2550 iwn_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2552 return malloc(sizeof (struct iwn_node), M_80211_NODE,M_NOWAIT | M_ZERO);
2558 switch (rate & 0xff) {
2559 case 12: return 0xd;
2560 case 18: return 0xf;
2561 case 24: return 0x5;
2562 case 36: return 0x7;
2563 case 48: return 0x9;
2564 case 72: return 0xb;
2565 case 96: return 0x1;
2566 case 108: return 0x3;
2570 case 22: return 110;
2576 * Calculate the required PLCP value from the given rate,
2577 * to the given node.
2579 * This will take the node configuration (eg 11n, rate table
2580 * setup, etc) into consideration.
2583 iwn_rate_to_plcp(struct iwn_softc *sc, struct ieee80211_node *ni,
2586 #define RV(v) ((v) & IEEE80211_RATE_VAL)
2587 struct ieee80211com *ic = ni->ni_ic;
2588 uint8_t txant1, txant2;
2592 /* Use the first valid TX antenna. */
2593 txant1 = IWN_LSB(sc->txchainmask);
2594 txant2 = IWN_LSB(sc->txchainmask & ~txant1);
2597 * If it's an MCS rate, let's set the plcp correctly
2598 * and set the relevant flags based on the node config.
2600 if (rate & IEEE80211_RATE_MCS) {
2602 * Set the initial PLCP value to be between 0->31 for
2603 * MCS 0 -> MCS 31, then set the "I'm an MCS rate!"
2606 plcp = RV(rate) | IWN_RFLAG_MCS;
2609 * XXX the following should only occur if both
2610 * the local configuration _and_ the remote node
2611 * advertise these capabilities. Thus this code
2616 * Set the channel width and guard interval.
2618 if (IEEE80211_IS_CHAN_HT40(ni->ni_chan)) {
2619 plcp |= IWN_RFLAG_HT40;
2620 if (ni->ni_htcap & IEEE80211_HTCAP_SHORTGI40)
2621 plcp |= IWN_RFLAG_SGI;
2622 } else if (ni->ni_htcap & IEEE80211_HTCAP_SHORTGI20) {
2623 plcp |= IWN_RFLAG_SGI;
2627 * If it's a two stream rate, enable TX on both
2630 * XXX three stream rates?
2633 plcp |= IWN_RFLAG_ANT(txant1 | txant2);
2635 plcp |= IWN_RFLAG_ANT(txant1);
2638 * Set the initial PLCP - fine for both
2639 * OFDM and CCK rates.
2641 plcp = rate2plcp(rate);
2643 /* Set CCK flag if it's CCK */
2645 /* XXX It would be nice to have a method
2646 * to map the ridx -> phy table entry
2647 * so we could just query that, rather than
2648 * this hack to check against IWN_RIDX_OFDM6.
2650 ridx = ieee80211_legacy_rate_lookup(ic->ic_rt,
2651 rate & IEEE80211_RATE_VAL);
2652 if (ridx < IWN_RIDX_OFDM6 &&
2653 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
2654 plcp |= IWN_RFLAG_CCK;
2656 /* Set antenna configuration */
2657 plcp |= IWN_RFLAG_ANT(txant1);
2660 DPRINTF(sc, IWN_DEBUG_TXRATE, "%s: rate=0x%02x, plcp=0x%08x\n",
2665 return (htole32(plcp));
2670 iwn_newassoc(struct ieee80211_node *ni, int isnew)
2672 /* Doesn't do anything at the moment */
2676 iwn_media_change(struct ifnet *ifp)
2680 error = ieee80211_media_change(ifp);
2681 /* NB: only the fixed rate can change and that doesn't need a reset */
2682 return (error == ENETRESET ? 0 : error);
2686 iwn_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2688 struct iwn_vap *ivp = IWN_VAP(vap);
2689 struct ieee80211com *ic = vap->iv_ic;
2690 struct iwn_softc *sc = ic->ic_ifp->if_softc;
2693 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
2695 DPRINTF(sc, IWN_DEBUG_STATE, "%s: %s -> %s\n", __func__,
2696 ieee80211_state_name[vap->iv_state], ieee80211_state_name[nstate]);
2698 IEEE80211_UNLOCK(ic);
2700 callout_stop(&sc->calib_to);
2702 sc->rxon = &sc->rx_on[IWN_RXON_BSS_CTX];
2705 case IEEE80211_S_ASSOC:
2706 if (vap->iv_state != IEEE80211_S_RUN)
2709 case IEEE80211_S_AUTH:
2710 if (vap->iv_state == IEEE80211_S_AUTH)
2714 * !AUTH -> AUTH transition requires state reset to handle
2715 * reassociations correctly.
2717 sc->rxon->associd = 0;
2718 sc->rxon->filter &= ~htole32(IWN_FILTER_BSS);
2719 sc->calib.state = IWN_CALIB_STATE_INIT;
2721 if ((error = iwn_auth(sc, vap)) != 0) {
2722 device_printf(sc->sc_dev,
2723 "%s: could not move to auth state\n", __func__);
2727 case IEEE80211_S_RUN:
2729 * RUN -> RUN transition; Just restart the timers.
2731 if (vap->iv_state == IEEE80211_S_RUN) {
2737 * !RUN -> RUN requires setting the association id
2738 * which is done with a firmware cmd. We also defer
2739 * starting the timers until that work is done.
2741 if ((error = iwn_run(sc, vap)) != 0) {
2742 device_printf(sc->sc_dev,
2743 "%s: could not move to run state\n", __func__);
2747 case IEEE80211_S_INIT:
2748 sc->calib.state = IWN_CALIB_STATE_INIT;
2757 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end in error\n", __func__);
2761 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
2763 return ivp->iv_newstate(vap, nstate, arg);
2767 iwn_calib_timeout(void *arg)
2769 struct iwn_softc *sc = arg;
2771 IWN_LOCK_ASSERT(sc);
2773 /* Force automatic TX power calibration every 60 secs. */
2774 if (++sc->calib_cnt >= 120) {
2777 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s\n",
2778 "sending request for statistics");
2779 (void)iwn_cmd(sc, IWN_CMD_GET_STATISTICS, &flags,
2783 callout_reset(&sc->calib_to, msecs_to_ticks(500), iwn_calib_timeout,
2788 * Process an RX_PHY firmware notification. This is usually immediately
2789 * followed by an MPDU_RX_DONE notification.
2792 iwn_rx_phy(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2793 struct iwn_rx_data *data)
2795 struct iwn_rx_stat *stat = (struct iwn_rx_stat *)(desc + 1);
2797 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: received PHY stats\n", __func__);
2798 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2800 /* Save RX statistics, they will be used on MPDU_RX_DONE. */
2801 memcpy(&sc->last_rx_stat, stat, sizeof (*stat));
2802 sc->last_rx_valid = 1;
2806 * Process an RX_DONE (4965AGN only) or MPDU_RX_DONE firmware notification.
2807 * Each MPDU_RX_DONE notification must be preceded by an RX_PHY one.
2810 iwn_rx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2811 struct iwn_rx_data *data)
2813 struct iwn_ops *ops = &sc->ops;
2814 struct ifnet *ifp = sc->sc_ifp;
2815 struct ieee80211com *ic = ifp->if_l2com;
2816 struct iwn_rx_ring *ring = &sc->rxq;
2817 struct ieee80211_frame *wh;
2818 struct ieee80211_node *ni;
2819 struct mbuf *m, *m1;
2820 struct iwn_rx_stat *stat;
2824 int error, len, rssi, nf;
2826 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
2828 if (desc->type == IWN_MPDU_RX_DONE) {
2829 /* Check for prior RX_PHY notification. */
2830 if (!sc->last_rx_valid) {
2831 DPRINTF(sc, IWN_DEBUG_ANY,
2832 "%s: missing RX_PHY\n", __func__);
2835 stat = &sc->last_rx_stat;
2837 stat = (struct iwn_rx_stat *)(desc + 1);
2839 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2841 if (stat->cfg_phy_len > IWN_STAT_MAXLEN) {
2842 device_printf(sc->sc_dev,
2843 "%s: invalid RX statistic header, len %d\n", __func__,
2847 if (desc->type == IWN_MPDU_RX_DONE) {
2848 struct iwn_rx_mpdu *mpdu = (struct iwn_rx_mpdu *)(desc + 1);
2849 head = (caddr_t)(mpdu + 1);
2850 len = le16toh(mpdu->len);
2852 head = (caddr_t)(stat + 1) + stat->cfg_phy_len;
2853 len = le16toh(stat->len);
2856 flags = le32toh(*(uint32_t *)(head + len));
2858 /* Discard frames with a bad FCS early. */
2859 if ((flags & IWN_RX_NOERROR) != IWN_RX_NOERROR) {
2860 DPRINTF(sc, IWN_DEBUG_RECV, "%s: RX flags error %x\n",
2865 /* Discard frames that are too short. */
2866 if (len < sizeof (*wh)) {
2867 DPRINTF(sc, IWN_DEBUG_RECV, "%s: frame too short: %d\n",
2873 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWN_RBUF_SIZE);
2875 DPRINTF(sc, IWN_DEBUG_ANY, "%s: no mbuf to restock ring\n",
2880 bus_dmamap_unload(ring->data_dmat, data->map);
2882 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *),
2883 IWN_RBUF_SIZE, iwn_dma_map_addr, &paddr, BUS_DMA_NOWAIT);
2884 if (error != 0 && error != EFBIG) {
2885 device_printf(sc->sc_dev,
2886 "%s: bus_dmamap_load failed, error %d\n", __func__, error);
2889 /* Try to reload the old mbuf. */
2890 error = bus_dmamap_load(ring->data_dmat, data->map,
2891 mtod(data->m, void *), IWN_RBUF_SIZE, iwn_dma_map_addr,
2892 &paddr, BUS_DMA_NOWAIT);
2893 if (error != 0 && error != EFBIG) {
2894 panic("%s: could not load old RX mbuf", __func__);
2896 /* Physical address may have changed. */
2897 ring->desc[ring->cur] = htole32(paddr >> 8);
2898 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map,
2899 BUS_DMASYNC_PREWRITE);
2906 /* Update RX descriptor. */
2907 ring->desc[ring->cur] = htole32(paddr >> 8);
2908 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2909 BUS_DMASYNC_PREWRITE);
2911 /* Finalize mbuf. */
2912 m->m_pkthdr.rcvif = ifp;
2914 m->m_pkthdr.len = m->m_len = len;
2916 /* Grab a reference to the source node. */
2917 wh = mtod(m, struct ieee80211_frame *);
2918 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
2919 nf = (ni != NULL && ni->ni_vap->iv_state == IEEE80211_S_RUN &&
2920 (ic->ic_flags & IEEE80211_F_SCAN) == 0) ? sc->noise : -95;
2922 rssi = ops->get_rssi(sc, stat);
2924 if (ieee80211_radiotap_active(ic)) {
2925 struct iwn_rx_radiotap_header *tap = &sc->sc_rxtap;
2928 if (stat->flags & htole16(IWN_STAT_FLAG_SHPREAMBLE))
2929 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2930 tap->wr_dbm_antsignal = (int8_t)rssi;
2931 tap->wr_dbm_antnoise = (int8_t)nf;
2932 tap->wr_tsft = stat->tstamp;
2933 switch (stat->rate) {
2935 case 10: tap->wr_rate = 2; break;
2936 case 20: tap->wr_rate = 4; break;
2937 case 55: tap->wr_rate = 11; break;
2938 case 110: tap->wr_rate = 22; break;
2940 case 0xd: tap->wr_rate = 12; break;
2941 case 0xf: tap->wr_rate = 18; break;
2942 case 0x5: tap->wr_rate = 24; break;
2943 case 0x7: tap->wr_rate = 36; break;
2944 case 0x9: tap->wr_rate = 48; break;
2945 case 0xb: tap->wr_rate = 72; break;
2946 case 0x1: tap->wr_rate = 96; break;
2947 case 0x3: tap->wr_rate = 108; break;
2948 /* Unknown rate: should not happen. */
2949 default: tap->wr_rate = 0;
2955 /* Send the frame to the 802.11 layer. */
2957 if (ni->ni_flags & IEEE80211_NODE_HT)
2958 m->m_flags |= M_AMPDU;
2959 (void)ieee80211_input(ni, m, rssi - nf, nf);
2960 /* Node is no longer needed. */
2961 ieee80211_free_node(ni);
2963 (void)ieee80211_input_all(ic, m, rssi - nf, nf);
2967 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
2971 /* Process an incoming Compressed BlockAck. */
2973 iwn_rx_compressed_ba(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2974 struct iwn_rx_data *data)
2976 struct iwn_ops *ops = &sc->ops;
2977 struct ifnet *ifp = sc->sc_ifp;
2978 struct iwn_node *wn;
2979 struct ieee80211_node *ni;
2980 struct iwn_compressed_ba *ba = (struct iwn_compressed_ba *)(desc + 1);
2981 struct iwn_tx_ring *txq;
2982 struct iwn_tx_data *txdata;
2983 struct ieee80211_tx_ampdu *tap;
2988 int ackfailcnt = 0, i, lastidx, qid, *res, shift;
2990 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
2992 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2994 qid = le16toh(ba->qid);
2995 txq = &sc->txq[ba->qid];
2996 tap = sc->qid2tap[ba->qid];
2998 wn = (void *)tap->txa_ni;
3002 if (!IEEE80211_AMPDU_RUNNING(tap)) {
3003 res = tap->txa_private;
3004 ssn = tap->txa_start & 0xfff;
3007 for (lastidx = le16toh(ba->ssn) & 0xff; txq->read != lastidx;) {
3008 txdata = &txq->data[txq->read];
3010 /* Unmap and free mbuf. */
3011 bus_dmamap_sync(txq->data_dmat, txdata->map,
3012 BUS_DMASYNC_POSTWRITE);
3013 bus_dmamap_unload(txq->data_dmat, txdata->map);
3014 m = txdata->m, txdata->m = NULL;
3015 ni = txdata->ni, txdata->ni = NULL;
3017 KASSERT(ni != NULL, ("no node"));
3018 KASSERT(m != NULL, ("no mbuf"));
3020 ieee80211_tx_complete(ni, m, 1);
3023 txq->read = (txq->read + 1) % IWN_TX_RING_COUNT;
3026 if (txq->queued == 0 && res != NULL) {
3028 ops->ampdu_tx_stop(sc, qid, tid, ssn);
3030 sc->qid2tap[qid] = NULL;
3031 free(res, M_DEVBUF);
3035 if (wn->agg[tid].bitmap == 0)
3038 shift = wn->agg[tid].startidx - ((le16toh(ba->seq) >> 4) & 0xff);
3042 if (wn->agg[tid].nframes > (64 - shift))
3046 bitmap = (le64toh(ba->bitmap) >> shift) & wn->agg[tid].bitmap;
3047 for (i = 0; bitmap; i++) {
3048 if ((bitmap & 1) == 0) {
3050 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
3051 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL);
3054 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
3055 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL);
3060 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
3065 * Process a CALIBRATION_RESULT notification sent by the initialization
3066 * firmware on response to a CMD_CALIB_CONFIG command (5000 only).
3069 iwn5000_rx_calib_results(struct iwn_softc *sc, struct iwn_rx_desc *desc,
3070 struct iwn_rx_data *data)
3072 struct iwn_phy_calib *calib = (struct iwn_phy_calib *)(desc + 1);
3075 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
3077 /* Runtime firmware should not send such a notification. */
3078 if (sc->sc_flags & IWN_FLAG_CALIB_DONE){
3079 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s received after clib done\n",
3083 len = (le32toh(desc->len) & 0x3fff) - 4;
3084 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3086 switch (calib->code) {
3087 case IWN5000_PHY_CALIB_DC:
3088 if (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_DC)
3091 case IWN5000_PHY_CALIB_LO:
3092 if (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_LO)
3095 case IWN5000_PHY_CALIB_TX_IQ:
3096 if (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_TX_IQ)
3099 case IWN5000_PHY_CALIB_TX_IQ_PERIODIC:
3100 if (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_TX_IQ_PERIODIC)
3103 case IWN5000_PHY_CALIB_BASE_BAND:
3104 if (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_BASE_BAND)
3108 if (idx == -1) /* Ignore other results. */
3111 /* Save calibration result. */
3112 if (sc->calibcmd[idx].buf != NULL)
3113 free(sc->calibcmd[idx].buf, M_DEVBUF);
3114 sc->calibcmd[idx].buf = malloc(len, M_DEVBUF, M_NOWAIT);
3115 if (sc->calibcmd[idx].buf == NULL) {
3116 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
3117 "not enough memory for calibration result %d\n",
3121 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
3122 "saving calibration result idx=%d, code=%d len=%d\n", idx, calib->code, len);
3123 sc->calibcmd[idx].len = len;
3124 memcpy(sc->calibcmd[idx].buf, calib, len);
3128 * Process an RX_STATISTICS or BEACON_STATISTICS firmware notification.
3129 * The latter is sent by the firmware after each received beacon.
3132 iwn_rx_statistics(struct iwn_softc *sc, struct iwn_rx_desc *desc,
3133 struct iwn_rx_data *data)
3135 struct iwn_ops *ops = &sc->ops;
3136 struct ifnet *ifp = sc->sc_ifp;
3137 struct ieee80211com *ic = ifp->if_l2com;
3138 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3139 struct iwn_calib_state *calib = &sc->calib;
3140 struct iwn_stats *stats = (struct iwn_stats *)(desc + 1);
3143 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
3145 /* Ignore statistics received during a scan. */
3146 if (vap->iv_state != IEEE80211_S_RUN ||
3147 (ic->ic_flags & IEEE80211_F_SCAN)){
3148 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s received during calib\n",
3153 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3155 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: received statistics, cmd %d\n",
3156 __func__, desc->type);
3157 sc->calib_cnt = 0; /* Reset TX power calibration timeout. */
3159 /* Test if temperature has changed. */
3160 if (stats->general.temp != sc->rawtemp) {
3161 /* Convert "raw" temperature to degC. */
3162 sc->rawtemp = stats->general.temp;
3163 temp = ops->get_temperature(sc);
3164 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: temperature %d\n",
3167 /* Update TX power if need be (4965AGN only). */
3168 if (sc->hw_type == IWN_HW_REV_TYPE_4965)
3169 iwn4965_power_calibration(sc, temp);
3172 if (desc->type != IWN_BEACON_STATISTICS)
3173 return; /* Reply to a statistics request. */
3175 sc->noise = iwn_get_noise(&stats->rx.general);
3176 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: noise %d\n", __func__, sc->noise);
3178 /* Test that RSSI and noise are present in stats report. */
3179 if (le32toh(stats->rx.general.flags) != 1) {
3180 DPRINTF(sc, IWN_DEBUG_ANY, "%s\n",
3181 "received statistics without RSSI");
3185 if (calib->state == IWN_CALIB_STATE_ASSOC)
3186 iwn_collect_noise(sc, &stats->rx.general);
3187 else if (calib->state == IWN_CALIB_STATE_RUN) {
3188 iwn_tune_sensitivity(sc, &stats->rx);
3190 * XXX TODO: Only run the RX recovery if we're associated!
3192 iwn_check_rx_recovery(sc, stats);
3193 iwn_save_stats_counters(sc, stats);
3196 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
3200 * Save the relevant statistic counters for the next calibration
3204 iwn_save_stats_counters(struct iwn_softc *sc, const struct iwn_stats *rs)
3206 struct iwn_calib_state *calib = &sc->calib;
3208 /* Save counters values for next call. */
3209 calib->bad_plcp_cck = le32toh(rs->rx.cck.bad_plcp);
3210 calib->fa_cck = le32toh(rs->rx.cck.fa);
3211 calib->bad_plcp_ht = le32toh(rs->rx.ht.bad_plcp);
3212 calib->bad_plcp_ofdm = le32toh(rs->rx.ofdm.bad_plcp);
3213 calib->fa_ofdm = le32toh(rs->rx.ofdm.fa);
3215 /* Last time we received these tick values */
3216 sc->last_calib_ticks = ticks;
3220 * Process a TX_DONE firmware notification. Unfortunately, the 4965AGN
3221 * and 5000 adapters have different incompatible TX status formats.
3224 iwn4965_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc,
3225 struct iwn_rx_data *data)
3227 struct iwn4965_tx_stat *stat = (struct iwn4965_tx_stat *)(desc + 1);
3228 struct iwn_tx_ring *ring;
3231 qid = desc->qid & 0xf;
3232 ring = &sc->txq[qid];
3234 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: "
3235 "qid %d idx %d retries %d nkill %d rate %x duration %d status %x\n",
3236 __func__, desc->qid, desc->idx, stat->ackfailcnt,
3237 stat->btkillcnt, stat->rate, le16toh(stat->duration),
3238 le32toh(stat->status));
3240 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3241 if (qid >= sc->firstaggqueue) {
3242 iwn_ampdu_tx_done(sc, qid, desc->idx, stat->nframes,
3245 iwn_tx_done(sc, desc, stat->ackfailcnt,
3246 le32toh(stat->status) & 0xff);
3251 iwn5000_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc,
3252 struct iwn_rx_data *data)
3254 struct iwn5000_tx_stat *stat = (struct iwn5000_tx_stat *)(desc + 1);
3255 struct iwn_tx_ring *ring;
3258 qid = desc->qid & 0xf;
3259 ring = &sc->txq[qid];
3261 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: "
3262 "qid %d idx %d retries %d nkill %d rate %x duration %d status %x\n",
3263 __func__, desc->qid, desc->idx, stat->ackfailcnt,
3264 stat->btkillcnt, stat->rate, le16toh(stat->duration),
3265 le32toh(stat->status));
3268 /* Reset TX scheduler slot. */
3269 iwn5000_reset_sched(sc, desc->qid & 0xf, desc->idx);
3272 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3273 if (qid >= sc->firstaggqueue) {
3274 iwn_ampdu_tx_done(sc, qid, desc->idx, stat->nframes,
3277 iwn_tx_done(sc, desc, stat->ackfailcnt,
3278 le16toh(stat->status) & 0xff);
3283 * Adapter-independent backend for TX_DONE firmware notifications.
3286 iwn_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, int ackfailcnt,
3289 struct ifnet *ifp = sc->sc_ifp;
3290 struct iwn_tx_ring *ring = &sc->txq[desc->qid & 0xf];
3291 struct iwn_tx_data *data = &ring->data[desc->idx];
3293 struct ieee80211_node *ni;
3294 struct ieee80211vap *vap;
3296 KASSERT(data->ni != NULL, ("no node"));
3298 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
3300 /* Unmap and free mbuf. */
3301 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE);
3302 bus_dmamap_unload(ring->data_dmat, data->map);
3303 m = data->m, data->m = NULL;
3304 ni = data->ni, data->ni = NULL;
3308 * Update rate control statistics for the node.
3310 if (status & IWN_TX_FAIL) {
3312 ieee80211_ratectl_tx_complete(vap, ni,
3313 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL);
3316 ieee80211_ratectl_tx_complete(vap, ni,
3317 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL);
3321 * Channels marked for "radar" require traffic to be received
3322 * to unlock before we can transmit. Until traffic is seen
3323 * any attempt to transmit is returned immediately with status
3324 * set to IWN_TX_FAIL_TX_LOCKED. Unfortunately this can easily
3325 * happen on first authenticate after scanning. To workaround
3326 * this we ignore a failure of this sort in AUTH state so the
3327 * 802.11 layer will fall back to using a timeout to wait for
3328 * the AUTH reply. This allows the firmware time to see
3329 * traffic so a subsequent retry of AUTH succeeds. It's
3330 * unclear why the firmware does not maintain state for
3331 * channels recently visited as this would allow immediate
3332 * use of the channel after a scan (where we see traffic).
3334 if (status == IWN_TX_FAIL_TX_LOCKED &&
3335 ni->ni_vap->iv_state == IEEE80211_S_AUTH)
3336 ieee80211_tx_complete(ni, m, 0);
3338 ieee80211_tx_complete(ni, m,
3339 (status & IWN_TX_FAIL) != 0);
3341 sc->sc_tx_timer = 0;
3342 if (--ring->queued < IWN_TX_RING_LOMARK) {
3343 sc->qfullmsk &= ~(1 << ring->qid);
3344 if (sc->qfullmsk == 0 &&
3345 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) {
3346 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3347 iwn_start_locked(ifp);
3351 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
3356 * Process a "command done" firmware notification. This is where we wakeup
3357 * processes waiting for a synchronous command completion.
3360 iwn_cmd_done(struct iwn_softc *sc, struct iwn_rx_desc *desc)
3362 struct iwn_tx_ring *ring;
3363 struct iwn_tx_data *data;
3366 if (sc->sc_flags & IWN_FLAG_PAN_SUPPORT)
3367 cmd_queue_num = IWN_PAN_CMD_QUEUE;
3369 cmd_queue_num = IWN_CMD_QUEUE_NUM;
3371 if ((desc->qid & IWN_RX_DESC_QID_MSK) != cmd_queue_num)
3372 return; /* Not a command ack. */
3374 ring = &sc->txq[cmd_queue_num];
3375 data = &ring->data[desc->idx];
3377 /* If the command was mapped in an mbuf, free it. */
3378 if (data->m != NULL) {
3379 bus_dmamap_sync(ring->data_dmat, data->map,
3380 BUS_DMASYNC_POSTWRITE);
3381 bus_dmamap_unload(ring->data_dmat, data->map);
3385 wakeup(&ring->desc[desc->idx]);
3389 iwn_ampdu_tx_done(struct iwn_softc *sc, int qid, int idx, int nframes,
3392 struct iwn_ops *ops = &sc->ops;
3393 struct ifnet *ifp = sc->sc_ifp;
3394 struct iwn_tx_ring *ring = &sc->txq[qid];
3395 struct iwn_tx_data *data;
3397 struct iwn_node *wn;
3398 struct ieee80211_node *ni;
3399 struct ieee80211_tx_ampdu *tap;
3401 uint32_t *status = stat;
3402 uint16_t *aggstatus = stat;
3405 int bit, i, lastidx, *res, seqno, shift, start;
3407 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
3410 if ((*status & 0xff) != 1 && (*status & 0xff) != 2) {
3412 printf("ieee80211_send_bar()\n");
3415 * If we completely fail a transmit, make sure a
3416 * notification is pushed up to the rate control
3419 tap = sc->qid2tap[qid];
3421 wn = (void *)tap->txa_ni;
3423 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
3424 IEEE80211_RATECTL_TX_FAILURE, &nframes, NULL);
3430 for (i = 0; i < nframes; i++) {
3431 if (le16toh(aggstatus[i * 2]) & 0xc)
3434 idx = le16toh(aggstatus[2*i + 1]) & 0xff;
3438 shift = 0x100 - idx + start;
3441 } else if (bit <= -64)
3442 bit = 0x100 - start + idx;
3444 shift = start - idx;
3448 bitmap = bitmap << shift;
3449 bitmap |= 1ULL << bit;
3451 tap = sc->qid2tap[qid];
3453 wn = (void *)tap->txa_ni;
3454 wn->agg[tid].bitmap = bitmap;
3455 wn->agg[tid].startidx = start;
3456 wn->agg[tid].nframes = nframes;
3460 if (!IEEE80211_AMPDU_RUNNING(tap)) {
3461 res = tap->txa_private;
3462 ssn = tap->txa_start & 0xfff;
3465 seqno = le32toh(*(status + nframes)) & 0xfff;
3466 for (lastidx = (seqno & 0xff); ring->read != lastidx;) {
3467 data = &ring->data[ring->read];
3469 /* Unmap and free mbuf. */
3470 bus_dmamap_sync(ring->data_dmat, data->map,
3471 BUS_DMASYNC_POSTWRITE);
3472 bus_dmamap_unload(ring->data_dmat, data->map);
3473 m = data->m, data->m = NULL;
3474 ni = data->ni, data->ni = NULL;
3476 KASSERT(ni != NULL, ("no node"));
3477 KASSERT(m != NULL, ("no mbuf"));
3479 ieee80211_tx_complete(ni, m, 1);
3482 ring->read = (ring->read + 1) % IWN_TX_RING_COUNT;
3485 if (ring->queued == 0 && res != NULL) {
3487 ops->ampdu_tx_stop(sc, qid, tid, ssn);
3489 sc->qid2tap[qid] = NULL;
3490 free(res, M_DEVBUF);
3494 sc->sc_tx_timer = 0;
3495 if (ring->queued < IWN_TX_RING_LOMARK) {
3496 sc->qfullmsk &= ~(1 << ring->qid);
3497 if (sc->qfullmsk == 0 &&
3498 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) {
3499 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3500 iwn_start_locked(ifp);
3504 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
3509 * Process an INT_FH_RX or INT_SW_RX interrupt.
3512 iwn_notif_intr(struct iwn_softc *sc)
3514 struct iwn_ops *ops = &sc->ops;
3515 struct ifnet *ifp = sc->sc_ifp;
3516 struct ieee80211com *ic = ifp->if_l2com;
3517 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3520 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
3521 BUS_DMASYNC_POSTREAD);
3523 hw = le16toh(sc->rxq.stat->closed_count) & 0xfff;
3524 while (sc->rxq.cur != hw) {
3525 struct iwn_rx_data *data = &sc->rxq.data[sc->rxq.cur];
3526 struct iwn_rx_desc *desc;
3528 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
3529 BUS_DMASYNC_POSTREAD);
3530 desc = mtod(data->m, struct iwn_rx_desc *);
3532 DPRINTF(sc, IWN_DEBUG_RECV,
3533 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n",
3534 __func__, sc->rxq.cur, desc->qid & 0xf, desc->idx, desc->flags,
3535 desc->type, iwn_intr_str(desc->type),
3536 le16toh(desc->len));
3538 if (!(desc->qid & IWN_UNSOLICITED_RX_NOTIF)) /* Reply to a command. */
3539 iwn_cmd_done(sc, desc);
3541 switch (desc->type) {
3543 iwn_rx_phy(sc, desc, data);
3546 case IWN_RX_DONE: /* 4965AGN only. */
3547 case IWN_MPDU_RX_DONE:
3548 /* An 802.11 frame has been received. */
3549 iwn_rx_done(sc, desc, data);
3552 case IWN_RX_COMPRESSED_BA:
3553 /* A Compressed BlockAck has been received. */
3554 iwn_rx_compressed_ba(sc, desc, data);
3558 /* An 802.11 frame has been transmitted. */
3559 ops->tx_done(sc, desc, data);
3562 case IWN_RX_STATISTICS:
3563 case IWN_BEACON_STATISTICS:
3564 iwn_rx_statistics(sc, desc, data);
3567 case IWN_BEACON_MISSED:
3569 struct iwn_beacon_missed *miss =
3570 (struct iwn_beacon_missed *)(desc + 1);
3573 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
3574 BUS_DMASYNC_POSTREAD);
3575 misses = le32toh(miss->consecutive);
3577 DPRINTF(sc, IWN_DEBUG_STATE,
3578 "%s: beacons missed %d/%d\n", __func__,
3579 misses, le32toh(miss->total));
3581 * If more than 5 consecutive beacons are missed,
3582 * reinitialize the sensitivity state machine.
3584 if (vap->iv_state == IEEE80211_S_RUN &&
3585 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
3587 (void)iwn_init_sensitivity(sc);
3588 if (misses >= vap->iv_bmissthreshold) {
3590 ieee80211_beacon_miss(ic);
3598 struct iwn_ucode_info *uc =
3599 (struct iwn_ucode_info *)(desc + 1);
3601 /* The microcontroller is ready. */
3602 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
3603 BUS_DMASYNC_POSTREAD);
3604 DPRINTF(sc, IWN_DEBUG_RESET,
3605 "microcode alive notification version=%d.%d "
3606 "subtype=%x alive=%x\n", uc->major, uc->minor,
3607 uc->subtype, le32toh(uc->valid));
3609 if (le32toh(uc->valid) != 1) {
3610 device_printf(sc->sc_dev,
3611 "microcontroller initialization failed");
3614 if (uc->subtype == IWN_UCODE_INIT) {
3615 /* Save microcontroller report. */
3616 memcpy(&sc->ucode_info, uc, sizeof (*uc));
3618 /* Save the address of the error log in SRAM. */
3619 sc->errptr = le32toh(uc->errptr);
3622 case IWN_STATE_CHANGED:
3625 * State change allows hardware switch change to be
3626 * noted. However, we handle this in iwn_intr as we
3627 * get both the enable/disble intr.
3629 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
3630 BUS_DMASYNC_POSTREAD);
3632 uint32_t *status = (uint32_t *)(desc + 1);
3633 DPRINTF(sc, IWN_DEBUG_INTR | IWN_DEBUG_STATE,
3634 "state changed to %x\n",
3639 case IWN_START_SCAN:
3641 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
3642 BUS_DMASYNC_POSTREAD);
3644 struct iwn_start_scan *scan =
3645 (struct iwn_start_scan *)(desc + 1);
3646 DPRINTF(sc, IWN_DEBUG_ANY,
3647 "%s: scanning channel %d status %x\n",
3648 __func__, scan->chan, le32toh(scan->status));
3654 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
3655 BUS_DMASYNC_POSTREAD);
3657 struct iwn_stop_scan *scan =
3658 (struct iwn_stop_scan *)(desc + 1);
3659 DPRINTF(sc, IWN_DEBUG_STATE | IWN_DEBUG_SCAN,
3660 "scan finished nchan=%d status=%d chan=%d\n",
3661 scan->nchan, scan->status, scan->chan);
3663 sc->sc_is_scanning = 0;
3665 ieee80211_scan_next(vap);
3669 case IWN5000_CALIBRATION_RESULT:
3670 iwn5000_rx_calib_results(sc, desc, data);
3673 case IWN5000_CALIBRATION_DONE:
3674 sc->sc_flags |= IWN_FLAG_CALIB_DONE;
3679 sc->rxq.cur = (sc->rxq.cur + 1) % IWN_RX_RING_COUNT;
3682 /* Tell the firmware what we have processed. */
3683 hw = (hw == 0) ? IWN_RX_RING_COUNT - 1 : hw - 1;
3684 IWN_WRITE(sc, IWN_FH_RX_WPTR, hw & ~7);
3688 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up
3689 * from power-down sleep mode.
3692 iwn_wakeup_intr(struct iwn_softc *sc)
3696 DPRINTF(sc, IWN_DEBUG_RESET, "%s: ucode wakeup from power-down sleep\n",
3699 /* Wakeup RX and TX rings. */
3700 IWN_WRITE(sc, IWN_FH_RX_WPTR, sc->rxq.cur & ~7);
3701 for (qid = 0; qid < sc->ntxqs; qid++) {
3702 struct iwn_tx_ring *ring = &sc->txq[qid];
3703 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | ring->cur);
3708 iwn_rftoggle_intr(struct iwn_softc *sc)
3710 struct ifnet *ifp = sc->sc_ifp;
3711 struct ieee80211com *ic = ifp->if_l2com;
3712 uint32_t tmp = IWN_READ(sc, IWN_GP_CNTRL);
3714 IWN_LOCK_ASSERT(sc);
3716 device_printf(sc->sc_dev, "RF switch: radio %s\n",
3717 (tmp & IWN_GP_CNTRL_RFKILL) ? "enabled" : "disabled");
3718 if (tmp & IWN_GP_CNTRL_RFKILL)
3719 ieee80211_runtask(ic, &sc->sc_radioon_task);
3721 ieee80211_runtask(ic, &sc->sc_radiooff_task);
3725 * Dump the error log of the firmware when a firmware panic occurs. Although
3726 * we can't debug the firmware because it is neither open source nor free, it
3727 * can help us to identify certain classes of problems.
3730 iwn_fatal_intr(struct iwn_softc *sc)
3732 struct iwn_fw_dump dump;
3735 IWN_LOCK_ASSERT(sc);
3737 /* Force a complete recalibration on next init. */
3738 sc->sc_flags &= ~IWN_FLAG_CALIB_DONE;
3740 /* Check that the error log address is valid. */
3741 if (sc->errptr < IWN_FW_DATA_BASE ||
3742 sc->errptr + sizeof (dump) >
3743 IWN_FW_DATA_BASE + sc->fw_data_maxsz) {
3744 printf("%s: bad firmware error log address 0x%08x\n", __func__,
3748 if (iwn_nic_lock(sc) != 0) {
3749 printf("%s: could not read firmware error log\n", __func__);
3752 /* Read firmware error log from SRAM. */
3753 iwn_mem_read_region_4(sc, sc->errptr, (uint32_t *)&dump,
3754 sizeof (dump) / sizeof (uint32_t));
3757 if (dump.valid == 0) {
3758 printf("%s: firmware error log is empty\n", __func__);
3761 printf("firmware error log:\n");
3762 printf(" error type = \"%s\" (0x%08X)\n",
3763 (dump.id < nitems(iwn_fw_errmsg)) ?
3764 iwn_fw_errmsg[dump.id] : "UNKNOWN",
3766 printf(" program counter = 0x%08X\n", dump.pc);
3767 printf(" source line = 0x%08X\n", dump.src_line);
3768 printf(" error data = 0x%08X%08X\n",
3769 dump.error_data[0], dump.error_data[1]);
3770 printf(" branch link = 0x%08X%08X\n",
3771 dump.branch_link[0], dump.branch_link[1]);
3772 printf(" interrupt link = 0x%08X%08X\n",
3773 dump.interrupt_link[0], dump.interrupt_link[1]);
3774 printf(" time = %u\n", dump.time[0]);
3776 /* Dump driver status (TX and RX rings) while we're here. */
3777 printf("driver status:\n");
3778 for (i = 0; i < sc->ntxqs; i++) {
3779 struct iwn_tx_ring *ring = &sc->txq[i];
3780 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n",
3781 i, ring->qid, ring->cur, ring->queued);
3783 printf(" rx ring: cur=%d\n", sc->rxq.cur);
3789 struct iwn_softc *sc = arg;
3790 struct ifnet *ifp = sc->sc_ifp;
3791 uint32_t r1, r2, tmp;
3795 /* Disable interrupts. */
3796 IWN_WRITE(sc, IWN_INT_MASK, 0);
3798 /* Read interrupts from ICT (fast) or from registers (slow). */
3799 if (sc->sc_flags & IWN_FLAG_USE_ICT) {
3801 while (sc->ict[sc->ict_cur] != 0) {
3802 tmp |= sc->ict[sc->ict_cur];
3803 sc->ict[sc->ict_cur] = 0; /* Acknowledge. */
3804 sc->ict_cur = (sc->ict_cur + 1) % IWN_ICT_COUNT;
3807 if (tmp == 0xffffffff) /* Shouldn't happen. */
3809 else if (tmp & 0xc0000) /* Workaround a HW bug. */
3811 r1 = (tmp & 0xff00) << 16 | (tmp & 0xff);
3812 r2 = 0; /* Unused. */
3814 r1 = IWN_READ(sc, IWN_INT);
3815 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
3816 return; /* Hardware gone! */
3817 r2 = IWN_READ(sc, IWN_FH_INT);
3820 DPRINTF(sc, IWN_DEBUG_INTR, "interrupt reg1=0x%08x reg2=0x%08x\n"
3823 if (r1 == 0 && r2 == 0)
3824 goto done; /* Interrupt not for us. */
3826 /* Acknowledge interrupts. */
3827 IWN_WRITE(sc, IWN_INT, r1);
3828 if (!(sc->sc_flags & IWN_FLAG_USE_ICT))
3829 IWN_WRITE(sc, IWN_FH_INT, r2);
3831 if (r1 & IWN_INT_RF_TOGGLED) {
3832 iwn_rftoggle_intr(sc);
3835 if (r1 & IWN_INT_CT_REACHED) {
3836 device_printf(sc->sc_dev, "%s: critical temperature reached!\n",
3839 if (r1 & (IWN_INT_SW_ERR | IWN_INT_HW_ERR)) {
3840 device_printf(sc->sc_dev, "%s: fatal firmware error\n",
3843 iwn_debug_register(sc);
3845 /* Dump firmware error log and stop. */
3847 ifp->if_flags &= ~IFF_UP;
3848 iwn_stop_locked(sc);
3851 if ((r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX | IWN_INT_RX_PERIODIC)) ||
3852 (r2 & IWN_FH_INT_RX)) {
3853 if (sc->sc_flags & IWN_FLAG_USE_ICT) {
3854 if (r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX))
3855 IWN_WRITE(sc, IWN_FH_INT, IWN_FH_INT_RX);
3856 IWN_WRITE_1(sc, IWN_INT_PERIODIC,
3857 IWN_INT_PERIODIC_DIS);
3859 if (r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX)) {
3860 IWN_WRITE_1(sc, IWN_INT_PERIODIC,
3861 IWN_INT_PERIODIC_ENA);
3867 if ((r1 & IWN_INT_FH_TX) || (r2 & IWN_FH_INT_TX)) {
3868 if (sc->sc_flags & IWN_FLAG_USE_ICT)
3869 IWN_WRITE(sc, IWN_FH_INT, IWN_FH_INT_TX);
3870 wakeup(sc); /* FH DMA transfer completed. */
3873 if (r1 & IWN_INT_ALIVE)
3874 wakeup(sc); /* Firmware is alive. */
3876 if (r1 & IWN_INT_WAKEUP)
3877 iwn_wakeup_intr(sc);
3880 /* Re-enable interrupts. */
3881 if (ifp->if_flags & IFF_UP)
3882 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
3888 * Update TX scheduler ring when transmitting an 802.11 frame (4965AGN and
3889 * 5000 adapters use a slightly different format).
3892 iwn4965_update_sched(struct iwn_softc *sc, int qid, int idx, uint8_t id,
3895 uint16_t *w = &sc->sched[qid * IWN4965_SCHED_COUNT + idx];
3897 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
3899 *w = htole16(len + 8);
3900 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3901 BUS_DMASYNC_PREWRITE);
3902 if (idx < IWN_SCHED_WINSZ) {
3903 *(w + IWN_TX_RING_COUNT) = *w;
3904 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3905 BUS_DMASYNC_PREWRITE);
3910 iwn5000_update_sched(struct iwn_softc *sc, int qid, int idx, uint8_t id,
3913 uint16_t *w = &sc->sched[qid * IWN5000_SCHED_COUNT + idx];
3915 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
3917 *w = htole16(id << 12 | (len + 8));
3918 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3919 BUS_DMASYNC_PREWRITE);
3920 if (idx < IWN_SCHED_WINSZ) {
3921 *(w + IWN_TX_RING_COUNT) = *w;
3922 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3923 BUS_DMASYNC_PREWRITE);
3929 iwn5000_reset_sched(struct iwn_softc *sc, int qid, int idx)
3931 uint16_t *w = &sc->sched[qid * IWN5000_SCHED_COUNT + idx];
3933 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
3935 *w = (*w & htole16(0xf000)) | htole16(1);
3936 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3937 BUS_DMASYNC_PREWRITE);
3938 if (idx < IWN_SCHED_WINSZ) {
3939 *(w + IWN_TX_RING_COUNT) = *w;
3940 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3941 BUS_DMASYNC_PREWRITE);
3947 * Check whether OFDM 11g protection will be enabled for the given rate.
3949 * The original driver code only enabled protection for OFDM rates.
3950 * It didn't check to see whether it was operating in 11a or 11bg mode.
3953 iwn_check_rate_needs_protection(struct iwn_softc *sc,
3954 struct ieee80211vap *vap, uint8_t rate)
3956 struct ieee80211com *ic = vap->iv_ic;
3959 * Not in 2GHz mode? Then there's no need to enable OFDM
3962 if (! IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) {
3967 * 11bg protection not enabled? Then don't use it.
3969 if ((ic->ic_flags & IEEE80211_F_USEPROT) == 0)
3973 * If it's an 11n rate, then for now we enable
3976 if (rate & IEEE80211_RATE_MCS) {
3981 * Do a rate table lookup. If the PHY is CCK,
3982 * don't do protection.
3984 if (ieee80211_rate2phytype(ic->ic_rt, rate) == IEEE80211_T_CCK)
3988 * Yup, enable protection.
3994 * return a value between 0 and IWN_MAX_TX_RETRIES-1 as an index into
3995 * the link quality table that reflects this particular entry.
3998 iwn_tx_rate_to_linkq_offset(struct iwn_softc *sc, struct ieee80211_node *ni,
4001 struct ieee80211_rateset *rs;
4008 * Figure out if we're using 11n or not here.
4010 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) && ni->ni_htrates.rs_nrates > 0)
4016 * Use the correct rate table.
4019 rs = (struct ieee80211_rateset *) &ni->ni_htrates;
4020 nr = ni->ni_htrates.rs_nrates;
4027 * Find the relevant link quality entry in the table.
4029 for (i = 0; i < nr && i < IWN_MAX_TX_RETRIES - 1 ; i++) {
4031 * The link quality table index starts at 0 == highest
4032 * rate, so we walk the rate table backwards.
4034 cmp_rate = rs->rs_rates[(nr - 1) - i];
4035 if (rate & IEEE80211_RATE_MCS)
4036 cmp_rate |= IEEE80211_RATE_MCS;
4039 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: idx %d: nr=%d, rate=0x%02x, rateentry=0x%02x\n",
4047 if (cmp_rate == rate)
4051 /* Failed? Start at the end */
4052 return (IWN_MAX_TX_RETRIES - 1);
4056 iwn_tx_data(struct iwn_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
4058 struct iwn_ops *ops = &sc->ops;
4059 const struct ieee80211_txparam *tp;
4060 struct ieee80211vap *vap = ni->ni_vap;
4061 struct ieee80211com *ic = ni->ni_ic;
4062 struct iwn_node *wn = (void *)ni;
4063 struct iwn_tx_ring *ring;
4064 struct iwn_tx_desc *desc;
4065 struct iwn_tx_data *data;
4066 struct iwn_tx_cmd *cmd;
4067 struct iwn_cmd_data *tx;
4068 struct ieee80211_frame *wh;
4069 struct ieee80211_key *k = NULL;
4074 bus_dma_segment_t *seg, segs[IWN_MAX_SCATTER];
4076 int ac, i, totlen, error, pad, nsegs = 0, rate;
4078 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
4080 IWN_LOCK_ASSERT(sc);
4082 wh = mtod(m, struct ieee80211_frame *);
4083 hdrlen = ieee80211_anyhdrsize(wh);
4084 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
4086 /* Select EDCA Access Category and TX ring for this frame. */
4087 if (IEEE80211_QOS_HAS_SEQ(wh)) {
4088 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
4089 tid = qos & IEEE80211_QOS_TID;
4094 ac = M_WME_GETAC(m);
4095 if (m->m_flags & M_AMPDU_MPDU) {
4097 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[ac];
4099 if (!IEEE80211_AMPDU_RUNNING(tap)) {
4105 * Queue this frame to the hardware ring that we've
4106 * negotiated AMPDU TX on.
4108 * Note that the sequence number must match the TX slot
4111 ac = *(int *)tap->txa_private;
4112 seqno = ni->ni_txseqs[tid];
4113 *(uint16_t *)wh->i_seq =
4114 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
4115 ring = &sc->txq[ac];
4116 if ((seqno % 256) != ring->cur) {
4117 device_printf(sc->sc_dev,
4118 "%s: m=%p: seqno (%d) (%d) != ring index (%d) !\n",
4125 ni->ni_txseqs[tid]++;
4127 ring = &sc->txq[ac];
4128 desc = &ring->desc[ring->cur];
4129 data = &ring->data[ring->cur];
4131 /* Choose a TX rate index. */
4132 tp = &vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)];
4133 if (type == IEEE80211_FC0_TYPE_MGT)
4134 rate = tp->mgmtrate;
4135 else if (IEEE80211_IS_MULTICAST(wh->i_addr1))
4136 rate = tp->mcastrate;
4137 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
4138 rate = tp->ucastrate;
4139 else if (m->m_flags & M_EAPOL)
4140 rate = tp->mgmtrate;
4142 /* XXX pass pktlen */
4143 (void) ieee80211_ratectl_rate(ni, NULL, 0);
4144 rate = ni->ni_txrate;
4147 /* Encrypt the frame if need be. */
4148 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
4149 /* Retrieve key for TX. */
4150 k = ieee80211_crypto_encap(ni, m);
4155 /* 802.11 header may have moved. */
4156 wh = mtod(m, struct ieee80211_frame *);
4158 totlen = m->m_pkthdr.len;
4160 if (ieee80211_radiotap_active_vap(vap)) {
4161 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap;
4164 tap->wt_rate = rate;
4166 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
4168 ieee80211_radiotap_tx(vap, m);
4171 /* Prepare TX firmware command. */
4172 cmd = &ring->cmd[ring->cur];
4173 cmd->code = IWN_CMD_TX_DATA;
4175 cmd->qid = ring->qid;
4176 cmd->idx = ring->cur;
4178 tx = (struct iwn_cmd_data *)cmd->data;
4179 /* NB: No need to clear tx, all fields are reinitialized here. */
4180 tx->scratch = 0; /* clear "scratch" area */
4183 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
4184 /* Unicast frame, check if an ACK is expected. */
4185 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) !=
4186 IEEE80211_QOS_ACKPOLICY_NOACK)
4187 flags |= IWN_TX_NEED_ACK;
4190 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
4191 (IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_BAR))
4192 flags |= IWN_TX_IMM_BA; /* Cannot happen yet. */
4194 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG)
4195 flags |= IWN_TX_MORE_FRAG; /* Cannot happen yet. */
4197 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */
4198 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
4199 /* NB: Group frames are sent using CCK in 802.11b/g. */
4200 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) {
4201 flags |= IWN_TX_NEED_RTS;
4202 } else if (iwn_check_rate_needs_protection(sc, vap, rate)) {
4203 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
4204 flags |= IWN_TX_NEED_CTS;
4205 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
4206 flags |= IWN_TX_NEED_RTS;
4209 /* XXX HT protection? */
4211 if (flags & (IWN_TX_NEED_RTS | IWN_TX_NEED_CTS)) {
4212 if (sc->hw_type != IWN_HW_REV_TYPE_4965) {
4213 /* 5000 autoselects RTS/CTS or CTS-to-self. */
4214 flags &= ~(IWN_TX_NEED_RTS | IWN_TX_NEED_CTS);
4215 flags |= IWN_TX_NEED_PROTECTION;
4217 flags |= IWN_TX_FULL_TXOP;
4221 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
4222 type != IEEE80211_FC0_TYPE_DATA)
4223 tx->id = sc->broadcast_id;
4227 if (type == IEEE80211_FC0_TYPE_MGT) {
4228 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
4230 /* Tell HW to set timestamp in probe responses. */
4231 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
4232 flags |= IWN_TX_INSERT_TSTAMP;
4233 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
4234 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
4235 tx->timeout = htole16(3);
4237 tx->timeout = htole16(2);
4239 tx->timeout = htole16(0);
4242 /* First segment length must be a multiple of 4. */
4243 flags |= IWN_TX_NEED_PADDING;
4244 pad = 4 - (hdrlen & 3);
4248 tx->len = htole16(totlen);
4250 tx->rts_ntries = 60;
4251 tx->data_ntries = 15;
4252 tx->lifetime = htole32(IWN_LIFETIME_INFINITE);
4253 tx->rate = iwn_rate_to_plcp(sc, ni, rate);
4254 if (tx->id == sc->broadcast_id) {
4255 /* Group or management frame. */
4258 tx->linkq = iwn_tx_rate_to_linkq_offset(sc, ni, rate);
4259 flags |= IWN_TX_LINKQ; /* enable MRR */
4262 /* Set physical address of "scratch area". */
4263 tx->loaddr = htole32(IWN_LOADDR(data->scratch_paddr));
4264 tx->hiaddr = IWN_HIADDR(data->scratch_paddr);
4266 /* Copy 802.11 header in TX command. */
4267 memcpy((uint8_t *)(tx + 1), wh, hdrlen);
4269 /* Trim 802.11 header. */
4272 tx->flags = htole32(flags);
4274 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, segs,
4275 &nsegs, BUS_DMA_NOWAIT);
4277 if (error != EFBIG) {
4278 device_printf(sc->sc_dev,
4279 "%s: can't map mbuf (error %d)\n", __func__, error);
4283 /* Too many DMA segments, linearize mbuf. */
4284 m1 = m_collapse(m, M_NOWAIT, IWN_MAX_SCATTER);
4286 device_printf(sc->sc_dev,
4287 "%s: could not defrag mbuf\n", __func__);
4293 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
4294 segs, &nsegs, BUS_DMA_NOWAIT);
4296 device_printf(sc->sc_dev,
4297 "%s: can't map mbuf (error %d)\n", __func__, error);
4306 DPRINTF(sc, IWN_DEBUG_XMIT,
4307 "%s: qid %d idx %d len %d nsegs %d rate %04x plcp 0x%08x\n",
4316 /* Fill TX descriptor. */
4319 desc->nsegs += nsegs;
4320 /* First DMA segment is used by the TX command. */
4321 desc->segs[0].addr = htole32(IWN_LOADDR(data->cmd_paddr));
4322 desc->segs[0].len = htole16(IWN_HIADDR(data->cmd_paddr) |
4323 (4 + sizeof (*tx) + hdrlen + pad) << 4);
4324 /* Other DMA segments are for data payload. */
4326 for (i = 1; i <= nsegs; i++) {
4327 desc->segs[i].addr = htole32(IWN_LOADDR(seg->ds_addr));
4328 desc->segs[i].len = htole16(IWN_HIADDR(seg->ds_addr) |
4333 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
4334 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map,
4335 BUS_DMASYNC_PREWRITE);
4336 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
4337 BUS_DMASYNC_PREWRITE);
4339 /* Update TX scheduler. */
4340 if (ring->qid >= sc->firstaggqueue)
4341 ops->update_sched(sc, ring->qid, ring->cur, tx->id, totlen);
4344 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT;
4345 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
4347 /* Mark TX ring as full if we reach a certain threshold. */
4348 if (++ring->queued > IWN_TX_RING_HIMARK)
4349 sc->qfullmsk |= 1 << ring->qid;
4351 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
4357 iwn_tx_data_raw(struct iwn_softc *sc, struct mbuf *m,
4358 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params)
4360 struct iwn_ops *ops = &sc->ops;
4361 // struct ifnet *ifp = sc->sc_ifp;
4362 struct ieee80211vap *vap = ni->ni_vap;
4363 // struct ieee80211com *ic = ifp->if_l2com;
4364 struct iwn_tx_cmd *cmd;
4365 struct iwn_cmd_data *tx;
4366 struct ieee80211_frame *wh;
4367 struct iwn_tx_ring *ring;
4368 struct iwn_tx_desc *desc;
4369 struct iwn_tx_data *data;
4371 bus_dma_segment_t *seg, segs[IWN_MAX_SCATTER];
4374 int ac, totlen, error, pad, nsegs = 0, i, rate;
4377 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
4379 IWN_LOCK_ASSERT(sc);
4381 wh = mtod(m, struct ieee80211_frame *);
4382 hdrlen = ieee80211_anyhdrsize(wh);
4383 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
4385 ac = params->ibp_pri & 3;
4387 ring = &sc->txq[ac];
4388 desc = &ring->desc[ring->cur];
4389 data = &ring->data[ring->cur];
4391 /* Choose a TX rate. */
4392 rate = params->ibp_rate0;
4393 totlen = m->m_pkthdr.len;
4395 /* Prepare TX firmware command. */
4396 cmd = &ring->cmd[ring->cur];
4397 cmd->code = IWN_CMD_TX_DATA;
4399 cmd->qid = ring->qid;
4400 cmd->idx = ring->cur;
4402 tx = (struct iwn_cmd_data *)cmd->data;
4403 /* NB: No need to clear tx, all fields are reinitialized here. */
4404 tx->scratch = 0; /* clear "scratch" area */
4407 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
4408 flags |= IWN_TX_NEED_ACK;
4409 if (params->ibp_flags & IEEE80211_BPF_RTS) {
4410 if (sc->hw_type != IWN_HW_REV_TYPE_4965) {
4411 /* 5000 autoselects RTS/CTS or CTS-to-self. */
4412 flags &= ~IWN_TX_NEED_RTS;
4413 flags |= IWN_TX_NEED_PROTECTION;
4415 flags |= IWN_TX_NEED_RTS | IWN_TX_FULL_TXOP;
4417 if (params->ibp_flags & IEEE80211_BPF_CTS) {
4418 if (sc->hw_type != IWN_HW_REV_TYPE_4965) {
4419 /* 5000 autoselects RTS/CTS or CTS-to-self. */
4420 flags &= ~IWN_TX_NEED_CTS;
4421 flags |= IWN_TX_NEED_PROTECTION;
4423 flags |= IWN_TX_NEED_CTS | IWN_TX_FULL_TXOP;
4425 if (type == IEEE80211_FC0_TYPE_MGT) {
4426 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
4428 /* Tell HW to set timestamp in probe responses. */
4429 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
4430 flags |= IWN_TX_INSERT_TSTAMP;
4432 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
4433 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
4434 tx->timeout = htole16(3);
4436 tx->timeout = htole16(2);
4438 tx->timeout = htole16(0);
4441 /* First segment length must be a multiple of 4. */
4442 flags |= IWN_TX_NEED_PADDING;
4443 pad = 4 - (hdrlen & 3);
4447 if (ieee80211_radiotap_active_vap(vap)) {
4448 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap;
4451 tap->wt_rate = rate;
4453 ieee80211_radiotap_tx(vap, m);
4456 tx->len = htole16(totlen);
4458 tx->id = sc->broadcast_id;
4459 tx->rts_ntries = params->ibp_try1;
4460 tx->data_ntries = params->ibp_try0;
4461 tx->lifetime = htole32(IWN_LIFETIME_INFINITE);
4462 tx->rate = iwn_rate_to_plcp(sc, ni, rate);
4464 /* Group or management frame. */
4467 /* Set physical address of "scratch area". */
4468 tx->loaddr = htole32(IWN_LOADDR(data->scratch_paddr));
4469 tx->hiaddr = IWN_HIADDR(data->scratch_paddr);
4471 /* Copy 802.11 header in TX command. */
4472 memcpy((uint8_t *)(tx + 1), wh, hdrlen);
4474 /* Trim 802.11 header. */
4477 tx->flags = htole32(flags);
4479 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, segs,
4480 &nsegs, BUS_DMA_NOWAIT);
4482 if (error != EFBIG) {
4483 device_printf(sc->sc_dev,
4484 "%s: can't map mbuf (error %d)\n", __func__, error);
4488 /* Too many DMA segments, linearize mbuf. */
4489 m1 = m_collapse(m, M_NOWAIT, IWN_MAX_SCATTER);
4491 device_printf(sc->sc_dev,
4492 "%s: could not defrag mbuf\n", __func__);
4498 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
4499 segs, &nsegs, BUS_DMA_NOWAIT);
4501 device_printf(sc->sc_dev,
4502 "%s: can't map mbuf (error %d)\n", __func__, error);
4511 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n",
4512 __func__, ring->qid, ring->cur, m->m_pkthdr.len, nsegs);
4514 /* Fill TX descriptor. */
4517 desc->nsegs += nsegs;
4518 /* First DMA segment is used by the TX command. */
4519 desc->segs[0].addr = htole32(IWN_LOADDR(data->cmd_paddr));
4520 desc->segs[0].len = htole16(IWN_HIADDR(data->cmd_paddr) |
4521 (4 + sizeof (*tx) + hdrlen + pad) << 4);
4522 /* Other DMA segments are for data payload. */
4524 for (i = 1; i <= nsegs; i++) {
4525 desc->segs[i].addr = htole32(IWN_LOADDR(seg->ds_addr));
4526 desc->segs[i].len = htole16(IWN_HIADDR(seg->ds_addr) |
4531 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
4532 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map,
4533 BUS_DMASYNC_PREWRITE);
4534 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
4535 BUS_DMASYNC_PREWRITE);
4537 /* Update TX scheduler. */
4538 if (ring->qid >= sc->firstaggqueue)
4539 ops->update_sched(sc, ring->qid, ring->cur, tx->id, totlen);
4542 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT;
4543 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
4545 /* Mark TX ring as full if we reach a certain threshold. */
4546 if (++ring->queued > IWN_TX_RING_HIMARK)
4547 sc->qfullmsk |= 1 << ring->qid;
4549 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
4555 iwn_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
4556 const struct ieee80211_bpf_params *params)
4558 struct ieee80211com *ic = ni->ni_ic;
4559 struct ifnet *ifp = ic->ic_ifp;
4560 struct iwn_softc *sc = ifp->if_softc;
4563 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
4565 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
4566 ieee80211_free_node(ni);
4572 if (params == NULL) {
4574 * Legacy path; interpret frame contents to decide
4575 * precisely how to send the frame.
4577 error = iwn_tx_data(sc, m, ni);
4580 * Caller supplied explicit parameters to use in
4581 * sending the frame.
4583 error = iwn_tx_data_raw(sc, m, ni, params);
4586 /* NB: m is reclaimed on tx failure */
4587 ieee80211_free_node(ni);
4590 sc->sc_tx_timer = 5;
4594 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
4600 iwn_start(struct ifnet *ifp)
4602 struct iwn_softc *sc = ifp->if_softc;
4605 iwn_start_locked(ifp);
4610 iwn_start_locked(struct ifnet *ifp)
4612 struct iwn_softc *sc = ifp->if_softc;
4613 struct ieee80211_node *ni;
4616 IWN_LOCK_ASSERT(sc);
4618 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
4619 (ifp->if_drv_flags & IFF_DRV_OACTIVE))
4623 if (sc->qfullmsk != 0) {
4624 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
4627 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
4630 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
4631 if (iwn_tx_data(sc, m, ni) != 0) {
4632 ieee80211_free_node(ni);
4636 sc->sc_tx_timer = 5;
4641 iwn_watchdog(void *arg)
4643 struct iwn_softc *sc = arg;
4644 struct ifnet *ifp = sc->sc_ifp;
4645 struct ieee80211com *ic = ifp->if_l2com;
4647 IWN_LOCK_ASSERT(sc);
4649 KASSERT(ifp->if_drv_flags & IFF_DRV_RUNNING, ("not running"));
4651 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
4653 if (sc->sc_tx_timer > 0) {
4654 if (--sc->sc_tx_timer == 0) {
4655 if_printf(ifp, "device timeout\n");
4656 ieee80211_runtask(ic, &sc->sc_reinit_task);
4660 callout_reset(&sc->watchdog_to, hz, iwn_watchdog, sc);
4664 iwn_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
4666 struct iwn_softc *sc = ifp->if_softc;
4667 struct ieee80211com *ic = ifp->if_l2com;
4668 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4669 struct ifreq *ifr = (struct ifreq *) data;
4670 int error = 0, startall = 0, stop = 0;
4674 error = ether_ioctl(ifp, cmd, data);
4678 if (ifp->if_flags & IFF_UP) {
4679 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
4680 iwn_init_locked(sc);
4681 if (IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_RFKILL)
4687 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
4688 iwn_stop_locked(sc);
4692 ieee80211_start_all(ic);
4693 else if (vap != NULL && stop)
4694 ieee80211_stop(vap);
4697 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
4707 * Send a command to the firmware.
4710 iwn_cmd(struct iwn_softc *sc, int code, const void *buf, int size, int async)
4712 struct iwn_tx_ring *ring;
4713 struct iwn_tx_desc *desc;
4714 struct iwn_tx_data *data;
4715 struct iwn_tx_cmd *cmd;
4721 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
4724 IWN_LOCK_ASSERT(sc);
4726 if (sc->sc_flags & IWN_FLAG_PAN_SUPPORT)
4727 cmd_queue_num = IWN_PAN_CMD_QUEUE;
4729 cmd_queue_num = IWN_CMD_QUEUE_NUM;
4731 ring = &sc->txq[cmd_queue_num];
4732 desc = &ring->desc[ring->cur];
4733 data = &ring->data[ring->cur];
4736 if (size > sizeof cmd->data) {
4737 /* Command is too large to fit in a descriptor. */
4738 if (totlen > MCLBYTES)
4740 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE);
4743 cmd = mtod(m, struct iwn_tx_cmd *);
4744 error = bus_dmamap_load(ring->data_dmat, data->map, cmd,
4745 totlen, iwn_dma_map_addr, &paddr, BUS_DMA_NOWAIT);
4752 cmd = &ring->cmd[ring->cur];
4753 paddr = data->cmd_paddr;
4758 cmd->qid = ring->qid;
4759 cmd->idx = ring->cur;
4760 memcpy(cmd->data, buf, size);
4763 desc->segs[0].addr = htole32(IWN_LOADDR(paddr));
4764 desc->segs[0].len = htole16(IWN_HIADDR(paddr) | totlen << 4);
4766 DPRINTF(sc, IWN_DEBUG_CMD, "%s: %s (0x%x) flags %d qid %d idx %d\n",
4767 __func__, iwn_intr_str(cmd->code), cmd->code,
4768 cmd->flags, cmd->qid, cmd->idx);
4770 if (size > sizeof cmd->data) {
4771 bus_dmamap_sync(ring->data_dmat, data->map,
4772 BUS_DMASYNC_PREWRITE);
4774 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map,
4775 BUS_DMASYNC_PREWRITE);
4777 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
4778 BUS_DMASYNC_PREWRITE);
4780 /* Kick command ring. */
4781 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT;
4782 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
4784 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
4786 return async ? 0 : msleep(desc, &sc->sc_mtx, PCATCH, "iwncmd", hz);
4790 iwn4965_add_node(struct iwn_softc *sc, struct iwn_node_info *node, int async)
4792 struct iwn4965_node_info hnode;
4795 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
4798 * We use the node structure for 5000 Series internally (it is
4799 * a superset of the one for 4965AGN). We thus copy the common
4800 * fields before sending the command.
4802 src = (caddr_t)node;
4803 dst = (caddr_t)&hnode;
4804 memcpy(dst, src, 48);
4805 /* Skip TSC, RX MIC and TX MIC fields from ``src''. */
4806 memcpy(dst + 48, src + 72, 20);
4807 return iwn_cmd(sc, IWN_CMD_ADD_NODE, &hnode, sizeof hnode, async);
4811 iwn5000_add_node(struct iwn_softc *sc, struct iwn_node_info *node, int async)
4814 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
4816 /* Direct mapping. */
4817 return iwn_cmd(sc, IWN_CMD_ADD_NODE, node, sizeof (*node), async);
4821 iwn_set_link_quality(struct iwn_softc *sc, struct ieee80211_node *ni)
4823 #define RV(v) ((v) & IEEE80211_RATE_VAL)
4824 struct iwn_node *wn = (void *)ni;
4825 struct ieee80211_rateset *rs;
4826 struct iwn_cmd_link_quality linkq;
4828 int i, rate, txrate;
4831 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
4833 /* Use the first valid TX antenna. */
4834 txant = IWN_LSB(sc->txchainmask);
4836 memset(&linkq, 0, sizeof linkq);
4838 linkq.antmsk_1stream = txant;
4841 * The '2 stream' setup is a bit .. odd.
4843 * For NICs that support only 1 antenna, default to IWN_ANT_AB or
4844 * the firmware panics (eg Intel 5100.)
4846 * For NICs that support two antennas, we use ANT_AB.
4848 * For NICs that support three antennas, we use the two that
4849 * wasn't the default one.
4851 * XXX TODO: if bluetooth (full concurrent) is enabled, restrict
4852 * this to only one antenna.
4855 /* So - if there's no secondary antenna, assume IWN_ANT_AB */
4857 /* Default - transmit on the other antennas */
4858 linkq.antmsk_2stream = (sc->txchainmask & ~IWN_LSB(sc->txchainmask));
4860 /* Now, if it's zero, set it to IWN_ANT_AB, so to not panic firmware */
4861 if (linkq.antmsk_2stream == 0)
4862 linkq.antmsk_2stream = IWN_ANT_AB;
4865 * If the NIC is a two-stream TX NIC, configure the TX mask to
4866 * the default chainmask
4868 else if (sc->ntxchains == 2)
4869 linkq.antmsk_2stream = sc->txchainmask;
4871 linkq.ampdu_max = 32; /* XXX negotiated? */
4872 linkq.ampdu_threshold = 3;
4873 linkq.ampdu_limit = htole16(4000); /* 4ms */
4875 DPRINTF(sc, IWN_DEBUG_XMIT,
4876 "%s: 1stream antenna=0x%02x, 2stream antenna=0x%02x, ntxstreams=%d\n",
4878 linkq.antmsk_1stream,
4879 linkq.antmsk_2stream,
4883 * Are we using 11n rates? Ensure the channel is
4884 * 11n _and_ we have some 11n rates, or don't
4887 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) && ni->ni_htrates.rs_nrates > 0) {
4888 rs = (struct ieee80211_rateset *) &ni->ni_htrates;
4895 /* Start at highest available bit-rate. */
4897 * XXX this is all very dirty!
4900 txrate = ni->ni_htrates.rs_nrates - 1;
4902 txrate = rs->rs_nrates - 1;
4903 for (i = 0; i < IWN_MAX_TX_RETRIES; i++) {
4907 rate = IEEE80211_RATE_MCS | rs->rs_rates[txrate];
4909 rate = RV(rs->rs_rates[txrate]);
4911 DPRINTF(sc, IWN_DEBUG_XMIT,
4912 "%s: i=%d, txrate=%d, rate=0x%02x\n",
4918 /* Do rate -> PLCP config mapping */
4919 plcp = iwn_rate_to_plcp(sc, ni, rate);
4920 linkq.retry[i] = plcp;
4923 * The mimo field is an index into the table which
4924 * indicates the first index where it and subsequent entries
4925 * will not be using MIMO.
4927 * Since we're filling linkq from 0..15 and we're filling
4928 * from the higest MCS rates to the lowest rates, if we
4929 * _are_ doing a dual-stream rate, set mimo to idx+1 (ie,
4930 * the next entry.) That way if the next entry is a non-MIMO
4931 * entry, we're already pointing at it.
4933 if ((le32toh(plcp) & IWN_RFLAG_MCS) &&
4934 RV(le32toh(plcp)) > 7)
4937 /* Next retry at immediate lower bit-rate. */
4942 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
4944 return iwn_cmd(sc, IWN_CMD_LINK_QUALITY, &linkq, sizeof linkq, 1);
4949 * Broadcast node is used to send group-addressed and management frames.
4952 iwn_add_broadcast_node(struct iwn_softc *sc, int async)
4954 struct iwn_ops *ops = &sc->ops;
4955 struct ifnet *ifp = sc->sc_ifp;
4956 struct ieee80211com *ic = ifp->if_l2com;
4957 struct iwn_node_info node;
4958 struct iwn_cmd_link_quality linkq;
4962 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
4964 sc->rxon = &sc->rx_on[IWN_RXON_BSS_CTX];
4966 memset(&node, 0, sizeof node);
4967 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr);
4968 node.id = sc->broadcast_id;
4969 DPRINTF(sc, IWN_DEBUG_RESET, "%s: adding broadcast node\n", __func__);
4970 if ((error = ops->add_node(sc, &node, async)) != 0)
4973 /* Use the first valid TX antenna. */
4974 txant = IWN_LSB(sc->txchainmask);
4976 memset(&linkq, 0, sizeof linkq);
4977 linkq.id = sc->broadcast_id;
4978 linkq.antmsk_1stream = txant;
4979 linkq.antmsk_2stream = IWN_ANT_AB;
4980 linkq.ampdu_max = 64;
4981 linkq.ampdu_threshold = 3;
4982 linkq.ampdu_limit = htole16(4000); /* 4ms */
4984 /* Use lowest mandatory bit-rate. */
4985 if (IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan))
4986 linkq.retry[0] = htole32(0xd);
4988 linkq.retry[0] = htole32(10 | IWN_RFLAG_CCK);
4989 linkq.retry[0] |= htole32(IWN_RFLAG_ANT(txant));
4990 /* Use same bit-rate for all TX retries. */
4991 for (i = 1; i < IWN_MAX_TX_RETRIES; i++) {
4992 linkq.retry[i] = linkq.retry[0];
4995 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
4997 return iwn_cmd(sc, IWN_CMD_LINK_QUALITY, &linkq, sizeof linkq, async);
5001 iwn_updateedca(struct ieee80211com *ic)
5003 #define IWN_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */
5004 struct iwn_softc *sc = ic->ic_ifp->if_softc;
5005 struct iwn_edca_params cmd;
5008 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
5010 memset(&cmd, 0, sizeof cmd);
5011 cmd.flags = htole32(IWN_EDCA_UPDATE);
5012 for (aci = 0; aci < WME_NUM_AC; aci++) {
5013 const struct wmeParams *ac =
5014 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci];
5015 cmd.ac[aci].aifsn = ac->wmep_aifsn;
5016 cmd.ac[aci].cwmin = htole16(IWN_EXP2(ac->wmep_logcwmin));
5017 cmd.ac[aci].cwmax = htole16(IWN_EXP2(ac->wmep_logcwmax));
5018 cmd.ac[aci].txoplimit =
5019 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit));
5021 IEEE80211_UNLOCK(ic);
5023 (void)iwn_cmd(sc, IWN_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1);
5027 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
5034 iwn_update_mcast(struct ifnet *ifp)
5040 iwn_set_led(struct iwn_softc *sc, uint8_t which, uint8_t off, uint8_t on)
5042 struct iwn_cmd_led led;
5044 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5047 /* XXX don't set LEDs during scan? */
5048 if (sc->sc_is_scanning)
5052 /* Clear microcode LED ownership. */
5053 IWN_CLRBITS(sc, IWN_LED, IWN_LED_BSM_CTRL);
5056 led.unit = htole32(10000); /* on/off in unit of 100ms */
5059 (void)iwn_cmd(sc, IWN_CMD_SET_LED, &led, sizeof led, 1);
5063 * Set the critical temperature at which the firmware will stop the radio
5067 iwn_set_critical_temp(struct iwn_softc *sc)
5069 struct iwn_critical_temp crit;
5072 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5074 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_CTEMP_STOP_RF);
5076 if (sc->hw_type == IWN_HW_REV_TYPE_5150)
5077 temp = (IWN_CTOK(110) - sc->temp_off) * -5;
5078 else if (sc->hw_type == IWN_HW_REV_TYPE_4965)
5079 temp = IWN_CTOK(110);
5082 memset(&crit, 0, sizeof crit);
5083 crit.tempR = htole32(temp);
5084 DPRINTF(sc, IWN_DEBUG_RESET, "setting critical temp to %d\n", temp);
5085 return iwn_cmd(sc, IWN_CMD_SET_CRITICAL_TEMP, &crit, sizeof crit, 0);
5089 iwn_set_timing(struct iwn_softc *sc, struct ieee80211_node *ni)
5091 struct iwn_cmd_timing cmd;
5094 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5096 memset(&cmd, 0, sizeof cmd);
5097 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t));
5098 cmd.bintval = htole16(ni->ni_intval);
5099 cmd.lintval = htole16(10);
5101 /* Compute remaining time until next beacon. */
5102 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU;
5103 mod = le64toh(cmd.tstamp) % val;
5104 cmd.binitval = htole32((uint32_t)(val - mod));
5106 DPRINTF(sc, IWN_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n",
5107 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod));
5109 return iwn_cmd(sc, IWN_CMD_TIMING, &cmd, sizeof cmd, 1);
5113 iwn4965_power_calibration(struct iwn_softc *sc, int temp)
5115 struct ifnet *ifp = sc->sc_ifp;
5116 struct ieee80211com *ic = ifp->if_l2com;
5118 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5120 /* Adjust TX power if need be (delta >= 3 degC). */
5121 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: temperature %d->%d\n",
5122 __func__, sc->temp, temp);
5123 if (abs(temp - sc->temp) >= 3) {
5124 /* Record temperature of last calibration. */
5126 (void)iwn4965_set_txpower(sc, ic->ic_bsschan, 1);
5131 * Set TX power for current channel (each rate has its own power settings).
5132 * This function takes into account the regulatory information from EEPROM,
5133 * the current temperature and the current voltage.
5136 iwn4965_set_txpower(struct iwn_softc *sc, struct ieee80211_channel *ch,
5139 /* Fixed-point arithmetic division using a n-bit fractional part. */
5140 #define fdivround(a, b, n) \
5141 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n))
5142 /* Linear interpolation. */
5143 #define interpolate(x, x1, y1, x2, y2, n) \
5144 ((y1) + fdivround(((int)(x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n))
5146 static const int tdiv[IWN_NATTEN_GROUPS] = { 9, 8, 8, 8, 6 };
5147 struct iwn_ucode_info *uc = &sc->ucode_info;
5148 struct iwn4965_cmd_txpower cmd;
5149 struct iwn4965_eeprom_chan_samples *chans;
5150 const uint8_t *rf_gain, *dsp_gain;
5151 int32_t vdiff, tdiff;
5152 int i, c, grp, maxpwr;
5155 sc->rxon = &sc->rx_on[IWN_RXON_BSS_CTX];
5156 /* Retrieve current channel from last RXON. */
5157 chan = sc->rxon->chan;
5158 DPRINTF(sc, IWN_DEBUG_RESET, "setting TX power for channel %d\n",
5161 memset(&cmd, 0, sizeof cmd);
5162 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1;
5165 if (IEEE80211_IS_CHAN_5GHZ(ch)) {
5166 maxpwr = sc->maxpwr5GHz;
5167 rf_gain = iwn4965_rf_gain_5ghz;
5168 dsp_gain = iwn4965_dsp_gain_5ghz;
5170 maxpwr = sc->maxpwr2GHz;
5171 rf_gain = iwn4965_rf_gain_2ghz;
5172 dsp_gain = iwn4965_dsp_gain_2ghz;
5175 /* Compute voltage compensation. */
5176 vdiff = ((int32_t)le32toh(uc->volt) - sc->eeprom_voltage) / 7;
5181 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
5182 "%s: voltage compensation=%d (UCODE=%d, EEPROM=%d)\n",
5183 __func__, vdiff, le32toh(uc->volt), sc->eeprom_voltage);
5185 /* Get channel attenuation group. */
5186 if (chan <= 20) /* 1-20 */
5188 else if (chan <= 43) /* 34-43 */
5190 else if (chan <= 70) /* 44-70 */
5192 else if (chan <= 124) /* 71-124 */
5196 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
5197 "%s: chan %d, attenuation group=%d\n", __func__, chan, grp);
5199 /* Get channel sub-band. */
5200 for (i = 0; i < IWN_NBANDS; i++)
5201 if (sc->bands[i].lo != 0 &&
5202 sc->bands[i].lo <= chan && chan <= sc->bands[i].hi)
5204 if (i == IWN_NBANDS) /* Can't happen in real-life. */
5206 chans = sc->bands[i].chans;
5207 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
5208 "%s: chan %d sub-band=%d\n", __func__, chan, i);
5210 for (c = 0; c < 2; c++) {
5211 uint8_t power, gain, temp;
5212 int maxchpwr, pwr, ridx, idx;
5214 power = interpolate(chan,
5215 chans[0].num, chans[0].samples[c][1].power,
5216 chans[1].num, chans[1].samples[c][1].power, 1);
5217 gain = interpolate(chan,
5218 chans[0].num, chans[0].samples[c][1].gain,
5219 chans[1].num, chans[1].samples[c][1].gain, 1);
5220 temp = interpolate(chan,
5221 chans[0].num, chans[0].samples[c][1].temp,
5222 chans[1].num, chans[1].samples[c][1].temp, 1);
5223 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
5224 "%s: Tx chain %d: power=%d gain=%d temp=%d\n",
5225 __func__, c, power, gain, temp);
5227 /* Compute temperature compensation. */
5228 tdiff = ((sc->temp - temp) * 2) / tdiv[grp];
5229 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
5230 "%s: temperature compensation=%d (current=%d, EEPROM=%d)\n",
5231 __func__, tdiff, sc->temp, temp);
5233 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) {
5234 /* Convert dBm to half-dBm. */
5235 maxchpwr = sc->maxpwr[chan] * 2;
5237 maxchpwr -= 6; /* MIMO 2T: -3dB */
5241 /* Adjust TX power based on rate. */
5242 if ((ridx % 8) == 5)
5243 pwr -= 15; /* OFDM48: -7.5dB */
5244 else if ((ridx % 8) == 6)
5245 pwr -= 17; /* OFDM54: -8.5dB */
5246 else if ((ridx % 8) == 7)
5247 pwr -= 20; /* OFDM60: -10dB */
5249 pwr -= 10; /* Others: -5dB */
5251 /* Do not exceed channel max TX power. */
5255 idx = gain - (pwr - power) - tdiff - vdiff;
5256 if ((ridx / 8) & 1) /* MIMO */
5257 idx += (int32_t)le32toh(uc->atten[grp][c]);
5260 idx += 9; /* 5GHz */
5261 if (ridx == IWN_RIDX_MAX)
5264 /* Make sure idx stays in a valid range. */
5267 else if (idx > IWN4965_MAX_PWR_INDEX)
5268 idx = IWN4965_MAX_PWR_INDEX;
5270 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
5271 "%s: Tx chain %d, rate idx %d: power=%d\n",
5272 __func__, c, ridx, idx);
5273 cmd.power[ridx].rf_gain[c] = rf_gain[idx];
5274 cmd.power[ridx].dsp_gain[c] = dsp_gain[idx];
5278 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
5279 "%s: set tx power for chan %d\n", __func__, chan);
5280 return iwn_cmd(sc, IWN_CMD_TXPOWER, &cmd, sizeof cmd, async);
5287 iwn5000_set_txpower(struct iwn_softc *sc, struct ieee80211_channel *ch,
5290 struct iwn5000_cmd_txpower cmd;
5292 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5295 * TX power calibration is handled automatically by the firmware
5298 memset(&cmd, 0, sizeof cmd);
5299 cmd.global_limit = 2 * IWN5000_TXPOWER_MAX_DBM; /* 16 dBm */
5300 cmd.flags = IWN5000_TXPOWER_NO_CLOSED;
5301 cmd.srv_limit = IWN5000_TXPOWER_AUTO;
5302 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: setting TX power\n", __func__);
5303 return iwn_cmd(sc, IWN_CMD_TXPOWER_DBM, &cmd, sizeof cmd, async);
5307 * Retrieve the maximum RSSI (in dBm) among receivers.
5310 iwn4965_get_rssi(struct iwn_softc *sc, struct iwn_rx_stat *stat)
5312 struct iwn4965_rx_phystat *phy = (void *)stat->phybuf;
5316 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5318 mask = (le16toh(phy->antenna) >> 4) & IWN_ANT_ABC;
5319 agc = (le16toh(phy->agc) >> 7) & 0x7f;
5322 if (mask & IWN_ANT_A)
5323 rssi = MAX(rssi, phy->rssi[0]);
5324 if (mask & IWN_ANT_B)
5325 rssi = MAX(rssi, phy->rssi[2]);
5326 if (mask & IWN_ANT_C)
5327 rssi = MAX(rssi, phy->rssi[4]);
5329 DPRINTF(sc, IWN_DEBUG_RECV,
5330 "%s: agc %d mask 0x%x rssi %d %d %d result %d\n", __func__, agc,
5331 mask, phy->rssi[0], phy->rssi[2], phy->rssi[4],
5332 rssi - agc - IWN_RSSI_TO_DBM);
5333 return rssi - agc - IWN_RSSI_TO_DBM;
5337 iwn5000_get_rssi(struct iwn_softc *sc, struct iwn_rx_stat *stat)
5339 struct iwn5000_rx_phystat *phy = (void *)stat->phybuf;
5343 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5345 agc = (le32toh(phy->agc) >> 9) & 0x7f;
5347 rssi = MAX(le16toh(phy->rssi[0]) & 0xff,
5348 le16toh(phy->rssi[1]) & 0xff);
5349 rssi = MAX(le16toh(phy->rssi[2]) & 0xff, rssi);
5351 DPRINTF(sc, IWN_DEBUG_RECV,
5352 "%s: agc %d rssi %d %d %d result %d\n", __func__, agc,
5353 phy->rssi[0], phy->rssi[1], phy->rssi[2],
5354 rssi - agc - IWN_RSSI_TO_DBM);
5355 return rssi - agc - IWN_RSSI_TO_DBM;
5359 * Retrieve the average noise (in dBm) among receivers.
5362 iwn_get_noise(const struct iwn_rx_general_stats *stats)
5364 int i, total, nbant, noise;
5367 for (i = 0; i < 3; i++) {
5368 if ((noise = le32toh(stats->noise[i]) & 0xff) == 0)
5373 /* There should be at least one antenna but check anyway. */
5374 return (nbant == 0) ? -127 : (total / nbant) - 107;
5378 * Compute temperature (in degC) from last received statistics.
5381 iwn4965_get_temperature(struct iwn_softc *sc)
5383 struct iwn_ucode_info *uc = &sc->ucode_info;
5384 int32_t r1, r2, r3, r4, temp;
5386 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5388 r1 = le32toh(uc->temp[0].chan20MHz);
5389 r2 = le32toh(uc->temp[1].chan20MHz);
5390 r3 = le32toh(uc->temp[2].chan20MHz);
5391 r4 = le32toh(sc->rawtemp);
5393 if (r1 == r3) /* Prevents division by 0 (should not happen). */
5396 /* Sign-extend 23-bit R4 value to 32-bit. */
5397 r4 = ((r4 & 0xffffff) ^ 0x800000) - 0x800000;
5398 /* Compute temperature in Kelvin. */
5399 temp = (259 * (r4 - r2)) / (r3 - r1);
5400 temp = (temp * 97) / 100 + 8;
5402 DPRINTF(sc, IWN_DEBUG_ANY, "temperature %dK/%dC\n", temp,
5404 return IWN_KTOC(temp);
5408 iwn5000_get_temperature(struct iwn_softc *sc)
5412 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5415 * Temperature is not used by the driver for 5000 Series because
5416 * TX power calibration is handled by firmware.
5418 temp = le32toh(sc->rawtemp);
5419 if (sc->hw_type == IWN_HW_REV_TYPE_5150) {
5420 temp = (temp / -5) + sc->temp_off;
5421 temp = IWN_KTOC(temp);
5427 * Initialize sensitivity calibration state machine.
5430 iwn_init_sensitivity(struct iwn_softc *sc)
5432 struct iwn_ops *ops = &sc->ops;
5433 struct iwn_calib_state *calib = &sc->calib;
5437 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5439 /* Reset calibration state machine. */
5440 memset(calib, 0, sizeof (*calib));
5441 calib->state = IWN_CALIB_STATE_INIT;
5442 calib->cck_state = IWN_CCK_STATE_HIFA;
5443 /* Set initial correlation values. */
5444 calib->ofdm_x1 = sc->limits->min_ofdm_x1;
5445 calib->ofdm_mrc_x1 = sc->limits->min_ofdm_mrc_x1;
5446 calib->ofdm_x4 = sc->limits->min_ofdm_x4;
5447 calib->ofdm_mrc_x4 = sc->limits->min_ofdm_mrc_x4;
5448 calib->cck_x4 = 125;
5449 calib->cck_mrc_x4 = sc->limits->min_cck_mrc_x4;
5450 calib->energy_cck = sc->limits->energy_cck;
5452 /* Write initial sensitivity. */
5453 if ((error = iwn_send_sensitivity(sc)) != 0)
5456 /* Write initial gains. */
5457 if ((error = ops->init_gains(sc)) != 0)
5460 /* Request statistics at each beacon interval. */
5462 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: sending request for statistics\n",
5464 return iwn_cmd(sc, IWN_CMD_GET_STATISTICS, &flags, sizeof flags, 1);
5468 * Collect noise and RSSI statistics for the first 20 beacons received
5469 * after association and use them to determine connected antennas and
5470 * to set differential gains.
5473 iwn_collect_noise(struct iwn_softc *sc,
5474 const struct iwn_rx_general_stats *stats)
5476 struct iwn_ops *ops = &sc->ops;
5477 struct iwn_calib_state *calib = &sc->calib;
5478 struct ifnet *ifp = sc->sc_ifp;
5479 struct ieee80211com *ic = ifp->if_l2com;
5483 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
5485 /* Accumulate RSSI and noise for all 3 antennas. */
5486 for (i = 0; i < 3; i++) {
5487 calib->rssi[i] += le32toh(stats->rssi[i]) & 0xff;
5488 calib->noise[i] += le32toh(stats->noise[i]) & 0xff;
5490 /* NB: We update differential gains only once after 20 beacons. */
5491 if (++calib->nbeacons < 20)
5494 /* Determine highest average RSSI. */
5495 val = MAX(calib->rssi[0], calib->rssi[1]);
5496 val = MAX(calib->rssi[2], val);
5498 /* Determine which antennas are connected. */
5499 sc->chainmask = sc->rxchainmask;
5500 for (i = 0; i < 3; i++)
5501 if (val - calib->rssi[i] > 15 * 20)
5502 sc->chainmask &= ~(1 << i);
5503 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5504 "%s: RX chains mask: theoretical=0x%x, actual=0x%x\n",
5505 __func__, sc->rxchainmask, sc->chainmask);
5507 /* If none of the TX antennas are connected, keep at least one. */
5508 if ((sc->chainmask & sc->txchainmask) == 0)
5509 sc->chainmask |= IWN_LSB(sc->txchainmask);
5511 (void)ops->set_gains(sc);
5512 calib->state = IWN_CALIB_STATE_RUN;
5515 /* XXX Disable RX chains with no antennas connected. */
5516 sc->rxon->rxchain = htole16(IWN_RXCHAIN_SEL(sc->chainmask));
5517 if (sc->sc_is_scanning)
5518 device_printf(sc->sc_dev,
5519 "%s: is_scanning set, before RXON\n",
5521 (void)iwn_cmd(sc, IWN_CMD_RXON, sc->rxon, sc->rxonsz, 1);
5524 /* Enable power-saving mode if requested by user. */
5525 if (ic->ic_flags & IEEE80211_F_PMGTON)
5526 (void)iwn_set_pslevel(sc, 0, 3, 1);
5528 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
5533 iwn4965_init_gains(struct iwn_softc *sc)
5535 struct iwn_phy_calib_gain cmd;
5537 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5539 memset(&cmd, 0, sizeof cmd);
5540 cmd.code = IWN4965_PHY_CALIB_DIFF_GAIN;
5541 /* Differential gains initially set to 0 for all 3 antennas. */
5542 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5543 "%s: setting initial differential gains\n", __func__);
5544 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1);
5548 iwn5000_init_gains(struct iwn_softc *sc)
5550 struct iwn_phy_calib cmd;
5552 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5554 memset(&cmd, 0, sizeof cmd);
5555 cmd.code = sc->reset_noise_gain;
5558 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5559 "%s: setting initial differential gains\n", __func__);
5560 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1);
5564 iwn4965_set_gains(struct iwn_softc *sc)
5566 struct iwn_calib_state *calib = &sc->calib;
5567 struct iwn_phy_calib_gain cmd;
5568 int i, delta, noise;
5570 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5572 /* Get minimal noise among connected antennas. */
5573 noise = INT_MAX; /* NB: There's at least one antenna. */
5574 for (i = 0; i < 3; i++)
5575 if (sc->chainmask & (1 << i))
5576 noise = MIN(calib->noise[i], noise);
5578 memset(&cmd, 0, sizeof cmd);
5579 cmd.code = IWN4965_PHY_CALIB_DIFF_GAIN;
5580 /* Set differential gains for connected antennas. */
5581 for (i = 0; i < 3; i++) {
5582 if (sc->chainmask & (1 << i)) {
5583 /* Compute attenuation (in unit of 1.5dB). */
5584 delta = (noise - (int32_t)calib->noise[i]) / 30;
5585 /* NB: delta <= 0 */
5586 /* Limit to [-4.5dB,0]. */
5587 cmd.gain[i] = MIN(abs(delta), 3);
5589 cmd.gain[i] |= 1 << 2; /* sign bit */
5592 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5593 "setting differential gains Ant A/B/C: %x/%x/%x (%x)\n",
5594 cmd.gain[0], cmd.gain[1], cmd.gain[2], sc->chainmask);
5595 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1);
5599 iwn5000_set_gains(struct iwn_softc *sc)
5601 struct iwn_calib_state *calib = &sc->calib;
5602 struct iwn_phy_calib_gain cmd;
5603 int i, ant, div, delta;
5605 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
5607 /* We collected 20 beacons and !=6050 need a 1.5 factor. */
5608 div = (sc->hw_type == IWN_HW_REV_TYPE_6050) ? 20 : 30;
5610 memset(&cmd, 0, sizeof cmd);
5611 cmd.code = sc->noise_gain;
5614 /* Get first available RX antenna as referential. */
5615 ant = IWN_LSB(sc->rxchainmask);
5616 /* Set differential gains for other antennas. */
5617 for (i = ant + 1; i < 3; i++) {
5618 if (sc->chainmask & (1 << i)) {
5619 /* The delta is relative to antenna "ant". */
5620 delta = ((int32_t)calib->noise[ant] -
5621 (int32_t)calib->noise[i]) / div;
5622 /* Limit to [-4.5dB,+4.5dB]. */
5623 cmd.gain[i - 1] = MIN(abs(delta), 3);
5625 cmd.gain[i - 1] |= 1 << 2; /* sign bit */
5628 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5629 "setting differential gains Ant B/C: %x/%x (%x)\n",
5630 cmd.gain[0], cmd.gain[1], sc->chainmask);
5631 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1);
5635 * Tune RF RX sensitivity based on the number of false alarms detected
5636 * during the last beacon period.
5639 iwn_tune_sensitivity(struct iwn_softc *sc, const struct iwn_rx_stats *stats)
5641 #define inc(val, inc, max) \
5642 if ((val) < (max)) { \
5643 if ((val) < (max) - (inc)) \
5649 #define dec(val, dec, min) \
5650 if ((val) > (min)) { \
5651 if ((val) > (min) + (dec)) \
5658 const struct iwn_sensitivity_limits *limits = sc->limits;
5659 struct iwn_calib_state *calib = &sc->calib;
5660 uint32_t val, rxena, fa;
5661 uint32_t energy[3], energy_min;
5662 uint8_t noise[3], noise_ref;
5663 int i, needs_update = 0;
5665 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
5667 /* Check that we've been enabled long enough. */
5668 if ((rxena = le32toh(stats->general.load)) == 0){
5669 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end not so long\n", __func__);
5673 /* Compute number of false alarms since last call for OFDM. */
5674 fa = le32toh(stats->ofdm.bad_plcp) - calib->bad_plcp_ofdm;
5675 fa += le32toh(stats->ofdm.fa) - calib->fa_ofdm;
5676 fa *= 200 * IEEE80211_DUR_TU; /* 200TU */
5678 if (fa > 50 * rxena) {
5679 /* High false alarm count, decrease sensitivity. */
5680 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5681 "%s: OFDM high false alarm count: %u\n", __func__, fa);
5682 inc(calib->ofdm_x1, 1, limits->max_ofdm_x1);
5683 inc(calib->ofdm_mrc_x1, 1, limits->max_ofdm_mrc_x1);
5684 inc(calib->ofdm_x4, 1, limits->max_ofdm_x4);
5685 inc(calib->ofdm_mrc_x4, 1, limits->max_ofdm_mrc_x4);
5687 } else if (fa < 5 * rxena) {
5688 /* Low false alarm count, increase sensitivity. */
5689 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5690 "%s: OFDM low false alarm count: %u\n", __func__, fa);
5691 dec(calib->ofdm_x1, 1, limits->min_ofdm_x1);
5692 dec(calib->ofdm_mrc_x1, 1, limits->min_ofdm_mrc_x1);
5693 dec(calib->ofdm_x4, 1, limits->min_ofdm_x4);
5694 dec(calib->ofdm_mrc_x4, 1, limits->min_ofdm_mrc_x4);
5697 /* Compute maximum noise among 3 receivers. */
5698 for (i = 0; i < 3; i++)
5699 noise[i] = (le32toh(stats->general.noise[i]) >> 8) & 0xff;
5700 val = MAX(noise[0], noise[1]);
5701 val = MAX(noise[2], val);
5702 /* Insert it into our samples table. */
5703 calib->noise_samples[calib->cur_noise_sample] = val;
5704 calib->cur_noise_sample = (calib->cur_noise_sample + 1) % 20;
5706 /* Compute maximum noise among last 20 samples. */
5707 noise_ref = calib->noise_samples[0];
5708 for (i = 1; i < 20; i++)
5709 noise_ref = MAX(noise_ref, calib->noise_samples[i]);
5711 /* Compute maximum energy among 3 receivers. */
5712 for (i = 0; i < 3; i++)
5713 energy[i] = le32toh(stats->general.energy[i]);
5714 val = MIN(energy[0], energy[1]);
5715 val = MIN(energy[2], val);
5716 /* Insert it into our samples table. */
5717 calib->energy_samples[calib->cur_energy_sample] = val;
5718 calib->cur_energy_sample = (calib->cur_energy_sample + 1) % 10;
5720 /* Compute minimum energy among last 10 samples. */
5721 energy_min = calib->energy_samples[0];
5722 for (i = 1; i < 10; i++)
5723 energy_min = MAX(energy_min, calib->energy_samples[i]);
5726 /* Compute number of false alarms since last call for CCK. */
5727 fa = le32toh(stats->cck.bad_plcp) - calib->bad_plcp_cck;
5728 fa += le32toh(stats->cck.fa) - calib->fa_cck;
5729 fa *= 200 * IEEE80211_DUR_TU; /* 200TU */
5731 if (fa > 50 * rxena) {
5732 /* High false alarm count, decrease sensitivity. */
5733 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5734 "%s: CCK high false alarm count: %u\n", __func__, fa);
5735 calib->cck_state = IWN_CCK_STATE_HIFA;
5738 if (calib->cck_x4 > 160) {
5739 calib->noise_ref = noise_ref;
5740 if (calib->energy_cck > 2)
5741 dec(calib->energy_cck, 2, energy_min);
5743 if (calib->cck_x4 < 160) {
5744 calib->cck_x4 = 161;
5747 inc(calib->cck_x4, 3, limits->max_cck_x4);
5749 inc(calib->cck_mrc_x4, 3, limits->max_cck_mrc_x4);
5751 } else if (fa < 5 * rxena) {
5752 /* Low false alarm count, increase sensitivity. */
5753 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5754 "%s: CCK low false alarm count: %u\n", __func__, fa);
5755 calib->cck_state = IWN_CCK_STATE_LOFA;
5758 if (calib->cck_state != IWN_CCK_STATE_INIT &&
5759 (((int32_t)calib->noise_ref - (int32_t)noise_ref) > 2 ||
5760 calib->low_fa > 100)) {
5761 inc(calib->energy_cck, 2, limits->min_energy_cck);
5762 dec(calib->cck_x4, 3, limits->min_cck_x4);
5763 dec(calib->cck_mrc_x4, 3, limits->min_cck_mrc_x4);
5766 /* Not worth to increase or decrease sensitivity. */
5767 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5768 "%s: CCK normal false alarm count: %u\n", __func__, fa);
5770 calib->noise_ref = noise_ref;
5772 if (calib->cck_state == IWN_CCK_STATE_HIFA) {
5773 /* Previous interval had many false alarms. */
5774 dec(calib->energy_cck, 8, energy_min);
5776 calib->cck_state = IWN_CCK_STATE_INIT;
5780 (void)iwn_send_sensitivity(sc);
5782 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
5789 iwn_send_sensitivity(struct iwn_softc *sc)
5791 struct iwn_calib_state *calib = &sc->calib;
5792 struct iwn_enhanced_sensitivity_cmd cmd;
5795 memset(&cmd, 0, sizeof cmd);
5796 len = sizeof (struct iwn_sensitivity_cmd);
5797 cmd.which = IWN_SENSITIVITY_WORKTBL;
5798 /* OFDM modulation. */
5799 cmd.corr_ofdm_x1 = htole16(calib->ofdm_x1);
5800 cmd.corr_ofdm_mrc_x1 = htole16(calib->ofdm_mrc_x1);
5801 cmd.corr_ofdm_x4 = htole16(calib->ofdm_x4);
5802 cmd.corr_ofdm_mrc_x4 = htole16(calib->ofdm_mrc_x4);
5803 cmd.energy_ofdm = htole16(sc->limits->energy_ofdm);
5804 cmd.energy_ofdm_th = htole16(62);
5805 /* CCK modulation. */
5806 cmd.corr_cck_x4 = htole16(calib->cck_x4);
5807 cmd.corr_cck_mrc_x4 = htole16(calib->cck_mrc_x4);
5808 cmd.energy_cck = htole16(calib->energy_cck);
5809 /* Barker modulation: use default values. */
5810 cmd.corr_barker = htole16(190);
5811 cmd.corr_barker_mrc = htole16(sc->limits->barker_mrc);
5813 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5814 "%s: set sensitivity %d/%d/%d/%d/%d/%d/%d\n", __func__,
5815 calib->ofdm_x1, calib->ofdm_mrc_x1, calib->ofdm_x4,
5816 calib->ofdm_mrc_x4, calib->cck_x4,
5817 calib->cck_mrc_x4, calib->energy_cck);
5819 if (!(sc->sc_flags & IWN_FLAG_ENH_SENS))
5821 /* Enhanced sensitivity settings. */
5822 len = sizeof (struct iwn_enhanced_sensitivity_cmd);
5823 cmd.ofdm_det_slope_mrc = htole16(668);
5824 cmd.ofdm_det_icept_mrc = htole16(4);
5825 cmd.ofdm_det_slope = htole16(486);
5826 cmd.ofdm_det_icept = htole16(37);
5827 cmd.cck_det_slope_mrc = htole16(853);
5828 cmd.cck_det_icept_mrc = htole16(4);
5829 cmd.cck_det_slope = htole16(476);
5830 cmd.cck_det_icept = htole16(99);
5832 return iwn_cmd(sc, IWN_CMD_SET_SENSITIVITY, &cmd, len, 1);
5836 * Look at the increase of PLCP errors over time; if it exceeds
5837 * a programmed threshold then trigger an RF retune.
5840 iwn_check_rx_recovery(struct iwn_softc *sc, struct iwn_stats *rs)
5842 int32_t delta_ofdm, delta_ht, delta_cck;
5843 struct iwn_calib_state *calib = &sc->calib;
5844 int delta_ticks, cur_ticks;
5849 * Calculate the difference between the current and
5850 * previous statistics.
5852 delta_cck = le32toh(rs->rx.cck.bad_plcp) - calib->bad_plcp_cck;
5853 delta_ofdm = le32toh(rs->rx.ofdm.bad_plcp) - calib->bad_plcp_ofdm;
5854 delta_ht = le32toh(rs->rx.ht.bad_plcp) - calib->bad_plcp_ht;
5857 * Calculate the delta in time between successive statistics
5858 * messages. Yes, it can roll over; so we make sure that
5859 * this doesn't happen.
5861 * XXX go figure out what to do about rollover
5862 * XXX go figure out what to do if ticks rolls over to -ve instead!
5863 * XXX go stab signed integer overflow undefined-ness in the face.
5866 delta_ticks = cur_ticks - sc->last_calib_ticks;
5869 * If any are negative, then the firmware likely reset; so just
5870 * bail. We'll pick this up next time.
5872 if (delta_cck < 0 || delta_ofdm < 0 || delta_ht < 0 || delta_ticks < 0)
5876 * delta_ticks is in ticks; we need to convert it up to milliseconds
5877 * so we can do some useful math with it.
5879 delta_msec = ticks_to_msecs(delta_ticks);
5882 * Calculate what our threshold is given the current delta_msec.
5884 thresh = sc->base_params->plcp_err_threshold * delta_msec;
5886 DPRINTF(sc, IWN_DEBUG_STATE,
5887 "%s: time delta: %d; cck=%d, ofdm=%d, ht=%d, total=%d, thresh=%d\n",
5893 (delta_msec + delta_cck + delta_ofdm + delta_ht),
5897 * If we need a retune, then schedule a single channel scan
5898 * to a channel that isn't the currently active one!
5900 * The math from linux iwlwifi:
5902 * if ((delta * 100 / msecs) > threshold)
5904 if (thresh > 0 && (delta_cck + delta_ofdm + delta_ht) * 100 > thresh) {
5905 device_printf(sc->sc_dev,
5906 "%s: PLCP error threshold raw (%d) comparison (%d) "
5907 "over limit (%d); retune!\n",
5909 (delta_cck + delta_ofdm + delta_ht),
5910 (delta_cck + delta_ofdm + delta_ht) * 100,
5916 * Set STA mode power saving level (between 0 and 5).
5917 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving.
5920 iwn_set_pslevel(struct iwn_softc *sc, int dtim, int level, int async)
5922 struct iwn_pmgt_cmd cmd;
5923 const struct iwn_pmgt *pmgt;
5924 uint32_t max, skip_dtim;
5928 DPRINTF(sc, IWN_DEBUG_PWRSAVE,
5929 "%s: dtim=%d, level=%d, async=%d\n",
5935 /* Select which PS parameters to use. */
5937 pmgt = &iwn_pmgt[0][level];
5938 else if (dtim <= 10)
5939 pmgt = &iwn_pmgt[1][level];
5941 pmgt = &iwn_pmgt[2][level];
5943 memset(&cmd, 0, sizeof cmd);
5944 if (level != 0) /* not CAM */
5945 cmd.flags |= htole16(IWN_PS_ALLOW_SLEEP);
5947 cmd.flags |= htole16(IWN_PS_FAST_PD);
5948 /* Retrieve PCIe Active State Power Management (ASPM). */
5949 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1);
5950 if (!(reg & 0x1)) /* L0s Entry disabled. */
5951 cmd.flags |= htole16(IWN_PS_PCI_PMGT);
5952 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024);
5953 cmd.txtimeout = htole32(pmgt->txtimeout * 1024);
5959 skip_dtim = pmgt->skip_dtim;
5960 if (skip_dtim != 0) {
5961 cmd.flags |= htole16(IWN_PS_SLEEP_OVER_DTIM);
5962 max = pmgt->intval[4];
5963 if (max == (uint32_t)-1)
5964 max = dtim * (skip_dtim + 1);
5965 else if (max > dtim)
5966 max = (max / dtim) * dtim;
5969 for (i = 0; i < 5; i++)
5970 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i]));
5972 DPRINTF(sc, IWN_DEBUG_RESET, "setting power saving level to %d\n",
5974 return iwn_cmd(sc, IWN_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async);
5978 iwn_send_btcoex(struct iwn_softc *sc)
5980 struct iwn_bluetooth cmd;
5982 memset(&cmd, 0, sizeof cmd);
5983 cmd.flags = IWN_BT_COEX_CHAN_ANN | IWN_BT_COEX_BT_PRIO;
5984 cmd.lead_time = IWN_BT_LEAD_TIME_DEF;
5985 cmd.max_kill = IWN_BT_MAX_KILL_DEF;
5986 DPRINTF(sc, IWN_DEBUG_RESET, "%s: configuring bluetooth coexistence\n",
5988 return iwn_cmd(sc, IWN_CMD_BT_COEX, &cmd, sizeof(cmd), 0);
5992 iwn_send_advanced_btcoex(struct iwn_softc *sc)
5994 static const uint32_t btcoex_3wire[12] = {
5995 0xaaaaaaaa, 0xaaaaaaaa, 0xaeaaaaaa, 0xaaaaaaaa,
5996 0xcc00ff28, 0x0000aaaa, 0xcc00aaaa, 0x0000aaaa,
5997 0xc0004000, 0x00004000, 0xf0005000, 0xf0005000,
5999 struct iwn6000_btcoex_config btconfig;
6000 struct iwn2000_btcoex_config btconfig2k;
6001 struct iwn_btcoex_priotable btprio;
6002 struct iwn_btcoex_prot btprot;
6006 memset(&btconfig, 0, sizeof btconfig);
6007 memset(&btconfig2k, 0, sizeof btconfig2k);
6009 flags = IWN_BT_FLAG_COEX6000_MODE_3W <<
6010 IWN_BT_FLAG_COEX6000_MODE_SHIFT; // Done as is in linux kernel 3.2
6012 if (sc->base_params->bt_sco_disable)
6013 flags &= ~IWN_BT_FLAG_SYNC_2_BT_DISABLE;
6015 flags |= IWN_BT_FLAG_SYNC_2_BT_DISABLE;
6017 flags |= IWN_BT_FLAG_COEX6000_CHAN_INHIBITION;
6019 /* Default flags result is 145 as old value */
6022 * Flags value has to be review. Values must change if we
6023 * which to disable it
6025 if (sc->base_params->bt_session_2) {
6026 btconfig2k.flags = flags;
6027 btconfig2k.max_kill = 5;
6028 btconfig2k.bt3_t7_timer = 1;
6029 btconfig2k.kill_ack = htole32(0xffff0000);
6030 btconfig2k.kill_cts = htole32(0xffff0000);
6031 btconfig2k.sample_time = 2;
6032 btconfig2k.bt3_t2_timer = 0xc;
6034 for (i = 0; i < 12; i++)
6035 btconfig2k.lookup_table[i] = htole32(btcoex_3wire[i]);
6036 btconfig2k.valid = htole16(0xff);
6037 btconfig2k.prio_boost = htole32(0xf0);
6038 DPRINTF(sc, IWN_DEBUG_RESET,
6039 "%s: configuring advanced bluetooth coexistence"
6040 " session 2, flags : 0x%x\n",
6043 error = iwn_cmd(sc, IWN_CMD_BT_COEX, &btconfig2k,
6044 sizeof(btconfig2k), 1);
6046 btconfig.flags = flags;
6047 btconfig.max_kill = 5;
6048 btconfig.bt3_t7_timer = 1;
6049 btconfig.kill_ack = htole32(0xffff0000);
6050 btconfig.kill_cts = htole32(0xffff0000);
6051 btconfig.sample_time = 2;
6052 btconfig.bt3_t2_timer = 0xc;
6054 for (i = 0; i < 12; i++)
6055 btconfig.lookup_table[i] = htole32(btcoex_3wire[i]);
6056 btconfig.valid = htole16(0xff);
6057 btconfig.prio_boost = 0xf0;
6058 DPRINTF(sc, IWN_DEBUG_RESET,
6059 "%s: configuring advanced bluetooth coexistence,"
6063 error = iwn_cmd(sc, IWN_CMD_BT_COEX, &btconfig,
6064 sizeof(btconfig), 1);
6071 memset(&btprio, 0, sizeof btprio);
6072 btprio.calib_init1 = 0x6;
6073 btprio.calib_init2 = 0x7;
6074 btprio.calib_periodic_low1 = 0x2;
6075 btprio.calib_periodic_low2 = 0x3;
6076 btprio.calib_periodic_high1 = 0x4;
6077 btprio.calib_periodic_high2 = 0x5;
6079 btprio.scan52 = 0x8;
6080 btprio.scan24 = 0xa;
6081 error = iwn_cmd(sc, IWN_CMD_BT_COEX_PRIOTABLE, &btprio, sizeof(btprio),
6086 /* Force BT state machine change. */
6087 memset(&btprot, 0, sizeof btprot);
6090 error = iwn_cmd(sc, IWN_CMD_BT_COEX_PROT, &btprot, sizeof(btprot), 1);
6094 return iwn_cmd(sc, IWN_CMD_BT_COEX_PROT, &btprot, sizeof(btprot), 1);
6098 iwn5000_runtime_calib(struct iwn_softc *sc)
6100 struct iwn5000_calib_config cmd;
6102 memset(&cmd, 0, sizeof cmd);
6103 cmd.ucode.once.enable = 0xffffffff;
6104 cmd.ucode.once.start = IWN5000_CALIB_DC;
6105 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
6106 "%s: configuring runtime calibration\n", __func__);
6107 return iwn_cmd(sc, IWN5000_CMD_CALIB_CONFIG, &cmd, sizeof(cmd), 0);
6111 iwn_config(struct iwn_softc *sc)
6113 struct iwn_ops *ops = &sc->ops;
6114 struct ifnet *ifp = sc->sc_ifp;
6115 struct ieee80211com *ic = ifp->if_l2com;
6120 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
6122 if ((sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_TEMP_OFFSET)
6123 && (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_TEMP_OFFSETv2)) {
6124 device_printf(sc->sc_dev,"%s: temp_offset and temp_offsetv2 are"
6125 " exclusive each together. Review NIC config file. Conf"
6126 " : 0x%08x Flags : 0x%08x \n", __func__,
6127 sc->base_params->calib_need,
6128 (IWN_FLG_NEED_PHY_CALIB_TEMP_OFFSET |
6129 IWN_FLG_NEED_PHY_CALIB_TEMP_OFFSETv2));
6133 /* Compute temperature calib if needed. Will be send by send calib */
6134 if (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_TEMP_OFFSET) {
6135 error = iwn5000_temp_offset_calib(sc);
6137 device_printf(sc->sc_dev,
6138 "%s: could not set temperature offset\n", __func__);
6141 } else if (sc->base_params->calib_need & IWN_FLG_NEED_PHY_CALIB_TEMP_OFFSETv2) {
6142 error = iwn5000_temp_offset_calibv2(sc);
6144 device_printf(sc->sc_dev,
6145 "%s: could not compute temperature offset v2\n",
6151 if (sc->hw_type == IWN_HW_REV_TYPE_6050) {
6152 /* Configure runtime DC calibration. */
6153 error = iwn5000_runtime_calib(sc);
6155 device_printf(sc->sc_dev,
6156 "%s: could not configure runtime calibration\n",
6162 /* Configure valid TX chains for >=5000 Series. */
6163 if (sc->hw_type != IWN_HW_REV_TYPE_4965) {
6164 txmask = htole32(sc->txchainmask);
6165 DPRINTF(sc, IWN_DEBUG_RESET,
6166 "%s: configuring valid TX chains 0x%x\n", __func__, txmask);
6167 error = iwn_cmd(sc, IWN5000_CMD_TX_ANT_CONFIG, &txmask,
6170 device_printf(sc->sc_dev,
6171 "%s: could not configure valid TX chains, "
6172 "error %d\n", __func__, error);
6177 /* Configure bluetooth coexistence. */
6180 /* Configure bluetooth coexistence if needed. */
6181 if (sc->base_params->bt_mode == IWN_BT_ADVANCED)
6182 error = iwn_send_advanced_btcoex(sc);
6183 if (sc->base_params->bt_mode == IWN_BT_SIMPLE)
6184 error = iwn_send_btcoex(sc);
6187 device_printf(sc->sc_dev,
6188 "%s: could not configure bluetooth coexistence, error %d\n",
6193 /* Set mode, channel, RX filter and enable RX. */
6194 sc->rxon = &sc->rx_on[IWN_RXON_BSS_CTX];
6195 memset(sc->rxon, 0, sizeof (struct iwn_rxon));
6196 IEEE80211_ADDR_COPY(sc->rxon->myaddr, IF_LLADDR(ifp));
6197 IEEE80211_ADDR_COPY(sc->rxon->wlap, IF_LLADDR(ifp));
6198 sc->rxon->chan = ieee80211_chan2ieee(ic, ic->ic_curchan);
6199 sc->rxon->flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF);
6200 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
6201 sc->rxon->flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ);
6202 switch (ic->ic_opmode) {
6203 case IEEE80211_M_STA:
6204 sc->rxon->mode = IWN_MODE_STA;
6205 sc->rxon->filter = htole32(IWN_FILTER_MULTICAST);
6207 case IEEE80211_M_MONITOR:
6208 sc->rxon->mode = IWN_MODE_MONITOR;
6209 sc->rxon->filter = htole32(IWN_FILTER_MULTICAST |
6210 IWN_FILTER_CTL | IWN_FILTER_PROMISC);
6213 /* Should not get there. */
6216 sc->rxon->cck_mask = 0x0f; /* not yet negotiated */
6217 sc->rxon->ofdm_mask = 0xff; /* not yet negotiated */
6218 sc->rxon->ht_single_mask = 0xff;
6219 sc->rxon->ht_dual_mask = 0xff;
6220 sc->rxon->ht_triple_mask = 0xff;
6222 IWN_RXCHAIN_VALID(sc->rxchainmask) |
6223 IWN_RXCHAIN_MIMO_COUNT(2) |
6224 IWN_RXCHAIN_IDLE_COUNT(2);
6225 sc->rxon->rxchain = htole16(rxchain);
6226 DPRINTF(sc, IWN_DEBUG_RESET, "%s: setting configuration\n", __func__);
6227 if (sc->sc_is_scanning)
6228 device_printf(sc->sc_dev,
6229 "%s: is_scanning set, before RXON\n",
6231 error = iwn_cmd(sc, IWN_CMD_RXON, sc->rxon, sc->rxonsz, 0);
6233 device_printf(sc->sc_dev, "%s: RXON command failed\n",
6238 if ((error = iwn_add_broadcast_node(sc, 0)) != 0) {
6239 device_printf(sc->sc_dev, "%s: could not add broadcast node\n",
6244 /* Configuration has changed, set TX power accordingly. */
6245 if ((error = ops->set_txpower(sc, ic->ic_curchan, 0)) != 0) {
6246 device_printf(sc->sc_dev, "%s: could not set TX power\n",
6251 if ((error = iwn_set_critical_temp(sc)) != 0) {
6252 device_printf(sc->sc_dev,
6253 "%s: could not set critical temperature\n", __func__);
6257 /* Set power saving level to CAM during initialization. */
6258 if ((error = iwn_set_pslevel(sc, 0, 0, 0)) != 0) {
6259 device_printf(sc->sc_dev,
6260 "%s: could not set power saving level\n", __func__);
6264 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
6270 * Add an ssid element to a frame.
6273 ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len)
6275 *frm++ = IEEE80211_ELEMID_SSID;
6277 memcpy(frm, ssid, len);
6282 iwn_get_active_dwell_time(struct iwn_softc *sc,
6283 struct ieee80211_channel *c, uint8_t n_probes)
6285 /* No channel? Default to 2GHz settings */
6286 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) {
6287 return (IWN_ACTIVE_DWELL_TIME_2GHZ +
6288 IWN_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1));
6291 /* 5GHz dwell time */
6292 return (IWN_ACTIVE_DWELL_TIME_5GHZ +
6293 IWN_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1));
6297 * Limit the total dwell time to 85% of the beacon interval.
6299 * Returns the dwell time in milliseconds.
6302 iwn_limit_dwell(struct iwn_softc *sc, uint16_t dwell_time)
6304 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
6305 struct ieee80211vap *vap = NULL;
6308 /* bintval is in TU (1.024mS) */
6309 if (! TAILQ_EMPTY(&ic->ic_vaps)) {
6310 vap = TAILQ_FIRST(&ic->ic_vaps);
6311 bintval = vap->iv_bss->ni_intval;
6315 * If it's non-zero, we should calculate the minimum of
6316 * it and the DWELL_BASE.
6318 * XXX Yes, the math should take into account that bintval
6319 * is 1.024mS, not 1mS..
6322 DPRINTF(sc, IWN_DEBUG_SCAN,
6326 return (MIN(IWN_PASSIVE_DWELL_BASE, ((bintval * 85) / 100)));
6329 /* No association context? Default */
6330 return (IWN_PASSIVE_DWELL_BASE);
6334 iwn_get_passive_dwell_time(struct iwn_softc *sc, struct ieee80211_channel *c)
6338 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) {
6339 passive = IWN_PASSIVE_DWELL_BASE + IWN_PASSIVE_DWELL_TIME_2GHZ;
6341 passive = IWN_PASSIVE_DWELL_BASE + IWN_PASSIVE_DWELL_TIME_5GHZ;
6344 /* Clamp to the beacon interval if we're associated */
6345 return (iwn_limit_dwell(sc, passive));
6349 iwn_scan(struct iwn_softc *sc, struct ieee80211vap *vap,
6350 struct ieee80211_scan_state *ss, struct ieee80211_channel *c)
6352 struct ifnet *ifp = sc->sc_ifp;
6353 struct ieee80211com *ic = ifp->if_l2com;
6354 struct ieee80211_node *ni = vap->iv_bss;
6355 struct iwn_scan_hdr *hdr;
6356 struct iwn_cmd_data *tx;
6357 struct iwn_scan_essid *essid;
6358 struct iwn_scan_chan *chan;
6359 struct ieee80211_frame *wh;
6360 struct ieee80211_rateset *rs;
6366 uint16_t dwell_active, dwell_passive;
6367 uint32_t extra, scan_service_time;
6369 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
6372 * We are absolutely not allowed to send a scan command when another
6373 * scan command is pending.
6375 if (sc->sc_is_scanning) {
6376 device_printf(sc->sc_dev, "%s: called whilst scanning!\n",
6381 /* Assign the scan channel */
6384 sc->rxon = &sc->rx_on[IWN_RXON_BSS_CTX];
6385 buf = malloc(IWN_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO);
6387 device_printf(sc->sc_dev,
6388 "%s: could not allocate buffer for scan command\n",
6392 hdr = (struct iwn_scan_hdr *)buf;
6394 * Move to the next channel if no frames are received within 10ms
6395 * after sending the probe request.
6397 hdr->quiet_time = htole16(10); /* timeout in milliseconds */
6398 hdr->quiet_threshold = htole16(1); /* min # of packets */
6400 * Max needs to be greater than active and passive and quiet!
6401 * It's also in microseconds!
6403 hdr->max_svc = htole32(250 * 1024);
6406 * Reset scan: interval=100
6407 * Normal scan: interval=becaon interval
6408 * suspend_time: 100 (TU)
6411 extra = (100 /* suspend_time */ / 100 /* beacon interval */) << 22;
6412 //scan_service_time = extra | ((100 /* susp */ % 100 /* int */) * 1024);
6413 scan_service_time = (4 << 22) | (100 * 1024); /* Hardcode for now! */
6414 hdr->pause_svc = htole32(scan_service_time);
6416 /* Select antennas for scanning. */
6418 IWN_RXCHAIN_VALID(sc->rxchainmask) |
6419 IWN_RXCHAIN_FORCE_MIMO_SEL(sc->rxchainmask) |
6420 IWN_RXCHAIN_DRIVER_FORCE;
6421 if (IEEE80211_IS_CHAN_A(c) &&
6422 sc->hw_type == IWN_HW_REV_TYPE_4965) {
6423 /* Ant A must be avoided in 5GHz because of an HW bug. */
6424 rxchain |= IWN_RXCHAIN_FORCE_SEL(IWN_ANT_B);
6425 } else /* Use all available RX antennas. */
6426 rxchain |= IWN_RXCHAIN_FORCE_SEL(sc->rxchainmask);
6427 hdr->rxchain = htole16(rxchain);
6428 hdr->filter = htole32(IWN_FILTER_MULTICAST | IWN_FILTER_BEACON);
6430 tx = (struct iwn_cmd_data *)(hdr + 1);
6431 tx->flags = htole32(IWN_TX_AUTO_SEQ);
6432 tx->id = sc->broadcast_id;
6433 tx->lifetime = htole32(IWN_LIFETIME_INFINITE);
6435 if (IEEE80211_IS_CHAN_5GHZ(c)) {
6436 /* Send probe requests at 6Mbps. */
6437 tx->rate = htole32(0xd);
6438 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A];
6440 hdr->flags = htole32(IWN_RXON_24GHZ | IWN_RXON_AUTO);
6441 if (sc->hw_type == IWN_HW_REV_TYPE_4965 &&
6442 sc->rxon->associd && sc->rxon->chan > 14)
6443 tx->rate = htole32(0xd);
6445 /* Send probe requests at 1Mbps. */
6446 tx->rate = htole32(10 | IWN_RFLAG_CCK);
6448 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G];
6450 /* Use the first valid TX antenna. */
6451 txant = IWN_LSB(sc->txchainmask);
6452 tx->rate |= htole32(IWN_RFLAG_ANT(txant));
6455 * Only do active scanning if we're announcing a probe request
6456 * for a given SSID (or more, if we ever add it to the driver.)
6461 * If we're scanning for a specific SSID, add it to the command.
6463 * XXX maybe look at adding support for scanning multiple SSIDs?
6465 essid = (struct iwn_scan_essid *)(tx + 1);
6467 if (ss->ss_ssid[0].len != 0) {
6468 essid[0].id = IEEE80211_ELEMID_SSID;
6469 essid[0].len = ss->ss_ssid[0].len;
6470 memcpy(essid[0].data, ss->ss_ssid[0].ssid, ss->ss_ssid[0].len);
6473 DPRINTF(sc, IWN_DEBUG_SCAN, "%s: ssid_len=%d, ssid=%*s\n",
6477 ss->ss_ssid[0].ssid);
6479 if (ss->ss_nssid > 0)
6484 * Build a probe request frame. Most of the following code is a
6485 * copy & paste of what is done in net80211.
6487 wh = (struct ieee80211_frame *)(essid + 20);
6488 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
6489 IEEE80211_FC0_SUBTYPE_PROBE_REQ;
6490 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
6491 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
6492 IEEE80211_ADDR_COPY(wh->i_addr2, IF_LLADDR(ifp));
6493 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr);
6494 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */
6495 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */
6497 frm = (uint8_t *)(wh + 1);
6498 frm = ieee80211_add_ssid(frm, NULL, 0);
6499 frm = ieee80211_add_rates(frm, rs);
6500 if (rs->rs_nrates > IEEE80211_RATE_SIZE)
6501 frm = ieee80211_add_xrates(frm, rs);
6502 if (ic->ic_htcaps & IEEE80211_HTC_HT)
6503 frm = ieee80211_add_htcap(frm, ni);
6505 /* Set length of probe request. */
6506 tx->len = htole16(frm - (uint8_t *)wh);
6509 * If active scanning is requested but a certain channel is
6510 * marked passive, we can do active scanning if we detect
6513 * There is an issue with some firmware versions that triggers
6514 * a sysassert on a "good CRC threshold" of zero (== disabled),
6515 * on a radar channel even though this means that we should NOT
6518 * The "good CRC threshold" is the number of frames that we
6519 * need to receive during our dwell time on a channel before
6520 * sending out probes -- setting this to a huge value will
6521 * mean we never reach it, but at the same time work around
6522 * the aforementioned issue. Thus use IWL_GOOD_CRC_TH_NEVER
6523 * here instead of IWL_GOOD_CRC_TH_DISABLED.
6525 * This was fixed in later versions along with some other
6526 * scan changes, and the threshold behaves as a flag in those
6531 * If we're doing active scanning, set the crc_threshold
6532 * to a suitable value. This is different to active veruss
6533 * passive scanning depending upon the channel flags; the
6534 * firmware will obey that particular check for us.
6536 if (sc->tlv_feature_flags & IWN_UCODE_TLV_FLAGS_NEWSCAN)
6537 hdr->crc_threshold = is_active ?
6538 IWN_GOOD_CRC_TH_DEFAULT : IWN_GOOD_CRC_TH_DISABLED;
6540 hdr->crc_threshold = is_active ?
6541 IWN_GOOD_CRC_TH_DEFAULT : IWN_GOOD_CRC_TH_NEVER;
6543 chan = (struct iwn_scan_chan *)frm;
6544 chan->chan = htole16(ieee80211_chan2ieee(ic, c));
6546 if (ss->ss_nssid > 0)
6547 chan->flags |= htole32(IWN_CHAN_NPBREQS(1));
6548 chan->dsp_gain = 0x6e;
6551 * Set the passive/active flag depending upon the channel mode.
6552 * XXX TODO: take the is_active flag into account as well?
6554 if (c->ic_flags & IEEE80211_CHAN_PASSIVE)
6555 chan->flags |= htole32(IWN_CHAN_PASSIVE);
6557 chan->flags |= htole32(IWN_CHAN_ACTIVE);
6560 * Calculate the active/passive dwell times.
6563 dwell_active = iwn_get_active_dwell_time(sc, c, ss->ss_nssid);
6564 dwell_passive = iwn_get_passive_dwell_time(sc, c);
6566 /* Make sure they're valid */
6567 if (dwell_passive <= dwell_active)
6568 dwell_passive = dwell_active + 1;
6570 chan->active = htole16(dwell_active);
6571 chan->passive = htole16(dwell_passive);
6573 if (IEEE80211_IS_CHAN_5GHZ(c) &&
6574 !(c->ic_flags & IEEE80211_CHAN_PASSIVE)) {
6575 chan->rf_gain = 0x3b;
6576 } else if (IEEE80211_IS_CHAN_5GHZ(c)) {
6577 chan->rf_gain = 0x3b;
6578 } else if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) {
6579 chan->rf_gain = 0x28;
6581 chan->rf_gain = 0x28;
6584 DPRINTF(sc, IWN_DEBUG_STATE,
6585 "%s: chan %u flags 0x%x rf_gain 0x%x "
6586 "dsp_gain 0x%x active %d passive %d scan_svc_time %d crc 0x%x "
6587 "isactive=%d numssid=%d\n", __func__,
6588 chan->chan, chan->flags, chan->rf_gain, chan->dsp_gain,
6589 dwell_active, dwell_passive, scan_service_time,
6590 hdr->crc_threshold, is_active, ss->ss_nssid);
6594 buflen = (uint8_t *)chan - buf;
6595 hdr->len = htole16(buflen);
6597 if (sc->sc_is_scanning) {
6598 device_printf(sc->sc_dev,
6599 "%s: called with is_scanning set!\n",
6602 sc->sc_is_scanning = 1;
6604 DPRINTF(sc, IWN_DEBUG_STATE, "sending scan command nchan=%d\n",
6606 error = iwn_cmd(sc, IWN_CMD_SCAN, buf, buflen, 1);
6607 free(buf, M_DEVBUF);
6609 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
6615 iwn_auth(struct iwn_softc *sc, struct ieee80211vap *vap)
6617 struct iwn_ops *ops = &sc->ops;
6618 struct ifnet *ifp = sc->sc_ifp;
6619 struct ieee80211com *ic = ifp->if_l2com;
6620 struct ieee80211_node *ni = vap->iv_bss;
6623 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
6625 sc->rxon = &sc->rx_on[IWN_RXON_BSS_CTX];
6626 /* Update adapter configuration. */
6627 IEEE80211_ADDR_COPY(sc->rxon->bssid, ni->ni_bssid);
6628 sc->rxon->chan = ieee80211_chan2ieee(ic, ni->ni_chan);
6629 sc->rxon->flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF);
6630 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
6631 sc->rxon->flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ);
6632 if (ic->ic_flags & IEEE80211_F_SHSLOT)
6633 sc->rxon->flags |= htole32(IWN_RXON_SHSLOT);
6634 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
6635 sc->rxon->flags |= htole32(IWN_RXON_SHPREAMBLE);
6636 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) {
6637 sc->rxon->cck_mask = 0;
6638 sc->rxon->ofdm_mask = 0x15;
6639 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) {
6640 sc->rxon->cck_mask = 0x03;
6641 sc->rxon->ofdm_mask = 0;
6643 /* Assume 802.11b/g. */
6644 sc->rxon->cck_mask = 0x03;
6645 sc->rxon->ofdm_mask = 0x15;
6647 DPRINTF(sc, IWN_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n",
6648 sc->rxon->chan, sc->rxon->flags, sc->rxon->cck_mask,
6649 sc->rxon->ofdm_mask);
6650 if (sc->sc_is_scanning)
6651 device_printf(sc->sc_dev,
6652 "%s: is_scanning set, before RXON\n",
6654 error = iwn_cmd(sc, IWN_CMD_RXON, sc->rxon, sc->rxonsz, 1);
6656 device_printf(sc->sc_dev, "%s: RXON command failed, error %d\n",
6661 /* Configuration has changed, set TX power accordingly. */
6662 if ((error = ops->set_txpower(sc, ni->ni_chan, 1)) != 0) {
6663 device_printf(sc->sc_dev,
6664 "%s: could not set TX power, error %d\n", __func__, error);
6668 * Reconfiguring RXON clears the firmware nodes table so we must
6669 * add the broadcast node again.
6671 if ((error = iwn_add_broadcast_node(sc, 1)) != 0) {
6672 device_printf(sc->sc_dev,
6673 "%s: could not add broadcast node, error %d\n", __func__,
6678 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
6684 iwn_run(struct iwn_softc *sc, struct ieee80211vap *vap)
6686 struct iwn_ops *ops = &sc->ops;
6687 struct ifnet *ifp = sc->sc_ifp;
6688 struct ieee80211com *ic = ifp->if_l2com;
6689 struct ieee80211_node *ni = vap->iv_bss;
6690 struct iwn_node_info node;
6691 uint32_t htflags = 0;
6694 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
6696 sc->rxon = &sc->rx_on[IWN_RXON_BSS_CTX];
6697 if (ic->ic_opmode == IEEE80211_M_MONITOR) {
6698 /* Link LED blinks while monitoring. */
6699 iwn_set_led(sc, IWN_LED_LINK, 5, 5);
6702 if ((error = iwn_set_timing(sc, ni)) != 0) {
6703 device_printf(sc->sc_dev,
6704 "%s: could not set timing, error %d\n", __func__, error);
6708 /* Update adapter configuration. */
6709 IEEE80211_ADDR_COPY(sc->rxon->bssid, ni->ni_bssid);
6710 sc->rxon->associd = htole16(IEEE80211_AID(ni->ni_associd));
6711 sc->rxon->chan = ieee80211_chan2ieee(ic, ni->ni_chan);
6712 sc->rxon->flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF);
6713 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
6714 sc->rxon->flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ);
6715 if (ic->ic_flags & IEEE80211_F_SHSLOT)
6716 sc->rxon->flags |= htole32(IWN_RXON_SHSLOT);
6717 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
6718 sc->rxon->flags |= htole32(IWN_RXON_SHPREAMBLE);
6719 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) {
6720 sc->rxon->cck_mask = 0;
6721 sc->rxon->ofdm_mask = 0x15;
6722 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) {
6723 sc->rxon->cck_mask = 0x03;
6724 sc->rxon->ofdm_mask = 0;
6726 /* Assume 802.11b/g. */
6727 sc->rxon->cck_mask = 0x0f;
6728 sc->rxon->ofdm_mask = 0x15;
6730 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
6731 htflags |= IWN_RXON_HT_PROTMODE(ic->ic_curhtprotmode);
6732 if (IEEE80211_IS_CHAN_HT40(ni->ni_chan)) {
6733 switch (ic->ic_curhtprotmode) {
6734 case IEEE80211_HTINFO_OPMODE_HT20PR:
6735 htflags |= IWN_RXON_HT_MODEPURE40;
6738 htflags |= IWN_RXON_HT_MODEMIXED;
6742 if (IEEE80211_IS_CHAN_HT40D(ni->ni_chan))
6743 htflags |= IWN_RXON_HT_HT40MINUS;
6745 sc->rxon->flags |= htole32(htflags);
6746 sc->rxon->filter |= htole32(IWN_FILTER_BSS);
6747 DPRINTF(sc, IWN_DEBUG_STATE, "rxon chan %d flags %x\n",
6748 sc->rxon->chan, sc->rxon->flags);
6749 if (sc->sc_is_scanning)
6750 device_printf(sc->sc_dev,
6751 "%s: is_scanning set, before RXON\n",
6753 error = iwn_cmd(sc, IWN_CMD_RXON, sc->rxon, sc->rxonsz, 1);
6755 device_printf(sc->sc_dev,
6756 "%s: could not update configuration, error %d\n", __func__,
6761 /* Configuration has changed, set TX power accordingly. */
6762 if ((error = ops->set_txpower(sc, ni->ni_chan, 1)) != 0) {
6763 device_printf(sc->sc_dev,
6764 "%s: could not set TX power, error %d\n", __func__, error);
6768 /* Fake a join to initialize the TX rate. */
6769 ((struct iwn_node *)ni)->id = IWN_ID_BSS;
6770 iwn_newassoc(ni, 1);
6773 memset(&node, 0, sizeof node);
6774 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr);
6775 node.id = IWN_ID_BSS;
6776 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
6777 switch (ni->ni_htcap & IEEE80211_HTCAP_SMPS) {
6778 case IEEE80211_HTCAP_SMPS_ENA:
6779 node.htflags |= htole32(IWN_SMPS_MIMO_DIS);
6781 case IEEE80211_HTCAP_SMPS_DYNAMIC:
6782 node.htflags |= htole32(IWN_SMPS_MIMO_PROT);
6785 node.htflags |= htole32(IWN_AMDPU_SIZE_FACTOR(3) |
6786 IWN_AMDPU_DENSITY(5)); /* 4us */
6787 if (IEEE80211_IS_CHAN_HT40(ni->ni_chan))
6788 node.htflags |= htole32(IWN_NODE_HT40);
6790 DPRINTF(sc, IWN_DEBUG_STATE, "%s: adding BSS node\n", __func__);
6791 error = ops->add_node(sc, &node, 1);
6793 device_printf(sc->sc_dev,
6794 "%s: could not add BSS node, error %d\n", __func__, error);
6797 DPRINTF(sc, IWN_DEBUG_STATE, "%s: setting link quality for node %d\n",
6799 if ((error = iwn_set_link_quality(sc, ni)) != 0) {
6800 device_printf(sc->sc_dev,
6801 "%s: could not setup link quality for node %d, error %d\n",
6802 __func__, node.id, error);
6806 if ((error = iwn_init_sensitivity(sc)) != 0) {
6807 device_printf(sc->sc_dev,
6808 "%s: could not set sensitivity, error %d\n", __func__,
6812 /* Start periodic calibration timer. */
6813 sc->calib.state = IWN_CALIB_STATE_ASSOC;
6815 callout_reset(&sc->calib_to, msecs_to_ticks(500), iwn_calib_timeout,
6818 /* Link LED always on while associated. */
6819 iwn_set_led(sc, IWN_LED_LINK, 0, 1);
6821 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
6827 * This function is called by upper layer when an ADDBA request is received
6828 * from another STA and before the ADDBA response is sent.
6831 iwn_ampdu_rx_start(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap,
6832 int baparamset, int batimeout, int baseqctl)
6834 #define MS(_v, _f) (((_v) & _f) >> _f##_S)
6835 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
6836 struct iwn_ops *ops = &sc->ops;
6837 struct iwn_node *wn = (void *)ni;
6838 struct iwn_node_info node;
6843 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
6845 tid = MS(le16toh(baparamset), IEEE80211_BAPS_TID);
6846 ssn = MS(le16toh(baseqctl), IEEE80211_BASEQ_START);
6848 memset(&node, 0, sizeof node);
6850 node.control = IWN_NODE_UPDATE;
6851 node.flags = IWN_FLAG_SET_ADDBA;
6852 node.addba_tid = tid;
6853 node.addba_ssn = htole16(ssn);
6854 DPRINTF(sc, IWN_DEBUG_RECV, "ADDBA RA=%d TID=%d SSN=%d\n",
6856 error = ops->add_node(sc, &node, 1);
6859 return sc->sc_ampdu_rx_start(ni, rap, baparamset, batimeout, baseqctl);
6864 * This function is called by upper layer on teardown of an HT-immediate
6865 * Block Ack agreement (eg. uppon receipt of a DELBA frame).
6868 iwn_ampdu_rx_stop(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap)
6870 struct ieee80211com *ic = ni->ni_ic;
6871 struct iwn_softc *sc = ic->ic_ifp->if_softc;
6872 struct iwn_ops *ops = &sc->ops;
6873 struct iwn_node *wn = (void *)ni;
6874 struct iwn_node_info node;
6877 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
6879 /* XXX: tid as an argument */
6880 for (tid = 0; tid < WME_NUM_TID; tid++) {
6881 if (&ni->ni_rx_ampdu[tid] == rap)
6885 memset(&node, 0, sizeof node);
6887 node.control = IWN_NODE_UPDATE;
6888 node.flags = IWN_FLAG_SET_DELBA;
6889 node.delba_tid = tid;
6890 DPRINTF(sc, IWN_DEBUG_RECV, "DELBA RA=%d TID=%d\n", wn->id, tid);
6891 (void)ops->add_node(sc, &node, 1);
6892 sc->sc_ampdu_rx_stop(ni, rap);
6896 iwn_addba_request(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
6897 int dialogtoken, int baparamset, int batimeout)
6899 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
6902 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
6904 for (qid = sc->firstaggqueue; qid < sc->ntxqs; qid++) {
6905 if (sc->qid2tap[qid] == NULL)
6908 if (qid == sc->ntxqs) {
6909 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: not free aggregation queue\n",
6913 tap->txa_private = malloc(sizeof(int), M_DEVBUF, M_NOWAIT);
6914 if (tap->txa_private == NULL) {
6915 device_printf(sc->sc_dev,
6916 "%s: failed to alloc TX aggregation structure\n", __func__);
6919 sc->qid2tap[qid] = tap;
6920 *(int *)tap->txa_private = qid;
6921 return sc->sc_addba_request(ni, tap, dialogtoken, baparamset,
6926 iwn_addba_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
6927 int code, int baparamset, int batimeout)
6929 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
6930 int qid = *(int *)tap->txa_private;
6931 uint8_t tid = tap->txa_tid;
6934 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
6936 if (code == IEEE80211_STATUS_SUCCESS) {
6937 ni->ni_txseqs[tid] = tap->txa_start & 0xfff;
6938 ret = iwn_ampdu_tx_start(ni->ni_ic, ni, tid);
6942 sc->qid2tap[qid] = NULL;
6943 free(tap->txa_private, M_DEVBUF);
6944 tap->txa_private = NULL;
6946 return sc->sc_addba_response(ni, tap, code, baparamset, batimeout);
6950 * This function is called by upper layer when an ADDBA response is received
6954 iwn_ampdu_tx_start(struct ieee80211com *ic, struct ieee80211_node *ni,
6957 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[tid];
6958 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
6959 struct iwn_ops *ops = &sc->ops;
6960 struct iwn_node *wn = (void *)ni;
6961 struct iwn_node_info node;
6964 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
6966 /* Enable TX for the specified RA/TID. */
6967 wn->disable_tid &= ~(1 << tid);
6968 memset(&node, 0, sizeof node);
6970 node.control = IWN_NODE_UPDATE;
6971 node.flags = IWN_FLAG_SET_DISABLE_TID;
6972 node.disable_tid = htole16(wn->disable_tid);
6973 error = ops->add_node(sc, &node, 1);
6977 if ((error = iwn_nic_lock(sc)) != 0)
6979 qid = *(int *)tap->txa_private;
6980 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: ra=%d tid=%d ssn=%d qid=%d\n",
6981 __func__, wn->id, tid, tap->txa_start, qid);
6982 ops->ampdu_tx_start(sc, ni, qid, tid, tap->txa_start & 0xfff);
6985 iwn_set_link_quality(sc, ni);
6990 iwn_ampdu_tx_stop(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6992 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
6993 struct iwn_ops *ops = &sc->ops;
6994 uint8_t tid = tap->txa_tid;
6997 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
6999 sc->sc_addba_stop(ni, tap);
7001 if (tap->txa_private == NULL)
7004 qid = *(int *)tap->txa_private;
7005 if (sc->txq[qid].queued != 0)
7007 if (iwn_nic_lock(sc) != 0)
7009 ops->ampdu_tx_stop(sc, qid, tid, tap->txa_start & 0xfff);
7011 sc->qid2tap[qid] = NULL;
7012 free(tap->txa_private, M_DEVBUF);
7013 tap->txa_private = NULL;
7017 iwn4965_ampdu_tx_start(struct iwn_softc *sc, struct ieee80211_node *ni,
7018 int qid, uint8_t tid, uint16_t ssn)
7020 struct iwn_node *wn = (void *)ni;
7022 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7024 /* Stop TX scheduler while we're changing its configuration. */
7025 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
7026 IWN4965_TXQ_STATUS_CHGACT);
7028 /* Assign RA/TID translation to the queue. */
7029 iwn_mem_write_2(sc, sc->sched_base + IWN4965_SCHED_TRANS_TBL(qid),
7032 /* Enable chain-building mode for the queue. */
7033 iwn_prph_setbits(sc, IWN4965_SCHED_QCHAIN_SEL, 1 << qid);
7035 /* Set starting sequence number from the ADDBA request. */
7036 sc->txq[qid].cur = sc->txq[qid].read = (ssn & 0xff);
7037 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff));
7038 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), ssn);
7040 /* Set scheduler window size. */
7041 iwn_mem_write(sc, sc->sched_base + IWN4965_SCHED_QUEUE_OFFSET(qid),
7043 /* Set scheduler frame limit. */
7044 iwn_mem_write(sc, sc->sched_base + IWN4965_SCHED_QUEUE_OFFSET(qid) + 4,
7045 IWN_SCHED_LIMIT << 16);
7047 /* Enable interrupts for the queue. */
7048 iwn_prph_setbits(sc, IWN4965_SCHED_INTR_MASK, 1 << qid);
7050 /* Mark the queue as active. */
7051 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
7052 IWN4965_TXQ_STATUS_ACTIVE | IWN4965_TXQ_STATUS_AGGR_ENA |
7053 iwn_tid2fifo[tid] << 1);
7057 iwn4965_ampdu_tx_stop(struct iwn_softc *sc, int qid, uint8_t tid, uint16_t ssn)
7059 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7061 /* Stop TX scheduler while we're changing its configuration. */
7062 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
7063 IWN4965_TXQ_STATUS_CHGACT);
7065 /* Set starting sequence number from the ADDBA request. */
7066 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff));
7067 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), ssn);
7069 /* Disable interrupts for the queue. */
7070 iwn_prph_clrbits(sc, IWN4965_SCHED_INTR_MASK, 1 << qid);
7072 /* Mark the queue as inactive. */
7073 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
7074 IWN4965_TXQ_STATUS_INACTIVE | iwn_tid2fifo[tid] << 1);
7078 iwn5000_ampdu_tx_start(struct iwn_softc *sc, struct ieee80211_node *ni,
7079 int qid, uint8_t tid, uint16_t ssn)
7081 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7083 struct iwn_node *wn = (void *)ni;
7085 /* Stop TX scheduler while we're changing its configuration. */
7086 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
7087 IWN5000_TXQ_STATUS_CHGACT);
7089 /* Assign RA/TID translation to the queue. */
7090 iwn_mem_write_2(sc, sc->sched_base + IWN5000_SCHED_TRANS_TBL(qid),
7093 /* Enable chain-building mode for the queue. */
7094 iwn_prph_setbits(sc, IWN5000_SCHED_QCHAIN_SEL, 1 << qid);
7096 /* Enable aggregation for the queue. */
7097 iwn_prph_setbits(sc, IWN5000_SCHED_AGGR_SEL, 1 << qid);
7099 /* Set starting sequence number from the ADDBA request. */
7100 sc->txq[qid].cur = sc->txq[qid].read = (ssn & 0xff);
7101 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff));
7102 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), ssn);
7104 /* Set scheduler window size and frame limit. */
7105 iwn_mem_write(sc, sc->sched_base + IWN5000_SCHED_QUEUE_OFFSET(qid) + 4,
7106 IWN_SCHED_LIMIT << 16 | IWN_SCHED_WINSZ);
7108 /* Enable interrupts for the queue. */
7109 iwn_prph_setbits(sc, IWN5000_SCHED_INTR_MASK, 1 << qid);
7111 /* Mark the queue as active. */
7112 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
7113 IWN5000_TXQ_STATUS_ACTIVE | iwn_tid2fifo[tid]);
7117 iwn5000_ampdu_tx_stop(struct iwn_softc *sc, int qid, uint8_t tid, uint16_t ssn)
7119 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7121 /* Stop TX scheduler while we're changing its configuration. */
7122 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
7123 IWN5000_TXQ_STATUS_CHGACT);
7125 /* Disable aggregation for the queue. */
7126 iwn_prph_clrbits(sc, IWN5000_SCHED_AGGR_SEL, 1 << qid);
7128 /* Set starting sequence number from the ADDBA request. */
7129 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff));
7130 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), ssn);
7132 /* Disable interrupts for the queue. */
7133 iwn_prph_clrbits(sc, IWN5000_SCHED_INTR_MASK, 1 << qid);
7135 /* Mark the queue as inactive. */
7136 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
7137 IWN5000_TXQ_STATUS_INACTIVE | iwn_tid2fifo[tid]);
7141 * Query calibration tables from the initialization firmware. We do this
7142 * only once at first boot. Called from a process context.
7145 iwn5000_query_calibration(struct iwn_softc *sc)
7147 struct iwn5000_calib_config cmd;
7150 memset(&cmd, 0, sizeof cmd);
7151 cmd.ucode.once.enable = htole32(0xffffffff);
7152 cmd.ucode.once.start = htole32(0xffffffff);
7153 cmd.ucode.once.send = htole32(0xffffffff);
7154 cmd.ucode.flags = htole32(0xffffffff);
7155 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: sending calibration query\n",
7157 error = iwn_cmd(sc, IWN5000_CMD_CALIB_CONFIG, &cmd, sizeof cmd, 0);
7161 /* Wait at most two seconds for calibration to complete. */
7162 if (!(sc->sc_flags & IWN_FLAG_CALIB_DONE))
7163 error = msleep(sc, &sc->sc_mtx, PCATCH, "iwncal", 2 * hz);
7168 * Send calibration results to the runtime firmware. These results were
7169 * obtained on first boot from the initialization firmware.
7172 iwn5000_send_calibration(struct iwn_softc *sc)
7176 for (idx = 0; idx < IWN5000_PHY_CALIB_MAX_RESULT; idx++) {
7177 if (!(sc->base_params->calib_need & (1<<idx))) {
7178 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
7179 "No need of calib %d\n",
7181 continue; /* no need for this calib */
7183 if (sc->calibcmd[idx].buf == NULL) {
7184 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
7185 "Need calib idx : %d but no available data\n",
7190 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
7191 "send calibration result idx=%d len=%d\n", idx,
7192 sc->calibcmd[idx].len);
7193 error = iwn_cmd(sc, IWN_CMD_PHY_CALIB, sc->calibcmd[idx].buf,
7194 sc->calibcmd[idx].len, 0);
7196 device_printf(sc->sc_dev,
7197 "%s: could not send calibration result, error %d\n",
7206 iwn5000_send_wimax_coex(struct iwn_softc *sc)
7208 struct iwn5000_wimax_coex wimax;
7211 if (sc->hw_type == IWN_HW_REV_TYPE_6050) {
7212 /* Enable WiMAX coexistence for combo adapters. */
7214 IWN_WIMAX_COEX_ASSOC_WA_UNMASK |
7215 IWN_WIMAX_COEX_UNASSOC_WA_UNMASK |
7216 IWN_WIMAX_COEX_STA_TABLE_VALID |
7217 IWN_WIMAX_COEX_ENABLE;
7218 memcpy(wimax.events, iwn6050_wimax_events,
7219 sizeof iwn6050_wimax_events);
7223 /* Disable WiMAX coexistence. */
7225 memset(wimax.events, 0, sizeof wimax.events);
7227 DPRINTF(sc, IWN_DEBUG_RESET, "%s: Configuring WiMAX coexistence\n",
7229 return iwn_cmd(sc, IWN5000_CMD_WIMAX_COEX, &wimax, sizeof wimax, 0);
7233 iwn5000_crystal_calib(struct iwn_softc *sc)
7235 struct iwn5000_phy_calib_crystal cmd;
7237 memset(&cmd, 0, sizeof cmd);
7238 cmd.code = IWN5000_PHY_CALIB_CRYSTAL;
7241 cmd.cap_pin[0] = le32toh(sc->eeprom_crystal) & 0xff;
7242 cmd.cap_pin[1] = (le32toh(sc->eeprom_crystal) >> 16) & 0xff;
7243 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "sending crystal calibration %d, %d\n",
7244 cmd.cap_pin[0], cmd.cap_pin[1]);
7245 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0);
7249 iwn5000_temp_offset_calib(struct iwn_softc *sc)
7251 struct iwn5000_phy_calib_temp_offset cmd;
7253 memset(&cmd, 0, sizeof cmd);
7254 cmd.code = IWN5000_PHY_CALIB_TEMP_OFFSET;
7257 if (sc->eeprom_temp != 0)
7258 cmd.offset = htole16(sc->eeprom_temp);
7260 cmd.offset = htole16(IWN_DEFAULT_TEMP_OFFSET);
7261 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "setting radio sensor offset to %d\n",
7262 le16toh(cmd.offset));
7263 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0);
7267 iwn5000_temp_offset_calibv2(struct iwn_softc *sc)
7269 struct iwn5000_phy_calib_temp_offsetv2 cmd;
7271 memset(&cmd, 0, sizeof cmd);
7272 cmd.code = IWN5000_PHY_CALIB_TEMP_OFFSET;
7275 if (sc->eeprom_temp != 0) {
7276 cmd.offset_low = htole16(sc->eeprom_temp);
7277 cmd.offset_high = htole16(sc->eeprom_temp_high);
7279 cmd.offset_low = htole16(IWN_DEFAULT_TEMP_OFFSET);
7280 cmd.offset_high = htole16(IWN_DEFAULT_TEMP_OFFSET);
7282 cmd.burnt_voltage_ref = htole16(sc->eeprom_voltage);
7284 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
7285 "setting radio sensor low offset to %d, high offset to %d, voltage to %d\n",
7286 le16toh(cmd.offset_low),
7287 le16toh(cmd.offset_high),
7288 le16toh(cmd.burnt_voltage_ref));
7290 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0);
7294 * This function is called after the runtime firmware notifies us of its
7295 * readiness (called in a process context).
7298 iwn4965_post_alive(struct iwn_softc *sc)
7302 if ((error = iwn_nic_lock(sc)) != 0)
7305 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7307 /* Clear TX scheduler state in SRAM. */
7308 sc->sched_base = iwn_prph_read(sc, IWN_SCHED_SRAM_ADDR);
7309 iwn_mem_set_region_4(sc, sc->sched_base + IWN4965_SCHED_CTX_OFF, 0,
7310 IWN4965_SCHED_CTX_LEN / sizeof (uint32_t));
7312 /* Set physical address of TX scheduler rings (1KB aligned). */
7313 iwn_prph_write(sc, IWN4965_SCHED_DRAM_ADDR, sc->sched_dma.paddr >> 10);
7315 IWN_SETBITS(sc, IWN_FH_TX_CHICKEN, IWN_FH_TX_CHICKEN_SCHED_RETRY);
7317 /* Disable chain mode for all our 16 queues. */
7318 iwn_prph_write(sc, IWN4965_SCHED_QCHAIN_SEL, 0);
7320 for (qid = 0; qid < IWN4965_NTXQUEUES; qid++) {
7321 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), 0);
7322 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | 0);
7324 /* Set scheduler window size. */
7325 iwn_mem_write(sc, sc->sched_base +
7326 IWN4965_SCHED_QUEUE_OFFSET(qid), IWN_SCHED_WINSZ);
7327 /* Set scheduler frame limit. */
7328 iwn_mem_write(sc, sc->sched_base +
7329 IWN4965_SCHED_QUEUE_OFFSET(qid) + 4,
7330 IWN_SCHED_LIMIT << 16);
7333 /* Enable interrupts for all our 16 queues. */
7334 iwn_prph_write(sc, IWN4965_SCHED_INTR_MASK, 0xffff);
7335 /* Identify TX FIFO rings (0-7). */
7336 iwn_prph_write(sc, IWN4965_SCHED_TXFACT, 0xff);
7338 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */
7339 for (qid = 0; qid < 7; qid++) {
7340 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 4, 5, 6 };
7341 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
7342 IWN4965_TXQ_STATUS_ACTIVE | qid2fifo[qid] << 1);
7349 * This function is called after the initialization or runtime firmware
7350 * notifies us of its readiness (called in a process context).
7353 iwn5000_post_alive(struct iwn_softc *sc)
7357 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
7359 /* Switch to using ICT interrupt mode. */
7360 iwn5000_ict_reset(sc);
7362 if ((error = iwn_nic_lock(sc)) != 0){
7363 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s end in error\n", __func__);
7367 /* Clear TX scheduler state in SRAM. */
7368 sc->sched_base = iwn_prph_read(sc, IWN_SCHED_SRAM_ADDR);
7369 iwn_mem_set_region_4(sc, sc->sched_base + IWN5000_SCHED_CTX_OFF, 0,
7370 IWN5000_SCHED_CTX_LEN / sizeof (uint32_t));
7372 /* Set physical address of TX scheduler rings (1KB aligned). */
7373 iwn_prph_write(sc, IWN5000_SCHED_DRAM_ADDR, sc->sched_dma.paddr >> 10);
7375 IWN_SETBITS(sc, IWN_FH_TX_CHICKEN, IWN_FH_TX_CHICKEN_SCHED_RETRY);
7377 /* Enable chain mode for all queues, except command queue. */
7378 if (sc->sc_flags & IWN_FLAG_PAN_SUPPORT)
7379 iwn_prph_write(sc, IWN5000_SCHED_QCHAIN_SEL, 0xfffdf);
7381 iwn_prph_write(sc, IWN5000_SCHED_QCHAIN_SEL, 0xfffef);
7382 iwn_prph_write(sc, IWN5000_SCHED_AGGR_SEL, 0);
7384 for (qid = 0; qid < IWN5000_NTXQUEUES; qid++) {
7385 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), 0);
7386 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | 0);
7388 iwn_mem_write(sc, sc->sched_base +
7389 IWN5000_SCHED_QUEUE_OFFSET(qid), 0);
7390 /* Set scheduler window size and frame limit. */
7391 iwn_mem_write(sc, sc->sched_base +
7392 IWN5000_SCHED_QUEUE_OFFSET(qid) + 4,
7393 IWN_SCHED_LIMIT << 16 | IWN_SCHED_WINSZ);
7396 /* Enable interrupts for all our 20 queues. */
7397 iwn_prph_write(sc, IWN5000_SCHED_INTR_MASK, 0xfffff);
7398 /* Identify TX FIFO rings (0-7). */
7399 iwn_prph_write(sc, IWN5000_SCHED_TXFACT, 0xff);
7401 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */
7402 if (sc->sc_flags & IWN_FLAG_PAN_SUPPORT) {
7403 /* Mark TX rings as active. */
7404 for (qid = 0; qid < 11; qid++) {
7405 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 0, 4, 2, 5, 4, 7, 5 };
7406 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
7407 IWN5000_TXQ_STATUS_ACTIVE | qid2fifo[qid]);
7410 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */
7411 for (qid = 0; qid < 7; qid++) {
7412 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 7, 5, 6 };
7413 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
7414 IWN5000_TXQ_STATUS_ACTIVE | qid2fifo[qid]);
7419 /* Configure WiMAX coexistence for combo adapters. */
7420 error = iwn5000_send_wimax_coex(sc);
7422 device_printf(sc->sc_dev,
7423 "%s: could not configure WiMAX coexistence, error %d\n",
7427 if (sc->hw_type != IWN_HW_REV_TYPE_5150) {
7428 /* Perform crystal calibration. */
7429 error = iwn5000_crystal_calib(sc);
7431 device_printf(sc->sc_dev,
7432 "%s: crystal calibration failed, error %d\n",
7437 if (!(sc->sc_flags & IWN_FLAG_CALIB_DONE)) {
7438 /* Query calibration from the initialization firmware. */
7439 if ((error = iwn5000_query_calibration(sc)) != 0) {
7440 device_printf(sc->sc_dev,
7441 "%s: could not query calibration, error %d\n",
7446 * We have the calibration results now, reboot with the
7447 * runtime firmware (call ourselves recursively!)
7450 error = iwn_hw_init(sc);
7452 /* Send calibration results to runtime firmware. */
7453 error = iwn5000_send_calibration(sc);
7456 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
7462 * The firmware boot code is small and is intended to be copied directly into
7463 * the NIC internal memory (no DMA transfer).
7466 iwn4965_load_bootcode(struct iwn_softc *sc, const uint8_t *ucode, int size)
7470 size /= sizeof (uint32_t);
7472 if ((error = iwn_nic_lock(sc)) != 0)
7475 /* Copy microcode image into NIC memory. */
7476 iwn_prph_write_region_4(sc, IWN_BSM_SRAM_BASE,
7477 (const uint32_t *)ucode, size);
7479 iwn_prph_write(sc, IWN_BSM_WR_MEM_SRC, 0);
7480 iwn_prph_write(sc, IWN_BSM_WR_MEM_DST, IWN_FW_TEXT_BASE);
7481 iwn_prph_write(sc, IWN_BSM_WR_DWCOUNT, size);
7483 /* Start boot load now. */
7484 iwn_prph_write(sc, IWN_BSM_WR_CTRL, IWN_BSM_WR_CTRL_START);
7486 /* Wait for transfer to complete. */
7487 for (ntries = 0; ntries < 1000; ntries++) {
7488 if (!(iwn_prph_read(sc, IWN_BSM_WR_CTRL) &
7489 IWN_BSM_WR_CTRL_START))
7493 if (ntries == 1000) {
7494 device_printf(sc->sc_dev, "%s: could not load boot firmware\n",
7500 /* Enable boot after power up. */
7501 iwn_prph_write(sc, IWN_BSM_WR_CTRL, IWN_BSM_WR_CTRL_START_EN);
7508 iwn4965_load_firmware(struct iwn_softc *sc)
7510 struct iwn_fw_info *fw = &sc->fw;
7511 struct iwn_dma_info *dma = &sc->fw_dma;
7514 /* Copy initialization sections into pre-allocated DMA-safe memory. */
7515 memcpy(dma->vaddr, fw->init.data, fw->init.datasz);
7516 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
7517 memcpy(dma->vaddr + IWN4965_FW_DATA_MAXSZ,
7518 fw->init.text, fw->init.textsz);
7519 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
7521 /* Tell adapter where to find initialization sections. */
7522 if ((error = iwn_nic_lock(sc)) != 0)
7524 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_ADDR, dma->paddr >> 4);
7525 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_SIZE, fw->init.datasz);
7526 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_ADDR,
7527 (dma->paddr + IWN4965_FW_DATA_MAXSZ) >> 4);
7528 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_SIZE, fw->init.textsz);
7531 /* Load firmware boot code. */
7532 error = iwn4965_load_bootcode(sc, fw->boot.text, fw->boot.textsz);
7534 device_printf(sc->sc_dev, "%s: could not load boot firmware\n",
7538 /* Now press "execute". */
7539 IWN_WRITE(sc, IWN_RESET, 0);
7541 /* Wait at most one second for first alive notification. */
7542 if ((error = msleep(sc, &sc->sc_mtx, PCATCH, "iwninit", hz)) != 0) {
7543 device_printf(sc->sc_dev,
7544 "%s: timeout waiting for adapter to initialize, error %d\n",
7549 /* Retrieve current temperature for initial TX power calibration. */
7550 sc->rawtemp = sc->ucode_info.temp[3].chan20MHz;
7551 sc->temp = iwn4965_get_temperature(sc);
7553 /* Copy runtime sections into pre-allocated DMA-safe memory. */
7554 memcpy(dma->vaddr, fw->main.data, fw->main.datasz);
7555 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
7556 memcpy(dma->vaddr + IWN4965_FW_DATA_MAXSZ,
7557 fw->main.text, fw->main.textsz);
7558 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
7560 /* Tell adapter where to find runtime sections. */
7561 if ((error = iwn_nic_lock(sc)) != 0)
7563 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_ADDR, dma->paddr >> 4);
7564 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_SIZE, fw->main.datasz);
7565 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_ADDR,
7566 (dma->paddr + IWN4965_FW_DATA_MAXSZ) >> 4);
7567 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_SIZE,
7568 IWN_FW_UPDATED | fw->main.textsz);
7575 iwn5000_load_firmware_section(struct iwn_softc *sc, uint32_t dst,
7576 const uint8_t *section, int size)
7578 struct iwn_dma_info *dma = &sc->fw_dma;
7581 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7583 /* Copy firmware section into pre-allocated DMA-safe memory. */
7584 memcpy(dma->vaddr, section, size);
7585 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
7587 if ((error = iwn_nic_lock(sc)) != 0)
7590 IWN_WRITE(sc, IWN_FH_TX_CONFIG(IWN_SRVC_DMACHNL),
7591 IWN_FH_TX_CONFIG_DMA_PAUSE);
7593 IWN_WRITE(sc, IWN_FH_SRAM_ADDR(IWN_SRVC_DMACHNL), dst);
7594 IWN_WRITE(sc, IWN_FH_TFBD_CTRL0(IWN_SRVC_DMACHNL),
7595 IWN_LOADDR(dma->paddr));
7596 IWN_WRITE(sc, IWN_FH_TFBD_CTRL1(IWN_SRVC_DMACHNL),
7597 IWN_HIADDR(dma->paddr) << 28 | size);
7598 IWN_WRITE(sc, IWN_FH_TXBUF_STATUS(IWN_SRVC_DMACHNL),
7599 IWN_FH_TXBUF_STATUS_TBNUM(1) |
7600 IWN_FH_TXBUF_STATUS_TBIDX(1) |
7601 IWN_FH_TXBUF_STATUS_TFBD_VALID);
7603 /* Kick Flow Handler to start DMA transfer. */
7604 IWN_WRITE(sc, IWN_FH_TX_CONFIG(IWN_SRVC_DMACHNL),
7605 IWN_FH_TX_CONFIG_DMA_ENA | IWN_FH_TX_CONFIG_CIRQ_HOST_ENDTFD);
7609 /* Wait at most five seconds for FH DMA transfer to complete. */
7610 return msleep(sc, &sc->sc_mtx, PCATCH, "iwninit", 5 * hz);
7614 iwn5000_load_firmware(struct iwn_softc *sc)
7616 struct iwn_fw_part *fw;
7619 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7621 /* Load the initialization firmware on first boot only. */
7622 fw = (sc->sc_flags & IWN_FLAG_CALIB_DONE) ?
7623 &sc->fw.main : &sc->fw.init;
7625 error = iwn5000_load_firmware_section(sc, IWN_FW_TEXT_BASE,
7626 fw->text, fw->textsz);
7628 device_printf(sc->sc_dev,
7629 "%s: could not load firmware %s section, error %d\n",
7630 __func__, ".text", error);
7633 error = iwn5000_load_firmware_section(sc, IWN_FW_DATA_BASE,
7634 fw->data, fw->datasz);
7636 device_printf(sc->sc_dev,
7637 "%s: could not load firmware %s section, error %d\n",
7638 __func__, ".data", error);
7642 /* Now press "execute". */
7643 IWN_WRITE(sc, IWN_RESET, 0);
7648 * Extract text and data sections from a legacy firmware image.
7651 iwn_read_firmware_leg(struct iwn_softc *sc, struct iwn_fw_info *fw)
7653 const uint32_t *ptr;
7657 ptr = (const uint32_t *)fw->data;
7658 rev = le32toh(*ptr++);
7660 /* Check firmware API version. */
7661 if (IWN_FW_API(rev) <= 1) {
7662 device_printf(sc->sc_dev,
7663 "%s: bad firmware, need API version >=2\n", __func__);
7666 if (IWN_FW_API(rev) >= 3) {
7667 /* Skip build number (version 2 header). */
7671 if (fw->size < hdrlen) {
7672 device_printf(sc->sc_dev, "%s: firmware too short: %zu bytes\n",
7673 __func__, fw->size);
7676 fw->main.textsz = le32toh(*ptr++);
7677 fw->main.datasz = le32toh(*ptr++);
7678 fw->init.textsz = le32toh(*ptr++);
7679 fw->init.datasz = le32toh(*ptr++);
7680 fw->boot.textsz = le32toh(*ptr++);
7682 /* Check that all firmware sections fit. */
7683 if (fw->size < hdrlen + fw->main.textsz + fw->main.datasz +
7684 fw->init.textsz + fw->init.datasz + fw->boot.textsz) {
7685 device_printf(sc->sc_dev, "%s: firmware too short: %zu bytes\n",
7686 __func__, fw->size);
7690 /* Get pointers to firmware sections. */
7691 fw->main.text = (const uint8_t *)ptr;
7692 fw->main.data = fw->main.text + fw->main.textsz;
7693 fw->init.text = fw->main.data + fw->main.datasz;
7694 fw->init.data = fw->init.text + fw->init.textsz;
7695 fw->boot.text = fw->init.data + fw->init.datasz;
7700 * Extract text and data sections from a TLV firmware image.
7703 iwn_read_firmware_tlv(struct iwn_softc *sc, struct iwn_fw_info *fw,
7706 const struct iwn_fw_tlv_hdr *hdr;
7707 const struct iwn_fw_tlv *tlv;
7708 const uint8_t *ptr, *end;
7712 if (fw->size < sizeof (*hdr)) {
7713 device_printf(sc->sc_dev, "%s: firmware too short: %zu bytes\n",
7714 __func__, fw->size);
7717 hdr = (const struct iwn_fw_tlv_hdr *)fw->data;
7718 if (hdr->signature != htole32(IWN_FW_SIGNATURE)) {
7719 device_printf(sc->sc_dev, "%s: bad firmware signature 0x%08x\n",
7720 __func__, le32toh(hdr->signature));
7723 DPRINTF(sc, IWN_DEBUG_RESET, "FW: \"%.64s\", build 0x%x\n", hdr->descr,
7724 le32toh(hdr->build));
7727 * Select the closest supported alternative that is less than
7728 * or equal to the specified one.
7730 altmask = le64toh(hdr->altmask);
7731 while (alt > 0 && !(altmask & (1ULL << alt)))
7732 alt--; /* Downgrade. */
7733 DPRINTF(sc, IWN_DEBUG_RESET, "using alternative %d\n", alt);
7735 ptr = (const uint8_t *)(hdr + 1);
7736 end = (const uint8_t *)(fw->data + fw->size);
7738 /* Parse type-length-value fields. */
7739 while (ptr + sizeof (*tlv) <= end) {
7740 tlv = (const struct iwn_fw_tlv *)ptr;
7741 len = le32toh(tlv->len);
7743 ptr += sizeof (*tlv);
7744 if (ptr + len > end) {
7745 device_printf(sc->sc_dev,
7746 "%s: firmware too short: %zu bytes\n", __func__,
7750 /* Skip other alternatives. */
7751 if (tlv->alt != 0 && tlv->alt != htole16(alt))
7754 switch (le16toh(tlv->type)) {
7755 case IWN_FW_TLV_MAIN_TEXT:
7756 fw->main.text = ptr;
7757 fw->main.textsz = len;
7759 case IWN_FW_TLV_MAIN_DATA:
7760 fw->main.data = ptr;
7761 fw->main.datasz = len;
7763 case IWN_FW_TLV_INIT_TEXT:
7764 fw->init.text = ptr;
7765 fw->init.textsz = len;
7767 case IWN_FW_TLV_INIT_DATA:
7768 fw->init.data = ptr;
7769 fw->init.datasz = len;
7771 case IWN_FW_TLV_BOOT_TEXT:
7772 fw->boot.text = ptr;
7773 fw->boot.textsz = len;
7775 case IWN_FW_TLV_ENH_SENS:
7777 sc->sc_flags |= IWN_FLAG_ENH_SENS;
7779 case IWN_FW_TLV_PHY_CALIB:
7780 tmp = le32toh(*ptr);
7782 sc->reset_noise_gain = tmp;
7783 sc->noise_gain = tmp + 1;
7786 case IWN_FW_TLV_PAN:
7787 sc->sc_flags |= IWN_FLAG_PAN_SUPPORT;
7788 DPRINTF(sc, IWN_DEBUG_RESET,
7789 "PAN Support found: %d\n", 1);
7791 case IWN_FW_TLV_FLAGS:
7792 if (len < sizeof(uint32_t))
7794 if (len % sizeof(uint32_t))
7796 sc->tlv_feature_flags = le32toh(*ptr);
7797 DPRINTF(sc, IWN_DEBUG_RESET,
7798 "%s: feature: 0x%08x\n",
7800 sc->tlv_feature_flags);
7802 case IWN_FW_TLV_PBREQ_MAXLEN:
7803 case IWN_FW_TLV_RUNT_EVTLOG_PTR:
7804 case IWN_FW_TLV_RUNT_EVTLOG_SIZE:
7805 case IWN_FW_TLV_RUNT_ERRLOG_PTR:
7806 case IWN_FW_TLV_INIT_EVTLOG_PTR:
7807 case IWN_FW_TLV_INIT_EVTLOG_SIZE:
7808 case IWN_FW_TLV_INIT_ERRLOG_PTR:
7809 case IWN_FW_TLV_WOWLAN_INST:
7810 case IWN_FW_TLV_WOWLAN_DATA:
7811 DPRINTF(sc, IWN_DEBUG_RESET,
7812 "TLV type %d reconized but not handled\n",
7813 le16toh(tlv->type));
7816 DPRINTF(sc, IWN_DEBUG_RESET,
7817 "TLV type %d not handled\n", le16toh(tlv->type));
7820 next: /* TLV fields are 32-bit aligned. */
7821 ptr += (len + 3) & ~3;
7827 iwn_read_firmware(struct iwn_softc *sc)
7829 struct iwn_fw_info *fw = &sc->fw;
7832 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7836 memset(fw, 0, sizeof (*fw));
7838 /* Read firmware image from filesystem. */
7839 sc->fw_fp = firmware_get(sc->fwname);
7840 if (sc->fw_fp == NULL) {
7841 device_printf(sc->sc_dev, "%s: could not read firmware %s\n",
7842 __func__, sc->fwname);
7848 fw->size = sc->fw_fp->datasize;
7849 fw->data = (const uint8_t *)sc->fw_fp->data;
7850 if (fw->size < sizeof (uint32_t)) {
7851 device_printf(sc->sc_dev, "%s: firmware too short: %zu bytes\n",
7852 __func__, fw->size);
7853 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
7858 /* Retrieve text and data sections. */
7859 if (*(const uint32_t *)fw->data != 0) /* Legacy image. */
7860 error = iwn_read_firmware_leg(sc, fw);
7862 error = iwn_read_firmware_tlv(sc, fw, 1);
7864 device_printf(sc->sc_dev,
7865 "%s: could not read firmware sections, error %d\n",
7867 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
7872 /* Make sure text and data sections fit in hardware memory. */
7873 if (fw->main.textsz > sc->fw_text_maxsz ||
7874 fw->main.datasz > sc->fw_data_maxsz ||
7875 fw->init.textsz > sc->fw_text_maxsz ||
7876 fw->init.datasz > sc->fw_data_maxsz ||
7877 fw->boot.textsz > IWN_FW_BOOT_TEXT_MAXSZ ||
7878 (fw->boot.textsz & 3) != 0) {
7879 device_printf(sc->sc_dev, "%s: firmware sections too large\n",
7881 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
7886 /* We can proceed with loading the firmware. */
7891 iwn_clock_wait(struct iwn_softc *sc)
7895 /* Set "initialization complete" bit. */
7896 IWN_SETBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_INIT_DONE);
7898 /* Wait for clock stabilization. */
7899 for (ntries = 0; ntries < 2500; ntries++) {
7900 if (IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_MAC_CLOCK_READY)
7904 device_printf(sc->sc_dev,
7905 "%s: timeout waiting for clock stabilization\n", __func__);
7910 iwn_apm_init(struct iwn_softc *sc)
7915 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7917 /* Disable L0s exit timer (NMI bug workaround). */
7918 IWN_SETBITS(sc, IWN_GIO_CHICKEN, IWN_GIO_CHICKEN_DIS_L0S_TIMER);
7919 /* Don't wait for ICH L0s (ICH bug workaround). */
7920 IWN_SETBITS(sc, IWN_GIO_CHICKEN, IWN_GIO_CHICKEN_L1A_NO_L0S_RX);
7922 /* Set FH wait threshold to max (HW bug under stress workaround). */
7923 IWN_SETBITS(sc, IWN_DBG_HPET_MEM, 0xffff0000);
7925 /* Enable HAP INTA to move adapter from L1a to L0s. */
7926 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_HAP_WAKE_L1A);
7928 /* Retrieve PCIe Active State Power Management (ASPM). */
7929 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1);
7930 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */
7931 if (reg & 0x02) /* L1 Entry enabled. */
7932 IWN_SETBITS(sc, IWN_GIO, IWN_GIO_L0S_ENA);
7934 IWN_CLRBITS(sc, IWN_GIO, IWN_GIO_L0S_ENA);
7936 if (sc->base_params->pll_cfg_val)
7937 IWN_SETBITS(sc, IWN_ANA_PLL, sc->base_params->pll_cfg_val);
7939 /* Wait for clock stabilization before accessing prph. */
7940 if ((error = iwn_clock_wait(sc)) != 0)
7943 if ((error = iwn_nic_lock(sc)) != 0)
7945 if (sc->hw_type == IWN_HW_REV_TYPE_4965) {
7946 /* Enable DMA and BSM (Bootstrap State Machine). */
7947 iwn_prph_write(sc, IWN_APMG_CLK_EN,
7948 IWN_APMG_CLK_CTRL_DMA_CLK_RQT |
7949 IWN_APMG_CLK_CTRL_BSM_CLK_RQT);
7952 iwn_prph_write(sc, IWN_APMG_CLK_EN,
7953 IWN_APMG_CLK_CTRL_DMA_CLK_RQT);
7956 /* Disable L1-Active. */
7957 iwn_prph_setbits(sc, IWN_APMG_PCI_STT, IWN_APMG_PCI_STT_L1A_DIS);
7964 iwn_apm_stop_master(struct iwn_softc *sc)
7968 /* Stop busmaster DMA activity. */
7969 IWN_SETBITS(sc, IWN_RESET, IWN_RESET_STOP_MASTER);
7970 for (ntries = 0; ntries < 100; ntries++) {
7971 if (IWN_READ(sc, IWN_RESET) & IWN_RESET_MASTER_DISABLED)
7975 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", __func__);
7979 iwn_apm_stop(struct iwn_softc *sc)
7981 iwn_apm_stop_master(sc);
7983 /* Reset the entire device. */
7984 IWN_SETBITS(sc, IWN_RESET, IWN_RESET_SW);
7986 /* Clear "initialization complete" bit. */
7987 IWN_CLRBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_INIT_DONE);
7991 iwn4965_nic_config(struct iwn_softc *sc)
7993 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
7995 if (IWN_RFCFG_TYPE(sc->rfcfg) == 1) {
7997 * I don't believe this to be correct but this is what the
7998 * vendor driver is doing. Probably the bits should not be
7999 * shifted in IWN_RFCFG_*.
8001 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
8002 IWN_RFCFG_TYPE(sc->rfcfg) |
8003 IWN_RFCFG_STEP(sc->rfcfg) |
8004 IWN_RFCFG_DASH(sc->rfcfg));
8006 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
8007 IWN_HW_IF_CONFIG_RADIO_SI | IWN_HW_IF_CONFIG_MAC_SI);
8012 iwn5000_nic_config(struct iwn_softc *sc)
8017 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
8019 if (IWN_RFCFG_TYPE(sc->rfcfg) < 3) {
8020 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
8021 IWN_RFCFG_TYPE(sc->rfcfg) |
8022 IWN_RFCFG_STEP(sc->rfcfg) |
8023 IWN_RFCFG_DASH(sc->rfcfg));
8025 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
8026 IWN_HW_IF_CONFIG_RADIO_SI | IWN_HW_IF_CONFIG_MAC_SI);
8028 if ((error = iwn_nic_lock(sc)) != 0)
8030 iwn_prph_setbits(sc, IWN_APMG_PS, IWN_APMG_PS_EARLY_PWROFF_DIS);
8032 if (sc->hw_type == IWN_HW_REV_TYPE_1000) {
8034 * Select first Switching Voltage Regulator (1.32V) to
8035 * solve a stability issue related to noisy DC2DC line
8036 * in the silicon of 1000 Series.
8038 tmp = iwn_prph_read(sc, IWN_APMG_DIGITAL_SVR);
8039 tmp &= ~IWN_APMG_DIGITAL_SVR_VOLTAGE_MASK;
8040 tmp |= IWN_APMG_DIGITAL_SVR_VOLTAGE_1_32;
8041 iwn_prph_write(sc, IWN_APMG_DIGITAL_SVR, tmp);
8045 if (sc->sc_flags & IWN_FLAG_INTERNAL_PA) {
8046 /* Use internal power amplifier only. */
8047 IWN_WRITE(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_RADIO_2X2_IPA);
8049 if (sc->base_params->additional_nic_config && sc->calib_ver >= 6) {
8050 /* Indicate that ROM calibration version is >=6. */
8051 IWN_SETBITS(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_CALIB_VER6);
8053 if (sc->base_params->additional_gp_drv_bit)
8054 IWN_SETBITS(sc, IWN_GP_DRIVER,
8055 sc->base_params->additional_gp_drv_bit);
8060 * Take NIC ownership over Intel Active Management Technology (AMT).
8063 iwn_hw_prepare(struct iwn_softc *sc)
8067 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
8069 /* Check if hardware is ready. */
8070 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_NIC_READY);
8071 for (ntries = 0; ntries < 5; ntries++) {
8072 if (IWN_READ(sc, IWN_HW_IF_CONFIG) &
8073 IWN_HW_IF_CONFIG_NIC_READY)
8078 /* Hardware not ready, force into ready state. */
8079 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_PREPARE);
8080 for (ntries = 0; ntries < 15000; ntries++) {
8081 if (!(IWN_READ(sc, IWN_HW_IF_CONFIG) &
8082 IWN_HW_IF_CONFIG_PREPARE_DONE))
8086 if (ntries == 15000)
8089 /* Hardware should be ready now. */
8090 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_NIC_READY);
8091 for (ntries = 0; ntries < 5; ntries++) {
8092 if (IWN_READ(sc, IWN_HW_IF_CONFIG) &
8093 IWN_HW_IF_CONFIG_NIC_READY)
8101 iwn_hw_init(struct iwn_softc *sc)
8103 struct iwn_ops *ops = &sc->ops;
8104 int error, chnl, qid;
8106 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
8108 /* Clear pending interrupts. */
8109 IWN_WRITE(sc, IWN_INT, 0xffffffff);
8111 if ((error = iwn_apm_init(sc)) != 0) {
8112 device_printf(sc->sc_dev,
8113 "%s: could not power ON adapter, error %d\n", __func__,
8118 /* Select VMAIN power source. */
8119 if ((error = iwn_nic_lock(sc)) != 0)
8121 iwn_prph_clrbits(sc, IWN_APMG_PS, IWN_APMG_PS_PWR_SRC_MASK);
8124 /* Perform adapter-specific initialization. */
8125 if ((error = ops->nic_config(sc)) != 0)
8128 /* Initialize RX ring. */
8129 if ((error = iwn_nic_lock(sc)) != 0)
8131 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 0);
8132 IWN_WRITE(sc, IWN_FH_RX_WPTR, 0);
8133 /* Set physical address of RX ring (256-byte aligned). */
8134 IWN_WRITE(sc, IWN_FH_RX_BASE, sc->rxq.desc_dma.paddr >> 8);
8135 /* Set physical address of RX status (16-byte aligned). */
8136 IWN_WRITE(sc, IWN_FH_STATUS_WPTR, sc->rxq.stat_dma.paddr >> 4);
8138 IWN_WRITE(sc, IWN_FH_RX_CONFIG,
8139 IWN_FH_RX_CONFIG_ENA |
8140 IWN_FH_RX_CONFIG_IGN_RXF_EMPTY | /* HW bug workaround */
8141 IWN_FH_RX_CONFIG_IRQ_DST_HOST |
8142 IWN_FH_RX_CONFIG_SINGLE_FRAME |
8143 IWN_FH_RX_CONFIG_RB_TIMEOUT(0) |
8144 IWN_FH_RX_CONFIG_NRBD(IWN_RX_RING_COUNT_LOG));
8146 IWN_WRITE(sc, IWN_FH_RX_WPTR, (IWN_RX_RING_COUNT - 1) & ~7);
8148 if ((error = iwn_nic_lock(sc)) != 0)
8151 /* Initialize TX scheduler. */
8152 iwn_prph_write(sc, sc->sched_txfact_addr, 0);
8154 /* Set physical address of "keep warm" page (16-byte aligned). */
8155 IWN_WRITE(sc, IWN_FH_KW_ADDR, sc->kw_dma.paddr >> 4);
8157 /* Initialize TX rings. */
8158 for (qid = 0; qid < sc->ntxqs; qid++) {
8159 struct iwn_tx_ring *txq = &sc->txq[qid];
8161 /* Set physical address of TX ring (256-byte aligned). */
8162 IWN_WRITE(sc, IWN_FH_CBBC_QUEUE(qid),
8163 txq->desc_dma.paddr >> 8);
8167 /* Enable DMA channels. */
8168 for (chnl = 0; chnl < sc->ndmachnls; chnl++) {
8169 IWN_WRITE(sc, IWN_FH_TX_CONFIG(chnl),
8170 IWN_FH_TX_CONFIG_DMA_ENA |
8171 IWN_FH_TX_CONFIG_DMA_CREDIT_ENA);
8174 /* Clear "radio off" and "commands blocked" bits. */
8175 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL);
8176 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_CMD_BLOCKED);
8178 /* Clear pending interrupts. */
8179 IWN_WRITE(sc, IWN_INT, 0xffffffff);
8180 /* Enable interrupt coalescing. */
8181 IWN_WRITE(sc, IWN_INT_COALESCING, 512 / 8);
8182 /* Enable interrupts. */
8183 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
8185 /* _Really_ make sure "radio off" bit is cleared! */
8186 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL);
8187 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL);
8189 /* Enable shadow registers. */
8190 if (sc->base_params->shadow_reg_enable)
8191 IWN_SETBITS(sc, IWN_SHADOW_REG_CTRL, 0x800fffff);
8193 if ((error = ops->load_firmware(sc)) != 0) {
8194 device_printf(sc->sc_dev,
8195 "%s: could not load firmware, error %d\n", __func__,
8199 /* Wait at most one second for firmware alive notification. */
8200 if ((error = msleep(sc, &sc->sc_mtx, PCATCH, "iwninit", hz)) != 0) {
8201 device_printf(sc->sc_dev,
8202 "%s: timeout waiting for adapter to initialize, error %d\n",
8206 /* Do post-firmware initialization. */
8208 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
8210 return ops->post_alive(sc);
8214 iwn_hw_stop(struct iwn_softc *sc)
8216 int chnl, qid, ntries;
8218 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
8220 IWN_WRITE(sc, IWN_RESET, IWN_RESET_NEVO);
8222 /* Disable interrupts. */
8223 IWN_WRITE(sc, IWN_INT_MASK, 0);
8224 IWN_WRITE(sc, IWN_INT, 0xffffffff);
8225 IWN_WRITE(sc, IWN_FH_INT, 0xffffffff);
8226 sc->sc_flags &= ~IWN_FLAG_USE_ICT;
8228 /* Make sure we no longer hold the NIC lock. */
8231 /* Stop TX scheduler. */
8232 iwn_prph_write(sc, sc->sched_txfact_addr, 0);
8234 /* Stop all DMA channels. */
8235 if (iwn_nic_lock(sc) == 0) {
8236 for (chnl = 0; chnl < sc->ndmachnls; chnl++) {
8237 IWN_WRITE(sc, IWN_FH_TX_CONFIG(chnl), 0);
8238 for (ntries = 0; ntries < 200; ntries++) {
8239 if (IWN_READ(sc, IWN_FH_TX_STATUS) &
8240 IWN_FH_TX_STATUS_IDLE(chnl))
8249 iwn_reset_rx_ring(sc, &sc->rxq);
8251 /* Reset all TX rings. */
8252 for (qid = 0; qid < sc->ntxqs; qid++)
8253 iwn_reset_tx_ring(sc, &sc->txq[qid]);
8255 if (iwn_nic_lock(sc) == 0) {
8256 iwn_prph_write(sc, IWN_APMG_CLK_DIS,
8257 IWN_APMG_CLK_CTRL_DMA_CLK_RQT);
8261 /* Power OFF adapter. */
8266 iwn_radio_on(void *arg0, int pending)
8268 struct iwn_softc *sc = arg0;
8269 struct ifnet *ifp = sc->sc_ifp;
8270 struct ieee80211com *ic = ifp->if_l2com;
8271 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
8273 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
8277 ieee80211_init(vap);
8282 iwn_radio_off(void *arg0, int pending)
8284 struct iwn_softc *sc = arg0;
8285 struct ifnet *ifp = sc->sc_ifp;
8286 struct ieee80211com *ic = ifp->if_l2com;
8287 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
8289 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
8293 ieee80211_stop(vap);
8295 /* Enable interrupts to get RF toggle notification. */
8297 IWN_WRITE(sc, IWN_INT, 0xffffffff);
8298 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
8303 iwn_init_locked(struct iwn_softc *sc)
8305 struct ifnet *ifp = sc->sc_ifp;
8308 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s begin\n", __func__);
8310 IWN_LOCK_ASSERT(sc);
8312 if ((error = iwn_hw_prepare(sc)) != 0) {
8313 device_printf(sc->sc_dev, "%s: hardware not ready, error %d\n",
8318 /* Initialize interrupt mask to default value. */
8319 sc->int_mask = IWN_INT_MASK_DEF;
8320 sc->sc_flags &= ~IWN_FLAG_USE_ICT;
8322 /* Check that the radio is not disabled by hardware switch. */
8323 if (!(IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_RFKILL)) {
8324 device_printf(sc->sc_dev,
8325 "radio is disabled by hardware switch\n");
8326 /* Enable interrupts to get RF toggle notifications. */
8327 IWN_WRITE(sc, IWN_INT, 0xffffffff);
8328 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
8332 /* Read firmware images from the filesystem. */
8333 if ((error = iwn_read_firmware(sc)) != 0) {
8334 device_printf(sc->sc_dev,
8335 "%s: could not read firmware, error %d\n", __func__,
8340 /* Initialize hardware and upload firmware. */
8341 error = iwn_hw_init(sc);
8342 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
8345 device_printf(sc->sc_dev,
8346 "%s: could not initialize hardware, error %d\n", __func__,
8351 /* Configure adapter now that it is ready. */
8352 if ((error = iwn_config(sc)) != 0) {
8353 device_printf(sc->sc_dev,
8354 "%s: could not configure device, error %d\n", __func__,
8359 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
8360 ifp->if_drv_flags |= IFF_DRV_RUNNING;
8362 callout_reset(&sc->watchdog_to, hz, iwn_watchdog, sc);
8364 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end\n",__func__);
8368 fail: iwn_stop_locked(sc);
8369 DPRINTF(sc, IWN_DEBUG_TRACE, "->%s: end in error\n",__func__);
8375 struct iwn_softc *sc = arg;
8376 struct ifnet *ifp = sc->sc_ifp;
8377 struct ieee80211com *ic = ifp->if_l2com;
8380 iwn_init_locked(sc);
8383 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
8384 ieee80211_start_all(ic);
8388 iwn_stop_locked(struct iwn_softc *sc)
8390 struct ifnet *ifp = sc->sc_ifp;
8392 IWN_LOCK_ASSERT(sc);
8394 sc->sc_is_scanning = 0;
8395 sc->sc_tx_timer = 0;
8396 callout_stop(&sc->watchdog_to);
8397 callout_stop(&sc->calib_to);
8398 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
8400 /* Power OFF hardware. */
8405 iwn_stop(struct iwn_softc *sc)
8408 iwn_stop_locked(sc);
8413 * Callback from net80211 to start a scan.
8416 iwn_scan_start(struct ieee80211com *ic)
8418 struct ifnet *ifp = ic->ic_ifp;
8419 struct iwn_softc *sc = ifp->if_softc;
8422 /* make the link LED blink while we're scanning */
8423 iwn_set_led(sc, IWN_LED_LINK, 20, 2);
8428 * Callback from net80211 to terminate a scan.
8431 iwn_scan_end(struct ieee80211com *ic)
8433 struct ifnet *ifp = ic->ic_ifp;
8434 struct iwn_softc *sc = ifp->if_softc;
8435 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
8438 if (vap->iv_state == IEEE80211_S_RUN) {
8439 /* Set link LED to ON status if we are associated */
8440 iwn_set_led(sc, IWN_LED_LINK, 0, 1);
8446 * Callback from net80211 to force a channel change.
8449 iwn_set_channel(struct ieee80211com *ic)
8451 const struct ieee80211_channel *c = ic->ic_curchan;
8452 struct ifnet *ifp = ic->ic_ifp;
8453 struct iwn_softc *sc = ifp->if_softc;
8456 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
8459 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq);
8460 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags);
8461 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq);
8462 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags);
8465 * Only need to set the channel in Monitor mode. AP scanning and auth
8466 * are already taken care of by their respective firmware commands.
8468 if (ic->ic_opmode == IEEE80211_M_MONITOR) {
8469 error = iwn_config(sc);
8471 device_printf(sc->sc_dev,
8472 "%s: error %d settting channel\n", __func__, error);
8478 * Callback from net80211 to start scanning of the current channel.
8481 iwn_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
8483 struct ieee80211vap *vap = ss->ss_vap;
8484 struct iwn_softc *sc = vap->iv_ic->ic_ifp->if_softc;
8485 struct ieee80211com *ic = vap->iv_ic;
8489 error = iwn_scan(sc, vap, ss, ic->ic_curchan);
8492 ieee80211_cancel_scan(vap);
8496 * Callback from net80211 to handle the minimum dwell time being met.
8497 * The intent is to terminate the scan but we just let the firmware
8498 * notify us when it's finished as we have no safe way to abort it.
8501 iwn_scan_mindwell(struct ieee80211_scan_state *ss)
8503 /* NB: don't try to abort scan; wait for firmware to finish */
8507 iwn_hw_reset(void *arg0, int pending)
8509 struct iwn_softc *sc = arg0;
8510 struct ifnet *ifp = sc->sc_ifp;
8511 struct ieee80211com *ic = ifp->if_l2com;
8513 DPRINTF(sc, IWN_DEBUG_TRACE, "->Doing %s\n", __func__);
8517 ieee80211_notify_radio(ic, 1);
8520 #define IWN_DESC(x) case x: return #x
8521 #define COUNTOF(array) (sizeof(array) / sizeof(array[0]))
8524 * Translate CSR code to string
8526 static char *iwn_get_csr_string(int csr)
8529 IWN_DESC(IWN_HW_IF_CONFIG);
8530 IWN_DESC(IWN_INT_COALESCING);
8532 IWN_DESC(IWN_INT_MASK);
8533 IWN_DESC(IWN_FH_INT);
8534 IWN_DESC(IWN_GPIO_IN);
8535 IWN_DESC(IWN_RESET);
8536 IWN_DESC(IWN_GP_CNTRL);
8537 IWN_DESC(IWN_HW_REV);
8538 IWN_DESC(IWN_EEPROM);
8539 IWN_DESC(IWN_EEPROM_GP);
8540 IWN_DESC(IWN_OTP_GP);
8542 IWN_DESC(IWN_GP_UCODE);
8543 IWN_DESC(IWN_GP_DRIVER);
8544 IWN_DESC(IWN_UCODE_GP1);
8545 IWN_DESC(IWN_UCODE_GP2);
8547 IWN_DESC(IWN_DRAM_INT_TBL);
8548 IWN_DESC(IWN_GIO_CHICKEN);
8549 IWN_DESC(IWN_ANA_PLL);
8550 IWN_DESC(IWN_HW_REV_WA);
8551 IWN_DESC(IWN_DBG_HPET_MEM);
8553 return "UNKNOWN CSR";
8558 * This function print firmware register
8561 iwn_debug_register(struct iwn_softc *sc)
8564 static const uint32_t csr_tbl[] = {
8589 DPRINTF(sc, IWN_DEBUG_REGISTER,
8590 "CSR values: (2nd byte of IWN_INT_COALESCING is IWN_INT_PERIODIC)%s",
8592 for (i = 0; i < COUNTOF(csr_tbl); i++){
8593 DPRINTF(sc, IWN_DEBUG_REGISTER," %10s: 0x%08x ",
8594 iwn_get_csr_string(csr_tbl[i]), IWN_READ(sc, csr_tbl[i]));
8596 DPRINTF(sc, IWN_DEBUG_REGISTER,"%s","\n");
8598 DPRINTF(sc, IWN_DEBUG_REGISTER,"%s","\n");
projects / FreeBSD / FreeBSD.git / blob